| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 40_strings-resolve-signed-comparison.patch | strings: resolve signed comparison strings.c: In function ‘strings’: strings.c:78:47: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare] 78 | if (c == 0 || c == '\n' || printmeindex >= sizeof(printme)-1) iseol = 1; | ^~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 01_nostrip.patch | Remove explicit use of 'strip' from the upstream Makefile debhelper will automatically strip everything when we build the package. This is a Debian-specific modification - upstream unlikely to want this. |
Francois Marier <francois@debian.org> | yes | debian | 2021-10-10 | |
| 02_workingdir.patch | chkrootkit: cd /usr/lib/chkrootkit. Upstream chkrootkit is designed to be run from it's build directory, so calls all its executables with a "./" prefix. On Debian, executables are placed in /usr/lib/chkrootkit. . This could be upstreamed but presumably upstream would prefer the existing behaviour. . This patch is from 2017 or earlier. |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 03_linedup_reports.patch | Modify chkrootkit's printn to use printf if available. This improves readability of the output (if no -q given) by right-aligning the "nothing found" results. . A previous comment noted that upstream was not interested in this patch as printf is not portable. However, this patch should work even if printf is not present. |
Jari Aalto <jari.aalto@cante.net> | yes | debian | 2005-12-14 | |
| 04_backslashes.patch | Remove unnecessary backslashes from two chkrootkit messages This is upstreamable. |
"James R. Van Zandt" <jrv@debian.org> | yes | debian | 2008-09-06 | |
| 05_disable_enye.patch | chkproc: do not send signal 58 to PID 12345 This disables the test for Enye LKM. As the bug report notes, sending a non-standard signal to test whether a process might be a trojan risks killing unrelated software and should not be done. . This is upstreamable and was first forwarded upstream in April 2008 |
Francois Marier <francois@debian.org> | yes | debian | 2008-04-21 | |
| 06_quiet.patch | Make chklastlog support -q and make chk_* functions consistent The chk_* functions should not produce output unless in EXPERT mode, but should return INFECTED, NOT_FOUND etc and the main loop should produce output . This patch only looks at the chk_* functions (where * is in TROJANS - the functions names after the content of TOOLS are expected to produce output themselves, although this is not conistent (later debian patches address this) . This ensures even more output is hidden if -q is passed to chkrootkit . This is upstreamable. |
lantz moore <lmoore@debian.org> | yes | debian | 2002-10-03 | |
| 07_promisc.patch | Make ifpromisc output pid as well as name Makes a number of internal changes to ifpromisc . This introduces new behaviour where * if a 'packet sniffer' is detected, its pid is output as well as the name * instead of PF_PACKET the output is "PACKET_SNIFFER" . This is upstreamable. |
lantz moore <lmoore@debian.org> | yes | debian | 2005-11-27 | |
| 08_unidentified.patch | collection of other changes to upstream source made by debian All changes appear upstreamable. This dates from 2017 or earlier. |
Francois Marier <francois@debian.org> | yes | 2017-07-09 | ||
| 09_excludes.patch | Adds -e option to chkrootkit and function lookfor_rootkit Also from: Roger Leigh" <Roger Leigh rleigh@debian.org> . This adds the ability to exclude specific files/directories from the checks with the -e option . It also adds lookfor_rootkit function to remove duplication from code that searches for specific files and directories to detect several rootkits (HiDrootkit, t0rn, Lion, RSHA, RH-Sharpe) . Upstreamable |
"francois@debian.org" <francois@debian.org> | yes | 2017-07-09 | ||
| 10_fixwarnings.patch | Some little fixes to silence compiler. This is from 2017 or earlier. |
Giuseppe Iuculano <giuseppe@iuculano.it> | yes | 2017-07-09 | ||
| 11_logpath.patch | Read logs from /var/log instead of /var/adm Potentially upstreamable (may also be non-portable) Dates from 2017 or earlier. |
Giuseppe Iuculano <giuseppe@iuculano.it> | yes | 2017-07-09 | ||
| 12_procpsv3.patch | chkproc: default to procps version 3. Upstreamable. Dates from 2017 or earlier |
Giuseppe Iuculano <giuseppe@iuculano.it> | yes | 2017-07-09 | ||
| 13_exitcode.patch | Make chkrootkit explicitly exit 0 Otherwise the exit code is that of the last test that ran. This is particularly useful when calling from a script with set -e (such as from cron) . Upstreamable |
"Arjan Opmeer, Giuseppe Iuculano" <giuseppe@iuculano.it> | yes | debian | 2009-08-11 | |
| 14_chkutmp.patch | chkutmp: Fixe chkutmp parser Upstreamable. Dates from 2017 or earlier |
