clamav: updating to fix CVE-2008-5050 and CVE-2008-5314

git-svn-id: svn+slack://slack.fluxo.info/var/svn/slackbuilds@2158 370017ae-e619-0410-ac65-c121f96126d4

diff --git a/app/antivirus/clamav/Manifest b/app/antivirus/clamav/Manifest
new file mode 100644 (file)
index 0000000..b73da13
--- /dev/null
+++ b/app/antivirus/clamav/Manifest
@@ -0,0 +1,23 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+DIST clamav-0.95.1.tar.gz 24260964 MD5 c802d4b372e455849cfcb0d776fc72d8 RMD160 80769c09ca15c864a578206feabe9cc4a3d985b4 SHA1 a469b0128cf5e9d18392a0385417fc5e4575bfc7 SHA256 6161a0ffa988166cfe3c2afb3056b791f3f70285fc87f547612427bd57f63b7d SHA512 a74a7bd400453713bea17368e473b97c6f7f0462d1fe41dc1b36735f51925f52fd0e7b9e0f5535b10b658e18421ea412950dac626a4086c9e97aa8e6abe58e2a
+MKBUILD clamav.mkbuild 3507 MD5 3e9223e86c6b9039d373d2d58bcf986e RMD160 9da8d0677913b805bb60743501cc7adb0ba02b5b SHA1 a17f62361805332f8d4bfde6140fe3c8a60d859e SHA256 3b1b89380b2e9370ff4b079f93a867ca0de2f9679203b3a981f59848ed3b1eea SHA512 61e09d0e0fbeee0f648dced94d7901cb4e08fd49bbc4a4d072b00d347e0e2e00692d2a4c2a7717912580d96467e61ccb5a9f98f52a5ef4a9a7c726e589983d97
+SLACKBUILD clamav.SlackBuild 10138 MD5 d26b879a9f4a4ebe7b6aa7882d19f13d RMD160 2b49180d0aa1a86e3cc0d2b4631c5e5f4ec81958 SHA1 549e030ba8a8fa9e0022e2471aff1cc780cdb228 SHA256 87c0b1fd915913bf6145d3c7379064adce115f6c0ca2e8819d213bbfe64e70c4 SHA512 3d33aed216d7b59959ac8367b9916dfb8067a9ce53c49e4643e806ef4117118e1ac5bd540adff608e003daed1dbd692ef32427b6072be0752746a951fac59c2f
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+iQIcBAEBAgAGBQJJ81fMAAoJEEHL93ESzgeiznsP/j6sblZEeCbFjQSoaYD12Fkq
+43w+VVx/+VFntfZhunnYx0FaQ2vaase9Va3pxFOVw3SM2PCu7GG3fNGU5RepU24N
+wxQvc6f/K+JUXeNGeaDagg6dV8tYFo9Mt7CjJPwB+rgzN+krQHnHQFdByaa3VEh0
+XlUqWx653Y/wS3EWJrTbLxUGA6Tz9pHgIOi9CpitKXPWVAyfuJObD82JXNC7B0Pn
+8HzwS+VD7lpAELCtHZNFyzehl2YgDJ1el/7DipIg7fz5vrcDRYvRHoYReRc/ZSe5
+9pkWgEShqWRLm2nixFhpjJ7FAx2pMp8RMOfhn8Pg05rZM6hFvCexWzLrJdrpMgWf
+6JKiRQUAK3CUpqV2O0BYhgokKEdqYOlj3Oh8nv8+Q/tu3g0V7Z0oLE+OilSywI/L
+lZJfNV8Q1NBvxxD9cooHvavB3LCirgrr5Udo/EasdE3wsNHxcOQreLWR3kIRbMgc
+TI2wNIHBEac5zZrKwlHvH55ck+YjWKPQ/LiN90ggKRWFDqda1xSmgBoKNq6R5P51
+3cDkl2DMHWtFLjoTHRKgnctMyArUUBwLkfPy73PzYJiloxS5rxpvpEMhftQfKEwI
+q7nIkrmOjPEuusSwYK/RYs9UIazIvhGXg/TAoDKfz3ypEhJy9Ib/Kz4uugCYjD+x
+G0dUk6EyNgCmDElG8fY/
+=xWrg
+-----END PGP SIGNATURE-----

