Package: shc Version: 3.9.6-1 Severity: normal Tags: patch pending [Replace XX with correct value]
Dear maintainer, I've prepared an NMU for shc (versioned as 4.0.3-0.1) and uploaded it to DELAYED/XX. Please feel free to tell me if I should delay it longer. Regards. diff -Nru shc-3.9.6/aclocal.m4 shc-4.0.3/aclocal.m4 --- shc-3.9.6/aclocal.m4 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/aclocal.m4 2019-07-01 13:37:08.000000000 -0300 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- +# generated automatically by aclocal 1.16.1 -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2014 Free Software Foundation, Inc. +# Copyright (C) 2002-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,10 +32,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.15' +[am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.15], [], +m4_if([$1], [1.16.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,14 +51,14 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.15])dnl +[AM_AUTOMAKE_VERSION([1.16.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -110,7 +110,7 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -141,7 +141,7 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -332,13 +332,12 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. - # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], @@ -346,49 +345,41 @@ # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + AS_CASE([$CONFIG_FILES], + [*\'*], [eval set x "$CONFIG_FILES"], + [*], [set x $CONFIG_FILES]) shift - for mf + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf do # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line + am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`AS_DIRNAME("$mf")` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`AS_DIRNAME(["$file"])` - AS_MKDIR_P([$dirpart/$fdir]) - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`AS_DIRNAME(["$am_mf"])` + am_filepart=`AS_BASENAME(["$am_mf"])` + AM_RUN_LOG([cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles]) || am_rc=$? done + if test $am_rc -ne 0; then + AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking).]) + fi + AS_UNSET([am_dirpart]) + AS_UNSET([am_filepart]) + AS_UNSET([am_mf]) + AS_UNSET([am_rc]) + rm -f conftest-deps.mk } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS @@ -397,18 +388,17 @@ # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # -# This code is only required when automatic dependency tracking -# is enabled. FIXME. This creates each '.P' file that we will -# need in order to bootstrap the dependency handling code. +# This code is only required when automatic dependency tracking is enabled. +# This creates each '.Po' and '.Plo' makefile fragment that we'll need in +# order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], - [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) -]) + [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -495,8 +485,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: -# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html> -# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html> +# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html> +# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html> AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target (and possibly the TAP driver). The # system "awk" is bad on some platforms. @@ -563,7 +553,7 @@ Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: <http://www.gnu.org/software/coreutils/>. +that behaves properly: <https://www.gnu.org/software/coreutils/>. If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM @@ -605,7 +595,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -626,7 +616,7 @@ fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 2003-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -647,7 +637,7 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -655,49 +645,42 @@ # AM_MAKE_INCLUDE() # ----------------- -# Check to see how make treats includes. +# Check whether make has an 'include' directive that can support all +# the idioms we need for our automatic dependency tracking code. AC_DEFUN([AM_MAKE_INCLUDE], -[am_make=${MAKE-make} -cat > confinc << 'END' +[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive]) +cat > confinc.mk << 'END' am__doit: - @echo this is the am__doit target + @echo this is the am__doit target >confinc.out .PHONY: am__doit END -# If we don't find an include directive, just comment out the code. -AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= -_am_result=none -# First try GNU make style include. -echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac -# Now try BSD make style include. -if test "$am__include" = "#"; then - echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD - ;; - esac -fi -AC_SUBST([am__include]) -AC_SUBST([am__quote]) -AC_MSG_RESULT([$_am_result]) -rm -f confinc confmf -]) +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out]) + AS_CASE([$?:`cat confinc.out 2>/dev/null`], + ['0:this is the am__doit target'], + [AS_CASE([$s], + [BSD], [am__include='.include' am__quote='"'], + [am__include='include' am__quote=''])]) + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +AC_MSG_RESULT([${_am_result}]) +AC_SUBST([am__include])]) +AC_SUBST([am__quote])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -736,7 +719,7 @@ # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -765,7 +748,7 @@ AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -812,7 +795,7 @@ # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -831,7 +814,7 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -912,7 +895,7 @@ rm -f conftest.file ]) -# Copyright (C) 2009-2014 Free Software Foundation, Inc. +# Copyright (C) 2009-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -972,7 +955,7 @@ _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1000,7 +983,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2014 Free Software Foundation, Inc. +# Copyright (C) 2006-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1019,7 +1002,7 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru shc-3.9.6/AUTHORS shc-4.0.3/AUTHORS --- shc-3.9.6/AUTHORS 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/AUTHORS 2019-07-01 13:37:08.000000000 -0300 @@ -1,2 +1,3 @@ Francisco Garcia <fro...@fi.upm.es> MD. JAHIDUL HAMID <jahidulha...@yahoo.com> +intika <int...@librefox.org> diff -Nru shc-3.9.6/ChangeLog shc-4.0.3/ChangeLog --- shc-3.9.6/ChangeLog 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/ChangeLog 2019-07-01 13:37:08.000000000 -0300 @@ -1,5 +1,33 @@ CHANGES +4.0.3 Tue Nov 20 08:22:20 UTC 2018 + + * Enhance -H flag by intika <https://github.com/intika> (Hide commands arguments from ps and cmdline) + * Remove -s flag (experimental feature not working as expected by intika <https://github.com/intika>) + +4.0.2 Mon 01 Jul 2019 02:57:36 PM UTC + + * Fix typo + * Fix NULL-ptr dereference in shll string (Thanks to Ren Kimura<https://github.com/RKX1209>) + +4.0.1 Tue Nov 20 08:22:20 UTC 2018 + + * Add LDFLAGS environment variable (Thanks to zboszor <https://github.com/zboszor>) + +4.0.0 Mon Nov 12 16:54:56 UTC 2018 + + * Add -H option for extra security without root (Thanks to intika <https://github.com/intika>). It protects against dumping, code injection, `cat /proc/pid/cmdline`, ptrace, etc.. (only works with Bourne shell (sh) scripts with no parameter) + * Add -s option to force single process for hardening features (requires -H) <https://github.com/intika>. (only works with Bourne shell (sh) scripts with no parameter) + * dash support + +3.9.8 Sat Oct 20 17:49:28 UTC 2018 + + * Add setuid option -S (Thanks to Boon Pang <https://github.com/wombat78>) + +3.9.7 Sat Oct 20 15:25:13 UTC 2018 + + * Fix issue #58 + 3.9.6 Sat Jun 3 10:05:03 UTC 2017 * Fix issue #38 @@ -10,7 +38,7 @@ 3.9.4 Sat May 13 18:46:05 UTC 2017 - * Fix issue #23 (debian bug #861180) + * Fix issue #23 (debian bug #861180) (Thanks to original author Francisco Rosales <fro...@fi.upm.es>) 3.9.3 Sat Jul 30 18:46:34 BDT 2016 diff -Nru shc-3.9.6/config/compile shc-4.0.3/config/compile --- shc-3.9.6/config/compile 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/config/compile 2019-07-01 13:37:08.000000000 -0300 @@ -1,9 +1,9 @@ #! /bin/sh # Wrapper for compilers which do not understand '-c -o'. -scriptversion=2012-10-14.11; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # Written by Tom Tromey <tro...@cygnus.com>. # # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -255,7 +255,8 @@ echo "compile $scriptversion" exit $? ;; - cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) func_cl_wrapper "$@" # Doesn't return... ;; esac @@ -339,9 +340,9 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru shc-3.9.6/config/depcomp shc-4.0.3/config/depcomp --- shc-3.9.6/config/depcomp 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/config/depcomp 2019-07-01 13:37:08.000000000 -0300 @@ -1,9 +1,9 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2013-05-30.07; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2018 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -16,7 +16,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -783,9 +783,9 @@ # Local Variables: # mode: shell-script # sh-indentation: 2 -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru shc-3.9.6/config/install-sh shc-4.0.3/config/install-sh --- shc-3.9.6/config/install-sh 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/config/install-sh 2019-07-01 13:37:08.000000000 -0300 @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2014-09-12.12; # UTC +scriptversion=2018-03-11.20; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -271,15 +271,18 @@ fi dst=$dst_arg - # If destination is a directory, append the input filename; won't work - # if double slashes aren't ignored. + # If destination is a directory, append the input filename. if test -d "$dst"; then if test "$is_target_a_directory" = never; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst - dst=$dstdir/`basename "$src"` + dstbase=`basename "$src"` + case $dst in + */) dst=$dst$dstbase;; + *) dst=$dst/$dstbase;; + esac dstdir_status=0 else dstdir=`dirname "$dst"` @@ -288,6 +291,11 @@ fi fi + case $dstdir in + */) dstdirslash=$dstdir;; + *) dstdirslash=$dstdir/;; + esac + obsolete_mkdir_used=false if test $dstdir_status != 0; then @@ -324,14 +332,16 @@ # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) - # $RANDOM is not portable (e.g. dash); use it when possible to - # lower collision chance + # Note that $RANDOM variable is not portable (e.g. dash); Use it + # here however when possible just to lower collision chance. tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 - # As "mkdir -p" follows symlinks and we work in /tmp possibly; so - # create the $tmpdir first (and fail if unsuccessful) to make sure - # that nobody tries to guess the $tmpdir name. + # Because "mkdir -p" follows existing symlinks and we likely work + # directly in world-writeable /tmp, make sure that the '$tmpdir' + # directory is successfully created first before we actually test + # 'mkdir -p' feature. if (umask $mkdir_umask && $mkdirprog $mkdir_mode "$tmpdir" && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 @@ -434,8 +444,8 @@ else # Make a couple of temp file names in the proper directory. - dsttmp=$dstdir/_inst.$$_ - rmtmp=$dstdir/_rm.$$_ + dsttmp=${dstdirslash}_inst.$$_ + rmtmp=${dstdirslash}_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 @@ -500,9 +510,9 @@ done # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru shc-3.9.6/config/missing shc-4.0.3/config/missing --- shc-3.9.6/config/missing 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/config/missing 2019-07-01 13:37:08.000000000 -0300 @@ -1,9 +1,9 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2013-10-28.13; # UTC +scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify @@ -17,7 +17,7 @@ # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# along with this program. If not, see <https://www.gnu.org/licenses/>. # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -101,9 +101,9 @@ exit $st fi -perl_URL=http://www.perl.org/ -flex_URL=http://flex.sourceforge.net/ -gnu_software_URL=http://www.gnu.org/software +perl_URL=https://www.perl.org/ +flex_URL=https://github.com/westes/flex +gnu_software_URL=https://www.gnu.org/software program_details () { @@ -207,9 +207,9 @@ exit $st # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-time-zone: "UTC" +# time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: diff -Nru shc-3.9.6/configure shc-4.0.3/configure --- shc-3.9.6/configure 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/configure 2019-07-01 13:37:08.000000000 -0300 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for shc 3.9.6. +# Generated by GNU Autoconf 2.69 for shc 4.0.3. # # Report bugs to <http://github.com/neurobin/shc/issues>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='shc' PACKAGE_TARNAME='shc' -PACKAGE_VERSION='3.9.6' -PACKAGE_STRING='shc 3.9.6' +PACKAGE_VERSION='4.0.3' +PACKAGE_STRING='shc 4.0.3' PACKAGE_BUGREPORT='http://github.com/neurobin/shc/issues' PACKAGE_URL='' @@ -638,7 +638,6 @@ AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE -am__quote am__include DEPDIR OBJEXT @@ -694,7 +693,6 @@ docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -713,7 +711,8 @@ PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR -SHELL' +SHELL +am__quote' ac_subst_files='' ac_user_opts=' enable_option_checking @@ -767,7 +766,6 @@ sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1020,15 +1018,6 @@ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1166,7 +1155,7 @@ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1279,7 +1268,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures shc 3.9.6 to adapt to many kinds of systems. +\`configure' configures shc 4.0.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1319,7 +1308,6 @@ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1346,7 +1334,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of shc 3.9.6:";; + short | recursive ) echo "Configuration of shc 4.0.3:";; esac cat <<\_ACEOF @@ -1437,7 +1425,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -shc configure 3.9.6 +shc configure 4.0.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1863,7 +1851,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by shc $as_me 3.9.6, which was +It was created by shc $as_me 4.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2247,7 +2235,7 @@ -am__api_version='1.15' +am__api_version='1.16' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or @@ -2733,7 +2721,7 @@ # Define the identity of the package. PACKAGE='shc' - VERSION='3.9.6' + VERSION='4.0.3' cat >>confdefs.h <<_ACEOF @@ -2763,8 +2751,8 @@ # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: -# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html> -# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html> +# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html> +# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html> mkdir_p='$(MKDIR_P)' # We need awk for the "check" target (and possibly the TAP driver). The @@ -2815,7 +2803,7 @@ Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation -that behaves properly: <http://www.gnu.org/software/coreutils/>. +that behaves properly: <https://www.gnu.org/software/coreutils/>. If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM @@ -3679,45 +3667,45 @@ ac_config_commands="$ac_config_commands depfiles" - -am_make=${MAKE-make} -cat > confinc << 'END' +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } +cat > confinc.mk << 'END' am__doit: - @echo this is the am__doit target + @echo this is the am__doit target >confinc.out .PHONY: am__doit END -# If we don't find an include directive, just comment out the code. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 -$as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= -_am_result=none -# First try GNU make style include. -echo "include confinc" > confmf -# Ignore all kinds of additional output from 'make'. -case `$am_make -s -f confmf 2> /dev/null` in #( -*the\ am__doit\ target*) - am__include=include - am__quote= - _am_result=GNU - ;; -esac -# Now try BSD make style include. -if test "$am__include" = "#"; then - echo '.include "confinc"' > confmf - case `$am_make -s -f confmf 2> /dev/null` in #( - *the\ am__doit\ target*) - am__include=.include - am__quote="\"" - _am_result=BSD +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 + (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + case $?:`cat confinc.out 2>/dev/null` in #( + '0:this is the am__doit target') : + case $s in #( + BSD) : + am__include='.include' am__quote='"' ;; #( + *) : + am__include='include' am__quote='' ;; +esac ;; #( + *) : ;; - esac -fi - - -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 -$as_echo "$_am_result" >&6; } -rm -f confinc confmf +esac + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +$as_echo "${_am_result}" >&6; } # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : @@ -5311,7 +5299,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by shc $as_me 3.9.6, which was +This file was extended by shc $as_me 4.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5368,7 +5356,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -shc config.status 3.9.6 +shc config.status 4.0.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -5476,7 +5464,7 @@ # # INIT-COMMANDS # -AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" +AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" _ACEOF @@ -5922,29 +5910,35 @@ # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. - case $CONFIG_FILES in - *\'*) eval set x "$CONFIG_FILES" ;; - *) set x $CONFIG_FILES ;; - esac + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + case $CONFIG_FILES in #( + *\'*) : + eval set x "$CONFIG_FILES" ;; #( + *) : + set x $CONFIG_FILES ;; #( + *) : + ;; +esac shift - for mf + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf do # Strip MF so we end up with the name of the file. - mf=`echo "$mf" | sed -e 's/:.*$//'` - # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named 'Makefile.in', but - # some people rename them; so instead we look at the file content. - # Grep'ing the first line is not enough: some people post-process - # each Makefile.in and add a new line on top of each file to say so. - # Grep'ing the whole file is not good either: AIX grep has a line + am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. - if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then - dirpart=`$as_dirname -- "$mf" || -$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$mf" : 'X\(//\)[^/]' \| \ - X"$mf" : 'X\(//\)$' \| \ - X"$mf" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$mf" | + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`$as_dirname -- "$am_mf" || +$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$am_mf" : 'X\(//\)[^/]' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$am_mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -5962,53 +5956,48 @@ q } s/.*/./; q'` - else - continue - fi - # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running 'make'. - DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` - test -z "$DEPDIR" && continue - am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue - am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # Find all dependency output files, they are included files with - # $(DEPDIR) in their names. We invoke sed twice because it is the - # simplest approach to changing $(DEPDIR) to its actual value in the - # expansion. - for file in `sed -n " - s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do - # Make sure the directory exists. - test -f "$dirpart/$file" && continue - fdir=`$as_dirname -- "$file" || -$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$file" : 'X\(//\)[^/]' \| \ - X"$file" : 'X\(//\)$' \| \ - X"$file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$file" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ + am_filepart=`$as_basename -- "$am_mf" || +$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$am_mf" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } - /^X\(\/\/\)$/{ + /^X\/\(\/\/\)$/{ s//\1/ q } - /^X\(\/\).*/{ + /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` - as_dir=$dirpart/$fdir; as_fn_mkdir_p - # echo "creating $dirpart/$file" - echo '# dummy' > "$dirpart/$file" - done + { echo "$as_me:$LINENO: cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles" >&5 + (cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } || am_rc=$? done + if test $am_rc -ne 0; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking). +See \`config.log' for more details" "$LINENO" 5; } + fi + { am_dirpart=; unset am_dirpart;} + { am_filepart=; unset am_filepart;} + { am_mf=; unset am_mf;} + { am_rc=; unset am_rc;} + rm -f conftest-deps.mk } ;; diff -Nru shc-3.9.6/configure.ac shc-4.0.3/configure.ac --- shc-3.9.6/configure.ac 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/configure.ac 2019-07-01 13:37:08.000000000 -0300 @@ -1,4 +1,4 @@ -AC_INIT([shc], [3.9.6], [http://github.com/neurobin/shc/issues]) +AC_INIT([shc], [4.0.3], [http://github.com/neurobin/shc/issues]) AC_CONFIG_AUX_DIR(config) #prefix="/usr" AC_CONFIG_SRCDIR([src/shc.c]) diff -Nru shc-3.9.6/debian/changelog shc-4.0.3/debian/changelog --- shc-3.9.6/debian/changelog 2018-07-08 16:11:21.000000000 -0300 +++ shc-4.0.3/debian/changelog 2019-10-17 13:47:33.000000000 -0300 @@ -1,3 +1,35 @@ +shc (4.0.3-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream version 4.0.3 + * Using new DH level format. Consequently: + - debian/compat: removed. + - debian/control: changed from 'debhelper' to 'debhelper-compat' in + Build-Depends field and bumped level to 12. + * debian/control: + - Added 'Rules-Requires-Root: no' to debian/control source stanza. + - Bumped Standards-Version to 4.4.1. + - Updated upstream address in Homepage field. + - Updated VCS fields to use Salsa. + * debian/copyright: + - Added a comment in header to quote the original upstream homepage. + - Added rights for all upstreams. + - Added Upstream-Contact field. + - Fixed rights for packagers. + * debian/rules: + - Created override_dh_auto_test target to avoid a FTBFS because the + upstream test procedure fail. + - Enabled DEB_BUILD_MAINT_OPTIONS variable to provide a full hardening to + final binary. + - Removed all trash. + * debian/tests/*: created to provide some trivial CI tests. + * debian/upstream/signing-key.asc: removed because the upstream didn't sign + the tarballs since 3.9.6 version. Currently, it can result in a rejection + when uploading the package. + * debian/watch: remade to look at releases instead of tags. + + -- Joao Eriberto Mota Filho <eribe...@debian.org> Thu, 17 Oct 2019 13:47:33 -0300 + shc (3.9.6-1) unstable; urgency=medium * Fix for infinite loop (Closes: #861180) diff -Nru shc-3.9.6/debian/compat shc-4.0.3/debian/compat --- shc-3.9.6/debian/compat 2018-07-08 16:11:21.000000000 -0300 +++ shc-4.0.3/debian/compat 1969-12-31 21:00:00.000000000 -0300 @@ -1 +0,0 @@ -11 diff -Nru shc-3.9.6/debian/control shc-4.0.3/debian/control --- shc-3.9.6/debian/control 2018-07-08 16:11:21.000000000 -0300 +++ shc-4.0.3/debian/control 2019-10-17 13:47:33.000000000 -0300 @@ -2,11 +2,12 @@ Section: devel Priority: optional Maintainer: Tong Sun <suntong...@users.sourceforge.net> -Build-Depends: debhelper (>= 11) -Standards-Version: 4.1.5 -Homepage: http://neurobin.github.io/shc -Vcs-Git: https://github.com/neurobin/shc.git -Vcs-Browser: https://github.com/neurobin/shc.git +Build-Depends: debhelper-compat (= 12) +Standards-Version: 4.4.1 +Rules-Requires-Root: no +Homepage: https://neurobin.org/projects/softwares/unix/shc/ +Vcs-Browser: https://salsa.debian.org/debian/shc +Vcs-Git: https://salsa.debian.org/debian/shc.git Package: shc Architecture: any diff -Nru shc-3.9.6/debian/copyright shc-4.0.3/debian/copyright --- shc-3.9.6/debian/copyright 2018-07-08 16:11:21.000000000 -0300 +++ shc-4.0.3/debian/copyright 2019-10-17 13:47:33.000000000 -0300 @@ -1,15 +1,19 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: shc +Upstream-Contact: https://github.com/neurobin/shc/issues Source: https://github.com/neurobin/shc +Comment: The original repository (from initial upstream) is + https://www.datsi.fi.upm.es/~frosal/sources/ Files: * -Copyright: 2017 Md Jahidul Hamid <jahidulha...@yahoo.com> +Copyright: 1994-2015 Francisco Javier Rosales GarcÃa <fro...@fi.upm.es> + 2015-2019 Md Jahidul Hamid <jahidulha...@yahoo.com> + 2018-2019 Intika <int...@librefox.org> License: GPL-3+ Files: debian/* -Copyright: - Copyright 2018 Tong Sun <suntong...@users.sourceforge.net> - Copyright 2017 Md Jahidul Hamid <jahidulha...@yahoo.com> +Copyright: 2014-2018 Tong Sun <suntong...@users.sourceforge.net> + 2019 Joao Eriberto Mota Filho <eribe...@debian.org> License: GPL-3+ License: GPL-3+ diff -Nru shc-3.9.6/debian/rules shc-4.0.3/debian/rules --- shc-3.9.6/debian/rules 2018-07-08 16:11:21.000000000 -0300 +++ shc-4.0.3/debian/rules 2019-10-17 13:47:33.000000000 -0300 @@ -1,17 +1,9 @@ #!/usr/bin/make -f -# See debhelper(7) (uncomment to enable) -# output every command that modifies files on the build system. #export DH_VERBOSE = 1 -# see FEATURE AREAS in dpkg-buildflags(1) -#export DEB_BUILD_MAINT_OPTIONS = hardening=+all - -# see ENVIRONMENT in dpkg-buildflags(1) -# package maintainers to append CFLAGS -#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic -# package maintainers to append LDFLAGS -#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed - +export DEB_BUILD_MAINT_OPTIONS = hardening=+all %: dh $@ + +override_dh_auto_test: diff -Nru shc-3.9.6/debian/tests/control shc-4.0.3/debian/tests/control --- shc-3.9.6/debian/tests/control 1969-12-31 21:00:00.000000000 -0300 +++ shc-4.0.3/debian/tests/control 2019-10-17 13:47:33.000000000 -0300 @@ -0,0 +1,10 @@ +Test-Command: shc -A +Restrictions: allow-stderr + +Test-Command: shc -C +Restrictions: allow-stderr + +Test-Command: shc -h +Restrictions: allow-stderr + +Tests: fire.sh diff -Nru shc-3.9.6/debian/tests/fire.sh shc-4.0.3/debian/tests/fire.sh --- shc-3.9.6/debian/tests/fire.sh 1969-12-31 21:00:00.000000000 -0300 +++ shc-4.0.3/debian/tests/fire.sh 2019-10-17 13:47:33.000000000 -0300 @@ -0,0 +1,8 @@ +#!/bin/bash + +TDIR=debian/tests + +cp $TDIR/script.sh $AUTOPKGTEST_TMP +cd $AUTOPKGTEST_TMP +shc -rUf script.sh +[ -e script.sh ] && ./script.sh.x | grep x5fgtH7 || exit 1 diff -Nru shc-3.9.6/debian/tests/script.sh shc-4.0.3/debian/tests/script.sh --- shc-3.9.6/debian/tests/script.sh 1969-12-31 21:00:00.000000000 -0300 +++ shc-4.0.3/debian/tests/script.sh 2019-10-17 13:47:33.000000000 -0300 @@ -0,0 +1,4 @@ +#!/bin/bash + +echo It is a test x5fgtH7 +exit 0 diff -Nru shc-3.9.6/debian/upstream/signing-key.asc shc-4.0.3/debian/upstream/signing-key.asc --- shc-3.9.6/debian/upstream/signing-key.asc 2018-07-08 16:11:21.000000000 -0300 +++ shc-4.0.3/debian/upstream/signing-key.asc 1969-12-31 21:00:00.000000000 -0300 @@ -1,75 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQINBFiNDmcBEADcNhftA7nyUTWsYGxTrMRK9mzSyXyFKmomUjo/sGul+lc4Ymnj -Kkq3yXuWmizZO2TkE2EX8K6WUlhwgswWXyXrI39pF2StgU0duk/YVwkL3sL4HGQl -IxAv80QADCBhCbYblUj+9l/too94Yb76oflyLYlfxSmyA+Kc3eH9aQ52n4QjiNO9 -+pZsGKJ6/N5riXnf5s3CgOrX9q2z5pH7n3GoZxhy286EcURB0F61+HxfkxmcgKQ+ -tdhxRFoysWPrjQb3TVpzQ2ZFJJkX+ukQw+AXe8uST2dtZEc2qizdVGPKP7TZOiy9 -XKXyL2KxNlYEHRT6VuON8BAZ4WJnBKNBmM5w2UAksZTr9msYOK8hu4wlSp7hTba9 -3GgGh7og9pXtBFzKZtgW2jkBSomHjlX6WGNAykR1M551cEiY3lzhSIMVgUCFOXSF -WYLZ5di0Yu1KYzaogxFF3IKUebg3hSDpqEFR72n45k0zqh6DpoBhq5rkOw767ofu -HTEbGhR4tPBunyFalfZzhGZQBs7WlgMY6iLz5Nks5nNVNTAPh9vNbZ/FC1zLQ+ts -8DYUulpCgtA3Q7JGq9cU63NVyp2VYqvIq1KSbSP1IcqKZJfZxaPGDbyDOS0Z58Aa -2ONB0u14OYnlrzLa0xknSVbAj5Cd1FPat71LG1R9APBr6bysqqTi7/4NTwARAQAB -tDRNZCBKYWhpZHVsIEhhbWlkIChuZXVyb2JpbikgPGphaGlkdWxoYW1pZEB5YWhv -by5jb20+iQI+BBMBAgAoBQJYjQ5nAhsDBQk/U/yABgsJCAcDAgYVCAIJCgsEFgID -AQIeAQIXgAAKCRCkospba9qocQ5/D/wNUbiuoGXhQTXbTvFj6x11octErw8Ez8ZK -/tsy5KnzIRK82HnEqsk8aAlCQ7LAD6bN/N7no/oaz09pRy9uywysPyd8hf7z+r50 -GViCt/7btjySCytL8g8PBniM+MFS2Lw2+FUT/JFurwxID/jTIE3YSi8KzrUy5ji0 -s2R9rq9W3UNtZvFfp+DvdKA3W74azsNjphQqDBBek7GMdlJV3a66lGUCNg43JchO -lS7VeovLE/sYAx9F6n8sa194NO7Aek9DIFUkNlaslKIoqfYetoGlyNUa95sOIZ4c -TUxylFa4d6s5IEtAddCqBrvOxlsdJnN0qbfTHZ1247aNgV2erV1i86DnzyQgOn3J -ABRr7CClGD4u3JRNkblexxvI0XVrLjltn9ciC8ANOiyYlr7CDZdmMTH0QJoEB9t0 -kK1pZ6SXlFosBSrPRSYchHG4+uHXHurom5La424VfC39UDnWcG6YhruvdUQANWzz -RJhq952ceBdnY4YnBUIUioIK26oxoqmZB1xq+i2Qg6IA+cvRGrqOsoEvAx5o3EDJ -s93vVB9iMtCgKb0epgK/PvL6Kfb2J56GQm5qbyJ5ZPG/UxKRmRljOyuTHrQnehVM -UIWg5u2EwgLnSvJiT3dxQ6ueOR+qfyS9BdZR2HavLx1llQnbdYd6f21X20C2+Iwd -bZTpVpBtyrkCDQRYjQ5nARAA0QSrZuheYX/JfBj2GYDSfHFHZ8CejyyYCk0HUKwV -JeueuYKH8Gvn5ZNMfYb7QndiVIWGzVrYatvuJL4U0K/k/1JcwdJ0if8A+Oico2Ax -dQWXS0/5ngVJ5/PWmp9wjC/FmYvpt7oJoSnsAlhGo95Oa9syi/DDot3K7tWQdltO -g9qEzqgO2/tRbwx4SIR9OJ2GSC+ddZocneDzIzE9VAXw3hRUR74MC9EikyXqqqm1 -V/cLfYIFsfZZQDgx+rPZRI/kh3vZUJ++cuiZrS7x4Jy6hoLSpQBF2nr0xh3aCNRt -OfanhRkO3RJ2ubLqZ6pOk4vcRTmb+8pQC1ZDORZNbbGEvY/nc4k0Bq6vI/fQOAJS -TN4lf06eEv8Qkxml4Iimx6vebkHFCwsM9BhBaUuNPiGr7rWyTT2IbYSuFTOHdzla -nqD1wZbvBVZDe83ObkxTGKhtJb1pSDU4VRNKgpP3A/tWAR+vkoaH3KLsbA9iBkdj -JGPNMwXp03QqmO526e+PGb+yiY6f6ZD9dCQ48UKl8gIvDjvQUyD9CGVTgmdgCtpV -5qeFDC3/TdyWElvn8MChaEJ5lP2U41a1vP7vJPn8svNImYIUuAC0KjzuQzZwXhoS -6UWV/OSxqIaXQQNKedaUfiVUv0Pbq9WbYhHdMbWHsmN+cLAm1zPnp0OXSBHBUFqc -FykAEQEAAYkCJQQYAQIADwUCWI0OZwIbDAUJP1P8gAAKCRCkospba9qocfJ4EACT -066MYmBcAHPyvrMvvIUPD29Q7SJT3/rXg6C5ydppuqF15fvfgDk+ap1DPfF3JDqO -YAJZ13iIkK20zhGl6RRS4AwpBaPBGWd26YaP74bp9mbhomQi/5h/KoDlBv116SQD -H9KD13MjuwYj2q12ItIeuaBcSwGQEeBIA4hVzj8xkLWC+XYEYhLh6GAL7dsRUPrZ -ROAPIGn7nFoaiQoRLsCUa3jstApZZj0E9BSnGNE77NW46V7Fitca75zMVDeUxqb1 -A/AEpES2l5O0qkCtKdjgxPmDbIAVmKW58I0CNI/Qpm4tgf7c0Yh/4L5oWTxbBjQH -RXXnQyUuFQ7uV8/+nqNdeD/e3ZkMnoOxrfHPd2XRS4PRfHL+P14mhhE4zGfY94kU -3ZPLnHQ+hFBXikCku4ybKo+QCt54te5KbtcQBD6U5C9Hh2Lcaxq9Or5j5YxJ/r4I -q5tPW9AQijEcJcTcupoDxN6NDH/tjXvEAie/8KB+hqWMWF++o5UngfSEBabcH1ZJ -qUFhc9euGz6HcmuIEoFY01U/ucUHeP+EoB23Qvm4LCs/gCBgt3r88lZtuZCQF1iJ -DKQYL2LCfpYBbJqlOAslJI5QtknugxIWcWz/B1CSvVeuz5LyJ38WPylgLkxRzpCB -s8Dk3U8FQhy6PwK34VYcdMvPou50iN7Ji7fQl88XUbkCDQRYjRTPARAAxnGeM6j5 -+z/tdyulc08VUZPumLTMSBG0bdFif7PYawCxU/xrHCSIW4Ob0iaVb/1PCA7SLBgf -XnL7xMsI4e65BH1R8KInOKbwEB3F0ZdHHAfEbdGcxiwM4/5W4Tv+nlpt51rvNDQq -+JjirWtCcpvxL3/kkODetwqPw1GtWTy6QUXMFGXTL8h/JJnAxfyX1VY40A/nMTAa -2Wo4IxJ1va5EmBxcDbyIiIgaZNFIJW8ngqjOSsdKZt7s++XSaVClF89q5t27qf/P -TRdY4TApU+7t+vzRkRnRXopW7UvtaoOlov6C8bdT0uiFXBWaUK5tU5/T5FQc/HAZ -+cOrB3IZlqDKst5+4ao0+Vu7bJVXYGHE6Fnd6Sgh5z+nt6MNT/P3gYhK1Qwn3voI -DjjunvWm8qzHqwFGkars+mHWTwnVrTLA46auMOGT/Net/zRVPnVGqiZtbSfbOmwf -su2RH+LuqXEn+KDvhpe/1HTZLIWEnylehp8nVBX1zN4MCJvN8DlSMIqHj+XdwLiO -LsN7q7bwaG0ZU1bc9DpPZI8Rfb+LcG6F75FNf3VrRwk2Dh5qE7/1dABYdNPQEPur -N7LOH51xLPph6BG4cbU8MOwdK7Ubuuo9eJNq6z5CVzgEMDon+5df+Q7oE2gUSSfC -ejnsJogaer+BgT5A9X05ckS866iHJGQx7gcAEQEAAYkCJQQYAQgADwUCWI0UzwIb -DAUJawqEgAAKCRCkospba9qocaeDD/9iDgTA56qmeXLCuB1Gadd/qwwt05q72egZ -F6cwRJX/V/DRCuxzLFuzJ9yjlV+smmqdZj/Hk8vO4zaxzN6mVamyKFJTP4Xdxvor -ulivQhZxyfJtH/5PGPZQPFkoQcrrcL5ujjYUKViTEdkzJlGDEnm0+eZmS0DmUiw/ -/sQa/wqszvK43zDVaA4jmYJqINy/3Bmts6Tst+PC7EKTur53ZyWMQhTjhc9iNiDY -vidl9VlsQpV8QPQuI2CmQ+iiuVbOuqAntO2biXD3P79xb4W2mJznO2g0SL/BU0n3 -DVs4IoQaYefKfbe2Yxk3isFo1SUxum7MabUQuYtYSdmvw86kLzo+YIHunW8+8t0w -dwQ+vePcSbVQpaNfyI376pnd/4doQd5ay4qgvB4HhCFHZM72+PlN10KCjf8Qnn4U -guIzKN1rU1N9pWc2a2xflxw3FLvz3k3gTcSB5wbHukHp754vBc5JEU4kyTdxBJJF -+IITS1QZOz32XfdvMTq3ZgK4L1vZl/ji6YyItjmH9CNItwNqOONzQ9GrczJ9sEaX -ouXGS/hhCrpIbLLlm4eVEyxzui8UwDgrBoplNbWVwD5qbcJwmON7anvMMyxRewhs -v9SM9XTJ026xP27/GVRsaqOYonFRNapMY0+At2KFYrygAcNcItFI9UIYF+h58O6V -mupr2aYLJw== -=v56J ------END PGP PUBLIC KEY BLOCK----- diff -Nru shc-3.9.6/debian/watch shc-4.0.3/debian/watch --- shc-3.9.6/debian/watch 2018-07-08 16:11:21.000000000 -0300 +++ shc-4.0.3/debian/watch 2019-10-17 13:47:33.000000000 -0300 @@ -1,6 +1,2 @@ version=4 -opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/shc-$1.tar.gz/,\ -pgpsigurlmangle=s/archive.*\//releases\/download\//;\ -s/v?(\d\S*)\.tar\.gz/$1\/shc-$1.tar.gz/;\ -s/$/.asc/ \ - https://github.com/neurobin/shc/tags .*/v?(\d\S*)\.tar\.gz +https://github.com/neurobin/shc/releases .*/archive/(?:shc-|v)?(\d\S+)\.tar\.(?:bz2|gz|xz) diff -Nru shc-3.9.6/INSTALL shc-4.0.3/INSTALL --- shc-3.9.6/INSTALL 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/INSTALL 2019-07-01 13:37:08.000000000 -0300 @@ -1,8 +1,8 @@ Installation Instructions ************************* -Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, -Inc. + Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software +Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright @@ -12,97 +12,96 @@ Basic Installation ================== - Briefly, the shell command `./configure && make && make install' + Briefly, the shell command './configure && make && make install' should configure, build, and install this package. The following -more-detailed instructions are generic; see the `README' file for +more-detailed instructions are generic; see the 'README' file for instructions specific to this package. Some packages provide this -`INSTALL' file but do not implement all of the features documented +'INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. - The `configure' shell script attempts to guess correct values for + The 'configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that +those values to create a 'Makefile' in each directory of the package. +It may also create one or more '.h' files containing system-dependent +definitions. Finally, it creates a shell script 'config.status' that you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). +file 'config.log' containing compiler output (useful mainly for +debugging 'configure'). - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. Caching is -disabled by default to prevent problems with accidental use of stale -cache files. + It can also use an optional file (typically called 'config.cache' and +enabled with '--cache-file=config.cache' or simply '-C') that saves the +results of its tests to speed up reconfiguring. Caching is disabled by +default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can +to figure out how 'configure' could check whether to do them, and mail +diffs or instructions to the address given in the 'README' so they can be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you +some point 'config.cache' contains results you don't want to keep, you may remove or edit it. - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You need `configure.ac' if -you want to change it or regenerate `configure' using a newer version -of `autoconf'. + The file 'configure.ac' (or 'configure.in') is used to create +'configure' by a program called 'autoconf'. You need 'configure.ac' if +you want to change it or regenerate 'configure' using a newer version of +'autoconf'. The simplest way to compile this package is: - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. + 1. 'cd' to the directory containing the package's source code and type + './configure' to configure the package for your system. - Running `configure' might take a while. While running, it prints + Running 'configure' might take a while. While running, it prints some messages telling which features it is checking for. - 2. Type `make' to compile the package. + 2. Type 'make' to compile the package. - 3. Optionally, type `make check' to run any self-tests that come with + 3. Optionally, type 'make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. - 4. Type `make install' to install the programs and any data files and + 4. Type 'make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular - user, and only the `make install' phase executed with root + user, and only the 'make install' phase executed with root privileges. - 5. Optionally, type `make installcheck' to repeat any self-tests, but + 5. Optionally, type 'make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a - regular user, particularly if the prior `make install' required + regular user, particularly if the prior 'make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly + source code directory by typing 'make clean'. To also remove the + files that 'configure' created (so you can compile the package for + a different kind of computer), type 'make distclean'. There is + also a 'make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. - 7. Often, you can also type `make uninstall' to remove the installed + 7. Often, you can also type 'make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. - 8. Some packages, particularly those that use Automake, provide `make + 8. Some packages, particularly those that use Automake, provide 'make distcheck', which can by used by developers to test that all other - targets like `make install' and `make uninstall' work correctly. + targets like 'make install' and 'make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that -the `configure' script does not know about. Run `./configure --help' +the 'configure' script does not know about. Run './configure --help' for details on some of the pertinent environment variables. - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: + You can give 'configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here is +an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix @@ -113,21 +112,21 @@ You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. To do this, you can use GNU `make'. `cd' to the +own directory. To do this, you can use GNU 'make'. 'cd' to the directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. This -is known as a "VPATH" build. +the 'configure' script. 'configure' automatically checks for the source +code in the directory that 'configure' is in and in '..'. This is known +as a "VPATH" build. - With a non-GNU `make', it is safer to compile the package for one + With a non-GNU 'make', it is safer to compile the package for one architecture at a time in the source code directory. After you have -installed the package for one architecture, use `make distclean' before +installed the package for one architecture, use 'make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or -"universal" binaries--by specifying multiple `-arch' options to the -compiler but only a single `-arch' option to the preprocessor. Like +"universal" binaries--by specifying multiple '-arch' options to the +compiler but only a single '-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ @@ -136,105 +135,104 @@ This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results -using the `lipo' tool if you have problems. +using the 'lipo' tool if you have problems. Installation Names ================== - By default, `make install' installs the package's commands under -`/usr/local/bin', include files under `/usr/local/include', etc. You -can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX', where PREFIX must be an + By default, 'make install' installs the package's commands under +'/usr/local/bin', include files under '/usr/local/include', etc. You +can specify an installation prefix other than '/usr/local' by giving +'configure' the option '--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -pass the option `--exec-prefix=PREFIX' to `configure', the package uses +pass the option '--exec-prefix=PREFIX' to 'configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. In general, the -default for these options is expressed in terms of `${prefix}', so that -specifying just `--prefix' will affect all of the other directory +options like '--bindir=DIR' to specify different values for particular +kinds of files. Run 'configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the default +for these options is expressed in terms of '${prefix}', so that +specifying just '--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the -correct locations to `configure'; however, many packages provide one or +correct locations to 'configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the -`make install' command line to change installation locations without +'make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each -affected directory. For example, `make install +affected directory. For example, 'make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of -`${prefix}'. Any directories that were specified during `configure', -but not in terms of `${prefix}', must each be overridden at install -time for the entire installation to be relocated. The approach of -makefile variable overrides for each directory variable is required by -the GNU Coding Standards, and ideally causes no recompilation. -However, some platforms have known limitations with the semantics of -shared libraries that end up requiring recompilation when using this -method, particularly noticeable in packages that use GNU Libtool. - - The second method involves providing the `DESTDIR' variable. For -example, `make install DESTDIR=/alternate/directory' will prepend -`/alternate/directory' before all installation names. The approach of -`DESTDIR' overrides is not required by the GNU Coding Standards, and +'${prefix}'. Any directories that were specified during 'configure', +but not in terms of '${prefix}', must each be overridden at install time +for the entire installation to be relocated. The approach of makefile +variable overrides for each directory variable is required by the GNU +Coding Standards, and ideally causes no recompilation. However, some +platforms have known limitations with the semantics of shared libraries +that end up requiring recompilation when using this method, particularly +noticeable in packages that use GNU Libtool. + + The second method involves providing the 'DESTDIR' variable. For +example, 'make install DESTDIR=/alternate/directory' will prepend +'/alternate/directory' before all installation names. The approach of +'DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even -when some directory options were not specified in terms of `${prefix}' -at `configure' time. +when some directory options were not specified in terms of '${prefix}' +at 'configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. +with an extra prefix or suffix on their names by giving 'configure' the +option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. - Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the + Some packages pay attention to '--enable-FEATURE' options to +'configure', where FEATURE indicates an optional part of the package. +They may also pay attention to '--with-PACKAGE' options, where PACKAGE +is something like 'gnu-as' or 'x' (for the X Window System). The +'README' should mention any '--enable-' and '--with-' options that the package recognizes. - For packages that use the X Window System, `configure' can usually + For packages that use the X Window System, 'configure' can usually find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. +you can use the 'configure' options '--x-includes=DIR' and +'--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the -execution of `make' will be. For these packages, running `./configure +execution of 'make' will be. For these packages, running './configure --enable-silent-rules' sets the default to minimal output, which can be -overridden with `make V=1'; while running `./configure +overridden with 'make V=1'; while running './configure --disable-silent-rules' sets the default to verbose, which can be -overridden with `make V=0'. +overridden with 'make V=0'. Particular systems ================== - On HP-UX, the default C compiler is not ANSI C compatible. If GNU -CC is not installed, it is recommended to use the following options in + On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC +is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. - HP-UX `make' updates targets which have the same time stamps as -their prerequisites, which makes it generally unusable when shipped -generated files such as `configure' are involved. Use GNU `make' -instead. + HP-UX 'make' updates targets which have the same time stamps as their +prerequisites, which makes it generally unusable when shipped generated +files such as 'configure' are involved. Use GNU 'make' instead. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot -parse its `<wchar.h>' header file. The option `-nodtk' can be used as -a workaround. If GNU CC is not installed, it is therefore recommended -to try +parse its '<wchar.h>' header file. The option '-nodtk' can be used as a +workaround. If GNU CC is not installed, it is therefore recommended to +try ./configure CC="cc" @@ -242,26 +240,26 @@ ./configure CC="cc -nodtk" - On Solaris, don't put `/usr/ucb' early in your `PATH'. This + On Solaris, don't put '/usr/ucb' early in your 'PATH'. This directory contains several dysfunctional programs; working variants of -these programs are available in `/usr/bin'. So, if you need `/usr/ucb' -in your `PATH', put it _after_ `/usr/bin'. +these programs are available in '/usr/bin'. So, if you need '/usr/ucb' +in your 'PATH', put it _after_ '/usr/bin'. - On Haiku, software installed for all users goes in `/boot/common', -not `/usr/local'. It is recommended to use the following options: + On Haiku, software installed for all users goes in '/boot/common', +not '/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== - There may be some features `configure' cannot figure out + There may be some features 'configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the -_same_ architectures, `configure' can figure that out, but if it prints +_same_ architectures, 'configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: +'--build=TYPE' option. TYPE can either be a short name for the system +type, such as 'sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM @@ -270,101 +268,101 @@ OS KERNEL-OS - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't + See the file 'config.sub' for the possible values of each field. If +'config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should -use the option `--target=TYPE' to select the type of system they will +use the option '--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. +eventually be run) with '--host=TYPE'. Sharing Defaults ================ - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. + If you want to set default values for 'configure' scripts to share, +you can create a site shell script called 'config.site' that gives +default values for variables like 'CC', 'cache_file', and 'prefix'. +'configure' looks for 'PREFIX/share/config.site' if it exists, then +'PREFIX/etc/config.site' if it exists. Or, you can set the +'CONFIG_SITE' environment variable to the location of the site script. +A warning: not all 'configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run +environment passed to 'configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: +them in the 'configure' command line, using 'VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc -causes the specified `gcc' to be used as the C compiler (unless it is +causes the specified 'gcc' to be used as the C compiler (unless it is overridden in the site shell script). -Unfortunately, this technique does not work for `CONFIG_SHELL' due to -an Autoconf limitation. Until the limitation is lifted, you can use -this workaround: +Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an +Autoconf limitation. Until the limitation is lifted, you can use this +workaround: CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash -`configure' Invocation +'configure' Invocation ====================== - `configure' recognizes the following options to control how it + 'configure' recognizes the following options to control how it operates. -`--help' -`-h' - Print a summary of all of the options to `configure', and exit. +'--help' +'-h' + Print a summary of all of the options to 'configure', and exit. -`--help=short' -`--help=recursive' +'--help=short' +'--help=recursive' Print a summary of the options unique to this package's - `configure', and exit. The `short' variant lists options used - only in the top level, while the `recursive' variant lists options - also present in any nested packages. - -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' + 'configure', and exit. The 'short' variant lists options used only + in the top level, while the 'recursive' variant lists options also + present in any nested packages. + +'--version' +'-V' + Print the version of Autoconf used to generate the 'configure' script, and exit. -`--cache-file=FILE' +'--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to + traditionally 'config.cache'. FILE defaults to '/dev/null' to disable caching. -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. - -`--quiet' -`--silent' -`-q' +'--config-cache' +'-C' + Alias for '--cache-file=config.cache'. + +'--quiet' +'--silent' +'-q' Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error + suppress all normal output, redirect it to '/dev/null' (any error messages will still be shown). -`--srcdir=DIR' +'--srcdir=DIR' Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. + 'configure' can determine that directory automatically. -`--prefix=DIR' - Use DIR as the installation prefix. *note Installation Names:: - for more details, including other options available for fine-tuning - the installation locations. +'--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: for + more details, including other options available for fine-tuning the + installation locations. -`--no-create' -`-n' +'--no-create' +'-n' Run the configure checks, but stop before creating any output files. -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. +'configure' also accepts some other, not widely useful, options. Run +'configure --help' for more details. diff -Nru shc-3.9.6/Makefile.am shc-4.0.3/Makefile.am --- shc-3.9.6/Makefile.am 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/Makefile.am 2019-07-01 13:37:08.000000000 -0300 @@ -1,4 +1,8 @@ +AUTOMAKE_OPTIONS = subdir-objects ACLOCAL_AMFLAGS = -I m4 SUBDIRS = src EXTRA_DIST = autogen.sh README.md .gitattributes .gitignore .travis.yml test dist_man_MANS = shc.1 + + +test: check diff -Nru shc-3.9.6/Makefile.in shc-4.0.3/Makefile.in --- shc-3.9.6/Makefile.in 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/Makefile.in 2019-07-01 13:37:08.000000000 -0300 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -162,7 +162,7 @@ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - cscope distdir dist dist-all distcheck + cscope distdir distdir-am dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -310,7 +310,6 @@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -319,6 +318,7 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +AUTOMAKE_OPTIONS = subdir-objects ACLOCAL_AMFLAGS = -I m4 SUBDIRS = src EXTRA_DIST = autogen.sh README.md .gitattributes .gitignore .travis.yml test @@ -347,8 +347,8 @@ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -509,7 +509,10 @@ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -574,7 +577,7 @@ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir @@ -600,7 +603,7 @@ @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 - shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir @@ -618,7 +621,7 @@ distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ @@ -628,7 +631,7 @@ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ - GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac @@ -827,6 +830,8 @@ .PRECIOUS: Makefile +test: check + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru shc-3.9.6/man.html shc-4.0.3/man.html --- shc-3.9.6/man.html 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/man.html 1969-12-31 21:00:00.000000000 -0300 @@ -1,146 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> -<head> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> - <meta http-equiv="Content-Style-Type" content="text/css" /> - <meta name="generator" content="pandoc" /> - <meta name="date" content="2017-05-17" /> - <title>shc(1) shc user manual</title> - <style type="text/css">code{white-space: pre;}</style> - <style type="text/css"> -div.sourceCode { overflow-x: auto; } -table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode { - margin: 0; padding: 0; vertical-align: baseline; border: none; } -table.sourceCode { width: 100%; line-height: 100%; } -td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; } -td.sourceCode { padding-left: 5px; } -code > span.kw { color: #007020; font-weight: bold; } /* Keyword */ -code > span.dt { color: #902000; } /* DataType */ -code > span.dv { color: #40a070; } /* DecVal */ -code > span.bn { color: #40a070; } /* BaseN */ -code > span.fl { color: #40a070; } /* Float */ -code > span.ch { color: #4070a0; } /* Char */ -code > span.st { color: #4070a0; } /* String */ -code > span.co { color: #60a0b0; font-style: italic; } /* Comment */ -code > span.ot { color: #007020; } /* Other */ -code > span.al { color: #ff0000; font-weight: bold; } /* Alert */ -code > span.fu { color: #06287e; } /* Function */ -code > span.er { color: #ff0000; font-weight: bold; } /* Error */ -code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */ -code > span.cn { color: #880000; } /* Constant */ -code > span.sc { color: #4070a0; } /* SpecialChar */ -code > span.vs { color: #4070a0; } /* VerbatimString */ -code > span.ss { color: #bb6688; } /* SpecialString */ -code > span.im { } /* Import */ -code > span.va { color: #19177c; } /* Variable */ -code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */ -code > span.op { color: #666666; } /* Operator */ -code > span.bu { } /* BuiltIn */ -code > span.ex { } /* Extension */ -code > span.pp { color: #bc7a00; } /* Preprocessor */ -code > span.at { color: #7d9029; } /* Attribute */ -code > span.do { color: #ba2121; font-style: italic; } /* Documentation */ -code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */ -code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */ -code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */ - </style> -</head> -<body> -<div id="header"> -<h1 class="title">shc(1) shc user manual</h1> -<h3 class="date">May 17, 2017</h3> -</div> -<hr> -<h1 id="name">NAME</h1> -<p>shc - Generic shell script compiler</p> -<h1 id="synopsis">SYNOPSIS</h1> -<p><strong>shc</strong> [ -e <em>date</em> ] [ -m <em>addr</em> ] [ -i <em>iopt</em> ] [ -x <em>cmnd</em> ] [ -l <em>lopt</em> ] [ -o <em>outfile</em> ] [ -ABCDhUv ] -f <em>script</em></p> -<h1 id="description">DESCRIPTION</h1> -<p><strong>shc</strong> creates a stripped binary executable version of the script specified with <code>-f</code> on the command line.</p> -<p>The binary version will get a <code>.x</code> extension appended by default if <em>outfile</em> is not defined with [-o <em>outfile</em>] option and will usually be a bit larger in size than the original ascii code. Generated C source code is saved in a file with the extension <code>.x.c</code> or in a file specified with appropriate option.</p> -<p>If you supply an expiration date with the <code>-e</code> option, the compiled binary will refuse to run after the date specified. The message <strong>Please contact your provider</strong> will be displayed instead. This message can be changed with the <code>-m</code> option.</p> -<p>You can compile any kind of shell script, but you need to supply valid <code>-i</code>, <code>-x</code> and <code>-l</code> options.</p> -<p>The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e. <code>#!/bin/sh</code>), thus <strong>shc</strong> does not create completely independent binaries.</p> -<p><strong>shc</strong> itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell <code>-c</code> option. Unfortunatelly, it will not give you any speed improvement as a real C program would.</p> -<p><strong>shc</strong>'s main purpose is to protect your shell scripts from modification or inspection. You can use it if you wish to distribute your scripts but don't want them to be easily readable by other people.</p> -<h1 id="options">OPTIONS</h1> -<dl> -<dt>-e <em>date</em></dt> -<dd>Expiration date in <em>dd/mm/yyyy</em> format <code>[none]</code> -</dd> -<dt>-m <em>message</em></dt> -<dd>message to display upon expiration <code>["Please contact your provider"]</code> -</dd> -<dt>-f <em>script_name</em></dt> -<dd>File path of the script to compile -</dd> -<dt>-i <em>inline_option</em></dt> -<dd>Inline option for the shell interpreter i.e: <code>-e</code> -</dd> -<dt>-x <em>command</em></dt> -<dd>eXec command, as a printf format i.e: <code>exec(\\'%s\\',@ARGV);</code> -</dd> -<dt>-l <em>last_option</em></dt> -<dd>Last shell option i.e: <code>--</code> -</dd> -<dt>-o <em>outfile</em></dt> -<dd>output to the file specified by outfile -</dd> -<dt>-r</dt> -<dd>Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use -</dd> -<dt>-v</dt> -<dd>Verbose compilation -</dd> -<dt>-D</dt> -<dd>Switch on debug exec calls -</dd> -<dt>-U</dt> -<dd>Make binary to be untraceable (using <em>strace</em>, <em>ptrace</em>, <em>truss</em>, etc.) -</dd> -<dt>-C</dt> -<dd>Display license and exit -</dd> -<dt>-A</dt> -<dd>Display abstract and exit -</dd> -<dt>-B</dt> -<dd>Compile for BusyBox -</dd> -<dt>-h</dt> -<dd>Display help and exit -</dd> -</dl> -<h1 id="environment-variables">ENVIRONMENT VARIABLES</h1> -<dl> -<dt>CC</dt> -<dd>C compiler command <code>[cc]</code> -</dd> -<dt>CFLAGS</dt> -<dd>C compiler flags <code>[none]</code> -</dd> -</dl> -<h1 id="examples">EXAMPLES</h1> -<p>Compile a script which can be run on other systems with the trace option enabled (without <code>-U</code> flag):</p> -<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -f myscript -o mybinary</code></pre></div> -<p>Compile an untraceable binary:</p> -<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -Uf myscript -o mybinary</code></pre></div> -<h1 id="bugs">BUGS</h1> -<p>The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter <code>_SC_ARG_MAX</code> (see sysconf(2))</p> -<h1 id="authors">AUTHORS</h1> -<p>Francisco Rosales <script type="text/javascript"> -<!-- -h='fi.upm.es';a='@';n='frosal';e=n+a+h; -document.write('<a h'+'ref'+'="ma'+'ilto'+':'+e+'" clas'+'s="em' + 'ail">'+e+'<\/'+'a'+'>'); -// --> -</script><noscript>frosal at fi dot upm dot es</noscript></p> -<p>Md Jahidul Hamid <script type="text/javascript"> -<!-- -h='yahoo.com';a='@';n='jahidulhamid';e=n+a+h; -document.write('<a h'+'ref'+'="ma'+'ilto'+':'+e+'" clas'+'s="em' + 'ail">'+e+'<\/'+'a'+'>'); -// --> -</script><noscript>jahidulhamid at yahoo dot com</noscript></p> -<h1 id="report-bugs-to">REPORT BUGS TO</h1> -<p><a href="https://github.com/neurobin/shc/issues" class="uri">https://github.com/neurobin/shc/issues</a></p> -</body> -</html> diff -Nru shc-3.9.6/man.md shc-4.0.3/man.md --- shc-3.9.6/man.md 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/man.md 1969-12-31 21:00:00.000000000 -0300 @@ -1,117 +0,0 @@ -% shc(1) shc user manual -% -% May 17, 2017 -<hr> - -# NAME -shc - Generic shell script compiler - -# SYNOPSIS -**shc** [ -e *date* ] [ -m *addr* ] [ -i *iopt* ] [ -x *cmnd* ] [ -l *lopt* ] [ -o *outfile* ] [ -ABCDhUv ] -f *script* - -# DESCRIPTION -**shc** creates a stripped binary executable version of the script specified with `-f` on the command line. - -The binary version will get a `.x` extension appended by default if *outfile* is not defined with [-o *outfile*] option -and will usually be a bit larger in size than the original ascii code. -Generated C source code is saved in a file with the extension `.x.c` or in a file specified with appropriate option. - -If you supply an expiration date with the `-e` option, the compiled binary will refuse to run after the date specified. -The message **Please contact your provider** will be displayed instead. This message can be changed with the `-m` option. - -You can compile any kind of shell script, but you need to supply valid `-i`, `-x` and `-l` options. - -The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e. `#!/bin/sh`), -thus **shc** does not create completely independent binaries. - -**shc** itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. -It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. -Upon execution, the compiled binary will decrypt and execute the code with the shell `-c` option. -Unfortunatelly, it will not give you any speed improvement as a real C program would. - -**shc**'s main purpose is to protect your shell scripts from modification or inspection. -You can use it if you wish to distribute your scripts but don't want them to be easily readable by other people. - -# OPTIONS - --e *date* -: Expiration date in *dd/mm/yyyy* format `[none]` - --m *message* -: message to display upon expiration `["Please contact your provider"]` - --f *script_name* -: File path of the script to compile - --i *inline_option* -: Inline option for the shell interpreter i.e: `-e` - --x *command* -: eXec command, as a printf format i.e: `exec(\\'%s\\',@ARGV);` - --l *last_option* -: Last shell option i.e: `--` - --o *outfile* -: output to the file specified by outfile - --r -: Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use - --v -: Verbose compilation - --D -: Switch on debug exec calls - --U -: Make binary to be untraceable (using *strace*, *ptrace*, *truss*, etc.) - --C -: Display license and exit - --A -: Display abstract and exit - --B -: Compile for BusyBox - --h -: Display help and exit - - -# ENVIRONMENT VARIABLES - -CC -: C compiler command `[cc]` - -CFLAGS -: C compiler flags `[none]` - - -# EXAMPLES - -Compile a script which can be run on other systems with the trace option enabled (without `-U` flag): - -```bash -shc -f myscript -o mybinary -``` - -Compile an untraceable binary: - -```bash -shc -Uf myscript -o mybinary -``` - - -# BUGS -The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter `_SC_ARG_MAX` (see sysconf(2)) - -# AUTHORS -Francisco Rosales <fro...@fi.upm.es> - -Md Jahidul Hamid <jahidulha...@yahoo.com> - -# REPORT BUGS TO -<https://github.com/neurobin/shc/issues> - diff -Nru shc-3.9.6/README.md shc-4.0.3/README.md --- shc-3.9.6/README.md 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/README.md 2019-07-01 13:37:08.000000000 -0300 @@ -13,9 +13,11 @@ ## Install -1. ./configure -2. make -3. sudo make install +```bash +./configure +make +sudo make install +``` **Note** If `make` fails due to *automake* version, run `./autogen.sh` before running the above commands. @@ -35,20 +37,45 @@ shc [options] shc -f script.sh -o binary shc -U -f script.sh -o binary # Untraceable binary (prevent strace, ptrace etc..) +shc -H -f script.sh -o binary # Untraceable binary, does not require root (only bourne shell (sh) scripts with no parameter) ``` +## The hardening flag -H + +This flag is currently in an experimental state and may not work in all systems. This flag only works for **default** shell. For example, if you compile a **bash** script with `-H` flag then the resultant executable will only work in systems where the default shell is **bash**. You may change the default shell which generally is `/bin/sh` which further is just a link to another shell like bash or dash etc. + +**Also `-H` does not work with positional parameters (yet)** + ## Testing -1. `cd` to `test` directory: `cd test` -1. Try: `shc -f test.bash -o test`, where <span class="light-quote">test.bash</span> is the bash source. -2. output binary file will be test. If no output file is specified -by the `-o` option, then it will create an executable with `.x` extension by default. +```bash +./configure +make +make check +``` -## Known bugs +## Known limitations The one (and I hope the only) limitation using shc is the _SC_ARG_MAX system configuration parameter. It limits the maximum length of the arguments to the exec function, limiting the maximum length of the runnable script of shc. !! - CHECK YOUR RESULTS CAREFULLY BEFORE USING - !! -<h3><a href="http://neurobin.github.io/shc/man.html">Man Page</a></h3> -<h3><a href="http://neurobin.github.io/shc">WebPage</a></h3> + +## Links + +1. [Man Page](http://neurobin.github.io/shc/man.html) +2. [Web Page](http://neurobin.github.io/shc) + +# Contributing + +If you want to make pull requests, please do so against the **master** branch. The default branch is **release** which should contain clean package files ready to be used. + +If you want to edit the manual, please edit the **man.md** file (available in the master branch) instead and then generate the manual file from it with the command (requires `pandoc` to be installed): + +```bash +pandoc -s man.md -t man -o shc.1 +#also run this command to generate the html manual +pandoc -s man.md -t html -o man.html +``` + +If you change anything related to autotools, please run `./autogen.sh` afterwards. diff -Nru shc-3.9.6/shc.1 shc-4.0.3/shc.1 --- shc-3.9.6/shc.1 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/shc.1 2019-07-01 13:37:08.000000000 -0300 @@ -1,7 +1,4 @@ -.\" Automatically generated by Pandoc 1.16.0.2 -.\" -.TH "shc" "1" "May 17, 2017" "shc user manual" "" -.hy +.TH "shc" "1" "January 14, 2019" "shc user manual" "" .SH NAME .PP shc \- Generic shell script compiler @@ -9,7 +6,7 @@ .PP \f[B]shc\f[] [ \-e \f[I]date\f[] ] [ \-m \f[I]addr\f[] ] [ \-i \f[I]iopt\f[] ] [ \-x \f[I]cmnd\f[] ] [ \-l \f[I]lopt\f[] ] [ \-o -\f[I]outfile\f[] ] [ \-ABCDhUv ] \-f \f[I]script\f[] +\f[I]outfile\f[] ] [ \-ABCDhUHvSr ] \-f \f[I]script\f[] .SH DESCRIPTION .PP \f[B]shc\f[] creates a stripped binary executable version of the script @@ -43,7 +40,7 @@ behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell \f[C]\-c\f[] option. -Unfortunatelly, it will not give you any speed improvement as a real C +Unfortunately, it will not give you any speed improvement as a real C program would. .PP \f[B]shc\f[]\[aq]s main purpose is to protect your shell scripts from @@ -51,98 +48,61 @@ You can use it if you wish to distribute your scripts but don\[aq]t want them to be easily readable by other people. .SH OPTIONS -.TP -.B \-e \f[I]date\f[] -Expiration date in \f[I]dd/mm/yyyy\f[] format \f[C][none]\f[] -.RS -.RE -.TP -.B \-m \f[I]message\f[] -message to display upon expiration +.PP +\-e \f[I]date\f[] : Expiration date in \f[I]dd/mm/yyyy\f[] format +\f[C][none]\f[] +.PP +\-m \f[I]message\f[] : message to display upon expiration \f[C]["Please\ contact\ your\ provider"]\f[] -.RS -.RE -.TP -.B \-f \f[I]script_name\f[] -File path of the script to compile -.RS -.RE -.TP -.B \-i \f[I]inline_option\f[] -Inline option for the shell interpreter i.e: \f[C]\-e\f[] -.RS -.RE -.TP -.B \-x \f[I]command\f[] -eXec command, as a printf format i.e: +.PP +\-f \f[I]script_name\f[] : File path of the script to compile +.PP +\-i \f[I]inline_option\f[] : Inline option for the shell interpreter +i.e: \f[C]\-e\f[] +.PP +\-x \f[I]command\f[] : eXec command, as a printf format i.e: \f[C]exec(\\\\\[aq]%s\\\\\[aq],\@ARGV);\f[] -.RS -.RE -.TP -.B \-l \f[I]last_option\f[] -Last shell option i.e: \f[C]\-\-\f[] -.RS -.RE -.TP -.B \-o \f[I]outfile\f[] -output to the file specified by outfile -.RS -.RE -.TP -.B \-r -Relax security. +.PP +\-l \f[I]last_option\f[] : Last shell option i.e: \f[C]\-\-\f[] +.PP +\-o \f[I]outfile\f[] : output to the file specified by outfile +.PP +\-r : Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use -.RS -.RE -.TP -.B \-v -Verbose compilation -.RS -.RE -.TP -.B \-D -Switch on debug exec calls -.RS -.RE -.TP -.B \-U -Make binary to be untraceable (using \f[I]strace\f[], \f[I]ptrace\f[], -\f[I]truss\f[], etc.) -.RS -.RE -.TP -.B \-C -Display license and exit -.RS -.RE -.TP -.B \-A -Display abstract and exit -.RS -.RE -.TP -.B \-B -Compile for BusyBox -.RS -.RE -.TP -.B \-h -Display help and exit -.RS -.RE +.PP +\-v : Verbose compilation +.PP +\-S : Switch ON setuid for root callable programs [OFF] +.PP +\-D : Switch on debug exec calls +.PP +\-U : Make binary to be untraceable (using \f[I]strace\f[], +\f[I]ptrace\f[], \f[I]truss\f[], etc.) +.PP +\-H : Hardening. +Extra security flag without root access requirement that protects +against dumping, code injection, \f[C]cat\ /proc/pid/cmdline\f[], +ptrace, etc.. +This feature is \f[B]experimental\f[] and may not work on all systems. +it require bourne shell (sh) scripts +any positional parameters. +.PP +\-C : Display license and exit +.PP +\-A : Display abstract and exit +.PP +\-B : Compile for BusyBox +.PP +\-h : Display help and exit .SH ENVIRONMENT VARIABLES -.TP -.B CC -C compiler command \f[C][cc]\f[] -.RS -.RE -.TP -.B CFLAGS -C compiler flags \f[C][none]\f[] -.RS -.RE +.PP +CC : C compiler command \f[C][cc]\f[] +.PP +CFLAGS : C compiler flags \f[C][none]\f[] +.PP +LDFLAGS : Linker flags \f[C][none]\f[] .SH EXAMPLES .PP Compile a script which can be run on other systems with the trace option @@ -161,7 +121,16 @@ shc\ \-Uf\ myscript\ \-o\ mybinary \f[] .fi -.SH BUGS +.PP +Compile an untraceable binary that doesn\[aq]t require root access +(experimental): +.IP +.nf +\f[C] +shc\ \-Hf\ myscript\ \-o\ mybinary +\f[] +.fi +.SH LIMITATIONS .PP The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter @@ -170,6 +139,8 @@ .PP Francisco Rosales <fro...@fi.upm.es> .PP +intika <int...@librefox.org> +.PP Md Jahidul Hamid <jahidulha...@yahoo.com> .SH REPORT BUGS TO .PP diff -Nru shc-3.9.6/src/Makefile.am shc-4.0.3/src/Makefile.am --- shc-3.9.6/src/Makefile.am 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/src/Makefile.am 2019-07-01 13:37:08.000000000 -0300 @@ -1,2 +1,7 @@ bin_PROGRAMS = shc shc_SOURCES = shc.c + + +check: shc + $(srcdir)/../test/ttest.sh ./shc + diff -Nru shc-3.9.6/src/Makefile.in shc-4.0.3/src/Makefile.in --- shc-3.9.6/src/Makefile.in 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/src/Makefile.in 2019-07-01 13:37:08.000000000 -0300 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -115,7 +115,8 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/config/depcomp -am__depfiles_maybe = depfiles +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/shc.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -236,7 +237,6 @@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ -runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -267,8 +267,8 @@ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) @@ -332,7 +332,13 @@ distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shc.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shc.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -400,7 +406,10 @@ distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -distdir: $(DISTFILES) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ @@ -472,7 +481,7 @@ clean-am: clean-binPROGRAMS clean-generic mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/shc.Po -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -518,7 +527,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -f ./$(DEPDIR)/shc.Po -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -538,7 +547,7 @@ .MAKE: install-am install-strip -.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ clean-binPROGRAMS clean-generic cscopelist-am ctags ctags-am \ distclean distclean-compile distclean-generic distclean-tags \ distdir dvi dvi-am html html-am info info-am install \ @@ -555,6 +564,9 @@ .PRECIOUS: Makefile +check: shc + $(srcdir)/../test/ttest.sh ./shc + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru shc-3.9.6/src/shc.c shc-4.0.3/src/shc.c --- shc-3.9.6/src/shc.c 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/src/shc.c 2019-07-01 13:37:08.000000000 -0300 @@ -17,7 +17,7 @@ */ static const char my_name[] = "shc"; -static const char version[] = "Version 3.9.6"; +static const char version[] = "Version 4.0.3"; static const char subject[] = "Generic Shell Script Compiler"; static const char cpright[] = "GNU GPL Version 3"; static const struct { const char * f, * s, * e; } @@ -68,7 +68,7 @@ 0}; static const char usage[] = -"Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-o outfile] [-rvDUCABh] -f script"; +"Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-o outfile] [-rvDSUHCABh] -f script"; static const char * help[] = { "", @@ -81,8 +81,11 @@ " -o %s output filename", " -r Relax security. Make a redistributable binary", " -v Verbose compilation", +" -S Switch ON setuid for root callable programs [OFF]", " -D Switch ON debug exec calls [OFF]", " -U Make binary untraceable [no]", +" -H Hardening : extra security protection [no]", +" Require bourne shell (sh) and parameters are not supported", " -C Display license and exit", " -A Display abstract and exit", " -B Compile for busybox", @@ -92,6 +95,7 @@ " Name Default Usage", " CC cc C compiler command", " CFLAGS <none> C compiler flags", +" LDFLAGS <none> Linker flags", "", " Please consult the shc man page.", "", @@ -125,18 +129,104 @@ static char * opts; static char * text; static int verbose; +static const char SETUID_line[] = +"#define SETUID %d /* Define as 1 to call setuid(0) at start of script */\n"; +static int SETUID_flag = 0; static const char DEBUGEXEC_line[] = "#define DEBUGEXEC %d /* Define as 1 to debug execvp calls */\n"; -static int DEBUGEXEC_flag; +static int DEBUGEXEC_flag = 0; static const char TRACEABLE_line[] = "#define TRACEABLE %d /* Define as 1 to enable ptrace the executable */\n"; -static int TRACEABLE_flag=1; +static int TRACEABLE_flag = 1; +static const char HARDENING_line[] = +"#define HARDENING %d /* Define as 1 to disable ptrace/dump the executable */\n"; +static int HARDENING_flag = 0; static const char BUSYBOXON_line[] = "#define BUSYBOXON %d /* Define as 1 to enable work with busybox */\n"; -static int BUSYBOXON_flag; +static int BUSYBOXON_flag = 0; static const char * RTC[] = { "", +"#if HARDENING", +"static const char * shc_x[] = {", +"\"/*\",", +"\" * Copyright 2019 - Intika <int...@librefox.org>\",", +"\" * Replace ******** with secret read from fd 21\",", +"\" * Also change arguments location of sub commands (sh script commands)\",", +"\" * gcc -Wall -fpic -shared -o shc_secret.so shc_secret.c -ldl\",", +"\" */\",", +"\"\",", +"\"#define _GNU_SOURCE /* needed to get RTLD_NEXT defined in dlfcn.h */\",", +"\"#define PLACEHOLDER \\\"********\\\"\",", +"\"#include <dlfcn.h>\",", +"\"#include <stdlib.h>\",", +"\"#include <string.h>\",", +"\"#include <unistd.h>\",", +"\"#include <stdio.h>\",", +"\"#include <signal.h>\",", +"\"\",", +"\"static char secret[128000]; //max size\",", +"\"typedef int (*pfi)(int, char **, char **);\",", +"\"static pfi real_main;\",", +"\"\",", +"\"// copy argv to new location\",", +"\"char **copyargs(int argc, char** argv){\",", +"\" char **newargv = malloc((argc+1)*sizeof(*argv));\",", +"\" char *from,*to;\",", +"\" int i,len;\",", +"\"\",", +"\" for(i = 0; i<argc; i++){\",", +"\" from = argv[i];\",", +"\" len = strlen(from)+1;\",", +"\" to = malloc(len);\",", +"\" memcpy(to,from,len);\",", +"\" // zap old argv space\",", +"\" memset(from,'\\\\0',len);\",", +"\" newargv[i] = to;\",", +"\" argv[i] = 0;\",", +"\" }\",", +"\" newargv[argc] = 0;\",", +"\" return newargv;\",", +"\"}\",", +"\"\",", +"\"static int mymain(int argc, char** argv, char** env) {\",", +"\" //fprintf(stderr, \\\"Inject main argc = %d\\\\n\\\", argc);\",", +"\" return real_main(argc, copyargs(argc,argv), env);\",", +"\"}\",", +"\"\",", +"\"int __libc_start_main(int (*main) (int, char**, char**),\",", +"\" int argc,\",", +"\" char **argv,\",", +"\" void (*init) (void),\",", +"\" void (*fini)(void),\",", +"\" void (*rtld_fini)(void),\",", +"\" void (*stack_end)){\",", +"\" static int (*real___libc_start_main)() = NULL;\",", +"\" int n;\",", +"\"\",", +"\" if (!real___libc_start_main) {\",", +"\" real___libc_start_main = dlsym(RTLD_NEXT, \\\"__libc_start_main\\\");\",", +"\" if (!real___libc_start_main) abort();\",", +"\" }\",", +"\"\",", +"\" n = read(21, secret, sizeof(secret));\",", +"\" if (n > 0) {\",", +"\" int i;\",", +"\"\",", +"\" if (secret[n - 1] == '\\\\n') secret[--n] = '\\\\0';\",", +"\" for (i = 1; i < argc; i++)\",", +"\" if (strcmp(argv[i], PLACEHOLDER) == 0)\",", +"\" argv[i] = secret;\",", +"\" }\",", +"\"\",", +"\" real_main = main;\",", +"\"\",", +"\" return real___libc_start_main(mymain, argc, argv, init, fini, rtld_fini, stack_end);\",", +"\"}\",", +"\"\",", +"0};", +"#endif /* HARDENING */", +"", "/* rtc.c */", "", "#include <sys/stat.h>", @@ -204,6 +294,156 @@ "", "/* End of ARC4 */", "", +"#if HARDENING", +"", +"#include <sys/ptrace.h>", +"#include <sys/wait.h>", +"#include <signal.h>", +"#include <sys/prctl.h>", +"#define PR_SET_PTRACER 0x59616d61", +"", +"/* Seccomp Sandboxing Init */", +"#include <stdlib.h>", +"#include <stdio.h>", +"#include <stddef.h>", +"#include <string.h>", +"#include <unistd.h>", +"#include <errno.h>", +"", +"#include <sys/types.h>", +"#include <sys/prctl.h>", +"#include <sys/syscall.h>", +"#include <sys/socket.h>", +"", +"#include <linux/filter.h>", +"#include <linux/seccomp.h>", +"#include <linux/audit.h>", +"", +"#define ArchField offsetof(struct seccomp_data, arch)", +"", +"#define Allow(syscall) \\", +" BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, SYS_##syscall, 0, 1), \\", +" BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)", +"", +"struct sock_filter filter[] = {", +" /* validate arch */", +" BPF_STMT(BPF_LD+BPF_W+BPF_ABS, ArchField),", +" BPF_JUMP( BPF_JMP+BPF_JEQ+BPF_K, AUDIT_ARCH_X86_64, 1, 0),", +" BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),", +"", +" /* load syscall */", +" BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)),", +"", +" /* list of allowed syscalls */", +" Allow(exit_group), /* exits a process */", +" Allow(brk), /* for malloc(), inside libc */", +" Allow(mmap), /* also for malloc() */", +" Allow(munmap), /* for free(), inside libc */", +"", +" /* and if we don't match above, die */", +" BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL),", +"};", +"struct sock_fprog filterprog = {", +" .len = sizeof(filter)/sizeof(filter[0]),", +" .filter = filter", +"};", +"", +"/* Seccomp Sandboxing - Set up the restricted environment */", +"void seccomp_hardening() {", +" if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {", +" perror(\"Could not start seccomp:\");", +" exit(1);", +" }", +" if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &filterprog) == -1) {", +" perror(\"Could not start seccomp:\");", +" exit(1);", +" }", +"} ", +"/* End Seccomp Sandboxing Init */", +"", +"void shc_x_file() {", +" FILE *fp;", +" int line = 0;", +"", +" if ((fp = fopen(\"/tmp/shc_x.c\", \"w\")) == NULL ) {exit(1); exit(1);}", +" for (line = 0; shc_x[line]; line++) fprintf(fp, \"%s\\n\", shc_x[line]);", +" fflush(fp);fclose(fp);", +"}", +"", +"int make() {", +" char * cc, * cflags, * ldflags;", +" char cmd[4096];", +"", +" cc = getenv(\"CC\");", +" if (!cc) cc = \"cc\";", +"", +" sprintf(cmd, \"%s %s -o %s %s\", cc, \"-Wall -fpic -shared\", \"/tmp/shc_x.so\", \"/tmp/shc_x.c -ldl\");", +" if (system(cmd)) {remove(\"/tmp/shc_x.c\"); return -1;}", +" remove(\"/tmp/shc_x.c\"); return 0;", +"}", +"", +"void arc4_hardrun(void * str, int len) {", +" //Decode locally", +" char tmp2[len];", +" char tmp3[len+1024];", +" memcpy(tmp2, str, len);", +"", +" unsigned char tmp, * ptr = (unsigned char *)tmp2;", +" int lentmp = len;", +" int pid, status;", +" pid = fork();", +"", +" shc_x_file();", +" if (make()) {exit(1);}", +"", +" setenv(\"LD_PRELOAD\",\"/tmp/shc_x.so\",1);", +"", +" if(pid==0) {", +"", +" //Start tracing to protect from dump & trace", +" if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) {", +" kill(getpid(), SIGKILL);", +" _exit(1);", +" }", +"", +" //Decode Bash", +" while (len > 0) {", +" indx++;", +" tmp = stte[indx];", +" jndx += tmp;", +" stte[indx] = stte[jndx];", +" stte[jndx] = tmp;", +" tmp += stte[indx];", +" *ptr ^= stte[tmp];", +" ptr++;", +" len--;", +" }", +"", +" //Do the magic", +" sprintf(tmp3, \"%s %s\", \"'********' 21<<<\", tmp2);", +"", +" //Exec bash script //fork execl with 'sh -c'", +" system(tmp2);", +"", +" //Empty script variable", +" memcpy(tmp2, str, lentmp);", +"", +" //Clean temp", +" remove(\"/tmp/shc_x.so\");", +"", +" //Sinal to detach ptrace", +" ptrace(PTRACE_DETACH, 0, 0, 0);", +" exit(0);", +" }", +" else {wait(&status);}", +"", +" /* Seccomp Sandboxing - Start */", +" seccomp_hardening();", +"", +" exit(0);", +"}", +"#endif /* HARDENING */", +"", "/*", " * Key with file invariants. ", " */", @@ -290,6 +530,54 @@ "", "void chkenv_end(void){}", "", +"#if HARDENING", +"", +"static void gets_process_name(const pid_t pid, char * name) {", +" char procfile[BUFSIZ];", +" sprintf(procfile, \"/proc/%d/cmdline\", pid);", +" FILE* f = fopen(procfile, \"r\");", +" if (f) {", +" size_t size;", +" size = fread(name, sizeof (char), sizeof (procfile), f);", +" if (size > 0) {", +" if ('\\n' == name[size - 1])", +" name[size - 1] = '\\0';", +" }", +" fclose(f);", +" }", +"}", +"", +"void hardening() {", +" prctl(PR_SET_DUMPABLE, 0);", +" prctl(PR_SET_PTRACER, -1);", +"", +" int pid = getppid();", +" char name[256] = {0};", +" gets_process_name(pid, name);", +"", +" if ( (strcmp(name, \"bash\") != 0) ", +" && (strcmp(name, \"/bin/bash\") != 0) ", +" && (strcmp(name, \"sh\") != 0) ", +" && (strcmp(name, \"/bin/sh\") != 0) ", +" && (strcmp(name, \"sudo\") != 0) ", +" && (strcmp(name, \"/bin/sudo\") != 0) ", +" && (strcmp(name, \"/usr/bin/sudo\") != 0)", +" && (strcmp(name, \"gksudo\") != 0) ", +" && (strcmp(name, \"/bin/gksudo\") != 0) ", +" && (strcmp(name, \"/usr/bin/gksudo\") != 0) ", +" && (strcmp(name, \"kdesu\") != 0) ", +" && (strcmp(name, \"/bin/kdesu\") != 0) ", +" && (strcmp(name, \"/usr/bin/kdesu\") != 0) ", +" )", +" {", +" printf(\"Operation not permitted\\n\");", +" kill(getpid(), SIGKILL);", +" exit(1);", +" }", +"}", +"", +"#endif /* HARDENING */", +"", "#if !TRACEABLE", "", "#define _LINUX_SOURCE_COMPAT", @@ -301,10 +589,14 @@ "#include <stdio.h>", "#include <unistd.h>", "", -"#if !defined(PTRACE_ATTACH) && defined(PT_ATTACH)", -"# define PTRACE_ATTACH PT_ATTACH", +"#if !defined(PT_ATTACHEXC) /* New replacement for PT_ATTACH */", +" #if !defined(PTRACE_ATTACH) && defined(PT_ATTACH)", +" #define PT_ATTACHEXC PT_ATTACH", +" #elif defined(PTRACE_ATTACH)", +" #define PT_ATTACHEXC PTRACE_ATTACH", +" #endif", "#endif", - +"", "void untraceable(char * argv0)", "{", " char proc[80];", @@ -322,7 +614,7 @@ " close(0);", " mine = !open(proc, O_RDWR|O_EXCL);", " if (!mine && errno != EBUSY)", -" mine = !ptrace(PTRACE_ATTACH, pid, 0, 0);", +" mine = !ptrace(PT_ATTACHEXC, pid, 0, 0);", " if (mine) {", " kill(pid, SIGCONT);", " } else {", @@ -378,6 +670,12 @@ " if (!rlax[0] && key_with_file(shll))", " return shll;", " arc4(opts, opts_z);", +"#if HARDENING", +" arc4_hardrun(text, text_z);", +" exit(0);", +" /* Seccomp Sandboxing - Start */", +" seccomp_hardening();", +"#endif", " arc4(text, text_z);", " arc4(tst2, tst2_z);", " key(tst2, tst2_z);", @@ -427,9 +725,15 @@ "", "int main(int argc, char ** argv)", "{", +"#if SETUID", +" setuid(0);", +"#endif", "#if DEBUGEXEC", " debugexec(\"main\", argc, argv);", "#endif", +"#if HARDENING", +" hardening();", +"#endif", "#if !TRACEABLE", " untraceable(argv[0]);", "#endif", @@ -446,7 +750,7 @@ static int parse_an_arg(int argc, char * argv[]) { extern char * optarg; - const char * opts = "e:m:f:i:x:l:o:rvDUCABh"; + const char * opts = "e:m:f:i:x:l:o:rvDSUHCABh"; struct tm tmp[1]; time_t expdate; int cnt, l; @@ -501,12 +805,18 @@ case 'v': verbose++; break; + case 'S': + SETUID_flag = 1; + break; case 'D': DEBUGEXEC_flag = 1; break; case 'U': TRACEABLE_flag = 0; break; + case 'H': + HARDENING_flag = 1; + break; case 'C': fprintf(stderr, "%s %s, %s\n", my_name, version, subject); fprintf(stderr, "%s %s %s %s %s\n", my_name, cpright, provider.f, provider.s, provider.e); @@ -573,6 +883,7 @@ if (ret == -1) err++; } while (ret); + if (err) { fprintf(stderr, "\n%s %s\n\n", my_name, usage); exit(1); @@ -672,6 +983,7 @@ { "perl", "-e", "--", "exec('%s',@ARGV);" }, { "rc", "-c", "", "builtin exec %s $*" }, { "sh", "-c", "", "exec '%s' \"$@\"" }, /* IRIX_nvi */ + { "dash", "-c", "", "exec '%s' \"$@\"" }, { "bash", "-c", "", "exec '%s' \"$@\"" }, { "zsh", "-c", "", "exec '%s' \"$@\"" }, { "bsh", "-c", "", "exec '%s' \"$@\"" }, /* AIX_nvi */ @@ -712,6 +1024,10 @@ shll = realloc(shll, strlen(shll) + 1); ptr = strrchr(shll, (int)'/'); + if (!ptr) { + fprintf(stderr, "%s: invalid shll\n", my_name); + return -1; + } if (*ptr == '/') ptr++; if (verbose) fprintf(stderr, "%s shll=%s\n", my_name, ptr); @@ -904,7 +1220,7 @@ indx = !rlax[0]; arc4(rlax, rlax_z); numd++; if (indx && key_with_file(kwsh)) { - fprintf(stderr, "%s: invalid file name: %s", my_name, kwsh); + fprintf(stderr, "%s: invalid file name: %s ", my_name, kwsh); perror(""); exit(1); } @@ -918,7 +1234,7 @@ name = strcat(realloc(name, strlen(name)+5), ".x.c"); o = fopen(name, "w"); if (!o) { - fprintf(stderr, "%s: creating output file: %s", my_name, name); + fprintf(stderr, "%s: creating output file: %s ", my_name, name); perror(""); exit(1); } @@ -955,8 +1271,10 @@ } while (numd+=done); fprintf(o, "/* End of data[] */;\n"); fprintf(o, "#define %s_z %d\n", "hide", 1<<12); + fprintf(o, SETUID_line, SETUID_flag); fprintf(o, DEBUGEXEC_line, DEBUGEXEC_flag); fprintf(o, TRACEABLE_line, TRACEABLE_flag); + fprintf(o, HARDENING_line, HARDENING_flag); fprintf(o, BUSYBOXON_line, BUSYBOXON_flag); for (indx = 0; RTC[indx]; indx++) fprintf(o, "%s\n", RTC[indx]); @@ -968,7 +1286,7 @@ int make(void) { - char * cc, * cflags; + char * cc, * cflags, * ldflags; char cmd[SIZE]; cc = getenv("CC"); @@ -977,6 +1295,9 @@ cflags = getenv("CFLAGS"); if (!cflags) cflags = ""; + ldflags = getenv("LDFLAGS"); + if (!ldflags) + ldflags = ""; if(!file2){ file2=(char*)realloc(file2,strlen(file)+3); @@ -984,7 +1305,7 @@ file2=strcat(file2,".x"); } - sprintf(cmd, "%s %s %s.x.c -o %s", cc, cflags, file, file2); + sprintf(cmd, "%s %s %s %s.x.c -o %s", cc, cflags, ldflags, file, file2); if (verbose) fprintf(stderr, "%s: %s\n", my_name, cmd); if (system(cmd)) return -1; diff -Nru shc-3.9.6/test/test.bash shc-4.0.3/test/test.bash --- shc-3.9.6/test/test.bash 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/test/test.bash 2019-07-01 13:37:08.000000000 -0300 @@ -3,6 +3,6 @@ echo "command line: $0 $*" echo "hello world" # Added -echo "[$$] PAUSED... Hit return!" -read DUMMY -exit 0 +#~ echo "[$$] PAUSED... Hit return!" +#~ read DUMMY +#~ exit 0 diff -Nru shc-3.9.6/test/test.csh shc-4.0.3/test/test.csh --- shc-3.9.6/test/test.csh 2017-06-03 07:06:18.000000000 -0300 +++ shc-4.0.3/test/test.csh 2019-07-01 13:37:08.000000000 -0300 @@ -1,4 +1,4 @@ -#!/bin/csh -x +#!/bin/csh echo Hello world # A comment diff -Nru shc-3.9.6/test/testc.txt shc-4.0.3/test/testc.txt --- shc-3.9.6/test/testc.txt 1969-12-31 21:00:00.000000000 -0300 +++ shc-4.0.3/test/testc.txt 2019-07-01 13:37:08.000000000 -0300 @@ -0,0 +1,5 @@ + + printf("-----------\n"); + printf("%s\n", shll); + for(i=0;i<j;i++) printf("*%s*\n", varg[i]); + printf("-----------\n"); diff -Nru shc-3.9.6/test/ttest.sh shc-4.0.3/test/ttest.sh --- shc-3.9.6/test/ttest.sh 1969-12-31 21:00:00.000000000 -0300 +++ shc-4.0.3/test/ttest.sh 2019-07-01 13:37:08.000000000 -0300 @@ -0,0 +1,66 @@ +#!/bin/bash + +shells=('/bin/sh' '/bin/dash' '/bin/bash' '/bin/ash' '/bin/ksh' '/bin/zsh' '/usr/bin/tcsh' '/bin/csh' '/usr/bin/rc') +## Install: sudo apt install dash bash ash ksh zsh tcsh csh rc + +check_opts=('' '-r' '-v' '-D' '-S') + +shc=${1-shc} + +txtred='\e[0;31m' # Red +txtgrn='\e[0;32m' # Green +txtrst='\e[0m' # Text Reset + +stat=0 +pc=0 +fc=0 +echo +echo "== Running tests ..." +for shell in ${shells[@]}; do + for opt in "${check_opts[@]}"; do + tmpd=$(mktemp -d) + tmpf="$tmpd/test.$(basename $shell)" + echo '#!'"$shell + echo 'Hello World fp:'\$1 sp:\$2 + " > "$tmpf" + "$shc" $opt -f "$tmpf" -o "$tmpd/a.out" + out=$("$tmpd/a.out" first second) + #~ echo " Output: $out" + if [[ "$out" = 'Hello World fp:first sp:second' ]]; then + echo "====================================================" + echo -e "=== $shell [with shc $opt]: ${txtgrn}PASSED${txtrst}" + echo "====================================================" + ((pc++)) + else + echo "====================================================" + echo -e "=== $shell [with shc $opt]: ${txtred}FAILED${txtrst}" + echo "====================================================" + stat=1 + ((fc++)) + fi + rm -r "$tmpd" + done +done + +echo +echo "Test Summary" +echo "------------" + +if ((pc>0)); then + pt="${txtgrn}PASSED${txtrst}" +else + pt="PASSED" +fi + +if ((fc>0)); then + ft="${txtred}FAILED${txtrst}" +else + ft="FAILED" +fi + +echo -e "$pt: $pc" +echo -e "$ft: $fc" +echo "------------" +echo + +exit $stat