Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-12-20 Thread Gianfranco Costamagna 
Hi,

>And nobody in your team can to? Then use a RFS and 
>,

>they are pretty fast, assuming the packaging is in a sane condition.


sure, we just need somebody pinging us :p
Sponsored in deferred/1 with some little additional changelog fixes, git pushed
and tag pushed.


I would appreciate the git repo created with something like:
gbp import-dscs --debsnap git-import-dsc --pristine-tar dsniff

thanks,
G.

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-12-20 Thread Christoph Biedl 
Marcos Fouces wrote...

> A new revision of the package is hosted at pkg-security team. I did some
> improvements (i also add your patch) and the package is hopefully ready for
> upload. Just need a sponsor.

And nobody in your team can to? Then use a RFS and 
,
they are pretty fast, assuming the packaging is in a sane condition.

Christoph


signature.asc
Description: Digital signature

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-12-20 Thread Marcos Fouces 
A new revision of the package is hosted at pkg-security team. I did some 
improvements (i also add your patch) and the package is hopefully ready 
for upload. Just need a sponsor.


Check it here:

https://anonscm.debian.org/cgit/pkg-security/dsniff.git/

Cheers,

Marcos


El 20/12/16 a las 15:37, Christoph Biedl escribió:

Christoph Biedl wrote...


Adrian Bunk wrote...


Can you make an NMU with your patch
(or by changing it to libssl1.0-dev)?

Can even, even upon short notice. However, dsniff got a new maintainer
(#847505), included.

This probably didn't work due to a local error, sorry.


Marcos, do you want to take over? Personally, I'd
switch to libssl1.0-dev, it's less intrusive and the package needs a
lot of love anyway - which can wait until the stretch release.

Marcos, I suggest to take over. That was also the opportunity to
update the maintainer field so it will be correct for stretch.

Adrian, find a debdiff attached, using the libssl1.0-dev package. I'd
suggest to upload to delayed+2, so Marcos has some time to react. The
frame is small I admit but time's almost up, and it's just to get dsniff
into stretch, nothing else.

All the best,

 Christoph

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-12-20 Thread Christoph Biedl 
Christoph Biedl wrote...

> Adrian Bunk wrote...
> 
> > Can you make an NMU with your patch
> > (or by changing it to libssl1.0-dev)?
> 
> Can even, even upon short notice. However, dsniff got a new maintainer
> (#847505), included.

This probably didn't work due to a local error, sorry.

> Marcos, do you want to take over? Personally, I'd
> switch to libssl1.0-dev, it's less intrusive and the package needs a
> lot of love anyway - which can wait until the stretch release.

Marcos, I suggest to take over. That was also the opportunity to
update the maintainer field so it will be correct for stretch.

Adrian, find a debdiff attached, using the libssl1.0-dev package. I'd
suggest to upload to delayed+2, so Marcos has some time to react. The
frame is small I admit but time's almost up, and it's just to get dsniff
into stretch, nothing else.

All the best,

Christoph
diff -Nru dsniff-2.4b1+debian/debian/changelog 
dsniff-2.4b1+debian/debian/changelog
--- dsniff-2.4b1+debian/debian/changelog2013-11-30 21:30:52.0 
+0100
+++ dsniff-2.4b1+debian/debian/changelog2016-12-20 15:27:08.0 
+0100
@@ -1,3 +1,10 @@
+dsniff (2.4b1+debian-22.2) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * Use OpenSSL compability library. Closes: #828287
+
+ -- Christoph Biedl   Tue, 20 Dec 2016 
15:27:08 +0100
+
 dsniff (2.4b1+debian-22.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -Nru dsniff-2.4b1+debian/debian/control dsniff-2.4b1+debian/debian/control
--- dsniff-2.4b1+debian/debian/control  2012-03-07 05:43:17.0 +0100
+++ dsniff-2.4b1+debian/debian/control  2016-12-20 15:24:17.0 +0100
@@ -3,7 +3,7 @@
 Priority: extra
 Maintainer: William Vera 
 Standards-Version: 3.9.3
-Build-Depends: libdb-dev (>= 4.7), libpcap0.8-dev, libnids-dev, libssl-dev, 
libxmu-dev, libnet1-dev, debhelper (>= 8.0.0)
+Build-Depends: libdb-dev (>= 4.7), libpcap0.8-dev, libnids-dev, libssl1.0-dev, 
libxmu-dev, libnet1-dev, debhelper (>= 8.0.0)
 Homepage: http://www.monkey.org/~dugsong/dsniff/
 