diff --git a/app/antivirus/clamav/clamav.SlackBuild b/app/antivirus/clamav/clamav.SlackBuild
index 9f948cbd719e483e044c63bf68d7157f631c0e55..6133c9ab0537c4db225dd9084895add0c2f41251 100755 (executable)
--- a/app/antivirus/clamav/clamav.SlackBuild
+++ b/app/antivirus/clamav/clamav.SlackBuild
@@ -16,7 +16,8 @@
 #
 # slackbuild for clamav, by Sivio Rhatto
 # requires:  
-# tested: clamav-0.94
+# tested: clamav-0.95.1
+# model: generic.mkSlackBuild $Rev: 805 $
 #
 
 # Look for slackbuildrc
@@ -31,13 +32,14 @@ CWD="$(pwd)"
 SRC_NAME="clamav"
 PKG_NAME="clamav"
 ARCH=${ARCH:=i486}
-SRC_VERSION=${VERSION:=0.94}
+SRC_VERSION=${VERSION:=0.95.1}
 PKG_VERSION="$(echo "$SRC_VERSION" | tr '[[:blank:]-]' '_')"
 BUILD=${BUILD:=1rha}
 SRC_DIR=${SRC_DIR:=$CWD}/$PKG_NAME
 TMP=${TMP:=/tmp}
 PKG=${PKG:=$TMP/package-$PKG_NAME}
 REPOS=${REPOS:=$TMP}
+SLACKBUILD_PATH=${SLACKBUILD_PATH:="app/antivirus/clamav"}
 PREFIX=${PREFIX:=/usr}
 PKG_WORK="$TMP/$SRC_NAME"
 CONF_OPTIONS=${CONF_OPTIONS:="--sysconfdir=/etc"}
@@ -47,9 +49,9 @@ NUMJOBS=${NUMJOBS:=""}
 LIBDIR="$PREFIX/lib"
 
 if [ "$ARCH" = "i386" ]; then
-  SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
+  SLKCFLAGS="-O2 -march=i386 -mtune=i686"
 elif [ "$ARCH" = "i486" ]; then
-  SLKCFLAGS="-O2 -march=i486 -mcpu=i686"
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
 elif [ "$ARCH" = "i686" ]; then
   SLKCFLAGS="-O2 -march=i686"
 elif [ "$ARCH" = "s390" ]; then
@@ -65,6 +67,7 @@ ERROR_WGET=31;      ERROR_MAKE=32;      ERROR_INSTALL=33
 ERROR_MD5=34;       ERROR_CONF=35;      ERROR_HELP=36
 ERROR_TAR=37;       ERROR_MKPKG=38;     ERROR_GPG=39
 ERROR_PATCH=40;     ERROR_VCS=41;       ERROR_MKDIR=42
+ERROR_MANIFEST=43;
 
 # Clean up any leftovers of previous builds
 rm -rf "$PKG_WORK" 2> /dev/null
@@ -86,7 +89,7 @@ fi
 
 # Dowload source if necessary
 SRC="$SRC_NAME-$VERSION.tar.gz"
-URL="http://ufpr.dl.sourceforge.net/sourceforge/clamav/$SRC"
+URL="http://downloads.sourceforge.net/clamav/$SRC"
 
 if [ ! -s "$SRC_DIR/$SRC" ] || ! gunzip -t "$SRC_DIR/$SRC" 2> /dev/null; then
   wget "$URL" -O "$SRC_DIR/$SRC" || exit $ERROR_WGET
@@ -136,6 +139,72 @@ echo Checking $SRC_DIR/$SRC with gpg using $SRC_DIR/$SIGNATURE...
 gpg --verify "$SRC_DIR/$SIGNATURE" "$SRC_DIR/$SRC" || exit $ERROR_GPG
 echo Success.
 
