chkrootkit - Debian Package Tracker

general

source: chkrootkit (main)
version: 0.58b-6
maintainer: Debian Security Tools (DMD)
uploaders: Marcos Fouces [DMD]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.54-1
oldstable: 0.57-2
stable: 0.58b-5
testing: 0.58b-6
unstable: 0.58b-6

versioned links

0.54-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.57-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.58b-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.58b-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

chkrootkit (9 bugs: 0, 7, 2, 0)

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  ftp://ftp.chkrootkit.org/pub/seg/pac/

Created: 2025-11-26 Last update: 2026-04-23 06:02

debian/patches: 86 patches with invalid metadata, 1 patch to forward upstream high

Among the 88 debian patches available in version 0.58b-6 of the package, we noticed the following issues:

86 patches with invalid metadata that ought to be fixed.
1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-09-28 23:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.59-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 442b7123d084e6bb60eb6b0af22ff24c43b346c9
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Apr 18 12:17:20 2026 +0100

    Update debian/changelog
    
    (This is 'gbp dch' and with some editing to
    - group similar changes,
    - put more user-focusing changes towards the top
    - add 'Closes:' for a couple of bugs)

commit ddcb7458d3bf228f9b98b4a3058ab23eb2e7e188
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Apr 18 11:47:07 2026 +0100

    Add NEWS.Debian entry for the recent release

commit 805c227d76631f934866177e0aa057d74101e3ca
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Apr 18 11:54:00 2026 +0100

    Rename upstream's -s option to --selfcheck avoid a clash with Debian's behaviour since 2010
    
    Since 2010 (at least), Debian has patched chkrootkit to provide an option '-s' that filters the
    output from the 'sniffer test'. In 0.59, upstream introduced an (undocumented) option '-s' that
    causes chkrootkit to check it can define the variables in cmdlist, and then exit before running
    any checks. Rename this latter option as '--selfcheck'.

commit 0d8ecb91c388132931c3f05378a0084046db46cb
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Thu Apr 16 22:48:11 2026 +0100

    Depend on iproute2 or netstat
    
    From 0.59, upstream now requires iproute2 or netstat to be present before
    any checks can be run.
    
    (The autopkgtest already depended on iproute2, so this was not detected
    automatically)

commit 41d76fba37403f91fbe09827258230cc9ad894f6
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sun Apr 12 11:23:20 2026 +0100

    Fix missing filtering of suspicious files
    
    Ensure tests of suspcious files in /dev and files named .. are
    subject to filtering - this is needed for lxc containers where /dev/.lxc
    contains copies of /proc and /sys that would cause huge running time:
    need to use find_and_filter to allow the user to use -e to skip such directories

commit db2122bd9b1603d037221458ac97cbc03c5ffbdd
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Fri Apr 10 23:56:58 2026 +0100

    Attempt to fix compilation on the HURD
    
    - chkdirs.c
      - The HURD defines __MACH__ so the test for apple systems should be
       '#if defined(__APPLE__) && defined(__MACH__)' and not
       '#if defined(__APPLE__) || defined(__MACH__)'
      (see https://www.gnu.org/software/hurd/hurd/porting/guidelines.html)
      - On HURD we can load sys/statfs.h to define __fsword_t and statfs(),
       but we do not have linux/magic.h so we still need a dummy file_system_name()
    
    - strings.c
      - Need to include string.h: this is part of POSIX, so does not need
         to be behind an ifdef on any system

commit 91ac54f7defa14a6a3ef9c8d37d03104be1576ae
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Mon Apr 6 22:01:05 2026 +0100

    Update years in debian/copyright

commit 44534aec25a15da5deb0ecb1ef6a64e4ad7127fe
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Mon Apr 6 20:11:59 2026 +0100

    Ensure the systemd timer is killed after a timeout
    
    Add new variable TIMEOUT to chkrootkit.conf

commit 0ca54ece1398e5eabe6f00e292a5f0af3ea746f0
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Mon Apr 6 10:06:21 2026 +0100

    autopkgtest: Work around issue running autopkgtest on salsa.debian.org
    
    On salsa.debian.org, the autopkgtest runs in a system with
    /dev/.lxc containing /proc and /sys, which mean over 20k files, this
    causes the test for suspicious files in /dev (part of aliens test) to
    take over an hour, cauing the test to time out.
    
    We work around that by unmounting file systemd under /dev
    
    NB that this is just a workaround for the autopkgtest, anyone using
    lxc in the same way that debian's infrastructure does will see
    chkrootkit take a very long time to run - we will add a configurable
    timeout to help.

commit c1d527734b6d4a360aa0a793ab56ae62f4daf79b
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sun Apr 5 00:11:17 2026 +0100

    Add debian/upstream/metadata (DEP12)
    
    Lintian gives a pedantic-level tag if this is not included
    
    There isnt much upstream (and it is a bit out of date), but
    there is a paper

commit b604af1be7bd0834b59eab2d89168cab69ba3cdf
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Fri Apr 3 18:36:26 2026 +0100

    Declare 'Standards-Version: 4.7.4' (no changes needed)

commit 4f531ee939ef190eef72db603e06b82cb4cfbf08
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Fri Apr 3 17:37:08 2026 +0100

    'Priority: optional' no longer needs to be set in debian/control
    
    It is now the default.

commit d37e6f0db2ca3530dab5a42dc48fa71c2f0ceba5
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Sep 27 12:55:42 2025 +0100

    Update filtering in debian/chkrootkit.conf and chkrootkit-daily
    
    Cope with new output from ifpromisc: interfaces are now sorted so dont need to be filtered
    Remove default filtering of chkutmp - this is no longer used in Debian
    Break up long $FILTER into chunks - more readable

commit 573ce3478daf9148cd8309a21302f27965dddfe1
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Tue Sep 16 08:45:48 2025 +0100

    ifpromisc: show all detected 'sniffers', and sort output
    
    Previously ifpromisc was only outputing some of the
    sniffers that it detected. This includes interfaces
    that were down, sniffers listening on all interfaces
    (which includes part of NetworkManager) and anything
    listening on an interface where no information was
    returned (mostly an issue when running as non-root)
    
    We also sort the output, which makes it more stable and
    easier to filter

commit 5dfa5d4e55a43bd1cf60f374ec5350e390f8c3e4
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Sep 27 00:12:44 2025 +0100

    d/tests/control: Make wrap-and-sort happy
    
    It wants to unbreak the line as it is only 79 chars long

commit ef08a52e58f9dd9263ca599f18c42b173a83c704
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Sep 13 22:22:50 2025 +0100

    autopkgtest: replace isc-dhcp (deprecated) with tcpdump
    
    This should work, but reveals a bug in ifpromisc

commit 0d12166f17ea6bec48596e4b692affee08f36ceb
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Sep 27 00:08:30 2025 +0100

    debian/control: Remove Rules-Requires-Root
    
    It is no longer needed (unless rules do require root), and
    lintian has started to warn if it is present

commit 0d9aeb7a6e1d9ca027eb181e8a73f9fc7774f4f1
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Tue Sep 23 19:16:12 2025 +0100

    convert debian/watch to version 5

commit 7498477121fc842adec01868e426cc774c67d647
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Sep 27 00:22:34 2025 +0100

    chkrootkit-daily: run through shfmt to fix indentation
    
    Mostly too many tabs

commit c1ab009f72da95f24c1670ce860ac4c0609c3623
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Sep 27 00:24:09 2025 +0100

    postinst: run through shfmt to fix indentation
    
    mostly too many tabs

commit c39f59225951627a3cfb3b639f008bfab4ee3840
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sun Mar 22 21:01:25 2026 +0000

    Update debian's patch to printn for new upstream version
    
    Remove code that would do something different (and actually
    not very helpful) if the message being printed contained "exec"
    or "bogus". I believe this may have been a (misguided) attempt to handle
    the case where the helpers (chkdirs, chkproc, chkutmp, etc) were
    missing: none of those messages used printn so
    the code was never doing anyhing. But in 0.59 upstream added
    a test for checking processes running from memory which contains
    the string *exec*uted and we want to have that printed with printn so
    the output lines up nicely.
    
    so remove that check. And while we are at it, simplify the logic and do not
    rely on 'which' to find printf, but use 'printf' if it is a shell builtin,
    or 'loc' to find /usr/bin/printf (which improves compatibility for '-p')
    (this should really be done via $cmdlist not in the function,
    but Debian has been doing it this way for 20 years...)

commit e1629e9e92b6d8d353fe2e02a5bcb3eb29990038
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Mar 21 18:34:01 2026 +0000

    autopkgtests: update for recent changes to aliens check

commit 52f330b24fbfc796abbbd7d8e40560b36f03d187
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Mar 21 15:41:22 2026 +0000

    Fix for recent changes to aliens check

commit 5ac60523f93f469f4b27eb7aba8fa95d19319db7
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Thu Mar 19 20:38:42 2026 +0000

    autopkgtests: test chk_nologin

commit 20ea1444b42fb52d4ad5182c984bf123149679f9
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Thu Mar 19 09:00:21 2026 +0000

    Fix syntax errors in chk_nologin

commit 191b2431bf0d4a51ba8fa7a2175d644b0c35c8b1
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Wed Mar 18 17:12:25 2026 +0000

    autopkgtest: Update for latest bindshell output

commit 594095f5a35fb15e00f5deb27193fd88c71dfc24
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Wed Mar 18 16:50:36 2026 +0000

    Fix bindshell test
    
    - Use $grep
    - Makeoutput clearer - latest upstream would just give a list of numbers,
       which is confusing, and harder to filer

commit ddd8b9c5d6577d856720cc06e0109a830a40160e
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Thu Mar 19 08:35:16 2026 +0000

    autopktest: small cleanup
    
    Reduce messages when the test is cleaned up
    Slightly better output when -p test goes wrong ($* should not be quoted)

commit cfc659585660a2d9b6d3a118a0a07ac97dfd5706
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Wed Mar 18 11:05:59 2026 +0000

    autopkgtest: Update for new upstream version's use of ss
    
    We need to mock out ss to ensure tcpdump and bindshell tests find something
    This is because the 0.59 version changed how it does these tests, and
    because we prefer ss over netstat

commit 6b352f5243b1f169c5b71082f1b859c6b4514e3b
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sun Mar 15 11:42:15 2026 +0000

    Prefer to use ss rather than netstat
    
    netstat is deprecated, and is one of the commands chkrootkit is testing
    for possible rootkits, so it should not be the preferrred tool for
    looking for other rootkits
    
    This also fixes the remaining autopkgtests because in those tests we
    replace netstat with something triggering a test, which breaks the
    setting of $netstat

commit 6aeba89a732477be2a6d56473d6ee7a14e8da8eb
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Mar 14 22:53:34 2026 +0000

    Fix errors in check for busybox
    
    ls and grep should not be called directly, only via $ls and $grep

commit 448cea1d453ab426cd4d8455b2ba220d00519a03
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Mar 14 22:48:26 2026 +0000

    Fix syntax errors in check for processes running from memory
    
    Modify patch to aliens to fix (some of) the errors in the new
    check: ls and grep should not be called directly, and
    'a && b || c' should be 'if a; then b; else c; fi'
    
    However, the upstream code is still incorrect - the check will
    never find anything since 'ls -l' will print lines starting with
    the permissions, and not the target of the exe link. And the regex
    is incorrect syntax for plain grep. And this test will probably
    print huge numbers of false positives due to things ending.

commit 8241d2dbc842d5d0463b732a1daf882e165eb905
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Mar 14 22:05:27 2026 +0000

    Start debian/changelog entry for 0.59-1

commit 9affbeac8f577e97b09660037c943de8c7be996a
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Mar 14 21:59:50 2026 +0000

    Rebase all patches
    
    Also remove cosmetic changes: this should make future rebasing
    easier, at the cost of less readable source-code
    
    The autopkgtests fail, because of genuine bugs in the new version: these will
    be fixed in the next commit(s)

commit 6b0f31fed5b3f46bf290b5193f0a850ee6f6f023
Merge: 0f26b2a fd982e5
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Apr 4 12:06:38 2026 +0100

    Update upstream source from tag 'upstream/0.59'
    
    Update to upstream version '0.59'
    with Debian dir 6b10221edbee08e3259d25ff7eb557150cfd3d62

commit fd982e51797f00f2c2c9a9ad17a1cfab17d9ebc6
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Sat Apr 4 12:06:38 2026 +0100

    New upstream version 0.59

commit 9dcabf40dfc9b8e7fc1cf4cf7ef0d8ee2c9febf7
Author: Richard Lewis <richard.lewis.debian@googlemail.com>
Date:   Tue Jul 11 14:01:49 2023 +0100

    New upstream version 0.58b

commit b232e810646bcc4fa6bcfa26a666289b13ff560d
Author: Marcos Fouces <marcos@debian.org>
Date:   Thu Feb 9 00:24:32 2023 +0100

    New upstream version 0.57

commit f4aeddb42b6026915afeaa1b88c3303cd4fdce15
Author: Marcos Fouces <marcos@debian.org>
Date:   Fri Jul 23 00:00:51 2021 +0200

    New upstream version 0.55

commit 5b5e152401470f81cba050f8f001a65a3c77a3b0
Author: Marcos Fouces <marcos@debian.org>
Date:   Thu Jan 7 08:53:06 2021 +0100

    New upstream version 0.54

commit cb5f567f34d688618d726148e96b32b211a8e60c
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Thu May 2 23:16:58 2019 +0200

    New upstream version 0.53

commit f596794fe57695586a415cc403618ade183e37fb
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 11:52:15 2017 +0200

    New upstream version 0.52

commit d12e5767e77fdc2182656fe87a1282d57a324ab9
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:57:01 2017 +0200

    Import Upstream version 0.50

commit 6a0971b4a00afc03f8733f88af86905f663f7033
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:56:55 2017 +0200

