gentoo resync : 25.08.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-08-25 07:36:27 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-08-25 07:36:27 +0100
commit: 43793fab84041cfc5c60c0151d1591b8a69fb24a (patch)
tree: 6208a7f4fc744684fce0f55acbb47511acace498 /media-gfx/imagemagick
parent: 28e3d252dc8ac8a5635206dfefe1cfe05058d1db (diff)
7 files changed, 224 insertions, 17 deletions
diff --git a/media-gfx/imagemagick/Manifest b/media-gfx/imagemagick/Manifest
index af871f7ee236..12ea63d01132 100644
--- a/media-gfx/imagemagick/Manifest
+++ b/media-gfx/imagemagick/Manifest
@@ -1,6 +1,9 @@
-DIST ImageMagick-6.9.10-8.tar.xz 8909952 BLAKE2B 0868759a5c6982c29d315bda69c1dec3b190fbea3757cf8e368b42976c9f35c4cd53610643e05e8872b0669768206559b2b726b494494f305b71dc2140d7d09c SHA512 63f131d4aa455e3f3a4a891359601d932aa6d43ff22fb9c6bed1a98a1a758da610db90cf951c131aaceabdbc8af0418d1a8e3752cabb39f95735ef18cd6745f2
-DIST ImageMagick-7.0.8-8.tar.xz 8639896 BLAKE2B 5971dbbee9726fab15e19e531bdbb50af710c67be84759030768958a33688b5492bb20758917c976dd9c08307031d041d5de7ae9a2326fecff6ba3a7dc226e84 SHA512 8cc18deb4c14feb71de2624637e1df708ddbcaebd543c03e177a1cfe6c2f63e09af7e787c730f11d3d0332659d2642e5076f6a83f3580f5c0afc8bdb9537733a
-EBUILD imagemagick-6.9.10.8.ebuild 5125 BLAKE2B defc438b96f73a2af272220759e0d1e0c510165cb12eb2ffa2fdb8f571ffafb59037c62e92ed3c31f045b77bc90afcc11fc7eced7af39ca17be78df778d7131b SHA512 870751296c3b2e2a399037fa7f9d5206e2bc2e1efd1c0386f7f663c5e79a95ec6bc1011df1716a8da046f6a0c2a49fd2295b5ecacc325b5423e3735c43b31662
-EBUILD imagemagick-7.0.8.8.ebuild 5131 BLAKE2B 20cffac4ad29a620deb03c1a408a0550d191fbe79e05b85c26437298c15c004e1300ef6f6f698b4933fb27b0c059be391b2937e283fb157ee9e90ee53dce8710 SHA512 e21135d9cb19c096a372fe85f05e50f66e31899e77a4a84bdc201f9e924cc2495ed807090b42250612e494a6cc6be221a2852c123493188a5f931c00c794f508
-EBUILD imagemagick-9999.ebuild 5297 BLAKE2B dd922782da40926064b6fdceb7cd0c9cb16f7187ac94ace7aee3c2581bc5d4bc86dd19d4eb9068083d93f401970f2a673af445c589b93ab0709735a67af18b79 SHA512 24762b7a8642ad54f88dabfdf5966b99e406977eafc486544720c466f1eac54e84ab7a496b81d8438e04ff0ad2bb943680c258a37a66cd28b8bd4677aadd7dee
+AUX imagemagick-7.0.8.10-quantum-private-compile-fix.patch 778 BLAKE2B c770f89f8b3b0f0505d32ce9c44b1ceac4f6ac817f85e756802c69cc394c3a6001a598bea88e081a461a1f775a7b5ebc4e5a27397186bc940a080ce780580bcf SHA512 cb18f10ebabc1af7065a3df50afcea500c908051fc91946f65b400df138c941c3576671cfa200d7f36ad62baae75198e3d5e4d2e206968da7d641d3de1c95a7f
+AUX policy-hardening.snippet 442 BLAKE2B d79fdbddab418fc9d8391e78992e3dda844e096052115113ff6f759c1a54541bcd7d7793547bc7140776659c98379a9e9f004aa46f757300a33f445d396fbf14 SHA512 e9e723c40d5b8c52bbc2f2b9a3ad7c7e2aee493bc37b6c3940e8486b92a1c6659e47b1e12ee2fb11c8a8b6ee48a7fc10354617ae12c36181a58e9e73b239368d
