Red Hat Bugzilla – Bug 469553
Review Request: asleap - Recovering tool for weak LEAP and PPTP passwords
Last modified: 2009-07-09 13:27:58 EDT
Spec URL: http://fab.fedorapeople.org/packages/SRPMS/asleap.spec
SRPM URL: http://fab.fedorapeople.org/packages/SRPMS/asleap-2.2-1.fc9.src.rpm
Project URL: http://www.willhackforsushi.com/Asleap.html
asleap is a tool to recover weak LEAP and PPTP passwords. asleap is the
product of the research of weaknesses in Cisco's proprietary LEAP protocol.
asleap can work directly from any wireless interface in RFMON mode and can
perform channel hopping.
Koji scratch builds:
[fab@laptop024 i386]$ rpmlint -i asl*
2 packages and 0 specfiles checked; 0 errors, 0 warnings.
[fab@laptop024 SRPMS]$ rpmlint asl*
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
Indeed, builds fine and rpmlint is silent.
However, this package is GPLv2 (only) and it needs libpcap which is BSD with advertising. I don't believe this is permitted, but then snort does it so I'm a bit confused. Blocking the legal tracker so someone who knows can check.
The compiler flags are not correct. They do include -g, though, so the debuginfo package comes out OK.
I'm concerned that /usr/bin/genkeys is a bit generic. It conflicts with at least some installs of ntp, although not Fedora's. and liblogtrend has /usr/bin/genkeys.pl (although, again, not in Fedora). dkim-milter has dkim-genkey and asterisk has astgenkey.
* source files match upstream. sha256sum:
* package meets naming and versioning guidelines.
* specfile is properly named, is cleanly written and uses macros consistently.
* summary is OK.
* description is OK.
* dist tag is present.
* build root is OK.
* license field matches the actual license.
* license is open source-compatible.
* license text included in package.
* latest version is being packaged.
* BuildRequires are proper.
X compiler flags are not.correct
* %clean is present.
* package builds in mock (rawhide, x86_64).
* package installs properly.
* debuginfo package looks complete.
* rpmlint is silent.
* final provides and requires are sane:
asleap = 2.2-1.fc11
asleap(x86-64) = 2.2-1.fc11
* no shared libraries are added to the regular linker search paths.
* owns the directories it creates.
* doesn't own any directories it shouldn't.
* no duplicates in %files.
* file permissions are appropriate.
X generically named /usr/bin/genkeys.
* code, not content.
* documentation is small, so no -doc subpackage is necessary.
* %docs are not necessary for the proper functioning of the package.
* no headers.
* no pkgconfig files.
* no static libraries.
* no libtool .la files.
(In reply to comment #1)
> The compiler flags are not correct. They do include -g, though, so the
> debuginfo package comes out OK.
At the moment the package is not building with the compiler flags.
> I'm concerned that /usr/bin/genkeys is a bit generic. It conflicts with at
> least some installs of ntp, although not Fedora's. and liblogtrend has
> /usr/bin/genkeys.pl (although, again, not in Fedora). dkim-milter has
> dkim-genkey and asterisk has astgenkey.
I will get in touch with upstream perhaps they will change the name.
We're probably okay, since libpcap is 99% 3 clause BSD and the only parts which are BSD with advertising relate to the ATM layer. Lifting FE-Legal, because I'm not losing sleep here.
Thanks Tom for the legal stuff. So far there is no answer from upstream. I will wait some more days and resend the message.
Just noticed this was still open. Did anything ever happen with upstream?
It's been another month. I'll go ahead and close this ticket if nothing happens in a week.
Still no response, so I'm revoking my approval and closing.
There was no answer from upstream during the whole time this review was open. Perhaps in the future I will reopen this request if upstream make a statement about the 'genkeys'. Thanks Jason for your time and your patience.