[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#857577: marked as done (unblock: dsniff/2.4b1+debian-24)



Your message dated Mon, 13 Mar 2017 19:35:00 +0000
with message-id <539dec82-2ce0-45a6-8e8e-453028dc9b45@thykier.net>
and subject line Re: Bug#857577: unblock: dsniff/2.4b1+debian-24
has caused the Debian Bug report #857577,
regarding unblock: dsniff/2.4b1+debian-24
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
857577: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857577
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package dsniff in order to fix its five grave bugs

Dear release team,

dsniff is to be removed from testing due to five grave bugs
affecting several of its tools:

#715646 [G|P|  ]  arpspoof crashes with exit status 139
#716355 [G|P|  ]  sshmitm crashes with exit status 139
#716457 [G|P|  ]  webmitm crashes with exit status 139
#716458 [G|P|  ]  webspy crashes with exit status 139
#855869 [G|P|  ]  segfaults on portmapper messages

All of them would get fixed with these patches

    + 29_libnet_name2addr4.patch
    + 30_pntohl_shift.patch  
    + 31_sysconf_clocks.patch 
    + 32_rpc_segfault.patch

They are already implemented time ago in Fedora. 

Also i would like to implement some minor changes:

 * Add -g compiler flag
	Avoid creating an empty dbgsym package.
 * Pass triplet-prefixed CC to configure.
	Closes a minor bug avoiding FTBFS in some archs.
 * Add 33_sshcrypto_DES.patch
	Replacing all des_ methods and structs with DES_ equivalents.
	Already implemented in OpenBSD
 * Polish, reorder and refresh patches.
	Just a cosmetic change.

Thanks for your time and effort to get release stretch!

You can see the full changes in the diff file attached.

Cheers, 
Marcos

unblock dsniff/2.4b1+debian-24

-- System Information:
Debian Release: 9.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru dsniff-2.4b1+debian/debian/changelog dsniff-2.4b1+debian/debian/changelog
--- dsniff-2.4b1+debian/debian/changelog	2016-12-20 22:40:25.000000000 +0100
+++ dsniff-2.4b1+debian/debian/changelog	2017-02-15 23:42:16.000000000 +0100
@@ -1,3 +1,19 @@
+dsniff (2.4b1+debian-24) UNRELEASED; urgency=medium
+
+  * Add -g compiler flag.
+  * Fix FTCBFS: Pass triplet-prefixed CC to configure.
+    Thanks to Helmut Grohne (Closes: #852360).
+  * Add four patches from Fedora:
+    (Closes: #715646, #716355, #716457, #716458)
+    + 29_libnet_name2addr4.patch
+    + 30_pntohl_shift.patch
+    + 31_sysconf_clocks.patch
+    + 32_rpc_segfault.patch (Closes: #855869)
+  * Polish, reorder and refresh patches.
+  * Add 33_sshcrypto_DES.patch
+
+ -- Marcos Fouces <mfouces@yahoo.es>  Wed, 15 Feb 2017 23:42:16 +0100
+
 dsniff (2.4b1+debian-23) unstable; urgency=medium
 
   * Assign to pkg-security team (Closes: #847505)
diff -Nru dsniff-2.4b1+debian/debian/copyright dsniff-2.4b1+debian/debian/copyright
--- dsniff-2.4b1+debian/debian/copyright	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/copyright	2017-02-15 23:42:16.000000000 +0100
@@ -7,7 +7,7 @@
 License: BSD-3-Clause
   
