| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01_nostrip.patch | Remove explicit use of 'strip' from the upstream Makefile debhelper will automatically strip everything when we build the package. This is a Debian-specific modification - upstream unlikely to want this. |
Francois Marier <francois@debian.org> | yes | debian | 2021-10-10 | |
| 02_workingdir.patch | chkrootkit: cd /usr/lib/chkrootkit. Upstream chkrootkit is designed to be run from it's build directory, so calls all its executables with a "./" prefix. On Debian, executables are placed in /usr/lib/chkrootkit. . This could be upstreamed but presumably upstream would prefer the existing behaviour. . This patch is from 2017 or earlier. |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 03_linedup_reports.patch | Modify chkrootkit's printn to use printf if available. This improves readability of the output (if no -q given) by right-aligning the "nothing found" results. . A previous comment noted that upstream was not interested in this patch as printf is not portable. However, this patch should work even if printf is not present. |
Jari Aalto <jari.aalto@cante.net> | yes | debian | 2005-12-14 | |
| 04_backslashes.patch | Remove unnecessary backslashes from two chkrootkit messages This is upstreamable. |
"James R. Van Zandt" <jrv@debian.org> | yes | debian | 2008-09-06 | |
| 05_disable_enye.patch | chkproc: do not send signal 58 to PID 12345 This disables the test for Enye LKM. As the bug report notes, sending a non-standard signal to test whether a process might be a trojan risks killing unrelated software and should not be done. . This is upstreamable and was first forwarded upstream in April 2008 |
Francois Marier <francois@debian.org> | yes | debian | 2008-04-21 | |
| 06_quiet.patch | Make chklastlog support -q and make chk_* functions consistent The chk_* functions should not produce output unless in EXPERT mode, but should return INFECTED, NOT_FOUND etc and the main loop should produce output . This patch only looks at the chk_* functions (where * is in TROJANS - the functions names after the content of TOOLS are expected to produce output themselves, although this is not conistent (later debian patches address this) . This ensures even more output is hidden if -q is passed to chkrootkit . This is upstreamable. |
lantz moore <lmoore@debian.org> | yes | debian | 2002-10-03 | |
| 07_promisc.patch | Make ifpromisc output pid as well as name Makes a number of internal changes to ifpromisc . This introduces new behaviour where * if a 'packet sniffer' is detected, its pid is output as well as the name * instead of PF_PACKET the output is "PACKET_SNIFFER" . This is upstreamable. |
lantz moore <lmoore@debian.org> | yes | debian | 2005-11-27 | |
| 08_unidentified.patch | collection of other changes to upstream source made by debian All changes appear upstreamable. This dates from 2017 or earlier. |
Francois Marier <francois@debian.org> | yes | 2017-07-09 | ||
| 09_excludes.patch | Adds -e option to chkrootkit and function lookfor_rootkit Also from: Roger Leigh" <Roger Leigh rleigh@debian.org> . This adds the ability to exclude specific files/directories from the checks with the -e option . It also adds lookfor_rootkit function to remove duplication from code that searches for specific files and directories to detect several rootkits (HiDrootkit, t0rn, Lion, RSHA, RH-Sharpe) . Upstreamable |
"francois@debian.org" <francois@debian.org> | yes | 2017-07-09 | ||
| 10_fixwarnings.patch | Some little fixes to silence compiler. This is from 2017 or earlier. |
Giuseppe Iuculano <giuseppe@iuculano.it> | yes | 2017-07-09 | ||
| 11_logpath.patch | Read logs from /var/log instead of /var/adm Potentially upstreamable (may also be non-portable) Dates from 2017 or earlier. |
Giuseppe Iuculano <giuseppe@iuculano.it> | yes | 2017-07-09 | ||
| 12_procpsv3.patch | chkproc: default to procps version 3. Upstreamable. Dates from 2017 or earlier |
Giuseppe Iuculano <giuseppe@iuculano.it> | yes | 2017-07-09 | ||
| 13_exitcode.patch | Make chkrootkit explicitly exit 0 Otherwise the exit code is that of the last test that ran. This is particularly useful when calling from a script with set -e (such as from cron) . Upstreamable |
"Arjan Opmeer, Giuseppe Iuculano" <giuseppe@iuculano.it> | yes | debian | 2009-08-11 | |
| 14_chkutmp.patch | chkutmp: Fixe chkutmp parser Upstreamable. Dates from 2017 or earlier |
