[Bug 230812] New: tcpxtract - tool for extracting files from network traffic based on file signatures
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
Summary: tcpxtract - tool for extracting files from network traffic based on file signatures Product: Fedora Extras Version: devel Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: Package Review AssignedTo: nobody@fedoraproject.org ReportedBy: wolfy@nobugconsulting.ro QAContact: fedora-package-review@redhat.com
Spec URL:http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec SRPM URL: http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-2.src.rpm Description: tcpxtract is a tool for extracting files from network traffic based on file signatures. tcpxtract features the following: * Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file. * With a quick conversion, you can use your old Foremost config file with tcpxtract. * Custom written search algorithm is lightning fast and very scalable. * Search algorithm searches across packet boundries for total coverage and forensic quality. * Uses libpcap, a popular, portable and stable library for network data capture * Can be used against a live network or a tcpdump formatted capture file.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
mtasaka@ioa.s.u-tokyo.ac.jp changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mtasaka@ioa.s.u-tokyo.ac.jp
------- Additional Comments From mtasaka@ioa.s.u-tokyo.ac.jp 2007-03-02 21:19 EST ------- A comment (well, I am currently reviewing more than 10 bugs, so I hope someone else will review this report).
* hardcoded path - The path of DEFAULT_CONFIG_FILE is hardcoded, which should be avoided generally. * If it cannot be avoided to use hardcoded path, so don't use %{_sysconfdir} and use hardcoded path in spec file to make them consistent * Generally, the method like ---------------------------------------------------------- %{__sed} -i.path -e '/DEFAULT_CONFIG_FILE/s|/usr/local/etc|%{_sysconfdir}||' tcpxtract.c ---------------------------------------------------------- is used to pass macro correctly.
* Timestamps - Keep timestamps on man file and conf file. Perhaps ---------------------------------------------------------- make install DESTDIR=$RPM_BUILD_ROOT install="%{_install} -c -p" ---------------------------------------------------------- will do the trick.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
------- Additional Comments From mtasaka@ioa.s.u-tokyo.ac.jp 2007-03-02 21:31 EST ------- ... correct one is -e '/DEFAULT_CONFIG_FILE/s|/usr/local/etc|%{_sysconfdir}|'
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
------- Additional Comments From wolfy@nobugconsulting.ro 2007-03-03 09:34 EST ------- Thank you for your comments, Mamoru
I hope you have noticed that exactly because of the hard coded path of DEFAULT_CONFIG_FILE I have included a patch (in release -2). However, because your method seems cleaner (will work even if sometime in the future the sysconfdir is modified), I have removed the patch and used your method (release -3) Since the man page is compressed during build, the timestamp of the file which is included in the binary rpm will be the time of the rpm build, not the one of the original man page, so no real reason for using "install -p" for it. However I have added "install -p" for the sake of compliance with the general accepted usage and for the config file.
New versions are available at http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-3.src.rpm
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
------- Additional Comments From ingvar@linpro.no 2007-03-03 17:48 EST -------
Since the man page is compressed during build, the timestamp of the file which is included in the binary rpm will be the time of the rpm build, not the one of the original man page, so no real reason for using "install -p" for it
Just for the record, this is not right if gzip is used correctly. gzip does by default not change the timestamp on a file after it is compressed.
$ LANG=C date Sat Mar 3 23:44:52 CET 2007
$ ls -l foo -rw-rw-r-- 1 ingvar ingvar 860866 feb 20 20:51 foo
$ gzip foo; ls -l foo.gz -rw-rw-r-- 1 ingvar ingvar 146748 feb 20 20:51 foo.gz
Ingvar
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
------- Additional Comments From wolfy@nobugconsulting.ro 2007-03-03 22:48 EST ------- New version of spec and src.rpm uploaded at http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-4.src.rpm
This time it really keeps the timestamps. A couple of errors were present in the timestamp preservation part of the spec.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
mtasaka@ioa.s.u-tokyo.ac.jp changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|tcpxtract - tool for |Review Request: tcpxtract - |extracting files from |tool for extracting files |network traffic based on |from network traffic based |file signatures |on file signatures Status|NEW |ASSIGNED AssignedTo|nobody@fedoraproject.org |mtasaka@ioa.s.u-tokyo.ac.jp Flag| |fedora-review?
------- Additional Comments From mtasaka@ioa.s.u-tokyo.ac.jp 2007-03-07 12:57 EST ------- Well, for -4:
(Well, %{_install} was my typo, it should actually be %{__install}... sorry)
* macro -------------------------------------- %configure --sysconfdir=/etc --prefix=/ -------------------------------------- Perhaps this "sysconfdir" is used to direct where tcpxtract.conf is installed (according to "install-sysconfDATA" of Makefile.in) So this should be %configure --sysconfdir=%{_sysconfdir} as you use ------------------------------------- %{__sed} -i.path -e '/DEFAULT_CONFIG_FILE/s#/usr/local/etc#%{_sysconfdir}#' tcpxtract.c -------------------------------------
After this fix I will approve this package.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
------- Additional Comments From wolfy@nobugconsulting.ro 2007-03-07 22:25 EST ------- Goos catch, thank you Mamoru. Those were leftovers since the struggle to convince make to place the config file in /etc, but before patching Makefile. Removed.
New version available at http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-5.src.rpm
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
mtasaka@ioa.s.u-tokyo.ac.jp changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|fedora-review? |fedora-review+
------- Additional Comments From mtasaka@ioa.s.u-tokyo.ac.jp 2007-03-08 09:08 EST ------- Okay.
----------------------------------------------- This package (tcpxtract) is APPROVED by me. -----------------------------------------------
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
------- Additional Comments From wolfy@nobugconsulting.ro 2007-03-08 10:31 EST ------- I've modified a bit the spec to make it build in EPEL-4 (conditional BR: .el4-> libpcap, anything else -> libpcap.devel).
The new version is available at http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract.spec http://wdl.lug.ro/linux/rpms/tcpxtract/tcpxtract-1.0.1-6.src.rpm
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
wolfy@nobugconsulting.ro changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag| |fedora-cvs?
------- Additional Comments From wolfy@nobugconsulting.ro 2007-03-08 10:39 EST ------- New Package CVS Request ======================= Package Name: tcpxtract Short Description: tcpxtract is a tool for extracting files from network traffic based on file signatures Owners: wolfy@nobugconsulting.ro Branches: EPEL-4 FC-6 InitialCC:
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
dennis@ausil.us changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|fedora-cvs? |fedora-cvs+
------- Additional Comments From dennis@ausil.us 2007-03-08 20:51 EST ------- Branched
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
wolfy@nobugconsulting.ro changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE
------- Additional Comments From wolfy@nobugconsulting.ro 2007-03-09 20:46 EST ------- built.
thanks to Mamoru for review, thl, Gianlu and Xavier for the help in doing "yum install brain"
closing.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |medium Priority|normal |medium Product|Fedora Extras |Fedora
wolfy@nobugconsulting.ro changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|fedora-cvs+ |fedora-cvs?
------- Additional Comments From wolfy@nobugconsulting.ro 2007-08-08 10:30 EST ------- Package Change Request ====================== Package Name: tcpxtract New Branches: EL-5
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: tcpxtract - tool for extracting files from network traffic based on file signatures
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230812
kevin@tummy.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flag|fedora-cvs? |fedora-cvs+
------- Additional Comments From kevin@tummy.com 2007-08-08 16:52 EST ------- cvs done.
package-review@lists.fedoraproject.org
-
Red Hat Bugzilla