Bug#989957: pocsuite3/1.7.5-1 [ITP] -- an open-sourced remote vulnerability testing framework.

[Tian Qiao <abcnsxyz@gmail.com>]

Hi pabs

On Jun 23, 2021, at 8:52 PM, Paul Wise <pabs@debian.org> wrote:

On Wed, 2021-06-23 at 18:32 +0800, Tian Qiao wrote:

On Jun 23, 2021, at 1:06 AM, Tobias Frost wrote:

shellcodes/data/linux/*bin
- Are they rebuilt during package build?

these are similar to static resources, which help users quickly build
shellcode when writing exploit script.
So won’t rebuild during package build.

How were these files created? It looks like they are generated from the
assembly files in the src/ subdirectory. All generated files should be
built from source at build time, and preferably removed from the
upstream source repository and tarballs, or the Debian tarball.

--
bye,
pabs

https://wiki.debian.org/PaulWise

If these files do not exist, they will be generated at runtime, and the

corresponding code is at:

https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/shellcodes/generator.py

One problem is that some tools are used to generate machine code

through assembly code, such as nasm, objdump. If these tools do not

exist on the users system, it is necessary to use pre-generated ones.

Although these tools are provided in the upstream source code, but

there will be copyright conflicts and lintian warnings will be triggered.

So I've ask upstream to provide source-only tarballs, While available at:

https://github.com/knownsec/pocsuite3/releases 

So, I think it's necessary to keep them. Thanks for attention and advice!

Regards,

—

  Tian