+AUX policy.test.xml 746 BLAKE2B 6bfa073606469b81cf517d9b069e48794cbda9272d12c3abb8ae3456aaf30cd1923510baddb7d813aa8ccde84e161de0b29314cef7b1a37730c7ad5236d1f5dc SHA512 22f66004324e3777393446a3df738ecd2aa405df088d39137008514cd86b436765b48ccd4355d670a42061ce4e5a7b2fd8e4be5852cd914f62ff0250a4a7ae57
+DIST ImageMagick-6.9.10-10.tar.xz 8929904 BLAKE2B 937a480554d881da9d477724ed7ff23c185a531778514397a6d46195963eb1449150c4d94fdbaf0798efc509d687a70b9dd999d2d9571ff478643cf754dde822 SHA512 8255db18d1b3ea727be320a643f67c8c27a729738de798c2b64570f9f8a96c74d59922ef85fae88b550e336f640d7d12b079ea354039dc08c4e75643b7e3a38c
+DIST ImageMagick-7.0.8-10.tar.xz 8635496 BLAKE2B c9df902b5d582b278b3343c9889b01b921f505bf5686312c30fe55e0b023601ea8a51385a97d92f39d248bb8d57f0e91d163a983cda16f528ab234d53f35118a SHA512 a4869e0a9be5e04c04fcd1fce5c4141d63968ee7f1dd78d84724921f2f088bdcea8c3b3799e1ff555a2a04dec32a1fb7c4a1e6053a6185e9a36c6ae0f1b9c6ed
+EBUILD imagemagick-6.9.10.10-r2.ebuild 6484 BLAKE2B 10c1e828767548c122c6d4c57ba5530473a1661debe7a122ff2d05a414c9bdd247f41851e9960c54e97779a9dd33f16e3716f0a64c6c35a490faf8c875e0cadc SHA512 96774194e1d6b17ce3a936dd8a488d6d30c13cdad7097134fb2170b8295d8238e2847cc2bc8169bfecc397aba174575a292c14edfabf2dc1797a069fbc4dab20
+EBUILD imagemagick-7.0.8.10-r2.ebuild 6714 BLAKE2B cae1616f7d5c7f72fb81fc722f75b944d63d5f013a85455c67b0db8ef7d0d3cabb522f077bcb7b6aebd3e98d13201352fa332ade89449ac905cc740ba100e996 SHA512 4d8590bfcf9ae38303cdc402cd3681e0a340301fd78bbd31a7d46e22041979b64a4f829090ab3a4e2a28cf6bdde0c2c3ca4fbccea098b6ad3eb9601c4585fa9e
+EBUILD imagemagick-9999.ebuild 6648 BLAKE2B 856d9396231a685d7b17105d69eda477759c1b19229ed787699d76da2c583b9842068dcbee54e5a7449b0a8538c99244f6db0ae22c71a07129193447c414d6b2 SHA512 9203ed62e7f61de14af243d7e38d2e9d8ab87be557467ffb50923f266629c367d923d6525c4939a33466a26b218ac3f35e24fc7f7d6943f27da92f5bf524c5cd
 MISC metadata.xml 984 BLAKE2B ae695ec1fc34ad3b29269ad21cfb8b79ff6158a2ace9cd4194354448794dc183ac568757d6a7e6c07f31634dfb780e0411a0237b3c106344e6c7c7244a8aee36 SHA512 39a4c5aa27db2de81ad4621bacf43baf96415eecdf836fb2024890634c025b29f2b41dc003ac4d6f87b2365c1a4c68b6af2b9e169b3137bbee3e0a6cb435c5c7
diff --git a/media-gfx/imagemagick/files/imagemagick-7.0.8.10-quantum-private-compile-fix.patch b/media-gfx/imagemagick/files/imagemagick-7.0.8.10-quantum-private-compile-fix.patch
new file mode 100644
index 000000000000..4514dcc7d2c6
--- /dev/null
+++ b/media-gfx/imagemagick/files/imagemagick-7.0.8.10-quantum-private-compile-fix.patch
@@ -0,0 +1,24 @@
+https://bugs.gentoo.org/664226
+
