summaryrefslogtreecommitdiff
path: root/net-analyzer/ettercap
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/ettercap')
-rw-r--r--net-analyzer/ettercap/Manifest4
-rw-r--r--net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild73
-rw-r--r--net-analyzer/ettercap/ettercap-9999.ebuild29
-rw-r--r--net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch254
4 files changed, 343 insertions, 17 deletions
diff --git a/net-analyzer/ettercap/Manifest b/net-analyzer/ettercap/Manifest
index 67dcac6e2b5f..7b0dcf9f6bdb 100644
--- a/net-analyzer/ettercap/Manifest
+++ b/net-analyzer/ettercap/Manifest
@@ -1,6 +1,8 @@
AUX cve-2017-6430.patch 2437 BLAKE2B 4267c1028467734e45f0a2b730498b6b1de86d9aca95377d7afe76d872ae05c0c9c5e600e8c35f7e0f74d00a125cbffce7f372d543e1728a83121c234ef65366 SHA512 fd3477e7ab087d2b0fdfff6ef331ca8ae4aa838ece54a84d4e597d57cf45425a4dc4be60b9caadf0af25ebe8072eea542092e400e6fe219696b0dc13ca4e205b
+AUX ettercap-0.8.2-openssl-1.1.patch 8769 BLAKE2B 6c9d7e8c60264b6ac0724891f9cbc9b2436bb943680d3e8612aee152bd360ea9f38a778175906787039041e654b49f91353f4cdc678f36753e289270c4b148b3 SHA512 0ba60719cde9648aae37499c1caa6f3e0630e31f1e819945648d778aa6359f0b3771d7673f16a81c4e7ea8efdcf84bf3fb55979d952cb767cb5334f5d154ca9d
DIST ettercap-0.8.2.tar.gz 8082561 BLAKE2B 851df0a8700de45ce0e3427f7fdbdcd13feb2f75c0d1136563449db634b1f02276bade0d82a1a51bf8de726d6faddf05ff537e397c2e56cfc3e3181d25566fe9 SHA512 18137b1cc518c9db3c9650157a5cbf09dbb665b79876a24875d6c5125e8923ebde543464adb61cf1d1244101242f4d66b80d94ef3b36aa265cefca7646aa6415
EBUILD ettercap-0.8.2-r1.ebuild 1714 BLAKE2B 2ffce7cce8e652e21470b00f70ef35d90ef768a9344abbebcbd92bed23ba008794932e622a3c31002651ff64e27336819943c14c92621fdb79b2d30d63da8852 SHA512 dda9381deb9b088fb39b7c1de4f7421b43c231d0c7535428ea148533787ece0a8bf31a93e580cfe108cfebd73da2b0ed1668274fa93d47042b1342447753be56
+EBUILD ettercap-0.8.2-r2.ebuild 1796 BLAKE2B 79051d2ae904a6d57ec71cf7a280aeccebe8cd0146be8cdd207cc6ff9ee568d2d19078e3849a2b295ad2d25dd6b8d0c906979a11a6a7bc1e62f93e250cf21943 SHA512 6212493404eb51ac612cb4a57fed7bedfce406935cbd5554c9e3a4c08e34d6c5e30d02cccb6891a0acc2e04bf95ddaa6e5de909c1b179321b53cb44675725e06
EBUILD ettercap-0.8.2.ebuild 1660 BLAKE2B 6cf57f82a93894c9bff14d56e823494fd7fd5fcce0285bd19e6316b5db7292e4a19874eccadfaa40ced9e2e3736007e94c30eb96f92f9b3bf714e75dd87f512e SHA512 d8a2b9dc5f6952cbffb15fe18689a7e3587a8d40e52159e65aaea9199f0de43da48bfc6b9c5ee6ab008f24f424d8350b0095246689d7ce36c4cd0a8c9f4f1015
