10502 – w3af dependency not met - pybloomfiltermmap

Bug 10502 - w3af dependency not met - pybloomfiltermmap

Summary: w3af dependency not met - pybloomfiltermmap

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	3
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	has_procedure advisory MGA3-32-OK MGA...
Keywords:	Triaged, validated_update

Depends on:
Blocks:

Reported:	2013-06-12 05:32 CEST by Pavel Kreuzt
Modified:	2014-02-19 22:56 CET (History)
CC List:	8 users (show)

See Also:
Source RPM:	w3af-1.1-2mga3
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pavel Kreuzt 2013-06-12 05:32:06 CEST

Description of problem:

w3af_console refuses to start claiming this:

[pkreuzt@myhost]$ w3af_console 
w3af is officially supported under Python 2.6
On debian based systems:
    sudo apt-get install python2.6-dev 

Additional information:
    pybloomfiltermmap is a required dependency in *nix systems, please install from http://pypi.python.org/pypi/pybloomfiltermmap/0.2.0


Version: w3af-1.1-2mga3


How reproducible: Start w3af_console or w3af_gui from a console and see



Reproducible: 

Steps to Reproduce:

Manuel Hiebel 2013-06-12 23:12:18 CEST

Keywords: (none) => Triaged
Assignee: bugsquad => guillomovitch

Comment 1 Pavel Kreuzt 2013-06-14 02:16:38 CEST

I tried to install pybloomfiltermmap myself and got linking errors, someone has already submitted a patch on https://github.com/axiak/pybloomfiltermmap/issues/37 for Mageia to work. With this it compiles correctly.

Comment 2 Guillaume Rousse 2013-08-23 13:42:32 CEST

I just submitted python-pybloomfiltermmap, and an update release of w3af, in core/updates_testing.

Comment 3 Guillaume Rousse 2013-08-23 13:51:13 CEST

Update requested.

Suggested advisory:
The w3af package released in mageia 3 was missing dependencies against some python libraries. Additionaly, one of these libraries was actually not available in the distribution.

Updated packages in core/updates_testing:
- w3af-1.1-2.2.mga3
- python-pybloomfiltermmap-0.3.11-1.mga3

Assignee: guillomovitch => qa-bugs

Comment 4 claire robinson 2013-08-27 12:24:35 CEST

Testing mga3 64.

It is asking for tcpdump too, should that be added as a suggest?

Before
------
$ w3af_console
w3af is officially supported under Python 2.6
Your python installation needs the following packages:
    pyOpenSSL 

On debian based systems:
    sudo apt-get install python2.6-dev python-pyopenssl 

On a mac with mac ports installed:
    sudo port install py26-openssl 

Additional information:
    pybloomfiltermmap is a required dependency in *nix systems, please install from http://pypi.python.org/pypi/pybloomfiltermmap/0.2.0


After
-----
# urpmi w3af
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Release")
  python-OpenSSL                 0.13         2.mga3        x86_64  
(medium "Core Updates Testing")
  python-pybloomfiltermmap       0.3.11       1.mga3        x86_64  
  w3af                           1.1          2.2.mga3      noarch

$ w3af_console
w3af is officially supported under Python 2.6
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
w3af>>> 

Tested with dnsWildcard, some useful info for testing here:
http://resources.infosecinstitute.com/w3af-tutorial/

claire robinson 2013-08-27 17:39:00 CEST

Whiteboard: (none) => has_procedure mga3-64-ok? feedback

Comment 5 Pavel Kreuzt 2013-08-28 19:23:18 CEST

A suggestion: this kind of programs (like metasploit) loses utility if it cannot be updated via git. Maybe the git tree could be added to the rpm.

Comment 6 claire robinson 2013-08-30 12:58:25 CEST

Adding Guillaume to CC, been talking to ourselves :)

CC: (none) => guillomovitch

Comment 7 Dave Hodgins 2013-09-20 00:56:30 CEST

Guillaume, please see comment 4 and comment 5.

CC: (none) => davidwhodgins

Comment 8 Guillaume Rousse 2013-09-20 16:18:25 CEST

Using git, or any other way to update a software directly from upstream, means bypassing normal software flow from the distribution. It means negating rpm builtin integrity control (rpm --verify), and eventually result in user reporting bugs to the distribution for software versions different from the one we ship. You're free to do it, of course, but we won't encourage this practice. Especially as we usually even disable those features in many packages (nagios, firefox, etc...).

tcpdump, however, seems a good candidate for a soft dependency, I'm having a look.

Comment 9 claire robinson 2013-09-25 07:59:17 CEST

Assigning Guillaume. Please reassign to QA when you've had a chance to take a look.

Thanks

CC: (none) => qa-bugs
Assignee: qa-bugs => guillomovitch
Whiteboard: has_procedure mga3-64-ok? feedback => has_procedure

Comment 10 Guillaume Rousse 2013-10-31 20:07:53 CET

I just submitted w3af-1.1-2.3 in updates_testing, with an additional dependency on tcpdump.

Comment 11 Guillaume Rousse 2013-12-31 17:05:38 CET

re-assingning.

