--- plamo/00_base/old/shadow-20160323/PlamoBuild.shadow-git_20130908 2016-03-23 16:42:56.000000000 +0900 +++ plamo/00_base/shadow/PlamoBuild.shadow-git_20130908 2017-02-27 13:11:05.000000000 +0900 @@ -2,15 +2,18 @@ ###################################################################### url="https://github.com/shadow-maint/shadow.git - ftp://plamo.linet.gr.jp/pub/Plamo-src.new/plamo/00_base/shadow/shadow-adduser-20160122" + ftp://plamo.linet.gr.jp/pub/Plamo-src/plamo/00_base/shadow/CVE-2017-2616.patch.gz + ftp://plamo.linet.gr.jp/pub/Plamo-src/plamo/00_base/shadow/shadow-adduser-20160122" pkgbase=shadow vers=git_20130908 arch=`uname -m` -build=P5 +build=P6 src=$pkgbase -OPT_CONFIG="--sysconfdir=/etc --enable-man --without-selinux - --with-libcrack" +patchfiles="CVE-2017-2616.patch.gz" +OPT_CONFIG="--enable-man --without-selinux --with-libcrack" DOCS="COPYING ChangeLog NEWS README TODO" +template=20170204 +tmplurl=ftp://plamo.linet.gr.jp/pub/Plamo-src/admin ###################################################################### fscheck() { @@ -190,14 +193,38 @@ case ${i##*.} in git) if [ ! -d `basename ${i##*/} .git` ] ; then git clone $i ; else ( cd `basename ${i##*/} .git` ; git pull origin master ) ; fi ;; - *) if [ ! -f ${i##*/} ] ; then wget $i ; fi ;; + *) + if [ ! -f ${i##*/} ] ; then + wget $i ; j=${i%.*} + for sig in asc sig{,n} {sha{256,1},md5}{,sum} ; do + if wget --spider $i.$sig ; then wget $i.$sig ; break ; fi + if wget --spider $j.$sig ; then + case ${i##*.} in + gz) gunzip -c ${i##*/} > ${j##*/} ;; + bz2) bunzip2 -c ${i##*/} > ${j##*/} ;; + xz) unxz -c ${i##*/} > ${j##*/} ;; + esac + touch -r ${i##*/} ${j##*/} ; i=$j ; wget $i.$sig ; break + fi + done + if [ -f ${i##*/}.$sig ] ; then + case $sig in + asc|sig|sign) gpg2 --verify ${i##*/}.$sig ;; + sha256|sha1|md5) ${sig}sum -c ${i##*/}.$sig ;; + *) $sig -c ${i##*/}.$sig ;; + esac + if [ $? -ne 0 ] ; then echo "archive verify failed" ; exit ; fi + fi + fi + ;; esac done for i in $url ; do case ${i##*.} in tar) tar xvpf ${i##*/} ;; - gz) tar xvpzf ${i##*/} ;; - bz2) tar xvpjf ${i##*/} ;; + gz|tgz) tar xvpzf ${i##*/} ;; + bz2|tbz) tar xvpjf ${i##*/} ;; + xz|txz) tar xvpJf ${i##*/} ;; git) ( cd `basename ${i##*/} .git` git checkout origin/master ; git reset --hard 578947e git set-file-times ) ;; @@ -208,6 +235,17 @@ for i in `seq 0 $((${#B[@]} - 1))` ; do if [ -d ${B[$i]} ] ; then rm -rf ${B[$i]} ; fi ; cp -a ${S[$i]} ${B[$i]} done + for i in `seq 0 $((${#B[@]} - 1))` ; do + cd ${B[$i]} + for j in ${patchfiles[$i]} ; do + case ${j##*.} in + gz) gunzip -c $W/$j | patch -Np1 -i - ;; + bz2) bunzip2 -c $W/$j | patch -Np1 -i - ;; + xz) unxz -c $W/$j | patch -Np1 -i - ;; + *) patch -Np1 -i $W/$j ;; + esac + done + done cd $B cp -p etc/pam.d/chfn etc/pam.d/chfn.orig cat <<- "EOF" | patch etc/pam.d/chfn @@ -338,8 +376,8 @@ rm -rf config.cache config.log fi if [ -x configure ] ; then - ./configure --prefix=/usr --libdir='${exec_prefix}'/$libdir \ - --infodir='${prefix}'/share/info \ + ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ + --libdir='${exec_prefix}'/$libdir --infodir='${prefix}'/share/info \ --mandir='${prefix}'/share/man ${OPT_CONFIG[$i]} fi done @@ -396,9 +434,23 @@ if [ $i -eq 0 ] ; then install $myname $docdir/$src touch -t `date '+%m%d0900'` $docdir/$src/$myname - gzip_one $docdir/$src/$myname + tmpl=${myname%%.*}-template-$template + if [ -f ../admin/$tmpl ] ; then + cp -p ../admin/$tmpl $docdir/$src + else + ( cd $docdir/$src + curl -Rs -o $tmpl $tmplurl/${tmpl/${myname%%.*}/PlamoBuild} ) + fi + spec=${myname%%.*}-spec + ( cd $docdir/$src ; diff -u $tmpl $myname > $spec ) + touch -t `date '+%m%d0900'` $docdir/$src/$spec + gzip $docdir/$src/{$myname,$spec} + rm $docdir/$src/$tmpl + mv $docdir/$src/{$myname,$spec}.gz $C + mv $C/{$myname,$spec}.gz $docdir/$src else ln $docdir/$src/$myname.gz $docdir/${src[$i]} + ln $docdir/$src/$spec.gz $docdir/${src[$i]} fi ( cd $docdir ; find ${src[$i]} -type d -exec touch -r $W/{} {} \; ) done