[arch-commits] Commit in ettercap/repos/community-x86_64 (9 files)

Jelle van der Waa jelle at archlinux.org
Fri Sep 13 16:57:11 UTC 2019


    Date: Friday, September 13, 2019 @ 16:57:11
  Author: jelle
Revision: 510356

archrelease: copy trunk to community-x86_64

Added:
  ettercap/repos/community-x86_64/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch
    (from rev 510355, ettercap/trunk/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch)
  ettercap/repos/community-x86_64/CVE-2017-6430.patch
    (from rev 510355, ettercap/trunk/CVE-2017-6430.patch)
  ettercap/repos/community-x86_64/CVE-2017-8366.patch
    (from rev 510355, ettercap/trunk/CVE-2017-8366.patch)
  ettercap/repos/community-x86_64/PKGBUILD
    (from rev 510355, ettercap/trunk/PKGBUILD)
  ettercap/repos/community-x86_64/build.patch
    (from rev 510355, ettercap/trunk/build.patch)
Deleted:
  ettercap/repos/community-x86_64/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch
  ettercap/repos/community-x86_64/CVE-2017-6430.patch
  ettercap/repos/community-x86_64/CVE-2017-8366.patch
  ettercap/repos/community-x86_64/PKGBUILD

-----------------------------------------------------------------+
 0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch |  514 ++++-----
 CVE-2017-6430.patch                                             |  136 +-
 CVE-2017-8366.patch                                             |  516 +++++-----
 PKGBUILD                                                        |  126 +-
 build.patch                                                     |   13 
 5 files changed, 656 insertions(+), 649 deletions(-)

Deleted: 0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch
===================================================================
--- 0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch	2019-09-13 16:56:57 UTC (rev 510355)
+++ 0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch	2019-09-13 16:57:11 UTC (rev 510356)
@@ -1,257 +0,0 @@
-From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001
-From: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
-Date: Mon, 27 Jun 2016 12:41:33 +0200
-Subject: [PATCH] First draft of openssl 1.1 compatibility layer (from
- https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc)
- Closes: #739
-
----
- src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++-
- src/ec_sslwrap.c        | 14 ++++++++
- 2 files changed, 106 insertions(+), 1 deletion(-)
-
-diff --git a/src/dissectors/ec_ssh.c b/src/dissectors/ec_ssh.c
-index f89200dc..26c86491 100644
---- a/src/dissectors/ec_ssh.c
-+++ b/src/dissectors/ec_ssh.c
-@@ -36,6 +36,10 @@
- #include <openssl/md5.h>
- #include <zlib.h>
- 
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
-+#endif
-+
- #define SMSG_PUBLIC_KEY 2
- #define CMSG_SESSION_KEY 3
- #define CMSG_USER 4
-@@ -138,6 +142,11 @@ FUNC_DECODER(dissector_ssh)
-    char tmp[MAX_ASCII_ADDR_LEN];
-    u_int32 ssh_len, ssh_mod;
-    u_char ssh_packet_type, *ptr, *key_to_put;
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+   BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;
-+   BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;
-+   BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;
-+#endif
- 
-    /* don't complain about unused var */
-    (void) DECODE_DATA; 
-@@ -383,12 +392,25 @@ FUNC_DECODER(dissector_ssh)
-             if (session_data->ptrkey == NULL) { 
-                /* Initialize RSA key structures (other fileds are set to 0) */
-                session_data->serverkey = RSA_new();
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+               s_n = BN_new();
-+               s_e = BN_new();
-+               RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);
-+#else
-                session_data->serverkey->n = BN_new();
-                session_data->serverkey->e = BN_new();
-+#endif
- 
-                session_data->hostkey = RSA_new();
-+
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+               h_n = BN_new();
-+               h_e = BN_new();
-+               RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);
-+#else
-                session_data->hostkey->n = BN_new();
-                session_data->hostkey->e = BN_new();
-+#endif
- 
-                /* Get the RSA Key from the packet */
-                NS_GET32(server_mod,ptr);
-@@ -396,19 +418,37 @@ FUNC_DECODER(dissector_ssh)
-                   DEBUG_MSG("Dissector_ssh Bougs Server_Mod");
-                   return NULL;
-                }
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+               RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);
-+               get_bn(s_e, &ptr);
-+               get_bn(s_n, &ptr);
-+#else
-                get_bn(session_data->serverkey->e, &ptr);
-                get_bn(session_data->serverkey->n, &ptr);
-+#endif
- 
-                NS_GET32(host_mod,ptr);
-                if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {
-                   DEBUG_MSG("Dissector_ssh Bougs Host_Mod");
-                   return NULL;
-                }
-+
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+               RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);
-+               get_bn(h_e, &ptr);
-+               get_bn(h_n, &ptr);
-+#else
-                get_bn(session_data->hostkey->e, &ptr);
-                get_bn(session_data->hostkey->n, &ptr);
-+#endif
- 
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+               server_exp = BN_get_word(s_e);
-+               host_exp   = BN_get_word(h_e);
-+#else
-                server_exp = *(session_data->serverkey->e->d);
-                host_exp   = *(session_data->hostkey->e->d);
-+#endif
- 
-                /* Check if we already have a suitable RSA key to substitute */
-                index_ssl = &ssh_conn_key;
-@@ -424,7 +464,7 @@ FUNC_DECODER(dissector_ssh)
-                   SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));
- 
-                   /* Generate the new key */
--                  (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL);
-+                  (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);
-                   (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL);
-                   (*index_ssl)->server_mod = server_mod;
-                   (*index_ssl)->host_mod = host_mod;
-@@ -443,11 +483,25 @@ FUNC_DECODER(dissector_ssh)
- 
-             /* Put our RSA key in the packet */
-             key_to_put+=4;
-+
