Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: important unblock macchanger/1.7.0-3 All code in 1.7.0-3 was already included in Jessie in 1.7.0-1.1 and 1.7.0-2. The NMU 1.7.0-1.1 fixed some crucial security/functionality issues (#738460 and #740947). Later, I made 1.7.0-2 directly from the package's git repo, but the NMU changes were not committed to git, so it was not included. I then included the 1.7.0-1.1 NMU code into the package's git, and made 1.7.0-3 and uploaded it. Here are the relevant changelog entries: macchanger (1.7.0-3) unstable; urgency=low * update debian/watch to point to new github repository * include code from 1.7.0-1.1 NMU (Closes: #738460, #740947) -- Hans-Christoph Steiner <hans@eds.org> Fri, 07 Nov 2014 12:56:56 +0100 macchanger (1.7.0-2) unstable; urgency=low * automatically run macchanger, with option to disable * automatically rotate the macchanger log * add myself as Maintainer * remove hard-coded LDFLAGS, let dh set them (Closes: #754391) -- Hans-Christoph Steiner <hans@eds.org> Tue, 21 Oct 2014 16:01:55 -0400 macchanger (1.7.0-1.1) unstable; urgency=medium * Non-maintainer upload. * Fix a grave security bug -- the macchanger program was fundamentally not working correctly due to a bug in the debian local patch 08-fix_random_MAC_choice.patch. In fact, it was **breaking** the random MAC choice!?! (Closes: #738460, #740947) -- Theodore Y. Ts'o <tytso@mit.edu> Sun, 06 Jul 2014 20:32:38 -0400 $ debdiff macchanger_1.7.0-2.dsc macchanger_1.7.0-3.dsc diff -Nru macchanger-1.7.0/debian/changelog macchanger-1.7.0/debian/changelog --- macchanger-1.7.0/debian/changelog 2014-10-21 22:02:41.000000000 +0200 +++ macchanger-1.7.0/debian/changelog 2014-11-07 13:03:50.000000000 +0100 @@ -1,3 +1,10 @@ +macchanger (1.7.0-3) unstable; urgency=low + + * update debian/watch to point to new github repository + * include code from 1.7.0-1.1 NMU (Closes: #738460, #740947) + + -- Hans-Christoph Steiner <hans@eds.org> Fri, 07 Nov 2014 12:56:56 +0100 + macchanger (1.7.0-2) unstable; urgency=low * automatically run macchanger, with option to disable @@ -7,6 +14,16 @@ -- Hans-Christoph Steiner <hans@eds.org> Tue, 21 Oct 2014 16:01:55 -0400 +macchanger (1.7.0-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix a grave security bug -- the macchanger program was fundamentally + not working correctly due to a bug in the debian local patch + 08-fix_random_MAC_choice.patch. In fact, it was **breaking** the + random MAC choice!?! (Closes: #738460, #740947) + + -- Theodore Y. Ts'o <tytso@mit.edu> Sun, 06 Jul 2014 20:32:38 -0400 + macchanger (1.7.0-1) unstable; urgency=medium * New upstream release (Closes: #718849) diff -Nru macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch --- macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch 2014-03-18 15:59:20.000000000 +0100 +++ macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch 2014-10-22 18:23:41.000000000 +0200 @@ -12,6 +12,8 @@ src/main.c | 1 + 2 files changed, 34 insertions(+), 19 deletions(-) +Index: macchanger/src/mac.c +=================================================================== --- macchanger.orig/src/mac.c +++ macchanger/src/mac.c @@ -41,6 +41,13 @@ mc_mac_dup (const mac_t *mac) @@ -28,7 +30,7 @@ void mc_mac_free (mac_t *mac) -@@ -68,27 +75,34 @@ mc_mac_random (mac_t *mac, unsigned char +@@ -68,27 +75,32 @@ mc_mac_random (mac_t *mac, unsigned char * x1:, x3:, x5:, x7:, x9:, xB:, xD: and xF: */ @@ -36,9 +38,25 @@ - case 6: - /* 8th bit: Unicast / Multicast address - * 7th bit: BIA (burned-in-address) / locally-administered -+ mac_t newmac; -+ mc_mac_copy(mac, &newmac); -+ +- */ +- mac->byte[0] = (random()%255) & 0xFC; +- mac->byte[1] = random()%255; +- mac->byte[2] = random()%255; +- case 3: +- mac->byte[3] = random()%255; +- mac->byte[4] = random()%255; +- mac->byte[5] = random()%255; +- } ++ mac_t origmac; ++ mc_mac_copy(mac, &origmac); + +- /* Handle the burned-in-address bit +- */ +- if (set_bia) { +- mac->byte[0] &= ~2; +- } else { +- mac->byte[0] |= 2; +- } + do { + switch (last_n_bytes) { + case 6: @@ -55,33 +73,18 @@ + } + + /* Handle the burned-in-address bit - */ -- mac->byte[0] = (random()%255) & 0xFC; -- mac->byte[1] = random()%255; -- mac->byte[2] = random()%255; -- case 3: -- mac->byte[3] = random()%255; -- mac->byte[4] = random()%255; -- mac->byte[5] = random()%255; -- } ++ */ + if (set_bia) { + mac->byte[0] &= ~2; + } else { + mac->byte[0] |= 2; + } -+ } while (mc_mac_equal (&newmac, mac)); - -- /* Handle the burned-in-address bit -- */ -- if (set_bia) { -- mac->byte[0] &= ~2; -- } else { -- mac->byte[0] |= 2; -- } -+ mc_mac_copy(&newmac, mac); ++ } while (mc_mac_equal (&origmac, mac)); } +Index: macchanger/src/main.c +=================================================================== --- macchanger.orig/src/main.c +++ macchanger/src/main.c @@ -274,6 +274,7 @@ main (int argc, char *argv[]) diff -Nru macchanger-1.7.0/debian/watch macchanger-1.7.0/debian/watch --- macchanger-1.7.0/debian/watch 2014-03-18 15:59:20.000000000 +0100 +++ macchanger-1.7.0/debian/watch 2014-10-22 18:31:38.000000000 +0200 @@ -1,2 +1,4 @@ +# Run the "uscan" command to check for upstream updates and more. version=3 -ftp://ftp.gnu.org/gnu/macchanger/macchanger-(\d+.*)\.tar\.gz +opts=uversionmangle=s/(\d)(alpha|beta|rc)/$1~$2/,dversionmangle=s/~dfsg\d*// \ + https://github.com/alobbs/macchanger/tags .*/archive/v?(\d[\d\.]+).tar.gz .hc
Attachment:
signature.asc
Description: OpenPGP digital signature