Patch for avoid phoning home

To: 935042@bugs.debian.org, Debian Security Tools Packaging Team <debian-security-tools@lists.debian.org>
Subject: Patch for avoid phoning home
From: marcos <marcos.fouces@gmail.com>
Date: Sun, 29 Sep 2019 21:43:51 +0200
Message-id: <[🔎] 8f70292c-b0c2-7ae8-702b-b2d21007ef1b@gmail.com>

Hello

The CheckUpdates() function is executed every time an audit is done. It
makes a DNS query and uses the TXT field of the DNS record for  this.
You can check if you have latest version by running "dig -t TXT
lynis-latest-version.cisofy.com" but you  would be "phoning home"
yourself :-).

The package will be removed soon if the bug isn't fixed, so i cc the
pkg-security team asking for sponsorship in case the maintainer is not
available.

Greetings,

Marcos

Description: The CheckUpdates() function is executed every time an audit is done. It makes a DNS query and uses the TXT field of the DNS record for this. This patch cancels this function. You can check if you have latest version by running "dig -t TXT lynis-latest-version.cisofy.com" but you would be "phoning home" yourself :-).  
Author: Marcos Fouces <marcos.fouces@gmail.com>
Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935042
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/

--- a/include/functions
+++ b/include/functions
@@ -254,29 +254,7 @@
     ################################################################################
 
     CheckUpdates() {
-        PROGRAM_LV="0000000000"; DB_MALWARE_LV="0000000000"; DB_FILEPERMS_LV="0000000000"
-        if [ ${RUN_UPDATE_CHECK} -eq 1 ]; then
-            LYNIS_LV_RECORD="lynis-latest-version.cisofy.com."
-            FIND=$(which dig 2> /dev/null | grep -v "no [^ ]* in")
-            if [ ! -z "${FIND}" ]; then
-                PROGRAM_LV=$(dig +short +time=3 -t txt lynis-latest-version.cisofy.com 2> /dev/null | grep -v "connection timed out" | sed 's/[".]//g' | grep "^[1-9][0-9][0-9]$")
-            else
-                FIND=$(which host 2> /dev/null | grep -v "no [^ ]* in ")
-                if [ ! -z "${FIND}" ]; then
-                    PROGRAM_LV=$(host -t txt -W 3 lynis-latest-version.cisofy.com 2> /dev/null | grep -v "connection timed out" | awk '{ if ($1=="lynis-latest-version.cisofy.com" && $3=="text") { print $4 }}' | sed 's/"//g' | grep "^[1-9][0-9][0-9]$")
-                    if [ "${PROGRAM_LV}" = "" ]; then PROGRAM_LV=0; fi
-                else
-                    FIND=$(which drill 2> /dev/null | grep -v "no [^ ]* in ")
-                    if [ ! -z "${FIND}" ]; then
-                        PROGRAM_LV=$(drill txt ${LYNIS_LV_RECORD} | awk '{ if ($1=="lynis-latest-version.cisofy.com." && $4=="TXT") { print $5 }}' | tr -d '"' | grep "^[1-9][0-9][0-9]$")
-                        if [ -z "${PROGRAM_LV}" ]; then PROGRAM_LV=0; fi
-                    else
-                        LogText "Result: dig, drill or host not installed, update check skipped"
-                        UPDATE_CHECK_SKIPPED=1
-                    fi
-                fi
-            fi
-        fi
+    echo "In Debian distro package, check for updates are disabled."
     }

Reply to:

Prev by Date: Re: DD Ping
Next by Date: Objections to enable salsa-ci in our packages?
Previous by thread: Re: DD Ping
Next by thread: Objections to enable salsa-ci in our packages?
Index(es):
- Date
- Thread