perl-archive-tar: updating to fix CVE-2007-4829

git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2160 370017ae-e619-0410-ac65-c121f96126d4
author: rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> 2009-04-25 19:00:58 +0000
committer: rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> 2009-04-25 19:00:58 +0000
commit: ffd6f2cecf4dbd0e144d2a7fac575c63860b811f (patch)
tree: 41afb5cb5e10ae6ee304aa23b3493051efa4b0fe /dev/perl/perl-compress-zlib
parent: ff922506643cf62eb0fe5073560916782b29a9b9 (diff)
download: slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.gz
slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.bz2
2 files changed, 98 insertions, 5 deletions
diff --git a/dev/perl/perl-compress-zlib/Manifest b/dev/perl/perl-compress-zlib/Manifest
new file mode 100644
index 00000000..e9914869
--- /dev/null
+++ b/dev/perl/perl-compress-zlib/Manifest
@@ -0,0 +1,23 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+DIST IO-Compress-2.017.tar.gz 204116 MD5 4b4775cfbb069f3f7c33053ac1ef301c RMD160 2024eeaf13166c47b23b72d499255e6e0e33670e SHA1 3629036707abf10c90de35134af46b816761e66b SHA256 3bc89a0ad5fba698dc8804114aedaa3c10cfb8eecaa95dcf22abb4b0fb2a888b SHA512 ce93debd695ecb316b9f252f8e863256b4cda5f12442ecb57ecf4468e51dff0d8f12910a2b3af9fb4a65cc9481bf4fb073a3c8272898148f73ed9c5bbfa3cb57
+MKBUILD perl-compress-zlib.mkbuild 2384 MD5 f69ef11ed68dd8ef67be1b6125c2c845 RMD160 64a5bdc896d1597b40f2bc3ad732b02a0e15ab6b SHA1 06e9211ba0a4a19babb73977499fd972f894690f SHA256 a775f1b4da223da7f28b249d3e1a81992f0703f2d8f975f655d870524e034a56 SHA512 ab26754de268af86c0eebf2576ab761753465262b1d6612077990c453fee71badf2d65f81fbde02dcff10e18423908694e7bb8ed720629d5f4cf236f86e123ed
+SLACKBUILD perl-compress-zlib.SlackBuild 7080 MD5 303df4d4abd15bfe9330275bfea1e532 RMD160 44da1731bfc0ed01f0db09bb1252208f60e12d97 SHA1 ba1b7693bea1192c4207989a23e52446016a56c9 SHA256 c9fb9b15ac4dcf67cfa72afca9b52c74a23188fae08e476a1b58fb7a2e6f82a8 SHA512 4ca20fbc7fc2548dc1603b70ba3f14638cff197cc71c68b7961568d90ca809d2d88143bc7d8d546dcf619bddd232907a9c577ad0d87963411f0c0751b68fcc24
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAEBAgAGBQJJ8152AAoJEEHL93ESzgeiD/UP/21MrEvrf55t2u7gFuP4s3fk
+cY3y7TD9AsqkGULJtApob9rG5x9P5YHK5P/9O105nVfVylK/6oscwkXZiCZcW4DQ
+k5DzGMlu8busHucbQoD01q6UzYCVgKcAO/0vyEgV7N7p+uueBmxqgjPmgFL0Helo
+MZvhHIspW5F+InMp3bKWrqtB71gXlTXUd93dT8BZYoPgQN5Pri4gxc5QMvQyhBd/
+fGhMiuJQpejAN2xuO8k4bR5wakzEab+aHzCj0xwnyPKcU0nnB1qHmoao87xe9IV6
+ira5i32JIbq4Z0Rt4jgLwu/oRgoIitcROQDtS+tC/OWdnI0K3kbg+RDWgxD4MkZ8
+u0MCdeC77xErMlYabAAS/cW427xrNxq5r3ZtVBnCvuK+VCLl3HJ5Cs57OK5Pazzd
+V8AlRCmotqP5lIiaGz7pBj/CtgE62fJin4BcRGG4ejcdto3kg5uvL4beG7CcYxDk
+IIjCEecrYmlmVjQorYr7tLqqdnTk/I/lKhKP8wCf2lXcaw4mJ9u3ohEhihWV04WO
+ulcwYRU84G7BcqwxGtOeHitCeRwMiu4Y6d4KRvzfq5Rb3R/vyJ8xluM6pQfpJvhV
+wTZbBtsNPGX/FFhf32xJuduIG/BAL24TDHeWC5CvfFlxCDdwizK0LF0tqmyA270o
+cuEMW3DqckOOBdxyrW2r
+=8Bk0
+-----END PGP SIGNATURE-----
diff --git a/dev/perl/perl-compress-zlib/perl-compress-zlib.SlackBuild b/dev/perl/perl-compress-zlib/perl-compress-zlib.SlackBuild
index 3ea80e0f..e545cc51 100755
--- a/dev/perl/perl-compress-zlib/perl-compress-zlib.SlackBuild
+++ b/dev/perl/perl-compress-zlib/perl-compress-zlib.SlackBuild
@@ -16,7 +16,8 @@
 #
 # slackbuild for perl-compress-zlib, by Silvio Rhatto
 # requires:  
-# tested: perl-compress-zlib-2.009
+# tested: perl-compress-zlib-2.017
+# model: perl.mkSlackBuild $Rev: 796 $
 #
 