"Aaron M. Ucko" <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 15_kfreebsd.patch | ifpromisc: Add missing include <stdint.h> Upstreamable Dates from 2017 or earlier |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 16_php.patch | Fix the check for suspect PHP files Before this patch, 1. Any non-text file contents confuse the results of the grep if they match. 2. Not file names are printed, but file contents. . This patch fixes '/usr/bin/find: head terminated by signal 13' errors and prints affected file names instead of their content. . This dates from 2017 or earlier, but was refreshed in 2023 and 2024 |
Andreas Stempfhuber <andi@afulinux.de> | yes | 2017-07-09 | ||
| 17_Suckitfalse.patch | chkroootkit: false positive for Suckit under systemd or upstart Upstreamable. |
Giuseppe Iuculano <iuculano@debian.org> | yes | debian | 2015-03-23 | |
| 18_fix-stack-smash.patch | chkutmp: Change UT_LINESIZE to UT_PIDSIZE Dates from 2017 or earlier The previous description stated only 'fix good old stack smash' . Upstreamable |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | debian | 2017-07-09 | |
| 19_openssh.patch | chkrootkit: fix Windigo test Dates from 2017 or earlier Upstreamable |
Unknown Author <team+pkg-security@tracker.debian.org> | yes | 2017-07-09 | ||
| 20_Proper-flags.patch | Honor preprocesor and linker flags added at compile time by debhelper. Thanks to Lukas Schwaighofer for suggesting some improvements. Dates from 2017 or earlier . Upstreamable |
Marcos Fouces <marcos@debian.org> | yes | 2017-07-09 | ||
| 21_fix_loc_function.patch | Output the results of the loc() function in test for LOC rootkit Upstreamable |
Arthur de Jong <arthur@west.nl> | yes | 2017-07-09 | ||
| 24_ser2net_exception_in_scalper.patch | Add exception for ser2net in scalper() Upstreamable |
Lorenzo 'Palinuro' Faletra <palinuro@parrotsec.org> | yes | debian | 2018-04-19 | |
| 25_chkrootkit-Add-s-option-to-filter-ifpromisc-output.patch | chkrootkit: Add -s option to filter ifpromisc output . This patch adds a new option '-s' for chkrootkit to allow excluding lines from ifpromisc output . This patch also (attempts to) fix #548582 by not outputting an empty list if -q is give. . |
Stefano Torricella <stetor@y2k.it> | yes | debian | 2010-05-06 | |
| 26_improve-info-help-display.patch | chkrootkit: Improve information displayed with chkrootkit -h Needs to come after patch #25 Upstreamable apart from the reference to a Debian-specific documentation file |
Marcos Fouces <marcos@debian.org> | yes | debian | 2020-04-13 | |
| 27_fix-race-condition-ps-proc.patch | chkproc: patch 27: avoid race condition The previous description stated that this intends to fix a ""a really bad race condition in it where it compares ps and /proc." and " This patch fixes this by double checking to ensure the process hasn't exited." . (Refreshed 2023-03-11 to correct an issue where some unrelated lines were being removed by mistake having looked at the BTS, it seems these were introduced when the patch was rebased for 0.48 debian then corrected some of these in 2022 via separate patches (55,55a), and these have been squashed into patch 27 to simplify the patch queue. ... there is no change to the functionality that patch 27 introduces) This depends on patches - 12 (which sets pv to 3 by default - chkrootkit always sets this explicitly) - 8 - 5 |
Adrian Bridgett <adrian@smop.co.uk> | yes | debian | 2020-07-24 | |
| 28_chkdirs-fix-memory-leak.patch | chkdirs: fix memory leak chkdirs.c:126:2: error: Memory leak: curpath [memleak] return(-1); ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 41_chkutmp-silence-unused-parameter-warnings.patch | chkutmp: silence unused parameter warnings chkutmp.c: In function ‘main’: chkutmp.c:180:14: error: unused parameter ‘argc’ [-Werror=unused-parameter] 180 | int main(int argc, char *argv[]) | ~~~~^~~~ chkutmp.c:180:26: error: unused parameter ‘argv’ [-Werror=unused-parameter] 180 | int main(int argc, char *argv[]) | ~~~~~~^~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 42_chkdirs-annotate-usage-with-noreturn.patch | chkdirs: annotate usage with noreturn chkdirs.c: In function ‘usage’: chkdirs.c:56:6: error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn] 56 | void usage () | ^~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 43_chklastlog-remove-unused-and-shadowing-variable.patch | chklastlog: remove unused and shadowing variable chklastlog.c: In function ‘main’: chklastlog.c:109:10: error: declaration of ‘uid’ shadows a global declaration [-Werror=shadow] 109 | uid_t *uid; | ^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ chklastlog.c: In function ‘getslot’: chklastlog.c:295:48: error: declaration of ‘uid’ shadows a global declaration [-Werror=shadow] 295 | int getslot(struct s_localpwd *localpwd, uid_t uid) | ~~~~~~^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 44_ifpromisc-do-not-discard-const-qualifier.patch | ifpromisc: do not discard const qualifier ifpromisc.c:69:17: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 69 | char *Release = "chkrootkit package", | ^~~~~~~~~~~~~~~~~~~~ ifpromisc.c:70:17: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 70 | *Version = "@(#) ifpromisc 0.9 (2007/06/15)"; | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 29_chkdirs-fix-dead-code.patch | chkdirs: fix dead code In line 72 buffer is forced to be non-NULL, because it got dereferenced in line 71. chkdirs.c:71:10: warning: Either the condition 'if(buffer)' is redundant or there is possible null pointer dereference: buffer. [nullPointerRedundantCheck] if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ chkdirs.c:72:8: note: Assuming that condition 'if(buffer)' is not redundant if (buffer) free((void *)*buffer); ^ chkdirs.c:71:10: note: Null pointer dereference if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 30_chklastlog-fix-out-of-bounds-access.patch | chklastlog: fix out of bounds access We dereference userid at *uid, so *uid must be strictly smaller than userid' size. chklastlog.c:184:14: warning: Either the condition '*uid>99999' is redundant or the array 'userid[99999]' is accessed at index 99999, which is out of bounds. [arrayIndexOutOfBoundsCond] if (!userid[*uid]) ^ chklastlog.c:178:26: note: Assuming that condition '*uid>99999' is not redundant if (*uid > MAX_ID) ^ chklastlog.c:184:14: note: Array index out of bounds if (!userid[*uid]) ^ Found by Cppcheck |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 31_ifpromisc-always-null-terminate-interface-names.patch | ifpromisc: always null-terminate interface names In file included from /usr/include/string.h:495, from ifpromisc.c:54: In function ‘strncpy’, inlined from ‘if_fetch’ at ifpromisc.c:311:3, inlined from ‘if_print’ at ifpromisc.c:347:11: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘strncpy’, inlined from ‘if_fetch’ at ifpromisc.c:313:3, inlined from ‘if_print’ at ifpromisc.c:347:11: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 38_chklastlog-resolve-signed-comparison.patch | chklastlog: resolve signed comparison chklastlog.c: In function ‘main’: chklastlog.c:169:33: error: comparison of integer expressions of different signedness: ‘long int’ and ‘long unsigned int’ [-Werror=sign-compare] 169 | if (wtmp_bytes_read < sizeof(struct utmp)) | ^ chklastlog.c:189:45: error: comparison of integer expressions of different signedness: ‘long int’ and ‘long unsigned int’ [-Werror=sign-compare] 189 | if (wtmp_bytes_read < sizeof(struct lastlog)) | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 39_chkproc-resolve-signed-comparison.patch | chkproc: resolve signed comparison chkproc.c: In function ‘readline’: chkproc.c:121:17: error: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int’ [-Werror=sign-compare] 121 | if (strlen(s) == (size-1) && s[size-1] != '\n') | ^~ chkproc.c: In function ‘dodgy_process’: chkproc.c:280:14: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare] 280 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:280:32: error: operand of ‘?:’ changes signedness from ‘int’ to ‘long unsigned int’ due to unsignedness of other operand [-Werror=sign-compare] 280 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:283:14: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare] 283 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ chkproc.c:283:32: error: operand of ‘?:’ changes signedness from ‘int’ to ‘long unsigned int’ due to unsignedness of other operand [-Werror=sign-compare] 283 | path[(j < sizeof(path)) ? j : sizeof(path) - 1] = 0; | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 32_chkdirs-use-strdup-to-avoid-stringop-overflow-warning.patch | chkdirs: use strdup to avoid stringop-overflow warning In file included from /usr/include/string.h:495, from chkdirs.c:42: In function ‘strncpy’, inlined from ‘check_dir’ at chkdirs.c:136:5: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ chkdirs.c: In function ‘check_dir’: chkdirs.c:111:25: note: length computed here 111 | if (!path || !(plen = strlen(path))) { | ^~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 33_chklastlog-silence-array-bounds-warning.patch | chklastlog: silence array-bounds warning In file included from /usr/include/string.h:495, from chklastlog.c:45: In function ‘memcpy’, inlined from ‘main’ at chklastlog.c:114:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [14, 126] is out of the bounds [0, 14] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘memcpy’, inlined from ‘main’ at chklastlog.c:115:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [17, 126] is out of the bounds [0, 17] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 34_chkwtmp-silence-array-bounds-warning.patch | chkwtmp: silence array-bounds warning In file included from /usr/include/string.h:495, from chkwtmp.c:28: In function ‘memcpy’, inlined from ‘main’ at chkwtmp.c:74:8: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [14, 126] is out of the bounds [0, 14] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 35_ifpromisc-solve-unused-result-warnings.patch | ifpromisc: solve unused result warnings ifpromisc.c: In function ‘read_proc_net_packet’: ifpromisc.c:112:5: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 112 | fgets(buf, 80, proc); | ^~~~~~~~~~~~~~~~~~~~ ifpromisc.c: In function ‘walk_process’: ifpromisc.c:211:13: error: ignoring return value of ‘readlink’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 211 | readlink(path, link, sizeof(link) - 1); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 36_chkproc-silence-unused-result-warnings.patch | chkproc: silence unused result warnings chkproc.c: In function ‘readline’: chkproc.c:124:5: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 124 | fgets(buf, MAX_BUF, stream); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ chkproc.c:127:7: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 127 | fgets(buf, MAX_BUF, stream); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 37_chkutmp-silence-unused-result-warnings.patch | chkutmp: silence unused result warnings chkutmp.c: In function ‘fetchps’: chkutmp.c:90:2: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 90 | fgets(line, MAXREAD, ps_fp); /* skip header */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ chkutmp.c:124:20: error: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ [-Werror=unused-result] 124 | fgets(line, MAXREAD, ps_fp); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 45_chkproc-do-not-discard-const-qualifier.patch | chkproc: do not discard const qualifier chkproc.c:92:6: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 92 | "ps -edf", | ^~~~~~~~~ chkproc.c:93:6: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 93 | "ps auxw", | ^~~~~~~~~ chkproc.c:94:6: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 94 | "ps mauxw 2>&1 ", | ^~~~~~~~~~~~~~~~ chkproc.c:95:13: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 95 | "ps auxw -T|tr -s ' '|cut -d' ' -f2-", | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 46_chkutmp-do-not-discard-const-qualifier.patch | chkutmp: do not discard const qualifier chkutmp.c:73:5: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 73 | "ps -ef -o \"tty,pid,ruser,args\"", /* solaris */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ chkutmp.c:74:5: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] 74 | "ps axk \"tty,ruser,args\" -o \"tty,pid,ruser,args\"" /* linux */ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 47_chklastlog-remove-dead-assignment.patch | chklastlog: remove dead assignment chklastlog.c:249:12: warning: Although the value stored to 'pwdent' is used in the enclosing expression, the value is never actually read from 'pwdent' while ((pwdent = getpwent())) { ^ ~~~~~~~~~~ 1 warning generated. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 48_chkdirs-free-memory-on-failure.patch | chkdirs: free memory on failure chkdirs.c:182:7: warning: Potential leak of memory pointed to by 'dl' fprintf(stderr, "lstat(%s/%s): %s\n", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdio2.h:113:3: note: expanded from macro 'fprintf' __fprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) ^~~~~~~~~~~~~ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 49_chkdirs-fix-return-logic.patch | chkdirs: fix return logic If called with multiple arguments, do fail if any directory fails, not only the last one. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 50_strings-drop-dead-assignment.patch | strings: drop dead assignment strings.c:94:5: warning: Value stored to 'printmeindex' is never read printmeindex = 0; ^ ~ 1 warning generated. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 51_chkdirs-resolve-signed-comparison.patch | chkdirs: resolve signed comparison chkdirs.c: In function ‘make_pathname’: chkdirs.c:73:38: error: comparison of integer expressions of different signedness: ‘long unsigned int’ and ‘int’ [-Werror=sign-compare] 73 | if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { | ^ |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | 2020-07-24 | ||
| 52_chkdirs-fix-spelling-error-and-whitespace.patch | chkdirs: fix spelling error (forwarded by email, 12 mar 2023) Replaces 'WARNIING' with 'WARNING' and removes trailing whitespace |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-15 | ||
| 54_chkrootkit-Remove-trailing-space-in-windigo-not-found-message.patch | Remove trailing space from output of ssh test (forwarded by email, 12 mar 2023) In test for Linux/Ebury - Operation Windigo ssh test Unlike other tests, the "not found" message was printed with a trailing space |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| 56_chkrootkit-Fix-logic-so-that-sshd-test-runs.patch | chkrootkit: Fix logic so that sshd test runs (forwarded by email, 12 mar 2023) '-s' means size >0, so we want NOTFOUND if -s fails |