 Files: debian/*
-Copyright: 2016 Marcos Fouces <mfouces@yahoo.es>
+Copyright: 2016-2017 Marcos Fouces <mfouces@yahoo.es>
            2013 Andrew Shadura <andrewsh@debian.org>
            2011-2012 William Vera <billy@billy.com.mx>
            2011 Ondřej Surý <ondrej@debian.org>
diff -Nru dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch
--- dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,174 +0,0 @@
->From 8fbf0ac15e5fe2df427e3e028f9aa8d96788986a Mon Sep 17 00:00:00 2001
-From: Stefan Tomanek <stefan@pico.ruhr.de>
-Date: Sun, 6 Nov 2011 22:44:54 +0100
-Subject: [PATCH 1/3] arpspoof: add -r switch to poison both directions
-
-
-Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
----
- arpspoof.8 |    5 ++++-
- arpspoof.c |   59 +++++++++++++++++++++++++++++++++++++++++++++++------------
- 2 files changed, 51 insertions(+), 13 deletions(-)
-
-diff --git a/arpspoof.8 b/arpspoof.8
-index a05b5d3..544e06c 100644
---- a/arpspoof.8
-+++ b/arpspoof.8
-@@ -9,7 +9,7 @@ intercept packets on a switched LAN
- .na
- .nf
- .fi
--\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR
-+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
- .SH DESCRIPTION
- .ad
- .fi
-@@ -26,6 +26,9 @@ Specify the interface to use.
- .IP "\fB-t \fItarget\fR"
- Specify a particular host to ARP poison (if not specified, all hosts
- on the LAN).
-+.IP "\fB\-r\fR"
-+Poison both hosts (host and target) to capture traffic in both directions.
-+(only valid in conjuntion with \-t)
- .IP \fIhost\fR
- Specify the host you wish to intercept packets for (usually the local
- gateway).
-diff --git a/arpspoof.c b/arpspoof.c
-index 7cdbbf8..f51b699 100644
---- a/arpspoof.c
-+++ b/arpspoof.c
-@@ -7,6 +7,8 @@
-  * Copyright (c) 1999 Dug Song <dugsong@monkey.org>
-  *
-  * $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $
-+ *
-+ * Improved 2011 by Stefan Tomanek <stefa@pico.ruhr.de>
-  */
- 
- #include "config.h"
-@@ -31,12 +33,13 @@ static libnet_t *l;
- static struct ether_addr spoof_mac, target_mac;
- static in_addr_t spoof_ip, target_ip;
- static char *intf;
-+static int poison_reverse;
- 
- static void
- usage(void)
- {
- 	fprintf(stderr, "Version: " VERSION "\n"
--		"Usage: arpspoof [-i interface] [-t target] host\n");
-+		"Usage: arpspoof [-i interface] [-t target] [-r] host\n");
- 	exit(1);
- }
- 
-@@ -133,18 +136,30 @@ arp_find(in_addr_t ip, struct ether_addr *mac)
- static void
- cleanup(int sig)
- {
-+	int fw = arp_find(spoof_ip, &spoof_mac);
-+	int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
- 	int i;
--	
--	if (arp_find(spoof_ip, &spoof_mac)) {
--		for (i = 0; i < 3; i++) {
--			/* XXX - on BSD, requires ETHERSPOOF kernel. */
-+
-+	fprintf(stderr, "Cleaning up and re-arping targets...\n");
-+	for (i = 0; i < 5; i++) {
-+		/* XXX - on BSD, requires ETHERSPOOF kernel. */
-+		if (fw) {
- 			arp_send(l, ARPOP_REPLY,
- 				 (u_int8_t *)&spoof_mac, spoof_ip,
- 				 (target_ip ? (u_int8_t *)&target_mac : NULL),
- 				 target_ip);
-+			/* we have to wait a moment before sending the next packet */
-+			sleep(1);
-+		}
-+		if (bw) {
-+			arp_send(l, ARPOP_REPLY,
-+				 (u_int8_t *)&target_mac, target_ip,
-+				 (u_int8_t *)&spoof_mac,
-+				 spoof_ip);
- 			sleep(1);
- 		}
- 	}
-+
- 	exit(0);
- }
- 
-@@ -156,11 +171,12 @@ main(int argc, char *argv[])
- 	char pcap_ebuf[PCAP_ERRBUF_SIZE];
- 	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
- 	int c;
--	
-+
- 	intf = NULL;
- 	spoof_ip = target_ip = 0;
--	
--	while ((c = getopt(argc, argv, "i:t:h?V")) != -1) {
-+	poison_reverse = 0;
-+
-+	while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
- 		switch (c) {
- 		case 'i':
- 			intf = optarg;
-@@ -169,6 +185,9 @@ main(int argc, char *argv[])
- 			if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
- 				usage();
- 			break;
-+		case 'r':
-+			poison_reverse = 1;
-+			break;
- 		default:
- 			usage();
- 		}
-@@ -178,7 +197,12 @@ main(int argc, char *argv[])
- 	
- 	if (argc != 1)
- 		usage();
--	
-+
-+	if (poison_reverse && !target_ip) {
-+		errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
-+		usage();
-+	}
-+
- 	if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
- 		usage();
- 	
-@@ -191,18 +215,29 @@ main(int argc, char *argv[])
- 	if (target_ip != 0 && !arp_find(target_ip, &target_mac))
- 		errx(1, "couldn't arp for host %s",
- 		     libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
--	
-+
-+	if (poison_reverse) {
-+		if (!arp_find(spoof_ip, &spoof_mac)) {
-+			errx(1, "couldn't arp for spoof host %s",
-+			     libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
-+		}
-+	}
-+
- 	signal(SIGHUP, cleanup);
- 	signal(SIGINT, cleanup);
- 	signal(SIGTERM, cleanup);
--	
-+
- 	for (;;) {
- 		arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
- 			 (target_ip ? (u_int8_t *)&target_mac : NULL),
- 			 target_ip);
-+		if (poison_reverse) {
-+			arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
-+		}
-+
- 		sleep(2);
- 	}
- 	/* NOTREACHED */
--	
-+
- 	exit(0);
- }
--- 
-1.7.5.4
-
diff -Nru dsniff-2.4b1+debian/debian/patches/0001-rewrite-and-modernize-POP-decoder.patch dsniff-2.4b1+debian/debian/patches/0001-rewrite-and-modernize-POP-decoder.patch
--- dsniff-2.4b1+debian/debian/patches/0001-rewrite-and-modernize-POP-decoder.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/0001-rewrite-and-modernize-POP-decoder.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,135 +0,0 @@
->From b05e27ba9b0ba9ef00ad2183933652e08d8c89af Mon Sep 17 00:00:00 2001
-From: Stefan Tomanek <stefan@pico.ruhr.de>
-Date: Sat, 29 Oct 2011 20:48:55 +0200
-Subject: [PATCH] rewrite and modernize POP decoder
-
-
-Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
----
- decode_pop.c |   96 ++++++++++++++++++++++++++++++++++++++++++++++-----------
- 1 files changed, 77 insertions(+), 19 deletions(-)
-
-diff --git a/decode_pop.c b/decode_pop.c
-index 04044f5..767da41 100644
---- a/decode_pop.c
-+++ b/decode_pop.c
-@@ -6,6 +6,8 @@
-  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
-  *
-  * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
-+ *
-+ * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
-  */
- 
- #include "config.h"
-@@ -45,32 +47,88 @@ int
- decode_pop(u_char *buf, int len, u_char *obuf, int olen)
- {
- 	char *p;
-+	char *s;
-+	int n;
- 	int i, j;
-+	char *user;
-+	char *password;
-+	enum {
-+		NONE,
-+		AUTHPLAIN,
-+		AUTHLOGIN,
-+		USERPASS
-+	} mode = NONE;
-+
- 	
- 	obuf[0] = '\0';
- 	
- 	for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
--		if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
--		    strncasecmp(p, "AUTH LOGIN", 10) == 0) {
--			strlcat(obuf, p, olen);
--			strlcat(obuf, "\n", olen);
--			
--			/* Decode SASL auth. */
--			for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
--				strlcat(obuf, p, olen);
--				j = base64_pton(p, p, strlen(p));
--				p[j] = '\0';
--				strlcat(obuf, " [", olen);
--				strlcat(obuf, p, olen);
--				strlcat(obuf, "]\n", olen);
-+		if (mode == NONE) {
-+			user = NULL;
-+			password = NULL;
-+			if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
-+				mode = AUTHPLAIN;
-+				continue;
-+			}
-+			if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
-+				mode = AUTHLOGIN;
-+				continue;
-+			}
-+			if (strncasecmp(p, "USER ", 5) == 0) {
-+				mode = USERPASS;
-+				/* the traditional login cuts right to the case,
-+				 * so no continue here
-+				 */
- 			}
- 		}
--		/* Save regular POP2, POP3 auth info. */
--		else if (strncasecmp(p, "USER ", 5) == 0 ||
--			 strncasecmp(p, "PASS ", 5) == 0 ||
--			 strncasecmp(p, "HELO ", 5) == 0) {
--			strlcat(obuf, p, olen);
--			strlcat(obuf, "\n", olen);
-+		printf("(%d) %s\n", mode, p);
-+		if (mode == USERPASS) {
-+			if (strncasecmp(p, "USER ", 5) == 0) {
-+				user = &p[5];
-+			} else if (strncasecmp(p, "PASS ", 5) == 0) {
-+				password = &p[5];
-+			}
-+		}
-+
-+		if (mode == AUTHPLAIN) {
-+			j = base64_pton(p, p, strlen(p));
-+			p[j] = '\0';
-+			n = 0;
-+			s = p;
-+			/* p consists of three parts, divided by \0 */
-+			while (s <= &p[j] && n<=3) {
-+				if (n == 0) {
-+					/* we do not process this portion yet */
-+				} else if (n == 1) {
-+					user = s;
-+				} else if (n == 2) {
-+					password = s;
-+				}
-+				n++;
-+				while (*s) s++;
-+				s++;
-+			}
-+		}
-+
-+		if (mode == AUTHLOGIN) {
-+			j = base64_pton(p, p, strlen(p));
-+			p[j] = '\0';
-+			if (! user) {
-+				user = p;
-+			} else {
-+				password = p;
-+				/* got everything we need :-) */
-+			}
-+		}
-+
-+		if (user && password) {
-+			strlcat(obuf, "\nusername [", olen);
-+			strlcat(obuf, user, olen);
-+			strlcat(obuf, "] password [", olen);
-+			strlcat(obuf, password, olen);
-+			strlcat(obuf, "]\n", olen);
-+
-+			mode = NONE;
- 		}
- 	}
- 	return (strlen(obuf));
--- 
-1.7.5.4
-
diff -Nru dsniff-2.4b1+debian/debian/patches/0002-arpspoof-allow-use-of-of-multiple-targets.patch dsniff-2.4b1+debian/debian/patches/0002-arpspoof-allow-use-of-of-multiple-targets.patch
--- dsniff-2.4b1+debian/debian/patches/0002-arpspoof-allow-use-of-of-multiple-targets.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/0002-arpspoof-allow-use-of-of-multiple-targets.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,194 +0,0 @@
->From 25c761ebb1a8001d05da8b3dba36e96ac07ad586 Mon Sep 17 00:00:00 2001
-From: Stefan Tomanek <stefan@pico.ruhr.de>
-Date: Mon, 7 Nov 2011 17:40:50 +0100
-Subject: [PATCH 2/3] arpspoof: allow use of of multiple targets
-
-
-Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
----
- arpspoof.8 |    2 +-
- arpspoof.c |  102 ++++++++++++++++++++++++++++++++++++++++--------------------
- 2 files changed, 69 insertions(+), 35 deletions(-)
-
---- a/arpspoof.8	2012-03-14 13:24:27.000000000 -0600
-+++ b/arpspoof.8	2012-03-14 13:25:55.782078436 -0600
-@@ -25,7 +25,7 @@
- Specify the interface to use.
- .IP "\fB-t \fItarget\fR"
- Specify a particular host to ARP poison (if not specified, all hosts
--on the LAN).
-+on the LAN). Repeat to specify multiple hosts.
- .IP "\fB\-r\fR"
- Poison both hosts (host and target) to capture traffic in both directions.
- (only valid in conjuntion with \-t)
---- a/arpspoof.c	2012-03-14 13:24:27.626081655 -0600
-+++ b/arpspoof.c	2012-03-14 13:24:27.646081654 -0600
-@@ -29,9 +29,14 @@
- 
- extern char *ether_ntoa(struct ether_addr *);
- 
-+struct host {
-+	in_addr_t ip;
-+	struct ether_addr mac;
-+};
-+
- static libnet_t *l;
--static struct ether_addr spoof_mac, target_mac;
--static in_addr_t spoof_ip, target_ip;
-+static struct host spoof = {0};
-+static struct host *targets;
- static char *intf;
- static int poison_reverse;
- 
-@@ -133,30 +138,46 @@
- 	return (0);
- }
- 
-+static int arp_find_all() {
-+	struct host *target = targets;
-+	while(target->ip) {
-+		if (arp_find(target->ip, &target->mac)) {
-+			return 1;
-+		}
-+		target++;
-+	}
-+
-+	return 0;
-+}
-+
- static void
- cleanup(int sig)
- {
--	int fw = arp_find(spoof_ip, &spoof_mac);
--	int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
-+	int fw = arp_find(spoof.ip, &spoof.mac);
-+	int bw = poison_reverse && targets[0].ip && arp_find_all();
- 	int i;
- 
- 	fprintf(stderr, "Cleaning up and re-arping targets...\n");
- 	for (i = 0; i < 5; i++) {
--		/* XXX - on BSD, requires ETHERSPOOF kernel. */
--		if (fw) {
--			arp_send(l, ARPOP_REPLY,
--				 (u_int8_t *)&spoof_mac, spoof_ip,
--				 (target_ip ? (u_int8_t *)&target_mac : NULL),
--				 target_ip);
--			/* we have to wait a moment before sending the next packet */
--			sleep(1);
--		}
--		if (bw) {
--			arp_send(l, ARPOP_REPLY,
--				 (u_int8_t *)&target_mac, target_ip,
--				 (u_int8_t *)&spoof_mac,
--				 spoof_ip);
--			sleep(1);
-+		struct host *target = targets;
-+		while(target->ip) {
-+			/* XXX - on BSD, requires ETHERSPOOF kernel. */
-+			if (fw) {
-+				arp_send(l, ARPOP_REPLY,
-+					 (u_int8_t *)&spoof.mac, spoof.ip,
-+					 (target->ip ? (u_int8_t *)&target->mac : NULL),
-+					 target->ip);
-+				/* we have to wait a moment before sending the next packet */
-+				sleep(1);
-+			}
-+			if (bw) {
-+				arp_send(l, ARPOP_REPLY,
-+					 (u_int8_t *)&target->mac, target->ip,
-+					 (u_int8_t *)&spoof.mac,
-+					 spoof.ip);
-+				sleep(1);
-+			}
-+			target++;
- 		}
- 	}
- 
-@@ -171,10 +192,15 @@
- 	char pcap_ebuf[PCAP_ERRBUF_SIZE];
- 	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
- 	int c;
-+	int n_targets;
- 
-+	spoof.ip = 0;
- 	intf = NULL;
--	spoof_ip = target_ip = 0;
- 	poison_reverse = 0;
-+	n_targets = 0;
-+
-+	/* allocate enough memory for target list */
-+	targets = calloc( argc+1, sizeof(struct host) );
- 
- 	while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
- 		switch (c) {
-@@ -182,7 +208,7 @@
- 			intf = optarg;
- 			break;
- 		case 't':
--			if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
-+			if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
- 				usage();
- 			break;
- 		case 'r':
-@@ -198,12 +224,12 @@
- 	if (argc != 1)
- 		usage();
- 
--	if (poison_reverse && !target_ip) {
-+	if (poison_reverse && !n_targets) {
- 		errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
- 		usage();
- 	}
- 
--	if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
-+	if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
- 		usage();
- 	
- 	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
-@@ -211,15 +237,19 @@
- 	
- 	if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
- 		errx(1, "%s", libnet_ebuf);
--	
--	if (target_ip != 0 && !arp_find(target_ip, &target_mac))
--		errx(1, "couldn't arp for host %s",
--		     libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
-+
-+	struct host *target = targets;
-+	while(target->ip) {
-+		if (target->ip != 0 && !arp_find(target->ip, &target->mac))
-+			errx(1, "couldn't arp for host %s",
-+			libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
-+		target++;
-+	}
- 
- 	if (poison_reverse) {
--		if (!arp_find(spoof_ip, &spoof_mac)) {
-+		if (!arp_find(spoof.ip, &spoof.mac)) {
- 			errx(1, "couldn't arp for spoof host %s",
--			     libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
-+			     libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE));
- 		}
- 	}
- 
-@@ -228,11 +258,15 @@
- 	signal(SIGTERM, cleanup);
- 
- 	for (;;) {
--		arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
--			 (target_ip ? (u_int8_t *)&target_mac : NULL),
--			 target_ip);
--		if (poison_reverse) {
--			arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
-+		struct host *target = targets;
-+		while(target->ip) {
-+			arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
-+				(target->ip ? (u_int8_t *)&target->mac : NULL),
-+				target->ip);
-+			if (poison_reverse) {
-+				arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
-+			}
-+			target++;
- 		}
- 
- 		sleep(2);
diff -Nru dsniff-2.4b1+debian/debian/patches/0003-arpspoof-allow-selection-of-source-hw-address.patch dsniff-2.4b1+debian/debian/patches/0003-arpspoof-allow-selection-of-source-hw-address.patch
--- dsniff-2.4b1+debian/debian/patches/0003-arpspoof-allow-selection-of-source-hw-address.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/0003-arpspoof-allow-selection-of-source-hw-address.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,228 +0,0 @@
->From 21773ccf18a5fc49d35e510a8797b0a1e83858c4 Mon Sep 17 00:00:00 2001
-From: Stefan Tomanek <stefan@pico.ruhr.de>
-Date: Sun, 20 Nov 2011 21:32:53 +0100
-Subject: [PATCH 3/3] arpspoof: allow selection of source hw address
-
-In certain networks, sending with the wrong hardware source address can
-jeopardize the network connection of the host running arpspoof. This
-patch makes it possible to specify whether arpspoof should use the own
-hardware address or the one of the real host when resetting the arp
-table of the target systems; it is also possible to use both.
-
-Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
----
- arpspoof.8 |    9 +++++-
- arpspoof.c |   90 ++++++++++++++++++++++++++++++++++++++++++-----------------
- 2 files changed, 72 insertions(+), 27 deletions(-)
-
---- a/arpspoof.8	2012-03-14 13:33:30.000000000 -0600
-+++ b/arpspoof.8	2012-03-14 13:36:18.898055700 -0600
-@@ -9,7 +9,7 @@
- .na
- .nf
- .fi
--\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
-+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
- .SH DESCRIPTION
- .ad
- .fi
-@@ -23,6 +23,13 @@
- .SH OPTIONS
- .IP "\fB-i \fIinterface\fR"
- Specify the interface to use.
-+.IP "\fB-c \fIown|host|both\fR"
-+Specify which hardware address t use when restoring the arp configuration;
-+while cleaning up, packets can be send with the own address as well as with
-+the address of the host. Sending packets with a fake hw address can disrupt
-+connectivity with certain switch/ap/bridge configurations, however it works
-+more reliably than using the own address, which is the default way arpspoof
-+cleans up afterwards.
- .IP "\fB-t \fItarget\fR"
- Specify a particular host to ARP poison (if not specified, all hosts
- on the LAN). Repeat to specify multiple hosts.
---- a/arpspoof.c	2012-03-14 13:33:30.000000000 -0600
-+++ b/arpspoof.c	2012-03-14 13:34:11.134060364 -0600
-@@ -40,37 +40,36 @@
- static char *intf;
- static int poison_reverse;
- 
-+static uint8_t *my_ha = NULL;
-+static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff";
-+
-+static int cleanup_src_own = 1;
-+static int cleanup_src_host = 0;
-+
- static void
- usage(void)
- {
- 	fprintf(stderr, "Version: " VERSION "\n"
--		"Usage: arpspoof [-i interface] [-t target] [-r] host\n");
-+		"Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n");
- 	exit(1);
- }
- 
- static int
--arp_send(libnet_t *l, int op, u_int8_t *sha,
--	 in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
-+arp_send(libnet_t *l, int op,
-+	u_int8_t *sha, in_addr_t spa,
-+	u_int8_t *tha, in_addr_t tpa,
-+	u_int8_t *me)
- {
- 	int retval;
- 
--	if (sha == NULL &&
--	    (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
--		return (-1);
--	}
--	if (spa == 0) {
--		if ((spa = libnet_get_ipaddr4(l)) == -1)
--			return (-1);
--	}
--	if (tha == NULL)
--		tha = "\xff\xff\xff\xff\xff\xff";
--	
-+	if (!me) me = sha;
-+
- 	libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
- 			     tha, (u_int8_t *)&tpa, l);
--	libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
-+	libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0);
- 	
- 	fprintf(stderr, "%s ",
--		ether_ntoa((struct ether_addr *)sha));
-+		ether_ntoa((struct ether_addr *)me));
- 
- 	if (op == ARPOP_REQUEST) {
- 		fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
-@@ -129,7 +128,7 @@
- 		/* XXX - force the kernel to arp. feh. */
- 		arp_force(ip);
- #else
--		arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
-+		arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL);
- #endif
- 		sleep(1);
- 	}
-@@ -156,17 +155,23 @@
- 	int fw = arp_find(spoof.ip, &spoof.mac);
- 	int bw = poison_reverse && targets[0].ip && arp_find_all();
- 	int i;
-+	int rounds = (cleanup_src_own*5 + cleanup_src_host*5);
- 
- 	fprintf(stderr, "Cleaning up and re-arping targets...\n");
--	for (i = 0; i < 5; i++) {
-+	for (i = 0; i < rounds; i++) {
- 		struct host *target = targets;
- 		while(target->ip) {
-+			uint8_t *src_ha = NULL;
-+			if (cleanup_src_own && (i%2 || !cleanup_src_host)) {
-+				src_ha = my_ha;
-+			}
- 			/* XXX - on BSD, requires ETHERSPOOF kernel. */
- 			if (fw) {
- 				arp_send(l, ARPOP_REPLY,
- 					 (u_int8_t *)&spoof.mac, spoof.ip,
--					 (target->ip ? (u_int8_t *)&target->mac : NULL),
--					 target->ip);
-+					 (target->ip ? (u_int8_t *)&target->mac : brd_ha),
-+					 target->ip,
-+					 src_ha);
- 				/* we have to wait a moment before sending the next packet */
- 				sleep(1);
- 			}
-@@ -174,7 +179,8 @@
- 				arp_send(l, ARPOP_REPLY,
- 					 (u_int8_t *)&target->mac, target->ip,
- 					 (u_int8_t *)&spoof.mac,
--					 spoof.ip);
-+					 spoof.ip,
-+					 src_ha);
- 				sleep(1);
- 			}
- 			target++;
-@@ -193,6 +199,7 @@
- 	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
- 	int c;
- 	int n_targets;
-+	char *cleanup_src = NULL;
- 
- 	spoof.ip = 0;
- 	intf = NULL;
-@@ -202,7 +209,7 @@
- 	/* allocate enough memory for target list */
- 	targets = calloc( argc+1, sizeof(struct host) );
- 
--	while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
-+	while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
- 		switch (c) {
- 		case 'i':
- 			intf = optarg;
-@@ -214,6 +221,9 @@
- 		case 'r':
- 			poison_reverse = 1;
- 			break;
-+		case 'c':
-+			cleanup_src = optarg;
-+			break;
- 		default:
- 			usage();
- 		}
-@@ -229,6 +239,29 @@
- 		usage();
- 	}
- 
-+	if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */
-+		/* only use our own hw address when cleaning up,
-+		 * not jeopardizing any bridges on the way to our
-+		 * target
-+		 */
-+		cleanup_src_own = 1;
-+		cleanup_src_host = 0;
-+	} else if (strcmp(cleanup_src, "host")==0) {
-+		/* only use the target hw address when cleaning up;
-+		 * this can screw up some bridges and scramble access
-+		 * for our own host, however it resets the arp table
-+		 * more reliably
-+		 */
-+		cleanup_src_own = 0;
-+		cleanup_src_host = 1;
-+	} else if (strcmp(cleanup_src, "both")==0) {
-+		cleanup_src_own = 1;
-+		cleanup_src_host = 1;
-+	} else {
-+		errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
-+		usage();
-+	}
-+
- 	if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
- 		usage();
- 	
-@@ -253,6 +286,10 @@
- 		}
- 	}
- 
-+	if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
-+		errx(1, "Unable to determine own mac address");
-+	}
-+
- 	signal(SIGHUP, cleanup);
- 	signal(SIGINT, cleanup);
- 	signal(SIGTERM, cleanup);
-@@ -260,11 +297,12 @@
- 	for (;;) {
- 		struct host *target = targets;
- 		while(target->ip) {
--			arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
--				(target->ip ? (u_int8_t *)&target->mac : NULL),
--				target->ip);
-+			arp_send(l, ARPOP_REPLY, my_ha, spoof.ip,
-+				(target->ip ? (u_int8_t *)&target->mac : brd_ha),
-+				target->ip,
-+				my_ha);
- 			if (poison_reverse) {
--				arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
-+				arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha);
- 			}
- 			target++;
- 		}
diff -Nru dsniff-2.4b1+debian/debian/patches/01_time.h.patch dsniff-2.4b1+debian/debian/patches/01_time.h.patch
--- dsniff-2.4b1+debian/debian/patches/01_time.h.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/01_time.h.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,8 +1,11 @@
 Author: Steve Kemp <skx@debian.org>
 Description: Include <time.h> to fix segfault on some architectures.
-Closes #315969
---- a/msgsnarf.c	2011-06-19 17:14:25.023999385 -0500
-+++ b/msgsnarf.c	2011-06-19 17:14:56.475999377 -0500
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315969
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/msgsnarf.c
++++ b/msgsnarf.c
 @@ -23,6 +23,7 @@
  #include <nids.h>
  #include <pcap.h>
@@ -11,8 +14,8 @@
  
  #include "buf.h"
  #include "decode.h"
---- a/sshow.c	2011-06-19 17:14:24.843999385 -0500
-+++ b/sshow.c	2011-06-19 17:14:56.475999377 -0500
+--- a/sshow.c
++++ b/sshow.c
 @@ -15,6 +15,7 @@
  
  #include <sys/types.h>
diff -Nru dsniff-2.4b1+debian/debian/patches/02_mailsnarf_corrupt.patch dsniff-2.4b1+debian/debian/patches/02_mailsnarf_corrupt.patch
--- dsniff-2.4b1+debian/debian/patches/02_mailsnarf_corrupt.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/02_mailsnarf_corrupt.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,11 @@
 Author: Steve Kemp <skx@debian.org>
-Description: mailsnarf does not parse mail correctly, Closes #149330.
---- a/mailsnarf.c	2011-06-19 17:14:23.839999384 -0500
-+++ b/mailsnarf.c	2011-06-19 17:14:59.327999376 -0500
+Description: mailsnarf does not parse mail correctly.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=149330
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/mailsnarf.c
++++ b/mailsnarf.c
 @@ -178,7 +178,7 @@
  	if (smtp->state != SMTP_DATA) {
  		while ((i = buf_index(&buf, "\r\n", 2)) >= 0) {
diff -Nru dsniff-2.4b1+debian/debian/patches/03_pcap_read_dump.patch dsniff-2.4b1+debian/debian/patches/03_pcap_read_dump.patch
--- dsniff-2.4b1+debian/debian/patches/03_pcap_read_dump.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/03_pcap_read_dump.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,9 +1,12 @@
 Author: Joseph Battaglia <sephail@sephail.net> and Joshua Krage <jkrage@guisarme.us>
 Description: Allow the reading of saved PCAP capture files.
-Closes #153462
-Closes #298604
---- a/dsniff.8	2011-06-19 17:14:20.847999386 -0500
-+++ b/dsniff.8	2011-06-19 17:15:01.067999376 -0500
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=153462
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298604
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/dsniff.8
++++ b/dsniff.8
 @@ -10,7 +10,7 @@
  .nf
  .fi
@@ -23,8 +26,8 @@
  .IP "\fB-s \fIsnaplen\fR"
  Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
  rather than the default of 1024.
---- a/dsniff.c	2011-06-19 17:14:20.303999384 -0500
-+++ b/dsniff.c	2011-06-19 17:15:01.071999376 -0500
+--- a/dsniff.c
++++ b/dsniff.c
 @@ -46,8 +46,9 @@
  usage(void)
  {
@@ -83,8 +86,8 @@
  	
  	nids_run();
  	
---- a/filesnarf.8	2011-06-19 17:14:22.343999384 -0500
-+++ b/filesnarf.8	2011-06-19 17:15:01.071999376 -0500
+--- a/filesnarf.8
++++ b/filesnarf.8
 @@ -9,7 +9,7 @@
  .na
  .nf
@@ -103,8 +106,8 @@
  .IP \fB-v\fR
  "Versus" mode. Invert the sense of matching, to select non-matching
  files.
---- a/filesnarf.c	2011-06-19 17:14:22.155999384 -0500
-+++ b/filesnarf.c	2011-06-19 17:15:01.075999376 -0500
+--- a/filesnarf.c
++++ b/filesnarf.c
 @@ -51,7 +51,7 @@
  usage(void)
  {
@@ -160,8 +163,8 @@
  
  	nids_run();
  
---- a/mailsnarf.8	2011-06-19 17:14:21.099999386 -0500
-+++ b/mailsnarf.8	2011-06-19 17:15:01.079999376 -0500
+--- a/mailsnarf.8
++++ b/mailsnarf.8
 @@ -9,7 +9,7 @@
  .na
  .nf
@@ -180,8 +183,8 @@
  .IP \fB-v\fR
  "Versus" mode. Invert the sense of matching, to select non-matching
  messages.
---- a/mailsnarf.c	2011-06-19 17:14:59.327999376 -0500
-+++ b/mailsnarf.c	2011-06-19 17:15:01.083999376 -0500
+--- a/mailsnarf.c
++++ b/mailsnarf.c
 @@ -59,7 +59,7 @@
  usage(void)
  {
@@ -235,8 +238,8 @@
  	
  	nids_run();
  	
---- a/msgsnarf.8	2011-06-19 17:14:21.771999384 -0500
-+++ b/msgsnarf.8	2011-06-19 17:15:01.087999376 -0500
+--- a/msgsnarf.8
++++ b/msgsnarf.8
 @@ -9,7 +9,7 @@
  .na
  .nf
@@ -255,8 +258,8 @@
  .IP \fB-v\fR
  "Versus" mode. Invert the sense of matching, to select non-matching
  messages.
---- a/msgsnarf.c	2011-06-19 17:14:56.475999377 -0500
-+++ b/msgsnarf.c	2011-06-19 17:15:01.091999376 -0500
+--- a/msgsnarf.c
++++ b/msgsnarf.c
 @@ -45,7 +45,7 @@
  usage(void)
  {
@@ -312,8 +315,8 @@
  
  	nids_run();
  	
---- a/sshow.8	2011-06-19 17:14:18.839999384 -0500
-+++ b/sshow.8	2011-06-19 17:15:01.095999376 -0500
+--- a/sshow.8
++++ b/sshow.8
 @@ -9,7 +9,7 @@
  .na
  .nf
@@ -332,8 +335,8 @@
  .IP "\fIexpression\fR"
  Specify a tcpdump(8) filter expression to select traffic to sniff.
  .SH "SEE ALSO"
---- a/sshow.c	2011-06-19 17:14:56.475999377 -0500
-+++ b/sshow.c	2011-06-19 17:15:01.099999376 -0500
+--- a/sshow.c
++++ b/sshow.c
 @@ -82,7 +82,7 @@
  static void
  usage(void)
@@ -392,8 +395,8 @@
  
  	nids_run();
  	
---- a/urlsnarf.8	2011-06-19 17:14:19.727999384 -0500
-+++ b/urlsnarf.8	2011-06-19 17:15:01.099999376 -0500
+--- a/urlsnarf.8
++++ b/urlsnarf.8
 @@ -9,7 +9,7 @@
  .na
  .nf
@@ -413,8 +416,8 @@
  .IP \fB-v\fR
  "Versus" mode. Invert the sense of matching, to select non-matching
  URLs.
---- a/urlsnarf.c	2011-06-19 17:14:19.323999384 -0500
-+++ b/urlsnarf.c	2011-06-19 17:15:01.103999376 -0500
+--- a/urlsnarf.c
++++ b/urlsnarf.c
 @@ -41,7 +41,7 @@
  usage(void)
  {
@@ -467,8 +470,8 @@
  
  	nids_run();
  	
---- a/webspy.8	2011-06-19 17:14:18.319999386 -0500
-+++ b/webspy.8	2011-06-19 17:15:01.107999376 -0500
+--- a/webspy.8
++++ b/webspy.8
 @@ -9,7 +9,7 @@
  .na
  .nf
@@ -487,8 +490,8 @@
  .IP \fIhost\fR
  Specify the web client to spy on.
  .SH "SEE ALSO"
---- a/webspy.c	2011-06-19 17:14:21.395999384 -0500
-+++ b/webspy.c	2011-06-19 17:15:01.111999376 -0500
+--- a/webspy.c
++++ b/webspy.c
 @@ -42,7 +42,7 @@
  usage(void)
  {
diff -Nru dsniff-2.4b1+debian/debian/patches/04_multiple_intf.patch dsniff-2.4b1+debian/debian/patches/04_multiple_intf.patch
--- dsniff-2.4b1+debian/debian/patches/04_multiple_intf.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/04_multiple_intf.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,11 @@
 Author: Steve Kemp <skx@debian.org>
-Description: Work with multiple interfaces, Closes #242369.
---- a/arp.c	2011-06-19 17:14:13.607999387 -0500
-+++ b/arp.c	2011-06-19 17:15:04.587999376 -0500
+Description: Work with multiple interfaces.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=242369
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/arp.c
++++ b/arp.c
 @@ -39,7 +39,7 @@
  
  #ifdef BSD
@@ -29,8 +33,8 @@
  #endif
  	sin = (struct sockaddr_in *)&ar.arp_pa;
  	sin->sin_family = AF_INET;
---- a/arp.h	2011-06-19 17:14:13.003999387 -0500
-+++ b/arp.h	2011-06-19 17:15:04.587999376 -0500
+--- a/arp.h
++++ b/arp.h
 @@ -11,6 +11,6 @@
  #ifndef _ARP_H_
  #define _ARP_H_
@@ -39,8 +43,8 @@
 +int	arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf);
  
  #endif /* _ARP_H_ */
---- a/arpspoof.c	2011-06-19 17:14:13.311999387 -0500
-+++ b/arpspoof.c	2011-06-19 17:15:04.591999376 -0500
+--- a/arpspoof.c
++++ b/arpspoof.c
 @@ -113,7 +113,7 @@
  	int i = 0;
  
diff -Nru dsniff-2.4b1+debian/debian/patches/05_amd64_fix.patch dsniff-2.4b1+debian/debian/patches/05_amd64_fix.patch
--- dsniff-2.4b1+debian/debian/patches/05_amd64_fix.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/05_amd64_fix.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,11 @@
 Author: Steve Kemp <skx@debian.org>
-Description: Compile under AMD64, Closes #254002.
---- a/configure	2011-06-19 17:14:11.327999387 -0500
-+++ b/configure	2011-06-19 17:15:06.667999375 -0500
+Description: Compile under AMD64.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=254002
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/configure
++++ b/configure
 @@ -2667,15 +2667,62 @@
    echo "$ac_t""no" 1>&6
  fi
@@ -205,8 +209,8 @@
  # Check whether --with-openssl or --without-openssl was given.
  if test "${with_openssl+set}" = set; then
    withval="$with_openssl"
---- a/configure.in	2011-06-19 17:14:11.195999387 -0500
-+++ b/configure.in	2011-06-19 17:15:06.683999375 -0500
+--- a/configure.in
++++ b/configure.in
 @@ -57,6 +57,7 @@
  AC_CHECK_LIB(nsl, gethostbyname)
  dnl XXX - feh, everything except OpenBSD sux.
diff -Nru dsniff-2.4b1+debian/debian/patches/06_urlsnarf_zeropad.patch dsniff-2.4b1+debian/debian/patches/06_urlsnarf_zeropad.patch
--- dsniff-2.4b1+debian/debian/patches/06_urlsnarf_zeropad.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/06_urlsnarf_zeropad.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,11 @@
 Author: Steve Kemp <skx@debian.org>
-Description: urlsnarf: zero-pad date, Closes #298605.
---- a/urlsnarf.c	2011-06-19 17:15:01.103999376 -0500
-+++ b/urlsnarf.c	2011-06-19 17:15:08.631999375 -0500
+Description: urlsnarf: zero-pad date.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298605
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/urlsnarf.c
++++ b/urlsnarf.c
 @@ -68,7 +68,7 @@
  		 t->tm_hour - gmt.tm_hour);
  	tz = hours * 60 + t->tm_min - gmt.tm_min;
diff -Nru dsniff-2.4b1+debian/debian/patches/07_libnet_1.1.patch dsniff-2.4b1+debian/debian/patches/07_libnet_1.1.patch
--- dsniff-2.4b1+debian/debian/patches/07_libnet_1.1.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/07_libnet_1.1.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: Faidon Liambotis <paravoid@debian.org>
 Description: Use libnet v1.1 instead of v1.0
---- a/arpspoof.c	2011-06-19 17:15:04.591999376 -0500
-+++ b/arpspoof.c	2011-06-19 17:15:10.511999375 -0500
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/arpspoof.c
++++ b/arpspoof.c
 @@ -27,7 +27,7 @@
  
  extern char *ether_ntoa(struct ether_addr *);
@@ -154,8 +157,8 @@
  			 target_ip);
  		sleep(2);
  	}
---- a/dnsspoof.c	2011-06-19 17:14:04.651999389 -0500
-+++ b/dnsspoof.c	2011-06-19 17:15:10.515999375 -0500
+--- a/dnsspoof.c
++++ b/dnsspoof.c
 @@ -38,7 +38,7 @@
  
  pcap_t		*pcap_pd = NULL;
@@ -303,8 +306,8 @@
  	
  	signal(SIGHUP, cleanup);
  	signal(SIGINT, cleanup);
---- a/filesnarf.c	2011-06-19 17:15:01.075999376 -0500
-+++ b/filesnarf.c	2011-06-19 17:15:10.519999375 -0500
+--- a/filesnarf.c
++++ b/filesnarf.c
 @@ -134,8 +134,8 @@
  	int fd;
  