+From 6cc5e2d68431249a647f22e5320f8a0481e3e3f4 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Wed, 15 Aug 2018 16:59:30 -0400
+Subject: [PATCH] Fix compile exception
+
+---
+ MagickCore/quantum-private.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/MagickCore/quantum-private.h b/MagickCore/quantum-private.h
+index e02c70348c..2ff6babb7c 100644
+--- a/MagickCore/quantum-private.h
++++ b/MagickCore/quantum-private.h
+@@ -659,7 +659,7 @@ static inline MagickSizeType ScaleQuantumToLongLong(const Quantum quantum)
+     return(0);
+   if (quantum >= 18446744073709551615)
+     return(18446744073709551615);
+-  return((MagickSizeType (quantum+0.5));
++  return((MagickSizeType) (quantum+0.5));
+ #endif
+ }
+ 
diff --git a/media-gfx/imagemagick/files/policy-hardening.snippet b/media-gfx/imagemagick/files/policy-hardening.snippet
new file mode 100644
index 000000000000..c1a91b0b8744
--- /dev/null
+++ b/media-gfx/imagemagick/files/policy-hardening.snippet
@@ -0,0 +1,9 @@
+<policymap>
+  <!-- https://www.kb.cert.org/vuls/id/332928 mitigation / https://bugs.gentoo.org/664236 -->
+  <policy domain="coder" rights="none" pattern="PS" />
+  <policy domain="coder" rights="none" pattern="PS2" />
+  <policy domain="coder" rights="none" pattern="PS3" />
+  <policy domain="coder" rights="none" pattern="EPS" />
+  <policy domain="coder" rights="none" pattern="PDF" />
+  <policy domain="coder" rights="none" pattern="XPS" />
+
diff --git a/media-gfx/imagemagick/files/policy.test.xml b/media-gfx/imagemagick/files/policy.test.xml
new file mode 100644
index 000000000000..6db44b76d252
--- /dev/null
+++ b/media-gfx/imagemagick/files/policy.test.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+  <!ELEMENT policymap (policy)+>
+  <!ATTLIST policymap xmlns CDATA #FIXED ''>
+  <!ELEMENT policy EMPTY>
+  <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
+    name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
+    stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
+]>
+<policymap>
+  <!-- Policy used for test suite only to allow passing test suite
+       in case user has installed a restriction which would prevent
+       the execution of some tests -->
+  <policy domain="delegate" rights="read|write" pattern="*" />
+  <policy domain="filter"   rights="read|write" pattern="*" />
+  <policy domain="coder"    rights="read|write" pattern="*" />
+</policymap>
diff --git a/media-gfx/imagemagick/imagemagick-6.9.10.8.ebuild b/media-gfx/imagemagick/imagemagick-6.9.10.10-r2.ebuild
index 02f80cc50b4e..970ff4c9a5a9 100644
--- a/media-gfx/imagemagick/imagemagick-6.9.10.8.ebuild
+++ b/media-gfx/imagemagick/imagemagick-6.9.10.10-r2.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=6
 
