6 files changed, 142 insertions, 115 deletions
diff --git a/app-forensics/Manifest.gz b/app-forensics/Manifest.gz
index 8fe54943c433..944faa21a3b3 100644
--- a/app-forensics/Manifest.gz
+++ b/app-forensics/Manifest.gz
diff --git a/app-forensics/rkhunter/Manifest b/app-forensics/rkhunter/Manifest
index 01a774966a54..e7607ce26160 100644
--- a/app-forensics/rkhunter/Manifest
+++ b/app-forensics/rkhunter/Manifest
@@ -1,12 +1,9 @@
 AUX rkhunter-1.3.cron 3927 BLAKE2B f33bcec5a474a32fabfd8d9e9a16df9aad6700b5c760be6f42d6ab915f96e84492647286fe9a33838c37dcf8c1e1eb9fe4c187b3e836b8d8c8cd1d659736ea98 SHA512 a99eb535c12b6715031aa367ba0ae70ed1761a03b74c57d173512006e466ef56bfc7ffb15364d4f36d39597277a8cf3b35e7286462bfd6ec9d44877dd1653d4d
-AUX rkhunter-1.4.2.conf.patch 1250 BLAKE2B b07d4b981895ab740ec96905aee70470f32cc642ab252cebed6ccf20191a236cb8e0ddbb844475a66e4aa0a79b2116404f57ad9273e1a46385efb1b96fc7b882 SHA512 654887bea5d3b7388c11c9a59d3d924d763268c3552bee82a0bcf9b5077803eaa0cf16b7346aeaac44e817bfdd30e5d74abd10d12eb07f0bc1a97c57b850aefe
 AUX rkhunter-1.4.6-conf.patch 1044 BLAKE2B a71c895f2fd295bb3d64e4fe95fa7d89e2c6544d30ec362cc2d048ce7b0892a0733576a0960231ec2f98077b8122ed15bdc87e46412e7114cce6843c9a612106 SHA512 4e1493c84be60427edd572fdddc1fb576ed6d7d81bc61289722c39add0d200808fe1c09584e76380432763006a670afd9f86a8abfc26538db9b60e6f90251949
 AUX rkhunter-1.4.6-no-insecure-web.patch 1805 BLAKE2B 4e2926f91f2f799f1c30119a6beae5f3492ab9736747cd447581e5279ec582f97ee7782f38e6b9eb5b9c460102cbcc3521bc5b6ae961324bf4a3d8d77ce5109f SHA512 5c006726644a5ffdbd55d82325087bae3f034ab30a01bb39ae005a916f6def656919466f7b7b3017d0e8fa5dc55ecec6349b3028618c95bc339fbefee2685747
+AUX rkhunter-1.4.cron 4002 BLAKE2B 4effc65dbff981fc90370dfae3c5e6b7d6d6f60e5aabc4e008cf29990fb490baacd83db3405ec49631f33082de88031afc2b98d7387b17c4deaffe7cda05de68 SHA512 84e5a366aa1199e432999e5ededa8627026075dbabdc3e39dfb5059fa5f77efe214395288d3ecab3a4b105a0dd0e70ddddf895160fc2a03945227ba820ccb1b9
 AUX rkhunter.bash-completion 2499 BLAKE2B 5cc845f3780e5b92acb84aad8141147b87245d554770282b91ba04771d7d8e727691872bdee129f25c7dd1a1440944e4b6959b9981c9c73683f1fddd479b225c SHA512 8fba540f5425169810b8baaf2e801638e3286aa93a69d4a96f5916e3bc9b632edaef6b509b8ca58f8047a7c7d4bb4bf348ad7923e855edce3dd0432725a944e7
-DIST rkhunter-1.4.2.tar.gz 277707 BLAKE2B 97968801ce5dccefc7d5eb246fd8031091447b9090c5bc9b958ea64835c47661d1f40b5a6352e0c92608a514f237ac2946a7f84498915418581a71d16b497f61 SHA512 a4e45caaaf5b8262619ebb890784c75c4e30db4c6c0eba305f86d419142b4796c95bc55fe8846dce8d58bc7636bdb365a4a8c41707f64d4d81373687c5a3b0d4
-DIST rkhunter-1.4.4.tar.gz 297626 BLAKE2B 9d9a50e3541817d8dfec6c76665ae84b92f49ed3128244cb5359f2149203ccdc7cdaa05db3da87f6aa6ee79fa84491f40cdc3443d77359b64c23947cb685516e SHA512 87e9c617220765678cc4519eee27d1d56185c3a7fb1d6338c8fb984ac4f5176c31bb54b69e1de615d66a0cf1e72b672e66b368e37851a459def69463cbb8661e
