Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 651980 - app-forensics/rkhunter-1.4.6 no more --update option
Summary: app-forensics/rkhunter-1.4.6 no more --update option
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Michael Palimaka (kensington)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-30 13:50 UTC by Christophe PEREZ
Modified: 2018-05-26 10:31 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christophe PEREZ 2018-03-30 13:50:11 UTC 
Hi,

After updating rkhunter from 1.4.2 to 1.4.6, cron.daily report tell me :
Invalid option specified: --update

and :
# rkhunter --update
Invalid option specified: --update

man rkhunter
       rkhunter {--check | --unlock | --update | --versioncheck |
                 --propupd [{filename | directory | package name},...] |
                 --list [tests | {lang | languages} | rootkits | perl |
                         propfiles] |
                 --config-check | --version | --help} [options]

       --update
              This command option causes rkhunter to check if there is a later version  of
              any  of its text data files. A command-line web browser, for example wget or
              lynx, must be present on the system when using this option.

I can see that's with versioncheck too :
# rkhunter --versioncheck
Invalid option specified: --versioncheck

but :
# rkhunter --help | egrep "update|versioncheck"
# 

options removed ?
man no updated ?
/etc/cron.daily/rkhunter should be modified ?
Comment 1 Christophe PEREZ 2018-03-30 14:11:08 UTC 
hmmmmm :
https://gitweb.gentoo.org/repo/gentoo.git/diff/app-forensics/rkhunter/files/rkhunter-1.4.6-no-insecure-web.patch?id=61e995b755727e286d140d8d721340959c434b6c

1) user should be warned
2) how to update databases so ?
Comment 2 Paolo Pedroni 2018-04-04 13:25:18 UTC 
I can confirm this. As a workaround I set UPDATE=no in /etc/cron.daily/rkhunter
Comment 3 Larry the Git Cow gentoo-dev 2018-05-26 10:29:12 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=279eb849abb2875b3f3181a4a1b3e47b24c5643a

commit 279eb849abb2875b3f3181a4a1b3e47b24c5643a
Author:     Michael Palimaka <kensington@gentoo.org>
AuthorDate: 2018-05-26 10:28:38 +0000
Commit:     Michael Palimaka <kensington@gentoo.org>
CommitDate: 2018-05-26 10:29:02 +0000

    app-forensics/rkhunter: revbump removes update option from cron file
    
    Closes: https://bugs.gentoo.org/651980
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 app-forensics/rkhunter/files/rkhunter-1.4.cron  | 134 ++++++++++++++++++++++++
 app-forensics/rkhunter/rkhunter-1.4.6-r1.ebuild |  63 +++++++++++
 2 files changed, 197 insertions(+)
Comment 4 Michael Palimaka (kensington) gentoo-dev 2018-05-26 10:31:38 UTC 
(In reply to Christophe PEREZ from comment #1)
> 2) how to update databases so ?

It was removed due to CVE-2017-7480 (bug 623150). At the time I pushed the change, I did a quick check and didn't see any updates being pushed anyway.