    Import Upstream version 0.49

commit 144360d5c161de443b3fe324022239c564cc95d3
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:56:46 2017 +0200

    Import Upstream version 0.48

commit 39dde6bf6e564c5d460fbb7baa6e2cc28193f9ca
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:56:44 2017 +0200

    Import Upstream version 0.47

commit 22d1a2687c338a15bf32ab7bb68481b3200442f8
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:56:40 2017 +0200

    Import Upstream version 0.46a

commit 884a0b2e851d2e570c84fbb6ef906806cbfdbade
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:56:39 2017 +0200

    Import Upstream version 0.45

commit ea2db498b4574e7d0a465c2caf80b5105b9f3311
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:56:38 2017 +0200

    Import Upstream version 0.44

commit decf4f14a16462b7aa8662b464a9881b469398f0
Author: Marcos Fouces <marcos.fouces@gmail.com>
Date:   Sun Jul 9 09:56:37 2017 +0200

    Import Upstream version 0.35

Created: 2026-04-18 Last update: 2026-04-18 18:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-03-31 15:01

news

[rss feed]

[2025-09-30] chkrootkit 0.58b-6 MIGRATED to testing (Debian testing watch)
[2025-09-30] chkrootkit 0.58b-6 MIGRATED to testing (Debian testing watch)
[2025-09-28] Accepted chkrootkit 0.58b-6 (source) into unstable (Richard Lewis) (signed by: Sven Geuer)
[2025-07-15] chkrootkit 0.58b-5 MIGRATED to testing (Debian testing watch)
[2025-06-24] Accepted chkrootkit 0.58b-5 (source) into unstable (Richard Lewis) (signed by: Sven Geuer)
[2025-03-13] chkrootkit 0.58b-4 MIGRATED to testing (Debian testing watch)
[2025-03-06] Accepted chkrootkit 0.58b-4 (source) into unstable (Richard Lewis) (signed by: Sven Geuer)
[2024-10-10] chkrootkit 0.58b-3 MIGRATED to testing (Debian testing watch)
[2024-09-30] Accepted chkrootkit 0.58b-3 (source) into unstable (Richard Lewis) (signed by: Simon Josefsson)
[2024-09-26] Accepted chkrootkit 0.58b-2 (source) into unstable (Richard Lewis) (signed by: Simon Josefsson)
[2023-10-01] chkrootkit 0.58b-1 MIGRATED to testing (Debian testing watch)
[2023-09-29] Accepted chkrootkit 0.58b-1 (source) into unstable (Richard Lewis) (signed by: Samuel Henrique)
[2023-04-12] chkrootkit 0.57-2 MIGRATED to testing (Debian testing watch)
[2023-03-22] Accepted chkrootkit 0.57-2 (source) into unstable (Richard Lewis) (signed by: Marcos Fouces)
[2023-02-19] chkrootkit 0.57-1 MIGRATED to testing (Debian testing watch)
[2023-02-09] Accepted chkrootkit 0.57-1 (source) into unstable (Marcos Fouces)
[2021-12-26] chkrootkit 0.55-4 MIGRATED to testing (Debian testing watch)
[2021-12-23] Accepted chkrootkit 0.55-4 (source) into unstable (Marcos Fouces)
[2021-12-07] Accepted chkrootkit 0.55-3 (source) into unstable (Marcos Fouces)
[2021-11-24] Accepted chkrootkit 0.55-2 (source) into unstable (Marcos Fouces)
[2021-08-28] chkrootkit 0.55-1 MIGRATED to testing (Debian testing watch)
[2021-08-22] Accepted chkrootkit 0.55-1 (source) into unstable (Marcos Fouces)
[2021-01-12] chkrootkit 0.54-1 MIGRATED to testing (Debian testing watch)
[2021-01-07] Accepted chkrootkit 0.54-1 (source) into unstable (Marcos Fouces)
[2020-10-12] chkrootkit 0.53-2 MIGRATED to testing (Debian testing watch)
[2020-10-06] Accepted chkrootkit 0.53-2 (source) into unstable (Marcos Fouces)
[2019-09-21] chkrootkit 0.53-1 MIGRATED to testing (Debian testing watch)
[2019-09-15] Accepted chkrootkit 0.53-1 (source) into unstable (Marcos Fouces) (signed by: Giovani Augusto Ferreira)
[2019-03-11] chkrootkit 0.52-3 MIGRATED to testing (Debian testing watch)
[2019-03-01] Accepted chkrootkit 0.52-3 (source) into unstable (Marcos Fouces) (signed by: Samuel Henrique)

bugs [bug history graph]

all: 9
RC: 0
I&N: 7
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.58b-6build1
12 bugs (2 patches)