a new version is available. it fixes a security bug. upgrade is strongly
encouraged. please create an ebuild for 0.7.3 and mark it available to anyone.
Steps to Reproduce:
Hmm, but they failed to say anything about the serious bug...
+ added the INC (+=) and DEC (-=) operators to the filter engine
!! fixed the compilation of some plugins
!! fixed a segfault in the isolate plugin
!! fixed a bug in the dhcp spoofing module
!! fixed a serious security bug
there was a format bug vulnerabilty in the curses gui.
Jon please verify and bump as needed. Does it run as root?
jaervosz: probably not SUID root but still runs as root very often to perform
dirty tricks like spoofing ARP packets.
netmon: squinky86 is apparently inactive, please bump
I've added ettercap 0.7.3 however it still contains a text location that will
cause problems with people in a hardened profile. scanelf (from
cvs:gentoo-projects/paxutils) was used to determine this. I've been caught up
completing an assignment for the next few days.
if someone can look at this and provide an approprate patch I'd appreciate it.
I suspect its a missing -fPIC option when compiling a shared library. All
the .so plugins are clear of text relocations. Its just /usr/bin/ettercap that
had the TEXTREL.
hardened: could you please help wrt comment #5 ? We don't want to stable-ize
something that will break under your profiles :)
Thanks koon I'm merging the depends now. I'll report back shortly
net-analyzer/ettercap-0.7.3 with -debug +gtk +ssl +ncurses is clean for me.
Compiles and runs with full memory protections enabled.
I think the problem is with another library on Daniel Black's box.
I'll work with him on irc to track that down.
So no objections from hardened. Please mark stable and release the GLSA
when your ready.
Target KEYWORDS="x86 ~amd64 sparc ppc hppa alpha"
Arches, please test and mark stable
stable on alpha
Stable on hppa
x86 stable. dependancy changed to libnet-184.108.40.206-r1 due to pic issues.
Ready for GLSA