 Package: dsniff


signature.asc
Description: Digital signature

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-12-19 Thread Adrian Bunk 
On Mon, Nov 07, 2016 at 10:24:34PM +0100, Christoph Biedl wrote:
> Sandro Tosi wrote...
> 
> > Hello Dug,
> > in Debian we started the transition to OpenSSL 1.1.0: do you have any
> > plan to port dsniff to that version?
> 
> Since I have some interest in keeping dsniff in Debian, I spent some
> time on that bug.
> 
> The patch attached:
> - replaces the access to struct elements with getter usage.
> - disables 3des as it's no longer supported by OpenSSL.
> 
> It's pretty much untested and could also take a review.

Can you make an NMU with your patch
(or by changing it to libssl1.0-dev)?

> Christoph

Thanks
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-11-07 Thread Christoph Biedl 
Christoph Biedl wrote...

> The patch attached:

Now really attached.
diff --git a/ssh.c b/ssh.c
index bb73ff3..ee6cb58 100644
--- a/ssh.c
+++ b/ssh.c
@@ -234,6 +234,8 @@ SSH_accept(SSH *ssh)
 	u_char *p, cipher, cookie[8], msg[1024];
 	u_int32_t num;
 	int i;
+	const BIGNUM *servkey_e, *servkey_n;
+	const BIGNUM *hostkey_e, *hostkey_n;
 
 	/* Generate anti-spoofing cookie. */
 	RAND_bytes(cookie, sizeof(cookie));
@@ -243,11 +245,13 @@ SSH_accept(SSH *ssh)
 	*p++ = SSH_SMSG_PUBLIC_KEY;			/* type */
 	memcpy(p, cookie, 8); p += 8;			/* cookie */
 	num = 768; PUTLONG(num, p);			/* servkey bits */
-	put_bn(ssh->ctx->servkey->e, );		/* servkey exponent */
-	put_bn(ssh->ctx->servkey->n, );		/* servkey modulus */
+	RSA_get0_key(ssh->ctx->servkey, _n, _e, NULL);
+	put_bn(servkey_e, );		/* servkey exponent */
+	put_bn(servkey_n, );		/* servkey modulus */
 	num = 1024; PUTLONG(num, p);			/* hostkey bits */
-	put_bn(ssh->ctx->hostkey->e, );		/* hostkey exponent */
-	put_bn(ssh->ctx->hostkey->n, );		/* hostkey modulus */
+	RSA_get0_key(ssh->ctx->hostkey, _n, _e, NULL);
+	put_bn(hostkey_e, );		/* hostkey exponent */
+	put_bn(hostkey_n, );		/* hostkey modulus */
 	num = 0; PUTLONG(num, p);			/* protocol flags */
 	num = ssh->ctx->encmask; PUTLONG(num, p);	/* ciphers */
 	num = ssh->ctx->authmask; PUTLONG(num, p);	/* authmask */
@@ -298,7 +302,7 @@ SSH_accept(SSH *ssh)
 	SKIP(p, i, 4);
 
 	/* Decrypt session key. */
-	if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
+	if (BN_cmp(servkey_n, hostkey_n) > 0) {
 		rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
 		rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
 	}
@@ -318,8 +322,8 @@ SSH_accept(SSH *ssh)
 	BN_clear_free(enckey);
 
 	/* Derive real session key using session id. */
-	if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
-ssh->ctx->servkey->n)) == NULL) {
+	if ((p = ssh_session_id(cookie, hostkey_n,
+servkey_n)) == NULL) {
 		warn("ssh_session_id");
 		return (-1);
 	}
@@ -328,10 +332,8 @@ SSH_accept(SSH *ssh)
 	}
 	/* Set cipher. */
 	if (cipher == SSH_CIPHER_3DES) {
-		ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->encrypt = des3_encrypt;
-		ssh->decrypt = des3_decrypt;
+		warnx("cipher 3des no longer supported");
+		return (-1);
 	}
 	else if (cipher == SSH_CIPHER_BLOWFISH) {
 		ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
@@ -357,6 +359,8 @@ SSH_connect(SSH *ssh)
 	u_char *p, cipher, cookie[8], msg[1024];
 	u_int32_t num;
 	int i;
+	BIGNUM *servkey_n, *servkey_e;
+	BIGNUM *hostkey_n, *hostkey_e;
 
 	/* Get public key. */
 	if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
@@ -379,21 +383,23 @@ SSH_connect(SSH *ssh)
 
