Bug 637402 (sqlninja)
Summary: | Review Request: sqlninja - A tool for SQL server injection and takeover | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Arun S A G <sagarun> |
Component: | Package Review | Assignee: | Hicham HAOUARI <hicham.haouari> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dmalcolm, drjohnson1, fedora-package-review, hicham.haouari, mail, maurizio.antillon, notting, pahan, rebus, rfontana, tcallawa |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | Flags: | hicham.haouari:
fedora-review+
gwync: fedora-cvs+ |
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sqlninja-0.2.6-0.2.rc2.fc16 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-09-25 03:31:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 573848 | ||
Bug Blocks: | 563471 |
Description
Arun S A G
2010-09-25 14:31:27 UTC
As per our discussion on IRC, I will look If the binary can be built on Fedora. Otherwise, I don't think we can ship them. Now binaries are no longer included. Spec URL: http://sagarun.fedorapeople.org/SPECS/sqlninja.spec SRPM URL: http://sagarun.fedorapeople.org/SRPMS/sqlninja-0.2.5-2.fc13.src.rpm Ok , i removed all the binary files. What about including text files in http://sqlninja.svn.sourceforge.net/viewvc/sqlninja/scripts/ ? Any clues? Is it allowed to include those *.scr files? I would like to have Fedora Legal point of view on this before starting a review. Maybe we should cc spot. (In reply to comment #4) > I would like to have Fedora Legal point of view on this before starting a > review. Maybe we should cc spot. Yes. Please do. How long it takes for Fedora-Legal folks to respond? ping. No answer from FE-LEGAL yet. See https://fedoraproject.org/wiki/Meeting:Board_meeting_2010-11-08#Basic_Information_2 for reference. "# We won't allow the SQLninja package to be added to Fedora. (unanimous) " (In reply to comment #8) > See > https://fedoraproject.org/wiki/Meeting:Board_meeting_2010-11-08#Basic_Information_2 > for reference. > > "# We won't allow the SQLninja package to be added to Fedora. (unanimous) " Ok. Reopening, as it is likely that the board will consider this again. Upon further review, the Legal block on sqlninja is lifted. Thank you spot, I will review this package ASAP @Arun, Did you try to build the winodws binaries using mingw ? hmm, Churrasco binary depends on DTC stuff which can't be shipped in fedora. @Arun, The software would be still useful without the binaries ? (In reply to comment #15) > @Arun, > > The software would be still useful without the binaries ? Yes! The software supports multiple modes, one of the mode is upload mode. Binaries are required for only upload mode. If the user wants to use upload mode, he can manually download these binaries. Also please look into the scripts directory, the files under the scripts directory qualify as a binary? (In reply to comment #16) > (In reply to comment #15) > > @Arun, > > > > The software would be still useful without the binaries ? > > Yes! The software supports multiple modes, one of the mode is upload mode. > Binaries are required for only upload mode. If the user wants to use upload > mode, he can manually download these binaries. > > Also please look into the scripts directory, the files under the scripts > directory qualify as a binary? Of course not. I am not sure if the tarball needs to be cleaned up from the binaries though, I will look more into that. * BuildRoot and %clean are no longer needed unless you want use the spec in EPEL * %{_sysconfdir}/%{name}.conf is listed twice * License is GPLv2+ * Only Churrasco source have unclear license, so we need to ship a cleaned up tarball * The other two binaries can be built on Fedora, and thus can be shipped, I will help with that if needed Hi Hicham, I reviewed this package. 1. There seems to be a mismatch in fsf address, i have asked the upstream to fix that https://sourceforge.net/tracker/?func=detail&aid=3351225&group_id=152677&atid=785062 2. I don't see source code for nc.exe (netcat). How are you planning on to cross compile the payloads? mingw32? Updated to 0.2.6-rc1 SPEC : http://sagarun.fedorapeople.org/SPECS/sqlninja.spec SRPM : http://sagarun.fedorapeople.org/SRPMS/sqlninja-0.2.6-0.1.rc1.fc15.src.rpm (In reply to comment #19) > Hi Hicham, > > I reviewed this package. > > 1. There seems to be a mismatch in fsf address, i have asked the upstream to > fix that > https://sourceforge.net/tracker/?func=detail&aid=3351225&group_id=152677&atid=785062 > > 2. I don't see source code for nc.exe (netcat). > > How are you planning on to cross compile the payloads? mingw32? Yes, and it will be a separate package ping? (In reply to comment #22) > ping? The spec looks fine. So it is APPROVED New Package SCM Request ======================= Package Name: sqlninja Short Description: A tool for SQL server injection and takeover Owners: sagarun Branches: F-14 F-15 F-16 InitialCC: shakthimaan Git done (by process-git-requests). sqlninja-0.2.6-0.2.rc2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/sqlninja-0.2.6-0.2.rc2.fc14 sqlninja-0.2.6-0.2.rc2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/sqlninja-0.2.6-0.2.rc2.fc15 sqlninja-0.2.6-0.2.rc2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/sqlninja-0.2.6-0.2.rc2.fc16 sqlninja-0.2.6-0.2.rc2.fc16 has been pushed to the Fedora 16 testing repository. sqlninja-0.2.6-0.2.rc2.fc14 has been pushed to the Fedora 14 stable repository. sqlninja-0.2.6-0.2.rc2.fc15 has been pushed to the Fedora 15 stable repository. sqlninja-0.2.6-0.2.rc2.fc16 has been pushed to the Fedora 16 stable repository. Package Change Request ====================== Package Name: sqlninja New Branches: el6 epel7 Owners: fab InitialCC: Git done (by process-git-requests). |