From nobody@FreeBSD.org  Mon Mar 10 21:44:36 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4AB971065671
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 21:44:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 2230B8FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 21:44:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m2ALfNeE000134
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 10 Mar 2008 21:41:23 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m2ALfNre000133;
	Mon, 10 Mar 2008 21:41:23 GMT
	(envelope-from nobody)
Message-Id: <200803102141.m2ALfNre000133@www.freebsd.org>
Date: Mon, 10 Mar 2008 21:41:23 GMT
From: Lukasz Wasikowski <lukasz@wasikowski.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Update port: security/rkhunter version update to 1.3.2
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         121579
>Category:       ports
>Synopsis:       Update port: security/rkhunter version update to 1.3.2
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    farrokhi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 10 21:50:01 UTC 2008
>Closed-Date:    Tue Apr 29 11:52:17 UTC 2008
>Last-Modified:  Tue Apr 29 11:52:17 UTC 2008
>Originator:     Lukasz Wasikowski
>Release:        FreeBSD 7.0-RELEASE
>Organization:
>Environment:
FreeBSD bijou.wasikowski.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Mon Feb 25 16:09:17 CET 2008     root@bijou.wasikowski.net:/usr/obj/usr/src/sys/bijou  i386
>Description:
rkhunter version update to 1.3.2 which fixes some *BSD false positives, and default config change to fix the remaining false positives on FreeBSD.
>How-To-Repeat:

>Fix:
diff -ruN rkhunter.old/Makefile rkhunter/Makefile
--- rkhunter.old/Makefile       2007-10-23 14:25:40.000000000 +0200
+++ rkhunter/Makefile   2008-03-10 21:52:33.000000000 +0100
@@ -6,7 +6,7 @@
 #

 PORTNAME=      rkhunter
-PORTVERSION=   1.3.0
+PORTVERSION=   1.3.2
 CATEGORIES=    security
 MASTER_SITES=  SF

diff -ruN rkhunter.old/distinfo rkhunter/distinfo
--- rkhunter.old/distinfo       2007-10-23 14:25:40.000000000 +0200
+++ rkhunter/distinfo   2008-03-10 21:53:01.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (rkhunter-1.3.0.tar.gz) = 89a4628c6378fdf3331d5a43b975d967
-SHA256 (rkhunter-1.3.0.tar.gz) = a46610fc761e61f4f85750693f6e17aafa3a47e24e8cef76401f67d25e94d186
-SIZE (rkhunter-1.3.0.tar.gz) = 252011
+MD5 (rkhunter-1.3.2.tar.gz) = a00ff64d7076d6ff47ef0c9f0b6202f2
+SHA256 (rkhunter-1.3.2.tar.gz) = 2a325acedc094bc5ae9d5a3326af760bb376d5a1122c433d22477968eec1eebd
+SIZE (rkhunter-1.3.2.tar.gz) = 269563
diff -ruN rkhunter.old/files/patch-rkhunter.conf rkhunter/files/patch-rkhunter.conf
--- rkhunter.old/files/patch-rkhunter.conf      2007-10-23 14:25:40.000000000 +0200
+++ rkhunter/files/patch-rkhunter.conf  2008-03-10 22:30:09.000000000 +0100
@@ -1,5 +1,5 @@
---- files/rkhunter.conf.orig   Wed Oct 17 11:21:03 2007
-+++ files/rkhunter.conf        Wed Oct 17 11:21:19 2007
+--- files/rkhunter.conf.orig   2008-02-21 23:15:14.000000000 +0100
++++ files/rkhunter.conf        2008-03-10 22:29:30.000000000 +0100
 @@ -76,6 +76,7 @@
  # sure that the directory permissions are tight.
  #
@@ -8,3 +8,52 @@

