Marcos Fouces <marcos.fou...@gmail.com> writes: > Upstream was agree to do a deeper review of all patches in the package > and include them (or not) in the next release. >
This is fantastic, I've been looking through bugs and what started as a simple "allow the cron job to run under ionice" grew a bit - I decided i should add some autopkgtests and that led to spotting quite a few things, some of which were already in the bug list and some were not (but could be - i wasnt sure it was worth reporting, but i can do.) I've submitted a merge-request that fixes about 8 of the 16 bugs reported. Unfortunately i needed to add a few more patches (but only to fix things) The tests works for me when i build the package with gbp and sbuild, however * the salsa the ci system tries to run the autopkgtests but it hangs running the chkrootkit binary. If i read the logs right, salsa is using lxc and bug #872379 does say chkrootkit hangs inside lxc. I will investigate but lxc but I thought i would submit the merge request before expanding it further! Let me know what you think. Richard > Greetings, > Marcos > > > El dom, 03-10-2021 a las 01:18 +0100, RL escribió: >> Marcos Fouces <mar...@debian.org> writes: >> >> > Hello Richard, >> > >> > i merged your requests for chkrootkit. >> > >> > IMHO, the best way to start contributing is exactly what you did! >> > (Merge requests) >> >> Thanks, this is good news :). >> >> I started looking at the code and bugs, but got side-tracked: It >> seems >> to me that patch 27 (from july 2020) in debian/patches is >> problematic. I >> was not able to understand most of what patch 27 is trying to do, but >> it >> seems to me that: >> >> 1. Patch 27 is re-introducing an "interesting feature" where chkproc >> (a C programme run by chkrootkit) sends kill signals to pid 1 >> and 12345 see if they might be rootkits (!). These are in the >> upsteam code, but in 2008 debian's patch #5 commented out that code >> to >> fix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457828 >> >> Patch 27 has apparently reversed this fix and the debian version of >> chkproc.c (after all debian's patching) includes the kill signals >> again. (i think they occur less often than before, so maybe the new >> bug is less 'critical') >> >> 2. Patch 27 is also the sole cause of the "OooPS" messages reported >> in >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982998 >> >> These come from MAX_PROCESSES in chkproc.c being too low. upstream >> has >> set MAX_PROCESSES to > 4 million since 2014, but patch 27 >> apparently >> reset it back to 99999. >> >> I think someone more knowledgable in C than me should look at this >> patch >> and see whether it is valid or not. >>