Bug 491084 - Review Request: medusa - parallel brute forcing pasword cracker
Review Request: medusa - parallel brute forcing pasword cracker
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Miroslav Suchý
Fedora Extras Quality Assurance
:
: 557254 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-19 08:18 EDT by Jan F. Chadima
Modified: 2014-10-17 13:32 EDT (History)
6 users (show)

See Also:
Fixed In Version: medusa-2.1.1-5.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-22 07:33:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
msuchy: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Jan F. Chadima 2009-03-19 08:18:41 EDT
Spec URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/medusa.spec
SRPM URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/medusa-1.5-1.fc11.src.rpm
Description: Medusa is a speedy, massively parallel, modular, login brute-forcer for network services. Some of the key features of Medusa are:                                                      
                                                                                                                                                                                       
    * Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.                                                     
    * Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing mult
iple entries. Additionally, a combination file format allows the user to refine their target listing.                                                                                  
    * Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported l
ist of services for brute-forcing.
Comment 1 Miroslav Suchý 2009-03-19 09:03:32 EDT
I will do this review.
Comment 2 Susi Lehtola 2009-03-19 09:16:22 EDT
Url should be: http://www.foofus.net/jmk/medusa/medusa.html
Comment 3 Miroslav Suchý 2009-03-19 09:32:26 EDT
==============

Key:
 - = N/A
 x = Check
 ! = Problem
 ? = Not evaluated

=== REQUIRED ITEMS ===
 [x] Package is named according to the Package Naming Guidelines.
 [x] Spec file name must match the base package %{name}, in the format
%{name}.spec.
 [!] Package meets the Packaging Guidelines including the Perl specific items
 [!] Package successfully compiles and builds into binary rpms on at least one
supported architecture.
 [!] Rpmlint output: empty
.... I really did not went further in review.
Please read 
  http://fedoraproject.org/wiki/Packaging:Guidelines
before submission and make sure the package meet the requirements. Please post here updated spec and srpm, when you fix the errors.

Failed items:
Please change Summary from:
 medusa is parallel brute forcing pasword cracker
to:
 Parallel brute forcing password cracker
(also note missing "s" in password)

medusa did not built:
 http://koji.fedoraproject.org/koji/taskinfo?taskID=1249822
due missing build requires: 
  No Package Found for afpfs-ng-devel

$ rpmlint medusa-1.5-1.fc11.src.rpm
medusa.src: E: no-cleaning-of-buildroot %install
medusa.src: E: no-cleaning-of-buildroot %clean
medusa.src: W: mixed-use-of-spaces-and-tabs (spaces: line 19, tab: line 11)
medusa.src: W: summary-not-capitalized medusa is parallel brute forcing pasword cracker
medusa.src: E: description-line-too-long Medusa is a speedy, massively parallel, modular, login brute-forcer for network services. Some of the key features of Medusa are:
medusa.src: E: description-line-too-long     * Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
medusa.src: E: description-line-too-long     * Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
medusa.src: E: description-line-too-long     * Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.
medusa.src: W: no-version-in-last-changelog
medusa.src: W: invalid-license GPL
1 packages and 0 specfiles checked; 6 errors, 4 warnings.
Comment 4 Michael Schwendt 2009-03-19 09:48:01 EDT
Three things that can be found by skimming over the spec file:

* http://fedoraproject.org/wiki/Packaging/Guidelines#Parallel_make

* http://fedoraproject.org/wiki/Packaging/Guidelines#Why_the_.25makeinstall_macro_should_not_be_used

* Directory %{_libdir}/medusa is not included:
https://fedoraproject.org/wiki/Packaging/UnownedDirectories
Comment 6 Miroslav Suchý 2009-03-19 11:28:23 EDT
Not Found
The requested URL /medved-7/wydobitki/path=fedora was not found on this server.

It is good habit to bump up release with new revision of package.

Builds still fails:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1249939
DEBUG util.py:256:  No Package Found for afpfs-ng-devel
Comment 7 Jan F. Chadima 2009-03-19 14:48:07 EDT
The proper path is: /medved-7/wydobitki/?path=fedora

The package is testet to compile on enwironmet without afp packages.