-inherit eutils flag-o-matic libtool multilib toolchain-funcs eapi7-ver
+inherit eapi7-ver eutils flag-o-matic libtool multilib toolchain-funcs
 
 MY_P=ImageMagick-$(ver_rs 3 '-')
 
@@ -67,12 +67,29 @@ REQUIRED_USE="corefonts? ( truetype )
 S="${WORKDIR}/${MY_P}"
 
 src_prepare() {
-	local mesa_cards ati_cards nvidia_cards render_cards
 	default
 
+	# Apply hardening #664236
+	cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
+	sed -i -e '/^<policymap>$/ {
+			r policy-hardening.snippet
+			d
+		}' \
+		config/policy.xml || \
+		die "Failed to apply hardening of policy.xml"
+	einfo "policy.xml hardened"
+
+	# Install default (unrestricted) policy in $HOME for test suite #664238
+	local _im_local_config_home="${HOME}/.config/ImageMagick"
+	mkdir -p "${_im_local_config_home}" || \
+		die "Failed to create IM config dir in '${_im_local_config_home}'"
+	cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \
+		die "Failed to install default blank policy.xml in '${_im_local_config_home}'"
+
 	elibtoolize # for Darwin modules
 
 	# For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
+	local mesa_cards ati_cards nvidia_cards render_cards
 	shopt -s nullglob
 	ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
 	if test -n "${ati_cards}"; then
@@ -184,3 +201,35 @@ src_install() {
 	insinto /usr/share/${PN}
 	doins config/*icm
 }
+
+pkg_postinst() {
+	local _show_policy_xml_notice=
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+		_show_policy_xml_notice=yes
+	else
+		local v
+		for v in ${REPLACING_VERSIONS}; do
+			if ! ver_test "${v}" -gt "6.9.10.10-r2"; then
+				# This is an upgrade
+				_show_policy_xml_notice=yes
+
+				# Show this elog only once
+				break
+			fi
+		done
+	fi
+
+	if [[ -n "${_show_policy_xml_notice}" ]]; then
+		elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-6"
+		elog "which will prevent the usage of the following coders by default:"
+		elog ""
+		elog "  - PS"
+		elog "  - PS2"
+		elog "  - PS3"
+		elog "  - EPS"
+		elog "  - PDF"
+		elog "  - XPS"
+	fi
+}
diff --git a/media-gfx/imagemagick/imagemagick-7.0.8.8.ebuild b/media-gfx/imagemagick/imagemagick-7.0.8.10-r2.ebuild
index 9b07f999f005..63922969bc3b 100644
--- a/media-gfx/imagemagick/imagemagick-7.0.8.8.ebuild
+++ b/media-gfx/imagemagick/imagemagick-7.0.8.10-r2.ebuild
@@ -1,19 +1,27 @@
 # Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI="6"
 
-inherit eutils flag-o-matic libtool multilib toolchain-funcs eapi7-ver
+inherit eapi7-ver eutils flag-o-matic libtool multilib toolchain-funcs
 
-MY_P=ImageMagick-$(ver_rs 3 '-')
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"
+	inherit git-r3
+	MY_P="imagemagick-9999"
+else
+	MY_P=ImageMagick-$(ver_rs 3 '-')
+	SRC_URI="mirror://${PN}/${MY_P}.tar.xz"
+	KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+
+	PATCHES=( "${FILESDIR}"/${P}-quantum-private-compile-fix.patch ) #664226
+fi
 
 DESCRIPTION="A collection of tools and libraries for many image formats"
 HOMEPAGE="https://www.imagemagick.org/"
-SRC_URI="mirror://${PN}/${MY_P}.tar.xz"
 
 LICENSE="imagemagick"
 SLOT="0/${PV}"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
 IUSE="bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib"
 
 RESTRICT="perl? ( userpriv )"
@@ -67,12 +75,29 @@ REQUIRED_USE="corefonts? ( truetype )
 S="${WORKDIR}/${MY_P}"
 
 src_prepare() {
-	local ati_cards mesa_cards nvidia_cards render_cards
 	default
 
+	# Apply hardening #664236
+	cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
+	sed -i -e '/^<policymap>$/ {
+			r policy-hardening.snippet
+			d
+		}' \
+		config/policy.xml || \
+		die "Failed to apply hardening of policy.xml"
+	einfo "policy.xml hardened"
+
+	# Install default (unrestricted) policy in $HOME for test suite #664238
+	local _im_local_config_home="${HOME}/.config/ImageMagick"
+	mkdir -p "${_im_local_config_home}" || \
+		die "Failed to create IM config dir in '${_im_local_config_home}'"
+	cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \
+		die "Failed to install default blank policy.xml in '${_im_local_config_home}'"
+
 	elibtoolize # for Darwin modules
 