 	/* Get servkey. */
 	ssh->ctx->servkey = RSA_new();
-	ssh->ctx->servkey->n = BN_new();
-	ssh->ctx->servkey->e = BN_new();
+	servkey_n = BN_new();
+	servkey_e = BN_new();
+	RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
 
 	SKIP(p, i, 4);
-	get_bn(ssh->ctx->servkey->e, , );
-	get_bn(ssh->ctx->servkey->n, , );
+	get_bn(servkey_e, , );
+	get_bn(servkey_n, , );
 
 	/* Get hostkey. */
 	ssh->ctx->hostkey = RSA_new();
-	ssh->ctx->hostkey->n = BN_new();
-	ssh->ctx->hostkey->e = BN_new();
+	hostkey_n = BN_new();
+	hostkey_e = BN_new();
+	RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
 
 	SKIP(p, i, 4);
-	get_bn(ssh->ctx->hostkey->e, , );
-	get_bn(ssh->ctx->hostkey->n, , );
+	get_bn(hostkey_e, , );
+	get_bn(hostkey_n, , );
 
 	/* Get cipher, auth masks. */
 	SKIP(p, i, 4);
@@ -405,8 +411,8 @@ SSH_connect(SSH *ssh)
 	RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
 
 	/* Obfuscate with session id. */
-	if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
-ssh->ctx->servkey->n)) == NULL) {
+	if ((p = ssh_session_id(cookie, hostkey_n,
+servkey_n)) == NULL) {
 		warn("ssh_session_id");
 		return (-1);
 	}
@@ -422,7 +428,7 @@ SSH_connect(SSH *ssh)
 		else BN_add_word(bn, ssh->sesskey[i]);
 	}
 	/* Encrypt session key. */
-	if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
+	if (BN_cmp(servkey_n, hostkey_n) < 0) {
 		rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
 		rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
 	}
@@ -470,10 +476,8 @@ SSH_connect(SSH *ssh)
 		ssh->decrypt = blowfish_decrypt;
 	}
 	else if (cipher == SSH_CIPHER_3DES) {
-		ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
-		ssh->encrypt = des3_encrypt;
-		ssh->decrypt = des3_decrypt;
+		warnx("cipher 3des no longer supported");
+		return (-1);
 	}
 	/* Get server response. */
 	if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
diff --git a/sshcrypto.c b/sshcrypto.c
index 09a04e7..f66202d 100644
--- a/sshcrypto.c
+++ b/sshcrypto.c
@@ -28,10 +28,12 @@ struct blowfish_state {
 	u_char			iv[8];
 };
 
+#if 0
 struct des3_state {
 	des_key_schedule	k1, k2, k3;
 	des_cblock		iv1, iv2, iv3;
 };
+#endif
 
 void

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-11-07 Thread Christoph Biedl 
Sandro Tosi wrote...

> Hello Dug,
> in Debian we started the transition to OpenSSL 1.1.0: do you have any
> plan to port dsniff to that version?

Since I have some interest in keeping dsniff in Debian, I spent some
time on that bug.

The patch attached:
- replaces the access to struct elements with getter usage.
- disables 3des as it's no longer supported by OpenSSL.

It's pretty much untested and could also take a review.

Christoph


signature.asc
Description: Digital signature

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-11-02 Thread Sandro Tosi 
Hello Dug,
in Debian we started the transition to OpenSSL 1.1.0: do you have any
plan to port dsniff to that version?

thanks!

On Sun, 26 Jun 2016 12:21:31 +0200 Kurt Roeckx  wrote:
> Source: dsniff
> Version: 2.4b1+debian-22.1
> Severity: important
> Control: block 827061 by -1
>
> Hi,
>
> OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
> OpenSSL this package fail to build.  A log of that build can be found at:
> https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/dsniff_2.4b1+debian-22.1_amd64-20160529-1415
>
> On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of 
> the
> reasons why it might fail.  There are also updated man pages at
> https://www.openssl.org/docs/manmaster/ that should contain useful 
> information.
>
> There is a libssl-dev package available in experimental that contains a recent
> snapshot, I suggest you try building against that to see if everything works.
>
> If you have problems making things work, feel free to contact us.

Bug#828287: dsniff: FTBFS with openssl 1.1.0

2016-06-26 Thread Kurt Roeckx 
Source: dsniff
Version: 2.4b1+debian-22.1
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/dsniff_2.4b1+debian-22.1_amd64-20160529-1415

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt