506681 – Review Request: autodafe - Fuzzing framework

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 506681 - Review Request: autodafe - Fuzzing framework

Summary: Review Request: autodafe - Fuzzing framework

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	Package Review
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Matěj Cepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	DebugInfo
TreeView+	depends on / blocked

Reported:	2009-06-18 09:52 UTC by Jan F. Chadima
Modified:	2018-04-11 09:22 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-06-29 12:24:41 UTC
Type:	---
Embargoed:
Dependent Products:
Flags:	mcepl: fedora-review+ j: fedora-cvs+

Attachments	(Terms of Use)
Patch build to honor CFLAGS from environment (1.60 KB, patch) 2009-06-24 22:37 UTC, Ville Skyttä	no flags	Details \| Diff
View All

Description Jan F. Chadima 2009-06-18 09:52:57 UTC

Spec URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe.spec
SRPM URL: http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe-0.1-1.fc12.src.rpm
Description:
Autodafé is a fuzzing framework able to uncover buffer overflows 
by using the fuzzing by weighting attacks with markers technique.

Comment 1 Matěj Cepl 2009-06-18 12:25:32 UTC

+ GOOD: rpmlint is bradford:rpmbuild$ rpmlint -i SRPMS/autodafe-0.1-1.fc11.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
bradford:rpmbuild$ rpmlint -i RPMS/x86_64/autodafe-*
autodafe.x86_64: W: incoherent-version-in-changelog 0.1-1 ['1:0.1-1.fc11', '1:0.1-1']
The last entry in %changelog contains a version identifier that is not
coherent with the epoch:version-release tuple of the package.

2 packages and 0 specfiles checked; 0 errors, 1 warnings.
bradford:rpmbuild$ 
silent on both source and binary package.
Warning doesn't make any sense to me and should be ignored.
+ GOOD: The package is named according to the Package Naming Guidelines .
+ GOOD: The spec file name matches the base package %{name}, in the format
  %{name}.spec.
???: The package meets the Packaging Guidelines .
+ BAD: The package is licensed with a Fedora approved license and meet the
Licensing Guidelines.
1) # -*- coding: utf-8 -*-
in the top is not needed ... .spec files are in Fedora UTF-8 per definition.
2) This is not good:
mkdir -p $RPM_BUILD_ROOT/usr/share
mkdir -p $RPM_BUILD_ROOT/usr/bin
make prefix=$RPM_BUILD_ROOT/usr -C src/adbg install
make prefix=$RPM_BUILD_ROOT/usr -C src/adc install
make prefix=$RPM_BUILD_ROOT/usr -C src/autodafe install
make prefix=$RPM_BUILD_ROOT/usr -C src/pdml2ad install
( cd ./etc/generator; ./generator.sh . )
mv ./etc/generator/autodafe $RPM_BUILD_ROOT/usr/share
You should use %{_prefix}, %{_datadir}, %{_bindir}, %{_sysconfdir}, etc.
+ GOOD: The License field in the package spec file matches the actual license.
- GOOD: LICENSE file is in %doc.
+ GOOD: The spec file is written in American English.
+ GOOD: The spec file for the package is legible.
+ BAD: The sources used to build the package matches the upstream source,
as provided in the spec URL.
No URL in Source:
should be
Source: autodafe-%{version}.tar.gz
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
then OK.
MD5: 1c10c69080952ab9dd2c819d1e9c044c
+ GOOD: The package successfully compiles and build into binary rpms on at
least one supported architecture.
  Koji scratch build is
  http://koji.fedoraproject.org/koji/taskinfo?taskID=1422739
+ GOOD: builds on all architectures
+ GOOD: All build dependencies are listed in BuildRequires. (builds in koji)
+ GOOD: The spec file MUST handle locales properly.
  No locale support.
+ GOOD: %post and %postun scripts OK
no scripts
+ GOOD: not relocatable
+ BAD: A package owns all directories that it creates.
I don't like this in %files:
%{_usr}/share/*
a) you should use macros,
b) how many directories in %{_datadir} you want? Just write them down in %files individually.
The same for 
%{_bindir}/*
This is not safe.
+ GOOD: A package must not contain any duplicate files in the %files listing.
+ GOOD: Permissions on files must be set properly.
+ GOOD: Each package have a %clean section.
+ BAD: Each package consistently use macros.
see above
+ GOOD: The package contains code, or permissable content.
+ BAD: No large documentation files, so no a -doc subpackage.
at least tutorials.tar.gz should go to -doc (or to hell ;-))
+ GOOD: Files registered in %doc does not affect the runtime of the
application.
+ GOOD: No header files.
+ GOOD: No static libraries.
+ GOOD: No pkgconfig(.pc) files.
+ GOOD: .so file is provided in -devel package.
no .so file
+ GOOD: Correct Requires in -devel subpackage.
no -devel package
+ GOOD: No .la libtool archives.
+ GOOD: Packages does not contain GUI applications.
+ GOOD: Packages does not own files or directories owned by other packages.
+ GOOD: Runs rm -rf $RPM_BUILD_ROOT in %install
+ GOOD: All filenames in rpm packages are valid UTF-8.
+ GOOD: Includes license text.

NOT APPROVED
Please fix the above shown problems.

Comment 2 Jan F. Chadima 2009-06-18 14:05:39 UTC

bugs repaired
Spec URL:
http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe.spec
SRPM URL:
http://www.benhur.prf.cuni.cz/medved-7/wydobitki/fedora/autodafe/autodafe-0.1-2.fc12.src.rpm

Comment 3 Matěj Cepl 2009-06-19 09:38:46 UTC

Perfect!

APPROVED

Comment 4 Jan F. Chadima 2009-06-19 09:49:03 UTC

New Package CVS Request
=======================
Package Name: autodafe
Short Description: Fuzzing framework
Owners: jfch2222
Branches: F-10 F-11
InitialCC:

Comment 5 Jason Tibbitts 2009-06-20 15:02:40 UTC

CVS done.

Comment 6 Ville Skyttä 2009-06-24 22:37:09 UTC

Created attachment 349312 [details]
Patch build to honor CFLAGS from environment

Package is not built with $RPM_OPT_FLAGS, fix attached.  This patch should be applicable upstream as well, please forward it there.

Comment 7 Jan F. Chadima 2009-06-29 12:24:41 UTC

build as http://koji.fedoraproject.org/koji/buildinfo?buildID=112087
thanks for the patch

Note You need to log in before you can comment on or make changes to this bug.