chkrootkit (0.58b-3)
[PTS] [DDPO]
NEW: VCS has unreleased changes: 0.58b-4 > 0.58b-3
- Git: https://salsa.debian.org/pkg-security-team/chkrootkit.git
-
- Branch: debian/master
- Path: debian/changelog
- Repo size: 757760
- Browser: https://salsa.debian.org/pkg-security-team/chkrootkit
- Last scan: 2025-02-06 20:35:21+00
- Next scan: 2025-02-11 21:54:00+00
- CI pipeline status: success
- Debian changelog in Git:
chkrootkit (0.58b-4) unstable; urgency=medium
[ Richard Lewis ]
* Team upload
* Set ProtectSystem in the systemd unit to prevent tests modifying
the access times of files that are examined. This ensures
systemd-tmpfiles can continue to detect unused files in /tmp
(Closes: #1089588)
* Ensure the ldsopreload test can be run on its own
* chkwtmp: prevent potential overflow in argument parsing
* chkdirs: simplify code and improve message about unsupported
fs: overlayfs is more likely to be the cause than btrfs
* chkproc: fix detection of linux threads (prevents false positives),
and improve output to show the command and systemd cgroup for
suspicious pids
* Refactor all debian patches to simplify upstreaming
* Ensure everything compiles but does not silently
do nothing on unsupported (non-linux) systems
* Improve autopkgtests so they make less assumptions about being able to
see network managers on the host (Closes: #1093596)
-- Richard Lewis <richard.lewis.debian@googlemail.com> Wed, 5 Feb 2025 18:00:00 +0000
- This branch is 17 commits ahead of tag debian/0.58b-3
- Git log:
commit ef53a911f916616e0057dee240523bcccba523cc
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Thu Feb 6 17:05:07 2025 +0000
Update debian/changelog for recent changes
commit 4a383a4a01688da031744fb8a2b6a332f28b5aec
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Feb 5 12:36:02 2025 +0000
autopkgtests: Use 'unshare --net'
Ensure we know exactly what the 'sniffer' test should be finding by running
the test inside unshare. Rather than assuming the test sees the network
manager from the host (which is not the case in debusine, or if the host
wasnt running any networking at all), we instead run the tests in unshare
and create a dummy interface
This means that the first tests will see no networking.
When we want to test sniffer, we run our own dhcpd on the dummy interface,
with a local IP from 192.0.2.0/24 (which is reserved for testing).
This will then be found by subsequent 'sniffer' checks
commit f5a41f9e1e91045f556e7f9262fb37ac570d14ff
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Feb 5 12:33:14 2025 +0000
debian/tests/control: Add breaks-testbed
The test is not designed to be run on a "real" system
split depends into one-line per package
commit e07c26808fc96fe8b9e28eeec7966f1efbb52ea0
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Feb 5 12:27:33 2025 +0000
debian/tests/test-chkrootkit: cosmetic changes
- improve comments
- improve copying of commands to $CLEAN (the last helps if you run the file
by hand - which is not a good idea unless already in a container)
- delete more created files at the end
commit 7419a79ea33a303ffaeed32d83a03c03fefd9244
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Tue Dec 31 19:01:24 2024 +0000
Ensure systemd unit can send mails
We recently enabled ProtectSystem=strict, to prevent files in /tmp having
their atimes updated. But this prevents emails being sent: we need to open
access to /var/spool, /var/mail and /var/log for exim. And some tools,
(including mail from mailutils) expect a writable TMPDIR, so we need to make
a temporary /run/chkrootkit and set TMPDIR to that (NB: we cant use PrivateTmp
as we want chkrootkit to scan the main system)
commit fdbbcbd6e4402d5c1fd95596d8bb5470c22113b2
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Dec 21 11:55:48 2024 +0000
Squash chkproc change into previous patch
commit f18548f78acd7558faadb36ab0efc8d5124b8ba1
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Dec 21 11:46:10 2024 +0000
Update Forwarded: information for all patches
commit 758cc031cf923094800493dcc32b7746e453682f
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Dec 18 23:51:56 2024 +0000
Update debian/changelog for recent changes
commit c6dbceb3c204afcd26404e488897f4ab4adc09f8
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sun Dec 15 20:46:34 2024 +0000
chkproc: improve output
Show more information about suspicious processes: show /proc/pid/cmdline and /proc/pid/comm
commit 5d48ad0fe37c4d5447deb051e36e261ea124ed00
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Thu Dec 19 13:34:06 2024 +0000
chkdirs: Fix compilation error on non-linux
commit 2e56f7cf9e0c78185e69602f363301f0d0d9e3fc
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Dec 18 23:30:50 2024 +0000
chkrootkit.service: Use ProtectSystem=strict
This makes the filesystem read-only, which is sensible precaution.
It also prevents tests modifying the access time of files when they
use grep. In particular the test for suspicious PHP files calls head(1)
on files in /tmp, which means systemd-tmpfiles will never delete them,
which is unhelpful.
Closes: #1089588
commit 98228c481ca063b05f76884724269c2c06e088e2
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sun Nov 10 10:34:20 2024 +0000
chkrootkit patches: define lookfor_rootkit in better place
Previously this function (added by Debian in 2017), was defined
inside aliens(), which (was OK but) made it unavailable for other tests.
This commit moves its definition to the more correct top-level position.
It's actually used in chk_lsdopreload, so this actually fixes running
"chkrootkit ldsopreload" to run just one test.
commit 3aa8e7c14e9db1d9a2d061ef437cbfcdf4f84067
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Nov 9 17:00:04 2024 +0000
Misc changes
- Makefile: allow STATIC to be disabled (for termux)
- check_wtmpx, chkutmp: dont silently do nothing on unsupported OS
- chkwtmp: fix overflow in argument parsing (and encoding issue in a comment)
- chkdirs: Simplify:
remove linked list that was built and then immediately cleared
ensure NAME_MAX is defined
reuse buffer for path name
instead of (incompletely) listing various os that need limits.h, include it except on the 2 that do not (fixes compilation on android, netbsd)
improve message about unsupported fs: it's more likely overlayfs than btrfs! show filesystem type (for some fs)
- chklastlog: fix compilation on android (do nothing, but not silently), fix indent
- chkproc: support netbsd, fix support for linux threads, allow -p on all OS,
allow custom ps and parsing (for testing), include fnctl, improve output,
readdir is section 2 not 3
commit 9fc4fcd189c99613c5c9a70c48e493318a55e46b
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Nov 6 22:11:26 2024 +0000
Update autopkgtest for last changes
commit 349ae01af73cbcc560c9cb3840f5f2148bcd5e70
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Oct 12 16:40:41 2024 +0100
.gitignore: ignore generated files
commit 01aed060a5bc7f8bd27144862aa93f9c5e7ded74
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Nov 2 21:14:24 2024 +0000
d/copyright: update
Patch for ifpromisc was renamed
commit 1082af9114e8d4420a6f8364b76e054c24e44c1d
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Fri Oct 25 23:27:06 2024 +0100
Refactor debian/patches
No changes, but completely restrcture patches so we have
chkrootkit: one patch for each _test_ (excpet that non-upstreamable patches are kept separate)
one patch for all other files