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+            RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);
-+            put_bn(m_s_e, &key_to_put);
-+            put_bn(m_s_n, &key_to_put);
-+#else
-             put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);
-             put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);
-+#endif
-             key_to_put+=4;
-+
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+            RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);
-+            put_bn(m_h_e, &key_to_put);
-+            put_bn(m_h_n, &key_to_put);
-+#else
-             put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);
-             put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);
-+#endif
- 
-             /* Recalculate SSH crc */
-             *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));
-@@ -482,19 +536,34 @@ FUNC_DECODER(dissector_ssh)
-             key_to_put = ptr;
- 
-             /* Calculate real session id and our fake session id */
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+            temp_session_id = ssh_session_id(cookie, h_n, s_n);
-+#else
-             temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);
-+#endif
-             if (temp_session_id)
-                memcpy(session_id1, temp_session_id, 16);
-+
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+            temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);
-+#else
-             temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);
-+#endif
-+
-             if (temp_session_id)
-                memcpy(session_id2, temp_session_id, 16);
- 
-             /* Get the session key */
-             enckey = BN_new();
-+
-             get_bn(enckey, &ptr);
- 
-             /* Decrypt session key */
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+            if (BN_cmp(m_s_n, m_h_n) > 0) {
-+#else
-             if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {
-+#endif
-               rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);
-               rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);
-             } else {
-@@ -534,7 +603,11 @@ FUNC_DECODER(dissector_ssh)
-                  BN_add_word(bn, sesskey[i]);
-             }
- 
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+            if (BN_cmp(s_n, h_n) < 0) {
-+#else
-             if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {
-+#endif
-                rsa_public_encrypt(bn, bn, session_data->serverkey);
-                rsa_public_encrypt(bn, bn, session_data->hostkey);
-             } else {
-@@ -716,7 +789,16 @@ static void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-    u_char *inbuf, *outbuf;
-    int32 len, ilen, olen;
- 
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+   BIGNUM *n;
-+   BIGNUM *e;
-+   BIGNUM *d;
-+   RSA_get0_key(key, &n, &e, &d);
-+   olen = BN_num_bytes(n);
-+#else
-    olen = BN_num_bytes(key->n);
-+#endif
-+
-    outbuf = malloc(olen);
-    if (outbuf == NULL) /* oops, couldn't allocate memory */
-       return;
-@@ -744,7 +826,16 @@ static void rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
-    u_char *inbuf, *outbuf;
-    int32 len, ilen, olen;
- 
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+   BIGNUM *n;
-+   BIGNUM *e;
-+   BIGNUM *d;
-+   RSA_get0_key(key, &n, &e, &d);
-+   olen = BN_num_bytes(n);
-+#else
-    olen = BN_num_bytes(key->n);
-+#endif
-+
-    outbuf = malloc(olen);
-    if (outbuf == NULL) /* oops, couldn't allocate memory */
-       return;
-diff --git a/src/ec_sslwrap.c b/src/ec_sslwrap.c
-index c6c74421..6369d251 100644
---- a/src/ec_sslwrap.c
-+++ b/src/ec_sslwrap.c
-@@ -56,6 +56,10 @@
- #define OPENSSL_NO_KRB5 1
- #include <openssl/ssl.h>
- 
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
-+#endif
-+
- #define BREAK_ON_ERROR(x,y,z) do {  \
-    if (x == -E_INVALID) {            \
-       SAFE_FREE(z.DATA.disp_data);  \
-@@ -1102,9 +1106,19 @@ static X509 *sslw_create_selfsigned(X509 *server_cert)
-    index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);
-    if (index >=0) {
-       ext = X509_get_ext(server_cert, index);
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+      ASN1_OCTET_STRING* data;
-+      data = X509_EXTENSION_get_data (ext);
-+#endif
-       if (ext) {
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+         data->data[7] = 0xe7;
-+         data->data[8] = 0x7e;
-+         X509_EXTENSION_set_data (ext, data);
-+#else
-          ext->value->data[7] = 0xe7;
-          ext->value->data[8] = 0x7e;
-+#endif
-          X509_add_ext(out_cert, ext, -1);
-       }
-    }
--- 
-2.11.1
-

Copied: ettercap/repos/community-x86_64/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch (from rev 510355, ettercap/trunk/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch)
===================================================================
--- 0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch	                        (rev 0)
+++ 0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch	2019-09-13 16:57:11 UTC (rev 510356)
@@ -0,0 +1,257 @@
+From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
+Date: Mon, 27 Jun 2016 12:41:33 +0200
+Subject: [PATCH] First draft of openssl 1.1 compatibility layer (from
+ https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc)
+ Closes: #739
+
+---
+ src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ src/ec_sslwrap.c        | 14 ++++++++
+ 2 files changed, 106 insertions(+), 1 deletion(-)
+
+diff --git a/src/dissectors/ec_ssh.c b/src/dissectors/ec_ssh.c
+index f89200dc..26c86491 100644
+--- a/src/dissectors/ec_ssh.c
++++ b/src/dissectors/ec_ssh.c
+@@ -36,6 +36,10 @@
+ #include <openssl/md5.h>
+ #include <zlib.h>
+ 
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define SMSG_PUBLIC_KEY 2
+ #define CMSG_SESSION_KEY 3
+ #define CMSG_USER 4
+@@ -138,6 +142,11 @@ FUNC_DECODER(dissector_ssh)
+    char tmp[MAX_ASCII_ADDR_LEN];
+    u_int32 ssh_len, ssh_mod;
+    u_char ssh_packet_type, *ptr, *key_to_put;
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++   BIGNUM *h_n, *s_n, *m_h_n, *m_s_n;
++   BIGNUM *h_e, *s_e, *m_h_e, *m_s_e;
++   BIGNUM *h_d, *s_d, *m_h_d, *m_s_d;
++#endif
+ 
+    /* don't complain about unused var */
+    (void) DECODE_DATA; 
+@@ -383,12 +392,25 @@ FUNC_DECODER(dissector_ssh)
+             if (session_data->ptrkey == NULL) { 
+                /* Initialize RSA key structures (other fileds are set to 0) */
