diff --git a/dsniff-2.4-openssl_110.patch b/dsniff-2.4-openssl_110.patch new file mode 100644 index 0000000..62f9ae3 --- /dev/null +++ b/dsniff-2.4-openssl_110.patch @@ -0,0 +1,243 @@ +Patch by Christoph Biedl for dsniff >= +2.4b1, which fixes building with OpenSSL 1.1.0. Adapted for compatibility +with older OpenSSL versions by Robert Scheck . + +--- dsniff-2.4/ssh.c 2017-02-11 22:31:54.705269813 +0100 ++++ dsniff-2.4/ssh.c.openssl_110 2017-02-11 22:45:31.193447230 +0100 +@@ -234,6 +234,10 @@ + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *servkey_e, *servkey_n; ++ const BIGNUM *hostkey_e, *hostkey_n; ++#endif + + /* Generate anti-spoofing cookie. */ + RAND_bytes(cookie, sizeof(cookie)); +@@ -243,11 +247,23 @@ + *p++ = SSH_SMSG_PUBLIC_KEY; /* type */ + memcpy(p, cookie, 8); p += 8; /* cookie */ + num = 768; PUTLONG(num, p); /* servkey bits */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL); ++ put_bn(servkey_e, &p); /* servkey exponent */ ++ put_bn(servkey_n, &p); /* servkey modulus */ ++#else + put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */ + put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */ ++#endif + num = 1024; PUTLONG(num, p); /* hostkey bits */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL); ++ put_bn(hostkey_e, &p); /* hostkey exponent */ ++ put_bn(hostkey_n, &p); /* hostkey modulus */ ++#else + put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */ + put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */ ++#endif + num = 0; PUTLONG(num, p); /* protocol flags */ + num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */ + num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */ +@@ -298,7 +314,11 @@ + SKIP(p, i, 4); + + /* Decrypt session key. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if (BN_cmp(servkey_n, hostkey_n) > 0) { ++#else + if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) { ++#endif + rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey); + rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey); + } +@@ -318,8 +338,13 @@ + BN_clear_free(enckey); + + /* Derive real session key using session id. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { ++#else + if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, + ssh->ctx->servkey->n)) == NULL) { ++#endif + warn("ssh_session_id"); + return (-1); + } +@@ -328,10 +353,15 @@ + } + /* Set cipher. */ + if (cipher == SSH_CIPHER_3DES) { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ warnx("cipher 3des no longer supported"); ++ return (-1); ++#else + ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->encrypt = des3_encrypt; + ssh->decrypt = des3_decrypt; ++#endif + } + else if (cipher == SSH_CIPHER_BLOWFISH) { + ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey)); +@@ -357,6 +387,10 @@ + u_char *p, cipher, cookie[8], msg[1024]; + u_int32_t num; + int i; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ BIGNUM *servkey_n, *servkey_e; ++ BIGNUM *hostkey_n, *hostkey_e; ++#endif + + /* Get public key. */ + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { +@@ -379,21 +413,43 @@ + + /* Get servkey. */ + ssh->ctx->servkey = RSA_new(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ servkey_n = BN_new(); ++ servkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL); ++#else + ssh->ctx->servkey->n = BN_new(); + ssh->ctx->servkey->e = BN_new(); ++#endif + + SKIP(p, i, 4); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ get_bn(servkey_e, &p, &i); ++ get_bn(servkey_n, &p, &i); ++#else + get_bn(ssh->ctx->servkey->e, &p, &i); + get_bn(ssh->ctx->servkey->n, &p, &i); ++#endif + + /* Get hostkey. */ + ssh->ctx->hostkey = RSA_new(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ hostkey_n = BN_new(); ++ hostkey_e = BN_new(); ++ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL); ++#else + ssh->ctx->hostkey->n = BN_new(); + ssh->ctx->hostkey->e = BN_new(); ++#endif + + SKIP(p, i, 4); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ get_bn(hostkey_e, &p, &i); ++ get_bn(hostkey_n, &p, &i); ++#else + get_bn(ssh->ctx->hostkey->e, &p, &i); + get_bn(ssh->ctx->hostkey->n, &p, &i); ++#endif + + /* Get cipher, auth masks. */ + SKIP(p, i, 4); +@@ -405,8 +461,13 @@ + RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey)); + + /* Obfuscate with session id. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if ((p = ssh_session_id(cookie, hostkey_n, ++ servkey_n)) == NULL) { ++#else + if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n, + ssh->ctx->servkey->n)) == NULL) { ++#endif + warn("ssh_session_id"); + return (-1); + } +@@ -422,7 +483,11 @@ + else BN_add_word(bn, ssh->sesskey[i]); + } + /* Encrypt session key. */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if (BN_cmp(servkey_n, hostkey_n) < 0) { ++#else + if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) { ++#endif + rsa_public_encrypt(bn, bn, ssh->ctx->servkey); + rsa_public_encrypt(bn, bn, ssh->ctx->hostkey); + } +@@ -470,10 +535,15 @@ + ssh->decrypt = blowfish_decrypt; + } + else if (cipher == SSH_CIPHER_3DES) { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ warnx("cipher 3des no longer supported"); ++ return (-1); ++#else + ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey)); + ssh->encrypt = des3_encrypt; + ssh->decrypt = des3_decrypt; ++#endif + } + /* Get server response. */ + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) { +--- dsniff-2.4/sshcrypto.c 2017-02-11 22:31:54.688270184 +0100 ++++ dsniff-2.4/sshcrypto.c.openssl_110 2017-02-11 22:35:30.594555807 +0100 +@@ -28,10 +28,12 @@ + u_char iv[8]; + }; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + struct des3_state { + des_key_schedule k1, k2, k3; + des_cblock iv1, iv2, iv3; + }; ++#endif + + void + rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) +@@ -39,10 +41,20 @@ + u_char *inbuf, *outbuf; + int len, ilen, olen; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *n, *e; ++ RSA_get0_key(key, &n, &e, NULL); ++ if (BN_num_bits(e) < 2 || !BN_is_odd(e)) ++#else + if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) ++#endif + errx(1, "rsa_public_encrypt() exponent too small or not odd"); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ olen = BN_num_bytes(n); ++#else + olen = BN_num_bytes(key->n); ++#endif + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -71,7 +83,13 @@ + u_char *inbuf, *outbuf; + int len, ilen, olen; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *n; ++ RSA_get0_key(key, &n, NULL, NULL); ++ olen = BN_num_bytes(n); ++#else + olen = BN_num_bytes(key->n); ++#endif + outbuf = malloc(olen); + + ilen = BN_num_bytes(in); +@@ -146,6 +164,7 @@ + swap_bytes(dst, dst, len); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* XXX - SSH1's weirdo 3DES... */ + void * + des3_init(u_char *sesskey, int len) +@@ -194,3 +213,4 @@ + des_ncbc_encrypt(dst, dst, len, dstate->k2, &dstate->iv2, DES_ENCRYPT); + des_ncbc_encrypt(dst, dst, len, dstate->k1, &dstate->iv1, DES_DECRYPT); + } ++#endif diff --git a/dsniff-2.4-remote_typo.patch b/dsniff-2.4-remote_typo.patch new file mode 100644 index 0000000..fbc0a33 --- /dev/null +++ b/dsniff-2.4-remote_typo.patch @@ -0,0 +1,14 @@ +Patch by Marcos Fouces for dsniff >= 2.4b1, which fixes +a minor spelling error in source code. + +--- dsniff-2.4/remote.c 2000-11-14 16:51:04.000000000 +0100 ++++ dsniff-2.4/remote.c.remote_typo 2017-02-11 23:03:25.420064992 +0100 +@@ -652,7 +652,7 @@ + if (remote_command_count > 0) + { + fprintf (stderr, +- "%s: the `-id' option must preceed all `-remote' options.\n", ++ "%s: the `-id' option must precede all `-remote' options.\n", + progname); + usage (); + exit (-1); diff --git a/dsniff.spec b/dsniff.spec index a449427..9cd69d1 100644 --- a/dsniff.spec +++ b/dsniff.spec @@ -1,7 +1,7 @@ Summary: Tools for network auditing and penetration testing Name: dsniff Version: 2.4 -Release: 0.22.b1%{?dist} +Release: 0.23.b1%{?dist} License: BSD Group: Applications/Internet URL: http://www.monkey.org/~dugsong/%{name}/ @@ -36,6 +36,8 @@ Patch26: dsniff-2.4-modernize_pop.patch Patch27: dsniff-2.4-libnet_name2addr4.patch Patch28: dsniff-2.4-pntohl_shift.patch Patch29: dsniff-2.4-rpc_segfault.patch +Patch30: dsniff-2.4-openssl_110.patch +Patch31: dsniff-2.4-remote_typo.patch BuildRequires: libnet-devel, openssl-devel, libnids-devel, glib2-devel, %{_includedir}/pcap.h %if 0%{?rhel}%{?fedora} > 6 BuildRequires: libdb-devel @@ -92,6 +94,8 @@ by exploiting weak bindings in ad-hoc PKI. %patch27 -p1 -b .libnet_name2addr4 %patch28 -p1 -b .pntohl_shift %patch29 -p1 -b .rpc_segfault +%patch30 -p1 -b .openssl_110 +%patch31 -p1 -b .remote_typo %build %configure @@ -106,7 +110,9 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) -%doc CHANGES LICENSE README TODO +%{!?_licensedir:%global license %%doc} +%license LICENSE +%doc CHANGES README TODO %dir %{_sysconfdir}/%{name} %config(noreplace) %{_sysconfdir}/%{name}/* %{_sbindir}/arpspoof @@ -139,6 +145,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/webspy.8* %changelog +* Sat Feb 11 2017 Robert Scheck 2.4-0.23.b1 +- Added patch to allow building dsniff with OpenSSL >= 1.1.0 +- Added patch to correct a typo related to the -remote option + * Fri Feb 10 2017 Fedora Release Engineering - 2.4-0.22.b1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/sources b/sources index 087a59b..8e71415 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2f761fa3475682a7512b0b43568ee7d6 dsniff-2.4b1.tar.gz +SHA512 (dsniff-2.4b1.tar.gz) = 62dafab293de6dc3e9b01561b3627d63ca334467c01c3550a6318d8bcbe99d5a301ec16967af34065a14e8bca1c4b6a41da766cbd51ebd8338615b950c4f642f