"Aaron M. Ucko" <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 15_kfreebsd.patch | ifpromisc: Add missing include <stdint.h> Upstreamable Dates from 2017 or earlier |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 16_php.patch | Fix the check for suspect PHP files Before this patch, 1. Any non-text file contents confuse the results of the grep if they match. 2. Not file names are printed, but file contents. . This patch fixes '/usr/bin/find: head terminated by signal 13' errors and prints affected file names instead of their content. . This dates from 2017 or earlier, but was refreshed in 2013 |
Andreas Stempfhuber <andi@afulinux.de> | yes | 2017-07-09 | ||
| 17_Suckitfalse.patch | chkroootkit: false positive for Suckit under systemd or upstart Upstreamable. |
Giuseppe Iuculano <iuculano@debian.org> | yes | debian | 2015-03-23 | |
| 18_fix-stack-smash.patch | chkutmp: Change UT_LINESIZE to UT_PIDSIZE Dates from 2017 or earlier The previous description stated only 'fix good old stack smash' . Upstreamable |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | debian | 2017-07-09 | |
| 19_openssh.patch | chkrootkit: fix Windigo test Dates from 2017 or earlier Upstreamable |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 20_Proper-flags.patch | Honor preprocesor and linker flags added at compile time by debhelper. Thanks to Lukas Schwaighofer for suggesting some improvements. Dates from 2017 or earlier . Upstreamable . Depends on patch 02 . |
Marcos Fouces <marcos@debian.org> | yes | 2017-07-09 | ||
| 21_fix_loc_function.patch | Output the results of the loc() function in test for LOC rootkit Upstreamable |
Arthur de Jong <arthur@west.nl> | yes | 2017-07-09 | ||
| 22_fix_Makefile_target.patch | Makefile: make "all" target depend on "sense" This removes the use of @exec and the message "stopping make sense". . Thanks to Lukas Schwaighofer. . Upstreamable but presumably they will prefer the original approach |
Marcos Fouces <marcos@debian.org> | yes | 2017-07-24 | ||
| 24_ser2net_exception_in_scalper.patch | Add exception for ser2net in scalper() Upstreamable |
Lorenzo 'Palinuro' Faletra <palinuro@parrotsec.org> | yes | debian | 2018-04-19 | |
| 25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch | chkrootkit: Add -s option to filter ifpromisc output . This patch adds a new option '-s' for chkrootkit to allow excluding lines from ifpromisc output . This patch also (attempts to) fix #548582 by not outputting an empty list if -q is give. . |
Stefano Torricella <stetor@y2k.it> | yes | debian | 2010-05-06 | |
| 26_improve-info-help-display.patch | chkrootkit: Improve information displayed with chkrootkit -h Needs to come after patch #25 Upstreamable apart from the reference to a Debian-specific documentation file |
Marcos Fouces <marcos@debian.org> | yes | debian | 2020-04-13 | |
| 27_fix-race-condition-ps-proc.patch | chkproc: patch 27: avoid race condition The previous description stated that this intends to fix a ""a really bad race condition in it where it compares ps and /proc." and " This patch fixes this by double checking to ensure the process hasn't exited." . (Refreshed 2023-03-11 to correct an issue where some unrelated lines were being removed by mistake having looked at the BTS, it seems these were introduced when the patch was rebased for 0.48 debian then corrected some of these in 2022 via separate patches (55,55a), and these have been squashed into patch 27 to simplify the patch queue. ... there is no change to the functionality that patch 27 introduces) This depends on patches - 12 (which sets pv to 3 by default - chkrootkit always sets this explicitly) - 8 - 5 |
Adrian Bridgett <adrian@smop.co.uk> | yes | debian | 2020-07-24 | |
| 28_chkdirs-fix-memory-leak.patch | chkdirs: fix memory leak chkdirs.c:126:2: error: Memory leak: curpath [memleak] return(-1); ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 29_chkdirs-fix-dead-code.patch | chkdirs: fix dead code In line 72 buffer is forced to be non-NULL, because it got dereferenced in line 71. chkdirs.c:71:10: warning: Either the condition 'if(buffer)' is redundant or there is possible null pointer dereference: buffer. [nullPointerRedundantCheck] if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ chkdirs.c:72:8: note: Assuming that condition 'if(buffer)' is not redundant if (buffer) free((void *)*buffer); ^ chkdirs.c:71:10: note: Null pointer dereference if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 30_chklastlog-fix-out-of-bounds-access.patch | chklastlog: fix out of bounds access We dereference userid at *uid, so *uid must be strictly smaller than userid' size. chklastlog.c:184:14: warning: Either the condition '*uid>99999' is redundant or the array 'userid[99999]' is accessed at index 99999, which is out of bounds. [arrayIndexOutOfBoundsCond] if (!userid[*uid]) ^ chklastlog.c:178:26: note: Assuming that condition '*uid>99999' is not redundant if (*uid > MAX_ID) ^ chklastlog.c:184:14: note: Array index out of bounds if (!userid[*uid]) ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 31_ifpromisc-always-null-terminate-interface-names.patch | ifpromisc: always null-terminate interface names In file included from /usr/include/string.h:495, from ifpromisc.c:54: In function strncpy, inlined from if_fetch at ifpromisc.c:311:3, inlined from if_print at ifpromisc.c:347:11: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: __builtin_strncpy specified bound 16 equals destination size [-Wstringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function strncpy, inlined from if_fetch at ifpromisc.c:313:3, inlined from if_print at ifpromisc.c:347:11: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: __builtin_strncpy specified bound 16 equals destination size [-Wstringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 32_chkdirs-use-strdup-to-avoid-stringop-overflow-warning.patch | chkdirs: use strdup to avoid stringop-overflow warning In file included from /usr/include/string.h:495, from chkdirs.c:42: In function strncpy, inlined from check_dir at chkdirs.c:136:5: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: __builtin_strncpy specified bound depends on the length of the source argument [-Werror=stringop-overflow=] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ chkdirs.c: In function check_dir: chkdirs.c:111:25: note: length computed here 111 | if (!path || !(plen = strlen(path))) { | ^~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 33_chklastlog-silence-array-bounds-warning.patch | chklastlog: silence array-bounds warning In file included from /usr/include/string.h:495, from chklastlog.c:45: In function memcpy, inlined from main at chklastlog.c:114:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: __builtin_memcpy forming offset [14, 126] is out of the bounds [0, 14] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function memcpy, inlined from main at chklastlog.c:115:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: __builtin_memcpy forming offset [17, 126] is out of the bounds [0, 17] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 34_chkwtmp-silence-array-bounds-warning.patch | chkwtmp: silence array-bounds warning In file included from /usr/include/string.h:495, from chkwtmp.c:28: In function memcpy, inlined from main at chkwtmp.c:74:8: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: __builtin_memcpy forming offset [14, 126] is out of the bounds [0, 14] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 35_ifpromisc-solve-unused-result-warnings.patch | ifpromisc: solve unused result warnings ifpromisc.c: In function read_proc_net_packet: ifpromisc.c:112:5: error: ignoring return value of fgets declared with attribute warn_unused_result [-Werror=unused-result] 112 | fgets(buf, 80, proc); | ^~~~~~~~~~~~~~~~~~~~ ifpromisc.c: In function walk_process: ifpromisc.c:211:13: error: ignoring return value of readlink declared with attribute warn_unused_result [-Werror=unused-result] 211 | readlink(path, link, sizeof(link) - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 36_chkproc-silence-unused-result-warnings.patch | chkproc: silence unused result warnings chkproc.c: In function readline: chkproc.c:124:5: error: ignoring return value of fgets declared with attribute warn_unused_result [-Werror=unused-result] 124 | fgets(buf, MAX_BUF, stream); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ chkproc.c:127:7: error: ignoring return value of fgets declared with attribute warn_unused_result [-Werror=unused-result] 127 | fgets(buf, MAX_BUF, stream); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 37_chkutmp-silence-unused-result-warnings.patch | chkutmp: silence unused result warnings chkutmp.c: In function fetchps: chkutmp.c:90:2: error: ignoring return value of fgets declared with attribute warn_unused_result [-Werror=unused-result] 90 | fgets(line, MAXREAD, ps_fp); /* skip header */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ chkutmp.c:124:20: error: ignoring return value of fgets declared with attribute warn_unused_result [-Werror=unused-result] 124 | fgets(line, MAXREAD, ps_fp); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 