* Marcos Fouces: > I pushed a "debian/stretch" branch [1] to the repo without all > changes i've made so far bug the patch that fixes this bug. > > It is still posible to get sniff in shape for stretch? If so, could > you sponsor it or tell me what else to do?
I had a look into your commits after I had adjusted the severity of #855869 and it seems to me that all those fixes may as well be part of Stretch which would make the separate branch unnecessary: In my opinion, the bugs reported by the Mayhem project (#715646, #716355, #716457, #716458) should be classified as grave, for the same reason. Another question is: Should Debian still be distributing dsniff at all? The software hasn't seen any upstream development in 16 years and has been kept on life-support in Linux distros only by piling on patch after patch. Over the years various people, myself included, have found crashes and hangs while using the dsniff tools with real-world data and sometimes they have even tried to fix those problems. The people from th eMayhem project seems to have been the first who have applied automated fuzzing to this code base and I am confident that one could find more crashes or hangs if one used AFL or similar tools. I would not recommend that users run any of the dsniff tools anywhere but in lab environments. If I had any need for one of the dsniff tools today, rewriting them in another language, for example Go and golang-github-google-gopacket-dev, would seem like a good idea. Cheers, -Hilko
