[Forensics-changes] [unhide] 02/02: Imported Debian patch 20130526-1
Joao Eriberto Mota Filho
eriberto at moszumanska.debian.org
Thu Nov 5 19:14:50 UTC 2015
This is an automated email from the git hooks/post-receive script.
eriberto pushed a commit to branch debian
in repository unhide.
commit 70b900283fcc296c96df687ac90bf9e843626205
Merge: 382fbcc 85a5592
Author: Giovani Augusto Ferreira <giovani at riseup.net>
Date: Sat Oct 24 15:49:10 2015 -0200
Imported Debian patch 20130526-1
LEEME.txt | 20 +++++++
LISEZ-MOI.TXT | 21 +++++++
NEWS | 23 ++++++++
README.txt | 21 +++++++
changelog | 40 +++++++++++++
debian/changelog | 34 ++++++++++-
debian/compat | 2 +-
debian/control | 20 ++++---
debian/copyright | 15 ++---
debian/patches/{001_fix-manpages.diff => fix-man} | 71 ++++++++++++-----------
debian/patches/series | 2 +-
debian/rules | 16 +++--
debian/source/local-options | 2 -
debian/unhide.docs | 3 +
debian/unhide.install | 2 +-
debian/unhide.links | 3 +-
debian/unhide.lintian-overrides | 6 --
debian/watch | 2 +-
make_tarball.sh | 28 ++++++++-
man/es/unhide-tcp.8 | 8 ++-
man/fr/unhide-tcp.8 | 5 +-
man/unhide-tcp.8 | 5 +-
sanity-tcp.sh | 57 +++++++++++-------
sanity.sh | 2 +-
tar_list.txt | 62 ++++++++++----------
unhide-linux.c | 4 +-
unhide-output.c | 6 +-
unhide-output.h | 1 +
unhide-posix.c | 52 ++++++++++++-----
unhide-tcp.c | 60 +++++++++++++------
unhide_rb.c | 4 +-
31 files changed, 431 insertions(+), 166 deletions(-)
diff --cc debian/changelog
index a6af93c,0000000..35b1a07
mode 100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,153 -1,0 +1,183 @@@
++unhide (20130526-1) unstable; urgency=medium
++
++ * Team upload.
++ * New upstream release
++ * DH level to 9.
++ * debian/control:
++ - Added ${shlibs:Depends} in Depends.
++ - Bumped Standards-Version to 3.9.6.
++ - Fix VCS fields.
++ - Improved long description.
++ - Updated Priority and Architecture fields.
++ * debian/copyright:
++ - Reviewed and updated some information.
++ * debian/patches/fix-man:
++ - Rewritten and updated patch fixing minor formatting
++ error in the manpages.
++ * debian/rules:
++ - Made some changes to implement GCC hardening.
++ - Improved compilation parameters in GCC command and
++ removed useless link static parameter. (Closes: #769345)
++ * debian/unhide.docs:
++ - New docs included: LEEME.txt, LISEZ-MOI.TXT and NEWS.
++ * debian/unhide.links:
++ - Added a link to unhide_rb manpage.
++ - Fixed link to /usr/sbin/unhide.
++ * debian/unhide.lintian-overrides: useless overrides, removed.
++ * debian/watch: improved the syntax.
++
++ -- Giovani Augusto Ferreira <giovani at riseup.net> Sat, 24 Oct 2015 15:49:10 -0200
++
+unhide (20121229-1) unstable; urgency=low
+
+ * New upstream release
+ * Add unhide_rb and unhide-posix to the package
+
+ -- Julien Valroff <julien at debian.org> Fri, 15 Feb 2013 19:14:05 +0100
+
+unhide (20110113-4) unstable; urgency=low
+
+ * Update DEP-5 URI to the final location
+ * Use unhide-2.6 features unconditionally since Debian doesn't support
+ pre-2.6 Linux kernels. As a consequence, drop us of alternatives, and
+ ships unhide-2.6 as unhide (Closes: #662588)
+ * Update to latest policy 3.9.3
+
+ -- Julien Valroff <julien at debian.org> Fri, 09 Mar 2012 22:02:08 +0100
+
+unhide (20110113-3) unstable; urgency=low
+
+ * Make the package arch: linux-any as sysinfo system call is not
+ available on kfreebsd
+ * Drop some lintian overrides now that FTP Masters use lintian 2.5.0
+ * Update DEP-5 uri
+ * Update package description to state all 6 techniques used to detect hidden
+ processes
+
+ -- Julien Valroff <julien at debian.org> Tue, 25 Oct 2011 20:34:44 +0200
+
+unhide (20110113-2) unstable; urgency=low
+
+ * Previous version was rejected as FTP Masters still use lintian
+ 2.4.x - hence re-add older overrides in this version
+
+ -- Julien Valroff <julien at debian.org> Wed, 01 Jun 2011 20:29:07 +0200
+
+unhide (20110113-1) unstable; urgency=low
+
+ [ Christophe Monniez ]
+ * Merging upstream version 20100819 (Closes: #607374)
+ * Removing isfaked-leaks patch as it seems useless now.
+ * Fixing watch file (thanks to Guillaume Delacour).
+ * Removing quilt option in rules.
+ * Fixing watch file.
+
+ [ Julien Valroff ]
+ * Add myself as uploader
+ * Imported Upstream version 20110113
+ * Update project homepage
+ * Fix VCS fields
+ * Update to new policy 3.9.2 (no changes needed)
+ * Use 3.0 (quilt) source package format
+ * Add rkhunter-propupd trigger call
+ * Update lintian overrides for newer lintian versions
+ * Remove unused ${shlibs:Depends} substitution variable
+ * Use upstream manpages
+ * Add README.txt and TODO files to the package
+ * Bump debhelper compat to 8
+ * Add patch to fix minor formatting warnings in manpages
+ * Update copyright information
+
+ -- Julien Valroff <julien at debian.org> Wed, 01 Jun 2011 19:12:15 +0200
+
+unhide (20100201-1) unstable; urgency=low
+
+ [ Christophe Monniez ]
+ * Merging upstream version 20100201.
+ * Refactoring isfaked-leaks patch.
+ * Adding support for pthread at compilation time.
+ * Updating the debhelper build-depends (should fix a lintian warning).
+ * Bumping standards-version to 3.8.4.
- * Adjusting quilt build depency to make lintian happy.
++ * Adjusting quilt build dependency to make lintian happy.
+
+ -- Michael Prokop <mika at debian.org> Tue, 30 Mar 2010 12:45:05 +0200
+
+unhide (20080519-6) unstable; urgency=low
+
+ * Setting uploaders to Christophe.
+
+ -- Daniel Baumann <daniel at debian.org> Wed, 29 Jul 2009 21:13:37 +0200
+
+unhide (20080519-5) unstable; urgency=low
+
+ * Using correct rfc-2822 date formats in changelog.
+ * New maintainer (Closes: #531364).
+ * Updating vcs fields in control.
+ * Updating package to standards version 3.8.2.
+ * Reformating package long-description in control.
+ * Rewriting copyright file in machine-interpretable format.
+ * Prefixing debhelper files with package name.
+ * Using quilt rather than dpatch.
+ * Using dedicated debhelper manpages file.
+ * Using dedicated debhelper links file.
+ * Using dedicated debhelper install file.
+ * Removing useless debhelper dirs file.
+ * Minimalizing rules file.
+ * Reformating maintainer scripts.
+ * Rewrapping README.Debian.
+ * Removing useless whitespaces in manpages.
- * Addinglintian source overrides.
++ * Adding lintian source overrides.
+
+ -- Daniel Baumann <daniel at debian.org> Tue, 28 Jul 2009 15:32:56 +0200
+
+unhide (20080519-4) unstable; urgency=low
+
+ * Fix fd leak in isfaked() causing crashes in sched_rr_get_interval()
+ (closes: #519730). Thanks to Fabien Tassin for the patch!
+ * Add support for dpatch
+ * Bump Standards-Version to 3.8.1
+ * Bump debhelper compatibility to 7
+ * debian/rules: use dh_prep and dh_lintian
+
+ -- Francois Marier <francois at debian.org> Wed, 18 Mar 2009 09:07:47 +1300
+
+unhide (20080519-3) unstable; urgency=low
+
+ * Fix watch file
+ * Switch packaging to git
+ * debian/copyright: Mention the word "copyright" (lintian notice)
+
+ -- Francois Marier <francois at debian.org> Wed, 18 Feb 2009 12:37:22 +1300
+
+unhide (20080519-2) unstable; urgency=low
+
+ * Fix watch file
+
+ -- Francois Marier <francois at debian.org> Fri, 20 Jun 2008 12:04:48 +1200
+
+unhide (20080519-1) unstable; urgency=low
+
+ * New upstream release (closes: #481578)
+ * Bump Standards-Version to 3.8.0
+ * Bump debhelper compatibility to 6
+
+ -- Francois Marier <francois at debian.org> Fri, 13 Jun 2008 15:25:27 +1200
+
+unhide (20071102-2) unstable; urgency=low
+
+ * Statically link binaries to make them independent from glibc (and add
+ the appropriate lintian override)
+ * Add the POSIX version of unhide for non-linux 2.6 kernels and have the
+ unhide binary be provided by an alternative. (closes: #459046)
+ Thanks to Klaus Ethgen for his awesome patch!
+ * Update the unhide manpage to mention the fact that brute-forcing is only
+ available on Linux 2.6
+ * Mention non-Linux 2.6 kernels in README.Debian
+
+ -- Francois Marier <francois at debian.org> Fri, 04 Jan 2008 13:38:01 -0500
+
+unhide (20071102-1) unstable; urgency=low
+
+ * Initial release (Closes: #451206)
+
+ -- Francois Marier <francois at debian.org> Thu, 06 Dec 2007 18:21:35 +1300
diff --cc debian/compat
index 45a4fb7,0000000..ec63514
mode 100644,000000..100644
--- a/debian/compat
+++ b/debian/compat
@@@ -1,1 -1,0 +1,1 @@@
- 8
++9
diff --cc debian/control
index 5b266c7,0000000..c40e10f
mode 100644,000000..100644
--- a/debian/control
+++ b/debian/control
@@@ -1,35 -1,0 +1,39 @@@
+Source: unhide
+Section: admin
- Priority: extra
++Priority: optional
+Maintainer: Debian Forensics <forensics-devel at lists.alioth.debian.org>
- Uploaders: Christophe Monniez <christophe.monniez at fccu.be>, Julien Valroff <julien at debian.org>
- Build-Depends: debhelper (>= 8.0.0)
- Standards-Version: 3.9.3
++Uploaders: Christophe Monniez <christophe.monniez at fccu.be>,
++ Julien Valroff <julien at debian.org>
++Build-Depends: debhelper (>=9)
++Standards-Version: 3.9.6
+Homepage: http://www.unhide-forensics.info
- Vcs-Browser: http://git.debian.org/?p=forensics/unhide.git;a=summary
- Vcs-Git: git://git.debian.org/forensics/unhide.git
++Vcs-Browser: https://anonscm.debian.org/cgit/forensics/unhide.git
++Vcs-Git: git://anonscm.debian.org/forensics/unhide.git
+
+Package: unhide
- Architecture: linux-any
- Depends: ${misc:Depends}
++Architecture: any
++Depends: ${misc:Depends}, ${shlibs:Depends}
+Suggests: rkhunter
+Description: Forensic tool to find hidden processes and ports
+ Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
+ rootkits, Linux kernel modules or by other techniques. It includes two
+ utilities: unhide and unhide-tcp.
+ .
+ unhide detects hidden processes using the following six techniques:
+ * Compare /proc vs /bin/ps output
+ * Compare info gathered from /bin/ps with info gathered by walking thru the
+ procfs.
+ * Compare info gathered from /bin/ps with info gathered from syscalls
+ (syscall scanning).
+ * Full PIDs space occupation (PIDs bruteforcing)
+ * Reverse search, verify that all thread seen by ps are also seen by the
+ kernel (/bin/ps output vs /proc, procfs walking and syscall)
+ * Quick compare /proc, procfs walking and syscall vs /bin/ps output
+ .
+ unhide-tcp identifies TCP/UDP ports that are listening but are not listed in
+ /bin/netstat through brute forcing of all TCP/UDP ports available.
+ .
+ This package can be used by rkhunter in its daily scans.
++ .
++ This package is useful for network security checks, in addition to forensics
++ investigations.
diff --cc debian/copyright
index 9afbcd1,0000000..603480d
mode 100644,000000..100644
--- a/debian/copyright
+++ b/debian/copyright
@@@ -1,37 -1,0 +1,38 @@@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: Unhide
+Upstream-Contact: Yago Jesus <yjesus at security-projects.com>
+Source: http://www.unhide-forensics.info/
+
+Files: *
- Copyright: 2005-2008, Yago Jesus <yjesus at security-projects.com>
++Copyright: 2005-2008 Yago Jesus <yjesus at security-projects.com>
+License: GPL-3+
+
+Files: sanity.sh
- Copyright: 2010, Patrick Gouin
++ sanity-tcp.sh
++Copyright: 2010 Patrick Gouin
+License: GPL-3+
+
+Files: debian/*
- Copyright: 2007-2009, Francois Marier <francois at debian.org>
- 2009, Daniel Baumann <daniel at debian.org>
- 2010, Christophe Monniez <christophe.monniez at fccu.be>
- 2011, Julien Valroff <julien at debian.org>
++Copyright: 2007-2009 Francois Marier <francois at debian.org>
++ 2009 Daniel Baumann <daniel at debian.org>
++ 2010-2011 Christophe Monniez <christophe.monniez at fccu.be>
++ 2011-2013 Julien Valroff <julien at debian.org>
++ 2015 Giovani Augusto Ferreira <giovani at riseup.net>
+License: GPL-3+
+
+License: GPL-3+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ can be found in /usr/share/common-licenses/GPL-3 file.
-
diff --cc debian/patches/fix-man
index 6d2bc5d,0000000..6063518
mode 100644,000000..100644
--- a/debian/patches/fix-man
+++ b/debian/patches/fix-man
@@@ -1,86 -1,0 +1,87 @@@
- Description: fix minor formatting error in the manpages
++Description: fix minor formatting error in the manpages.
+Author: Julien Valroff <julien at debian.org>
- Last-Updated: 2011-06-01
-
- --- a/man/unhide.8
- +++ b/man/unhide.8
- @@ -29,7 +29,7 @@
- Do more checks. As of 2012\-03\-17 version, this option has only
- effect for the procfs, procall, checkopendir and checkchdir tests.
- .br
- -Implies -v
- +Implies \-v
- .TP
- \fB\-r\fR
- Use alternate version of sysinfo check in standard tests
- @@ -216,7 +216,7 @@
- unhide sys proc
- .TP
- Deeper test:
- -unhide -m -d sys procall brute reverse
- +unhide \-m \-d sys procall brute reverse
- .SH "BUGS"
- .PP
- Report \fBunhide\fR bugs on the bug tracker on sourceforge (http://sourceforge.net/projects/unhide/)
- --- a/man/fr/unhide.8
- +++ b/man/fr/unhide.8
- @@ -214,7 +214,7 @@
++ Giovani Augusto Ferreira <giovani at riseup.net>
++Last-Updated: 2015-10-24
++Index: unhide-20130526/man/fr/unhide.8
++===================================================================
++--- unhide-20130526.orig/man/fr/unhide.8
+++++ unhide-20130526/man/fr/unhide.8
++@@ -214,7 +214,7 @@ Test standard :
+ unhide sys proc
+ .TP
+ Test le plus complet :
+-unhide -m -d sys procall brute reverse
++unhide \-m \-d sys procall brute reverse
+ .SH "BUGS"
+ .PP
+ Rapportez les bugs de \fBunhide\fR sur le bug tracker de sourceforge (http://sourceforge.net/projects/unhide/)
- --- a/man/unhide-tcp.8
- +++ b/man/unhide-tcp.8
- @@ -11,39 +11,39 @@
- alternatively by /bin/netstat) through brute forcing of all
- TCP/UDP ports available.
- .br
- -Note : If iproute2 is not available on the system, option -n or -s SHOULD be
- +Note : If iproute2 is not available on the system, option \-n or \-s SHOULD be
- given on the command line.
++Index: unhide-20130526/man/unhide-tcp.8
++===================================================================
++--- unhide-20130526.orig/man/unhide-tcp.8
+++++ unhide-20130526/man/unhide-tcp.8
++@@ -18,35 +18,35 @@ given on the command line.
+ .PP
+ .SH "OPTIONS"
+ .TP
+-\fB\-h --help\fR
++\fB\-h -\-help\fR
+ Display help
+ .TP
+ \fB\--brief\fR
+ Don't display warning messages, that's the default behavior.
+ .TP
+-\fB\-f --fuser\fR
++\fB\-f -\-fuser\fR
+ Display fuser output (if available) for the hidden port
++ On FreeBSD, instead of fuser command, displays the output of the sockstat command for the hidden port.
+ .TP
+-\fB\-l --lsof\fR
++\fB\-l -\-lsof\fR
+ Display lsof output (if available) for the hidden port
+ .TP
+-\fB\-n --netstat\fR
++\fB\-n -\-netstat\fR
+ Use /bin/netstat instead of /sbin/ss. On system with many opened ports, this can
+ slow down the test dramatically.
+ .TP
+-\fB\-s --server\fR
++\fB\-s -\-server\fR
+ Use a very quick strategy of scanning. On system with a lot of opened ports,
+ it is hundreds times faster than ss method and ten thousands times faster than
+ netstat method.
+ .TP
+-\fB\-o --log\fR
++\fB\-o -\-log\fR
+ Write a log file (unhide-tcp-AAAA-MM-DD.log) in the current directory.
+ .TP
+-\fB\-V --version\fR
++\fB\-V -\-version\fR
+ Show version and exit
+ .TP
+-\fB\-v --verbose\fR
++\fB\-v -\-verbose\fR
+ Be verbose, display warning message (default : don't display).
+ This option may be repeated more than once.
+ .PP
++Index: unhide-20130526/man/unhide.8
++===================================================================
++--- unhide-20130526.orig/man/unhide.8
+++++ unhide-20130526/man/unhide.8
++@@ -29,7 +29,7 @@ Display help
++ Do more checks. As of 2012\-03\-17 version, this option has only
++ effect for the procfs, procall, checkopendir and checkchdir tests.
++ .br
++-Implies -v
+++Implies \-v
++ .TP
++ \fB\-r\fR
++ Use alternate version of sysinfo check in standard tests
++@@ -216,7 +216,7 @@ Standard test:
++ unhide sys proc
++ .TP
++ Deeper test:
++-unhide -m -d sys procall brute reverse
+++unhide \-m \-d sys procall brute reverse
++ .SH "BUGS"
++ .PP
++ Report \fBunhide\fR bugs on the bug tracker on sourceforge (http://sourceforge.net/projects/unhide/)
diff --cc debian/patches/series
index 12e0bc1,0000000..91826f6
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,1 -1,0 +1,1 @@@
- 001_fix-manpages.diff
++fix-man
diff --cc debian/rules
index 0fd6db8,0000000..4594636
mode 100755,000000..100755
--- a/debian/rules
+++ b/debian/rules
@@@ -1,19 -1,0 +1,27 @@@
+#!/usr/bin/make -f
+
++export DEB_BUILD_MAINT_OPTIONS=hardening=+all
++
++CFLAGS += $(shell dpkg-buildflags --get CFLAGS)
++CPPFLAGS += $(shell dpkg-buildflags --get CPPFLAGS)
++LDFLAGS += $(shell dpkg-buildflags --get LDFLAGS)
++export CFLAGS CPPFLAGS LDFLAGS
++
++
+%:
+ dh $@
+
+override_dh_auto_clean:
+ dh_auto_clean
+ -rm -f unhide-linux unhide-posix unhide-tcp unhide_rb
+ -rm -f man/unhide.fr.8 man/unhide.es.8
+
+override_dh_auto_configure:
+ ln man/fr/unhide.8 man/unhide.fr.8
+ ln man/es/unhide.8 man/unhide.es.8
+
+override_dh_auto_build:
- gcc -Wall -O2 --static -pthread unhide-linux*.c unhide-output.c -o unhide-linux
- gcc -Wall -O2 --static unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp
- gcc -Wall -O2 --static unhide_rb.c -o unhide_rb
- gcc --static unhide-posix.c -o unhide-posix
++ gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -Wall -O2 -pthread -o unhide-linux unhide-linux*.c unhide-output.c
++ gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -Wall -O2 -o unhide-tcp unhide-tcp.c unhide-tcp-fast.c unhide-output.c
++ gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -Wall -O2 -o unhide_rb unhide_rb.c
++ gcc $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o unhide-posix unhide-posix.c
diff --cc debian/unhide.docs
index 0389f2c,0000000..e99263c
mode 100644,000000..100644
--- a/debian/unhide.docs
+++ b/debian/unhide.docs
@@@ -1,2 -1,0 +1,5 @@@
++LEEME.txt
++LISEZ-MOI.TXT
++NEWS
+README.txt
+TODO
diff --cc debian/unhide.install
index 6086129,0000000..3264403
mode 100644,000000..100644
--- a/debian/unhide.install
+++ b/debian/unhide.install
@@@ -1,4 -1,0 +1,4 @@@
+unhide-linux /usr/sbin
++unhide-posix /usr/sbin
+unhide-tcp /usr/sbin
+unhide_rb /usr/sbin
- unhide-posix /usr/sbin
diff --cc debian/unhide.links
index 9e4fc6d,0000000..ca64b5b
mode 100644,000000..100644
--- a/debian/unhide.links
+++ b/debian/unhide.links
@@@ -1,3 -1,0 +1,4 @@@
- /usr/sbin/unhide-linux /usr/bin/unhide
++/usr/sbin/unhide-linux /usr/sbin/unhide
+/usr/share/man/man8/unhide.8 /usr/share/man/man8/unhide-linux.8
+/usr/share/man/man8/unhide.8 /usr/share/man/man8/unhide-posix.8
++/usr/share/man/man8/unhide.8 /usr/share/man/man8/unhide_rb.8
diff --cc debian/watch
index 9adf999,0000000..c21859f
mode 100644,000000..100644
--- a/debian/watch
+++ b/debian/watch
@@@ -1,2 -1,0 +1,2 @@@
+version=3
- http://sf.net/unhide/unhide-(.+)\.tgz
++http://sf.net/unhide/unhide[_-]?(\d\S+)\.tgz
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/unhide.git
More information about the forensics-changes
mailing list