perl-archive-tar: updating to fix CVE-2007-4829

git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2160 370017ae-e619-0410-ac65-c121f96126d4
author: rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> 2009-04-25 19:00:58 +0000
committer: rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4> 2009-04-25 19:00:58 +0000
commit: ffd6f2cecf4dbd0e144d2a7fac575c63860b811f (patch)
tree: 41afb5cb5e10ae6ee304aa23b3493051efa4b0fe /dev/perl/perl-io-zlib
parent: ff922506643cf62eb0fe5073560916782b29a9b9 (diff)
download: slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.gz
slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.bz2
2 files changed, 96 insertions, 2 deletions
diff --git a/dev/perl/perl-io-zlib/Manifest b/dev/perl/perl-io-zlib/Manifest
new file mode 100644
index 00000000..ba9233ad
--- /dev/null
+++ b/dev/perl/perl-io-zlib/Manifest
@@ -0,0 +1,24 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+DIST IO-Zlib-1.09.tar.gz 10092 MD5 7e0244de33de418745584adcaad4869e RMD160 97047909f79c3e55bb99299ab96a6be6867e787b SHA1 d7e5d740ed1de260019f2e6b8f1dc11726aaab18 SHA256 5ada9a6c81cbc51b1cc2061911569509834635ff3f396f22f6cdcbbb868222f3 SHA512 94a62cb8fef283a29870bd3c86b2192f864b8e6a260b4e7e6499d6052cdc496d318f4752dfd846335a686422dc762a29efadd496658e9821f5c2601310462490
+MKBUILD perl-io-zlib.mkbuild 2387 MD5 ff624527aa2baa4763cdbcf213bd8842 RMD160 e91d777c213f060f39797fea84ef15865208f738 SHA1 73da7bdf0462967e0eb060ff359a5365c8933aa8 SHA256 c53e129eb041acf7def91aa68b8b0aa4ec6df1f5044bf78e99532367cc9a33ae SHA512 c3bfe492fee1bfef8cba2de2e975d622504d33ea6fa4912c7523f8697b65dac45acc69c3a6f80e6c0db032aa2aa163f20fccf5a1f7032f1102d6daa7ed51e6c0
+SLACK-REQUIRED slack-required 90 MD5 60c9eaa3a591920e50c5e7e303037dae RMD160 a3f954a40dac4cd6d3fac428eed839d3048cc7cf SHA1 86f710184447c5e70ac1b944bf73fbeb4ce759c8 SHA256 49b9023c40dda07f327e1341d80227b61330cdcbf8ca6c9013ba7ab11718f253 SHA512 1d9f0d57f2c40a3131b4ae7df7247879c429e3eeba69ba2098990181e17f98670e9974f2b17866d66de67f5366804efd3a6b97d9c5fff45223b07c5773a2084b
+SLACKBUILD perl-io-zlib.SlackBuild 7118 MD5 e4b0cf377981d4c864c7a14e5c0b09b3 RMD160 e255ef8da6601b277a3812c25ae4fbb0948bb30f SHA1 d098b74b33e30c0a9cc15ad7aa267de62138cc25 SHA256 756e6e9d63acb4494bf6cb111abf01e812c17409fa34b8a918ec813806269111 SHA512 b5e2afd7c170f264e94b40164bc38d7c6f7520b86b59f90773394ec0532c565b130dddc42379489454390d8d393117cb39caa9b065565f1c3781d2f82abf4339
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAEBAgAGBQJJ817iAAoJEEHL93ESzgeiSSwP/3QfGeAZjLSjhh7oU+xsVbBW
+5leFEUTYUlo9eLN+PnxkH8tpFMRiPHaoCjfRMr6qzmw1CqTJpwixDIp6HdO9ldp8
+aJhnjxdzMuSISzwafGCwoPBq25vAmOqQ2gjuC3UBC4Vx0KVQuYLTdCx89+kPrjuH
+jm05A4KbP6WPyiNMJG8ngFzEkI2KoYDf0MvrnpLnWw0UtFBxAQFJC64mDbnt5qJZ
+W5L3o/2Tn/D/VvxLhpTpKG9dDcmSojZ87jcXyssNpl3qHC2LF+jwrJxdlDDc9t2L
+T77VWjdRN2wcoLcWaDGIwD2/tKTOtfvmsAERPcZgvsF8kqyUDFproRWnLa1vJ0aa
+fhnK1z8/ZwjQwz78GtLEfT/mIuBFJnfKoZ5zu838ASj9TL5JwGAWYLodGYvEGto2
+1rtT1xWIhFa437mUU7igudPd4I2Pk1veZdBl6P1HguS/x/uWSK5QlRo+2KDXr0XT
+YUxzju9/M0odOOpZscLVejFBUR90VIEVtGxng1NwrscUF95fUDwupEEEOVJA5QBc
+Ggddk4n1Rj6P3RGc4Jj+QsBJFalfCFZMvopBRtrw/y+2tmaZu2rN8wbQ/77e1usl
+Mh93k+luMzS0t6niGGhY2rGPNIVhfJXuv8Rcsl6AjDScq/DGwLVvruZ1mvBQFNHm
+DP7rgtMDdiKOOwYMMnlQ
+=90Ln
+-----END PGP SIGNATURE-----
diff --git a/dev/perl/perl-io-zlib/perl-io-zlib.SlackBuild b/dev/perl/perl-io-zlib/perl-io-zlib.SlackBuild
index 84356f61..757afdc4 100755
--- a/dev/perl/perl-io-zlib/perl-io-zlib.SlackBuild
+++ b/dev/perl/perl-io-zlib/perl-io-zlib.SlackBuild
@@ -15,8 +15,9 @@
 #  Place - Suite 330, Boston, MA 02111-1307, USA
 #
 # slackbuild for perl-io-zlib, by Silvio Rhatto
-# requires: perl-compress-zlib 
+# requires:  
 # tested: perl-io-zlib-1.09
+# model: perl.mkSlackBuild $Rev: 796 $
 #
 