38_chklastlog-resolve-signed-comparison.patch | chklastlog: resolve signed comparison chklastlog.c: In function main: chklastlog.c:169:33: error: comparison of integer expressions of different signedness: long int and long unsigned int [-Werror=sign-compare] 169 | if (wtmp_bytes_read < sizeof(struct utmp)) | ^ chklastlog.c:189:45: error: comparison of integer expressions of different signedness: long int and long unsigned int [-Werror=sign-compare] 189 | if (wtmp_bytes_read < sizeof(struct lastlog)) | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 39_chkproc-resolve-signed-comparison.patch | chkproc: resolve signed comparison chkproc.c: In function readline: chkproc.c:121:17: error: comparison of integer expressions of different signedness: size_t {aka long unsigned int} and int [-Werror=sign-compare] 121 | if (strlen(s) == (size-1) && s[size-1] != '\n') | ^~ chkproc.c: In function dodgy_process: chkproc.c:280:14: error: comparison of integer expressions of different signedness: int and long unsigned int [-Werror=sign-compare] 280 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:280:32: error: operand of ?: changes signedness from int to long unsigned int due to unsignedness of other operand [-Werror=sign-compare] 280 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:283:14: error: comparison of integer expressions of different signedness: int and long unsigned int [-Werror=sign-compare] 283 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:283:32: error: operand of ?: changes signedness from int to long unsigned int due to unsignedness of other operand [-Werror=sign-compare] 283 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 40_strings-resolve-signed-comparison.patch | strings: resolve signed comparison strings.c: In function strings: strings.c:78:47: error: comparison of integer expressions of different signedness: int and long unsigned int [-Werror=sign-compare] 78 | if (c == 0 || c == '\n' || printmeindex >= sizeof(printme)-1) iseol = 1; | ^~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 41_chkutmp-silence-unused-parameter-warnings.patch | chkutmp: silence unused parameter warnings chkutmp.c: In function main: chkutmp.c:180:14: error: unused parameter argc [-Werror=unused-parameter] 180 | int main(int argc, char *argv[]) | ~~~~^~~~ chkutmp.c:180:26: error: unused parameter argv [-Werror=unused-parameter] 180 | int main(int argc, char *argv[]) | ~~~~~~^~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 42_chkdirs-annotate-usage-with-noreturn.patch | chkdirs: annotate usage with noreturn chkdirs.c: In function usage: chkdirs.c:56:6: error: function might be candidate for attribute noreturn [-Werror=suggest-attribute=noreturn] 56 | void usage () | ^~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 43_chklastlog-remove-unused-and-shadowing-variable.patch | chklastlog: remove unused and shadowing variable chklastlog.c: In function main: chklastlog.c:109:10: error: declaration of uid shadows a global declaration [-Werror=shadow] 109 | uid_t *uid; | ^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ chklastlog.c: In function getslot: chklastlog.c:295:48: error: declaration of uid shadows a global declaration [-Werror=shadow] 295 | int getslot(struct s_localpwd *localpwd, uid_t uid) | ~~~~~~^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 44_ifpromisc-do-not-discard-const-qualifier.patch | ifpromisc: do not discard const qualifier ifpromisc.c:69:17: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 69 | char *Release = "chkrootkit package", | ^~~~~~~~~~~~~~~~~~~~ ifpromisc.c:70:17: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 70 | *Version = "@(#) ifpromisc 0.9 (2007/06/15)"; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 45_chkproc-do-not-discard-const-qualifier.patch | chkproc: do not discard const qualifier chkproc.c:92:6: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 92 | "ps -edf", | ^~~~~~~~~ chkproc.c:93:6: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 93 | "ps auxw", | ^~~~~~~~~ chkproc.c:94:6: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 94 | "ps mauxw 2>&1 ", | ^~~~~~~~~~~~~~~~ chkproc.c:95:13: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 95 | "ps auxw -T|tr -s ' '|cut -d' ' -f2-", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 46_chkutmp-do-not-discard-const-qualifier.patch | chkutmp: do not discard const qualifier chkutmp.c:73:5: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 73 | "ps -ef -o \"tty,pid,ruser,args\"", /* solaris */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ chkutmp.c:74:5: error: initialization discards const qualifier from pointer target type [-Werror=discarded-qualifiers] 74 | "ps axk \"tty,ruser,args\" -o \"tty,pid,ruser,args\"" /* linux */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 47_chklastlog-remove-dead-assignment.patch | chklastlog: remove dead assignment chklastlog.c:249:12: warning: Although the value stored to 'pwdent' is used in the enclosing expression, the value is never actually read from 'pwdent' while ((pwdent = getpwent())) { ^ ~~~~~~~~~~ 1 warning generated. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 48_chkdirs-free-memory-on-failure.patch | chkdirs: free memory on failure chkdirs.c:182:7: warning: Potential leak of memory pointed to by 'dl' fprintf(stderr, "lstat(%s/%s): %s\n", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdio2.h:113:3: note: expanded from macro 'fprintf' __fprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) ^~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 49_chkdirs-fix-return-logic.patch | chkdirs: fix return logic If called with multiple arguments, do fail if any directory fails, not only the last one. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 50_strings-drop-dead-assignment.patch | strings: drop dead assignment strings.c:94:5: warning: Value stored to 'printmeindex' is never read printmeindex = 0; ^ ~ 1 warning generated. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 51_chkdirs-resolve-signed-comparison.patch | chkdirs: resolve signed comparison chkdirs.c: In function make_pathname: chkdirs.c:73:38: error: comparison of integer expressions of different signedness: long unsigned int and int [-Werror=sign-compare] 73 | if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 52_chkdirs-fix-spelling-error-and-whitespace.patch | chkdirs: fix spelling error (forwarded by email, 12 mar 2023) Replaces 'WARNIING' with 'WARNING' and removes trailing whitespace |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-15 | ||
| 54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch | Remove trailing space from output of ssh test (forwarded by email, 12 mar 2023) In test for Linux/Ebury - Operation Windigo ssh test Unlike other tests, the "not found" message was printed with a trailing space |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| 56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch | chkrootkit: Fix logic so that sshd test runs (forwarded by email, 12 mar 2023) '-s' means size >0, so we want NOTFOUND if -s fails |
Richard Lewis <richsrd.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| 57_chutmp-improve-message-if-processes-without-tty-are-found.patch | chutmp: improve message if processes without tty are found (forwarded by email, 12 mar 2023) (The message needs 'was' not 'were' because "The tty" is singular) It also fixes indentation around the change and removes trailing whitespace. . Upstreamable |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| 58_chkrootkit-improve-output.patch | chkrootkit: improve output (forwarded by email, 12 mar 2023) Add some missing messages (in non-quiet mode) where nothing was found Upstreamable. Depends on previous changes to chkrootkit |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-22 | ||
| 59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch | chkrootkit: Remove duplicate entries from check of suspicious files (forwarded by email, 12 mar 2023) The check for hidden files in /usr/lib (and other dirs) was looking for files and directories separately, but every directory (other than those starting with a . then a number) was already included in the list of files found. This patch simplifies the search to include anything starting with a . |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-23 | ||
| 60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch | chkrootkit: Improve output of sniffer and rexedcs tests (forwarded by email, 12 mar 2023) In sniffer() * Ensure $outmsg is quoted to avoid the output of ifpromisc being compressed onto one line. * This improves -s so you can actually filter some output and leave the rest * we also now add a 'header' line to explain what is being shown * and if nothing was found then no output was being made at all, which meant we didn't finish the "checking sniffer ..." line in non-quiet mode In rexedcs if something was found then no output was produced at all, which is not right |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-24 | ||