  #
  # Specify the database directory to use.
+@@ -154,7 +155,8 @@
+ # file, then a value here of 'yes' or 'unset' will not cause a warning.
+ # This option has a default value of 'no'.
+ #
+-ALLOW_SSH_ROOT_USER=no
++#ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=unset
+
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -165,7 +167,8 @@
+ # configuration file, then a value of '2' may be set here in order to
+ # suppress a warning message. This option has a default value of '0'.
+ #
+-ALLOW_SSH_PROT_V1=0
++#ALLOW_SSH_PROT_V1=0
++ALLOW_SSH_PROT_V1=2
+
+ #
+ # This setting tells rkhunter the directory containing the SSH configuration
+@@ -278,12 +281,20 @@
+ #SCRIPTWHITELIST=/sbin/ifup
+ #SCRIPTWHITELIST=/sbin/ifdown
+ #SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/sbin/adduser
++SCRIPTWHITELIST=/usr/local/bin/GET
++SCRIPTWHITELIST=/usr/local/sbin/pkgdb
+
+ #
+ # Allow the specified commands to have the immutable attribute set.
+ # One command per line (use multiple IMMUTWHITELIST lines).
+ #
+ #IMMUTWHITELIST=/sbin/ifup
++IMMUTWHITELIST=/usr/bin/login
++IMMUTWHITELIST=/usr/bin/passwd
++IMMUTWHITELIST=/usr/bin/su
++IMMUTWHITELIST=/sbin/init
+
+ #
+ # Allow the specified hidden directories.
+@@ -434,6 +445,7 @@
+ # Note: For *BSD systems you may need to enable this for the 'toor' account.
+ #
+ #UID0_ACCOUNTS="toor rooty"
++UID0_ACCOUNTS="root toor"
+
+ #
+ # Allow the following accounts to have no password. This option is a


Patch attached with submission follows:

diff -ruN rkhunter.old/Makefile rkhunter/Makefile
--- rkhunter.old/Makefile	2007-10-23 14:25:40.000000000 +0200
+++ rkhunter/Makefile	2008-03-10 21:52:33.000000000 +0100
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	rkhunter
-PORTVERSION=	1.3.0
+PORTVERSION=	1.3.2
 CATEGORIES=	security
 MASTER_SITES=	SF
 
diff -ruN rkhunter.old/distinfo rkhunter/distinfo
--- rkhunter.old/distinfo	2007-10-23 14:25:40.000000000 +0200
+++ rkhunter/distinfo	2008-03-10 21:53:01.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (rkhunter-1.3.0.tar.gz) = 89a4628c6378fdf3331d5a43b975d967
-SHA256 (rkhunter-1.3.0.tar.gz) = a46610fc761e61f4f85750693f6e17aafa3a47e24e8cef76401f67d25e94d186
-SIZE (rkhunter-1.3.0.tar.gz) = 252011
+MD5 (rkhunter-1.3.2.tar.gz) = a00ff64d7076d6ff47ef0c9f0b6202f2
+SHA256 (rkhunter-1.3.2.tar.gz) = 2a325acedc094bc5ae9d5a3326af760bb376d5a1122c433d22477968eec1eebd
+SIZE (rkhunter-1.3.2.tar.gz) = 269563
diff -ruN rkhunter.old/files/patch-rkhunter.conf rkhunter/files/patch-rkhunter.conf
--- rkhunter.old/files/patch-rkhunter.conf	2007-10-23 14:25:40.000000000 +0200
+++ rkhunter/files/patch-rkhunter.conf	2008-03-10 22:30:09.000000000 +0100
@@ -1,5 +1,5 @@
---- files/rkhunter.conf.orig	Wed Oct 17 11:21:03 2007
-+++ files/rkhunter.conf	Wed Oct 17 11:21:19 2007
+--- files/rkhunter.conf.orig	2008-02-21 23:15:14.000000000 +0100
++++ files/rkhunter.conf	2008-03-10 22:29:30.000000000 +0100
 @@ -76,6 +76,7 @@
  # sure that the directory permissions are tight.
  #
@@ -8,3 +8,52 @@
  