@@ -325,8 +328,8 @@
  {
  	static struct tuple4 addr;
  	struct libnet_udp_hdr *udp;
---- a/macof.c	2011-06-19 17:14:04.959999389 -0500
-+++ b/macof.c	2011-06-19 17:15:10.523999375 -0500
+--- a/macof.c
++++ b/macof.c
 @@ -48,8 +48,8 @@
  static void
  gen_mac(u_char *mac)
@@ -441,8 +444,8 @@
  	}
  	exit(0);
  }
---- a/record.c	2011-06-19 17:14:06.627999389 -0500
-+++ b/record.c	2011-06-19 17:15:10.523999375 -0500
+--- a/record.c
++++ b/record.c
 @@ -65,8 +65,8 @@
  	tm = localtime(&rec->time);
  	strftime(tstr, sizeof(tstr), "%x %X", tm);
@@ -454,8 +457,8 @@
  
  	if ((pr = getprotobynumber(rec->proto)) == NULL)
  		protop = "unknown";
---- a/sshmitm.c	2011-06-19 17:14:05.687999389 -0500
-+++ b/sshmitm.c	2011-06-19 17:15:10.527999375 -0500
+--- a/sshmitm.c
++++ b/sshmitm.c
 @@ -389,7 +389,7 @@
  	if (argc < 1)
  		usage();
@@ -465,8 +468,8 @@
  		usage();
  
  	if (argc == 2 && (rport = atoi(argv[1])) == 0)
---- a/tcpkill.c	2011-06-19 17:14:05.823999389 -0500
-+++ b/tcpkill.c	2011-06-19 17:15:10.535999375 -0500
+--- a/tcpkill.c
++++ b/tcpkill.c
 @@ -39,17 +39,18 @@
  static void
  tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
@@ -570,8 +573,8 @@
    
  	/* NOTREACHED */
  	
---- a/tcpnice.c	2011-06-19 17:14:04.547999389 -0500
-+++ b/tcpnice.c	2011-06-19 17:15:10.539999375 -0500
+--- a/tcpnice.c
++++ b/tcpnice.c
 @@ -41,107 +41,106 @@
  }
  
@@ -766,8 +769,8 @@
  	
  	/* NOTREACHED */
  	
---- a/tcp_raw.c	2011-06-19 17:14:06.375999389 -0500
-+++ b/tcp_raw.c	2011-06-19 17:15:10.543999375 -0500
+--- a/tcp_raw.c
++++ b/tcp_raw.c
 @@ -119,7 +119,7 @@
  }
  
@@ -786,8 +789,8 @@
  
  	if (cksum != tcp->th_sum)
  		return (NULL);
---- a/tcp_raw.h	2011-06-19 17:14:05.079999389 -0500
-+++ b/tcp_raw.h	2011-06-19 17:15:10.547999375 -0500
+--- a/tcp_raw.h
++++ b/tcp_raw.h
 @@ -15,7 +15,7 @@
  				   u_short sport, u_short dport,
  				   u_char *buf, int len);
@@ -797,8 +800,8 @@
  			      struct libnet_tcp_hdr *tcp, int len);
  
  void		tcp_raw_timeout(int timeout, tcp_raw_callback_t callback);
---- a/trigger.c	2011-06-19 17:14:05.483999389 -0500
-+++ b/trigger.c	2011-06-19 17:15:10.551999375 -0500
+--- a/trigger.c
++++ b/trigger.c
 @@ -276,7 +276,7 @@
  }
  	
@@ -826,8 +829,8 @@
  {
  	struct trigger *t, tr;
  	struct libnet_tcp_hdr *tcp;
---- a/trigger.h	2011-06-19 17:14:04.371999389 -0500
-+++ b/trigger.h	2011-06-19 17:15:10.555999375 -0500
+--- a/trigger.h
++++ b/trigger.h
 @@ -24,10 +24,10 @@
  int	trigger_set_tcp(int port, char *name);
  int	trigger_set_rpc(int program, char *name);
@@ -842,8 +845,8 @@
  void	trigger_tcp_raw_timeout(int signal);
  void	trigger_rpc(int program, int proto, int port);
  
---- a/urlsnarf.c	2011-06-19 17:15:08.631999375 -0500
-+++ b/urlsnarf.c	2011-06-19 17:15:10.559999375 -0500
+--- a/urlsnarf.c
++++ b/urlsnarf.c
 @@ -145,14 +145,14 @@
  		if (user == NULL)
  			user = "-";
@@ -861,8 +864,8 @@
  		       user, timestamp(), req, vhost, uri, referer, agent);
  	}
  	fflush(stdout);
---- a/webmitm.c	2011-06-19 17:14:07.231999387 -0500
-+++ b/webmitm.c	2011-06-19 17:15:10.559999375 -0500
+--- a/webmitm.c
++++ b/webmitm.c
 @@ -242,7 +242,7 @@
  			word = buf_tok(&msg, "/", 1);
  			vhost = buf_strdup(word);
@@ -881,8 +884,8 @@
  			usage();
  	}
  	else if (argc != 0) usage();
---- a/webspy.c	2011-06-19 17:15:01.111999376 -0500
-+++ b/webspy.c	2011-06-19 17:15:10.563999375 -0500
+--- a/webspy.c
++++ b/webspy.c
 @@ -126,7 +126,7 @@
  		if (auth == NULL)
  			auth = "";
diff -Nru dsniff-2.4b1+debian/debian/patches/08_checksum.patch dsniff-2.4b1+debian/debian/patches/08_checksum.patch
--- dsniff-2.4b1+debian/debian/patches/08_checksum.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/08_checksum.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,25 +0,0 @@
-Author: Piotr Engelking <inkerman42@gmail.com>
-Description: Disable the filtering packets with incorrect checksum (Closes: #372536).
---- a/urlsnarf.c	2011-06-19 17:15:10.559999375 -0500
-+++ b/urlsnarf.c	2011-06-19 17:15:18.023999373 -0500
-@@ -200,6 +200,7 @@
- 	extern char *optarg;
- 	extern int optind;
- 	int c;
-+	struct nids_chksum_ctl chksum_ctl;
- 	
- 	while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
- 		switch (c) {
-@@ -260,6 +261,12 @@
-                 }
-         }
- 
-+        chksum_ctl.netaddr = 0;
-+        chksum_ctl.mask = 0;
-+        chksum_ctl.action = NIDS_DONT_CHKSUM;
-+
-+        nids_register_chksum_ctl(&chksum_ctl, 1);
-+
- 	nids_run();
- 	
- 	/* NOTREACHED */
diff -Nru dsniff-2.4b1+debian/debian/patches/08_openssl-0.9.8.patch dsniff-2.4b1+debian/debian/patches/08_openssl-0.9.8.patch
--- dsniff-2.4b1+debian/debian/patches/08_openssl-0.9.8.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/08_openssl-0.9.8.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: <kees@ubuntu.com>
 Description: Fix FTBFS with openssl.
---- a/ssh.c	2011-06-19 17:14:01.359999389 -0500
-+++ b/ssh.c	2011-06-19 17:15:14.343999374 -0500
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/ssh.c
++++ b/ssh.c
 @@ -16,6 +16,7 @@
  #include <openssl/ssl.h>
  #include <openssl/err.h>
diff -Nru dsniff-2.4b1+debian/debian/patches/09_sshcrypto.patch dsniff-2.4b1+debian/debian/patches/09_sshcrypto.patch
--- dsniff-2.4b1+debian/debian/patches/09_sshcrypto.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/09_sshcrypto.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,14 +0,0 @@
-Author: Steve Kemp <skx@debian.org>
-Description: Missing openssl  includes in sshcrypto.c. 
-This patch was through diff.gz and now is implemented as a dpatch.
---- a/sshcrypto.c	2011-06-19 17:13:57.971999389 -0500
-+++ b/sshcrypto.c	2011-06-19 17:15:19.847999373 -0500
-@@ -14,6 +14,8 @@
- 
- #include <sys/types.h>
- #include <openssl/ssl.h>
-+#include <openssl/blowfish.h>
-+#include <openssl/des.h>
- 
- #include <err.h>
- #include <stdio.h>
diff -Nru dsniff-2.4b1+debian/debian/patches/09_sysconf_clocks.patch dsniff-2.4b1+debian/debian/patches/09_sysconf_clocks.patch
--- dsniff-2.4b1+debian/debian/patches/09_sysconf_clocks.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/09_sysconf_clocks.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: <kees@ubuntu.com>
 Description: Fix FTBFS: ./sshow.c:226: error: 'CLK_TCK' undeclared.
---- a/sshow.c	2011-06-19 17:15:01.099999376 -0500
-+++ b/sshow.c	2011-06-19 17:15:16.175999374 -0500
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/sshow.c
++++ b/sshow.c
 @@ -217,6 +217,7 @@
  {
  	clock_t delay;
diff -Nru dsniff-2.4b1+debian/debian/patches/10_urlsnarf_escape.patch dsniff-2.4b1+debian/debian/patches/10_urlsnarf_escape.patch
--- dsniff-2.4b1+debian/debian/patches/10_urlsnarf_escape.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/10_urlsnarf_escape.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,11 @@
 Author: Hilko Bengen <bengen@debian.org>
-Description: Escape user, vhost, uri, referer, agent strings in log (Closes: #372536).
---- a/urlsnarf.c	2011-06-19 17:15:18.023999373 -0500
-+++ b/urlsnarf.c	2011-06-19 17:15:21.627999373 -0500
+Description: Escape user, vhost, uri, referer, agent strings in log.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/urlsnarf.c
++++ b/urlsnarf.c
 @@ -84,6 +84,43 @@
  	return (tstr);
  }
diff -Nru dsniff-2.4b1+debian/debian/patches/11_string_header.patch dsniff-2.4b1+debian/debian/patches/11_string_header.patch
--- dsniff-2.4b1+debian/debian/patches/11_string_header.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/11_string_header.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: Luciano Bello <luciano@linux.org.ar>
-Description: Aviod the "implicit declaration of function 'str*'" warning
---- a/arp.c	2011-06-19 17:15:04.587999376 -0500
-+++ b/arp.c	2011-06-19 17:15:23.487999372 -0500
+Description: Avoid the "implicit declaration of function 'str*'" warning
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/arp.c
++++ b/arp.c
 @@ -34,6 +34,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -10,8 +13,8 @@
  
  #include "arp.h"
  
---- a/buf.c	2011-06-19 17:13:56.463999389 -0500
-+++ b/buf.c	2011-06-19 17:15:23.487999372 -0500
+--- a/buf.c
++++ b/buf.c
 @@ -17,6 +17,7 @@
  #include <unistd.h>
  #include <ctype.h>
@@ -20,8 +23,8 @@
  
  #include "buf.h"
  
---- a/decode_nntp.c	2011-06-19 17:13:53.631999390 -0500
-+++ b/decode_nntp.c	2011-06-19 17:15:23.491999372 -0500
+--- a/decode_nntp.c
++++ b/decode_nntp.c
 @@ -15,6 +15,7 @@
  
  #include <stdio.h>
@@ -30,8 +33,8 @@
  
  #include "base64.h"
  #include "decode.h"
---- a/decode_pop.c	2011-06-19 17:13:54.911999390 -0500
-+++ b/decode_pop.c	2011-06-19 17:15:23.495999372 -0500
+--- a/decode_pop.c
++++ b/decode_pop.c
 @@ -14,6 +14,7 @@
  
  #include <stdio.h>
@@ -40,8 +43,8 @@
  
  #include "base64.h"
  #include "options.h"
---- a/decode_rlogin.c	2011-06-19 17:13:54.431999390 -0500
-+++ b/decode_rlogin.c	2011-06-19 17:15:23.495999372 -0500
+--- a/decode_rlogin.c
++++ b/decode_rlogin.c
 @@ -14,6 +14,8 @@
  
  #include <stdio.h>
@@ -51,8 +54,8 @@
  
  #include "options.h"
  #include "decode.h"
---- a/decode_smb.c	2011-06-19 17:13:55.103999390 -0500
-+++ b/decode_smb.c	2011-06-19 17:15:23.499999372 -0500
+--- a/decode_smb.c
++++ b/decode_smb.c
 @@ -15,6 +15,7 @@
  
  #include <stdio.h>
@@ -61,8 +64,8 @@
  
  #include "decode.h"
  
---- a/decode_smtp.c	2011-06-19 17:13:54.003999391 -0500
-+++ b/decode_smtp.c	2011-06-19 17:15:23.503999372 -0500
+--- a/decode_smtp.c
++++ b/decode_smtp.c
 @@ -14,6 +14,7 @@
  
  #include <stdio.h>
@@ -71,8 +74,8 @@
  
  #include "base64.h"
  #include "options.h"
---- a/decode_sniffer.c	2011-06-19 17:13:56.075999390 -0500
-+++ b/decode_sniffer.c	2011-06-19 17:15:23.503999372 -0500
+--- a/decode_sniffer.c
++++ b/decode_sniffer.c
 @@ -15,6 +15,8 @@
  
  #include <stdio.h>
@@ -82,8 +85,8 @@
  
  #include "base64.h"
  #include "decode.h"
---- a/decode_socks.c	2011-06-19 17:13:55.271999391 -0500
-+++ b/decode_socks.c	2011-06-19 17:15:23.507999372 -0500
+--- a/decode_socks.c
++++ b/decode_socks.c
 @@ -14,6 +14,7 @@
  
  #include <stdio.h>
@@ -92,8 +95,8 @@
  
  #include "decode.h"
  
---- a/decode_tds.c	2011-06-19 17:13:55.899999390 -0500
-+++ b/decode_tds.c	2011-06-19 17:15:23.511999372 -0500
+--- a/decode_tds.c
++++ b/decode_tds.c
 @@ -18,6 +18,7 @@
  
  #include <stdio.h>
@@ -102,8 +105,8 @@
  
  #include "decode.h"
  
---- a/decode_telnet.c	2011-06-19 17:13:55.491999391 -0500
-+++ b/decode_telnet.c	2011-06-19 17:15:23.515999372 -0500
+--- a/decode_telnet.c
++++ b/decode_telnet.c
 @@ -14,6 +14,7 @@
  
  #include <stdio.h>
@@ -112,8 +115,8 @@
  
  #include "options.h"
  #include "decode.h"
---- a/decode_x11.c	2011-06-19 17:13:53.823999390 -0500
-+++ b/decode_x11.c	2011-06-19 17:15:23.515999372 -0500
+--- a/decode_x11.c
++++ b/decode_x11.c
 @@ -14,6 +14,8 @@
  
  #include <stdio.h>
@@ -123,8 +126,8 @@
  
  #include "decode.h"
  
