moritzruth/void-packages
1
0
Fork 0
Code Releases Activity Actions 2

ettercap: update to 0.8.3.1

Browse source
This commit is contained in:
Nathan Owens 2020-11-03 16:08:55 -06:00 committed by Andrew Benson
parent 7895b8fd96
commit 28446fcb59
4 changed files with 36 additions and 262 deletions
Download patch file Download diff file Expand all files Collapse all files

57
srcpkgs/ettercap/patches/CVE-2017-6430.patch
View file

@ -1,57 +0,0 @@
diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c
index db876636..ddb73bd3 100644
--- utils/etterfilter/ef_compiler.c
+++ utils/etterfilter/ef_compiler.c
@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop)
struct filter_op *array = NULL;
struct unfold_elm *ue;
- BUG_IF(tree_root == NULL);
+ // invalid file
+ if (tree_root == NULL)
+ return 0;
fprintf(stdout, " Unfolding the meta-tree ");
fflush(stdout);
diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c
index ae459134..431084b9 100644
--- utils/etterfilter/ef_main.c
+++ utils/etterfilter/ef_main.c
@@ -39,7 +39,7 @@ struct globals *gbls;
int main(int argc, char *argv[])
{
-
+ int ret_value = 0;
globals_alloc();
/* etterfilter copyright */
fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n",
@@ -84,8 +84,12 @@ int main(int argc, char *argv[])
fprintf(stdout, "\n\nThe script contains errors...\n\n");
/* write to file */
- if (write_output() != E_SUCCESS)
- FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file);
+ ret_value = write_output();
+ if (ret_value == -E_NOTHANDLED)
+ FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file);
+ else if (ret_value == -E_INVALID)
+ FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file);
+
globals_free();
return 0;
}
diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c
index 5ae59190..fcf19f01 100644
--- utils/etterfilter/ef_output.c
+++ utils/etterfilter/ef_output.c
@@ -51,6 +51,9 @@ int write_output(void)
if (fop == NULL)
return -E_NOTHANDLED;
+ if (ninst == 0)
+ return -E_INVALID;
+
/* create the file */
fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644);
ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file);

201
srcpkgs/ettercap/patches/CVE-2017-8366.patch
View file

@ -1,201 +0,0 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 90050590..8f7c7c36 100644
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH)
set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
set(CMAKE_MACOSX_RPATH 1)
endif(NOT DISABLE_RPATH)
+
+# set general build flags for debug build-type
set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
+# append ASAN build flags if compiler version has support
+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+ message("Building with ASAN support (GNU compiler)")
+ else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+ message("Building without ASAN support (GNU compiler)")
+ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
+ if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+ message("Building with ASAN support (Clang compiler)")
+ elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+ message("Building without ASAN support (Clang compiler)")
+ endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+
+# set build flags for release build-type
set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
if(OS_DARWIN)
diff --git a/include/ec_strings.h b/include/ec_strings.h
index f791739d..9ad245ef 100644
--- include/ec_strings.h
+++ include/ec_strings.h
@@ -43,7 +43,7 @@
EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
-EC_API_EXTERN int strescape(char *dst, char *src);
+EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);
EC_API_EXTERN size_t strlen_utf8(const char *s);
EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
diff --git a/src/ec_encryption.c b/src/ec_encryption.c
index 6c02529c..3d505603 100644
--- src/ec_encryption.c
+++ src/ec_encryption.c
@@ -218,7 +218,7 @@ int set_wep_key(char *string)
if (type == 's') {
/* escape the string and check its length */
- if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
+ if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
} else if (type == 'p') {
/* create the key from the passphrase */
diff --git a/src/ec_strings.c b/src/ec_strings.c
index 53583851..21b71926 100644
--- src/ec_strings.c
+++ src/ec_strings.c
@@ -167,13 +167,14 @@ static int hextoint(int c)
/*
* convert the escaped string into a binary one
*/
-int strescape(char *dst, char *src)
+int strescape(char *dst, char *src, size_t len)
{
char *olddst = dst;
+ char *oldsrc = src;
int c;
int val;
- while ((c = *src++) != '\0') {
+ while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
if (c == '\\') {
switch ((c = *src++)) {
case '\0':
@@ -218,9 +219,11 @@ int strescape(char *dst, char *src)
if (c >= '0' && c <= '7')
val = (val << 3) | (c - '0');
else
- --src;
+ if (src > oldsrc) /* protect against buffer underflow */
+ --src;
} else
- --src;
+ if (src > oldsrc) /* protect against buffer underflow */
+ --src;
*dst++ = (char) val;
break;
@@ -232,15 +235,17 @@ int strescape(char *dst, char *src)
c = hextoint(*src++);
if (c >= 0)
val = (val << 4) + c;
- else
- --src;
- } else
- --src;
+ else if (src > oldsrc) /* protect against buffer underflow */
+ --src;
+ } else if (src > oldsrc) /* protect against buffer underflow */
+ --src;
*dst++ = (char) val;
break;
}
- } else if (c == 8 || c == 263) /* the backspace */
- dst--;
+ } else if (c == 8 || c == 263) { /* the backspace */
+ if (dst > oldsrc) /* protect against buffer underflow */
+ dst--;
+ }
else
*dst++ = (char) c;
}
diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c
index fb52331c..011c0edf 100644
--- src/interfaces/curses/ec_curses_view_connections.c
+++ src/interfaces/curses/ec_curses_view_connections.c
@@ -614,7 +614,7 @@ static void inject_user(void)
size_t len;
/* escape the sequnces in the buffer */
- len = strescape((char*)injectbuf, (char*)injectbuf);
+ len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
/* check where to inject */
if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c
index fa7dfdc5..b55e1755 100644
--- src/interfaces/gtk/ec_gtk_view_connections.c
+++ src/interfaces/gtk/ec_gtk_view_connections.c
@@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side)
size_t len;
/* escape the sequnces in the buffer */
- len = strescape(injectbuf, injectbuf);
+ len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
/* check where to inject */
if (side == 1 || side == 2) {
diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c
index d4b9110c..7e359e06 100644
--- utils/etterfilter/ef_encode.c
+++ utils/etterfilter/ef_encode.c
@@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop)
fop->op.test.string = (u_char*)strdup(string + 1);
/* escape it in the structure */
- fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
+ fop->op.test.slen = strescape((char*)fop->op.test.string,
+ (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
return E_SUCCESS;
@@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop)
fop->opcode = FOP_FUNC;
fop->op.func.op = FFUNC_SEARCH;
fop->op.func.string = (u_char*)strdup(dec_args[1]);
- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+ fop->op.func.slen = strescape((char*)fop->op.func.string,
+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
ret = E_SUCCESS;
} else
SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
@@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop)
fop->opcode = FOP_FUNC;
fop->op.func.op = FFUNC_REGEX;
fop->op.func.string = (u_char*)strdup(dec_args[1]);
- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+ fop->op.func.slen = strescape((char*)fop->op.func.string,
+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
ret = E_SUCCESS;
} else
SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
@@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop)
/* replace always operate at DATA level */
fop->op.func.level = 5;
fop->op.func.string = (u_char*)strdup(dec_args[0]);
- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+ fop->op.func.slen = strescape((char*)fop->op.func.string,
+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
fop->op.func.replace = (u_char*)strdup(dec_args[1]);
- fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
+ fop->op.func.rlen = strescape((char*)fop->op.func.replace,
+ (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
ret = E_SUCCESS;
} else
SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
@@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop)
if (nargs == 1) {
fop->op.func.op = FFUNC_MSG;
fop->op.func.string = (u_char*)strdup(dec_args[0]);
- fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
+ fop->op.func.slen = strescape((char*)fop->op.func.string,
+ (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
ret = E_SUCCESS;
} else
SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);

