| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 18_fix-stack-smash.patch | fix good old stack smash | Unknown | no | debian | ||
| 01_nostrip.patch | don't strip the main binary, it should be done in debian/rules | Francois Marier <francois@debian.org> | no | debian | ||
| 02_workingdir.patch | the base chkrootkit is designed to be run from it's build directory,therefore it uses "./" as a prefix to all it's executables. we need to change to /usr/lib/chkrootkit to keep this working |
unknown | no | |||
| 03_linedup_reports.patch | (printn): Use printf if available. Upstream is not interested in it due to portability reasons. | Jari Aalto <jari.aalto@cante.net> | no | debian | ||
| 04_backslashes.patch | Two of the chkrootkit messages have unnecessary backslashes | James R. Van Zandt <jrv@debian.org> | no | debian | ||
| 05_disable_enye.patch | disabling this check which was killing random processes | Francois Marier <francois@debian.org> | no | debian | ||
| 06_quiet.patch | hide all output from tests | lantz moore <lmoore@debian.org> | no | debian | ||
| 07_promisc.patch | fixes a number of issues related to promiscuous mode | lantz moore <lmoore@debian.org> | no | debian | ||
| 08_unidentified.patch | collection of all other changes to upstream source which haven'tbeen identified yet | Francois Marier <francois@debian.org> | no | |||
| 09_excludes.patch | add the ability to exclude specific files/directories from the checks, | Francois Marier <francois@debian.org>, Roger Leigh <Roger Leigh rleigh@debian.org> | no | |||
| 10_fixwarnings.patch | Some little fixes to silence compiler. | Giuseppe Iuculano <giuseppe@iuculano.it> | no | |||
| 11_logpath.patch | Read logs from /var/log instead of /var/adm | Giuseppe Iuculano <giuseppe@iuculano.it> | no | |||
| 12_procpsv3.patch | Let chkproc default to procps version 3. | Giuseppe Iuculano <giuseppe@iuculano.it> | no | |||
| 13_exitcode.patch | Provide exit code at the end of chkrootkit script. | Arjan Opmeer | no | debian | ||
| 14_chkutmp.diff | Description:Fixed chkutmp parser | Aaron M. Ucko | no | |||
| 15_kfreebsd.patch | Add missing include | unknown | no | |||
| 16_php.patch | The check for suspect PHP files is broken by design.1. Any non-text file contents confuse the results of the grep if they match. 2. Not file names are printed, but file contents. That can't be what the check is supposed to achieve. This patch fixes '/usr/bin/find: head terminated by signal 13' errors and prints affected file names instead of their content. |
Andreas Stempfhuber <andi@afulinux.de> | no | |||
| 17_Suckitfalse.patch | ignore false positive for Suckit rootkit when systemd is /sbin/initApply a simple fix for non-systemd init systems. Author Giuseppe Iuculano <iuculano@debian.org> |
no | debian | |||
| 19_openssh.diff | fix Windigo rootkit search with openssh | Unknown | no | |||
| 20_Proper-flags.patch | Honor preprocesor and linker flags added at compile time by debhelper. Thanks to Lukas Schwaighofer to point out some improvements. | Marcos Fouces <marcos@debian.org> | no | |||
| 21_fix_loc_function.patch | handle calls to the loc() function consistently | Arthur de Jong <arthur@west.nl> | no | |||
| 22_fix_Makefile_target.patch | the "all" target should not calls `@exec make sense` instead of just depending on the "sense" target. Thanks to Lukas Schwaighofer | Marcos Fouces <marcos@debian.org> | no | |||
| 23_fix_cross_compilation.patch | Fix cross compilation issue. Thanks to Lukas Schwaighofer | Marcos Fouces <marcos@debian.org> | no | |||
| 24_ser2net_exception_in_scalper.patch | Add exception for ser2net in scalper() (Closes: #564147) | Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org> | no | debian | 2017-09-21 | |
| 25_fix-nfs-legacy-sniffers.patch | Description:This patch fixes two issues. 1)with nfs mounted the silent don't work 2)can't exclude legacy sniffer (dhcpd, snort, ntop etc) This patch also fixes #548582 as it avoid sending an empty when an excluded element is the only element. |
Stefano Torricella <stetor@y2k.it> | no | debian | ||
| 26_improve-info-help-display.patch | improve information displayed with help option. | Marcos Fouces <marcos@debian.org> | no | debian | ||
| 27_fix-race-condition-ps-proc.patch | chkproc has a really bad race condition in it where it compares ps and /proc. This patch fixes this by double checking to ensure the process hasn't exited. |
Adrian Bridgett <adrian@smop.co.uk> | invalid | debian | 2020-07-24 | |