Richard Lewis <richsrd.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| 57_chutmp-improve-message-if-processes-without-tty-are-found.patch | chutmp: improve message if processes without tty are found (forwarded by email, 12 mar 2023) (The message needs 'was' not 'were' because "The tty" is singular) It also fixes indentation around the change and removes trailing whitespace. . Upstreamable |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| 58_chkrootkit-improve-output.patch | chkrootkit: improve output (forwarded by email, 12 mar 2023) Add some missing messages (in non-quiet mode) where nothing was found Upstreamable. Depends on previous changes to chkrootkit |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-22 | ||
| 59_chkrootkit-Remove-duplicate-entries-from-check-of-suspicious-files.patch | chkrootkit: Remove duplicate entries from check of suspicious files (forwarded by email, 12 mar 2023) The check for hidden files in /usr/lib (and other dirs) was looking for files and directories separately, but every directory (other than those starting with a . then a number) was already included in the list of files found. This patch simplifies the search to include anything starting with a . |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-23 | ||
| 60_chkrootkit-Improve-output-of-sniffer-and-make-rexedcs-give-some-output-if-infected.patch | chkrootkit: Improve output of sniffer and rexedcs tests (forwarded by email, 12 mar 2023) In sniffer() * Ensure $outmsg is quoted to avoid the output of ifpromisc being compressed onto one line. * This improves -s so you can actually filter some output and leave the rest * we also now add a 'header' line to explain what is being shown * and if nothing was found then no output was being made at all, which meant we didn't finish the "checking sniffer ..." line in non-quiet mode In rexedcs if something was found then no output was produced at all, which is not right |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-24 | ||
| 61_chkrootkit-Prevent-hanging-in-an-lxc-container.patch | chkrootkit: Prevent hanging in an lxc container (forwarded by email, 12 mar 2023) lxc bind-mounts pts devices over /dev, but find does not notice, so find /dev -type f still finds /dev/console. The aliens test then tries to grep this and hangs. This patch passes --device=skip to grep which stops it hanging. Another alternative would be to pass '! -fstype devpts'. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | debian | 2021-10-29 | |
| 62_chkrootkit-Prevent-warnings-when-running-in-an-lxc-container.patch | chkrootkit: Prevent warnings when running in lxc (forwarded by email, 12 mar 2023) This patch redirects stderr to /dev/null when running the check for the Omega worm. Some lxc containers (such as those used in the debian buildd debci system), have a /dev that 'contains' files from the host that cannot be read. This patch redirects stderr from the find to /dev/null to avoid messages appearing in the chkrootkit output (this is consistent with the check for the Lion Worm). |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-11-27 | ||
| 63_chkrootkit-Make-the-T.R.K-test-capable-of-finding-anything.patch | 63 chkrootkit: Make the 'T.R.K' test capable of finding anything (forwarded by email, 12 mar 2023) Before this patch the check for T.R.K was running find but redirecting both stdout and stderr to /dev/null, so nothing could ever be detected. Only stderr needs to be ignored. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-11-27 | ||
| 53_chkrootkit-remove-trailing-whitespace.patch | chkrootkit: remove trailing whitespace (forwarded by email, 12 mar 2023) Removes trailing whitespace from chkrootkit |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 64_chkrootkit-Define-egrep-later-to-support-p.patch | chkrootkit: Define ${egrep} later to support '-p' (forwarded by email, 12 mar 2023) The -p option allows the user to set a path for commands like grep This is done by parsing the $cmdlist variable This means we should define '${egrep}' to use the ${grep} variable after ths parsing. But the upstream code was setting egrep too early, and hardcoding the system's 'grep'. This patch moves the definition later, and uses $grep. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 65_chkrootkit-comment-out-use-of-kill-SIGCONT-31337.patch | chkrootkit: comment out use of 'kill -SIGCONT 31337' (forwarded by email, 12 mar 2023) Part of the test for the Kovid LKM rootkit involves sending a SIGCONT signal to pid 31337 This patch comments that out - this may break that test, but that seems preferable to sending signals to normal processes. if the pid is a normal process then sending it a SIGCONT signal could cause unexpected behaviour, (eg if the user deliberately backgrounded something) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 66_chkrootkit-Make-output-consistent.patch | chkrootkit: Make output consistent (forwarded by email, 12 mar 2023) Lower case 'INSTALLED' -> 'installed' and fix typo 'rotkit' -> 'rootkit' |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 67_chkrootkit-ensure-only-one-argument-passed-to-expertmode_.patch | chkrootkit: ensure only one argument passed to expertmode_output (forwarded by email, 12 mar 2023) The expertmode_output function only uses one argument, so when calling it, items with a space require quoting |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-18 | ||
| 68_checkrootkit-use-ROOTDIR-consistently.patch | chckrootkit: use ${ROOTDIR} consistently (forwarded by email, 12 mar 2023) Because chkrootkit ensures ROOTDIR ends in a / it can be used as "${ROOTDIR}path/to/dir" But this was not done consistently. This patch fixes that by removing / after ${ROOTDIR} |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-19 | ||
| 69_chkrootkit-fix-syntax-errors-in-chk_login.patch | chkrootkit: fix syntax errors in chk_login (forwarded by email, 12 mar 2023) Remove stray ] Redirection of stderr should be after stdout not before |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-20 | ||
| 70_chkrootkit-fix-chk_date.patch | chkrootkit: fix chk_date() (forwarded by email, 12 mar 2023) Redirect output of grep to /dev/null |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-20 | ||
| 71_chkrootkit-use-grep-not-grep-in-tests.patch | chkrootkit: use $grep not grep in tests (forwarded bBy email, 12 mar 2023) To support -p,grep should not be called directly, but only via $grep or $egrep |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 72_chkrootkit-ensure-ssh-is-set-before-testing-for-windigo-e.patch | chkrootkit: ensure $ssh is set before testing for windigo/ebury 1.4 (forwarded by email, 12 mar 2023) $ssh was not defined but should have been set using loc (in the part thst only runs under -x it was being set with 'which' but all other testsbuse 'loc' Without this the test for ebury 1.4 was never run |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 73_chkrootkit-fix-netstat-and-ss-tests.patch | chkrootkit: fix netstat and ss tests (forwarded by email, 12 mar 2023) in tests that use netstat or ss - use -n option to ss to keep port numbers numeric (otherwise ss may use service names - chk_netstat_or_ss should set $netstat to the path so that $netstat can be influenced by -p like the other commands in _chk_netstat_or_ss - prefer ss to netstat in chk_netstat - for consistency, return NOT_FOUND rather than NOT_INFECTED if we did nit have netstat installed |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 74_chkrootkit-Make-chkutmp-should-support-p.patch | chkrootkit: Make chkutmp and lkm tests support -p (forwarded by email, 12 mar 2023) chkutmp and chkproc call 'ps', and per the comments in chkutmp this assumes that this is safe. this patch adds the directory passed by -p to patH before calling those tools so that a known good ps can be used if it is available. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| 75_chkrootkit-More-instances-where-x-should-be-x.patch | chkrootkit: More instances where x should be ${x} (forwarded by email, 12 mar 2023) To support -p commands in $cmdlist are meant to be called only as $cmd, but there were several places where this was not done |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-22 | ||
| 77_chkrootkit-fix-syntax-error-in-test-for-64-bit-modules.patch | chkrootkit: fix syntax error in test for 64-bit modules (forwarded by email, 12 mar 2023) The test has a stray '2' which means the call to find will always give a syntax error and never find anything. I assume this is a typo and should be deleted. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-26 | ||
| 78_chkrootkit-fix-test-for-ebury-1.6.patch | chkrootkit: fix test for ebury 1.6 (forwarded by email, 12 mar 2023) Call to egrep was using | without brackets - so the | only 'applied' to the surrounding characters. seems unlikely to be correct. |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-26 | ||