+                session_data->serverkey = RSA_new();
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               s_n = BN_new();
++               s_e = BN_new();
++               RSA_set0_key(session_data->serverkey, s_n, s_e, s_d);
++#else
+                session_data->serverkey->n = BN_new();
+                session_data->serverkey->e = BN_new();
++#endif
+ 
+                session_data->hostkey = RSA_new();
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               h_n = BN_new();
++               h_e = BN_new();
++               RSA_set0_key(session_data->hostkey, h_n, h_e, h_d);
++#else
+                session_data->hostkey->n = BN_new();
+                session_data->hostkey->e = BN_new();
++#endif
+ 
+                /* Get the RSA Key from the packet */
+                NS_GET32(server_mod,ptr);
+@@ -396,19 +418,37 @@ FUNC_DECODER(dissector_ssh)
+                   DEBUG_MSG("Dissector_ssh Bougs Server_Mod");
+                   return NULL;
+                }
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d);
++               get_bn(s_e, &ptr);
++               get_bn(s_n, &ptr);
++#else
+                get_bn(session_data->serverkey->e, &ptr);
+                get_bn(session_data->serverkey->n, &ptr);
++#endif
+ 
+                NS_GET32(host_mod,ptr);
+                if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) {
+                   DEBUG_MSG("Dissector_ssh Bougs Host_Mod");
+                   return NULL;
+                }
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d);
++               get_bn(h_e, &ptr);
++               get_bn(h_n, &ptr);
++#else
+                get_bn(session_data->hostkey->e, &ptr);
+                get_bn(session_data->hostkey->n, &ptr);
++#endif
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++               server_exp = BN_get_word(s_e);
++               host_exp   = BN_get_word(h_e);
++#else
+                server_exp = *(session_data->serverkey->e->d);
+                host_exp   = *(session_data->hostkey->e->d);
++#endif
+ 
+                /* Check if we already have a suitable RSA key to substitute */
+                index_ssl = &ssh_conn_key;
+@@ -424,7 +464,7 @@ FUNC_DECODER(dissector_ssh)
+                   SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key));
+ 
+                   /* Generate the new key */
+-                  (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL);
++                  (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL);
+                   (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL);
+                   (*index_ssl)->server_mod = server_mod;
+                   (*index_ssl)->host_mod = host_mod;
+@@ -443,11 +483,25 @@ FUNC_DECODER(dissector_ssh)
+ 
+             /* Put our RSA key in the packet */
+             key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d);
++            put_bn(m_s_e, &key_to_put);
++            put_bn(m_s_n, &key_to_put);
++#else
+             put_bn(session_data->ptrkey->myserverkey->e, &key_to_put);
+             put_bn(session_data->ptrkey->myserverkey->n, &key_to_put);
++#endif
+             key_to_put+=4;
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d);
++            put_bn(m_h_e, &key_to_put);
++            put_bn(m_h_n, &key_to_put);
++#else
+             put_bn(session_data->ptrkey->myhostkey->e, &key_to_put);
+             put_bn(session_data->ptrkey->myhostkey->n, &key_to_put);
++#endif
+ 
+             /* Recalculate SSH crc */
+             *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO));
+@@ -482,19 +536,34 @@ FUNC_DECODER(dissector_ssh)
+             key_to_put = ptr;
+ 
+             /* Calculate real session id and our fake session id */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            temp_session_id = ssh_session_id(cookie, h_n, s_n);
++#else
+             temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n);
++#endif
+             if (temp_session_id)
+                memcpy(session_id1, temp_session_id, 16);
++
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n);
++#else
+             temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n);
++#endif
++
+             if (temp_session_id)
+                memcpy(session_id2, temp_session_id, 16);
+ 
+             /* Get the session key */
+             enckey = BN_new();
++
+             get_bn(enckey, &ptr);
+ 
+             /* Decrypt session key */
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            if (BN_cmp(m_s_n, m_h_n) > 0) {
++#else
+             if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) {
++#endif
+               rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey);
+               rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey);
+             } else {
+@@ -534,7 +603,11 @@ FUNC_DECODER(dissector_ssh)
+                  BN_add_word(bn, sesskey[i]);
+             }
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++            if (BN_cmp(s_n, h_n) < 0) {
++#else
+             if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) {
++#endif
+                rsa_public_encrypt(bn, bn, session_data->serverkey);
+                rsa_public_encrypt(bn, bn, session_data->hostkey);
+             } else {
+@@ -716,7 +789,16 @@ static void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+    u_char *inbuf, *outbuf;
+    int32 len, ilen, olen;
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++   BIGNUM *n;
++   BIGNUM *e;
++   BIGNUM *d;
++   RSA_get0_key(key, &n, &e, &d);
++   olen = BN_num_bytes(n);
++#else
+    olen = BN_num_bytes(key->n);
++#endif
++
+    outbuf = malloc(olen);
+    if (outbuf == NULL) /* oops, couldn't allocate memory */
+       return;
+@@ -744,7 +826,16 @@ static void rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+    u_char *inbuf, *outbuf;
+    int32 len, ilen, olen;
+ 
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++   BIGNUM *n;
++   BIGNUM *e;
++   BIGNUM *d;
++   RSA_get0_key(key, &n, &e, &d);
++   olen = BN_num_bytes(n);
++#else
+    olen = BN_num_bytes(key->n);
++#endif
++
+    outbuf = malloc(olen);
+    if (outbuf == NULL) /* oops, couldn't allocate memory */
+       return;
+diff --git a/src/ec_sslwrap.c b/src/ec_sslwrap.c
+index c6c74421..6369d251 100644
+--- a/src/ec_sslwrap.c
++++ b/src/ec_sslwrap.c
+@@ -56,6 +56,10 @@
+ #define OPENSSL_NO_KRB5 1
+ #include <openssl/ssl.h>
+ 
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
++#endif
++
+ #define BREAK_ON_ERROR(x,y,z) do {  \