---- a/dnsspoof.c	2011-06-19 17:15:10.515999375 -0500
-+++ b/dnsspoof.c	2011-06-19 17:15:23.519999372 -0500
+--- a/dnsspoof.c
++++ b/dnsspoof.c
 @@ -20,6 +20,7 @@
  #include <stdlib.h>
  #include <signal.h>
@@ -133,8 +136,8 @@
  #include <resolv.h>
  #include <err.h>
  #include <libnet.h>
---- a/magic.c	2011-06-19 17:13:55.703999390 -0500
-+++ b/magic.c	2011-06-19 17:15:23.523999372 -0500
+--- a/magic.c
++++ b/magic.c
 @@ -36,6 +36,7 @@
  #include <stdio.h>
  #include <stdlib.h>
@@ -143,16 +146,16 @@
  #include <ctype.h>
  #include <time.h>
  #include <err.h>
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ b/missing/strlcat.h	2011-06-19 17:15:23.527999372 -0500
+--- /dev/null
++++ b/missing/strlcat.h
 @@ -0,0 +1 @@
 +size_t strlcat(char *dst, const char *src, size_t siz);
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ b/missing/strlcpy.h	2011-06-19 17:15:23.531999372 -0500
+--- /dev/null
++++ b/missing/strlcpy.h
 @@ -0,0 +1 @@
 +size_t strlcpy(char *dst, const char *src, size_t siz);
---- a/sshmitm.c	2011-06-19 17:15:10.527999375 -0500
-+++ b/sshmitm.c	2011-06-19 17:15:23.531999372 -0500
+--- a/sshmitm.c
++++ b/sshmitm.c
 @@ -24,6 +24,7 @@
  #include <stdio.h>
  #include <stdlib.h>
diff -Nru dsniff-2.4b1+debian/debian/patches/12_arpa_inet_header.patch dsniff-2.4b1+debian/debian/patches/12_arpa_inet_header.patch
--- dsniff-2.4b1+debian/debian/patches/12_arpa_inet_header.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/12_arpa_inet_header.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: Luciano Bello <luciano@linux.org.ar>
-Description: aviod the "implicit declaration of function 'ntohs'" warning
---- a/decode_aim.c	2011-06-19 17:13:50.503999391 -0500
-+++ b/decode_aim.c	2011-06-19 17:15:27.267999371 -0500
+Description: avoid the "implicit declaration of function 'ntohs'" warning
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/decode_aim.c
++++ b/decode_aim.c
 @@ -14,6 +14,7 @@
  
  #include <stdio.h>
@@ -10,8 +13,8 @@
  
  #include "hex.h"
  #include "buf.h"
---- a/decode_mmxp.c	2011-06-19 17:13:50.323999391 -0500
-+++ b/decode_mmxp.c	2011-06-19 17:15:27.271999371 -0500
+--- a/decode_mmxp.c
++++ b/decode_mmxp.c
 @@ -21,6 +21,7 @@
  
  #include <stdio.h>
@@ -20,8 +23,8 @@
  
  #include "buf.h"
  #include "decode.h"
---- a/decode_pptp.c	2011-06-19 17:13:50.687999391 -0500
-+++ b/decode_pptp.c	2011-06-19 17:15:27.275999371 -0500
+--- a/decode_pptp.c
++++ b/decode_pptp.c
 @@ -16,6 +16,7 @@
  
  #include <stdio.h>
@@ -30,8 +33,8 @@
  
  #include "buf.h"
  #include "decode.h"
---- a/decode_tds.c	2011-06-19 17:15:23.511999372 -0500
-+++ b/decode_tds.c	2011-06-19 17:15:27.275999371 -0500
+--- a/decode_tds.c
++++ b/decode_tds.c
 @@ -19,6 +19,7 @@
  #include <stdio.h>
  #include <string.h>
@@ -40,8 +43,8 @@
  
  #include "decode.h"
  
---- a/decode_vrrp.c	2011-06-19 17:13:51.243999390 -0500
-+++ b/decode_vrrp.c	2011-06-19 17:15:27.287999371 -0500
+--- a/decode_vrrp.c
++++ b/decode_vrrp.c
 @@ -15,6 +15,7 @@
  
  #include <stdio.h>
@@ -50,8 +53,8 @@
  
  #include "buf.h"
  #include "decode.h"
---- a/ssh.c	2011-06-19 17:15:14.343999374 -0500
-+++ b/ssh.c	2011-06-19 17:15:27.291999371 -0500
+--- a/ssh.c
++++ b/ssh.c
 @@ -23,6 +23,7 @@
  #include <stdio.h>
  #include <stdlib.h>
diff -Nru dsniff-2.4b1+debian/debian/patches/13_pop_with_version.patch dsniff-2.4b1+debian/debian/patches/13_pop_with_version.patch
--- dsniff-2.4b1+debian/debian/patches/13_pop_with_version.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/13_pop_with_version.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: Luciano Bello <luciano@linux.org.ar>
 Description: distinguish between pop versions
---- a/decode.c	2011-06-19 17:13:48.679999392 -0500
-+++ b/decode.c	2011-06-19 17:15:29.771999369 -0500
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/decode.c
++++ b/decode.c
 @@ -63,7 +63,8 @@
  	{ "http",	decode_http },
  	{ "ospf",	decode_ospf },
@@ -12,8 +15,8 @@
  	{ "nntp",	decode_nntp },
  	{ "smb",	decode_smb },
  	{ "imap",	decode_imap },
---- a/dsniff.services	2011-06-19 17:13:48.883999392 -0500
-+++ b/dsniff.services	2011-06-19 17:15:29.799999369 -0500
+--- a/dsniff.services
++++ b/dsniff.services
 @@ -10,8 +10,8 @@
  ospf		89/ip
  http		98/tcp
diff -Nru dsniff-2.4b1+debian/debian/patches/14_obsolete_time.patch dsniff-2.4b1+debian/debian/patches/14_obsolete_time.patch
--- dsniff-2.4b1+debian/debian/patches/14_obsolete_time.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/14_obsolete_time.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,9 +1,12 @@
 Author: Luciano Bello <luciano@linux.org.ar>
 Description: According to /usr/include/time.h, CLK_TCK is the 
 "obsolete POSIX.1-1988 name" for CLOCKS_PER_SEC.
-Closes #420944
---- a/sshow.c	2011-06-19 17:15:16.175999374 -0500
-+++ b/sshow.c	2011-06-19 17:15:31.875999369 -0500
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420944
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/sshow.c
++++ b/sshow.c
 @@ -224,7 +224,7 @@
  	if (debug)
  		printf("- %s -> %s: DATA (%s bytes, %.2f seconds)\n",
diff -Nru dsniff-2.4b1+debian/debian/patches/15_checksum_libnids.patch dsniff-2.4b1+debian/debian/patches/15_checksum_libnids.patch
--- dsniff-2.4b1+debian/debian/patches/15_checksum_libnids.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/15_checksum_libnids.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,11 @@
 Author: Gleb Paharenko <gpaharenko@gmail.com>
-Description: Workaround to #420129. 
---- a/dsniff.c	2011-06-19 17:15:01.071999376 -0500
-+++ b/dsniff.c	2011-06-19 17:15:33.707999369 -0500
+Description: Workaround to this Debian bug
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420129
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/dsniff.c
++++ b/dsniff.c
 @@ -70,6 +70,80 @@
  {
  }
diff -Nru dsniff-2.4b1+debian/debian/patches/16_TDS_decoder.patch dsniff-2.4b1+debian/debian/patches/16_TDS_decoder.patch
--- dsniff-2.4b1+debian/debian/patches/16_TDS_decoder.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/16_TDS_decoder.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,5 +1,9 @@
 Author: Luciano Bello <luciano@debian.org>
-Description: Patch provided by Hilko Bengen. #609988.
+Description: Fix for DOS y TDS decoder. Patch provided by Hilko Bengen.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609988
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
 --- a/decode_tds.c
 +++ b/decode_tds.c
 @@ -144,6 +144,11 @@
diff -Nru dsniff-2.4b1+debian/debian/patches/17_checksum.patch dsniff-2.4b1+debian/debian/patches/17_checksum.patch
--- dsniff-2.4b1+debian/debian/patches/17_checksum.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/17_checksum.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,29 @@
+Author: Piotr Engelking <inkerman42@gmail.com>
+Description: Disable the filtering packets with incorrect checksum.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372536
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/urlsnarf.c
++++ b/urlsnarf.c
+@@ -245,6 +245,7 @@
+ 	extern char *optarg;
+ 	extern int optind;
+ 	int c;
++	struct nids_chksum_ctl chksum_ctl;
+ 	
+ 	while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
+ 		switch (c) {
+@@ -305,6 +306,12 @@
+                 }
+         }
+ 
++        chksum_ctl.netaddr = 0;
++        chksum_ctl.mask = 0;
++        chksum_ctl.action = NIDS_DONT_CHKSUM;
++
++        nids_register_chksum_ctl(&chksum_ctl, 1);
++
+ 	nids_run();
+ 	
+ 	/* NOTREACHED */
diff -Nru dsniff-2.4b1+debian/debian/patches/18_sshcrypto.patch dsniff-2.4b1+debian/debian/patches/18_sshcrypto.patch
--- dsniff-2.4b1+debian/debian/patches/18_sshcrypto.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/18_sshcrypto.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,17 @@
+Author: Steve Kemp <skx@debian.org>
+Description: Missing openssl  includes in sshcrypto.c. 
+This patch was through diff.gz and now is implemented as a dpatch.
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/sshcrypto.c
++++ b/sshcrypto.c
+@@ -14,6 +14,8 @@
+ 
+ #include <sys/types.h>
+ #include <openssl/ssl.h>
++#include <openssl/blowfish.h>
++#include <openssl/des.h>
+ 
+ #include <err.h>
+ #include <stdio.h>
diff -Nru dsniff-2.4b1+debian/debian/patches/19_rewrite-and-modernize-POP-decoder.patch dsniff-2.4b1+debian/debian/patches/19_rewrite-and-modernize-POP-decoder.patch
--- dsniff-2.4b1+debian/debian/patches/19_rewrite-and-modernize-POP-decoder.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/19_rewrite-and-modernize-POP-decoder.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,132 @@
+>From b05e27ba9b0ba9ef00ad2183933652e08d8c89af Mon Sep 17 00:00:00 2001
+From: Stefan Tomanek <stefan@pico.ruhr.de>
+Date: Sat, 29 Oct 2011 20:48:55 +0200
+Subject: [PATCH] rewrite and modernize POP decoder
+
+
+Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
+---
+ decode_pop.c |   96 ++++++++++++++++++++++++++++++++++++++++++++++-----------
+ 1 files changed, 77 insertions(+), 19 deletions(-)
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/decode_pop.c
++++ b/decode_pop.c
+@@ -6,6 +6,8 @@
+  * Copyright (c) 2000 Dug Song <dugsong@monkey.org>
+  *
+  * $Id: decode_pop.c,v 1.4 2001/03/15 08:33:02 dugsong Exp $
++ *
++ * Rewritten by Stefan Tomanek 2011 <stefan@pico.ruhr.de>
+  */
+ 
+ #include "config.h"
+@@ -45,32 +47,88 @@
+ decode_pop(u_char *buf, int len, u_char *obuf, int olen)
+ {
+ 	char *p;
++	char *s;
++	int n;
+ 	int i, j;
++	char *user;
++	char *password;
++	enum {
++		NONE,
++		AUTHPLAIN,
++		AUTHLOGIN,
++		USERPASS
++	} mode = NONE;
++
+ 	
+ 	obuf[0] = '\0';
+ 	
+ 	for (p = strtok(buf, "\r\n"); p != NULL; p = strtok(NULL, "\r\n")) {
+-		if (strncasecmp(p, "AUTH PLAIN", 10) == 0 ||
+-		    strncasecmp(p, "AUTH LOGIN", 10) == 0) {
+-			strlcat(obuf, p, olen);
+-			strlcat(obuf, "\n", olen);
+-			
+-			/* Decode SASL auth. */
+-			for (i = 0; i < 2 && (p = strtok(NULL, "\r\n")); i++) {
+-				strlcat(obuf, p, olen);
+-				j = base64_pton(p, p, strlen(p));
+-				p[j] = '\0';
+-				strlcat(obuf, " [", olen);
+-				strlcat(obuf, p, olen);
+-				strlcat(obuf, "]\n", olen);
++		if (mode == NONE) {
++			user = NULL;
++			password = NULL;
++			if (strncasecmp(p, "AUTH PLAIN", 10) == 0) {
++				mode = AUTHPLAIN;
++				continue;
++			}
++			if (strncasecmp(p, "AUTH LOGIN", 10) == 0) {
++				mode = AUTHLOGIN;
++				continue;
++			}
++			if (strncasecmp(p, "USER ", 5) == 0) {
++				mode = USERPASS;
++				/* the traditional login cuts right to the case,
++				 * so no continue here
++				 */
+ 			}
+ 		}
+-		/* Save regular POP2, POP3 auth info. */
+-		else if (strncasecmp(p, "USER ", 5) == 0 ||
+-			 strncasecmp(p, "PASS ", 5) == 0 ||
+-			 strncasecmp(p, "HELO ", 5) == 0) {
+-			strlcat(obuf, p, olen);
+-			strlcat(obuf, "\n", olen);
++		printf("(%d) %s\n", mode, p);
++		if (mode == USERPASS) {
++			if (strncasecmp(p, "USER ", 5) == 0) {
++				user = &p[5];
++			} else if (strncasecmp(p, "PASS ", 5) == 0) {
++				password = &p[5];
++			}
++		}
++
++		if (mode == AUTHPLAIN) {
++			j = base64_pton(p, p, strlen(p));
++			p[j] = '\0';
++			n = 0;
++			s = p;
++			/* p consists of three parts, divided by \0 */
++			while (s <= &p[j] && n<=3) {
++				if (n == 0) {
++					/* we do not process this portion yet */
++				} else if (n == 1) {
++					user = s;
++				} else if (n == 2) {
++					password = s;
++				}
++				n++;
++				while (*s) s++;
++				s++;
++			}
++		}
++
++		if (mode == AUTHLOGIN) {
++			j = base64_pton(p, p, strlen(p));
++			p[j] = '\0';
++			if (! user) {
++				user = p;
++			} else {
++				password = p;
++				/* got everything we need :-) */
++			}
++		}
++
++		if (user && password) {
++			strlcat(obuf, "\nusername [", olen);
++			strlcat(obuf, user, olen);
++			strlcat(obuf, "] password [", olen);
++			strlcat(obuf, password, olen);
++			strlcat(obuf, "]\n", olen);
++
++			mode = NONE;
+ 		}
+ 	}
+ 	return (strlen(obuf));
diff -Nru dsniff-2.4b1+debian/debian/patches/20_debian_dirs.patch dsniff-2.4b1+debian/debian/patches/20_debian_dirs.patch
--- dsniff-2.4b1+debian/debian/patches/20_debian_dirs.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/20_debian_dirs.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: Steve Kemp <skx@debian.org>
 Description: Adapt to Debian directory structure.
---- a/Makefile.in	2011-06-19 17:13:45.651999392 -0500
-+++ b/Makefile.in	2011-06-19 17:15:37.407999368 -0500
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/Makefile.in
++++ b/Makefile.in
 @@ -11,7 +11,7 @@
  install_prefix  =
  prefix          = @prefix@
@@ -21,8 +24,8 @@
  LIBS	= @LIBS@ -L$(srcdir) -lmissing
  