  #
  # Specify the database directory to use.
+@@ -154,7 +155,8 @@
+ # file, then a value here of 'yes' or 'unset' will not cause a warning.
+ # This option has a default value of 'no'.
+ #
+-ALLOW_SSH_ROOT_USER=no
++#ALLOW_SSH_ROOT_USER=no
++ALLOW_SSH_ROOT_USER=unset
+ 
+ #
+ # Set this option to '1' to allow the use of the SSH-1 protocol, but note
+@@ -165,7 +167,8 @@
+ # configuration file, then a value of '2' may be set here in order to
+ # suppress a warning message. This option has a default value of '0'.
+ #
+-ALLOW_SSH_PROT_V1=0
++#ALLOW_SSH_PROT_V1=0
++ALLOW_SSH_PROT_V1=2
+ 
+ #
+ # This setting tells rkhunter the directory containing the SSH configuration
+@@ -278,12 +281,20 @@
+ #SCRIPTWHITELIST=/sbin/ifup
+ #SCRIPTWHITELIST=/sbin/ifdown
+ #SCRIPTWHITELIST=/usr/bin/groups
++SCRIPTWHITELIST=/usr/bin/whatis
++SCRIPTWHITELIST=/usr/sbin/adduser
++SCRIPTWHITELIST=/usr/local/bin/GET
++SCRIPTWHITELIST=/usr/local/sbin/pkgdb
+ 
+ #
+ # Allow the specified commands to have the immutable attribute set.
+ # One command per line (use multiple IMMUTWHITELIST lines).
+ #
+ #IMMUTWHITELIST=/sbin/ifup
++IMMUTWHITELIST=/usr/bin/login
++IMMUTWHITELIST=/usr/bin/passwd
++IMMUTWHITELIST=/usr/bin/su
++IMMUTWHITELIST=/sbin/init
+ 
+ #
+ # Allow the specified hidden directories.
+@@ -434,6 +445,7 @@
+ # Note: For *BSD systems you may need to enable this for the 'toor' account.
+ #
+ #UID0_ACCOUNTS="toor rooty"
++UID0_ACCOUNTS="root toor"
+ 
+ #
+ # Allow the following accounts to have no password. This option is a


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->farrokhi 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Mon Mar 10 21:50:07 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121579 
State-Changed-From-To: open->feedback 
State-Changed-By: miwi 
State-Changed-When: Fri Mar 14 08:57:37 UTC 2008 
State-Changed-Why:  
hi, 

The provided patch does not patch cleanly, Can you please investigate 
and re-submit? 

Thanks Martin 


http://www.freebsd.org/cgi/query-pr.cgi?pr=121579 

From: =?iso-8859-2?Q?=A3ukasz_W=B1sikowski?= <lukasz@wasikowski.net>
To: <bug-followup@FreeBSD.org>,
	<lukasz@wasikowski.net>
Cc:  
Subject: Re: ports/121579: Update port: security/rkhunter version update to 1.3.2
Date: Fri, 14 Mar 2008 10:37:55 +0100

 To jest wieloczciowa wiadomo w formacie MIME.
 
 ------=_NextPart_000_001F_01C885BF.77DB2F00
 Content-Type: text/plain;
 	charset="iso-8859-2"
 Content-Transfer-Encoding: 7bit
 
 Hello!
 
 Fixed patch attached. Sorry for the trouble.
 
 -- 
 Best regards,
 Lukasz Wasikowski
 
 
 
 ------=_NextPart_000_001F_01C885BF.77DB2F00
 Content-Type: application/octet-stream;
 	name="rkhunter-1.3.0-1.3.2.diff"
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: attachment;
 	filename="rkhunter-1.3.0-1.3.2.diff"
 
