Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: important
unblock macchanger/1.7.0-3
All code in 1.7.0-3 was already included in Jessie in 1.7.0-1.1 and 1.7.0-2.
The NMU 1.7.0-1.1 fixed some crucial security/functionality issues (#738460
and #740947). Later, I made 1.7.0-2 directly from the package's git repo, but
the NMU changes were not committed to git, so it was not included. I then
included the 1.7.0-1.1 NMU code into the package's git, and made 1.7.0-3 and
uploaded it.
Here are the relevant changelog entries:
macchanger (1.7.0-3) unstable; urgency=low
* update debian/watch to point to new github repository
* include code from 1.7.0-1.1 NMU (Closes: #738460, #740947)
-- Hans-Christoph Steiner <hans@eds.org> Fri, 07 Nov 2014 12:56:56 +0100
macchanger (1.7.0-2) unstable; urgency=low
* automatically run macchanger, with option to disable
* automatically rotate the macchanger log
* add myself as Maintainer
* remove hard-coded LDFLAGS, let dh set them (Closes: #754391)
-- Hans-Christoph Steiner <hans@eds.org> Tue, 21 Oct 2014 16:01:55 -0400
macchanger (1.7.0-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix a grave security bug -- the macchanger program was fundamentally
not working correctly due to a bug in the debian local patch
08-fix_random_MAC_choice.patch. In fact, it was **breaking** the
random MAC choice!?! (Closes: #738460, #740947)
-- Theodore Y. Ts'o <tytso@mit.edu> Sun, 06 Jul 2014 20:32:38 -0400
$ debdiff macchanger_1.7.0-2.dsc macchanger_1.7.0-3.dsc
diff -Nru macchanger-1.7.0/debian/changelog macchanger-1.7.0/debian/changelog
--- macchanger-1.7.0/debian/changelog 2014-10-21 22:02:41.000000000 +0200
+++ macchanger-1.7.0/debian/changelog 2014-11-07 13:03:50.000000000 +0100
@@ -1,3 +1,10 @@
+macchanger (1.7.0-3) unstable; urgency=low
+
+ * update debian/watch to point to new github repository
+ * include code from 1.7.0-1.1 NMU (Closes: #738460, #740947)
+
+ -- Hans-Christoph Steiner <hans@eds.org> Fri, 07 Nov 2014 12:56:56 +0100
+
macchanger (1.7.0-2) unstable; urgency=low
* automatically run macchanger, with option to disable
@@ -7,6 +14,16 @@
-- Hans-Christoph Steiner <hans@eds.org> Tue, 21 Oct 2014 16:01:55 -0400
+macchanger (1.7.0-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix a grave security bug -- the macchanger program was fundamentally
+ not working correctly due to a bug in the debian local patch
+ 08-fix_random_MAC_choice.patch. In fact, it was **breaking** the
+ random MAC choice!?! (Closes: #738460, #740947)
+
+ -- Theodore Y. Ts'o <tytso@mit.edu> Sun, 06 Jul 2014 20:32:38 -0400
+
macchanger (1.7.0-1) unstable; urgency=medium
* New upstream release (Closes: #718849)
diff -Nru macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch
macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch
--- macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch 2014-03-18
15:59:20.000000000 +0100
+++ macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch 2014-10-22
18:23:41.000000000 +0200
@@ -12,6 +12,8 @@
src/main.c | 1 +
2 files changed, 34 insertions(+), 19 deletions(-)
+Index: macchanger/src/mac.c
+===================================================================
--- macchanger.orig/src/mac.c
+++ macchanger/src/mac.c
@@ -41,6 +41,13 @@ mc_mac_dup (const mac_t *mac)
@@ -28,7 +30,7 @@
void
mc_mac_free (mac_t *mac)
-@@ -68,27 +75,34 @@ mc_mac_random (mac_t *mac, unsigned char
+@@ -68,27 +75,32 @@ mc_mac_random (mac_t *mac, unsigned char
* x1:, x3:, x5:, x7:, x9:, xB:, xD: and xF:
*/
@@ -36,9 +38,25 @@
- case 6:
- /* 8th bit: Unicast / Multicast address
- * 7th bit: BIA (burned-in-address) / locally-administered
-+ mac_t newmac;
-+ mc_mac_copy(mac, &newmac);
-+
+- */
+- mac->byte[0] = (random()%255) & 0xFC;
+- mac->byte[1] = random()%255;
+- mac->byte[2] = random()%255;
+- case 3:
+- mac->byte[3] = random()%255;
+- mac->byte[4] = random()%255;
+- mac->byte[5] = random()%255;
+- }
++ mac_t origmac;
++ mc_mac_copy(mac, &origmac);
+
+- /* Handle the burned-in-address bit
+- */
+- if (set_bia) {
+- mac->byte[0] &= ~2;
+- } else {
+- mac->byte[0] |= 2;
+- }
+ do {
+ switch (last_n_bytes) {
+ case 6:
@@ -55,33 +73,18 @@
+ }
+
+ /* Handle the burned-in-address bit
- */
-- mac->byte[0] = (random()%255) & 0xFC;
-- mac->byte[1] = random()%255;
-- mac->byte[2] = random()%255;
-- case 3:
-- mac->byte[3] = random()%255;
-- mac->byte[4] = random()%255;
-- mac->byte[5] = random()%255;
-- }
++ */
+ if (set_bia) {
+ mac->byte[0] &= ~2;
+ } else {
+ mac->byte[0] |= 2;
+ }
-+ } while (mc_mac_equal (&newmac, mac));
-
-- /* Handle the burned-in-address bit
-- */
-- if (set_bia) {
-- mac->byte[0] &= ~2;
-- } else {
-- mac->byte[0] |= 2;
-- }
-+ mc_mac_copy(&newmac, mac);
++ } while (mc_mac_equal (&origmac, mac));
}
+Index: macchanger/src/main.c
+===================================================================
--- macchanger.orig/src/main.c
+++ macchanger/src/main.c
@@ -274,6 +274,7 @@ main (int argc, char *argv[])
diff -Nru macchanger-1.7.0/debian/watch macchanger-1.7.0/debian/watch
--- macchanger-1.7.0/debian/watch 2014-03-18 15:59:20.000000000 +0100
+++ macchanger-1.7.0/debian/watch 2014-10-22 18:31:38.000000000 +0200
@@ -1,2 +1,4 @@
+# Run the "uscan" command to check for upstream updates and more.
version=3
-ftp://ftp.gnu.org/gnu/macchanger/macchanger-(\d+.*)\.tar\.gz
+opts=uversionmangle=s/(\d)(alpha|beta|rc)/$1~$2/,dversionmangle=s/~dfsg\d*// \
+ https://github.com/alobbs/macchanger/tags .*/archive/v?(\d[\d\.]+).tar.gz
.hc
Attachment:
signature.asc
Description: OpenPGP digital signature