Red Hat Bugzilla – Bug 461385
Review Request: hydra - A very fast network logon cracker
Last modified: 2012-01-22 00:19:35 EST
Spec URL: http://konradm.fedorapeople.org/fedora/SPECS/hydra.spec SRPM URL: http://konradm.fedorapeople.org/fedora/SRPMS/hydra-5.4-1.fc9.src.rpm Description: Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. Currently this tool supports: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres, Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA (incorporated in telnet module). This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.
That one was a pretty quick review as it didn't compile in mock. Please check OK - source files match upstream: cd2e7e5ea479d50982b08334b1f4477a6620e6b45bc79ab55ddd07b128c64611 hydra-5.4-src.tar.gz OK - package meets naming and versioning guidelines. ??? - specfile is properly named, is cleanly written and uses macros consistently. Shouldn't the sed cack for the Makefile go into the prep phase? OK - dist tag is present. OK - build root is correct. NOK - license field matches the actual license. NOK - license is open source-compatible. While the code is GPLv2, there's a LICENCE.HYDRA file adding additional stipulations. Please check this, blocking FE-LEGAL until cleared up. OK - license text included in package. OK - latest version is being packaged. NOK - BuildRequires are proper. Missing buildrequires. OK - compiler flags are appropriate. OK - %clean is present. NOK - package builds in mock. At least one missing dependency on openssl-devel, possibly other. Please check. NOTCHECKED: package installs properly. debuginfo package looks complete. rpmlint is silent. final provides and requires are sane: (paste in the rpm -qp --provides and --requires output) %check is present and all tests pass: (if possible, include some info indicating a successful test suite) (it's OK if there's no test suite, but if one is there it should be run if possible) no shared libraries are added to the regular linker search paths. (or, if shared libraries are present, make sure ldconfig is run) owns the directories it creates. doesn't own any directories it shouldn't. no duplicates in %files. file permissions are appropriate. no scriptlets present. (or, if scriptlets are present, compare them against the ScriptletSnippets page) code, not content. documentation is small, so no -docs subpackage is necessary. %docs are not necessary for the proper functioning of the package. no headers. no pkgconfig files. no libtool .la droppings. desktop files valid and installed properly.
The additional restrictions in LICENCE.Hydra make this non-free (and unacceptable for Fedora).
(In reply to comment #2) > The additional restrictions in LICENCE.Hydra make this non-free (and > unacceptable for Fedora). OK, closing the bug then.