 # Look for slackbuildrc
@@ -28,16 +29,17 @@ fi
 
 # Set variables
 CWD="$(pwd)"
-SRC_NAME="Compress-Zlib"
+SRC_NAME="IO-Compress"
 PKG_NAME="perl-compress-zlib"
 ARCH=${ARCH:=i486}
-SRC_VERSION=${VERSION:=2.009}
+SRC_VERSION=${VERSION:=2.017}
 PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')"
 BUILD=${BUILD:=1rha}
 SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME
 TMP=${TMP:=/tmp}
 PKG=${PKG:=$TMP/package-$PKG_NAME}
 REPOS=${REPOS:=$TMP}
+SLACKBUILD_PATH=${SLACKBUILD_PATH:="dev/perl/perl-compress-zlib"}
 PREFIX=${PREFIX:=/usr}
 PKG_WORK="$TMP/$SRC_NAME"
 CONF_OPTIONS=${CONF_OPTIONS:=""}
@@ -64,6 +66,7 @@ ERROR_WGET=31;      ERROR_MAKE=32;      ERROR_INSTALL=33
 ERROR_MD5=34;       ERROR_CONF=35;      ERROR_HELP=36
 ERROR_TAR=37;       ERROR_MKPKG=38;     ERROR_GPG=39
 ERROR_PATCH=40;     ERROR_VCS=41;       ERROR_MKDIR=42
+ERROR_MANIFEST=43;
 
 # Clean up any leftovers of previous builds
 rm -rf "$PKG_SRC" 2> /dev/null
@@ -83,6 +86,72 @@ if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then
   wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET
 fi
 
+# Check Manifest file
+if [ -e "$CWD/Manifest" ]; then
+
+  # Manifest signature checking
+  if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then
+    echo "Checking Manifest signature..."
+    gpg --verify $CWD/Manifest
+    if [ "$?" != "0" ]; then
+      exit $ERROR_MANIFEST
+    fi
+  fi
+
+  MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`"
+
+  for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do
+
+    MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`"
+    MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`"
+    MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`"
+
+    if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then
+      MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE"
+    else
+      MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`"
+    fi
+
+    if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then
+      continue
+    fi
+
+    echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..."
+
+    SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`"
+    SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`"
+
+    # Check source code size
+    if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then
+      echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC"
+      exit $ERROR_MANIFEST
+    else
+      echo "Size match."
+    fi
+
+    # Check source code integrity
+    for ALGO in md5 sha1 sha256 sha512 rmd160; do
+      if [ $ALGO = "rmd160" ]; then
+        ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`"
+      else
+        ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`"
+      fi
+      ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`"
+      ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }')
+      if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then
+        echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC"
+        exit $ERROR_MANIFEST
+      else
+        echo "$ALGO match."
+      fi
+    done
+
+  done
+
+else
+  exit $ERROR_MANIFEST
+fi
+
 # Untar
 cd "$PKG_WORK"
 tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR
@@ -148,9 +217,10 @@ EODESC
 
 # Build the package
 cd "$PKG"
-makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
+mkdir -p $REPOS/$SLACKBUILD_PATH
+makepkg -l y -c n "$REPOS/$SLACKBUILD_PATH/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
 
 # Delete source and build directories if requested
-if [ "$CLEANUP" == "yes" ]; then
+if [ "$CLEANUP" == "yes" ] || [ "$1" = "--cleanup" ]; then
   rm -rf "$PKG_WORK" "$PKG"
 fi
author	rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4>	2009-04-25 19:00:58 +0000
committer	rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4>	2009-04-25 19:00:58 +0000
commit	ffd6f2cecf4dbd0e144d2a7fac575c63860b811f (patch)
tree	41afb5cb5e10ae6ee304aa23b3493051efa4b0fe /dev/perl/perl-compress-zlib
parent	ff922506643cf62eb0fe5073560916782b29a9b9 (diff)
download	slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.gz slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.bz2