+    if (x == -E_INVALID) {            \
+       SAFE_FREE(z.DATA.disp_data);  \
+@@ -1102,9 +1106,19 @@ static X509 *sslw_create_selfsigned(X509 *server_cert)
+    index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1);
+    if (index >=0) {
+       ext = X509_get_ext(server_cert, index);
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++      ASN1_OCTET_STRING* data;
++      data = X509_EXTENSION_get_data (ext);
++#endif
+       if (ext) {
++#ifdef HAVE_OPAQUE_RSA_DSA_DH
++         data->data[7] = 0xe7;
++         data->data[8] = 0x7e;
++         X509_EXTENSION_set_data (ext, data);
++#else
+          ext->value->data[7] = 0xe7;
+          ext->value->data[8] = 0x7e;
++#endif
+          X509_add_ext(out_cert, ext, -1);
+       }
+    }
+-- 
+2.11.1
+

Deleted: CVE-2017-6430.patch
===================================================================
--- CVE-2017-6430.patch	2019-09-13 16:56:57 UTC (rev 510355)
+++ CVE-2017-6430.patch	2019-09-13 16:57:11 UTC (rev 510356)
@@ -1,68 +0,0 @@
-From 4ad7f85dc01202e363659aa473c99470b3f4e1f4 Mon Sep 17 00:00:00 2001
-From: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
-Date: Tue, 7 Mar 2017 22:05:31 +0100
-Subject: [PATCH] Fix issue #782
-
----
- utils/etterfilter/ef_compiler.c |  4 +++-
- utils/etterfilter/ef_main.c     | 10 +++++++---
- utils/etterfilter/ef_output.c   |  3 +++
- 3 files changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c
-index db876636e..ddb73bd30 100644
---- a/utils/etterfilter/ef_compiler.c
-+++ b/utils/etterfilter/ef_compiler.c
-@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop)
-    struct filter_op *array = NULL;
-    struct unfold_elm *ue;
- 
--   BUG_IF(tree_root == NULL);
-+   // invalid file
-+   if (tree_root == NULL)
-+      return 0;
-   
-    fprintf(stdout, " Unfolding the meta-tree ");
-    fflush(stdout);
-diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c
-index ae4591344..431084b91 100644
---- a/utils/etterfilter/ef_main.c
-+++ b/utils/etterfilter/ef_main.c
-@@ -39,7 +39,7 @@ struct globals *gbls;
- 
- int main(int argc, char *argv[])
- {
--
-+   int ret_value = 0;
-    globals_alloc();
-    /* etterfilter copyright */
-    fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n", 
-@@ -84,8 +84,12 @@ int main(int argc, char *argv[])
-       fprintf(stdout, "\n\nThe script contains errors...\n\n");
-   
-    /* write to file */
--   if (write_output() != E_SUCCESS)
--      FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file);
-+   ret_value = write_output();
-+   if (ret_value == -E_NOTHANDLED)
-+      FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file);
-+   else if (ret_value == -E_INVALID)
-+      FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file);
-+
-    globals_free();
-    return 0;
- }
-diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c
-index 5ae591904..fcf19f010 100644
---- a/utils/etterfilter/ef_output.c
-+++ b/utils/etterfilter/ef_output.c
-@@ -51,6 +51,9 @@ int write_output(void)
-    if (fop == NULL)
-       return -E_NOTHANDLED;
- 
-+   if (ninst == 0)
-+      return -E_INVALID;
-+
-    /* create the file */
-    fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644);
-    ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file);

Copied: ettercap/repos/community-x86_64/CVE-2017-6430.patch (from rev 510355, ettercap/trunk/CVE-2017-6430.patch)
===================================================================
--- CVE-2017-6430.patch	                        (rev 0)
+++ CVE-2017-6430.patch	2019-09-13 16:57:11 UTC (rev 510356)
@@ -0,0 +1,68 @@
+From 4ad7f85dc01202e363659aa473c99470b3f4e1f4 Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
+Date: Tue, 7 Mar 2017 22:05:31 +0100
+Subject: [PATCH] Fix issue #782
+
+---
+ utils/etterfilter/ef_compiler.c |  4 +++-
+ utils/etterfilter/ef_main.c     | 10 +++++++---
+ utils/etterfilter/ef_output.c   |  3 +++
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c
+index db876636e..ddb73bd30 100644
+--- a/utils/etterfilter/ef_compiler.c
++++ b/utils/etterfilter/ef_compiler.c
+@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop)
+    struct filter_op *array = NULL;
+    struct unfold_elm *ue;
+ 
+-   BUG_IF(tree_root == NULL);
++   // invalid file
++   if (tree_root == NULL)
++      return 0;
+   
+    fprintf(stdout, " Unfolding the meta-tree ");
+    fflush(stdout);
+diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c
+index ae4591344..431084b91 100644
+--- a/utils/etterfilter/ef_main.c
++++ b/utils/etterfilter/ef_main.c
+@@ -39,7 +39,7 @@ struct globals *gbls;
+ 
+ int main(int argc, char *argv[])
+ {
+-
++   int ret_value = 0;
+    globals_alloc();
+    /* etterfilter copyright */
+    fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n", 
+@@ -84,8 +84,12 @@ int main(int argc, char *argv[])
+       fprintf(stdout, "\n\nThe script contains errors...\n\n");
+   
+    /* write to file */
+-   if (write_output() != E_SUCCESS)
+-      FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file);
++   ret_value = write_output();
++   if (ret_value == -E_NOTHANDLED)
++      FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file);
++   else if (ret_value == -E_INVALID)
++      FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file);
++
+    globals_free();
+    return 0;
+ }
+diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c
+index 5ae591904..fcf19f010 100644
+--- a/utils/etterfilter/ef_output.c
++++ b/utils/etterfilter/ef_output.c
+@@ -51,6 +51,9 @@ int write_output(void)
+    if (fop == NULL)
+       return -E_NOTHANDLED;
+ 
++   if (ninst == 0)
++      return -E_INVALID;
++
+    /* create the file */
+    fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644);
+    ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file);

Deleted: CVE-2017-8366.patch
===================================================================
--- CVE-2017-8366.patch	2019-09-13 16:56:57 UTC (rev 510355)
+++ CVE-2017-8366.patch	2019-09-13 16:57:11 UTC (rev 510356)
@@ -1,258 +0,0 @@
-From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
-From: Alexander Koeppe <format_c at online.de>
-Date: Thu, 1 Jun 2017 08:56:23 +0200
-Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type
-
----
- CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 90050590f..8e823669c 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -126,7 +126,7 @@ if(NOT DISABLE_RPATH)
-   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
-   set(CMAKE_MACOSX_RPATH 1)
- endif(NOT DISABLE_RPATH)
