tags 738460 + pending
tags 740947 + pending
thanks
Dear maintainer,
I've prepared an NMU for macchanger (versioned as 1.7.0-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.
This is Theodore Ts'o's diff, with minor corrections to the changelog entry.
Regards,
Tim Retout
diff -Nru macchanger-1.7.0/debian/changelog macchanger-1.7.0/debian/changelog
--- macchanger-1.7.0/debian/changelog 2014-02-01 17:20:44.000000000 +0000
+++ macchanger-1.7.0/debian/changelog 2014-07-29 22:49:57.000000000 +0100
@@ -1,3 +1,13 @@
+macchanger (1.7.0-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix a grave security bug -- the macchanger program was fundamentally
+ not working correctly due to a bug in the debian local patch
+ 08-fix_random_MAC_choice.patch. In fact, it was **breaking** the
+ random MAC choice!?! (Closes: #738460, #740947)
+
+ -- Theodore Y. Ts'o <ty...@mit.edu> Sun, 06 Jul 2014 20:32:38 -0400
+
macchanger (1.7.0-1) unstable; urgency=medium
* New upstream release (Closes: #718849)
diff -Nru macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch
macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch
--- macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch
2014-02-01 17:20:44.000000000 +0000
+++ macchanger-1.7.0/debian/patches/08-fix_random_MAC_choice.patch
2014-07-29 22:49:36.000000000 +0100
@@ -12,6 +12,8 @@
src/main.c | 1 +
2 files changed, 34 insertions(+), 19 deletions(-)
+Index: macchanger/src/mac.c
+===================================================================
--- macchanger.orig/src/mac.c
+++ macchanger/src/mac.c
@@ -41,6 +41,13 @@ mc_mac_dup (const mac_t *mac)
@@ -28,7 +30,7 @@
void
mc_mac_free (mac_t *mac)
-@@ -68,27 +75,34 @@ mc_mac_random (mac_t *mac, unsigned char
+@@ -68,27 +75,32 @@ mc_mac_random (mac_t *mac, unsigned char
* x1:, x3:, x5:, x7:, x9:, xB:, xD: and xF:
*/
@@ -36,9 +38,25 @@
- case 6:
- /* 8th bit: Unicast / Multicast address
- * 7th bit: BIA (burned-in-address) / locally-administered
-+ mac_t newmac;
-+ mc_mac_copy(mac, &newmac);
-+
+- */
+- mac->byte[0] = (random()%255) & 0xFC;
+- mac->byte[1] = random()%255;
+- mac->byte[2] = random()%255;
+- case 3:
+- mac->byte[3] = random()%255;
+- mac->byte[4] = random()%255;
+- mac->byte[5] = random()%255;
+- }
++ mac_t origmac;
++ mc_mac_copy(mac, &origmac);
+
+- /* Handle the burned-in-address bit
+- */
+- if (set_bia) {
+- mac->byte[0] &= ~2;
+- } else {
+- mac->byte[0] |= 2;
+- }
+ do {
+ switch (last_n_bytes) {
+ case 6:
@@ -55,33 +73,18 @@
+ }
+
+ /* Handle the burned-in-address bit
- */
-- mac->byte[0] = (random()%255) & 0xFC;
-- mac->byte[1] = random()%255;
-- mac->byte[2] = random()%255;
-- case 3:
-- mac->byte[3] = random()%255;
-- mac->byte[4] = random()%255;
-- mac->byte[5] = random()%255;
-- }
++ */
+ if (set_bia) {
+ mac->byte[0] &= ~2;
+ } else {
+ mac->byte[0] |= 2;
+ }
-+ } while (mc_mac_equal (&newmac, mac));
-
-- /* Handle the burned-in-address bit
-- */
-- if (set_bia) {
-- mac->byte[0] &= ~2;
-- } else {
-- mac->byte[0] |= 2;
-- }
-+ mc_mac_copy(&newmac, mac);
++ } while (mc_mac_equal (&origmac, mac));
}
+Index: macchanger/src/main.c
+===================================================================
--- macchanger.orig/src/main.c
+++ macchanger/src/main.c
@@ -274,6 +274,7 @@ main (int argc, char *argv[])
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