+# Check Manifest file
+if [ -e "$CWD/Manifest" ]; then
+
+  # Manifest signature checking
+  if grep -q -- "-----BEGIN PGP SIGNED MESSAGE-----" $CWD/Manifest; then
+    echo "Checking Manifest signature..."
+    gpg --verify $CWD/Manifest
+    if [ "$?" != "0" ]; then
+      exit $ERROR_MANIFEST
+    fi
+  fi
+
+  MANIFEST_LINES="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | wc -l`"
+
+  for ((MANIFEST_COUNT=1; MANIFEST_COUNT <= $MANIFEST_LINES; MANIFEST_COUNT++)); do
+
+    MANIFEST_LINE="`grep -E -v "^(MKBUILD|SLACKBUILD)" $CWD/Manifest | head -n $MANIFEST_COUNT | tail -n 1`"
+    MANIFEST_FILE="`echo $MANIFEST_LINE | awk '{ print $2 }'`"
+    MANIFEST_FILE_TYPE="`echo $MANIFEST_LINE | awk '{ print $1 }'`"
+
+    if [ -e "$SRC_DIR/$MANIFEST_FILE" ]; then
+      MANIFEST_FILE="$SRC_DIR/$MANIFEST_FILE"
+    else
+      MANIFEST_FILE="`find $CWD -name $MANIFEST_FILE`"
+    fi
+
+    if [ ! -e "$MANIFEST_FILE" ] || [ -d "$MANIFEST_FILE" ]; then
+      continue
+    fi
+
+    echo "Checking Manifest for $MANIFEST_FILE_TYPE $MANIFEST_FILE integrity..."
+
+    SIZE_SRC="`wc -c $MANIFEST_FILE | awk '{ print $1 }'`"
+    SIZE_MANIFEST="`echo $MANIFEST_LINE | awk '{ print $3 }'`"
+
+    # Check source code size
+    if [ "$SIZE_SRC" != "$SIZE_MANIFEST" ]; then
+      echo "SIZE Manifest: $SIZE_MANIFEST; SIZE $SRC: $SIZE_SRC"
+      exit $ERROR_MANIFEST
+    else
+      echo "Size match."
+    fi
+
+    # Check source code integrity
+    for ALGO in md5 rmd160 sha1 sha256 sha512; do
+      if [ $ALGO = "rmd160" ]; then
+        ALGO_SRC="`openssl rmd160 $MANIFEST_FILE | awk '{ print $2 }'`"
+      else
+        ALGO_SRC="`"$ALGO"sum $MANIFEST_FILE | awk '{ print $1 }'`"
+      fi
+      ALGO="`echo $ALGO | tr '[:lower:]' '[:upper:]'`"
+      ALGO_MANIFEST=$(echo $MANIFEST_LINE | sed "s/.* $ALGO //" | awk '{ print $1 }')
+      if [ "$ALGO_SRC" != "$ALGO_MANIFEST" ]; then
+        echo "$ALGO Manifest: $ALGO_MANIFEST; $ALGO $SRC: $ALGO_SRC"
+        exit $ERROR_MANIFEST
+      else
+        echo "$ALGO match."
+      fi
+    done
+
+  done
+
+else
+  exit $ERROR_MANIFEST
+fi
+
 # Untar
 cd "$PKG_WORK"
 tar --no-same-owner --no-same-permissions -xvf "$SRC_DIR/$SRC" || exit $ERROR_TAR
@@ -201,6 +270,7 @@ for config_file in etc/clamd.conf etc/freshclam.conf; do
 done
 
 # Add a post-installation script (doinst.sh)
+mkdir -p "$PKG/install" || exit $ERROR_MKDIR
 cat << EOSCRIPT > "$PKG/install/doinst.sh"
 config() {
   NEW="\$1"
@@ -244,9 +314,10 @@ EOSCRIPT
 
 # Build the package
 cd "$PKG"
-makepkg -l y -c n "$REPOS/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
+mkdir -p $REPOS/$SLACKBUILD_PATH
+makepkg -l y -c n "$REPOS/$SLACKBUILD_PATH/$PKG_NAME-$PKG_VERSION-$ARCH-$BUILD.tgz" || exit $ERROR_MKPKG
 
 # Delete source and build directories if requested
-if [ "$CLEANUP" == "yes" ]; then
+if [ "$CLEANUP" == "yes" ] || [ "$1" = "--cleanup" ]; then
   rm -rf "$PKG_WORK" "$PKG"
 fi