Package: libnids1.21 Version: 1.23-2 Control: affects -1 + dsniff At least on armhf (on both Debian Unstable as well as on Raspbian Jessie), libnids1.21 can't assemble TCP streams correctly. This affects software relying on libnids, such as dsniff.
Compiling the library myself, I could reproduce that gcc's strict aliasing assumptions don't hold for this code. Turning off optimizations relying on strict aliasing fixed the issue for me. The compiler flag is -fno-strict-aliasing. My proposal would be to add this flag, as the library itself is mostly unmaintained. Steps to reproduce: - Run dsniff (which is based on libnids; package maintainers Cc'ed) - curl -v --basic --user foo:bar http://neverssl.com/ Expected results: - dsniff should report the observed credentials Observed results: - dsniff returns nothing
signature.asc
Description: PGP signature