Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: unblock
Please unblock package dsniff in order to fix its five grave bugs
Dear release team,
dsniff is to be removed from testing due to five grave bugs
affecting several of its tools:
#715646 [G|P| ] arpspoof crashes with exit status 139
#716355 [G|P| ] sshmitm crashes with exit status 139
#716457 [G|P| ] webmitm crashes with exit status 139
#716458 [G|P| ] webspy crashes with exit status 139
#855869 [G|P| ] segfaults on portmapper messages
All of them would get fixed with these patches
+ 29_libnet_name2addr4.patch
+ 30_pntohl_shift.patch
+ 31_sysconf_clocks.patch
+ 32_rpc_segfault.patch
They are already implemented time ago in Fedora.
Also i would like to implement some minor changes:
* Add -g compiler flag
Avoid creating an empty dbgsym package.
* Pass triplet-prefixed CC to configure.
Closes a minor bug avoiding FTBFS in some archs.
* Add 33_sshcrypto_DES.patch
Replacing all des_ methods and structs with DES_ equivalents.
Already implemented in OpenBSD
* Polish, reorder and refresh patches.
Just a cosmetic change.
Thanks for your time and effort to get release stretch!
You can see the full changes in the diff file attached.
Cheers,
Marcos
unblock dsniff/2.4b1+debian-24
-- System Information:
Debian Release: 9.0
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru dsniff-2.4b1+debian/debian/changelog
dsniff-2.4b1+debian/debian/changelog
--- dsniff-2.4b1+debian/debian/changelog2016-12-20 22:40:25.0
+0100
+++ dsniff-2.4b1+debian/debian/changelog2017-02-15 23:42:16.0
+0100
@@ -1,3 +1,19 @@
+dsniff (2.4b1+debian-24) UNRELEASED; urgency=medium
+
+ * Add -g compiler flag.
+ * Fix FTCBFS: Pass triplet-prefixed CC to configure.
+Thanks to Helmut Grohne (Closes: #852360).
+ * Add four patches from Fedora:
+(Closes: #715646, #716355, #716457, #716458)
++ 29_libnet_name2addr4.patch
++ 30_pntohl_shift.patch
++ 31_sysconf_clocks.patch
++ 32_rpc_segfault.patch (Closes: #855869)
+ * Polish, reorder and refresh patches.
+ * Add 33_sshcrypto_DES.patch
+
+ -- Marcos Fouces Wed, 15 Feb 2017 23:42:16 +0100
+
dsniff (2.4b1+debian-23) unstable; urgency=medium
* Assign to pkg-security team (Closes: #847505)
diff -Nru dsniff-2.4b1+debian/debian/copyright
dsniff-2.4b1+debian/debian/copyright
--- dsniff-2.4b1+debian/debian/copyright2016-12-20 22:39:02.0
+0100
+++ dsniff-2.4b1+debian/debian/copyright2017-02-15 23:42:16.0
+0100
@@ -7,7 +7,7 @@
License: BSD-3-Clause
Files: debian/*
-Copyright: 2016 Marcos Fouces
+Copyright: 2016-2017 Marcos Fouces
2013 Andrew Shadura
2011-2012 William Vera
2011 Ondřej Surý
diff -Nru
dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch
dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch
---
dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch
2016-12-20 22:39:02.0 +0100
+++
dsniff-2.4b1+debian/debian/patches/0001-arpspoof-add-r-switch-to-poison-both-directions.patch
1970-01-01 01:00:00.0 +0100
@@ -1,174 +0,0 @@
->From 8fbf0ac15e5fe2df427e3e028f9aa8d96788986a Mon Sep 17 00:00:00 2001
-From: Stefan Tomanek
-Date: Sun, 6 Nov 2011 22:44:54 +0100
-Subject: [PATCH 1/3] arpspoof: add -r switch to poison both directions
-
-
-Signed-off-by: Stefan Tomanek
- arpspoof.8 |5 -
- arpspoof.c | 59 +++
- 2 files changed, 51 insertions(+), 13 deletions(-)
-
-diff --git a/arpspoof.8 b/arpspoof.8
-index a05b5d3..544e06c 100644
a/arpspoof.8
-+++ b/arpspoof.8
-@@ -9,7 +9,7 @@ intercept packets on a switched LAN
- .na
- .nf
- .fi
--\fBarpspoof\fR [\fB-i \fIinterface\fR] [\fB-t \fItarget\fR] \fIhost\fR
-+\fBarpspoof\fR [\fB\-i \fIinterface\fR] [\fB\-t \fItarget\fR] [\fB\-r\fR]
\fIhost\fR
- .SH DESCRIPTION
- .ad
- .fi
-@@ -26,6 +26,9 @@ Specify the interface to use.
- .IP "\fB-t \fItarget\fR"
- Specify a particular host to ARP poison (if not specified, all hosts
- on the LAN).
-+.IP "\fB\-r\fR"
-+Poison both hosts (host and target) to capture traffic in both directions.
-+(only valid in conjuntion with \-t)
- .IP \fIhost\fR
- Specify the host you wish to intercept packets for (usually the local
-