--set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
-+set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
- set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
- 
- if(OS_DARWIN)
-
-From 044051d302da73e16b0577eb797cd42affba27e5 Mon Sep 17 00:00:00 2001
-From: Alexander Koeppe <format_c at online.de>
-Date: Thu, 1 Jun 2017 08:56:57 +0200
-Subject: [PATCH 2/4] fix buffer over- / underflow conditions
-
----
- include/ec_strings.h |  2 +-
- src/ec_strings.c     | 25 +++++++++++++++----------
- 2 files changed, 16 insertions(+), 11 deletions(-)
-
-diff --git a/include/ec_strings.h b/include/ec_strings.h
-index f791739da..9ad245ef3 100644
---- a/include/ec_strings.h
-+++ b/include/ec_strings.h
-@@ -43,7 +43,7 @@
- 
- EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
- EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
--EC_API_EXTERN int strescape(char *dst, char *src);
-+EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
- EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);   
- EC_API_EXTERN size_t strlen_utf8(const char *s);
- EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
-diff --git a/src/ec_strings.c b/src/ec_strings.c
-index 53583851a..21b71926c 100644
---- a/src/ec_strings.c
-+++ b/src/ec_strings.c
-@@ -167,13 +167,14 @@ static int hextoint(int c)
- /* 
-  * convert the escaped string into a binary one
-  */
--int strescape(char *dst, char *src)
-+int strescape(char *dst, char *src, size_t len)
- {
-    char  *olddst = dst;
-+   char  *oldsrc = src;
-    int   c;
-    int   val;
- 
--   while ((c = *src++) != '\0') {
-+   while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
-       if (c == '\\') {
-          switch ((c = *src++)) {
-             case '\0':
-@@ -218,9 +219,11 @@ int strescape(char *dst, char *src)
-                   if (c >= '0' && c <= '7')
-                      val = (val << 3) | (c - '0');
-                   else 
--                     --src;
-+                     if (src > oldsrc) /* protect against buffer underflow */
-+                        --src;
-                } else 
--                  --src;
-+                  if (src > oldsrc) /* protect against buffer underflow */
-+                     --src;
-                *dst++ = (char) val;
-                break;
- 
-@@ -232,15 +235,17 @@ int strescape(char *dst, char *src)
-                        c = hextoint(*src++);
-                        if (c >= 0) 
-                           val = (val << 4) + c;
--                       else 
--                          --src;
--               } else 
--                  --src;
-+                       else if (src > oldsrc) /* protect against buffer underflow */
-+                             --src;
-+               } else if (src > oldsrc) /* protect against buffer underflow */
-+                     --src;
-                *dst++ = (char) val;
-                break;
-          }
--      } else if (c == 8 || c == 263)  /* the backspace */
--         dst--;
-+      } else if (c == 8 || c == 263) {  /* the backspace */
-+         if (dst > oldsrc) /* protect against buffer underflow */
-+            dst--;
-+      }
-       else
-          *dst++ = (char) c;
-    }
-
-From 19706cf53b189fbc996791cdb4b0d9a1f0feae5f Mon Sep 17 00:00:00 2001
-From: Alexander Koeppe <format_c at online.de>
-Date: Thu, 1 Jun 2017 08:57:54 +0200
-Subject: [PATCH 3/4] adapt calls of strescape() adding strlen
-
----
- src/ec_encryption.c                                |  2 +-
- src/interfaces/curses/ec_curses_view_connections.c |  2 +-
- src/interfaces/gtk/ec_gtk_view_connections.c       |  2 +-
- utils/etterfilter/ef_encode.c                      | 18 ++++++++++++------
- 4 files changed, 15 insertions(+), 9 deletions(-)
-
-diff --git a/src/ec_encryption.c b/src/ec_encryption.c
-index 6c02529c1..3d5056030 100644
---- a/src/ec_encryption.c
-+++ b/src/ec_encryption.c
-@@ -218,7 +218,7 @@ int set_wep_key(char *string)
- 
-    if (type == 's') {
-       /* escape the string and check its length */
--      if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
-+      if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
-     	  SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
-    } else if (type == 'p') {
-       /* create the key from the passphrase */
-diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c
-index fb52331cf..011c0edf7 100644
---- a/src/interfaces/curses/ec_curses_view_connections.c
-+++ b/src/interfaces/curses/ec_curses_view_connections.c
-@@ -614,7 +614,7 @@ static void inject_user(void)
-    size_t len;
- 
-    /* escape the sequnces in the buffer */
--   len = strescape((char*)injectbuf, (char*)injectbuf);
-+   len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
-    
-    /* check where to inject */
-    if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
-diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c
-index fa7dfdc58..b55e1755a 100644
---- a/src/interfaces/gtk/ec_gtk_view_connections.c
-+++ b/src/interfaces/gtk/ec_gtk_view_connections.c
-@@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side)
-    size_t len;
-     
-    /* escape the sequnces in the buffer */
--   len = strescape(injectbuf, injectbuf);
-+   len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
- 
-    /* check where to inject */
-    if (side == 1 || side == 2) {
-diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c
-index d4b9110cd..7e359e062 100644
---- a/utils/etterfilter/ef_encode.c
-+++ b/utils/etterfilter/ef_encode.c
-@@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop)
-       fop->op.test.string = (u_char*)strdup(string + 1);
-          
-       /* escape it in the structure */
--      fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
-+      fop->op.test.slen = strescape((char*)fop->op.test.string, 
-+            (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
-      
-       return E_SUCCESS;
-       
-@@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop)
-             fop->opcode = FOP_FUNC;
-             fop->op.func.op = FFUNC_SEARCH;
-             fop->op.func.string = (u_char*)strdup(dec_args[1]);
--            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
-+            fop->op.func.slen = strescape((char*)fop->op.func.string, 
-+                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
-             ret = E_SUCCESS;
-          } else
-             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
-@@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop)
-             fop->opcode = FOP_FUNC;
-             fop->op.func.op = FFUNC_REGEX;
-             fop->op.func.string = (u_char*)strdup(dec_args[1]);
--            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
-+            fop->op.func.slen = strescape((char*)fop->op.func.string, 
-+                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
-             ret = E_SUCCESS;
-          } else
-             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
-@@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop)
-          /* replace always operate at DATA level */
-          fop->op.func.level = 5;
-          fop->op.func.string = (u_char*)strdup(dec_args[0]);
--         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
-+         fop->op.func.slen = strescape((char*)fop->op.func.string, 
-+               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
-          fop->op.func.replace = (u_char*)strdup(dec_args[1]);
--         fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
-+         fop->op.func.rlen = strescape((char*)fop->op.func.replace, 
-+               (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
-          ret = E_SUCCESS;
-       } else
-          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
-@@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop)
-       if (nargs == 1) {
-          fop->op.func.op = FFUNC_MSG;
-          fop->op.func.string = (u_char*)strdup(dec_args[0]);
--         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
-+         fop->op.func.slen = strescape((char*)fop->op.func.string, 
-+               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
-          ret = E_SUCCESS;
-       } else
-          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
-
-From b005d55d4eae444c5be14eb792b50657a14c7b1d Mon Sep 17 00:00:00 2001
-From: Alexander Koeppe <format_c at online.de>
-Date: Sun, 4 Jun 2017 08:09:04 +0200
-Subject: [PATCH 4/4] Only add ASAN flags depeding on compiler version
-
----
- CMakeLists.txt | 22 +++++++++++++++++++++-
- 1 file changed, 21 insertions(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 8e823669c..8f7c7c368 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH)
-   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
-   set(CMAKE_MACOSX_RPATH 1)
- endif(NOT DISABLE_RPATH)
--set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+
-+# set general build flags for debug build-type
-+set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
-+# append ASAN build flags if compiler version has support
-+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (GNU compiler)")
-+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      message("Building without ASAN support (GNU compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (Clang compiler)")
-+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      message("Building without ASAN support (Clang compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+
-+# set build flags for release build-type
- set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
- 
- if(OS_DARWIN)

Copied: ettercap/repos/community-x86_64/CVE-2017-8366.patch (from rev 510355, ettercap/trunk/CVE-2017-8366.patch)
===================================================================
--- CVE-2017-8366.patch	                        (rev 0)
+++ CVE-2017-8366.patch	2019-09-13 16:57:11 UTC (rev 510356)
@@ -0,0 +1,258 @@
+From d14d2558da14a33abf7baab28957488a75d16af1 Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c at online.de>
+Date: Thu, 1 Jun 2017 08:56:23 +0200
+Subject: [PATCH 1/4] Add ASAN compiler flags in DEBUG build type
+
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 90050590f..8e823669c 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -126,7 +126,7 @@ if(NOT DISABLE_RPATH)
+   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+   set(CMAKE_MACOSX_RPATH 1)
+ endif(NOT DISABLE_RPATH)
+-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
++set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+ set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+ 
+ if(OS_DARWIN)
+
+From 044051d302da73e16b0577eb797cd42affba27e5 Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c at online.de>
+Date: Thu, 1 Jun 2017 08:56:57 +0200
+Subject: [PATCH 2/4] fix buffer over- / underflow conditions
+
+---
+ include/ec_strings.h |  2 +-
+ src/ec_strings.c     | 25 +++++++++++++++----------
+ 2 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/include/ec_strings.h b/include/ec_strings.h
+index f791739da..9ad245ef3 100644
+--- a/include/ec_strings.h
++++ b/include/ec_strings.h
+@@ -43,7 +43,7 @@
+ 
+ EC_API_EXTERN int match_pattern(const char *s, const char *pattern);
+ EC_API_EXTERN int base64_decode(char *bufplain, const char *bufcoded);
+-EC_API_EXTERN int strescape(char *dst, char *src);
++EC_API_EXTERN int strescape(char *dst, char *src, size_t len);
+ EC_API_EXTERN int str_replace(char **text, const char *s, const char *d);   
+ EC_API_EXTERN size_t strlen_utf8(const char *s);
+ EC_API_EXTERN char * ec_strtok(char *s, const char *delim, char **ptrptr);
+diff --git a/src/ec_strings.c b/src/ec_strings.c
+index 53583851a..21b71926c 100644
+--- a/src/ec_strings.c
++++ b/src/ec_strings.c
+@@ -167,13 +167,14 @@ static int hextoint(int c)
+ /* 
+  * convert the escaped string into a binary one
+  */
+-int strescape(char *dst, char *src)
++int strescape(char *dst, char *src, size_t len)
+ {
+    char  *olddst = dst;
++   char  *oldsrc = src;
+    int   c;
+    int   val;
+ 
+-   while ((c = *src++) != '\0') {
++   while ((c = *src++) != '\0' && (size_t)(src - oldsrc) <= len) {
+       if (c == '\\') {
+          switch ((c = *src++)) {
+             case '\0':
+@@ -218,9 +219,11 @@ int strescape(char *dst, char *src)
+                   if (c >= '0' && c <= '7')
+                      val = (val << 3) | (c - '0');
+                   else 
+-                     --src;
++                     if (src > oldsrc) /* protect against buffer underflow */
++                        --src;
+                } else 
+-                  --src;
++                  if (src > oldsrc) /* protect against buffer underflow */
++                     --src;
+                *dst++ = (char) val;
+                break;
+ 
+@@ -232,15 +235,17 @@ int strescape(char *dst, char *src)
+                        c = hextoint(*src++);
+                        if (c >= 0) 
+                           val = (val << 4) + c;
+-                       else 
+-                          --src;
+-               } else 
+-                  --src;
++                       else if (src > oldsrc) /* protect against buffer underflow */
++                             --src;
++               } else if (src > oldsrc) /* protect against buffer underflow */
++                     --src;
+                *dst++ = (char) val;
+                break;
+          }
+-      } else if (c == 8 || c == 263)  /* the backspace */
+-         dst--;
++      } else if (c == 8 || c == 263) {  /* the backspace */
++         if (dst > oldsrc) /* protect against buffer underflow */
++            dst--;
++      }
+       else
+          *dst++ = (char) c;
+    }
+
+From 19706cf53b189fbc996791cdb4b0d9a1f0feae5f Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c at online.de>
+Date: Thu, 1 Jun 2017 08:57:54 +0200
+Subject: [PATCH 3/4] adapt calls of strescape() adding strlen
+
+---
+ src/ec_encryption.c                                |  2 +-
+ src/interfaces/curses/ec_curses_view_connections.c |  2 +-
+ src/interfaces/gtk/ec_gtk_view_connections.c       |  2 +-
+ utils/etterfilter/ef_encode.c                      | 18 ++++++++++++------
+ 4 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/src/ec_encryption.c b/src/ec_encryption.c
+index 6c02529c1..3d5056030 100644
+--- a/src/ec_encryption.c
++++ b/src/ec_encryption.c
+@@ -218,7 +218,7 @@ int set_wep_key(char *string)
+ 
+    if (type == 's') {
+       /* escape the string and check its length */
+-      if (strescape((char *)tmp_wkey, p) != (int)tmp_wkey_len)
++      if (strescape((char *)tmp_wkey, p, strlen(tmp_wkey)+1) != (int)tmp_wkey_len)
+     	  SEMIFATAL_ERROR("Specified WEP key length does not match the given string");
+    } else if (type == 'p') {
+       /* create the key from the passphrase */
+diff --git a/src/interfaces/curses/ec_curses_view_connections.c b/src/interfaces/curses/ec_curses_view_connections.c
+index fb52331cf..011c0edf7 100644
+--- a/src/interfaces/curses/ec_curses_view_connections.c
++++ b/src/interfaces/curses/ec_curses_view_connections.c
+@@ -614,7 +614,7 @@ static void inject_user(void)
+    size_t len;
+ 
+    /* escape the sequnces in the buffer */
+-   len = strescape((char*)injectbuf, (char*)injectbuf);
++   len = strescape((char*)injectbuf, (char*)injectbuf, strlen(injectbuf)+1);
+    
+    /* check where to inject */
+    if (wdg_c1->flags & WDG_OBJ_FOCUSED) {
+diff --git a/src/interfaces/gtk/ec_gtk_view_connections.c b/src/interfaces/gtk/ec_gtk_view_connections.c
+index fa7dfdc58..b55e1755a 100644
+--- a/src/interfaces/gtk/ec_gtk_view_connections.c
++++ b/src/interfaces/gtk/ec_gtk_view_connections.c
+@@ -1627,7 +1627,7 @@ static void gtkui_inject_user(int side)
+    size_t len;
+     
+    /* escape the sequnces in the buffer */
+-   len = strescape(injectbuf, injectbuf);
++   len = strescape(injectbuf, injectbuf, strlen(injectbuf)+1);
+ 
+    /* check where to inject */
+    if (side == 1 || side == 2) {
+diff --git a/utils/etterfilter/ef_encode.c b/utils/etterfilter/ef_encode.c
+index d4b9110cd..7e359e062 100644
+--- a/utils/etterfilter/ef_encode.c
++++ b/utils/etterfilter/ef_encode.c
+@@ -136,7 +136,8 @@ int encode_const(char *string, struct filter_op *fop)
+       fop->op.test.string = (u_char*)strdup(string + 1);
+          
+       /* escape it in the structure */
+-      fop->op.test.slen = strescape((char*)fop->op.test.string, (char*)fop->op.test.string);
++      fop->op.test.slen = strescape((char*)fop->op.test.string, 
++            (char*)fop->op.test.string, strlen(fop->op.test.string)+1);
+      
+       return E_SUCCESS;
+       
+@@ -184,7 +185,8 @@ int encode_function(char *string, struct filter_op *fop)
+             fop->opcode = FOP_FUNC;
+             fop->op.func.op = FFUNC_SEARCH;
+             fop->op.func.string = (u_char*)strdup(dec_args[1]);
+-            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++            fop->op.func.slen = strescape((char*)fop->op.func.string, 
++                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+             ret = E_SUCCESS;
+          } else
+             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
+@@ -202,7 +204,8 @@ int encode_function(char *string, struct filter_op *fop)
+             fop->opcode = FOP_FUNC;
+             fop->op.func.op = FFUNC_REGEX;
+             fop->op.func.string = (u_char*)strdup(dec_args[1]);
+-            fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++            fop->op.func.slen = strescape((char*)fop->op.func.string, 
++                  (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+             ret = E_SUCCESS;
+          } else
+             SCRIPT_ERROR("Unknown offset %s ", dec_args[0]);
+@@ -272,9 +275,11 @@ int encode_function(char *string, struct filter_op *fop)
+          /* replace always operate at DATA level */
+          fop->op.func.level = 5;
+          fop->op.func.string = (u_char*)strdup(dec_args[0]);
+-         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++         fop->op.func.slen = strescape((char*)fop->op.func.string, 
++               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+          fop->op.func.replace = (u_char*)strdup(dec_args[1]);
+-         fop->op.func.rlen = strescape((char*)fop->op.func.replace, (char*)fop->op.func.replace);
++         fop->op.func.rlen = strescape((char*)fop->op.func.replace, 
++               (char*)fop->op.func.replace, strlen(fop->op.func.replace)+1);
+          ret = E_SUCCESS;
+       } else
+          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
+@@ -328,7 +333,8 @@ int encode_function(char *string, struct filter_op *fop)
+       if (nargs == 1) {
+          fop->op.func.op = FFUNC_MSG;
+          fop->op.func.string = (u_char*)strdup(dec_args[0]);
+-         fop->op.func.slen = strescape((char*)fop->op.func.string, (char*)fop->op.func.string);
++         fop->op.func.slen = strescape((char*)fop->op.func.string, 
++               (char*)fop->op.func.string, strlen(fop->op.func.string)+1);
+          ret = E_SUCCESS;
+       } else
+          SCRIPT_ERROR("Wrong number of arguments for function \"%s\" ", name);
+
+From b005d55d4eae444c5be14eb792b50657a14c7b1d Mon Sep 17 00:00:00 2001
+From: Alexander Koeppe <format_c at online.de>
+Date: Sun, 4 Jun 2017 08:09:04 +0200
+Subject: [PATCH 4/4] Only add ASAN flags depeding on compiler version
+
+---
+ CMakeLists.txt | 22 +++++++++++++++++++++-
