diff options
Diffstat (limited to 'media-gfx/imagemagick')
-rw-r--r-- | media-gfx/imagemagick/Manifest | 13 | ||||
-rw-r--r-- | media-gfx/imagemagick/files/imagemagick-7.0.8.10-quantum-private-compile-fix.patch | 24 | ||||
-rw-r--r-- | media-gfx/imagemagick/files/policy-hardening.snippet | 9 | ||||
-rw-r--r-- | media-gfx/imagemagick/files/policy.test.xml | 17 | ||||
-rw-r--r-- | media-gfx/imagemagick/imagemagick-6.9.10.10-r2.ebuild (renamed from media-gfx/imagemagick/imagemagick-6.9.10.8.ebuild) | 53 | ||||
-rw-r--r-- | media-gfx/imagemagick/imagemagick-7.0.8.10-r2.ebuild (renamed from media-gfx/imagemagick/imagemagick-7.0.8.8.ebuild) | 69 | ||||
-rw-r--r-- | media-gfx/imagemagick/imagemagick-9999.ebuild | 56 |
7 files changed, 224 insertions, 17 deletions
diff --git a/media-gfx/imagemagick/Manifest b/media-gfx/imagemagick/Manifest index af871f7ee236..12ea63d01132 100644 --- a/media-gfx/imagemagick/Manifest +++ b/media-gfx/imagemagick/Manifest @@ -1,6 +1,9 @@ -DIST ImageMagick-6.9.10-8.tar.xz 8909952 BLAKE2B 0868759a5c6982c29d315bda69c1dec3b190fbea3757cf8e368b42976c9f35c4cd53610643e05e8872b0669768206559b2b726b494494f305b71dc2140d7d09c SHA512 63f131d4aa455e3f3a4a891359601d932aa6d43ff22fb9c6bed1a98a1a758da610db90cf951c131aaceabdbc8af0418d1a8e3752cabb39f95735ef18cd6745f2 -DIST ImageMagick-7.0.8-8.tar.xz 8639896 BLAKE2B 5971dbbee9726fab15e19e531bdbb50af710c67be84759030768958a33688b5492bb20758917c976dd9c08307031d041d5de7ae9a2326fecff6ba3a7dc226e84 SHA512 8cc18deb4c14feb71de2624637e1df708ddbcaebd543c03e177a1cfe6c2f63e09af7e787c730f11d3d0332659d2642e5076f6a83f3580f5c0afc8bdb9537733a -EBUILD imagemagick-6.9.10.8.ebuild 5125 BLAKE2B defc438b96f73a2af272220759e0d1e0c510165cb12eb2ffa2fdb8f571ffafb59037c62e92ed3c31f045b77bc90afcc11fc7eced7af39ca17be78df778d7131b SHA512 870751296c3b2e2a399037fa7f9d5206e2bc2e1efd1c0386f7f663c5e79a95ec6bc1011df1716a8da046f6a0c2a49fd2295b5ecacc325b5423e3735c43b31662 -EBUILD imagemagick-7.0.8.8.ebuild 5131 BLAKE2B 20cffac4ad29a620deb03c1a408a0550d191fbe79e05b85c26437298c15c004e1300ef6f6f698b4933fb27b0c059be391b2937e283fb157ee9e90ee53dce8710 SHA512 e21135d9cb19c096a372fe85f05e50f66e31899e77a4a84bdc201f9e924cc2495ed807090b42250612e494a6cc6be221a2852c123493188a5f931c00c794f508 -EBUILD imagemagick-9999.ebuild 5297 BLAKE2B dd922782da40926064b6fdceb7cd0c9cb16f7187ac94ace7aee3c2581bc5d4bc86dd19d4eb9068083d93f401970f2a673af445c589b93ab0709735a67af18b79 SHA512 24762b7a8642ad54f88dabfdf5966b99e406977eafc486544720c466f1eac54e84ab7a496b81d8438e04ff0ad2bb943680c258a37a66cd28b8bd4677aadd7dee +AUX imagemagick-7.0.8.10-quantum-private-compile-fix.patch 778 BLAKE2B c770f89f8b3b0f0505d32ce9c44b1ceac4f6ac817f85e756802c69cc394c3a6001a598bea88e081a461a1f775a7b5ebc4e5a27397186bc940a080ce780580bcf SHA512 cb18f10ebabc1af7065a3df50afcea500c908051fc91946f65b400df138c941c3576671cfa200d7f36ad62baae75198e3d5e4d2e206968da7d641d3de1c95a7f +AUX policy-hardening.snippet 442 BLAKE2B d79fdbddab418fc9d8391e78992e3dda844e096052115113ff6f759c1a54541bcd7d7793547bc7140776659c98379a9e9f004aa46f757300a33f445d396fbf14 SHA512 e9e723c40d5b8c52bbc2f2b9a3ad7c7e2aee493bc37b6c3940e8486b92a1c6659e47b1e12ee2fb11c8a8b6ee48a7fc10354617ae12c36181a58e9e73b239368d +AUX policy.test.xml 746 BLAKE2B 6bfa073606469b81cf517d9b069e48794cbda9272d12c3abb8ae3456aaf30cd1923510baddb7d813aa8ccde84e161de0b29314cef7b1a37730c7ad5236d1f5dc SHA512 22f66004324e3777393446a3df738ecd2aa405df088d39137008514cd86b436765b48ccd4355d670a42061ce4e5a7b2fd8e4be5852cd914f62ff0250a4a7ae57 +DIST ImageMagick-6.9.10-10.tar.xz 8929904 BLAKE2B 937a480554d881da9d477724ed7ff23c185a531778514397a6d46195963eb1449150c4d94fdbaf0798efc509d687a70b9dd999d2d9571ff478643cf754dde822 SHA512 8255db18d1b3ea727be320a643f67c8c27a729738de798c2b64570f9f8a96c74d59922ef85fae88b550e336f640d7d12b079ea354039dc08c4e75643b7e3a38c +DIST ImageMagick-7.0.8-10.tar.xz 8635496 BLAKE2B c9df902b5d582b278b3343c9889b01b921f505bf5686312c30fe55e0b023601ea8a51385a97d92f39d248bb8d57f0e91d163a983cda16f528ab234d53f35118a SHA512 a4869e0a9be5e04c04fcd1fce5c4141d63968ee7f1dd78d84724921f2f088bdcea8c3b3799e1ff555a2a04dec32a1fb7c4a1e6053a6185e9a36c6ae0f1b9c6ed +EBUILD imagemagick-6.9.10.10-r2.ebuild 6484 BLAKE2B 10c1e828767548c122c6d4c57ba5530473a1661debe7a122ff2d05a414c9bdd247f41851e9960c54e97779a9dd33f16e3716f0a64c6c35a490faf8c875e0cadc SHA512 96774194e1d6b17ce3a936dd8a488d6d30c13cdad7097134fb2170b8295d8238e2847cc2bc8169bfecc397aba174575a292c14edfabf2dc1797a069fbc4dab20 +EBUILD imagemagick-7.0.8.10-r2.ebuild 6714 BLAKE2B cae1616f7d5c7f72fb81fc722f75b944d63d5f013a85455c67b0db8ef7d0d3cabb522f077bcb7b6aebd3e98d13201352fa332ade89449ac905cc740ba100e996 SHA512 4d8590bfcf9ae38303cdc402cd3681e0a340301fd78bbd31a7d46e22041979b64a4f829090ab3a4e2a28cf6bdde0c2c3ca4fbccea098b6ad3eb9601c4585fa9e +EBUILD imagemagick-9999.ebuild 6648 BLAKE2B 856d9396231a685d7b17105d69eda477759c1b19229ed787699d76da2c583b9842068dcbee54e5a7449b0a8538c99244f6db0ae22c71a07129193447c414d6b2 SHA512 9203ed62e7f61de14af243d7e38d2e9d8ab87be557467ffb50923f266629c367d923d6525c4939a33466a26b218ac3f35e24fc7f7d6943f27da92f5bf524c5cd MISC metadata.xml 984 BLAKE2B ae695ec1fc34ad3b29269ad21cfb8b79ff6158a2ace9cd4194354448794dc183ac568757d6a7e6c07f31634dfb780e0411a0237b3c106344e6c7c7244a8aee36 SHA512 39a4c5aa27db2de81ad4621bacf43baf96415eecdf836fb2024890634c025b29f2b41dc003ac4d6f87b2365c1a4c68b6af2b9e169b3137bbee3e0a6cb435c5c7 diff --git a/media-gfx/imagemagick/files/imagemagick-7.0.8.10-quantum-private-compile-fix.patch b/media-gfx/imagemagick/files/imagemagick-7.0.8.10-quantum-private-compile-fix.patch new file mode 100644 index 000000000000..4514dcc7d2c6 --- /dev/null +++ b/media-gfx/imagemagick/files/imagemagick-7.0.8.10-quantum-private-compile-fix.patch @@ -0,0 +1,24 @@ +https://bugs.gentoo.org/664226 + +From 6cc5e2d68431249a647f22e5320f8a0481e3e3f4 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Wed, 15 Aug 2018 16:59:30 -0400 +Subject: [PATCH] Fix compile exception + +--- + MagickCore/quantum-private.