| 80_chkrootkit-make-output-consistent-aliens.patch | chkrootkit: make output consistent Should now get consistent output - in non quiet mode: - each tests statts with a "checking for" line - this line is finished with a WARNING if file is found, and this indicates which files were found on a new line. - or "not found"/"not tested" if skipped - in quiet mode the "checking for..." is skipped, as is the output if nothing was found. But the WARNING and list of files are still produced so the user can tell what the issue was. - make more tests use lookfor_rootkit - reindent in several places - quote variables to avoid globbing - use $(...) instead of deprecated `....` forwarded by email, 12 mar 2023 |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 81_chkrootkit-add-missing-braces-in-bindshell-test.patch | chkrootkit: simplify bindshell test (forwarded by email, 12 mar 2023) make $PORT space separated - avoids need for sed Avoid calling grep twice |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 82_chkrootkit-clarify-output-from-lkm-test.patch | chkrootkit: clarify output from lkm test (forwarded by email, 12 mar 2023) Move test for chkdirs and chkproc later so that test for spexific lkm can still run if neither is present Make it clesrer which command produced output |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 83_chkrotkit-Clarify-output-from-other-TOOLS.patch | chkrootkit: Clarify output from other TOOLS (forwarded by email, 12 mar 2023) Make it clear which command is producing output |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 84_chkrootkit-simplify-chk_inetdconf.patch | chkrootkit: simplify chk_inetdconf (forwarded by email, 12 mar 2023) Remove unnccessary uses of cat and grep |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| 85_chkrootkit-Also-redirect-stderr-from-grep-to-dev-null.patch | chkrootkit: Also redirect stderr from grep to /dev/null (forwarded by email, 12 mar 2023) This avoids spurious output if a test is using grep on a files that does not exist |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-03-02 | ||
| 86_chkrootkit-usrmerge-fix.patch | chkrootkit: usrmerge fix (forwarded by email, 12 mar 2023) Make tests that search /bin (using find) also search /usr/bin so that they work on usrmerged systems |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-03-04 | ||
| 87a_ifpromisc-Add-a-return-value.patch | ifpromisc: Add a return value Make ifpromisc return 0 if nothing found, 1 if something found, and 2 on error |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-06-08 | ||
| 87b_chkrootkit-Do-not-issue-a-WARNING-if-sniffer-ifpromisc-fi.patch | chkrootkit: Do not issue a 'WARNING' if sniffer/ifpromisc finds nothing Check return value from ifpromisc. Do not show output unless it is non-zero |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-06-08 | ||
| chkrootkit-Fix-most-shellcheck-issues.patch | chkrootkit: Fix most shellcheck issues - Quote variables - Fix indentation - remove duplicate output from kovid test |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-07 | ||
| chkrootkit-fix-relative-dirs-in-PATH.patch | chkrootkit: fix relative dirs in PATH Looks like a typo as both brsnches of an "if" had the same code before this patch. |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-08 | ||
| chkrootkit-Fix-output-from-HKRK-if-r-set.patch | chkrootkit: Fix output from HKRK if -r set | Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-13 | ||
| chkrootkit-Fix-rootedir-check-when-r-set.patch | chkrootkit: Fix rootedir check when -r set | Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-13 | ||
| chkrootkit-Fix-for-syslogk-test.patch | chkrootkit: Fix for syslogk test The syslogk test had an inconsistent use of "echo 1 >" vs "echo 1>". this was fixed upstream in 0.58b but a line in the 'expertmode' output was missed. that line should only be used if -x is passed (i assume), so add 'expertmode_output' as well Without this using -r may create a file called 1 in ${ROOTDIR}/proc/ if that dir happened to exist and be writeable -- usually ROODIR is empty and /proc is not writable, but with -r it could point to a plain directory (eg: mountpount for a container) |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-13 | ||
| chkrootkit-skip-test-for-syslogk-when-r-given.patch | chkrootkit: skip test for syslogk when -r given | Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-13 | ||
| chkrootkit-improve-chkutmp-output-when-r-given.patch | chkrootkit: improve chkutmp output when -r given chkrootkit skips chkutmp if '-r' is given (which is correct as chkutmp.c hardcodes paths to the things it checks to), but the error message suggested an issue running chkutmp, instead just say "not tested" when -r is given, and keep the error for when chkutmp really is missing. |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-13 | ||
| chkrootkit-Make-test-for-BPFDoor-work-with-r.patch | chkrootkit: Make test for BPFDoor output results and work with -r 1. Use -l option to grep so we print the filenames that match rather than the match itself 2. Test the files in $ROOTDIR/proc/*/stack rather than those on the host (This perhaps has no practical benefits, but it makes the behaviour consistent with other tests) |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-07-13 | ||
