perl-archive-tar: updating to fix CVE-2007-4829

git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2160 370017ae-e619-0410-ac65-c121f96126d4
author: rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> 2009-04-25 19:00:58 +0000
committer: rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> 2009-04-25 19:00:58 +0000
commit: ffd6f2cecf4dbd0e144d2a7fac575c63860b811f (patch)
tree: 41afb5cb5e10ae6ee304aa23b3493051efa4b0fe /dev/perl/perl-archive-tar
parent: ff922506643cf62eb0fe5073560916782b29a9b9 (diff)
download: slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.gz
slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.bz2
2 files changed, 98 insertions, 4 deletions
diff --git a/dev/perl/perl-archive-tar/Manifest b/dev/perl/perl-archive-tar/Manifest
new file mode 100644
index 00000000..7abb0671
--- /dev/null
+++ b/dev/perl/perl-archive-tar/Manifest
@@ -0,0 +1,24 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+DIST Archive-Tar-1.48.tar.gz 50094 MD5 3531682ec7625345968c6a88f2df05a5 RMD160 fb15199751b3873e930b32d6132897f7eb35983c SHA1 c41b1f187e1c27560857a9b85a1e57009b9841a9 SHA256 7fed7d8fbaf5f22120d79a984a96357335827dd05978c67fd91351e9b2617005 SHA512 923db0eb9277426219af56c43576e5f1678e5d9364c9c6714cf700a11a28c4855127dc12f46cb03e7c65cf54c29a034f048121a0f0c86301fa6ccbba06a45d7f
+MKBUILD perl-archive-tar.mkbuild 2442 MD5 a6ed00183479e611b34ed8f2fff927ea RMD160 8bfc1618bfb3f3ba663399b9bdd688fdd1233711 SHA1 fc53bb5e8ea92c42ca90d1724202c60d9c310fd5 SHA256 50a3b0b47128b7bfad3e9dc8a5f56aea3e814667cdf2298adecd95351b70fc32 SHA512 d296dd103f2d356b6856ef655cefa66ccac265c75f624192bfdce704817314d927ab99498547e7376c028da0781a9b866902ccbe8c91e892f1a9c2b3c4ecdc65
+SLACK-REQUIRED slack-required 88 MD5 0b0950a59e07f8163886f84e84949673 RMD160 e75bbcf23ed92c49eb2332396db08718085aee02 SHA1 cd110133a52015595e46be396d3882ab4aef4295 SHA256 274123c43f9746c41056d1c893f07f5fb37a34fb9237999a3670f78d949446db SHA512 3c15d56a6f570042d44151137b5e633967abdb01bc95f6ae208bcdd0998e425369482694ac5a5ed5519dc97506da9873fd90946550d1337fd399125e068517bd
+SLACKBUILD perl-archive-tar.SlackBuild 7198 MD5 2f3ccf25d1048c42e04f020fb7ee3b84 RMD160 0ef478b003b4efe4cdaad925a65031876c5af049 SHA1 5eb16bc630568cde739497ebcf832ab82a58291e SHA256 571135657f3c7553bfbcea4d484024e3212dcd97c307f3c3d12d2ebe61099aae SHA512 9187afebb0b6bc125440fb3517e1204a8c6fbb0ef25a7259552f2476463723b7f4ac5c49556d3674422e73ee6b9aa7a595d7144e80f3196b1b5d29b81276472c
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAEBAgAGBQJJ81vyAAoJEEHL93ESzgeiyCwQAJv49cRmNHUWCmwHEGjTE1wv
+meYpMQvtZQUTX/Eb9bIM+NAhVGbhdZHTLWw90C23KAdXSQAWpsKFk8eZEqFa3ya4
+787vfDwyhBailDNyRf2p8tCgtNEDgvguUc7ajcT8VWMJW+W13QCPLaKbnS/0KVkv
+CEufHcCEdKUgKmof641ojSGAXrOckkjMSMq//tSVdyc9iJDvHUIh+j0jwMqGmqYr
+4n5Or48hiXAr0Xfn2i6obDbwPG+9lqeaUkWrBKQMoXzKhGnEVgzWRpDiibzlXa0e
+TCZ5m/N2vtbagxmxjJLxcxc2UFO1HI6AzDazjs1Xh3fiE/1hAmxOPvifwft26c3K
+r0r0Nv0C7wBsl2fK4b1JcshAF5iDRmsJFg6dgHD2Bxc10gbHNdV5Fpawe+5cMVws
+qS4aKa/OHB5+8LhZZOFUx7+T/cmVUvn9kSMw4zy9ODWFYZR1hv2ygTc0EHtekaAm
+jpihQySFMv0MRICTDmqpSqtCwh/QH/kzsTrn4CqLsXHXXswCP9eGM7VrHo+jdXSm
+HveP+7fUbqSXHya5IAwr6+OzDotb6I0E9peg/QNEGrhTOqgezVwxQzSQtIpMDzeW
+rS/wYdegV0SFsUZCS6r5tIAQ83bN25OJ0+gafQ2JYqd+Elr6WawZ2L/MGsCW8K5Y
+hxAIbWSlxITqWSYh3UL6
+=ELlG
+-----END PGP SIGNATURE-----
diff --git a/dev/perl/perl-archive-tar/perl-archive-tar.SlackBuild b/dev/perl/perl-archive-tar/perl-archive-tar.SlackBuild
index 4a916c1f..b4a4d5ba 100755
--- a/dev/perl/perl-archive-tar/perl-archive-tar.SlackBuild
+++ b/dev/perl/perl-archive-tar/perl-archive-tar.SlackBuild
@@ -15,8 +15,9 @@
 #  Place - Suite 330, Boston, MA 02111-1307, USA
 #
 # slackbuild for perl-archive-tar, by Silvio Rhatto
-# requires: perl-io-zlib 
-# tested: perl-archive-tar-1.38
+# requires:  
+# tested: perl-archive-tar-1.48
+# model: perl.mkSlackBuild $Rev: 796 $
 #
 