Spec URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/medusa.spec
SRPM URL:
http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/medusa-1.5-2.fc11.src.rpm
Comment 8 Miroslav Suchý 2009-03-20 04:54:06 EDT
It still do not build:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1250906
http://koji.fedoraproject.org/koji/getfile?taskID=1250908&name=build.log
/var/tmp/rpm-tmp.mzjJhi: line 29: aclocal: command not found

You may want to add automake to buildrequires...

Please run: 
 koji build --scratch dist-f11 medusa-1.5-2.fc11.src.rpm
before sending updated src.rpm and make sure that the build succeed. 

And rpmlint still give 8 errors. 
Please run  
  rpmlint -i medusa-1.5-2.fc11.src.rpm
And make sure you fixed all errors and warnings.
Comment 10 Miroslav Suchý 2009-03-20 08:42:34 EDT
OK. It build now.
Although there is huge list of compilers warnings. (will be nice to fix, but not necessery).
There is also warning:
checking for openssl/ssl.h... no
configure: WARNING:  *** OpenSSL header files required for SSL support. ***
    Many of the Medusa modules depend on the OpenSSL library and header files. If
    multiple modules are unexpectedly disabled, this is likely the cause. Make sure
    to install libssl-dev, openssl-devel or whatever package your distribution uses
    to distribute these files.
not sure if you would like to enable it by specifying additional requirements.

Rpmlint still say a lot of errors:
Do not use
 rm -rf ${buildroot}
use either 
 rm -Rf $RPM_BUILD_ROOT
or 
 rm -rf %{buildroot}

medusa.src: W: mixed-use-of-spaces-and-tabs (spaces: line 24, tab: line 11)
The specfile mixes use of spaces and tabs for indentation, which is a cosmetic
annoyance.  Use either spaces or tabs for indentation, not both.

Your description lines must not exceed 79 characters. If a line is exceeding
this number, cut it to fit in two or more lines.

medusa.src: W: invalid-license GPL
The value of the License tag was not recognized.  Known values are: "GPL+", "GPL+ or Artistic", "GPLv1",
"GPLv2 or Artistic", "GPLv2+ or Artistic", "GPLv2", "GPLv2 with exceptions",
"GPLv2+", "GPLv2+ with exceptions", "GPLv3", "GPLv3 with exceptions",
"GPLv3+", "GPLv3+ with exceptions"

When you will fix these errors, I will check rest of the requirements.
Comment 11 Jan F. Chadima 2009-03-20 12:40:08 EDT
Spec URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/medusa.spec
SRPM URL:
http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/medusa-1.5-4.fc11.src.rpm

koji tested, rpmlint tested all modules except afp are included.
Comment 12 Miroslav Suchý 2009-03-23 06:16:10 EDT
I hate to say it, but ... 
yes rpmlint is silent on src.rpm, but ...
$ rpmlint  medusa-1.5-4.fc11.i586.rpm
medusa.i586: E: zero-length /usr/share/doc/medusa-1.5/NEWS
Comment 13 Miroslav Suchý 2009-03-23 06:39:39 EDT
==============