-EBUILD ettercap-9999.ebuild 1969 BLAKE2B 22405e3d575543b2b0c0b7b5021e082fd71c60e5d84adad6234904a6dd1524740961ae73844565bf0fb453b3d6ccd9c9af771ddd6d973ee29529a22fb160ffb8 SHA512 d94cd0e2655ba36f02a1fb2431c8902f4b60f3f9389f30631c8dbfc73ebce9021069800f74c97faaf31aa33d4370bb3b523998242b448aa04fa8b5f875d90493
+EBUILD ettercap-9999.ebuild 1711 BLAKE2B 0ed80f63f24c4c595f2b1caf410259fbe974d0833bf8bdaa14f964009a9bd5c75540fcd6beff17622a355bce45408ea2ca52d2378196c7b37a515c6222d96441 SHA512 9d4fd99f08e11126ba68519404490c7000997aa349805a8d4a6d271e52fcda764dc3c8164a3f5ddfe63e819343d24c7f792d229da9d44ec56f039c87854e37ec
MISC metadata.xml 657 BLAKE2B e32e3fbc55029a9398399a2e2b69974f720826f8769379868ae80e32d2a9b2a69bfeb59b349dae91b7f27a759647091f58ea07a9b23a6dcf32d373966310bdde SHA512 0b682cb596f905882f2c0682c163d31410b94ca873a468db93e155103aeb1e943bff1c55bde1c9537478ce324d368f468bcb91c98f0aefb9dfa2a2239d7f73d5
diff --git a/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild
new file mode 100644
index 000000000000..6fa10f902c26
--- /dev/null
+++ b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit cmake-utils
+
+DESCRIPTION="A suite for man in the middle attacks"
+HOMEPAGE="https://github.com/Ettercap/ettercap"
+
+LICENSE="GPL-2+"
+SLOT="0"
+
+if [[ ${PV} == "9999" ]] ; then
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git"
+else
+ SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+fi
+
+IUSE="doc gtk ipv6 libressl ncurses +plugins test"
+
+RDEPEND="dev-libs/libbsd
+ dev-libs/libpcre
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ net-libs/libnet:1.1
+ >=net-libs/libpcap-0.8.1
+ sys-libs/zlib
+ gtk? (
+ >=dev-libs/atk-1.2.4
+ >=dev-libs/glib-2.2.2:2
+ media-libs/freetype
+ x11-libs/cairo
+ x11-libs/gdk-pixbuf:2
+ >=x11-libs/gtk+-2.2.2:2
+ >=x11-libs/pango-1.2.3
+ )
+ ncurses? ( >=sys-libs/ncurses-5.3:= )
+ plugins? ( >=net-misc/curl-7.26.0 )"
+DEPEND="${RDEPEND}
+ doc? ( app-text/ghostscript-gpl
+ sys-apps/groff )
+ test? ( dev-libs/check )
+ sys-devel/flex
+ virtual/yacc"
+PATCHES=(
+ "${FILESDIR}"/cve-2017-6430.patch
+ "${FILESDIR}"/${P}-openssl-1.1.patch
+)
+
+src_prepare() {
+ sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die
+ cmake-utils_src_prepare
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DENABLE_CURSES="$(usex ncurses)"
+ -DENABLE_GTK="$(usex gtk)"
+ -DENABLE_PLUGINS="$(usex plugins)"
+ -DENABLE_IPV6="$(usex ipv6)"
+ -DENABLE_TESTS="$(usex test)"
+ -DENABLE_PDF_DOCS="$(usex doc)"
+ -DBUNDLED_LIBS=OFF
+ -DSYSTEM_LIBS=ON
+ -DINSTALL_SYSCONFDIR="${EROOT}"etc
+ )
+ #right now we only support gtk2, but ettercap also supports gtk3
+ #do we care? do we want to support both?