31
srcpkgs/ettercap/patches/libressl.patch Normal file
View file

@ -0,0 +1,31 @@
From b2f7634c9dbc0ef68640f0571787d92300e9f9f9 Mon Sep 17 00:00:00 2001
From: Stefan Strogin <stefan@steils.org>
Date: Sat, 15 Aug 2020 07:18:31 +0300
Subject: [PATCH] ec_sslwrap: fix compilation with LibreSSL
Disable taking over SNI extension from ClientHello and SSL configuration
operations until LibreSSL supports the required API.
Fixes: https://github.com/Ettercap/ettercap/issues/1068
---
src/ec_sslwrap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git src/ec_sslwrap.c src/ec_sslwrap.c
index b9f26a142..1e4c24fc1 100644
--- src/ec_sslwrap.c
+++ src/ec_sslwrap.c
@@ -71,11 +71,11 @@
#define TLS_server_method SSLv23_server_method
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
#define HAVE_OPENSSL_1_1_0
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
#define HAVE_OPENSSL_1_1_1
#endif

9
srcpkgs/ettercap/template
View file

@ -1,18 +1,19 @@
# Template file for 'ettercap' # Template file for 'ettercap'
pkgname=ettercap pkgname=ettercap
version=0.8.2 version=0.8.3.1
revision=14 revision=1
build_style=cmake build_style=cmake
configure_args="-DENABLE_GTK=OFF" configure_args="-DENABLE_GTK=OFF"
hostmakedepends="flex" hostmakedepends="flex"
makedepends="ncurses-devel libressl-devel libcurl-devel libltdl-devel libnet-devel libpcap-devel pcre-devel" makedepends="geoip-devel ncurses-devel libressl-devel libcurl-devel
libltdl-devel libnet-devel libpcap-devel pcre-devel"
conf_files="/etc/${pkgname}/etter.conf" conf_files="/etc/${pkgname}/etter.conf"
short_desc="Network sniffer/interceptor/logger for ethernet LANs" short_desc="Network sniffer/interceptor/logger for ethernet LANs"
maintainer="Orphaned <orphan@voidlinux.org>" maintainer="Orphaned <orphan@voidlinux.org>"
license="GPL-2.0-only" license="GPL-2.0-only"
homepage="http://ettercap.github.com/ettercap/" homepage="http://ettercap.github.com/ettercap/"
distfiles="https://github.com/Ettercap/ettercap/archive/v${version}.tar.gz" distfiles="https://github.com/Ettercap/ettercap/archive/v${version}.tar.gz"
checksum=f38514f35bea58bfe6ef1902bfd4761de0379942a9aa3e175fc9348f4eef2c81 checksum=d0c3ef88dfc284b61d3d5b64d946c1160fd04276b448519c1ae4438a9cdffaf3
lib32disabled=yes lib32disabled=yes
CFLAGS="-fcommon" CFLAGS="-fcommon"