Key:
 - = N/A
 x = Check
 ! = Problem
 ? = Not evaluated

=== REQUIRED ITEMS ===
 [x] Package is named according to the Package Naming Guidelines.
 [x] Spec file name must match the base package %{name}, in the format
%{name}.spec.
 [x] Package meets the Packaging Guidelines including the Perl specific items
 [x] Package successfully compiles and builds into binary rpms on at least one
supported architecture.
     Tested on: devel/i586, devel/x86_64, devel/ppc, devel/ppc64
 [!] Rpmlint output: empty
 [x] Package is not relocatable.
 [x] Buildroot is correct
%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 [x] Package is licensed with an open-source compatible license and meets other
legal requirements as defined in the legal section of Packaging Guidelines.
 [x] License field in the package spec file matches the actual license.
     License type: GPLv2
 [-] If (and only if) the source package includes the text of the license(s) in
its own file, then that file, containing the text of the license(s) for the
package is included in %doc.
 [x] Spec file is legible and written in American English.
 [x] Sources used to build the package matches the upstream source, as provided
in the spec URL.
     SHA1SUM of package:  82f884666161af80f8cee7a7d5c7554d
medusa-1.5.tar.gz
 [x] Package is not known to require ExcludeArch
 [x] All build dependencies are listed in BuildRequires, except for any that
are listed in the exceptions section of Packaging Guidelines.
 [-] The spec file handles locales properly.
 [-] ldconfig called in %post and %postun if required.
 [x] Package must own all directories that it creates.
 [x] Package requires other packages for directories it uses.
 [x] Package does not contain duplicates in %files.
 [x] Permissions on files are set properly.
 [x] Package has a %clean section, which contains rm -fR $RPM_BUILD_ROOT.
 [x] Package consistently uses macros.
 [x] Package contains code, or permissable content.
 [-] Large documentation files are in a -doc subpackage, if required.
 [x] Package uses nothing in %doc for runtime.
 [-] Header files in -devel subpackage, if present.
 [-] Static libraries in -devel subpackage, if present.
 [-] Package requires pkgconfig, if .pc files are present.
 [-] Development .so files in -devel subpackage, if present.
 [-] Fully versioned dependency in subpackages, if present.
 [x] Package does not contain any libtool archives (.la).
 [-] Package contains a properly installed %{name}.desktop file if it is a GUI
application.
 [x] Package does not own files or directories owned by other packages.

=== SUGGESTED ITEMS ===
 [x] Latest version is packaged.
 [x] Package does not include license text files separate from upstream.
 [-] Description and summary sections in the package spec file contains
translations for supported Non-English languages, if available.
 [x] Reviewer should test that the package builds in mock.
     Tested on: koji scratch build
 [x] Package should compile and build into binary rpms on all supported
architectures.
     Tested on:koji scratch build
 [?] Package functions as described.
 [-] Scriptlets must be sane, if used.
 [-] The placement of pkgconfig(.pc) files is correct.
 [-] File based requires are sane.
 [-] %check is present and the tests pass

So the zero length NEWS file is only remaining problem.
Comment 15 Miroslav Suchý 2009-03-24 04:58:07 EDT
APPROVED
Comment 16 Jan F. Chadima 2009-04-02 08:29:40 EDT
New Package CVS Request
=======================
Package Name: medusa
Short Description: parallel brute forcing pasword cracker
Owners: jfch2222
Branches: F-10 F-11
InitialCC:
Comment 17 Kevin Fenzi 2009-04-03 16:45:34 EDT
cvs done.
Comment 18 Xavier Bachelot 2010-01-20 16:42:39 EST
*** Bug 557254 has been marked as a duplicate of this bug. ***
Comment 19 Michal Ambroz 2014-09-23 13:51:26 EDT
Package Change Request
======================
Package Name: bkhive
New Branches: epel7
Owners: rebus

Hello SCM team,
plase can you add epel7 branch for the medusa package?
Michal Ambroz
Comment 20 Gwyn Ciesla 2014-09-23 15:14:23 EDT
Git done (by process-git-requests).
Comment 21 Michal Ambroz 2014-09-29 08:36:45 EDT
Package Change Request
======================
Package Name: medusa
New Branches: epel7 el6
Owners: rebus

Hello SCM team,
plase can you add epel7 and el6 branch for the medusa package?
Sorry my bad - I used wrong copy-paste from other package. Now the good one.
Michal Ambroz
Comment 22 Gwyn Ciesla 2014-09-29 09:26:24 EDT
Git done (by process-git-requests).
Comment 23 Fedora Update System 2014-09-30 19:39:29 EDT
medusa-2.1.1-5.el7 has been submitted as an update for Fedora EPEL 7.
https://admin.fedoraproject.org/updates/medusa-2.1.1-5.el7
Comment 24 Fedora Update System 2014-10-17 13:32:06 EDT
medusa-2.1.1-5.el7 has been pushed to the Fedora EPEL 7 stable repository.

Note You need to log in before you can comment on or make changes to this bug.