diff options
author | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2009-04-25 18:40:04 +0000 |
---|---|---|
committer | rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> | 2009-04-25 18:40:04 +0000 |
commit | 214e7e7ceeafab1a5a6e5c916f5e1610feeb569f (patch) | |
tree | f4484564c1452eacb4b35fc7c65bd6cd85f0667a /app/antivirus/clamav/clamav.SlackBuild | |
parent | d31e9dd698f3287d6b972113047781339921851e (diff) | |
download | slackbuilds-214e7e7ceeafab1a5a6e5c916f5e1610feeb569f.tar.gz slackbuilds-214e7e7ceeafab1a5a6e5c916f5e1610feeb569f.tar.bz2 |
clamav: updating to fix CVE-2008-5050 and CVE-2008-5314
git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2158 370017ae-e619-0410-ac65-c121f96126d4
Diffstat (limited to 'app/antivirus/clamav/clamav.SlackBuild')
-rwxr-xr-x | app/antivirus/clamav/clamav.SlackBuild | 85 |
1 files changed, 78 insertions, 7 deletions
diff --git a/app/antivirus/clamav/clamav.SlackBuild b/app/antivirus/clamav/clamav.SlackBuild index 9f948cbd..6133c9ab 100755 --- a/app/antivirus/clamav/clamav.SlackBuild +++ b/app/antivirus/clamav/clamav.SlackBuild @@ -16,7 +16,8 @@ # # slackbuild for clamav, by Sivio Rhatto # requires: -# tested: clamav-0.94 +# tested: clamav-0.95.1 +# model: generic.mkSlackBuild $Rev: 805 $ # # Look for slackbuildrc @@ -31,13 +32,14 @@ CWD="$(pwd)" SRC_NAME="clamav" PKG_NAME="clamav" ARCH=${ARCH:=i486} -SRC_VERSION=${VERSION:=0.94} +SRC_VERSION=${VERSION:=0.95.1} PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')" BUILD=${BUILD:=1rha} SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME TMP=${TMP:=/tmp} PKG=${PKG:=$TMP/package-$PKG_NAME} REPOS=${REPOS:=$TMP} +SLACKBUILD_PATH=${SLACKBUILD_PATH:="app/antivirus/clamav"} PREFIX=${PREFIX:=/usr} PKG_WORK="$TMP/$SRC_NAME" CONF_OPTIONS=${CONF_OPTIONS:="--sysconfdir=/etc"} @@ -47,9 +49,9 @@ NUMJOBS=${NUMJOBS:=""} LIBDIR="$PREFIX/lib" if [ "$ARCH" = "i386" ]; then - SLKCFLAGS="-O2 -march=i386 -mcpu=i686" + SLKCFLAGS="-O2 -march=i386 -mtune=i686" elif [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mcpu=i686" + SLKCFLAGS="-O2 -march=i486 -mtune=i686" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686" elif [ "$ARCH" = "s390" ]; then @@ -65,6 +67,7 @@ ERROR_WGET=31; ERROR_MAKE=32; ERROR_INSTALL=33 ERROR_MD5=34; ERROR_CONF=35; ERROR_HELP=36 ERROR_TAR=37; ERROR_MKPKG=38; ERROR_GPG=39 ERROR_PATCH=40; ERROR_VCS=41; ERROR_MKDIR=42 +ERROR_MANIFEST=43; # Clean up any leftovers of previous builds rm -rf "$PKG_WORK" 2> /dev/null @@ -86,7 +89,7 @@ fi # Dowload source if necessary SRC="$SRC_NAME-$VERSION.tar.gz" -URL="http://ufpr.dl.sourceforge.net/sourceforge/clamav/$SRC" +URL="http://downloads.sourceforge.net/clamav/$SRC" if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET @@ -136,6 +139,72 @@ echo Checking $SRC_DIR/$SRC with gpg using $SRC_DIR/$SIGNATURE... gpg --verify "$SRC_DIR/$SIGNATURE" "$SRC_DIR/$SRC" || exit $ERROR_GPG echo Success. +# Check Manifest file +if [ -e "$CWD/Manifest" ]; then + + # Manifest signature checking + if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then + echo "Checking Manifest signature..." + gpg --verify $CWD/Manifest + if [ "$?" != "0" ]; then + exit $ERROR_MANIFEST + fi + fi + + MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`" + + for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do + + MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`" + MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`" + MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`" + + if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then + MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE" + else + MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`" + fi + + if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then + continue + fi + + echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..." + + SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`" + SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`" + + # Check source code size + if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then + echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC" + exit $ERROR_MANIFEST + else + echo "Size match." + fi + + # Check source code integrity + for ALGO in md5 rmd160 sha1 sha256 sha512; do + if [ $ALGO = "rmd160" ]; then + ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`" + else + ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`" + fi + ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`" + ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }') + if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then + echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC" + exit $ERROR_MANIFEST + else + echo "$ALGO match." + fi + done + + done + +else + exit $ERROR_MANIFEST +fi + # Untar cd "$PKG_WORK" tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR @@ -201,6 +270,7 @@ for config_file in etc/clamd.conf etc/freshclam.conf; do done # Add a post-installation script (doinst.sh) +mkdir -p "$PKG/install" || exit $ERROR_MKDIR cat << EOSCRIPT > "$PKG/install/doinst.sh" config() { NEW="\$1" @@ -244,9 +314,10 @@ EOSCRIPT # Build the package cd "$PKG" -makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG +mkdir -p $REPOS/$SLACKBUILD_PATH +makepkg -l y -c n "$REPOS/$SLACKBUILD_PATH/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG # Delete source and build directories if requested -if [ "$CLEANUP" == "yes" ]; then +if [ "$CLEANUP" == "yes" ] || [ "$1" = "--cleanup" ]; then rm -rf "$PKG_WORK" "$PKG" fi |