  INSTALL	= @INSTALL@
---- a/dnsspoof.8	2011-06-19 17:13:46.019999392 -0500
-+++ b/dnsspoof.8	2011-06-19 17:15:37.423999369 -0500
+--- a/dnsspoof.8
++++ b/dnsspoof.8
 @@ -31,7 +31,7 @@
  address queries on the LAN with an answer of the local machine's IP
  address.
@@ -32,8 +35,8 @@
  Sample hosts file.
  .SH "SEE ALSO"
  dsniff(8), hosts(5)
---- a/dsniff.8	2011-06-19 17:15:01.067999376 -0500
-+++ b/dsniff.8	2011-06-19 17:15:37.427999369 -0500
+--- a/dsniff.8
++++ b/dsniff.8
 @@ -68,9 +68,9 @@
  On a hangup signal \fBdsniff\fR will dump its current trigger table to
  \fIdsniff.services\fR.
@@ -46,8 +49,8 @@
  Network protocol magic
  .SH "SEE ALSO"
  arpspoof(8), libnids(3), services(5), magic(5)
---- a/pathnames.h	2011-06-19 17:13:46.219999392 -0500
-+++ b/pathnames.h	2011-06-19 17:15:37.431999369 -0500
+--- a/pathnames.h
++++ b/pathnames.h
 @@ -12,7 +12,7 @@
  #define PATHNAMES_H
  
diff -Nru dsniff-2.4b1+debian/debian/patches/21_msgsnarf_segfault.patch dsniff-2.4b1+debian/debian/patches/21_msgsnarf_segfault.patch
--- dsniff-2.4b1+debian/debian/patches/21_msgsnarf_segfault.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/21_msgsnarf_segfault.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: <bdefreese@debian2.bddebian.com>
 Description: Correctly 0 out the c struct.
---- a/msgsnarf.c	2011-06-19 17:15:01.091999376 -0500
-+++ b/msgsnarf.c	2011-06-19 17:15:39.739999369 -0500
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/msgsnarf.c
++++ b/msgsnarf.c
 @@ -584,6 +584,7 @@
  		if (i == 0) {
  			if ((c = malloc(sizeof(*c))) == NULL)
diff -Nru dsniff-2.4b1+debian/debian/patches/22_handlepp.patch dsniff-2.4b1+debian/debian/patches/22_handlepp.patch
--- dsniff-2.4b1+debian/debian/patches/22_handlepp.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/22_handlepp.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,10 @@
 Author: Joerg Dorchain <joerg@dorchain.net>
 Description: Add tcpkill support for handle ppp interfaces.
---- a/pcaputil.c	2011-06-19 17:13:44.419999392 -0500
-+++ b/pcaputil.c	2011-06-19 17:15:41.607999368 -0500
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/pcaputil.c
++++ b/pcaputil.c
 @@ -52,6 +52,9 @@
  	case DLT_NULL:
  		offset = 4;
diff -Nru dsniff-2.4b1+debian/debian/patches/23_urlsnarf_timestamp.patch dsniff-2.4b1+debian/debian/patches/23_urlsnarf_timestamp.patch
--- dsniff-2.4b1+debian/debian/patches/23_urlsnarf_timestamp.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/23_urlsnarf_timestamp.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,7 +1,11 @@
 Author: Hilko Bengen <bengen@debian.org>
-Description: urlsnarf: use timestamps from pcap file if available. Closes: #573365
---- a/urlsnarf.c	2011-06-19 17:15:21.627999373 -0500
-+++ b/urlsnarf.c	2011-06-19 17:15:43.411999368 -0500
+Description: urlsnarf: use timestamps from pcap file if available.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573365
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/urlsnarf.c
++++ b/urlsnarf.c
 @@ -36,6 +36,7 @@
  u_short		Opt_dns = 1;
  int		Opt_invert = 0;
@@ -10,7 +14,7 @@
  
  static void
  usage(void)
-@@ -57,9 +58,12 @@ timestamp(void)
+@@ -57,9 +58,12 @@
  {
  	static char tstr[32], sign;
  	struct tm *t, gmt;
@@ -24,7 +28,7 @@
  	gmt = *gmtime(&tt);
  	t = localtime(&tt);
  	
-@@ -312,9 +316,48 @@ main(int argc, char *argv[])
+@@ -312,9 +316,48 @@
  
          nids_register_chksum_ctl(&chksum_ctl, 1);
  
diff -Nru dsniff-2.4b1+debian/debian/patches/24_Fix-OpenSSL1.1.0-Build.patch dsniff-2.4b1+debian/debian/patches/24_Fix-OpenSSL1.1.0-Build.patch
--- dsniff-2.4b1+debian/debian/patches/24_Fix-OpenSSL1.1.0-Build.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/24_Fix-OpenSSL1.1.0-Build.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,5 +1,8 @@
 Description: Fix build with OpenSSL 1.1.0
 Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
 
 --- a/ssh.c
 +++ b/ssh.c
diff -Nru dsniff-2.4b1+debian/debian/patches/25_fix-spelling-errors.patch dsniff-2.4b1+debian/debian/patches/25_fix-spelling-errors.patch
--- dsniff-2.4b1+debian/debian/patches/25_fix-spelling-errors.patch	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/25_fix-spelling-errors.patch	2017-02-15 23:42:16.000000000 +0100
@@ -1,5 +1,8 @@
 Description: Fix minor spelling error in source code
 Author: Marcos Fouces <mfouces@yahoo.es>
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
 