| 28_chkdirs-fix-memory-leak.patch | chkdirs: fix memory leak chkdirs.c:126:2: error: Memory leak: curpath [memleak] return(-1); ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 29_chkdirs-fix-dead-code.patch | chkdirs: fix dead code In line 72 buffer is forced to be non-NULL, because it got dereferenced in line 71. chkdirs.c:71:10: warning: Either the condition 'if(buffer)' is redundant or there is possible null pointer dereference: buffer. [nullPointerRedundantCheck] if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ chkdirs.c:72:8: note: Assuming that condition 'if(buffer)' is not redundant if (buffer) free((void *)*buffer); ^ chkdirs.c:71:10: note: Null pointer dereference if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 30_chklastlog-fix-out-of-bounds-access.patch | chklastlog: fix out of bounds access We dereference userid at *uid, so *uid must be strictly smaller than userid' size. chklastlog.c:184:14: warning: Either the condition '*uid>99999' is redundant or the array 'userid[99999]' is accessed at index 99999, which is out of bounds. [arrayIndexOutOfBoundsCond] if (!userid[*uid]) ^ chklastlog.c:178:26: note: Assuming that condition '*uid>99999' is not redundant if (*uid > MAX_ID) ^ chklastlog.c:184:14: note: Array index out of bounds if (!userid[*uid]) ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 31_ifpromisc-always-null-terminate-interface-names.patch | ifpromisc: always null-terminate interface names In file included from /usr/include/string.h:495, from ifpromisc.c:54: In function ‘strncpy’, inlined from ‘if_fetch’ at ifpromisc.c:311:3, inlined from ‘if_print’ at ifpromisc.c:347:11: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘strncpy’, inlined from ‘if_fetch’ at ifpromisc.c:313:3, inlined from ‘if_print’ at ifpromisc.c:347:11: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 32_chkdirs-use-strdup-to-avoid-stringop-overflow-warning.patch | chkdirs: use strdup to avoid stringop-overflow warning In file included from /usr/include/string.h:495, from chkdirs.c:42: In function ‘strncpy’, inlined from ‘check_dir’ at chkdirs.c:136:5: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ chkdirs.c: In function ‘check_dir’: chkdirs.c:111:25: note: length computed here 111 | if (!path || !(plen = strlen(path))) { | ^~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 33_chklastlog-silence-array-bounds-warning.patch | chklastlog: silence array-bounds warning In file included from /usr/include/string.h:495, from chklastlog.c:45: In function ‘memcpy’, inlined from ‘main’ at chklastlog.c:114:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [14, 126] is out of the bounds [0, 14] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘memcpy’, inlined from ‘main’ at chklastlog.c:115:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [17, 126] is out of the bounds [0, 17] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 34_chkwtmp-silence-array-bounds-warning.patch | chkwtmp: silence array-bounds warning In file included from /usr/include/string.h:495, from chkwtmp.c:28: In function ‘memcpy’, inlined from ‘main’ at chkwtmp.c:74:8: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [14, 126] is out of the bounds [0, 14] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 35_ifpromisc-solve-unused-result-warnings.patch | ifpromisc: solve unused result warnings ifpromisc.c: In function ‘read_proc_net_packet’: ifpromisc.c:112:5: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 112 | fgets(buf, 80, proc); | ^~~~~~~~~~~~~~~~~~~~ ifpromisc.c: In function ‘walk_process’: ifpromisc.c:211:13: error: ignoring return value of ‘readlink’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 211 | readlink(path, link, sizeof(link) - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 36_chkproc-silence-unused-result-warnings.patch | chkproc: silence unused result warnings chkproc.c: In function ‘readline’: chkproc.c:124:5: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 124 | fgets(buf, MAX_BUF, stream); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ chkproc.c:127:7: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 127 | fgets(buf, MAX_BUF, stream); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 37_chkutmp-silence-unused-result-warnings.patch | chkutmp: silence unused result warnings chkutmp.c: In function ‘fetchps’: chkutmp.c:90:2: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 90 | fgets(line, MAXREAD, ps_fp); /* skip header */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ chkutmp.c:124:20: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 124 | fgets(line, MAXREAD, ps_fp); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 38_chklastlog-resolve-signed-comparison.patch | chklastlog: resolve signed comparison chklastlog.c: In function ‘main’: chklastlog.c:169:33: error: comparison of integer expressions of different signedness: ‘long int’ and ‘long unsigned int’ [-Werror=sign-compare] 169 | if (wtmp_bytes_read < sizeof(struct utmp)) | ^ chklastlog.c:189:45: error: comparison of integer expressions of different signedness: ‘long int’ and ‘long unsigned int’ [-Werror=sign-compare] 189 | if (wtmp_bytes_read < sizeof(struct lastlog)) | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 39_chkproc-resolve-signed-comparison.patch | chkproc: resolve signed comparison chkproc.c: In function ‘readline’: chkproc.c:121:17: error: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int’ [-Werror=sign-compare] 121 | if (strlen(s) == (size-1) && s[size-1] != '\n') | ^~ chkproc.c: In function ‘dodgy_process’: chkproc.c:280:14: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare] 280 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:280:32: error: operand of ‘?:’ changes signedness from ‘int’ to ‘long unsigned int’ due to unsignedness of other operand [-Werror=sign-compare] 280 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:283:14: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare] 283 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:283:32: error: operand of ‘?:’ changes signedness from ‘int’ to ‘long unsigned int’ due to unsignedness of other operand [-Werror=sign-compare] 283 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 40_strings-resolve-signed-comparison.patch | strings: resolve signed comparison strings.c: In function ‘strings’: strings.c:78:47: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare] 78 | if (c == 0 || c == '\n' || printmeindex >= sizeof(printme)-1) iseol = 1; | ^~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 41_chkutmp-silence-unused-parameter-warnings.patch | chkutmp: silence unused parameter warnings chkutmp.c: In function ‘main’: chkutmp.c:180:14: error: unused parameter ‘argc’ [-Werror=unused-parameter] 180 | int main(int argc, char *argv[]) | ~~~~^~~~ chkutmp.c:180:26: error: unused parameter ‘argv’ [-Werror=unused-parameter] 180 | int main(int argc, char *argv[]) | ~~~~~~^~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 42_chkdirs-annotate-usage-with-noreturn.patch | chkdirs: annotate usage with noreturn chkdirs.c: In function ‘usage’: chkdirs.c:56:6: error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn] 56 | void usage () | ^~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 43_chklastlog-remove-unused-and-shadowing-variable.patch | chklastlog: remove unused and shadowing variable chklastlog.c: In function ‘main’: chklastlog.c:109:10: error: declaration of ‘uid’ shadows a global declaration [-Werror=shadow] 109 | uid_t *uid; | ^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ chklastlog.c: In function ‘getslot’: chklastlog.c:295:48: error: declaration of ‘uid’ shadows a global declaration [-Werror=shadow] 295 | int getslot(struct s_localpwd *localpwd, uid_t uid) | ~~~~~~^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 51_chkdirs-resolve-signed-comparison.patch | chkdirs: resolve signed comparison chkdirs.c: In function ‘make_pathname’: chkdirs.c:73:38: error: comparison of integer expressions of different signedness: ‘long unsigned int’ and ‘int’ [-Werror=sign-compare] 73 | if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 44_ifpromisc-do-not-discard-const-qualifier.patch | ifpromisc: do not discard const qualifier ifpromisc.c:69:17: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 69 | char *Release = "chkrootkit package", | ^~~~~~~~~~~~~~~~~~~~ ifpromisc.c:70:17: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 70 | *Version = "@(#) ifpromisc 0.9 (2007/06/15)"; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 45_chkproc-do-not-discard-const-qualifier.patch | chkproc: do not discard const qualifier chkproc.c:92:6: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 92 | "ps -edf", | ^~~~~~~~~ chkproc.c:93:6: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 93 | "ps auxw", | ^~~~~~~~~ chkproc.c:94:6: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 94 | "ps mauxw 2>&1 ", | ^~~~~~~~~~~~~~~~ chkproc.c:95:13: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 95 | "ps auxw -T|tr -s ' '|cut -d' ' -f2-", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 46_chkutmp-do-not-discard-const-qualifier.patch | chkutmp: do not discard const qualifier chkutmp.c:73:5: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 73 | "ps -ef -o \"tty,pid,ruser,args\"", /* solaris */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ chkutmp.c:74:5: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 74 | "ps axk \"tty,ruser,args\" -o \"tty,pid,ruser,args\"" /* linux */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 47_chklastlog-remove-dead-assignment.patch | chklastlog: remove dead assignment chklastlog.c:249:12: warning: Although the value stored to 'pwdent' is used in the enclosing expression, the value is never actually read from 'pwdent' while ((pwdent = getpwent())) { ^ ~~~~~~~~~~ 1 warning generated. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 48_chkdirs-free-memory-on-failure.patch | chkdirs: free memory on failure chkdirs.c:182:7: warning: Potential leak of memory pointed to by 'dl' fprintf(stderr, "lstat(%s/%s): %s\n", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdio2.h:113:3: note: expanded from macro 'fprintf' __fprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) ^~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 49_chkdirs-fix-return-logic.patch | chkdirs: fix return logic If called with multiple arguments, do fail if any directory fails, not only the last one. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 | ||
| 50_strings-drop-dead-assignment.patch | strings: drop dead assignment strings.c:94:5: warning: Value stored to 'printmeindex' is never read printmeindex = 0; ^ ~ 1 warning generated. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2020-07-24 |