 # Look for slackbuildrc
@@ -31,13 +32,14 @@ CWD="$(pwd)"
 SRC_NAME="Archive-Tar"
 PKG_NAME="perl-archive-tar"
 ARCH=${ARCH:=i486}
-SRC_VERSION=${VERSION:=1.38}
+SRC_VERSION=${VERSION:=1.48}
 PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')"
 BUILD=${BUILD:=1rha}
 SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME
 TMP=${TMP:=/tmp}
 PKG=${PKG:=$TMP/package-$PKG_NAME}
 REPOS=${REPOS:=$TMP}
+SLACKBUILD_PATH=${SLACKBUILD_PATH:="dev/perl/perl-archive-tar"}
 PREFIX=${PREFIX:=/usr}
 PKG_WORK="$TMP/$SRC_NAME"
 CONF_OPTIONS=${CONF_OPTIONS:=""}
@@ -64,6 +66,7 @@ ERROR_WGET=31;      ERROR_MAKE=32;      ERROR_INSTALL=33
 ERROR_MD5=34;       ERROR_CONF=35;      ERROR_HELP=36
 ERROR_TAR=37;       ERROR_MKPKG=38;     ERROR_GPG=39
 ERROR_PATCH=40;     ERROR_VCS=41;       ERROR_MKDIR=42
+ERROR_MANIFEST=43;
 
 # Clean up any leftovers of previous builds
 rm -rf "$PKG_SRC" 2> /dev/null
@@ -83,6 +86,72 @@ if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then
   wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET
 fi
 
+# Check Manifest file
+if [ -e "$CWD/Manifest" ]; then
+
+  # Manifest signature checking
+  if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then
+    echo "Checking Manifest signature..."
+    gpg --verify $CWD/Manifest
+    if [ "$?" != "0" ]; then
+      exit $ERROR_MANIFEST
+    fi
+  fi
+
+  MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`"
+
+  for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do
+
+    MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`"
+    MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`"
+    MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`"
+
+    if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then
+      MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE"
+    else
+      MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`"
+    fi
+
+    if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then
+      continue
+    fi
+
+    echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..."
+
+    SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`"
+    SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`"
+
+    # Check source code size
+    if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then
+      echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC"
+      exit $ERROR_MANIFEST
+    else
+      echo "Size match."
+    fi
+
+    # Check source code integrity
+    for ALGO in md5 sha1 sha256 sha512 rmd160; do
+      if [ $ALGO = "rmd160" ]; then
+        ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`"
+      else
+        ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`"
+      fi
+      ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`"
+      ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }')
+      if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then
+        echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC"
+        exit $ERROR_MANIFEST
+      else
+        echo "$ALGO match."
+      fi
+    done
+
+  done
+
+else
+  exit $ERROR_MANIFEST
+fi
+
 # Untar
 cd "$PKG_WORK"
 tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR
@@ -154,7 +223,8 @@ fi
 
 # Build the package
 cd "$PKG"
-makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
+mkdir -p $REPOS/$SLACKBUILD_PATH
+makepkg -l y -c n "$REPOS/$SLACKBUILD_PATH/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
 
 # Delete source and build directories if requested
 if [ "$CLEANUP" == "yes" ] || [ "$1" = "--cleanup" ]; then
author	rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4>	2009-04-25 19:00:58 +0000
committer	rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4>	2009-04-25 19:00:58 +0000
commit	ffd6f2cecf4dbd0e144d2a7fac575c63860b811f (patch)
tree	41afb5cb5e10ae6ee304aa23b3493051efa4b0fe /dev/perl/perl-archive-tar
parent	ff922506643cf62eb0fe5073560916782b29a9b9 (diff)
download	slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.gz slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.bz2