 --- a/remote.c
 +++ b/remote.c
diff -Nru dsniff-2.4b1+debian/debian/patches/26_arpspoof-add-r-switch-to-poison-both-directions.patch dsniff-2.4b1+debian/debian/patches/26_arpspoof-add-r-switch-to-poison-both-directions.patch
--- dsniff-2.4b1+debian/debian/patches/26_arpspoof-add-r-switch-to-poison-both-directions.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/26_arpspoof-add-r-switch-to-poison-both-directions.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,170 @@
+>From 8fbf0ac15e5fe2df427e3e028f9aa8d96788986a Mon Sep 17 00:00:00 2001
+From: Stefan Tomanek <stefan@pico.ruhr.de>
+Date: Sun, 6 Nov 2011 22:44:54 +0100
+Subject: [PATCH 1/3] arpspoof: add -r switch to poison both directions
+
+
+Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
+---
+ arpspoof.8 |    5 ++++-
+ arpspoof.c |   59 +++++++++++++++++++++++++++++++++++++++++++++++------------
+ 2 files changed, 51 insertions(+), 13 deletions(-)
+
+ ---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+ 
+--- a/arpspoof.8
++++ b/arpspoof.8
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR
++\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -26,6 +26,9 @@
+ .IP "\fB-t \fItarget\fR"
+ Specify a particular host to ARP poison (if not specified, all hosts
+ on the LAN).
++.IP "\fB\-r\fR"
++Poison both hosts (host and target) to capture traffic in both directions.
++(only valid in conjuntion with \-t)
+ .IP \fIhost\fR
+ Specify the host you wish to intercept packets for (usually the local
+ gateway).
+--- a/arpspoof.c
++++ b/arpspoof.c
+@@ -7,6 +7,8 @@
+  * Copyright (c) 1999 Dug Song <dugsong@monkey.org>
+  *
+  * $Id: arpspoof.c,v 1.5 2001/03/15 08:32:58 dugsong Exp $
++ *
++ * Improved 2011 by Stefan Tomanek <stefa@pico.ruhr.de>
+  */
+ 
+ #include "config.h"
+@@ -31,12 +33,13 @@
+ static struct ether_addr spoof_mac, target_mac;
+ static in_addr_t spoof_ip, target_ip;
+ static char *intf;
++static int poison_reverse;
+ 
+ static void
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: arpspoof [-i interface] [-t target] host\n");
++		"Usage: arpspoof [-i interface] [-t target] [-r] host\n");
+ 	exit(1);
+ }
+ 
+@@ -133,18 +136,30 @@
+ static void
+ cleanup(int sig)
+ {
++	int fw = arp_find(spoof_ip, &spoof_mac);
++	int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
+ 	int i;
+-	
+-	if (arp_find(spoof_ip, &spoof_mac)) {
+-		for (i = 0; i < 3; i++) {
+-			/* XXX - on BSD, requires ETHERSPOOF kernel. */
++
++	fprintf(stderr, "Cleaning up and re-arping targets...\n");
++	for (i = 0; i < 5; i++) {
++		/* XXX - on BSD, requires ETHERSPOOF kernel. */
++		if (fw) {
+ 			arp_send(l, ARPOP_REPLY,
+ 				 (u_int8_t *)&spoof_mac, spoof_ip,
+ 				 (target_ip ? (u_int8_t *)&target_mac : NULL),
+ 				 target_ip);
++			/* we have to wait a moment before sending the next packet */
++			sleep(1);
++		}
++		if (bw) {
++			arp_send(l, ARPOP_REPLY,
++				 (u_int8_t *)&target_mac, target_ip,
++				 (u_int8_t *)&spoof_mac,
++				 spoof_ip);
+ 			sleep(1);
+ 		}
+ 	}
++
+ 	exit(0);
+ }
+ 
+@@ -156,11 +171,12 @@
+ 	char pcap_ebuf[PCAP_ERRBUF_SIZE];
+ 	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 	int c;
+-	
++
+ 	intf = NULL;
+ 	spoof_ip = target_ip = 0;
+-	
+-	while ((c = getopt(argc, argv, "i:t:h?V")) != -1) {
++	poison_reverse = 0;
++
++	while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
+ 		switch (c) {
+ 		case 'i':
+ 			intf = optarg;
+@@ -169,6 +185,9 @@
+ 			if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
+ 				usage();
+ 			break;
++		case 'r':
++			poison_reverse = 1;
++			break;
+ 		default:
+ 			usage();
+ 		}
+@@ -178,7 +197,12 @@
+ 	
+ 	if (argc != 1)
+ 		usage();
+-	
++
++	if (poison_reverse && !target_ip) {
++		errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
++		usage();
++	}
++
+ 	if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ 		usage();
+ 	
+@@ -191,18 +215,29 @@
+ 	if (target_ip != 0 && !arp_find(target_ip, &target_mac))
+ 		errx(1, "couldn't arp for host %s",
+ 		     libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
+-	
++
++	if (poison_reverse) {
++		if (!arp_find(spoof_ip, &spoof_mac)) {
++			errx(1, "couldn't arp for spoof host %s",
++			     libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
++		}
++	}
++
+ 	signal(SIGHUP, cleanup);
+ 	signal(SIGINT, cleanup);
+ 	signal(SIGTERM, cleanup);
+-	
++
+ 	for (;;) {
+ 		arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
+ 			 (target_ip ? (u_int8_t *)&target_mac : NULL),
+ 			 target_ip);
++		if (poison_reverse) {
++			arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
++		}
++
+ 		sleep(2);
+ 	}
+ 	/* NOTREACHED */
+-	
++
+ 	exit(0);
+ }
diff -Nru dsniff-2.4b1+debian/debian/patches/27_arpspoof-allow-use-of-of-multiple-targets.patch dsniff-2.4b1+debian/debian/patches/27_arpspoof-allow-use-of-of-multiple-targets.patch
--- dsniff-2.4b1+debian/debian/patches/27_arpspoof-allow-use-of-of-multiple-targets.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/27_arpspoof-allow-use-of-of-multiple-targets.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,197 @@
+>From 25c761ebb1a8001d05da8b3dba36e96ac07ad586 Mon Sep 17 00:00:00 2001
+From: Stefan Tomanek <stefan@pico.ruhr.de>
+Date: Mon, 7 Nov 2011 17:40:50 +0100
+Subject: [PATCH 2/3] arpspoof: allow use of of multiple targets
+
+
+Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
+---
+ arpspoof.8 |    2 +-
+ arpspoof.c |  102 ++++++++++++++++++++++++++++++++++++++++--------------------
+ 2 files changed, 69 insertions(+), 35 deletions(-)
+ ---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+
+--- a/arpspoof.8
++++ b/arpspoof.8
+@@ -25,7 +25,7 @@
+ Specify the interface to use.
+ .IP "\fB-t \fItarget\fR"
+ Specify a particular host to ARP poison (if not specified, all hosts
+-on the LAN).
++on the LAN). Repeat to specify multiple hosts.
+ .IP "\fB\-r\fR"
+ Poison both hosts (host and target) to capture traffic in both directions.
+ (only valid in conjuntion with \-t)
+--- a/arpspoof.c
++++ b/arpspoof.c
+@@ -29,9 +29,14 @@
+ 
+ extern char *ether_ntoa(struct ether_addr *);
+ 
++struct host {
++	in_addr_t ip;
++	struct ether_addr mac;
++};
++
+ static libnet_t *l;
+-static struct ether_addr spoof_mac, target_mac;
+-static in_addr_t spoof_ip, target_ip;
++static struct host spoof = {0};
++static struct host *targets;
+ static char *intf;
+ static int poison_reverse;
+ 
+@@ -133,30 +138,46 @@
+ 	return (0);
+ }
+ 
++static int arp_find_all() {
++	struct host *target = targets;
++	while(target->ip) {
++		if (arp_find(target->ip, &target->mac)) {
++			return 1;
++		}
++		target++;
++	}
++
++	return 0;
++}
++
+ static void
+ cleanup(int sig)
+ {
+-	int fw = arp_find(spoof_ip, &spoof_mac);
+-	int bw = poison_reverse && target_ip && arp_find(target_ip, &target_mac);
++	int fw = arp_find(spoof.ip, &spoof.mac);
++	int bw = poison_reverse && targets[0].ip && arp_find_all();
+ 	int i;
+ 
+ 	fprintf(stderr, "Cleaning up and re-arping targets...\n");
+ 	for (i = 0; i < 5; i++) {
+-		/* XXX - on BSD, requires ETHERSPOOF kernel. */
+-		if (fw) {
+-			arp_send(l, ARPOP_REPLY,
+-				 (u_int8_t *)&spoof_mac, spoof_ip,
+-				 (target_ip ? (u_int8_t *)&target_mac : NULL),
+-				 target_ip);
+-			/* we have to wait a moment before sending the next packet */
+-			sleep(1);
+-		}
+-		if (bw) {
+-			arp_send(l, ARPOP_REPLY,
+-				 (u_int8_t *)&target_mac, target_ip,
+-				 (u_int8_t *)&spoof_mac,
+-				 spoof_ip);
+-			sleep(1);
++		struct host *target = targets;
++		while(target->ip) {
++			/* XXX - on BSD, requires ETHERSPOOF kernel. */
++			if (fw) {
++				arp_send(l, ARPOP_REPLY,
++					 (u_int8_t *)&spoof.mac, spoof.ip,
++					 (target->ip ? (u_int8_t *)&target->mac : NULL),
++					 target->ip);
++				/* we have to wait a moment before sending the next packet */
++				sleep(1);
++			}
++			if (bw) {
++				arp_send(l, ARPOP_REPLY,
++					 (u_int8_t *)&target->mac, target->ip,
++					 (u_int8_t *)&spoof.mac,
++					 spoof.ip);
++				sleep(1);
++			}
++			target++;
+ 		}
+ 	}
+ 
+@@ -171,10 +192,15 @@
+ 	char pcap_ebuf[PCAP_ERRBUF_SIZE];
+ 	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 	int c;
++	int n_targets;
+ 
++	spoof.ip = 0;
+ 	intf = NULL;
+-	spoof_ip = target_ip = 0;
+ 	poison_reverse = 0;
++	n_targets = 0;
++
++	/* allocate enough memory for target list */
++	targets = calloc( argc+1, sizeof(struct host) );
+ 
+ 	while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
+ 		switch (c) {
+@@ -182,7 +208,7 @@
+ 			intf = optarg;
+ 			break;
+ 		case 't':
+-			if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
++			if ((targets[n_targets++].ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
+ 				usage();
+ 			break;
+ 		case 'r':
+@@ -198,12 +224,12 @@
+ 	if (argc != 1)
+ 		usage();
+ 
+-	if (poison_reverse && !target_ip) {
++	if (poison_reverse && !n_targets) {
+ 		errx(1, "Spoofing the reverse path (-r) is only available when specifying a target (-t).");
+ 		usage();
+ 	}
+ 
+-	if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
++	if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ 		usage();
+ 	
+ 	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
+@@ -211,15 +237,19 @@
+ 	
+ 	if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
+ 		errx(1, "%s", libnet_ebuf);
+-	
+-	if (target_ip != 0 && !arp_find(target_ip, &target_mac))
+-		errx(1, "couldn't arp for host %s",
+-		     libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
++
++	struct host *target = targets;
++	while(target->ip) {
++		if (target->ip != 0 && !arp_find(target->ip, &target->mac))
++			errx(1, "couldn't arp for host %s",
++			libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
++		target++;
++	}
+ 
+ 	if (poison_reverse) {
+-		if (!arp_find(spoof_ip, &spoof_mac)) {
++		if (!arp_find(spoof.ip, &spoof.mac)) {
+ 			errx(1, "couldn't arp for spoof host %s",
+-			     libnet_addr2name4(spoof_ip, LIBNET_DONT_RESOLVE));
++			     libnet_addr2name4(spoof.ip, LIBNET_DONT_RESOLVE));
+ 		}
+ 	}
+ 
+@@ -228,11 +258,15 @@
+ 	signal(SIGTERM, cleanup);
+ 
+ 	for (;;) {
+-		arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
+-			 (target_ip ? (u_int8_t *)&target_mac : NULL),
+-			 target_ip);
+-		if (poison_reverse) {
+-			arp_send(l, ARPOP_REPLY, NULL, target_ip, (uint8_t *)&spoof_mac, spoof_ip);
++		struct host *target = targets;
++		while(target->ip) {
++			arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
++				(target->ip ? (u_int8_t *)&target->mac : NULL),
++				target->ip);
++			if (poison_reverse) {
++				arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
++			}
++			target++;
+ 		}
+ 
+ 		sleep(2);
diff -Nru dsniff-2.4b1+debian/debian/patches/28_arpspoof-allow-selection-of-source-hw-address.patch dsniff-2.4b1+debian/debian/patches/28_arpspoof-allow-selection-of-source-hw-address.patch
--- dsniff-2.4b1+debian/debian/patches/28_arpspoof-allow-selection-of-source-hw-address.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/28_arpspoof-allow-selection-of-source-hw-address.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,230 @@
+>From 21773ccf18a5fc49d35e510a8797b0a1e83858c4 Mon Sep 17 00:00:00 2001
+From: Stefan Tomanek <stefan@pico.ruhr.de>
+Date: Sun, 20 Nov 2011 21:32:53 +0100
+Subject: [PATCH 3/3] arpspoof: allow selection of source hw address
+
+In certain networks, sending with the wrong hardware source address can
+jeopardize the network connection of the host running arpspoof. This
+patch makes it possible to specify whether arpspoof should use the own
+hardware address or the one of the real host when resetting the arp
+table of the target systems; it is also possible to use both.
+
+Signed-off-by: Stefan Tomanek <stefan@pico.ruhr.de>
+---
+ arpspoof.8 |    9 +++++-
+ arpspoof.c |   90 ++++++++++++++++++++++++++++++++++++++++++-----------------
+ 2 files changed, 72 insertions(+), 27 deletions(-)
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/arpspoof.8
++++ b/arpspoof.8
+@@ -9,7 +9,7 @@
+ .na
+ .nf
+ .fi
+-\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
++\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-c \fIown|host|both\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR] \fIhost\fR
+ .SH DESCRIPTION
+ .ad
+ .fi
+@@ -23,6 +23,13 @@
+ .SH OPTIONS
+ .IP "\fB-i \fIinterface\fR"
+ Specify the interface to use.
++.IP "\fB-c \fIown|host|both\fR"
++Specify which hardware address t use when restoring the arp configuration;
++while cleaning up, packets can be send with the own address as well as with
++the address of the host. Sending packets with a fake hw address can disrupt
++connectivity with certain switch/ap/bridge configurations, however it works
++more reliably than using the own address, which is the default way arpspoof
++cleans up afterwards.
+ .IP "\fB-t \fItarget\fR"
+ Specify a particular host to ARP poison (if not specified, all hosts
+ on the LAN). Repeat to specify multiple hosts.
+--- a/arpspoof.c
++++ b/arpspoof.c
+@@ -40,37 +40,36 @@
+ static char *intf;
+ static int poison_reverse;
+ 
++static uint8_t *my_ha = NULL;
++static uint8_t *brd_ha = "\xff\xff\xff\xff\xff\xff";
++
++static int cleanup_src_own = 1;
++static int cleanup_src_host = 0;
++
+ static void
+ usage(void)
+ {
+ 	fprintf(stderr, "Version: " VERSION "\n"
+-		"Usage: arpspoof [-i interface] [-t target] [-r] host\n");
++		"Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host\n");
+ 	exit(1);
+ }
+ 
+ static int
+-arp_send(libnet_t *l, int op, u_int8_t *sha,
+-	 in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
++arp_send(libnet_t *l, int op,
++	u_int8_t *sha, in_addr_t spa,
++	u_int8_t *tha, in_addr_t tpa,
++	u_int8_t *me)
+ {
+ 	int retval;
+ 
+-	if (sha == NULL &&
+-	    (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
+-		return (-1);
+-	}
+-	if (spa == 0) {
+-		if ((spa = libnet_get_ipaddr4(l)) == -1)
+-			return (-1);
+-	}
+-	if (tha == NULL)
+-		tha = "\xff\xff\xff\xff\xff\xff";
+-	
++	if (!me) me = sha;
++
+ 	libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
+ 			     tha, (u_int8_t *)&tpa, l);
+-	libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
++	libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0);
+ 	
+ 	fprintf(stderr, "%s ",
+-		ether_ntoa((struct ether_addr *)sha));
++		ether_ntoa((struct ether_addr *)me));
+ 
+ 	if (op == ARPOP_REQUEST) {
+ 		fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
+@@ -129,7 +128,7 @@
+ 		/* XXX - force the kernel to arp. feh. */
+ 		arp_force(ip);
+ #else
+-		arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
++		arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip, NULL);
+ #endif
+ 		sleep(1);
+ 	}
+@@ -156,17 +155,23 @@
+ 	int fw = arp_find(spoof.ip, &spoof.mac);
+ 	int bw = poison_reverse && targets[0].ip && arp_find_all();
+ 	int i;
++	int rounds = (cleanup_src_own*5 + cleanup_src_host*5);
+ 
+ 	fprintf(stderr, "Cleaning up and re-arping targets...\n");
+-	for (i = 0; i < 5; i++) {
++	for (i = 0; i < rounds; i++) {
+ 		struct host *target = targets;
+ 		while(target->ip) {
++			uint8_t *src_ha = NULL;
++			if (cleanup_src_own && (i%2 || !cleanup_src_host)) {
++				src_ha = my_ha;
++			}
+ 			/* XXX - on BSD, requires ETHERSPOOF kernel. */
+ 			if (fw) {
+ 				arp_send(l, ARPOP_REPLY,
+ 					 (u_int8_t *)&spoof.mac, spoof.ip,
+-					 (target->ip ? (u_int8_t *)&target->mac : NULL),
