Created attachment 265399 [details] Proposed patch The latest version of pkg (2.4.2_1) on FreeBSD 14.3-RELEASE-p5 does not have any valid checksums. rkhunter runs the following command to extract checksums from the port and installs them into its own DB. pkg query '%Fp: %Fs' $PORT | grep ${FNAME}: | sed -r -e 's/^.*: (1\$)?([A-Fa-f0-9]+)$/\2/' When running this command against pkg, we get this result (see attachment for full output of the pkg query command): /usr/local/sbin/pkg: (null) But the correctly formatted output should be something like this (used for the rkhunter pkg itself): pkg query '%Fp: %Fs' rkhunter | grep /usr/local/bin/rkhunter: | sed -r -e 's/^.*: (1\$)?([A-Fa-f0-9]+)$/\2/' 251d41356add11649268be142b8c831234be1620b7ed97cf78d76f52dec07d2e The resulting error causes an off by one error when running rkhunter in check mode (as usually done through periodic/security): Running rkhunter... Warning: Package manager verification has failed: File: /usr/local/sbin/pkg The file hash value has changed Warning: The file properties have changed: File: /usr/local/sbin/pkg Current permissions: 0755 Stored permissions: 167465 Current uid: 0 Stored uid: 0755 Current inode: 167465 Stored inode: (null) Current size: 3870032 Stored size: 0 Current file modification time: 1762391141 (5-Nov-2025 19:05:41) Stored file modification time : 3870032 (14-Feb-1970 13:00:32) Note the size is zero (really uid), stored permissions look like the inode, etc. Also attached is a proposed patch to ignore the (null) and have rkhunter just use the /sbin/sha256 (default hash program) to recalculate the value. Since the main rkhunter script (/usr/local/bin/rkhunter) already gets patched, this change needs to be included into the existing patch file.
Created attachment 265400 [details] pkg query pkg output
I'm sorry, I don't have time and resources to maintain this port. I'll gladly pass over maintainership.
Created attachment 265416 [details] Replacement proposed patch Missed one place the proposed fix needs to be applied.
Lukasz Wasikowski, I believe you can hand over the port to portmgr@ until a new mantianer can be found. Or at least used to be able to. That being said, after I filed this, I started to look at filing an upstream fix and realized this project isn't being worked on since 2018. Furthermore, it looks like the signature files haven't been updated even longer than that: backdoorports.dat:Version:2010111401 programs_bad.dat:Version:2014042901 programs_bad.dat.sample:Version:2014042901 suspscan.dat:Version:2009112901 So a question to the portmgr@ folks, should this port be kept in the tree? Since the nature of the port, while it isn't broken per-se (the pkg port is in this case), it is giving a false sense of security in that it hasn't been kept up to date.
(In reply to Jim Pirzyk from comment #4) No, the right thing is to set it to ports-bugs@FreeBSD.org. But, loop in portmgr for question about whether to delete the port.
^Triage: to submitter: which file is this patch supposed to apply to? There is not one named "files/rkhunter" that I see.
Well, if the port does not work it should be removed. If it is needed and can be patched, then patch it. Not sure why we need portmgr for that.
Mathieu Arnold, It really comes down to the definition of "working". In the pkg-descr file we have this: Rootkit Hunter is scanning tool to ensure you for about 99.9% you're clean of nasty tools. But is that true anymore? If rootkit signatures have not been updated since 2009, is that providing any real ensurance ?
^Triage: apparently upstream was abandoned around 2009. Mark for deprecation and removal.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f6339afb6899b5ad5d17369a4d434c281816bc2b commit f6339afb6899b5ad5d17369a4d434c281816bc2b Author: Mark Linimon <linimon@FreeBSD.org> AuthorDate: 2025-11-16 22:16:37 +0000 Commit: Mark Linimon <linimon@FreeBSD.org> CommitDate: 2025-11-16 22:16:37 +0000 security/rkhunter: deprecate, Project was abandoned in 2009. Maintainer wishes to release maintainership. PR: 291001 Reported by: pirzyk@FreeBSD.org security/rkhunter/Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
(In reply to Mark Linimon from comment #9) Why "2009"? Latest release in 2018, latest commits in 2022.
(In reply to Anton Saietskii from comment #11) I was merely copying what someone else had posted. In any case, the database seems out-of-date. I have no interest in this port other than trying to clean up what I thought was a stale PR.