From 281122b49cac8f5de5e321c8f3c2b0ba495a1bdd Mon Sep 17 00:00:00 2001
From: Jaromil <jaromil@dyne.org>
Date: Tue, 1 Oct 2024 22:08:57 +0200
Subject: [PATCH] avoid upx compression as it may introduce malware

it seems that at least the upx shipped in choco and apt has some strange and
dubious build that may tain the binaries
---
 .github/workflows/main.yml | 15 +++++++--------
 build/win-native.mk        |  1 -
 build/win-wsl.mk           |  3 ++-
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 69800d9..653a648 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -80,9 +80,9 @@ jobs:
     runs-on: "windows-latest"
     steps:
       - uses: actions/checkout@v4
-      - name: install dependencies
-        run: |
-          choco install --no-progress -r -y upx
+      # - name: install dependencies
+      #   run: |
+      #     choco install --no-progress -r -y upx
       - name: Build native windows exe for x86_64
         run: |
           cd .\lib\tinycc
@@ -131,11 +131,10 @@ jobs:
             build/release-intro.md
       - name: Install build deps
         run: |
-          sudo apt install -qy make musl-tools musl-dev upx-ucl gcc-mingw-w64
+          sudo apt install -qy make musl-tools musl-dev gcc-mingw-w64
       - name: Build x86_64 with musl-system
         run: |
           make musl-linux
-          upx-ucl -q cjit
       - name: Upload artifact linux-amd64
         uses: actions/upload-artifact@v4
         with:
@@ -151,9 +150,9 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: install dependencies
-        run: |
-          choco install --no-progress -r -y upx
+      # - name: install dependencies
+      #   run: |
+      #     choco install --no-progress -r -y upx
       - name: Build native windows exe for x86_64
         run: |
           cd .\lib\tinycc
diff --git a/build/win-native.mk b/build/win-native.mk
index e1a0050..ba4699d 100755
--- a/build/win-native.mk
+++ b/build/win-native.mk
@@ -26,7 +26,6 @@ ldadd := lib/tinycc/libtcc.a -lshlwapi
 
 cjit.exe: ${SOURCES}
 	$(cc) $(cflags) -o $@ $(SOURCES) ${ldflags} ${ldadd}
-	upx -q $@
 
 .c.o:
 	$(cc) \
diff --git a/build/win-wsl.mk b/build/win-wsl.mk
index 0780a53..9b63195 100644
--- a/build/win-wsl.mk
+++ b/build/win-wsl.mk
@@ -19,7 +19,8 @@ all: deps cjit.exe
 
 cjit.exe: ${SOURCES}
 	$(cc) $(cflags) -o $@ $(SOURCES) ${ldflags} ${ldadd}
-	upx-ucl -q $@
+
+#	upx-ucl -q $@
 # somehow upx compression helps the binary to function: it
 # accidentally fixes some headers that are malformed out of mingw