Bug#864419: unblock: ettercap (CVE)

To: submit@bugs.debian.org
Subject: Bug#864419: unblock: ettercap (CVE)
From: Gianfranco Costamagna <locutusofborg@debian.org>
Date: Thu, 8 Jun 2017 14:24:51 +0200
Message-id: <[🔎] 7c5fb88d-bfd5-343b-c4a9-b9c0aef60c9c@debian.org>
Reply-to: Gianfranco Costamagna <locutusofborg@debian.org>, 864419@bugs.debian.org

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi Release Team

Please unblock package ettercap, we fixed CVE 2017-8366, but the asan enable patch is not intended for production use.
I commented out that part
http://www.openwall.com/lists/oss-security/2016/02/17/9

unblock ettercap/1:0.8.2-6

debdiff attached

thanks

G.

diff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog
--- ettercap-0.8.2/debian/changelog	2017-06-04 09:27:11.000000000 +0200
+++ ettercap-0.8.2/debian/changelog	2017-06-08 14:20:58.000000000 +0200
@@ -1,3 +1,10 @@
+ettercap (1:0.8.2-6) unstable; urgency=medium
+
+  * Tweak 803.patch, disable asan.
+    (it is not intended for production) 
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 08 Jun 2017 14:20:29 +0200
+
 ettercap (1:0.8.2-5) unstable; urgency=high
 
   [ Alexander Koeppe ]
diff -Nru ettercap-0.8.2/debian/patches/803.patch ettercap-0.8.2/debian/patches/803.patch
--- ettercap-0.8.2/debian/patches/803.patch	2017-06-04 09:25:14.000000000 +0200
+++ ettercap-0.8.2/debian/patches/803.patch	2017-06-08 14:21:18.000000000 +0200
@@ -8,37 +8,37 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 Index: ettercap-0.8.2/CMakeLists.txt
-===================================================================
---- ettercap-0.8.2.orig/CMakeLists.txt
-+++ ettercap-0.8.2/CMakeLists.txt
-@@ -125,7 +125,27 @@
-   # library dir path in our RPATH.
-   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
- endif(NOT DISABLE_RPATH)
-+
-+# set general build flags for debug build-type
- set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
-+# append ASAN build flags if compiler version has support
-+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (GNU compiler)")
-+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      message("Building without ASAN support (GNU compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (Clang compiler)")
-+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      message("Building without ASAN support (Clang compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+
-+# set build flags for release build-type
- set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
- 
- if(OS_DARWIN)
+#===================================================================
+#--- ettercap-0.8.2.orig/CMakeLists.txt
+#+++ ettercap-0.8.2/CMakeLists.txt
+#@@ -125,7 +125,27 @@
+# 8  # library dir path in our RPATH.
+#   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+# endif(NOT DISABLE_RPATH)
+#+
+#+# set general build flags for debug build-type
+# set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
+#+# append ASAN build flags if compiler version has support
+#+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (GNU compiler)")
+#+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      message("Building without ASAN support (GNU compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (Clang compiler)")
+#+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      message("Building without ASAN support (Clang compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+
+#+# set build flags for release build-type
+# set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+# 
+# if(OS_DARWIN)
 Index: ettercap-0.8.2/include/ec_strings.h
 ===================================================================
 --- ettercap-0.8.2.orig/include/ec_strings.h

diff -Nru ettercap-0.8.2/debian/changelog ettercap-0.8.2/debian/changelog
--- ettercap-0.8.2/debian/changelog	2017-06-04 09:27:11.000000000 +0200
+++ ettercap-0.8.2/debian/changelog	2017-06-08 14:20:58.000000000 +0200
@@ -1,3 +1,10 @@
+ettercap (1:0.8.2-6) unstable; urgency=medium
+
+  * Tweak 803.patch, disable asan.
+    (it is not intended for production) 
+
+ -- Gianfranco Costamagna <locutusofborg@debian.org>  Thu, 08 Jun 2017 14:20:29 +0200
+
 ettercap (1:0.8.2-5) unstable; urgency=high
 
   [ Alexander Koeppe ]
diff -Nru ettercap-0.8.2/debian/patches/803.patch ettercap-0.8.2/debian/patches/803.patch
--- ettercap-0.8.2/debian/patches/803.patch	2017-06-04 09:25:14.000000000 +0200
+++ ettercap-0.8.2/debian/patches/803.patch	2017-06-08 14:21:18.000000000 +0200
@@ -8,37 +8,37 @@
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 Index: ettercap-0.8.2/CMakeLists.txt
-===================================================================
---- ettercap-0.8.2.orig/CMakeLists.txt
-+++ ettercap-0.8.2/CMakeLists.txt
-@@ -125,7 +125,27 @@
-   # library dir path in our RPATH.
-   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
- endif(NOT DISABLE_RPATH)
-+
-+# set general build flags for debug build-type
- set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
-+# append ASAN build flags if compiler version has support
-+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (GNU compiler)")
-+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+      message("Building without ASAN support (GNU compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
-+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
-+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
-+      message("Building with ASAN support (Clang compiler)")
-+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+      message("Building without ASAN support (Clang compiler)")
-+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
-+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
-+
-+# set build flags for release build-type
- set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
- 
- if(OS_DARWIN)
+#===================================================================
+#--- ettercap-0.8.2.orig/CMakeLists.txt
+#+++ ettercap-0.8.2/CMakeLists.txt
+#@@ -125,7 +125,27 @@
+# 8  # library dir path in our RPATH.
+#   set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+# endif(NOT DISABLE_RPATH)
+#+
+#+# set general build flags for debug build-type
+# set(CMAKE_C_FLAGS_DEBUG "-O0 -ggdb3 -DDEBUG -Wall -Wno-pointer-sign -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -Wextra -Wredundant-decls" CACHE STRING "" FORCE)
+#+# append ASAN build flags if compiler version has support
+#+if ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (GNU compiler)")
+#+   else (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+      message("Building without ASAN support (GNU compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.8)
+#+elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
+#+   if (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fsanitize=address -fno-omit-frame-pointer" CACHE STRING "" FORCE)
+#+      message("Building with ASAN support (Clang compiler)")
+#+   elseif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+      message("Building without ASAN support (Clang compiler)")
+#+   endif (CMAKE_C_COMPILER_VERSION VERSION_GREATER 3.1)
+#+endif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
+#+
+#+# set build flags for release build-type
+# set(CMAKE_C_FLAGS_RELEASE "-O2 -w -D_FORTIFY_SOURCE=2" CACHE STRING "" FORCE)
+# 
+# if(OS_DARWIN)
 Index: ettercap-0.8.2/include/ec_strings.h
 ===================================================================
 --- ettercap-0.8.2.orig/include/ec_strings.h

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#864419: marked as done (unblock: ettercap/1:0.8.2-6)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Preparation for d-i RC5?
Next by Date: Bug#864427: pu: package irssi/1.0.2-1+deb9u1
Previous by thread: Re: mariadb-10.1_10.1.23-9+deb9u1_source.changes REJECTED
Next by thread: Bug#864419: marked as done (unblock: ettercap/1:0.8.2-6)
Index(es):
- Date
- Thread