+ cmake-utils_src_configure
+}
diff --git a/net-analyzer/ettercap/ettercap-9999.ebuild b/net-analyzer/ettercap/ettercap-9999.ebuild
index c8f2e6e8f41b..b83933eda5d6 100644
--- a/net-analyzer/ettercap/ettercap-9999.ebuild
+++ b/net-analyzer/ettercap/ettercap-9999.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
+EAPI=6
inherit cmake-utils
@@ -16,10 +16,10 @@ if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/Ettercap/${PN}.git"
else
SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work
- KEYWORDS="~alpha ~amd64 ~arm ~sparc ~x86 ~x86-fbsd"
+ KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
fi
-#IUSE="doc gtk ipv6 ncurses +plugins test"
-IUSE="doc gtk ipv6 libressl ncurses +plugins"
+
+IUSE="doc gtk ipv6 libressl ncurses +plugins test"
RDEPEND="dev-libs/libbsd
dev-libs/libpcre
@@ -37,11 +37,12 @@ RDEPEND="dev-libs/libbsd
>=x11-libs/gtk+-2.2.2:2
>=x11-libs/pango-1.2.3
)
- ncurses? ( sys-libs/ncurses:0= )
+ ncurses? ( >=sys-libs/ncurses-5.3:= )
plugins? ( >=net-misc/curl-7.26.0 )"
DEPEND="${RDEPEND}
doc? ( app-text/ghostscript-gpl
sys-apps/groff )
+ test? ( dev-libs/check )
sys-devel/flex
virtual/yacc"
@@ -52,21 +53,17 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
- $(cmake-utils_use_enable ncurses CURSES)
- $(cmake-utils_use_enable gtk)
- $(cmake-utils_use_enable plugins)
- $(cmake-utils_use_enable ipv6)
- $(cmake-utils_use_enable doc PDF_DOCS)
+ -DENABLE_CURSES="$(usex ncurses)"
+ -DENABLE_GTK="$(usex gtk)"
+ -DENABLE_PLUGINS="$(usex plugins)"
+ -DENABLE_IPV6="$(usex ipv6)"
+ -DENABLE_TESTS="$(usex test)"
+ -DENABLE_PDF_DOCS="$(usex doc)"
-DBUNDLED_LIBS=OFF
-DSYSTEM_LIBS=ON
-DINSTALL_SYSCONFDIR="${EROOT}"etc
)
#right now we only support gtk2, but ettercap also supports gtk3
#do we care? do we want to support both?
-
- #we want to enable testing but it fails right now
- #we want to disable the bundled crap, but we are missing at least "libcheck"
- #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version
- #$(cmake-utils_use_enable test TESTS)
cmake-utils_src_configure
}
diff --git a/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch
new file mode 100644
index 000000000000..b7703d3ef5ca
--- /dev/null
+++ b/net-analyzer/ettercap/files/ettercap-0.8.2-openssl-1.1.patch
@@ -0,0 +1,254 @@
+From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
+Date: Mon, 27 Jun 2016 12:41:33 +0200
+Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from
+ https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc)
+ Closes: #739
+
+---
+ src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ src/ec_sslwrap.c | 14 ++++++++
+ 2 files changed, 106 insertions(+), 1 deletion(-)
+
+Index: ettercap-0.8.2/src/dissectors/ec_ssh.c
+===================================================================
+--- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c
++++ ettercap-0.8.2/src/dissectors/ec_ssh.c
+@@ -36,6 +36,10 @@
+ #include <openssl/md5.h>
+ #include <zlib.h>
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define SMSG_PUBLIC_KEY 2
+ #define CMSG_SESSION_KEY 3
+ #define CMSG_USER 4
+@@ -138,6 +142,11 @@
+ char tmp[MAX_ASCII_ADDR_LEN];
+ u_int32 ssh_len, ssh_mod;
+ u_char ssh_packet_type, *ptr, *key_to_put;
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;
++ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;
++ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;
++#endif
+
+ /* don't complain about unused var */
+ (void) DECODE_DATA;
+@@ -383,12 +392,25 @@
+ if (session_data->ptrkey == NULL) {
+ /* Initialize RSA key structures (other fileds are set to 0) */
+ session_data->serverkey = RSA_new();
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ s_n = BN_new();
++ s_e = BN_new();
++ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);
++#else
+ session_data->serverkey->n = BN_new();
+ session_data->serverkey->e = BN_new();
++#endif
+
+ session_data->hostkey = RSA_new();
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ h_n = BN_new();
++ h_e = BN_new();
++ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);
++#else
+ session_data->hostkey->n = BN_new();
+ session_data->hostkey->e = BN_new();
++#endif
+
+ /* Get the RSA Key from the packet */
+ NS_GET32(server_mod,ptr);
+@@ -396,19 +418,37 @@
+ DEBUG_MSG("Dissector_ssh Bougs Server_Mod");
+ return NULL;
+ }
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);
++ get_bn(s_e, &ptr);
++ get_bn(s_n, &ptr);
++#else
+ get_bn(session_data->serverkey->e, &ptr);
+ get_bn(session_data->serverkey->n, &ptr);
++#endif
+
+ NS_GET32(host_mod,ptr);
+ if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {
+ DEBUG_MSG("Dissector_ssh Bougs Host_Mod");
+ return NULL;
+ }
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);
++ get_bn(h_e, &ptr);
++ get_bn(h_n, &ptr);
++#else
+ get_bn(session_data->hostkey->e, &ptr);
+ get_bn(session_data->hostkey->n, &ptr);
++#endif
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ server_exp = BN_get_word(s_e);
++ host_exp = BN_get_word(h_e);
++#else
+ server_exp = *(session_data->serverkey->e->d);
+ host_exp = *(session_data->hostkey->e->d);
++#endif
+
+ /* Check if we already have a suitable RSA key to substitute */
+ index_ssl = &ssh_conn_key;
+@@ -424,7 +464,7 @@
+ SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));
+
+ /* Generate the new key */
+- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL);
++ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);
+ (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL);
+ (*index_ssl)->server_mod = server_mod;
+ (*index_ssl)->host_mod = host_mod;
+@@ -443,11 +483,25 @@
+
+ /* Put our RSA key in the packet */
+ key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);
++ put_bn(m_s_e, &key_to_put);
++ put_bn(m_s_n, &key_to_put);
++#else
+ put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);
+ put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);
++#endif
+ key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);
++ put_bn(m_h_e, &key_to_put);
++ put_bn(m_h_n, &key_to_put);
++#else
+ put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);
+ put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);
++#endif
+
+ /* Recalculate SSH crc */
+ *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));
+@@ -482,19 +536,34 @@
+ key_to_put = ptr;
+
+ /* Calculate real session id and our fake session id */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ temp_session_id = ssh_session_id(cookie, h_n, s_n);
++#else
+ temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);
++#endif
+ if (temp_session_id)
+ memcpy(session_id1, temp_session_id, 16);
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);
++#else
+ temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);
++#endif
++
+ if (temp_session_id)
+ memcpy(session_id2, temp_session_id, 16);
+
+ /* Get the session key */
+ enckey = BN_new();
++
+ get_bn(enckey, &ptr);
+
+ /* Decrypt session key */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ if (BN_cmp(m_s_n, m_h_n) > 0) {
++#else
+ if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {
++#endif
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);
+ rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);
+ } else {
+@@ -534,7 +603,11 @@
+ BN_add_word(bn, sesskey[i]);
+ }
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ if (BN_cmp(s_n, h_n) < 0) {
++#else
+ if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {
++#endif
+ rsa_public_encrypt(bn, bn, session_data->serverkey);
+ rsa_public_encrypt(bn, bn, session_data->hostkey);
+ } else {
+@@ -716,7 +789,16 @@
+ u_char *inbuf, *outbuf;
+ int32 len, ilen, olen;
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ RSA_get0_key(key, &n, &e, &d);
++ olen = BN_num_bytes(n);
++#else
+ olen = BN_num_bytes(key->n);
++#endif
++
+ outbuf = malloc(olen);
+ if (outbuf == NULL) /* oops, couldn't allocate memory */
+ return;
+@@ -744,7 +826,16 @@
+ u_char *inbuf, *outbuf;
+ int32 len, ilen, olen;
+
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ RSA_get0_key(key, &n, &e, &d);
++ olen = BN_num_bytes(n);
++#else
+ olen = BN_num_bytes(key->n);
++#endif
++
+ outbuf = malloc(olen);
+ if (outbuf == NULL) /* oops, couldn't allocate memory */
+ return;
+Index: ettercap-0.8.2/src/ec_sslwrap.c
+===================================================================
+--- ettercap-0.8.2.orig/src/ec_sslwrap.c
++++ ettercap-0.8.2/src/ec_sslwrap.c
+@@ -53,6 +53,10 @@
+ #define OPENSSL_NO_KRB5 1
+ #include <openssl/ssl.h>
+
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define BREAK_ON_ERROR(x,y,z) do { \
+ if (x == -E_INVALID) { \
+ SAFE_FREE(z.DATA.disp_data); \
+@@ -974,9 +978,19 @@
+ index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);
+ if (index >=0) {
+ ext = X509_get_ext(server_cert, index);
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ ASN1_OCTET_STRING* os;
++ os = X509_EXTENSION_get_data (ext);
++#endif
+ if (ext) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++ os->data[7] = 0xe7;
++ os->data[8] = 0x7e;
++ X509_EXTENSION_set_data (ext, os);
++#else
+ ext->value->data[7] = 0xe7;
+ ext->value->data[8] = 0x7e;
++#endif
+ X509_add_ext(out_cert, ext, -1);
+ }
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-06 08:16:56 +0000