On Wed, 2011-07-20 at 12:26 +0100, Arthur Dent wrote:
> Hello All - and especially John,
> Yesterday I did a "yum update" on my Fedora 15 system (I normally only
> update and reboot at the end of the month - but I was bored yesterday)
> and it brought down an updated version of RKH.
> I allowed it to install, assuming this was the latest version, but found
> that it did not contain the patches that solve the "rkhunter has been
> replaced and is not a script:" problem.
> I have replaced it again with the version that you sent me privately on
> 1 June 2011.
> Is there no plan to incorporate these patches into the packages supplied
> by Fedora and the like?
> Both versions identify themselves as version 1.3.8. Could there be a
> more fine-grained numbering system to tell them apart?
I think you are asking on the wrong list. Something like the Fedora
package maintainers list may be better :-) We do not maintain the RKH
However, I think the version numbering is fine at the moment. We provide
the core program with a version number of 1.3.8 but packages can modify
that slightly. From what I can see Fedora has current version 1.3.8-6
yum info rkhunter
Name : rkhunter
Arch : noarch
Version : 1.3.8
Release : 6.fc15
As far as I am aware the Fedora RKH package maintainer is on this list,
so the following may not be strictly correct! However, the release '6'
indicates that this is the sixth release of version 1.3.8 by the package
maintainer and the changelog (for the package) will indicate what has
changed in that release. Again, from what I can see the changelog shows:
Change ssh check back to 2 - bug #596775
Drop hard Requires on prelink. It will be used if present - bug
However, I can also see that the latest built version is actually
1.3.8-8 and that does contain the patch relating to rkhunter being a
script. As such I suspect it will be released to users (via yum) very
soon. (I am unsure of the Fedora package release cycle but I gather each
package release requires 'approval' from some other member of the Fedora
team. So releases are not usually immediate once they have been built.)
Whatever patches are included in a packaged version of rkhunter is up to
the package maintainer. The work done on the rkhunter code is visible to
people via CVS or directly by browsing CVS on the sourceforge site. As
such package maintainers can pick out which bits they want to include.
It is perfectly possible for the Fedora package to contain the script
patch mentioned above, but, say, the Debian package may not.
It is unfortunate, but unavoidable really, that the current version of
RKH (1.3.8 or earlier) has hit a problem which will affect all Fedora 15
users of rkhunter until the package is updated with the relevant patch.
The problem is that RKH in some cases relies on certain output from
certain commands, and if that output changes then the program can fail.
Needless to say we try and make the check generic enough such that not
all output changes cause a problem, but sometimes, as in this case, the
command output has changed enough to cause a problem.
John Horne Tel: +44 (0)1752 587287
University of Plymouth, UK Fax: +44 (0)1752 587001