+ 1 file changed, 21 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 8e823669c..8f7c7c368 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -126,7 +126,27 @@ if(NOT DISABLE_RPATH)
+   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+   set(CMAKE_MACOSX_RPATH 1)
+ endif(NOT DISABLE_RPATH)
+-set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++
++# set general build flags for debug build-type
++set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
++# append ASAN build flags if compiler version has support
++if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++      message("Building with ASAN support (GNU compiler)")
++   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++      message("Building without ASAN support (GNU compiler)")
++   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
++elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
++   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
++      message("Building with ASAN support (Clang compiler)")
++   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++      message("Building without ASAN support (Clang compiler)")
++   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
++endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
++
++# set build flags for release build-type
+ set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+ 
+ if(OS_DARWIN)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2019-09-13 16:56:57 UTC (rev 510355)
+++ PKGBUILD	2019-09-13 16:57:11 UTC (rev 510356)
@@ -1,66 +0,0 @@
-# $Id$
-# Maintainer:
-# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
-
-pkgbase=ettercap
-pkgname=('ettercap' 'ettercap-gtk')
-pkgver=0.8.2
-pkgrel=5
-arch=('i686' 'x86_64')
-url="http://ettercap.github.com/ettercap/"
-license=('GPL')
-depends=('openssl' 'libpcap' 'pcre' 'libltdl' 'libnet' 'ethtool' 'curl')
-makedepends=('ghostscript' 'cmake' 'libpcap' 'libltdl' 'libnet' 'gtk2')
-options=('!makeflags' '!emptydirs')
-source=("$pkgbase-$pkgver.tar.gz::https://github.com/Ettercap/ettercap/archive/v$pkgver.tar.gz" 0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch
-        CVE-2017-6430.patch CVE-2017-8366.patch)
-sha1sums=('7e528632ca01c5977da1a0af56a5e05fbc383832'
-          '425fd778afd8fd75baccb9fb0a43c7b246304b32'
-          '3a3d6423368403f03205077493e80c1c4ebaab26'
-          'eabee4ad0ff0832b3cf46f453e3fa4ee8768f325')
-
-prepare() {
-  cd "${pkgbase}-${pkgver}"
-  patch -Np1 -i $srcdir/0001-First-draft-of-openssl-1.1-compatibility-layer-from-.patch
-  patch -Np1 -i $srcdir/CVE-2017-6430.patch
-  patch -Np1 -i $srcdir/CVE-2017-8366.patch
-}
-
-build() {
-  cd "${srcdir}"
-
-  cp -r ${pkgbase}-${pkgver} ${pkgbase}-${pkgver}-gtk
-
-  cd ${pkgbase}-${pkgver}
-  mkdir build
-  cd build
-  cmake -D ENABLE_GTK=OFF -D CMAKE_INSTALL_PREFIX=/usr -D INSTALL_PREFIX=/usr -D CMAKE_BUILD_TYPE=Release ../
-  make
-
-  cd "$srcdir"/${pkgbase}-${pkgver}-gtk
-  mkdir build
-  cd build
-  cmake -D ENABLE_GTK=ON -D CMAKE_INSTALL_PREFIX=/usr -D INSTALL_PREFIX=/usr -D CMAKE_BUILD_TYPE=Release ../
-  make
-}
-
-package_ettercap() {
-  pkgdesc="A network sniffer/interceptor/logger for ethernet LANs - console"
-  backup=('etc/ettercap/etter.conf')
-  conflicts=('ettercap-gtk')
-
-  cd "${srcdir}"/${pkgbase}-${pkgver}/build
-  make DESTDIR="${pkgdir}" install
-}
-
-package_ettercap-gtk() {
-  pkgdesc="A network sniffer/interceptor/logger for ethernet LANs - GTK frontend"
-  depends+=('gtk2')
-  backup=('etc/ettercap/etter.conf')
-  conflicts=('ettercap')
-  provides=('ettercap')
-  optdepends=('polkit: to run ettercap directly from menu')
-
-  cd "${srcdir}"/${pkgbase}-${pkgver}-gtk/build
-  make DESTDIR="${pkgdir}" install
-}

Copied: ettercap/repos/community-x86_64/PKGBUILD (from rev 510355, ettercap/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2019-09-13 16:57:11 UTC (rev 510356)
@@ -0,0 +1,60 @@
+# Maintainer:
+# Contributor: Tom Newsom <Jeepster at gmx.co.uk>
+
+pkgbase=ettercap
+pkgname=('ettercap' 'ettercap-gtk')
+pkgver=0.8.3
+pkgrel=1
+arch=('x86_64')
+url="https://ettercap.github.com/ettercap/"
+license=('GPL')
+depends=('openssl' 'libpcap' 'pcre' 'libltdl' 'libnet' 'ethtool' 'curl' 'geoip')
+makedepends=('ghostscript' 'cmake' 'libpcap' 'libltdl' 'libnet' 'gtk3' 'harfbuzz')
+options=('!makeflags' '!emptydirs')
+source=("$pkgbase-$pkgver.tar.gz::https://github.com/Ettercap/ettercap/archive/v$pkgver.tar.gz" build.patch)
+sha1sums=('1db39315b2b2b574dc1eb3f7ae72871ad2391e2f'
+          '6d01c9517dc8b2981dccf9bd92c592ff8a7f90ba')
+
+prepare() {
+  cd "${pkgbase}-${pkgver}"
+  patch -Np1 -i $srcdir/build.patch
+}
+
+build() {
+  cd "${srcdir}"
+
+  cp -r ${pkgbase}-${pkgver} ${pkgbase}-${pkgver}-gtk
+
+  cd ${pkgbase}-${pkgver}
+  mkdir build
+  cd build
+  cmake -D ENABLE_GTK=OFF -D CMAKE_INSTALL_PREFIX=/usr -D INSTALL_PREFIX=/usr -D CMAKE_BUILD_TYPE=Release ../
+  make
+
+  cd "$srcdir"/${pkgbase}-${pkgver}-gtk
+  mkdir build
+  cd build
+  cmake -D ENABLE_GTK=ON -D CMAKE_INSTALL_PREFIX=/usr -D INSTALL_PREFIX=/usr -D CMAKE_BUILD_TYPE=Release ../
+  make
+}
+
+package_ettercap() {
+  pkgdesc="A network sniffer/interceptor/logger for ethernet LANs - console"
+  backup=('etc/ettercap/etter.conf')
+  conflicts=('ettercap-gtk')
+
+  cd "${srcdir}"/${pkgbase}-${pkgver}/build
+  make DESTDIR="${pkgdir}" install
+}
+
+package_ettercap-gtk() {
+  pkgdesc="A network sniffer/interceptor/logger for ethernet LANs - GTK frontend"
+  depends+=('gtk3' 'harfbuzz')
+  backup=('etc/ettercap/etter.conf')
+  conflicts=('ettercap')
+  provides=('ettercap')
+  optdepends=('polkit: to run ettercap directly from menu')
+
+  cd "${srcdir}"/${pkgbase}-${pkgver}-gtk/build
+  make DESTDIR="${pkgdir}" install
+}

Copied: ettercap/repos/community-x86_64/build.patch (from rev 510355, ettercap/trunk/build.patch)
===================================================================
--- build.patch	                        (rev 0)
+++ build.patch	2019-09-13 16:57:11 UTC (rev 510356)
@@ -0,0 +1,13 @@
+diff --git a/cmake/Modules/FindGTK3.cmake b/cmake/Modules/FindGTK3.cmake
+index ebbf0400..245fde13 100644
+--- a/cmake/Modules/FindGTK3.cmake
++++ b/cmake/Modules/FindGTK3.cmake
+@@ -388,7 +388,7 @@ endif()
+ #
+ 
+ find_package(Freetype)
+-list(APPEND GTK3_INCLUDE_DIRS ${FREETYPE_INCLUDE_DIRS})
++list(APPEND GTK3_INCLUDE_DIRS ${FREETYPE_INCLUDE_DIRS} /usr/include/harfbuzz)
+ list(APPEND GTK3_LIBRARIES ${FREETYPE_LIBRARIES})
+ 
+ foreach(_GTK3_component ${GTK3_FIND_COMPONENTS})


More information about the arch-commits mailing list