1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109692: libreoffice-common: suspicious files found by chkrootkit

    From =?utf-8?q?Martin-=C3=89ric_Racine?=@21:1/5 to All on Tue Jul 22 07:40:01 2025
    Package: libreoffice-common
    Version: 4:25.2.3-2
    Severity: normal
    X-Debbugs-Cc: [email protected]

    WARNING: The following suspicious files and directories were found: /usr/lib/libreoffice/share/.registry [From Debian package: libreoffice-common]

    i.e. dot-files are suspicious.

    -- Package-specific info:
    Configuration file Package Exists Changed
    /etc/libreoffice/registry/main.xcd libreoffice-common Yes No

    -- System Information:
    Debian Release: 13.0
    APT prefers testing-security
    APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 'testing')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.12.35+deb13-amd64 (SMP w/8 CPU threads; PREEMPT)
    Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages libreoffice-common depends on:
    ii libnumbertext-data 1.0.11-4
    ii libreoffice-style-colibre 4:25.2.3-2
    ii libreoffice-uiconfig-common 4:25.2.3-2
    ii ucf 3.0052
    ii ure 4:25.2.3-2

    Versions of packages libreoffice-common recommends:
    ii apparmor 4.1.0-1
    ii fonts-liberation 1:2.1.5-3
    ii libexttextcat-data 3.4.7-1
    ii poppler-data 0.4.12-1
    ii python3-uno 4:25.2.3-2
    ii xdg-utils 1.2.1-2

    Versions of packages libreoffice-common suggests:
    ii libreoffice-style-colibre [libreoffice-style] 4:25.2.3-2
    ii libreoffice-style-elementary [libreoffice-style] 4:25.2.3-2
    pn python3-scriptforge <none>

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rene Engelhard@21:1/5 to All on Tue Jul 22 08:00:01 2025
    severity 1109692 minor

    retitle 1109692 libreoffice-common: chkrootkit complains about /usr/lib/libreoffice/share/.registry

    thanks


    Hi,

    Am 22.07.25 um 07:37 schrieb Martin-Éric Racine
    WARNING: The following suspicious files and directories were found: /usr/lib/libreoffice/share/.registry [From Debian package: libreoffice-common]

    Then don't run it. Or use it with a grain of salt.


    That one is the "source" of which the real main.xcd in registry is created for by ucf. See libreoffice-commons maintainer scripts:

    # Automatically added by dh_ucf/13.24.2
    if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
            ucf --three-way "/usr/lib/libreoffice/share/.registry/main.xcd" "/etc/libreoffice/registry/main.xcd"
            ucfr --force libreoffice-common "/etc/libreoffice/registry/main.xcd"
    fi

    i.e. dot-files are suspicious.

    It's hidden because it's supposed to be hidden because it's not supposed to be touched by users. (and registry/ is taken anyway.) I could have choosen registry-original but that would be too visible, IMHO.


    Regards,


    Rene

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Chris Hofstaedtler@21:1/5 to All on Wed Jul 23 11:10:01 2025
    Control: reassign -1 chkrootkit

    On Wed, Jul 23, 2025 at 08:42:10AM +0300, Martin-Éric Racine wrote:
    ti 22.7.2025 klo 8.57 Rene Engelhard ([email protected]) kirjoitti:
    Am 22.07.25 um 07:37 schrieb Martin-Éric Racine
    WARNING: The following suspicious files and directories were found: /usr/lib/libreoffice/share/.registry [From Debian package: libreoffice-common]

    Then don't run it. Or use it with a grain of salt.

    Or don't make changes to the packaging that suddenly make chkrootkit complain.

    This directory was already shipped in bullseye and maybe earlier.

    chkrootkit had enough time to update its rules.

    Chris

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Lewis@21:1/5 to Chris Hofstaedtler on Thu Jul 24 20:30:01 2025
    Chris Hofstaedtler <[email protected]> writes:

    Control: reassign -1 chkrootkit

    On Wed, Jul 23, 2025 at 08:42:10AM +0300, Martin-Éric Racine wrote:
    ti 22.7.2025 klo 8.57 Rene Engelhard ([email protected]) kirjoitti:
    Am 22.07.25 um 07:37 schrieb Martin-Éric Racine
    WARNING: The following suspicious files and directories were found:
    /usr/lib/libreoffice/share/.registry [From Debian package: libreoffice-common]

    Then don't run it. Or use it with a grain of salt.

    Or don't make changes to the packaging that suddenly make chkrootkit complain.

    This directory was already shipped in bullseye and maybe earlier.

    chkrootkit had enough time to update its rules.

    chkrootkit does not maintain a list of all "things which might be
    suspicious but arnt", there are too many possibilities: "use it with a
    gran of salt" is the only way things like that can work for everyone.

    instead it provides several ways to filter results or hide things from
    the results. See /usr/share/doc/chkrootkit/README.FALSE-POSITIVES.gz

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)