 DIST rkhunter-1.4.6.tar.gz 302137 BLAKE2B 89c61386b57f743f4205f8c826eaa8a9dc9a0d413ac47efb26b6f93d8d642f619f35b7a4c021521b662547c02a16071b8980d158cfb9e081a64870558dbaeff0 SHA512 c51a21b6b66ed1f73a19d8ce04eaba35999eefcb666acc824989c3bf53ac56d24a33ac4fec290be942e33fe24674406b371eafff73f7e697b9e03ec031b37216
-EBUILD rkhunter-1.4.2.ebuild 1411 BLAKE2B 4090fb0822368a4b4ee1db677c8e6d3ce79e542fd691c6ecac2baed9333388fc3531ec382ed63898606076cc4a5b95bb55e87e62a369f5784cd151d3b23307c4 SHA512 e4b2f70f6417f3a44d918ab310460dd45f7fae760458f7b9804752a79beffabea832dd195c85efeb8e31d1b71d7196b1df70a8cdc5a562d0a4ef575888820ada
-EBUILD rkhunter-1.4.4.ebuild 1433 BLAKE2B 08e75ad6333bc16ddca749807809421d25fdc1870588cd9b43093bad3ba39664a54dc9219577bf0512f9fcd8ad6c808a89806ec74c9022e4463784c6a475a0f5 SHA512 b35bcfd29d9a8e7f5054975d777cd0b52c251d80df5fb38ec81000b6d6b4f12c6cd81433e4bcf0761a67442dba90049d6f35c3ba8f43e51bfeaed535605184c7
+EBUILD rkhunter-1.4.6-r1.ebuild 1427 BLAKE2B e5f3ff7c3e0002c2c9389415c15b89eba6c9f69743f73369be5a13bd4848701a737ee23c4250f2daa186d8a69d9b729a638758c86051ea2252619048963c7fb3 SHA512 49cceaf2940df65d676ce6923323abf76e5435d18925a626d6d0944f5389000237b110f4fe06eb54cf5fa926c269d904cbf3fc62453da165def512e5dbefc559
 EBUILD rkhunter-1.4.6.ebuild 1423 BLAKE2B a49684b03e9b4dc56f1cb21d598f311f84fc7347637cd671cbb4af35107543b828961337d795ce067a232012797a22207aa81e87309b087a59ed029b53f42276 SHA512 ad425d6abe7a02a0d15dbc28c1e737e2b91792d89acd5c56be7b4ba867c8e28e1423e37453112ef1834978326b169ac23ca37f79d9f2ac221b8899e8ef33a4de
 MISC metadata.xml 299 BLAKE2B 3b8af7fccff4006181f81391d616527950fa356ea54ff55e9fba97406ceb4d3d247210c80f5e42b3f67fb8b861c7118363ba3fa4916cba0f855e2bde8f6872d2 SHA512 00fc15df938f0b0d31061fd8a7195e08fd64ec7a0f02458bdd3df443d8963f85703264a4ea59bf98c935ef9ec7c8fbe2536daddb9056fee22282df1c04cc9768
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch b/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch
deleted file mode 100644
index 8fd49ab421da..000000000000
--- a/app-forensics/rkhunter/files/rkhunter-1.4.2.conf.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -Naur rkhunter-1.4.2/files/rkhunter.conf rkhunter-1.4.2-fixed/files/rkhunter.conf
---- rkhunter-1.4.2/files/rkhunter.conf	2014-01-25 16:29:51.000000000 -0500
-+++ rkhunter-1.4.2-fixed/files/rkhunter.conf	2014-05-27 11:58:11.098750088 -0400
-@@ -72,6 +72,7 @@
- # to use.
- #
- 
-+INSTALLDIR=/usr
- 
- #
- # If this option is set to '1', it specifies that the mirrors file
-@@ -154,7 +155,7 @@
- # subsequently commented out or removed, then the program will assume a
- # default directory beneath the installation directory.
- #
--#TMPDIR=/var/lib/rkhunter/tmp
-+TMPDIR=/var/lib/rkhunter/tmp
- 
- #
- # This option specifies the database directory to use.
-@@ -163,7 +164,7 @@
- # subsequently commented out or removed, then the program will assume a
- # default directory beneath the installation directory.
- #
--#DBDIR=/var/lib/rkhunter/db
-+DBDIR=/var/lib/rkhunter/db
- 
- #
- # This option specifies the script directory to use.
-@@ -171,7 +172,7 @@
- # The installer program will set the default directory. If this default is
- # subsequently commented out or removed, then the program will not run.
- #
--#SCRIPTDIR=/usr/local/lib/rkhunter/scripts
-+SCRIPTDIR=/usr/lib/rkhunter/scripts
- 
- #
- # This option can be used to modify the command directory list used by rkhunter
diff --git a/app-forensics/rkhunter/files/rkhunter-1.4.cron b/app-forensics/rkhunter/files/rkhunter-1.4.cron
new file mode 100644
index 000000000000..6c73305d3e8c
--- /dev/null
+++ b/app-forensics/rkhunter/files/rkhunter-1.4.cron
@@ -0,0 +1,134 @@
+#!/bin/bash
+# original author: Aaron Walker <ka0ttic@gentoo.org>
+
+########################## Begin Configuration ###############################
+
+# Default options - more options may be added depending on the
+# configuration variables you set below
+# --cronjob implies -c, --nocolor, --sk
+RKHUNTER_OPTS="--cronjob --summary"
+
+# Set this to 'yes' to enable ; this script does nothing otherwise
+ENABLE=no
+
+# Automatically update rkhunter's dat files prior to running?
+UPDATE=no
+
+# Set this to 'yes' if you wish the output to be mailed to you
+SEND_EMAIL=no
+
+# NOTE: the following EMAIL_* variables are only relevant if you set the
+# SEND_EMAIL variable to 'yes'
+EMAIL_SUBJECT="${HOSTNAME}: rkhunter output"
+EMAIL_RECIPIENT=root
+EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}"
+
+# Log rkhunter output?
+LOG=no
+
+# The default log location is /var/log/rkhunter.log. Set this variable if
+# you'd like to use an alternate location.
+#LOGFILE=""
+
+# By default, the log file created by rkhunter is world-readable (0644). If
+# you'd like to modify the permissions afterwards, set this variable.  The 
+# value of this variable, must be a valid chmod argument such as '0600' or 
+# 'u+rw,go-rwx'.  See the chmod(1) manual page for more information.
+#LOGFILE_PERMS="0600"
+
+# By default, rkhunter overwrites the previous log.  Set this variable
+# to 'yes' if you'd like the log output appended to the logfile, instead
+# of overwriting it.
+SAVE_OLD_LOGS=no
+
+# Set to 1 to recieve only warnings & errors
+# Set to 2 to recieve ALL rkhunter output
+# Set to 3 to recieve rkhunter report
+VERBOSITY=3
+
+########################### End Configuration ################################
+
+# exit immediately, unless enabled
+[[ "${ENABLE}" == "yes" ]] || exit 0
+
+# debug mode?  (mainly for my benefit)
+if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then
+        set -o verbose -o xtrace
+fi
+
+[[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log"
+
+# moved this out of config section since it'll
+# probably never need to be changed
+RKHUNTER_EXEC="/usr/sbin/rkhunter"
+
+# sanity check
+if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then
+        echo "${RKHUNTER_EXEC} does not exist or is not executable!"
+        exit 1
+fi
+
+# we create a few tmp files, so let's at least make
+# them readable/writable by root only
+umask 0077
+
+# all output goes to this temp file
+_tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX)
+exec > ${_tmpout} 2>&1
+
+# update data files
+if [[ "${UPDATE}" == "yes" ]] ; then
+        # save the output of --update in a tmp file so that it can be mailed
+        # along with the scan output; otherwise the user will get 2 mails
+        #${RKHUNTER_EXEC} --nocolor --update
+        echo "In Gentoo, update option is disabled due to CVE-2017-7480."
+fi
+
+# formulate options string according to user configuration
+[[ "${LOG}" == "yes" ]] && \
+    RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}"
+
+case "${VERBOSITY}" in
+        # warnings and errors only
+        1)      RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;;
+        # default rkhunter output (no extra options)
+#       2)      ;;
+        # default to option 3
+        *)      ;;
+esac
+
+# save old log
+if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then
+        if [[ -e "${LOGFILE}" ]] ; then
+                _tmpfile=$(mktemp ${LOGFILE}.XXXXXX)
+                mv -f ${LOGFILE} ${_tmpfile}
+                echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile}
+        fi
+fi
+
+# finally, run rkhunter
+CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}"
+eval ${CMD}
+RV=$?
+
+# email output?
+if [[ "${SEND_EMAIL}" == "yes" ]] ; then
+        CMD="cat ${_tmpout} ${EMAIL_CMD}"
+        eval ${CMD}
+fi
+
+# remove temp file
+[[ -n "${_tmpout}" ]] && rm -f ${_tmpout}
+
+[[ "${LOG}" != "yes" ]] && exit ${RV}
+
+# from this point on, we can assume logging is enabled
+
+# append new log to old log and restore
+if [[ -n "${_tmpfile}" ]] ; then
+        cat ${LOGFILE} >> ${_tmpfile}
+        mv ${_tmpfile} ${LOGFILE}
+fi
+
+chmod ${LOGFILE_PERMS:-0644} ${LOGFILE}
+exit ${RV}
diff --git a/app-forensics/rkhunter/rkhunter-1.4.2.ebuild b/app-forensics/rkhunter/rkhunter-1.4.2.ebuild
deleted file mode 100644
index abaf05c31f4c..000000000000
--- a/app-forensics/rkhunter/rkhunter-1.4.2.ebuild
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit eutils bash-completion-r1
-
-DESCRIPTION="Rootkit Hunter scans for known and unknown rootkits, backdoors, and sniffers"
-HOMEPAGE="http://rkhunter.sf.net/"
-SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 ~mips ppc x86"
-IUSE=""
-
-RDEPEND="
-	app-shells/bash
-	dev-lang/perl
-	sys-process/lsof[rpc]
-	virtual/cron
-	virtual/mailx
-"
-
-S="${WORKDIR}/${P}/files"
-
-src_prepare() {
-	epatch "${FILESDIR}/${P}.conf.patch"
-}
-
-src_install() {
-	# rkhunter requires to be root
-	dosbin ${PN}
-
-	insinto /etc
-	doins ${PN}.conf
-
-	exeinto /usr/lib/${PN}/scripts
-	doexe *.pl
-
-	insinto /var/lib/${PN}/db
-	doins *.dat
-
-	insinto /var/lib/${PN}/db/i18n
-	doins i18n/*
-
-	doman ${PN}.8
-	dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README
-
-	exeinto /etc/cron.daily
-	newexe "${FILESDIR}/${PN}-1.3.cron" ${PN}
-
-	newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN}
-}
-
-pkg_postinst() {
-	elog "A cron script has been installed to /etc/cron.daily/rkhunter."
-	elog "To enable it, edit /etc/cron.daily/rkhunter and follow the"
-	elog "directions."
-	elog "If you want ${PN} to send mail, you will need to install"
-	elog "virtual/mailx or alter the EMAIL_CMD variable in the"
-	elog "cron script and possibly the MAIL_CMD variable in the"
-	elog "${PN}.conf file to use another mail client."
-}
diff --git a/app-forensics/rkhunter/rkhunter-1.4.4.ebuild b/app-forensics/rkhunter/rkhunter-1.4.6-r1.ebuild
index e8eaba4a2a01..e292e6dde3a9 100644
--- a/app-forensics/rkhunter/rkhunter-1.4.4.ebuild
+++ b/app-forensics/rkhunter/rkhunter-1.4.6-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -18,16 +18,14 @@ RDEPEND="
 	app-shells/bash
 	dev-lang/perl
 	sys-process/lsof[rpc]
-	virtual/cron
-	virtual/mailx
 "
 
 S="${WORKDIR}/${P}/files"
 
-src_prepare() {
-	default
-	eapply -p2 "${FILESDIR}/${PN}-1.4.2.conf.patch"
-}
+PATCHES=(
+	"${FILESDIR}/${PN}-1.4.6-conf.patch"
+	"${FILESDIR}/${PN}-1.4.6-no-insecure-web.patch"
+)
 
 src_install() {
 	# rkhunter requires to be root
@@ -49,7 +47,7 @@ src_install() {
 	dodoc ACKNOWLEDGMENTS CHANGELOG FAQ README
 
 	exeinto /etc/cron.daily
-	newexe "${FILESDIR}/${PN}-1.3.cron" ${PN}
+	newexe "${FILESDIR}/${PN}-1.4.cron" ${PN}
 
 	newbashcomp "${FILESDIR}/${PN}.bash-completion" ${PN}
 }