 # Look for slackbuildrc
@@ -38,6 +39,7 @@ SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME
 TMP=${TMP:=/tmp}
 PKG=${PKG:=$TMP/package-$PKG_NAME}
 REPOS=${REPOS:=$TMP}
+SLACKBUILD_PATH=${SLACKBUILD_PATH:="dev/perl/perl-io-zlib"}
 PREFIX=${PREFIX:=/usr}
 PKG_WORK="$TMP/$SRC_NAME"
 CONF_OPTIONS=${CONF_OPTIONS:=""}
@@ -64,6 +66,7 @@ ERROR_WGET=31;      ERROR_MAKE=32;      ERROR_INSTALL=33
 ERROR_MD5=34;       ERROR_CONF=35;      ERROR_HELP=36
 ERROR_TAR=37;       ERROR_MKPKG=38;     ERROR_GPG=39
 ERROR_PATCH=40;     ERROR_VCS=41;       ERROR_MKDIR=42
+ERROR_MANIFEST=43;
 
 # Clean up any leftovers of previous builds
 rm -rf "$PKG_SRC" 2> /dev/null
@@ -83,6 +86,72 @@ if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then
   wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET
 fi
 
+# Check Manifest file
+if [ -e "$CWD/Manifest" ]; then
+
+  # Manifest signature checking
+  if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then
+    echo "Checking Manifest signature..."
+    gpg --verify $CWD/Manifest
+    if [ "$?" != "0" ]; then
+      exit $ERROR_MANIFEST
+    fi
+  fi
+
+  MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`"
+
+  for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do
+
+    MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`"
+    MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`"
+    MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`"
+
+    if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then
+      MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE"
+    else
+      MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`"
+    fi
+
+    if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then
+      continue
+    fi
+
+    echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..."
+
+    SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`"
+    SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`"
+
+    # Check source code size
+    if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then
+      echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC"
+      exit $ERROR_MANIFEST
+    else
+      echo "Size match."
+    fi
+
+    # Check source code integrity
+    for ALGO in md5 sha1 sha256 sha512 rmd160; do
+      if [ $ALGO = "rmd160" ]; then
+        ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`"
+      else
+        ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`"
+      fi
+      ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`"
+      ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }')
+      if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then
+        echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC"
+        exit $ERROR_MANIFEST
+      else
+        echo "$ALGO match."
+      fi
+    done
+
+  done
+
+else
+  exit $ERROR_MANIFEST
+fi
+
 # Untar
 cd "$PKG_WORK"
 tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR
@@ -154,7 +223,8 @@ fi
 
 # Build the package
 cd "$PKG"
-makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
+mkdir -p $REPOS/$SLACKBUILD_PATH
+makepkg -l y -c n "$REPOS/$SLACKBUILD_PATH/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
 
 # Delete source and build directories if requested
 if [ "$CLEANUP" == "yes" ] || [ "$1" = "--cleanup" ]; then
author	rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4>	2009-04-25 19:00:58 +0000
committer	rhatto <rhatto@370017ae-e619-0410-ac65-c121f96126d4>	2009-04-25 19:00:58 +0000
commit	ffd6f2cecf4dbd0e144d2a7fac575c63860b811f (patch)
tree	41afb5cb5e10ae6ee304aa23b3493051efa4b0fe /dev/perl/perl-io-zlib
parent	ff922506643cf62eb0fe5073560916782b29a9b9 (diff)
download	slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.gz slackbuilds-ffd6f2cecf4dbd0e144d2a7fac575c63860b811f.tar.bz2