+-					 target->ip);
++					 (target->ip ? (u_int8_t *)&target->mac : brd_ha),
++					 target->ip,
++					 src_ha);
+ 				/* we have to wait a moment before sending the next packet */
+ 				sleep(1);
+ 			}
+@@ -174,7 +179,8 @@
+ 				arp_send(l, ARPOP_REPLY,
+ 					 (u_int8_t *)&target->mac, target->ip,
+ 					 (u_int8_t *)&spoof.mac,
+-					 spoof.ip);
++					 spoof.ip,
++					 src_ha);
+ 				sleep(1);
+ 			}
+ 			target++;
+@@ -193,6 +199,7 @@
+ 	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 	int c;
+ 	int n_targets;
++	char *cleanup_src = NULL;
+ 
+ 	spoof.ip = 0;
+ 	intf = NULL;
+@@ -202,7 +209,7 @@
+ 	/* allocate enough memory for target list */
+ 	targets = calloc( argc+1, sizeof(struct host) );
+ 
+-	while ((c = getopt(argc, argv, "ri:t:h?V")) != -1) {
++	while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
+ 		switch (c) {
+ 		case 'i':
+ 			intf = optarg;
+@@ -214,6 +221,9 @@
+ 		case 'r':
+ 			poison_reverse = 1;
+ 			break;
++		case 'c':
++			cleanup_src = optarg;
++			break;
+ 		default:
+ 			usage();
+ 		}
+@@ -229,6 +239,29 @@
+ 		usage();
+ 	}
+ 
++	if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */
++		/* only use our own hw address when cleaning up,
++		 * not jeopardizing any bridges on the way to our
++		 * target
++		 */
++		cleanup_src_own = 1;
++		cleanup_src_host = 0;
++	} else if (strcmp(cleanup_src, "host")==0) {
++		/* only use the target hw address when cleaning up;
++		 * this can screw up some bridges and scramble access
++		 * for our own host, however it resets the arp table
++		 * more reliably
++		 */
++		cleanup_src_own = 0;
++		cleanup_src_host = 1;
++	} else if (strcmp(cleanup_src, "both")==0) {
++		cleanup_src_own = 1;
++		cleanup_src_host = 1;
++	} else {
++		errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
++		usage();
++	}
++
+ 	if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ 		usage();
+ 	
+@@ -253,6 +286,10 @@
+ 		}
+ 	}
+ 
++	if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
++		errx(1, "Unable to determine own mac address");
++	}
++
+ 	signal(SIGHUP, cleanup);
+ 	signal(SIGINT, cleanup);
+ 	signal(SIGTERM, cleanup);
+@@ -260,11 +297,12 @@
+ 	for (;;) {
+ 		struct host *target = targets;
+ 		while(target->ip) {
+-			arp_send(l, ARPOP_REPLY, NULL, spoof.ip,
+-				(target->ip ? (u_int8_t *)&target->mac : NULL),
+-				target->ip);
++			arp_send(l, ARPOP_REPLY, my_ha, spoof.ip,
++				(target->ip ? (u_int8_t *)&target->mac : brd_ha),
++				target->ip,
++				my_ha);
+ 			if (poison_reverse) {
+-				arp_send(l, ARPOP_REPLY, NULL, target->ip, (uint8_t *)&spoof.mac, spoof.ip);
++				arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&spoof.mac, spoof.ip, my_ha);
+ 			}
+ 			target++;
+ 		}
diff -Nru dsniff-2.4b1+debian/debian/patches/29_libnet_name2addr4.patch dsniff-2.4b1+debian/debian/patches/29_libnet_name2addr4.patch
--- dsniff-2.4b1+debian/debian/patches/29_libnet_name2addr4.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/29_libnet_name2addr4.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,144 @@
+Description: fixes possible segmentation faults of arpspoof, sshmitm, webmitm and 
+webspy if any non-resolving hostname is passed. Issue was introduced by 
+dsniff-2.4-libnet_11.patch; libnet_name_resolve() was replaced by libnet_name2addr4() 
+while there must be the structure libnet_t passed additionally. And if that structure is not initialized
+using libnet_init() and the passed name can't be resolved (like "192.168.2."), it
+causes a snprintf() to NULL and thus the segmentation fault. Note that macof isn't
+affected as no resolving was involved here ever.
+Author: Robert Scheck <robert@fedoraproject.org>
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1009879
+Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-libnet_name2addr4.patch
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/sshmitm.c
++++ b/sshmitm.c
+@@ -45,6 +45,8 @@
+ struct	 sockaddr_in csin, ssin;
+ int	 sig_pipe[2];
+ 
++static	 libnet_t *l;
++
+ static void
+ usage(void)
+ {
+@@ -364,6 +366,7 @@
+ 	u_long ip;
+ 	u_short lport, rport;
+ 	int c;
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 
+ 	lport = rport = 22;
+ 
+@@ -390,12 +393,15 @@
+ 	if (argc < 1)
+ 		usage();
+ 	
+-	if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
+-		usage();
+-
+ 	if (argc == 2 && (rport = atoi(argv[1])) == 0)
+ 		usage();
+ 	
++	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
++		errx(1, "%s", libnet_ebuf);
++	
++	if ((ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
++		usage();
++	
+ 	record_init(NULL);
+ 	
+ 	mitm_init(lport, ip, rport);
+--- a/webmitm.c
++++ b/webmitm.c
+@@ -47,6 +47,8 @@
+ int	 do_ssl, sig_pipe[2];
+ in_addr_t	static_host = 0;
+ 
++static	 libnet_t *l;
++
+ extern int decode_http(char *, int, char *, int);
+ 
+ static void
+@@ -242,7 +244,7 @@
+ 			word = buf_tok(&msg, "/", 1);
+ 			vhost = buf_strdup(word);
+ 		}
+-		ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
++		ssin.sin_addr.s_addr = libnet_name2addr4(l, vhost, LIBNET_RESOLVE);
+ 		free(vhost);
+ 		
+ 		if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
+@@ -496,6 +498,7 @@
+ 	extern char *optarg;
+ 	extern int optind;
+ 	int c;
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 
+ 	while ((c = getopt(argc, argv, "dh?V")) != -1) {
+ 		switch (c) {
+@@ -509,8 +512,11 @@
+ 	argc -= optind;
+ 	argv += optind;
+ 
++	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
++		errx(1, "%s", libnet_ebuf);
++	
+ 	if (argc == 1) {
+-		if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
++		if ((static_host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ 			usage();
+ 	}
+ 	else if (argc != 0) usage();
+--- a/webspy.c
++++ b/webspy.c
+@@ -33,6 +33,7 @@
+ extern int mozilla_remote_commands (Display *, Window, char **);
+ char	*expected_mozilla_version = "4.7";
+ char	*progname = "webspy";
++static	libnet_t *l;
+ 
+ Display		*dpy;
+ char		 cmd[2048], *cmdtab[2];
+@@ -183,6 +184,7 @@
+ 	extern char *optarg;
+ 	extern int optind;
+ 	int c;
++	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+ 	
+ 	while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
+ 		switch (c) {
+@@ -205,7 +207,10 @@
+ 	cmdtab[0] = cmd;
+ 	cmdtab[1] = NULL;
+ 	
+-	if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
++	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
++		errx(1, "%s", libnet_ebuf);
++	
++	if ((host = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ 		errx(1, "unknown host");
+ 	
+ 	if ((dpy = XOpenDisplay(NULL)) == NULL)
+--- a/arpspoof.c
++++ b/arpspoof.c
+@@ -208,6 +208,10 @@
+ 
+ 	/* allocate enough memory for target list */
+ 	targets = calloc( argc+1, sizeof(struct host) );
++    
++	if ((l = libnet_init(LIBNET_LINK, NULL, libnet_ebuf)) == NULL)
++		errx(1, "%s", libnet_ebuf);
++
+ 
+ 	while ((c = getopt(argc, argv, "ri:t:c:h?V")) != -1) {
+ 		switch (c) {
+@@ -265,6 +269,8 @@
+ 	if ((spoof.ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
+ 		usage();
+ 	
++	libnet_destroy(l);
++	
+ 	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
+ 		errx(1, "%s", pcap_ebuf);
+ 	
diff -Nru dsniff-2.4b1+debian/debian/patches/30_pntohl_shift.patch dsniff-2.4b1+debian/debian/patches/30_pntohl_shift.patch
--- dsniff-2.4b1+debian/debian/patches/30_pntohl_shift.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/30_pntohl_shift.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Corrects the incorrect bit-shift in pntohl(), the left-shift should be 8 bits, not 18.
+Author: Matthew Boyle <mlb@decisionsoft.co.uk>
+Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-pntohl_shift.patch
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=714958
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=850496
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/decode.h
++++ b/decode.h
+@@ -35,7 +35,7 @@
+ 			  (u_short)*((u_char *)p+0)<<8))
+ 			 
+ #define pntohl(p)	((u_int32_t)*((u_char *)p+3)<<0|   \
+-			 (u_int32_t)*((u_char *)p+2)<<18|  \
++			 (u_int32_t)*((u_char *)p+2)<<8|  \
+ 			 (u_int32_t)*((u_char *)p+1)<<16|  \
+ 			 (u_int32_t)*((u_char *)p+0)<<24)
+ 
diff -Nru dsniff-2.4b1+debian/debian/patches/31_sysconf_clocks.patch dsniff-2.4b1+debian/debian/patches/31_sysconf_clocks.patch
--- dsniff-2.4b1+debian/debian/patches/31_sysconf_clocks.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/31_sysconf_clocks.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,31 @@
+Description: Adds a clock fix. It was improved by Robert Scheck <robert@fedoraproject.org> 
+to work with older Linux kernel versions, too.
+Author: <kees@ubuntu.com>
+Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-sysconf_clocks.patch
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/sshow.c
++++ b/sshow.c
+@@ -217,7 +217,9 @@
+ {
+ 	clock_t delay;
+ 	int payload;
+-    long CLK_TCK= sysconf(_SC_CLK_TCK);
++#if defined(_SC_CLK_TCK)
++	long CLK_TCK = sysconf(_SC_CLK_TCK);
++#endif
+ 
+ 	delay = add_history(session, 0, cipher_size, plain_range);
+ 
+@@ -266,7 +268,9 @@
+ 	clock_t delay;
+ 	int skip;
+ 	range string_range;
+-    long CLK_TCK= sysconf(_SC_CLK_TCK);
++#if defined(_SC_CLK_TCK)
++	long CLK_TCK = sysconf(_SC_CLK_TCK);
++#endif
+ 	
+ 	delay = add_history(session, 1, cipher_size, plain_range);
+ 	
diff -Nru dsniff-2.4b1+debian/debian/patches/32_rpc_segfault.patch dsniff-2.4b1+debian/debian/patches/32_rpc_segfault.patch
--- dsniff-2.4b1+debian/debian/patches/32_rpc_segfault.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/32_rpc_segfault.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,19 @@
+Descrition: avoids xdrs being used without being initialised first. Without this
+patch dsniff segfaults when decoding RPC packets on x86_64.
+Author: Matthew Boyle <mlb@decisionsoft.co.uk>
+Origin: http://pkgs.fedoraproject.org/cgit/rpms/dsniff.git/tree/dsniff-2.4-rpc_segfault.patch
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/rpc.c
++++ b/rpc.c
+@@ -125,6 +125,9 @@
+ 			return (0);
+ 		}
+ 	}
++	else
++		return (0);
++	
+ 	stat = xdr_getpos(&xdrs);
+ 	xdr_destroy(&xdrs);
+ 	
diff -Nru dsniff-2.4b1+debian/debian/patches/33_sshcrypto_DES.patch dsniff-2.4b1+debian/debian/patches/33_sshcrypto_DES.patch
--- dsniff-2.4b1+debian/debian/patches/33_sshcrypto_DES.patch	1970-01-01 01:00:00.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/33_sshcrypto_DES.patch	2017-02-15 23:42:16.000000000 +0100
@@ -0,0 +1,62 @@
+Description: improves 18_sshcrypto.patch replacing all des_ methods and structs with DES_ equivalents.
+Author: jca
+Origin: OpenBSD
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/sshcrypto.c
++++ b/sshcrypto.c
+@@ -30,8 +30,8 @@
+ 
+ #if 0
+ struct des3_state {
+-	des_key_schedule	k1, k2, k3;
+-	des_cblock		iv1, iv2, iv3;
++	DES_key_schedule	k1, k2, k3;
++	DES_cblock		iv1, iv2, iv3;
+ };
+ #endif
+ 
+@@ -162,13 +162,13 @@
+ 	if ((state = malloc(sizeof(*state))) == NULL)
+ 		err(1, "malloc");
+ 
+-	des_set_key((void *)sesskey, state->k1);
+-	des_set_key((void *)(sesskey + 8), state->k2);
++	DES_set_key((void *)sesskey, &state->k1);
++	DES_set_key((void *)(sesskey + 8), &state->k2);
+ 
+ 	if (len <= 16)
+-		des_set_key((void *)sesskey, state->k3);
++		DES_set_key((void *)sesskey, &state->k3);
+ 	else
+-		des_set_key((void *)(sesskey + 16), state->k3);
++		DES_set_key((void *)(sesskey + 16), &state->k3);
+ 	
+ 	memset(state->iv1, 0, 8);
+ 	memset(state->iv2, 0, 8);
+@@ -184,9 +184,9 @@
+ 	estate = (struct des3_state *)state;
+ 	memcpy(estate->iv1, estate->iv2, 8);
+ 	
+-	des_ncbc_encrypt(src, dst, len, estate->k1, &estate->iv1, DES_ENCRYPT);
+-	des_ncbc_encrypt(dst, dst, len, estate->k2, &estate->iv2, DES_DECRYPT);
+-	des_ncbc_encrypt(dst, dst, len, estate->k3, &estate->iv3, DES_ENCRYPT);
++	DES_ncbc_encrypt(src, dst, len, &estate->k1, &estate->iv1, DES_ENCRYPT);
++	DES_ncbc_encrypt(dst, dst, len, &estate->k2, &estate->iv2, DES_DECRYPT);
++	DES_ncbc_encrypt(dst, dst, len, &estate->k3, &estate->iv3, DES_ENCRYPT);
+ }
+ 
+ void
+@@ -197,8 +197,8 @@
+ 	dstate = (struct des3_state *)state;
+ 	memcpy(dstate->iv1, dstate->iv2, 8);
+ 	
+-	des_ncbc_encrypt(src, dst, len, dstate->k3, &dstate->iv3, DES_DECRYPT);
+-	des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT);
+-	des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT);
++	DES_ncbc_encrypt(src, dst, len, &dstate->k3, &dstate->iv3, DES_DECRYPT);
++	DES_ncbc_encrypt(dst, dst, len, &dstate->k2, &dstate->iv2, DES_ENCRYPT);
++	DES_ncbc_encrypt(dst, dst, len, &dstate->k1, &dstate->iv1, DES_DECRYPT);
+ }
+ #endif
diff -Nru dsniff-2.4b1+debian/debian/patches/series dsniff-2.4b1+debian/debian/patches/series
--- dsniff-2.4b1+debian/debian/patches/series	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/patches/series	2017-02-15 23:42:16.000000000 +0100
@@ -1,4 +1,3 @@
-25_fix-spelling-errors.patch
 01_time.h.patch
 02_mailsnarf_corrupt.patch
 03_pcap_read_dump.patch
@@ -8,8 +7,6 @@
 07_libnet_1.1.patch
 08_openssl-0.9.8.patch
 09_sysconf_clocks.patch
-08_checksum.patch
-09_sshcrypto.patch
 10_urlsnarf_escape.patch
 11_string_header.patch
 12_arpa_inet_header.patch
@@ -17,12 +14,20 @@
 14_obsolete_time.patch
 15_checksum_libnids.patch
 16_TDS_decoder.patch
+17_checksum.patch
+18_sshcrypto.patch
+19_rewrite-and-modernize-POP-decoder.patch
 20_debian_dirs.patch
 21_msgsnarf_segfault.patch
 22_handlepp.patch
 23_urlsnarf_timestamp.patch
 24_Fix-OpenSSL1.1.0-Build.patch
-0001-rewrite-and-modernize-POP-decoder.patch
-0001-arpspoof-add-r-switch-to-poison-both-directions.patch
-0002-arpspoof-allow-use-of-of-multiple-targets.patch
-0003-arpspoof-allow-selection-of-source-hw-address.patch
+25_fix-spelling-errors.patch
+26_arpspoof-add-r-switch-to-poison-both-directions.patch
+27_arpspoof-allow-use-of-of-multiple-targets.patch
+28_arpspoof-allow-selection-of-source-hw-address.patch
+29_libnet_name2addr4.patch
+30_pntohl_shift.patch
+31_sysconf_clocks.patch
+32_rpc_segfault.patch
+33_sshcrypto_DES.patch
diff -Nru dsniff-2.4b1+debian/debian/rules dsniff-2.4b1+debian/debian/rules
--- dsniff-2.4b1+debian/debian/rules	2016-12-20 22:39:02.000000000 +0100
+++ dsniff-2.4b1+debian/debian/rules	2017-02-15 23:42:16.000000000 +0100
@@ -1,8 +1,15 @@
 #!/usr/bin/make -f
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export CFLAGS += -g
+
+include /usr/share/dpkg/architecture.mk
+ifeq ($(origin CC),default)
+export CC := $(DEB_HOST_GNU_TYPE)-gcc
+endif
+
 %:
 	dh  $@
-
+	
 override_dh_auto_install:
 	$(MAKE) install prefix=$(CURDIR)/debian/dsniff/usr
 

--- End Message ---
--- Begin Message ---
Niels Thykier:
> Control: tags -1 moreinfo
> 
> On Sun, 12 Mar 2017 21:35:39 +0100 Marcos Fouces <mfouces@yahoo.es> wrote:
>> Package: release.debian.org
>> Severity: normal
>> User: release.debian.org@packages.debian.org
>> Usertags: unblock
>>
>> Please unblock package dsniff in order to fix its five grave bugs
>>
>> Dear release team,
>>
> 
> Hi,
> 
>> dsniff is to be removed from testing due to five grave bugs
>> affecting several of its tools:
>>
>> [...]
>>
> 
> These are fine.
> 
>> [...]
>>
>> Cheers, 
>> Marcos
>>
>> unblock dsniff/2.4b1+debian-24
>>
>> [...]
> 
> Thanks,
> ~Niels
> 

There has been an upload solving my remarks and it has now been
unblocked (on the assumption that the remaining builds are successful)

Thanks,
~Niels

--- End Message ---

Reply to: