chkrootkit (0.58b-3)
[PTS] [DDPO]
NEW: VCS has unreleased changes: 0.58b-4 > 0.58b-3
- Git: https://salsa.debian.org/pkg-security-team/chkrootkit.git
-
- Branch: debian/master
- Path: debian/changelog
- Repo size: 745472
- Browser: https://salsa.debian.org/pkg-security-team/chkrootkit
- Last scan: 2025-01-30 07:19:06+00
- Next scan: 2025-02-04 11:01:00+00
- CI pipeline status: success
- Debian changelog in Git:
chkrootkit (0.58b-4) unstable; urgency=medium
[ Richard Lewis ]
* Team upload
* Set ProtectSystem in the systemd unit to prevent tests modifying
the access times of files that are examined. This ensures
systemd-tmpfiles can continue to detect unused files in /tmp
(Closes: #1089588)
* Ensure the ldsopreload test can be run on its own
* Ensure evetything compiles but does not silently
do nothing on unsupported (non-linux) systems
* chkwtmp: prevent potential overflow in argument parsing
* chkdirs: simplify code and improve message about unsupported
fs: overlayfs is more likely to be the cause than btrfs
* chkproc: fix detection of linux threads (prevents false positives),
and improve output to show the command and systemd cgroup for
suspicious pids
* Refactor all debian patches to simplify upstreaming
-- Richard Lewis <richard.lewis.debian@googlemail.com> Wed, 18 Dec 2024 23:50:00 +0000
- This branch is 13 commits ahead of tag debian/0.58b-3
- Git log:
commit 7419a79ea33a303ffaeed32d83a03c03fefd9244
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Tue Dec 31 19:01:24 2024 +0000
Ensure systemd unit can send mails
We recently enabled ProtectSystem=strict, to prevent files in /tmp having
their atimes updated. But this prevents emails being sent: we need to open
access to /var/spool, /var/mail and /var/log for exim. And some tools,
(including mail from mailutils) expect a writable TMPDIR, so we need to make
a temporary /run/chkrootkit and set TMPDIR to that (NB: we cant use PrivateTmp
as we want chkrootkit to scan the main system)
commit fdbbcbd6e4402d5c1fd95596d8bb5470c22113b2
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Dec 21 11:55:48 2024 +0000
Squash chkproc change into previous patch
commit f18548f78acd7558faadb36ab0efc8d5124b8ba1
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Dec 21 11:46:10 2024 +0000
Update Forwarded: information for all patches
commit 758cc031cf923094800493dcc32b7746e453682f
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Dec 18 23:51:56 2024 +0000
Update debian/changelog for recent changes
commit c6dbceb3c204afcd26404e488897f4ab4adc09f8
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sun Dec 15 20:46:34 2024 +0000
chkproc: improve output
Show more information about suspicious processes: show /proc/pid/cmdline and /proc/pid/comm
commit 5d48ad0fe37c4d5447deb051e36e261ea124ed00
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Thu Dec 19 13:34:06 2024 +0000
chkdirs: Fix compilation error on non-linux
commit 2e56f7cf9e0c78185e69602f363301f0d0d9e3fc
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Dec 18 23:30:50 2024 +0000
chkrootkit.service: Use ProtectSystem=strict
This makes the filesystem read-only, which is sensible precaution.
It also prevents tests modifying the access time of files when they
use grep. In particular the test for suspicious PHP files calls head(1)
on files in /tmp, which means systemd-tmpfiles will never delete them,
which is unhelpful.
Closes: #1089588
commit 98228c481ca063b05f76884724269c2c06e088e2
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sun Nov 10 10:34:20 2024 +0000
chkrootkit patches: define lookfor_rootkit in better place
Previously this function (added by Debian in 2017), was defined
inside aliens(), which (was OK but) made it unavailable for other tests.
This commit moves its definition to the more correct top-level position.
It's actually used in chk_lsdopreload, so this actually fixes running
"chkrootkit ldsopreload" to run just one test.
commit 3aa8e7c14e9db1d9a2d061ef437cbfcdf4f84067
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Nov 9 17:00:04 2024 +0000
Misc changes
- Makefile: allow STATIC to be disabled (for termux)
- check_wtmpx, chkutmp: dont silently do nothing on unsupported OS
- chkwtmp: fix overflow in argument parsing (and encoding issue in a comment)
- chkdirs: Simplify:
remove linked list that was built and then immediately cleared
ensure NAME_MAX is defined
reuse buffer for path name
instead of (incompletely) listing various os that need limits.h, include it except on the 2 that do not (fixes compilation on android, netbsd)
improve message about unsupported fs: it's more likely overlayfs than btrfs! show filesystem type (for some fs)
- chklastlog: fix compilation on android (do nothing, but not silently), fix indent
- chkproc: support netbsd, fix support for linux threads, allow -p on all OS,
allow custom ps and parsing (for testing), include fnctl, improve output,
readdir is section 2 not 3
commit 9fc4fcd189c99613c5c9a70c48e493318a55e46b
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Wed Nov 6 22:11:26 2024 +0000
Update autopkgtest for last changes
commit 349ae01af73cbcc560c9cb3840f5f2148bcd5e70
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Oct 12 16:40:41 2024 +0100
.gitignore: ignore generated files
commit 01aed060a5bc7f8bd27144862aa93f9c5e7ded74
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Sat Nov 2 21:14:24 2024 +0000
d/copyright: update
Patch for ifpromisc was renamed
commit 1082af9114e8d4420a6f8364b76e054c24e44c1d
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date: Fri Oct 25 23:27:06 2024 +0100
Refactor debian/patches
No changes, but completely restrcture patches so we have
chkrootkit: one patch for each _test_ (excpet that non-upstreamable patches are kept separate)
one patch for all other files
