Bug 556161 - (sslscan) Review Request: sslscan - Security assessment tool for ssl
Review Request: sslscan - Security assessment tool for ssl
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: Package Review (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE-SECLAB
  Show dependency treegraph
 
Reported: 2010-01-16 16:20 EST by Michal Ambroz
Modified: 2014-09-23 15:14 EDT (History)
6 users (show)

See Also:
Fixed In Version: sslscan-1.8.2-3.el4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-12 09:49:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
tmraz: fedora‑review+
limburgher: fedora‑cvs+


Attachments (Terms of Use)

  None (edit)
Description Michal Ambroz 2010-01-16 16:20:52 EST
Spec URL: http://rebus.webz.cz/d/sslscan.spec
SRPM URL: http://rebus.webz.cz/d/sslscan-1.8.2-1.fc12.src.rpm
Description: 
SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers
that are supported. SSLScan is designed to be easy, lean and fast.
The output includes preferred ciphers of the SSL service, the certificate
and is in Text and XML formats.

Hello, please would be someone willing to review sslscan package and approve it for fedora? This tool is really usefull when doing network security assessments.
I do not have any package in Fedora sofar so I would humbly ask for sponsoring as well. Thank you.
Comment 1 Michal Ambroz 2010-01-16 23:47:12 EST
Output from rpmlint sslscan-1.8.2-1.fc12.src.rpm sslscan-1.8.2-1.fc12.i686.rpm sslscan-debuginfo-1.8.2-1.fc12.i686.rpm:
3 packages and 0 specfiles checked; 0 errors, 0 warnings.

Koji build tasks:
i386 http://koji.fedoraproject.org/koji/taskinfo?taskID=1927371
Comment 2 timlank 2010-01-25 07:54:31 EST
Hi Michal, 

just trying to be of help again....

I performed the following:

rpm -Uvh sslscan-1.8.2-1.fc12.src.rpm
rpmbuild -ba sslscan.spec

and received the following output:

# rpmbuild -ba sslscan.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.LGjuMI
+ umask 022
+ cd /root/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /root/rpmbuild/BUILD
+ rm -rf sslscan-1.8.2
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/sslscan-1.8.2.tgz
+ /bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd sslscan-1.8.2
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #0 (sslscan-makefile.patch):'
Patch #0 (sslscan-makefile.patch):
+ /bin/cat /root/rpmbuild/SOURCES/sslscan-makefile.patch
+ /usr/bin/patch -s -p1 -b --suffix .makefile --fuzz=0
+ echo 'Patch #1 (sslscan-patents.patch):'
Patch #1 (sslscan-patents.patch):
+ /bin/cat /root/rpmbuild/SOURCES/sslscan-patents.patch
+ /usr/bin/patch -s -p1 -b --suffix .patents --fuzz=0
1 out of 2 hunks FAILED -- saving rejects to file sslscan.c.rej
error: Bad exit status from /var/tmp/rpm-tmp.LGjuMI (%prep)


RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.LGjuMI (%prep)


Looking at the patch reject file......

# cat sslscan.c.rej
***************
*** 985,991 ****
                                                                                                        fprintf(options->xmlOutput, "   </pk>\n");
                                                                                                }
                                                                                                break;
                                                                                        case EVP_PKEY_EC:
                                                                                                printf("    EC Public Key:\n");
                                                                                                if (options->xmlOutput != 0)
                                                                                                        fprintf(options->xmlOutput, "   <pk error=\"false\" type=\"EC\">\n");
--- 985,993 ----
                                                                                                        fprintf(options->xmlOutput, "   </pk>\n");
                                                                                                }
                                                                                                break;
+                                                                                       /* Comment out patented technology not enabled in Fedora */
+                                                                                       /*
                                                                                        case EVP_PKEY_EC:
                                                                                                printf("    EC Public Key:\n");
                                                                                                if (options->xmlOutput != 0)
                                                                                                        fprintf(options->xmlOutput, "   <pk error=\"false\" type=\"EC\">\n");

Thanks,
Tim
Comment 3 Michal Ambroz 2010-01-25 11:27:15 EST
Hello Tim,
I have tried to build now on pristine machine, but I am not able to reproduce the issue you are talking about.
Patch seems to be working just fine and it did pass even the koji build for fc13.
http://koji.fedoraproject.org/koji/taskinfo?taskID=1927391

Please could you tell me what are your versions of the patch and diff you are using?
Thank you
Michal Ambroz
Comment 4 timlank 2010-01-25 12:31:51 EST
Thats interesting and I don't know how to explain.

I basically took the .spec file and the .src.rpm as listed in the review request, downloaded them to my minimal system, installed the source RPM and then performed the rpmbuild -ba on the source -- which tries to rebuild the source RPM and build the binary rpm. 

So the patch that was used was the one that was in the .src.rpm that is listed in the first entry in this review request.

my particular system is using these versions of the patch and diff utilites...

# rpm -qf /usr/bin/patch /usr/bin/diff
patch-2.5.4-40.fc12.x86_64
diffutils-2.8.1-25.fc12.x86_64

Thanks,
Tim
Comment 5 timlank 2010-01-25 21:20:52 EST
My apologies.  I was able to do yum update on another system all builds there as provided without issue.  Also mock and koji builds this without any problem.