| 61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch | chkrootkit: Prevent hanging in an lxc container (forwarded by email, 12 mar 2023) lxc bind-mounts pts devices over /dev, but find does not notice, so find /dev -type f still finds /dev/console. The aliens test then tries to grep this and hangs. This patch passes --device=skip to grep which stops it hanging. Another alternative would be to pass '! -fstype devpts'. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | debian | 2021-10-29 | |
| 62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch | chkrootkit: Prevent warnings when running in lxc (forwarded by email, 12 mar 2023) This patch redirects stderr to /dev/null when running the check for the Omega worm. Some lxc containers (such as those used in the debian buildd debci system), have a /dev that 'contains' files from the host that cannot be read. This patch redirects stderr from the find to /dev/null to avoid messages appearing in the chkrootkit output (this is consistent with the check for the Lion Worm). |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-11-27 | ||
| 63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch | 63 chkrootkit: Make the 'T.R.K' test capable of finding anything (forwarded by email, 12 mar 2023) Before this patch the check for T.R.K was running find but redirecting both stdout and stderr to /dev/null, so nothing could ever be detected. Only stderr needs to be ignored. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-11-27 | ||
| 53_chkrootkit-remove-trailing-whitespace.patch | chkrootkit: remove trailing whitespace (forwarded by email, 12 mar 2023) Removes trailing whitespace from chkrootkit |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 64_chkrootkit-Define-egrep-later-to-support-p.patch | chkrootkit: Define ${egrep} later to support '-p' (forwarded by email, 12 mar 2023) The -p option allows the user to set a path for commands like grep This is done by parsing the $cmdlist variable This means we should define '${egrep}' to use the ${grep} variable after ths parsing. But the upstream code was setting egrep too early, and hardcoding the system's 'grep'. This patch moves the definition later, and uses $grep. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch | chkrootkit: comment out use of 'kill -SIGCONT 31337' (forwarded by email, 12 mar 2023) Part of the test for the Kovid LKM rootkit involves sending a SIGCONT signal to pid 31337 This patch comments that out - this may break that test, but that seems preferable to sending signals to normal processes. if the pid is a normal process then sending it a SIGCONT signal could cause unexpected behaviour, (eg if the user deliberately backgrounded something) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 66_chkrootkit-Make-output-consistent.patch | chkrootkit: Make output consistent (forwarded by email, 12 mar 2023) Lower case 'INSTALLED' -> 'installed' and fix typo 'rotkit' -> 'rootkit' |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch | chkrootkit: ensure only one argument passed to expertmode_output (forwarded by email, 12 mar 2023) The expertmode_output function only uses one argument, so when calling it, items with a space require quoting |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 68_checkrootkit-use-ROOTDIR-consistently.patch | chckrootkit: use ${ROOTDIR} consistently (forwarded by email, 12 mar 2023) Because chkrootkit ensures ROOTDIR ends in a / it can be used as "${ROOTDIR}path/to/dir" But this was not done consistently. This patch fixes that by removing / after ${ROOTDIR} |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-19 | ||
| 69_chkrootkit-fix-syntax-errors-in-chk_login.patch | chkrootkit: fix syntax errors in chk_login (forwarded by email, 12 mar 2023) Remove stray ] Redirection of stderr should be after stdout not before |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-20 | ||
| 70_chkrootkit-fix-chk_date.patch | chkrootkit: fix chk_date() (forwarded by email, 12 mar 2023) Redirect output of grep to /dev/null |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-20 | ||
