diff --git a/net-analyzer/ettercap/Manifest b/net-analyzer/ettercap/Manifest new file mode 100644 index 000000000..2eda4ae80 --- /dev/null +++ b/net-analyzer/ettercap/Manifest @@ -0,0 +1 @@ +DIST ettercap-0.8.2.tar.gz 8082561 BLAKE2B 851df0a8700de45ce0e3427f7fdbdcd13feb2f75c0d1136563449db634b1f02276bade0d82a1a51bf8de726d6faddf05ff537e397c2e56cfc3e3181d25566fe9 SHA512 18137b1cc518c9db3c9650157a5cbf09dbb665b79876a24875d6c5125e8923ebde543464adb61cf1d1244101242f4d66b80d94ef3b36aa265cefca7646aa6415 diff --git a/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild new file mode 100644 index 000000000..09d35c236 --- /dev/null +++ b/net-analyzer/ettercap/ettercap-0.8.2-r2.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit cmake-utils + +DESCRIPTION="A suite for man in the middle attacks" +HOMEPAGE="https://github.com/Ettercap/ettercap" +SRC_URI="https://github.com/Ettercap/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" #mirror does not work + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="gtk ipv6 ncurses +plugins" + +RDEPEND="dev-libs/libbsd + dev-libs/libpcre + dev-libs/openssl:0= + net-libs/libnet:1.1 + >=net-libs/libpcap-0.8.1 + sys-libs/zlib + gtk? ( + >=dev-libs/atk-1.2.4 + >=dev-libs/glib-2.2.2:2 + media-libs/freetype + x11-libs/cairo + x11-libs/gdk-pixbuf:2 + >=x11-libs/gtk+-2.2.2:2 + >=x11-libs/pango-1.2.3 + ) + ncurses? ( >=sys-libs/ncurses-5.3:= ) + plugins? ( >=net-misc/curl-7.26.0 )" +DEPEND="${RDEPEND} + sys-devel/flex + virtual/yacc" + +src_prepare() { + sed -i "s:Release:Release Gentoo:" CMakeLists.txt || die + epatch "${FILESDIR}"/cve-2017-6430.patch + epatch "${FILESDIR}"/740.patch + cmake-utils_src_prepare +} + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_enable ncurses CURSES) + $(cmake-utils_use_enable gtk) + $(cmake-utils_use_enable plugins) + $(cmake-utils_use_enable ipv6) + -DBUNDLED_LIBS=OFF + -DSYSTEM_LIBS=ON + -DINSTALL_SYSCONFDIR="${EROOT}"etc + ) + #right now we only support gtk2, but ettercap also supports gtk3 + #do we care? do we want to support both? + + #we want to enable testing but it fails right now + #we want to disable the bundled crap, but we are missing at least "libcheck" + #if we want to enable tests, we need to fix it, and either package libcheck or allow bundled version + #$(cmake-utils_use_enable test TESTS) + cmake-utils_src_configure +} diff --git a/net-analyzer/ettercap/files/740.patch b/net-analyzer/ettercap/files/740.patch new file mode 100644 index 000000000..b7703d3ef --- /dev/null +++ b/net-analyzer/ettercap/files/740.patch @@ -0,0 +1,254 @@ +From f0d63b27c82df2ad5f7ada6310727d841b43fbcc Mon Sep 17 00:00:00 2001 +From: Gianfranco Costamagna +Date: Mon, 27 Jun 2016 12:41:33 +0200 +Subject: [PATCH 1/2] First draft of openssl 1.1 compatibility layer (from + https://github.com/curl/curl/commit/cfe16c22d7891a1f65ea8cd4c5352504a2afbddc) + Closes: #739 + +--- + src/dissectors/ec_ssh.