Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at

Bug 506681

Summary: Review Request: autodafe - Fuzzing framework
Product: [Fedora] Fedora Reporter: Jan F. Chadima <jchadima>
Component: Package ReviewAssignee: Matěj Cepl <mcepl>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: fedora-package-review, mcepl, notting, ville.skytta
Target Milestone: ---Flags: mcepl: fedora-review+
j: fedora-cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-29 12:24:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 496968    
Description Flags
Patch build to honor CFLAGS from environment none

Description Jan F. Chadima 2009-06-18 09:52:57 UTC
Spec URL:
Autodafé is a fuzzing framework able to uncover buffer overflows 
by using the fuzzing by weighting attacks with markers technique.

Comment 1 Matěj Cepl 2009-06-18 12:25:32 UTC
+ GOOD: rpmlint is bradford:rpmbuild$ rpmlint -i SRPMS/autodafe-0.1-1.fc11.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
bradford:rpmbuild$ rpmlint -i RPMS/x86_64/autodafe-*
autodafe.x86_64: W: incoherent-version-in-changelog 0.1-1 ['1:0.1-1.fc11', '1:0.1-1']
The last entry in %changelog contains a version identifier that is not
coherent with the epoch:version-release tuple of the package.

2 packages and 0 specfiles checked; 0 errors, 1 warnings.
silent on both source and binary package.
Warning doesn't make any sense to me and should be ignored.
+ GOOD: The package is named according to the Package Naming Guidelines .
+ GOOD: The spec file name matches the base package %{name}, in the format
???: The package meets the Packaging Guidelines .
+ BAD: The package is licensed with a Fedora approved license and meet the
Licensing Guidelines.
1) # -*- coding: utf-8 -*-
in the top is not needed ... .spec files are in Fedora UTF-8 per definition.
2) This is not good:
mkdir -p $RPM_BUILD_ROOT/usr/share
mkdir -p $RPM_BUILD_ROOT/usr/bin
make prefix=$RPM_BUILD_ROOT/usr -C src/adbg install
make prefix=$RPM_BUILD_ROOT/usr -C src/adc install
make prefix=$RPM_BUILD_ROOT/usr -C src/autodafe install
make prefix=$RPM_BUILD_ROOT/usr -C src/pdml2ad install
( cd ./etc/generator; ./ . )
mv ./etc/generator/autodafe $RPM_BUILD_ROOT/usr/share
You should use %{_prefix}, %{_datadir}, %{_bindir}, %{_sysconfdir}, etc.
+ GOOD: The License field in the package spec file matches the actual license.
- GOOD: LICENSE file is in %doc.
+ GOOD: The spec file is written in American English.
+ GOOD: The spec file for the package is legible.
+ BAD: The sources used to build the package matches the upstream source,
as provided in the spec URL.
No URL in Source:
should be
Source: autodafe-%{version}.tar.gz{name}/%{name}-%{version}.tar.gz
then OK.
MD5: 1c10c69080952ab9dd2c819d1e9c044c
+ GOOD: The package successfully compiles and build into binary rpms on at
least one supported architecture.
  Koji scratch build is
+ GOOD: builds on all architectures
+ GOOD: All build dependencies are listed in BuildRequires. (builds in koji)
+ GOOD: The spec file MUST handle locales properly.
  No locale support.
+ GOOD: %post and %postun scripts OK
no scripts
+ GOOD: not relocatable
+ BAD: A package owns all directories that it creates.
I don't like this in %files:
a) you should use macros,
b) how many directories in %{_datadir} you want? Just write them down in %files individually.
The same for 
This is not safe.
+ GOOD: A package must not contain any duplicate files in the %files listing.
+ GOOD: Permissions on files must be set properly.
+ GOOD: Each package have a %clean section.
+ BAD: Each package consistently use macros.
see above
+ GOOD: The package contains code, or permissable content.
+ BAD: No large documentation files, so no a -doc subpackage.
at least tutorials.tar.gz should go to -doc (or to hell ;-))
+ GOOD: Files registered in %doc does not affect the runtime of the
+ GOOD: No header files.
+ GOOD: No static libraries.
+ GOOD: No pkgconfig(.pc) files.
+ GOOD: .so file is provided in -devel package.
no .so file
+ GOOD: Correct Requires in -devel subpackage.
no -devel package
+ GOOD: No .la libtool archives.
+ GOOD: Packages does not contain GUI applications.
+ GOOD: Packages does not own files or directories owned by other packages.
+ GOOD: Runs rm -rf $RPM_BUILD_ROOT in %install
+ GOOD: All filenames in rpm packages are valid UTF-8.
+ GOOD: Includes license text.

Please fix the above shown problems.

Comment 3 Matěj Cepl 2009-06-19 09:38:46 UTC


Comment 4 Jan F. Chadima 2009-06-19 09:49:03 UTC
New Package CVS Request
Package Name: autodafe
Short Description: Fuzzing framework
Owners: jfch2222
Branches: F-10 F-11

Comment 5 Jason Tibbitts 2009-06-20 15:02:40 UTC
CVS done.

Comment 6 Ville Skyttä 2009-06-24 22:37:09 UTC
Created attachment 349312 [details]
Patch build to honor CFLAGS from environment

Package is not built with $RPM_OPT_FLAGS, fix attached.  This patch should be applicable upstream as well, please forward it there.

Comment 7 Jan F. Chadima 2009-06-29 12:24:41 UTC
build as
thanks for the patch