| 71_chkrootkit-use-grep-not-grep-in-tests.patch | chkrootkit: use $grep not grep in tests (forwarded bBy email, 12 mar 2023) To support -p,grep should not be called directly, but only via $grep or $egrep |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch | chkrootkit: ensure $ssh is set before testing for windigo/ebury 1.4 (forwarded by email, 12 mar 2023) $ssh was not defined but should have been set using loc (in the part thst only runs under -x it was being set with 'which' but all other testsbuse 'loc' Without this the test for ebury 1.4 was never run |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 73_chkrootkit-fix-netstat-and-ss-tests.patch | chkrootkit: fix netstat and ss tests (forwarded by email, 12 mar 2023) in tests that use netstat or ss - use -n option to ss to keep port numbers numeric (otherwise ss may use service names - chk_netstat_or_ss should set $netstat to the path so that $netstat can be influenced by -p like the other commands in _chk_netstat_or_ss - prefer ss to netstat in chk_netstat - for consistency, return NOT_FOUND rather than NOT_INFECTED if we did nit have netstat installed |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 74_chkrootkit-Make-chkutmp-should-support-p.patch | chkrootkit: Make chkutmp and lkm tests support -p (forwarded by email, 12 mar 2023) chkutmp and chkproc call 'ps', and per the comments in chkutmp this assumes that this is safe. this patch adds the directory passed by -p to patH before calling those tools so that a known good ps can be used if it is available. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 75_chkrootkit-More-instances-where-x-should-be-x.patch | chkrootkit: More instances where x should be ${x} (forwarded by email, 12 mar 2023) To support -p commands in $cmdlist are meant to be called only as $cmd, but there were several places where this was not done |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-22 | ||
| 77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch | chkrootkit: fix syntax error in test for 64-bit modules (forwarded by email, 12 mar 2023) The test has a stray '2' which means the call to find will always give a syntax error and never find anything. I assume this is a typo and should be deleted. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-26 | ||
| 78_chkrootkit-fix-test-for-ebury-1.6.patch | chkrootkit: fix test for ebury 1.6 (forwarded by email, 12 mar 2023) Call to egrep was using | without brackets - so the | only 'applied' to the surrounding characters. seems unlikely to be correct. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-26 | ||
| 80_chkrootkit-make-output-consistent-aliens.patch | chkrootkit: make output consistent Should now get consistent output - in non quiet mode: - each tests statts with a "checking for" line - this line is finished with a WARNING if file is found, and this indicates which files were found on a new line. - or "not found"/"not tested" if skipped - in quiet mode the "checking for..." is skipped, as is the output if nothing was found. But the WARNING and list of files are still produced so the user can tell what the issue was. - make more tests use lookfor_rootkit - reindent in several places - quote variables to avoid globbing - use $(...) instead of deprecated `....` forwarded by email, 12 mar 2023 |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 81_chkrootkit-add-missing-braces-in-bindshell-test.patch | chkrootkit: simplify bindshell test (forwarded by email, 12 mar 2023) make $PORT space separated - avoids need for sed Avoid calling grep twice |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 82_chkrootkit-clarify-output-from-lkm-test.patch | chkrootkit: clarify output from lkm test (forwarded by email, 12 mar 2023) Move test for chkdirs and chkproc later so that test for spexific lkm can still run if neither is present Make it clesrer which command produced output |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 83_chkrotkit-Clarify-output-from-other-TOOLS.patch | chkrootkit: Clarify output from other TOOLS (forwarded by email, 12 mar 2023) Make it clear which command is producing output |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 84_chkrootkit-simplify-chk_inetdconf.patch | chkrootkit: simplify chk_inetdconf (forwarded by email, 12 mar 2023) Remove unnccessary uses of cat and grep |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch | chkrootkit: Also redirect stderr from grep to /dev/null (forwarded by email, 12 mar 2023) This avoids spurious output if a test is using grep on a files that does not exist |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-03-02 | ||
| 86_chkrootkit-usrmerge-fix.patch | chkrootkit: usrmerge fix (forwarded by email, 12 mar 2023) Make tests that search /bin (using find) also search /usr/bin so that they work on usrmerged systems |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-03-04 |