 	# For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
+	local ati_cards mesa_cards nvidia_cards render_cards
 	shopt -s nullglob
 	ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
 	if test -n "${ati_cards}"; then
@@ -184,3 +209,35 @@ src_install() {
 	insinto /usr/share/${PN}
 	doins config/*icm
 }
+
+pkg_postinst() {
+	local _show_policy_xml_notice=
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+		_show_policy_xml_notice=yes
+	else
+		local v
+		for v in ${REPLACING_VERSIONS}; do
+			if ! ver_test "${v}" -gt "7.0.8.10-r2"; then
+				# This is an upgrade
+				_show_policy_xml_notice=yes
+
+				# Show this elog only once
+				break
+			fi
+		done
+	fi
+
+	if [[ -n "${_show_policy_xml_notice}" ]]; then
+		elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
+		elog "which will prevent the usage of the following coders by default:"
+		elog ""
+		elog "  - PS"
+		elog "  - PS2"
+		elog "  - PS3"
+		elog "  - EPS"
+		elog "  - PDF"
+		elog "  - XPS"
+	fi
+}
diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild
index aa36a8a3e7be..25c4681ac138 100644
--- a/media-gfx/imagemagick/imagemagick-9999.ebuild
+++ b/media-gfx/imagemagick/imagemagick-9999.ebuild
@@ -1,16 +1,15 @@
 # Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI="6"
 
-inherit eutils flag-o-matic libtool multilib toolchain-funcs
+inherit eapi7-ver eutils flag-o-matic libtool multilib toolchain-funcs
 
 if [[ ${PV} == "9999" ]] ; then
 	EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"
 	inherit git-r3
 	MY_P="imagemagick-9999"
 else
-	inherit eapi7-ver
 	MY_P=ImageMagick-$(ver_rs 3 '-')
 	SRC_URI="mirror://${PN}/${MY_P}.tar.xz"
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
@@ -74,12 +73,29 @@ REQUIRED_USE="corefonts? ( truetype )
 S="${WORKDIR}/${MY_P}"
 
 src_prepare() {
-	local ati_cards mesa_cards nvidia_cards render_cards
 	default
 
+	# Apply hardening #664236
+	cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
+	sed -i -e '/^<policymap>$/ {
+			r policy-hardening.snippet
+			d
+		}' \
+		config/policy.xml || \
+		die "Failed to apply hardening of policy.xml"
+	einfo "policy.xml hardened"
+
+	# Install default (unrestricted) policy in $HOME for test suite #664238
+	local _im_local_config_home="${HOME}/.config/ImageMagick"
+	mkdir -p "${_im_local_config_home}" || \
+		die "Failed to create IM config dir in '${_im_local_config_home}'"
+	cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \
+		die "Failed to install default blank policy.xml in '${_im_local_config_home}'"
+
 	elibtoolize # for Darwin modules
 
 	# For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
+	local ati_cards mesa_cards nvidia_cards render_cards
 	shopt -s nullglob
 	ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
 	if test -n "${ati_cards}"; then
@@ -191,3 +207,35 @@ src_install() {
 	insinto /usr/share/${PN}
 	doins config/*icm
 }
+
+pkg_postinst() {
+	local _show_policy_xml_notice=
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+		_show_policy_xml_notice=yes
+	else
+		local v
+		for v in ${REPLACING_VERSIONS}; do
+			if ! ver_test "${v}" -gt "7.0.8.10-r2"; then
+				# This is an upgrade
+				_show_policy_xml_notice=yes
+
+				# Show this elog only once
+				break
+			fi
+		done
+	fi
+
+	if [[ -n "${_show_policy_xml_notice}" ]]; then
+		elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
+		elog "which will prevent the usage of the following coders by default:"
+		elog ""
+		elog "  - PS"
+		elog "  - PS2"
+		elog "  - PS3"
+		elog "  - EPS"
+		elog "  - PDF"
+		elog "  - XPS"
+	fi
+}
author	V3n3RiX <venerix@redcorelinux.org>	2018-08-25 07:36:27 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-08-25 07:36:27 +0100
commit	43793fab84041cfc5c60c0151d1591b8a69fb24a (patch)
tree	6208a7f4fc744684fce0f55acbb47511acace498 /media-gfx/imagemagick
parent	28e3d252dc8ac8a5635206dfefe1cfe05058d1db (diff)