Bug 1070171 (tlssled) - Review Request: tlssled - An evaluation tool for SSL/TLS (HTTPS) web server implementations
Summary: Review Request: tlssled - An evaluation tool for SSL/TLS (HTTPS) web server i...
Status: CLOSED CURRENTRELEASE
Alias: tlssled
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Christopher Meng
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FE-SECLAB
TreeView+ depends on / blocked
 
Reported: 2014-02-26 11:00 UTC by Fabian Affolter
Modified: 2014-09-11 15:23 UTC (History)
2 users (show)

Fixed In Version: tlssled-1.3-3.fc20, tlssled-1.3-3.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-26 14:10:24 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
i: fedora-review+
limburgher: fedora-cvs+


Attachments (Terms of Use)

Description Fabian Affolter 2014-02-26 11:00:45 UTC
Spec URL: http://fab.fedorapeople.org/packages/SRPMS/tlssled.spec
SRPM URL: http://fab.fedorapeople.org/packages/SRPMS/tlssled-1.3-1.fc20.src.rpm

Project URL: http://www.taddong.com/en/lab.html

Description:
TLSSLed is a Linux shell script whose purpose is to evaluate the security of
a target SSL/TLS (HTTPS) web server implementation. It is based on sslscan, a
thorough SSL/TLS scanner that is based on the openssl library, and on the
"openssl s_client" command line tool. The current tests include checking if
the target supports the SSLv2 protocol, the NULL cipher, weak ciphers based
on their key length (40 or 56 bits), the availability of strong ciphers
(like AES), if the digital certificate is MD5 signed, and the current SSL/TLS
renegotiation capabilities.

Koji scratch build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=6572387

rpmlint output:
[fab@laptop011 SRPMS]$ rpmlint tlssled-1.3-1.fc20.src.rpm 
tlssled.src: W: spelling-error %description -l en_US sslscan -> scantness
tlssled.src: W: spelling-error %description -l en_US openssl -> slope
1 packages and 0 specfiles checked; 0 errors, 2 warnings.

$ rpmlint tlssled-1.3-1.fc20.noarch.rpm 
tlssled.noarch: W: no-documentation
tlssled.noarch: W: no-manual-page-for-binary tlssled
1 packages and 0 specfiles checked; 0 errors, 2 warnings.

Fedora Account System Username: fab

Comment 1 Christopher Meng 2014-02-27 04:34:22 UTC
1. #!/usr/bin/env bash

I'm not sure if we need to hack it to /bin/bash or /bin/sh.

2. install with -p.

3. Mix using tab and space:


Requires:	sslscan
Requires:   openssl

Please unify.

------------------------------
Show me the fixed version and I will set +.


PACKAGE APPROVED.

Comment 2 Fabian Affolter 2014-02-27 09:55:54 UTC
Thanks for the review, Christopher.

(In reply to Christopher Meng from comment #1)
> 1. #!/usr/bin/env bash
> 
> I'm not sure if we need to hack it to /bin/bash or /bin/sh.

As far as I remember was this topic discussed 4-5 years ago. rpmbuild is picking env up so it will work.

> 2. install with -p.

fixed
 
> 3. Mix using tab and space:

fixed

Updated files:
Spec URL: http://fab.fedorapeople.org/packages/SRPMS/tlssled.spec
SRPM URL: http://fab.fedorapeople.org/packages/SRPMS/tlssled-1.3-2.fc20.src.rpm

Comment 3 Michael Schwendt 2014-02-27 11:03:16 UTC
There are mixed feelings about /usr/bin/env.

/usr/bin/env as the dependency is less correct than a strict dependency on /usr/bin/bash (being the bash provided by Fedora). And if someone puts "bash" in a customised $PATH before /usr/bin, this may break the program and/or even make it insecure in case it's a vulnerable old bash.

This also affects other script interpreters, see e.g.
http://fedoraproject.org/wiki/Features/SystemPythonExecutablesUseSystemPython

An old attempt at prohibiting /usr/bin/env in shebang:
https://fedoraproject.org/wiki/Script_Interpreters_%28draft%29

Comment 4 Christopher Meng 2014-02-27 14:44:26 UTC
So please use sed to replace the shebang line;

Also, these contain tabs still:

Name:		tlssled
Version:	1.3
Release:	2%{?dist}
Summary:	An evaluation tool for SSL/TLS (HTTPS) web server implementations

License:	GPLv3+
URL:		http://www.taddong.com/en/lab.html
Source:		http://www.taddong.com/tools/TLSSLed_v%{version}.sh
BuildArch:	noarch

Requires:   sslscan
Requires:   openssl

Comment 5 Fabian Affolter 2014-03-04 09:21:01 UTC
(In reply to Christopher Meng from comment #4)
> Also, these contain tabs still:

Not sure why rpmlint doesn't pick it up. Anyway, should be fixed now.

* Tue Mar 04 2014 Fabian Affolter <mail@fabian-affolter.ch> - 1.3-3
- Update shebang
- Again spaces

Updated files:
Spec URL: http://fab.fedorapeople.org/packages/SRPMS/tlssled.spec
SRPM URL: http://fab.fedorapeople.org/packages/SRPMS/tlssled-1.3-3.fc20.src.rpm

Comment 6 Christopher Meng 2014-03-05 04:33:10 UTC
PACKAGE APPROVED.

Comment 7 Fabian Affolter 2014-03-05 10:15:01 UTC
Thanks again

Comment 8 Fabian Affolter 2014-03-05 10:19:17 UTC
New Package SCM Request
=======================
Package Name: tlssled
Short Description: An evaluation tool for SSL/TLS (HTTPS) web server implementations
Owners: fab
Branches: f19 f20
InitialCC:

Comment 9 Gwyn Ciesla 2014-03-06 13:32:20 UTC
Git done (by process-git-requests).

Comment 10 Fabian Affolter 2014-09-11 14:16:35 UTC
Package Change Request
======================
Package Name: tlssled
New Branches: el6 epel7
Owners: fab 
InitialCC:

Comment 11 Gwyn Ciesla 2014-09-11 15:23:30 UTC
Git done (by process-git-requests).


Note You need to log in before you can comment on or make changes to this bug.