 diff -ruN rkhunter.old/Makefile rkhunter/Makefile=0A=
 --- rkhunter.old/Makefile	2007-10-21 01:51:21.000000000 +0200=0A=
 +++ rkhunter/Makefile	2008-03-14 10:13:44.000000000 +0100=0A=
 @@ -6,7 +6,7 @@=0A=
  #=0A=
  =0A=
  PORTNAME=3D	rkhunter=0A=
 -PORTVERSION=3D	1.3.0=0A=
 +PORTVERSION=3D	1.3.2=0A=
  CATEGORIES=3D	security=0A=
  MASTER_SITES=3D	SF=0A=
  =0A=
 diff -ruN rkhunter.old/distinfo rkhunter/distinfo=0A=
 --- rkhunter.old/distinfo	2007-10-21 01:51:21.000000000 +0200=0A=
 +++ rkhunter/distinfo	2008-03-14 10:13:49.000000000 +0100=0A=
 @@ -1,3 +1,3 @@=0A=
 -MD5 (rkhunter-1.3.0.tar.gz) =3D 89a4628c6378fdf3331d5a43b975d967=0A=
 -SHA256 (rkhunter-1.3.0.tar.gz) =3D =
 a46610fc761e61f4f85750693f6e17aafa3a47e24e8cef76401f67d25e94d186=0A=
 -SIZE (rkhunter-1.3.0.tar.gz) =3D 252011=0A=
 +MD5 (rkhunter-1.3.2.tar.gz) =3D a00ff64d7076d6ff47ef0c9f0b6202f2=0A=
 +SHA256 (rkhunter-1.3.2.tar.gz) =3D =
 2a325acedc094bc5ae9d5a3326af760bb376d5a1122c433d22477968eec1eebd=0A=
 +SIZE (rkhunter-1.3.2.tar.gz) =3D 269563=0A=
 diff -ruN rkhunter.old/files/patch-rkhunter.conf =
 rkhunter/files/patch-rkhunter.conf=0A=
 --- rkhunter.old/files/patch-rkhunter.conf	2007-10-21 01:51:21.000000000 =
 +0200=0A=
 +++ rkhunter/files/patch-rkhunter.conf	2008-03-14 10:21:55.000000000 =
 +0100=0A=
 @@ -1,5 +1,5 @@=0A=
 ---- files/rkhunter.conf.orig	Wed Oct 17 11:21:03 2007=0A=
 -+++ files/rkhunter.conf	Wed Oct 17 11:21:19 2007=0A=
 +--- files/rkhunter.conf.orig	2008-03-14 10:19:30.000000000 +0100=0A=
 ++++ files/rkhunter.conf	2008-03-14 10:21:43.000000000 +0100=0A=
  @@ -76,6 +76,7 @@=0A=
   # sure that the directory permissions are tight.=0A=
   #=0A=
 @@ -8,3 +8,52 @@=0A=
   =0A=
   #=0A=
   # Specify the database directory to use.=0A=
 +@@ -154,7 +155,8 @@=0A=
 + # file, then a value here of 'yes' or 'unset' will not cause a warning.=0A=
 + # This option has a default value of 'no'.=0A=
 + #=0A=
 +-ALLOW_SSH_ROOT_USER=3Dno=0A=
 ++#ALLOW_SSH_ROOT_USER=3Dno=0A=
 ++ALLOW_SSH_ROOT_USER=3Dunset=0A=
 + =0A=
 + #=0A=
 + # Set this option to '1' to allow the use of the SSH-1 protocol, but =
 note=0A=
 +@@ -165,7 +167,8 @@=0A=
 + # configuration file, then a value of '2' may be set here in order to=0A=
 + # suppress a warning message. This option has a default value of '0'.=0A=
 + #=0A=
 +-ALLOW_SSH_PROT_V1=3D0=0A=
 ++#ALLOW_SSH_PROT_V1=3D0=0A=
 ++ALLOW_SSH_PROT_V1=3D2=0A=
 + =0A=
 + #=0A=
 + # This setting tells rkhunter the directory containing the SSH =
 configuration=0A=
 +@@ -278,12 +281,20 @@=0A=
 + #SCRIPTWHITELIST=3D/sbin/ifup=0A=
 + #SCRIPTWHITELIST=3D/sbin/ifdown=0A=
 + #SCRIPTWHITELIST=3D/usr/bin/groups=0A=
 ++SCRIPTWHITELIST=3D/usr/bin/whatis=0A=
 ++SCRIPTWHITELIST=3D/usr/sbin/adduser=0A=
 ++SCRIPTWHITELIST=3D/usr/local/bin/GET=0A=
 ++SCRIPTWHITELIST=3D/usr/local/sbin/pkgdb=0A=
 + =0A=
 + #=0A=
 + # Allow the specified commands to have the immutable attribute set.=0A=
 + # One command per line (use multiple IMMUTWHITELIST lines).=0A=
 + #=0A=
 + #IMMUTWHITELIST=3D/sbin/ifup=0A=
 ++IMMUTWHITELIST=3D/usr/bin/login=0A=
 ++IMMUTWHITELIST=3D/usr/bin/passwd=0A=
 ++IMMUTWHITELIST=3D/usr/bin/su=0A=
 ++IMMUTWHITELIST=3D/sbin/init=0A=
 + =0A=
 + #=0A=
 + # Allow the specified hidden directories.=0A=
 +@@ -434,6 +445,7 @@=0A=
 + # Note: For *BSD systems you may need to enable this for the 'toor' =
 account.=0A=
 + #=0A=
 + #UID0_ACCOUNTS=3D"toor rooty"=0A=
 ++UID0_ACCOUNTS=3D"toor"=0A=
 + =0A=
 + #=0A=
 + # Allow the following accounts to have no password. This option is a=0A=
 
 ------=_NextPart_000_001F_01C885BF.77DB2F00--
 
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Tue Apr 29 11:52:16 UTC 2008 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121579 
>Unformatted:
