Package: devscripts Version: 2.25.19 Severity: important Dear Maintainer,
running "uscan --verbose --report" on the chkrootkit source tree infom
my local machine returns
uscan info: Standard FTP listing.
uscan warn: In debian/watch no matching files for watch source
ftp://ftp.chkrootkit.org/pub/seg/pac/
uscan info: Scan finished
instead of
uscan info: Standard FTP listing.
uscan info: Found the following matching files on the web page (newest
first):
chkrootkit-0.58b.tar.gz (0.58b) index=0.58b-1
[...]
chkrootkit-0.23a.tar.gz (0.23a) index=0.23a-1
uscan info: Looking at $base = ftp://ftp.chkrootkit.org/pub/seg/pac/
with
$filepattern = chkrootkit-(.*)\.tar\.gz found
$newfile = chkrootkit-0.58b.tar.gz
$mangled_newversion = 0.58b
$newversion = 0.58b
$lastversion = 0.58b
uscan info: Upstream URL(+tag) to download is identified as
ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit-0.58b.tar.gz
uscan info: Filename (filenamemangled) for downloaded file:
chkrootkit-0.58b.tar.gz
uscan info: Newest version of chkrootkit on remote site is 0.58b, local
version is 0.58b
uscan info: => Package is up to date from:
=> ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit-0.58b.tar.gz
uscan info: Scan finished
An analysis of the network traffic revealed that a PORT request,
implying active mode was sent instead of a PASV request.
Prefixing the uscan call with FTP_PASSIVE=1 helps to work around this
issue.
FTP_PASSIVE was explicitly set in lib/Devscripts/Uscan/Downloader.pm
before commit 62d5fb7a2c4f60ffeb773b6a303510a07a73a31a if passive mode
was requested. With removal of the passive mode option FTP_PASSIVE is
not set anymore, apparently leading to active mode elsewhere.
Not sure where to now set FTP_PASSIVE permanently (due to the removed
option) to ensure passive mode.
I am afraid this affects all FTP transfers initiated by uscan from
behind a NAT router, thus the severity of "important".
Sven
-- Package-specific info:
--- /etc/devscripts.conf ---
Empty.
--- ~/.devscripts ---
DEBSIGN_MAINT="$DEBFULLNAME <$DEBEMAIL>"
DEBRELEASE_UPLOADER='dput'
DEBRELEASE_DEBS_DIR='../build-area/'
RMADISON_URL_MAP_FASTTRACK='https://fasttrack.debian.net/api/madison'
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.16.7+deb14-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages devscripts depends on:
ii dpkg-dev 1.22.21
ii file 1:5.46-5
ii gpg 2.4.8-3
ii gpg-agent 2.4.8-3
ii gpgv 2.4.8-3
ii libdpkg-perl 1.22.21
ii libfile-dirlist-perl 0.05-3
ii libfile-homedir-perl 1.006-2
ii libfile-touch-perl 0.12-2
ii libio-string-perl 1.08-4
ii libmoo-perl 2.005005-1
ii libwww-perl 6.78-1
ii patchutils 0.4.2-1
ii perl 5.40.1-6
ii python3 3.13.7-1
ii sensible-utils 0.0.26
ii wdiff 1.2.2-9
Versions of packages devscripts recommends:
ii apt 3.1.5
ii curl 8.16.0-1
ii dctrl-tools 2.24-3+b1
ii debian-keyring 2025.07.26
ii debian-tag2upload-keyring 1.1
ii dput-ng [dput] 1.44
pn equivs <none>
ii git-debpush 13.15
ii libdistro-info-perl 1.14
ii libencode-locale-perl 1.05-3
ii libgitlab-api-v4-perl 0.27-1
ii libjson-perl 4.10000-1
ii liblwp-protocol-https-perl 6.14-1
ii libmetacpan-client-perl 2.033000-1
ii libsoap-lite-perl 1.27-3
ii libstring-shellquote-perl 1.04-3
ii liburi-perl 5.30-1
ii licensecheck 3.3.9-1
ii lintian 2.124.0
ii lzip 1.25-3
ii man-db 2.13.1-1
ii patch 2.8-2
ii pristine-tar 1.50+nmu2
ii python3-apt 3.0.0
ii python3-debian 1.0.1
ii python3-magic 2:0.4.27-3
ii python3-requests 2.32.5+dfsg-1
ii python3-unidiff 0.7.5-2
ii python3-xdg 0.28-2
ii strace 6.16+ds-2
ii unzip 6.0-29
ii wget 1.25.0-2
ii xz-utils 5.8.1-1.1
Versions of packages devscripts suggests:
ii adequate 0.17.6+b1
ii at 3.2.5-2.2
ii autopkgtest 5.51
pn bls-standalone <none>
ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1.1
ii build-essential 12.12
pn check-all-the-things <none>
ii debhelper 13.26
pn diffoscope <none>
pn disorderfs <none>
pn docker.io <none>
pn dose-extra <none>
pn duck <none>
pn elpa-devscripts <none>
pn faketime <none>
pn gnuplot <none>
pn how-can-i-help <none>
ii libauthen-sasl-perl 2.1900-1
pn libdbd-pg-perl <none>
ii libgitlab-api-v4-perl 0.27-1
pn libterm-size-perl <none>
ii libtimedate-perl 2.3300-2
ii libyaml-libyaml-perl 0.903.0+ds-1
ii mmdebstrap 1.5.7-3
pn mutt <none>
ii openssh-client [ssh-client] 1:10.0p1-8
ii piuparts 1.6.0
pn postgresql-client <none>
pn pristine-lfs <none>
ii python3-debianbts 4.1.1
pn python3-pycurl <none>
ii quilt 0.68-1
pn ratt <none>
pn reprotest <none>
pn svn-buildpackage <none>
pn w3m <none>
-- no debconf information
--
GPG Fingerprint
3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
signature.asc
Description: This is a digitally signed message part