| chkrootkit-Skip-chkutmp-if-utmp-does-not-exist.patch | chkrootkit: Skip chkutmp if utmp does not exist Debian has moved to a 64-but version of time_t which means /var/run/utmp no longer exists. This patch skips the chkutm() check if there is no file to check (only on Linux) We keep chkutmp installed for anyone who did not transition their utmp (althiugh given it hardcodes the path we may remove it at some point) |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-08-12 | ||
| chkrootkit-check-reported-files-using-dpkg-query.patch | chkrootkit: check reported files using dpkg-query Use dpkg-query on the results of most tests Introduces: - New function _check for files found using lookfor_rootkit - a new wrapper function find_and_check which is used for the tests that previously used $find: a nice side effect of this is that we can always hide errors (eg directories being checked to not exist)- this was not always done before - a new helper check_if_debian to run dpkg-query on files - while we are at it, add ${findargs} to every invocation of find - this was not always done before |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-08-14 | ||
| chkrootkit-Make-e-apply-to-tests-using-find.patch | chkrootkit: Make -e apply to tests using $find This patch uses the $findargs variable to make -e apply to tests that use $find. Debian added the -e option to exclude files found by lookfor_rootkit, but this did not apply to tests using $find. |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-08-26 | ||
| chkrootkit-Use-e-on-more-tests.patch | chkrootkit: Use -e on more tests and allow globbing Move checking of $EXCLUDE inside _filter, so that every test now makes use of the excludes passed with -e This means that the debian-specific part moves to __filter() (which is a no-op on non-debian or if using -r) (There is a slight incompatibility in that if you use -r, you should now include the ROOTDIR in the argument to -e, and you should include a leading /) '/usr/*' and we need to prevent this from expanding too soon. So we use 'set -f' before the case statement (which is POSIX-compliant): this ensures that $exclude is set to '/usr/*' rather than having one exclude for eveyr top-level directory under /usr. But then inside the case statement, we do want the "*" to be a pattern, so $exclude should be unquoted. |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-02 | ||
| chkrootkit-Allow-running-as-non-root.patch | chkrootkit: Allow running as non-root Most checks still work without root. Still print an error, but continue. |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-04 | ||
| chkrootkit-Better-error-messages.patch | chkrootkit: Better error messages | Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-04 | ||
| chkrootkit-fix-bug-if-chkdirs-has-nothing-to-check.patch | chkrootkit: fix bug if chkdirs has nothing to check on termux none of the dirs to be checked exist, and the ls | tr pipeline is broken the ls | tr is pretty pointless anyway, just usd chkdir if the dir exists |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-05 | ||
| chkrootkit-allow-chkdirs-to-be-used-with-r.patch | chkrootkit: allow chkdirs to be used with -r and better message if it is skipped there is no need to combine the eligibility checks for chkproc and chkdirs -- test them independently. the setting if PV is onky needed for chkproc there is no need to skip chkdirs on SunOS, and the check if FreeBSD versionn did not.make sense |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-05 | ||
| chkrootkit-more-better-error-messages.patch | chkrootkit: more better error messages | Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-08 | ||
| chkrootkit-Make-test-for-.history-files-work-with-r.patch | chkrootkit: Make test for .history files work with -r Ensure $HOME is set correctly when -r given This also prevents a duplicate // in the output when no -r is used |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-08 | ||
| chkrootkit-wted-and-chkutmp-skip-if-no-utmp-wtmp-files.patch | chkrootkit: wted and chkutmp: skip if no utmp/wtmp files no longer expect thewe on recent linux |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-08 | ||
| chkrootkit-incomplete-fix-for-ldsopreload.patch | chkrootkit: (incomplete)fix for ldsopreload do not quite $CMD (issue introduced by me) however, the test is not actually doing anything - should we be doing a grep after strings-static? (issue is upstream) |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-08 | ||
| chkrootkit-minor-fixup.patch | chkrootkit: minor fixup when running chklastlog, Do not add a second copy of $ROOTDIR to $WTMP and $LASTLOG Skip chkproc if -r is given, it only looks at /proc (This shoild be combined wirh an earlier patch, ideally) |
Richard Lewis <richard.lewis.debian@googlemail.com> | no | 2024-09-23 |