Bug#864419: unblock: ettercap (CVE)

Gianfranco Costamagna Thu, 08 Jun 2017 05:27:43 -0700

Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock


Hi Release Team

Please unblock package ettercap, we fixed CVE 2017-8366, but the asan enable 
patch is not intended for production use.
I commented out that part
http://www.openwall.com/lists/oss-security/2016/02/17/9

unblock ettercap/1:0.8.2-6

debdiff attached

thanks

G.

diff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog
--- ettercap-0.8.2/debian/changelog     2017-06-04 09:27:11.000000000 +0200
+++ ettercap-0.8.2/debian/changelog     2017-06-08 14:20:58.000000000 +0200
@@ -1,3 +1,10 @@
+ettercap (1:0.8.2-6) unstable; urgency=medium
+
+  * Tweak 803.patch, disable asan.
+    (it is not intended for production) 
+
+ -- Gianfranco Costamagna <locutusofb...@debian.org>  Thu, 08 Jun 2017 
14:20:29 +0200
+
 ettercap (1:0.8.2-5) unstable; urgency=high
 
   [ Alexander Koeppe ]
diff -Nru ettercap-0.8.2/debian/patches/803.patch 
ettercap-0.8.2/debian/patches/803.patch
--- ettercap-0.8.2/debian/patches/803.patch     2017-06-04 09:25:14.000000000 
+0200
+++ ettercap-0.8.2/debian/patches/803.patch     2017-06-08 14:21:18.000000000 
+0200
@@ -8,37 +8,37 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 Index: ettercap-0.8.2/CMakeLists.txt
-===================================================================
---- ettercap-0.8.2.orig/CMakeLists.txt
-+++ ettercap-0.8.2/CMakeLists.txt
-@@ -125,7 +125,27 @@
-   # library dir path in our RPATH.
-   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
- endif(NOT DISABLE_RPATH)
-+
-+# set general build flags for debug build-type
- set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign 
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra 
-Wredundant-decls" CACHE STRING "" FORCE)
-+# append ASAN build flags if compiler version has support
-+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (GNU compiler)")
-+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      message("Building without ASAN support (GNU compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (Clang compiler)")
-+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      message("Building without ASAN support (Clang compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+
-+# set build flags for release build-type
- set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
- 
- if(OS_DARWIN)
+#===================================================================
+#--- ettercap-0.8.2.orig/CMakeLists.txt
+#+++ ettercap-0.8.2/CMakeLists.txt
+#@@ -125,7 +125,27 @@
+# 8  # library dir path in our RPATH.
+#   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+# endif(NOT DISABLE_RPATH)
+#+
+#+# set general build flags for debug build-type
+# set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign 
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra 
-Wredundant-decls" CACHE STRING "" FORCE)
+#+# append ASAN build flags if compiler version has support
+#+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (GNU compiler)")
+#+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      message("Building without ASAN support (GNU compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (Clang compiler)")
+#+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      message("Building without ASAN support (Clang compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+
+#+# set build flags for release build-type
+# set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+# 
+# if(OS_DARWIN)
 Index: ettercap-0.8.2/include/ec_strings.h
 ===================================================================
 --- ettercap-0.8.2.orig/include/ec_strings.h

diff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog
--- ettercap-0.8.2/debian/changelog     2017-06-04 09:27:11.000000000 +0200
+++ ettercap-0.8.2/debian/changelog     2017-06-08 14:20:58.000000000 +0200
@@ -1,3 +1,10 @@
+ettercap (1:0.8.2-6) unstable; urgency=medium
+
+  * Tweak 803.patch, disable asan.
+    (it is not intended for production) 
+
+ -- Gianfranco Costamagna <locutusofb...@debian.org>  Thu, 08 Jun 2017 
14:20:29 +0200
+
 ettercap (1:0.8.2-5) unstable; urgency=high
 
   [ Alexander Koeppe ]
diff -Nru ettercap-0.8.2/debian/patches/803.patch 
ettercap-0.8.2/debian/patches/803.patch
--- ettercap-0.8.2/debian/patches/803.patch     2017-06-04 09:25:14.000000000 
+0200
+++ ettercap-0.8.2/debian/patches/803.patch     2017-06-08 14:21:18.000000000 
+0200
@@ -8,37 +8,37 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 Index: ettercap-0.8.2/CMakeLists.txt
-===================================================================
---- ettercap-0.8.2.orig/CMakeLists.txt
-+++ ettercap-0.8.2/CMakeLists.txt
-@@ -125,7 +125,27 @@
-   # library dir path in our RPATH.
-   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
- endif(NOT DISABLE_RPATH)
-+
-+# set general build flags for debug build-type
- set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign 
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra 
-Wredundant-decls" CACHE STRING "" FORCE)
-+# append ASAN build flags if compiler version has support
-+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (GNU compiler)")
-+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      message("Building without ASAN support (GNU compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (Clang compiler)")
-+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      message("Building without ASAN support (Clang compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+
-+# set build flags for release build-type
- set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
- 
- if(OS_DARWIN)
+#===================================================================
+#--- ettercap-0.8.2.orig/CMakeLists.txt
+#+++ ettercap-0.8.2/CMakeLists.txt
+#@@ -125,7 +125,27 @@
+# 8  # library dir path in our RPATH.
+#   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+# endif(NOT DISABLE_RPATH)
+#+
+#+# set general build flags for debug build-type
+# set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign 
-D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra 
-Wredundant-decls" CACHE STRING "" FORCE)
+#+# append ASAN build flags if compiler version has support
+#+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (GNU compiler)")
+#+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      message("Building without ASAN support (GNU compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address 
-fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (Clang compiler)")
+#+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      message("Building without ASAN support (Clang compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+
+#+# set build flags for release build-type
+# set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+# 
+# if(OS_DARWIN)
 Index: ettercap-0.8.2/include/ec_strings.h
 ===================================================================
 --- ettercap-0.8.2.orig/include/ec_strings.h

signature.asc
Description: OpenPGP digital signature

Bug#864419: unblock: ettercap (CVE)

Reply via email to