Sorry for any confusion.

Tim
Comment 6 Michal Ambroz 2010-01-28 05:42:46 EST
Nono - no appologies. There must be something wrong.
Build failed once it will fail again. Question is why.
Comment 7 Michal Ambroz 2010-01-28 20:19:59 EST
I have got indeed different version of patch
$ rpm -qf /usr/bin/patch /usr/bin/diff
patch-2.6.1-1.fc12.i686
diffutils-2.8.1-25.fc12.i686

With patch 2.5.4 I was able to reproduce the issue.
With the new version patch --fuzz=0 works fine, but with old version it complains about some fuzziness in the patch. 

Here is modified src.rpm with patch which works for both version of patch without complains.

Spec URL: http://rebus.webz.cz/d/sslscan.spec
SRPM URL: http://rebus.webz.cz/d/sslscan-1.8.2-2.fc12.src.rpm

Thank you for noticing this Tim.
Michal Ambroz
Comment 8 Tomas Mraz 2010-04-07 08:41:07 EDT
The biggest problem is that the src.rpm does not build on current rawhide. There is missing -lcrypto during linking. There are also some warnings with the new openssl but they are not critical.

I have noticed also these small problems in the spec:

1. Typo 'assesment' in summary

2. Missing changelog entry for the -2 release

3. The License is GPLv3+ with exceptions not GPLv3. Please also add a comment that the exception is there for allowing linking to OpenSSL.
Comment 9 Michal Ambroz 2010-04-07 11:29:35 EDT
Hello Tomas,
thank you for review and comments. 
Here should be fixed version. 

Spec URL: http://rebus.webz.cz/d/sslscan.spec
SRPM URL: http://rebus.webz.cz/d/sslscan-1.8.2-3.fc12.src.rpm

Unfortunately right now I am behind proxy so I cannot use the koji build system to test in the devel target. I have tested only on fc12.
Best regards
Michal Ambroz
Comment 10 Michal Ambroz 2010-04-08 19:17:16 EDT
Hello - here are the koji builds:
http://koji.fedoraproject.org/koji/taskinfo?taskID=2103701
http://koji.fedoraproject.org/koji/taskinfo?taskID=2103692

Best regards
Michal Ambroz
Comment 11 Tomas Mraz 2010-04-09 03:50:12 EDT
Rpmlint is silent:

rpmlint -v sslscan-*
sslscan-debuginfo.x86_64: I: checking
sslscan.src: I: checking
sslscan.x86_64: I: checking
3 packages and 0 specfiles checked; 0 errors, 0 warnings.

I did not find anything would conflict with Fedora packaging guidelines and so the package is APPROVED.

I will also sponsor you.
Comment 12 Michal Ambroz 2010-04-09 17:40:34 EDT
New Package CVS Request
=======================
Package Name: sslscan
Short Description: Security assessment tool for SSL
Owners: rebus
Branches: F-11 F-12 F-13 EL-4 EL-5 devel
InitialCC: 

Thank you
Michal Ambroz
Comment 13 Kevin Fenzi 2010-04-11 15:15:24 EDT
CVS done (by process-cvs-requests.py).
Comment 14 Fedora Update System 2010-04-11 19:05:00 EDT
sslscan-1.8.2-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/sslscan-1.8.2-3.fc11
Comment 15 Fedora Update System 2010-04-11 19:05:05 EDT
sslscan-1.8.2-3.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/sslscan-1.8.2-3.el4
Comment 16 Fedora Update System 2010-04-11 19:05:09 EDT
sslscan-1.8.2-3.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/sslscan-1.8.2-3.fc12
Comment 17 Fedora Update System 2010-04-11 19:05:14 EDT
sslscan-1.8.2-3.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/sslscan-1.8.2-3.fc13
Comment 18 Fedora Update System 2010-04-11 19:05:18 EDT
sslscan-1.8.2-3.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/sslscan-1.8.2-3.el5
Comment 19 Michal Ambroz 2010-04-12 09:49:23 EDT
Package sslscan was successfully build and addedd to updates for F-11 F-12 and dist-F13
Closing the bug.
Thank all reviewers for hints and all the help and especially to Tomas Mraz.

Best regards
Michal Ambroz
Comment 20 Fedora Update System 2010-04-12 21:39:47 EDT
sslscan-1.8.2-3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2010-04-12 21:46:41 EDT
sslscan-1.8.2-3.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2010-04-12 21:59:46 EDT
sslscan-1.8.2-3.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2010-05-03 16:26:53 EDT
sslscan-1.8.2-3.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2010-05-03 16:27:33 EDT
sslscan-1.8.2-3.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 Michal Ambroz 2014-09-23 14:16:39 EDT
Package Change Request
======================
Package Name: sslscan
New Branches: epel7
Owners: rebus fab

Hello SCM team,
plase can you add epel7 branch for the sslscan package?
Thank you
Michal Ambroz
Comment 26 Jon Ciesla 2014-09-23 15:14:43 EDT
Git done (by process-git-requests).

Note You need to log in before you can comment on or make changes to this bug.