Bug 11072

Summary: w3af source contains binary ELF file, where source cannot be found
Product: Mageia Reporter: Funda Wang <fundawang>
Component: RPM PackagesAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: w3af-1.5-2.mga4.src.rpm CVE:
Status comment:

Description Funda Wang 2013-08-24 04:26:30 CEST 
$ pwd
/home/fundawang/w3af/BUILD/w3af-1.5
$ find -name *.so
./plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so
./plugins/attack/db/sqlmap/udf/mysql/linux/64/lib_mysqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so
./plugins/attack/db/sqlmap/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so
$ file plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so
plugins/attack/db/sqlmap/udf/mysql/linux/32/lib_mysqludf_sys.so: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped

I doubt such a package could be put into core section of mageia. If those files are distributed as GPL also, then you must solve the problem of w3af.noarch.rpm requires both libc.so.6 and libc.so.6()(64bit), which cannot be solved in i586 arch.

Regards.

Reproducible: 

Steps to Reproduce:
Funda Wang 2013-08-24 04:27:38 CEST

Assignee: bugsquad => guillomovitch

Comment 1 Guillaume Rousse 2013-09-01 15:43:58 CEST 
Those binary files are exploits, intended to be run on the attacked target. They are also windows binaries among them. They are part of the software, as any other kind of resources, and governed by the same license.

I just disabled automatic dependencies and debug packages creations, as for metasploit package, which has exactly the same issue.

Status: NEW => RESOLVED
Resolution: (none) => FIXED