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++- + src/ec_sslwrap.c | 14 ++++++++ + 2 files changed, 106 insertions(+), 1 deletion(-) + +Index: ettercap-0.8.2/src/dissectors/ec_ssh.c +=================================================================== +--- ettercap-0.8.2.orig/src/dissectors/ec_ssh.c ++++ ettercap-0.8.2/src/dissectors/ec_ssh.c +@@ -36,6 +36,10 @@ + #include + #include + ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ ++#endif ++ + #define SMSG_PUBLIC_KEY 2 + #define CMSG_SESSION_KEY 3 + #define CMSG_USER 4 +@@ -138,6 +142,11 @@ + char tmp[MAX_ASCII_ADDR_LEN]; + u_int32 ssh_len, ssh_mod; + u_char ssh_packet_type, *ptr, *key_to_put; ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ BIGNUM *h_n, *s_n, *m_h_n, *m_s_n; ++ BIGNUM *h_e, *s_e, *m_h_e, *m_s_e; ++ BIGNUM *h_d, *s_d, *m_h_d, *m_s_d; ++#endif + + /* don't complain about unused var */ + (void) DECODE_DATA; +@@ -383,12 +392,25 @@ + if (session_data->ptrkey == NULL) { + /* Initialize RSA key structures (other fileds are set to 0) */ + session_data->serverkey = RSA_new(); ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ s_n = BN_new(); ++ s_e = BN_new(); ++ RSA_set0_key(session_data->serverkey, s_n, s_e, s_d); ++#else + session_data->serverkey->n = BN_new(); + session_data->serverkey->e = BN_new(); ++#endif + + session_data->hostkey = RSA_new(); ++ ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ h_n = BN_new(); ++ h_e = BN_new(); ++ RSA_set0_key(session_data->hostkey, h_n, h_e, h_d); ++#else + session_data->hostkey->n = BN_new(); + session_data->hostkey->e = BN_new(); ++#endif + + /* Get the RSA Key from the packet */ + NS_GET32(server_mod,ptr); +@@ -396,19 +418,37 @@ + DEBUG_MSG("Dissector_ssh Bougs Server_Mod"); + return NULL; + } ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ RSA_get0_key(session_data->serverkey, &s_n, &s_e, &s_d); ++ get_bn(s_e, &ptr); ++ get_bn(s_n, &ptr); ++#else + get_bn(session_data->serverkey->e, &ptr); + get_bn(session_data->serverkey->n, &ptr); ++#endif + + NS_GET32(host_mod,ptr); + if (ptr + (host_mod/8) > PACKET->DATA.data + PACKET->DATA.len) { + DEBUG_MSG("Dissector_ssh Bougs Host_Mod"); + return NULL; + } ++ ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ RSA_get0_key(session_data->hostkey, &h_n, &h_e, &h_d); ++ get_bn(h_e, &ptr); ++ get_bn(h_n, &ptr); ++#else + get_bn(session_data->hostkey->e, &ptr); + get_bn(session_data->hostkey->n, &ptr); ++#endif + ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ server_exp = BN_get_word(s_e); ++ host_exp = BN_get_word(h_e); ++#else + server_exp = *(session_data->serverkey->e->d); + host_exp = *(session_data->hostkey->e->d); ++#endif + + /* Check if we already have a suitable RSA key to substitute */ + index_ssl = &ssh_conn_key; +@@ -424,7 +464,7 @@ + SAFE_CALLOC(*index_ssl, 1, sizeof(ssh_my_key)); + + /* Generate the new key */ +- (*index_ssl)->myserverkey = (RSA *)RSA_generate_key(server_mod, server_exp, NULL, NULL); ++ (*index_ssl)->myserverkey = (RSA *)RSA_generate_key_ex(server_mod, server_exp, NULL, NULL); + (*index_ssl)->myhostkey = (RSA *)RSA_generate_key(host_mod, host_exp, NULL, NULL); + (*index_ssl)->server_mod = server_mod; + (*index_ssl)->host_mod = host_mod; +@@ -443,11 +483,25 @@ + + /* Put our RSA key in the packet */ + key_to_put+=4; ++ ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ RSA_get0_key(session_data->ptrkey->myserverkey, &m_s_n, &m_s_e, &m_s_d); ++ put_bn(m_s_e, &key_to_put); ++ put_bn(m_s_n, &key_to_put); ++#else + put_bn(session_data->ptrkey->myserverkey->e, &key_to_put); + put_bn(session_data->ptrkey->myserverkey->n, &key_to_put); ++#endif + key_to_put+=4; ++ ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ RSA_get0_key(session_data->ptrkey->myhostkey, &m_h_n, &m_h_e, &m_h_d); ++ put_bn(m_h_e, &key_to_put); ++ put_bn(m_h_n, &key_to_put); ++#else + put_bn(session_data->ptrkey->myhostkey->e, &key_to_put); + put_bn(session_data->ptrkey->myhostkey->n, &key_to_put); ++#endif + + /* Recalculate SSH crc */ + *(u_int32 *)(PACKET->DATA.data + PACKET->DATA.len - 4) = htonl(CRC_checksum(PACKET->DATA.data+4, PACKET->DATA.len-8, CRC_INIT_ZERO)); +@@ -482,19 +536,34 @@ + key_to_put = ptr; + + /* Calculate real session id and our fake session id */ ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ temp_session_id = ssh_session_id(cookie, h_n, s_n); ++#else + temp_session_id = ssh_session_id(cookie, session_data->hostkey->n, session_data->serverkey->n); ++#endif + if (temp_session_id) + memcpy(session_id1, temp_session_id, 16); ++ ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ temp_session_id=ssh_session_id(cookie, m_h_n, m_s_n); ++#else + temp_session_id=ssh_session_id(cookie, session_data->ptrkey->myhostkey->n, session_data->ptrkey->myserverkey->n); ++#endif ++ + if (temp_session_id) + memcpy(session_id2, temp_session_id, 16); + + /* Get the session key */ + enckey = BN_new(); ++ + get_bn(enckey, &ptr); + + /* Decrypt session key */ ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ if (BN_cmp(m_s_n, m_h_n) > 0) { ++#else + if (BN_cmp(session_data->ptrkey->myserverkey->n, session_data->ptrkey->myhostkey->n) > 0) { ++#endif + rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myserverkey); + rsa_private_decrypt(enckey, enckey, session_data->ptrkey->myhostkey); + } else { +@@ -534,7 +603,11 @@ + BN_add_word(bn, sesskey[i]); + } + ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ if (BN_cmp(s_n, h_n) < 0) { ++#else + if (BN_cmp(session_data->serverkey->n, session_data->hostkey->n) < 0) { ++#endif + rsa_public_encrypt(bn, bn, session_data->serverkey); + rsa_public_encrypt(bn, bn, session_data->hostkey); + } else { +@@ -716,7 +789,16 @@ + u_char *inbuf, *outbuf; + int32 len, ilen, olen; + ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ BIGNUM *n; ++ BIGNUM *e; ++ BIGNUM *d; ++ RSA_get0_key(key, &n, &e, &d); ++ olen = BN_num_bytes(n); ++#else + olen = BN_num_bytes(key->n); ++#endif ++ + outbuf = malloc(olen); + if (outbuf == NULL) /* oops, couldn't allocate memory */ + return; +@@ -744,7 +826,16 @@ + u_char *inbuf, *outbuf; + int32 len, ilen, olen; + ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ BIGNUM *n; ++ BIGNUM *e; ++ BIGNUM *d; ++ RSA_get0_key(key, &n, &e, &d); ++ olen = BN_num_bytes(n); ++#else + olen = BN_num_bytes(key->n); ++#endif ++ + outbuf = malloc(olen); + if (outbuf == NULL) /* oops, couldn't allocate memory */ + return; +Index: ettercap-0.8.2/src/ec_sslwrap.c +=================================================================== +--- ettercap-0.8.2.orig/src/ec_sslwrap.c ++++ ettercap-0.8.2/src/ec_sslwrap.c +@@ -53,6 +53,10 @@ + #define OPENSSL_NO_KRB5 1 + #include + ++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) ++#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ ++#endif ++ + #define BREAK_ON_ERROR(x,y,z) do { \ + if (x == -E_INVALID) { \ + SAFE_FREE(z.DATA.disp_data); \ +@@ -974,9 +978,19 @@ + index = X509_get_ext_by_NID(server_cert, NID_authority_key_identifier, -1); + if (index >=0) { + ext = X509_get_ext(server_cert, index); ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ ASN1_OCTET_STRING* os; ++ os = X509_EXTENSION_get_data (ext); ++#endif + if (ext) { ++#ifdef HAVE_OPAQUE_RSA_DSA_DH ++ os->data[7] = 0xe7; ++ os->data[8] = 0x7e; ++ X509_EXTENSION_set_data (ext, os); ++#else + ext->value->data[7] = 0xe7; + ext->value->data[8] = 0x7e; ++#endif + X509_add_ext(out_cert, ext, -1); + } + } diff --git a/net-analyzer/ettercap/files/cve-2017-6430.patch b/net-analyzer/ettercap/files/cve-2017-6430.patch new file mode 100644 index 000000000..67483dcc0 --- /dev/null +++ b/net-analyzer/ettercap/files/cve-2017-6430.patch @@ -0,0 +1,68 @@ +From 4ad7f85dc01202e363659aa473c99470b3f4e1f4 Mon Sep 17 00:00:00 2001 +From: Gianfranco Costamagna +Date: Tue, 7 Mar 2017 22:05:31 +0100 +Subject: [PATCH] Fix issue #782 + +--- + utils/etterfilter/ef_compiler.c | 4 +++- + utils/etterfilter/ef_main.c | 10 +++++++--- + utils/etterfilter/ef_output.c | 3 +++ + 3 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/utils/etterfilter/ef_compiler.c b/utils/etterfilter/ef_compiler.c +index db876636e..ddb73bd30 100644 +--- a/utils/etterfilter/ef_compiler.c ++++ b/utils/etterfilter/ef_compiler.c +@@ -239,7 +239,9 @@ size_t compile_tree(struct filter_op **fop) + struct filter_op *array = NULL; + struct unfold_elm *ue; + +- BUG_IF(tree_root == NULL); ++ // invalid file ++ if (tree_root == NULL) ++ return 0; + + fprintf(stdout, " Unfolding the meta-tree "); + fflush(stdout); +diff --git a/utils/etterfilter/ef_main.c b/utils/etterfilter/ef_main.c +index ae4591344..431084b91 100644 +--- a/utils/etterfilter/ef_main.c ++++ b/utils/etterfilter/ef_main.c +@@ -39,7 +39,7 @@ struct globals *gbls; + + int main(int argc, char *argv[]) + { +- ++ int ret_value = 0; + globals_alloc(); + /* etterfilter copyright */ + fprintf(stdout, "\n" EC_COLOR_BOLD "%s %s" EC_COLOR_END " copyright %s %s\n\n", +@@ -84,8 +84,12 @@ int main(int argc, char *argv[]) + fprintf(stdout, "\n\nThe script contains errors...\n\n"); + + /* write to file */ +- if (write_output() != E_SUCCESS) +- FATAL_ERROR("Cannot write output file (%s)", GBL_OPTIONS->output_file); ++ ret_value = write_output(); ++ if (ret_value == -E_NOTHANDLED) ++ FATAL_ERROR("Cannot write output file (%s): the filter is not correctly handled.", GBL_OPTIONS->output_file); ++ else if (ret_value == -E_INVALID) ++ FATAL_ERROR("Cannot write output file (%s): the filter format is not correct. ", GBL_OPTIONS->output_file); ++ + globals_free(); + return 0; + } +diff --git a/utils/etterfilter/ef_output.c b/utils/etterfilter/ef_output.c +index 5ae591904..fcf19f010 100644 +--- a/utils/etterfilter/ef_output.c ++++ b/utils/etterfilter/ef_output.c +@@ -51,6 +51,9 @@ int write_output(void) + if (fop == NULL) + return -E_NOTHANDLED; + ++ if (ninst == 0) ++ return -E_INVALID; ++ + /* create the file */ + fd = open(GBL_OPTIONS->output_file, O_CREAT | O_RDWR | O_TRUNC | O_BINARY, 0644); + ON_ERROR(fd, -1, "Can't create file %s", GBL_OPTIONS->output_file);