Assignee: guillomovitch => qa-bugs

Comment 12 user7 2014-01-03 14:40:13 CET

Testing complete on mga 3, 32 bits. I initially installed w3af through rpmdrake, then used urpmi to update it. w3af now pulls in quite a few new dependencies (see below), but fails to execute tcpdump. (see console output below)


$ w3af_console 
w3af is officially supported under Python 2.6
On debian based systems:
    sudo apt-get install python2.6-dev 

Additional information:
    pybloomfiltermmap is a required dependency in *nix systems, please install from http://pypi.python.org/pypi/pybloomfiltermmap/0.2.0

# urpmi w3af
Um die AbhÃ¤ngigkeiten zu erfÃ¼llen, werden die folgenden Pakete installiert:
  Paket                          Version      Release       Arch    
(Medium Â»Core Release (distrib1)Â«)
  libsmi-mibs-std                0.4.8        7.mga3        i586    
  libsmi2                        0.4.8        7.mga3        i586    
  smi-tools                      0.4.8        7.mga3        i586    
  tcpdump                        4.3.0        2.mga3        i586    
(Medium Â»Core Updates Testing (distrib5)Â«)
  python-pybloomfiltermmap       0.3.11       1.mga3        i586    
  w3af                           1.1          2.3.mga3      noarch  
15MB zusÃ¤tzlicher Speicher werden benÃ¶tigt
18MB an Paketen werden geholt
Fortfahren mit der Installation der 6 Pakete? (J/n) j


    $MIRRORLIST: media/core/release/libsmi-mibs-std-0.4.8-7.mga3.i586.rpm
    $MIRRORLIST: media/core/release/libsmi2-0.4.8-7.mga3.i586.rpm              
    $MIRRORLIST: media/core/release/smi-tools-0.4.8-7.mga3.i586.rpm            
    $MIRRORLIST: media/core/release/tcpdump-4.3.0-2.mga3.i586.rpm              
    $MIRRORLIST: media/core/updates_testing/python-pybloomfiltermmap-0.3.11-1.mga3.i586.rpm
    $MIRRORLIST: media/core/updates_testing/w3af-1.1-2.3.mga3.noarch.rpm
libsmi-mibs-std-0.4.8-7.mga3.i586.rpm smi-tools-0.4.8-7.mga3.i586.rpm libsmi2-0.4.8-7.mga3.i586.rpm w3af-1.1-2.3.mga3.noarch.rpm python-pybloomfiltermmap-0.3.11-1.mga3.i586.rpm tcpdump-4.3.0-2.mga3.i586.rpm von /var/cache/urpmi/rpms wird installiert
Vorbereiten â¦                    #############################################
      1/6: smi-tools             #############################################
      2/6: libsmi-mibs-std       #############################################
      3/6: libsmi2               #############################################
      4/6: tcpdump               #############################################
      5/6: python-pybloomfiltermmap
                                 #############################################
      6/6: w3af                  #############################################
      1/1: w3af-1.1-2.mga3.noarch wird entfernt
                                 #############################################

$ w3af_console 
w3af is officially supported under Python 2.6
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH

CC: (none) => wassi

user7 2014-01-05 12:58:33 CET

Whiteboard: has_procedure => has_procedure feedback

Comment 13 claire robinson 2014-02-11 10:19:54 CET

Re-assigning. See comment 12 please Guillaume.

Assignee: qa-bugs => guillomovitch
Whiteboard: has_procedure feedback => has_procedure

Comment 14 Guillaume Rousse 2014-02-18 20:29:00 CET

The warning message is quite explicit: 'Check it is installed and in the PATH'.
As tcpdump is installed under /usr/sbin, it is not part of user PATH. And even if it was, it requires admin privileges for capturing traffic.

No reason to block the pending update here.

Assignee: guillomovitch => qa-bugs

Comment 15 Samuel Verschelde 2014-02-18 21:03:09 CET

(In reply to Guillaume Rousse from comment #14)
> No reason to block the pending update here.

It's obvious to you, not to us, thus the feedback status. Thanks for the answer, process can continue.

CC: (none) => stormi

Comment 16 William Kenney 2014-02-19 19:15:05 CET

In VirtualBox, M3, KDE, 32-bit

Package(s) under test:
w3af

default install of w3af

[root@localhost wilcal]# urpmi w3af
Package w3af-1.1-2.mga3.noarch is already installed

Errors described in Description appear

install w3af from updates_testing

[root@localhost wilcal]# urpmi w3af
Package w3af-1.1-2.3.mga3.noarch is already installed

Both w3af_console and w3af_gui launch. I am not familiar
with this package but both launche so I'd say this is fixed.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
VirtualBox 4.3.6-1.mga4.x86_64.rpm

CC: (none) => wilcal.int
Whiteboard: has_procedure => has_procedure MGA3-32-OK

Comment 17 William Kenney 2014-02-19 19:50:01 CET

In VirtualBox, M3, KDE, 64-bit

Package(s) under test:
w3af

default install of w3af 

[root@localhost wilcal]# urpmi w3af
Package w3af-1.1-2.mga3.noarch is already installed

Errors described in Description appear

install w3af from updates_testing

[root@localhost wilcal]# urpmi w3af
Package w3af-1.1-2.3.mga3.noarch is already installed

Both w3af_console and w3af_gui launch. I am not familiar
with this package but both launch so I'd say this is fixed
here too.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
VirtualBox 4.3.6-1.mga4.x86_64.rpm

Whiteboard: has_procedure MGA3-32-OK => has_procedure MGA3-32-OK MGA3-64-OK

Comment 18 William Kenney 2014-02-19 19:50:38 CET

I'd say this is a go. Any other wrinkles should
probably be another BUG.

Comment 19 claire robinson 2014-02-19 20:18:14 CET

Advisory uploaded. Validating.

Could sysadmin please push to 3 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA3-32-OK MGA3-64-OK => has_procedure advisory MGA3-32-OK MGA3-64-OK
CC: (none) => sysadmin-bugs

Comment 20 Thomas Backlund 2014-02-19 22:56:10 CET

Update pushed:
http://advisories.mageia.org/MGAA-2014-0053.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.