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/MagickCore/quantum-private.h b/MagickCore/quantum-private.h +index e02c70348c..2ff6babb7c 100644 +--- a/MagickCore/quantum-private.h ++++ b/MagickCore/quantum-private.h +@@ -659,7 +659,7 @@ static inline MagickSizeType ScaleQuantumToLongLong(const Quantum quantum) + return(0); + if (quantum >= 18446744073709551615) + return(18446744073709551615); +- return((MagickSizeType (quantum+0.5)); ++ return((MagickSizeType) (quantum+0.5)); + #endif + } + diff --git a/media-gfx/imagemagick/files/policy-hardening.snippet b/media-gfx/imagemagick/files/policy-hardening.snippet new file mode 100644 index 000000000000..c1a91b0b8744 --- /dev/null +++ b/media-gfx/imagemagick/files/policy-hardening.snippet @@ -0,0 +1,9 @@ +<policymap> + <!-- https://www.kb.cert.org/vuls/id/332928 mitigation / https://bugs.gentoo.org/664236 --> + <policy domain="coder" rights="none" pattern="PS" /> + <policy domain="coder" rights="none" pattern="PS2" /> + <policy domain="coder" rights="none" pattern="PS3" /> + <policy domain="coder" rights="none" pattern="EPS" /> + <policy domain="coder" rights="none" pattern="PDF" /> + <policy domain="coder" rights="none" pattern="XPS" /> + diff --git a/media-gfx/imagemagick/files/policy.test.xml b/media-gfx/imagemagick/files/policy.test.xml new file mode 100644 index 000000000000..6db44b76d252 --- /dev/null +++ b/media-gfx/imagemagick/files/policy.test.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policymap [ + <!ELEMENT policymap (policy)+> + <!ATTLIST policymap xmlns CDATA #FIXED ''> + <!ELEMENT policy EMPTY> + <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED + name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED + stealth NMTOKEN #IMPLIED value CDATA #IMPLIED> +]> +<policymap> + <!-- Policy used for test suite only to allow passing test suite + in case user has installed a restriction which would prevent + the execution of some tests --> + <policy domain="delegate" rights="read|write" pattern="*" /> + <policy domain="filter" rights="read|write" pattern="*" /> + <policy domain="coder" rights="read|write" pattern="*" /> +</policymap> diff --git a/media-gfx/imagemagick/imagemagick-6.9.10.8.ebuild b/media-gfx/imagemagick/imagemagick-6.9.10.10-r2.ebuild index 02f80cc50b4e..970ff4c9a5a9 100644 --- a/media-gfx/imagemagick/imagemagick-6.9.10.8.ebuild +++ b/media-gfx/imagemagick/imagemagick-6.9.10.10-r2.ebuild @@ -3,7 +3,7 @@ EAPI=6 -inherit eutils flag-o-matic libtool multilib toolchain-funcs eapi7-ver +inherit eapi7-ver eutils flag-o-matic libtool multilib toolchain-funcs MY_P=ImageMagick-$(ver_rs 3 '-') @@ -67,12 +67,29 @@ REQUIRED_USE="corefonts? ( truetype ) S="${WORKDIR}/${MY_P}" src_prepare() { - local mesa_cards ati_cards nvidia_cards render_cards default + # Apply hardening #664236 + cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die + sed -i -e '/^<policymap>$/ { + r policy-hardening.snippet + d + }' \ + config/policy.xml || \ + die "Failed to apply hardening of policy.xml" + einfo "policy.xml hardened" + + # Install default (unrestricted) policy in $HOME for test suite #664238 + local _im_local_config_home="${HOME}/.config/ImageMagick" + mkdir -p "${_im_local_config_home}" || \ + die "Failed to create IM config dir in '${_im_local_config_home}'" + cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \ + die "Failed to install default blank policy.xml in '${_im_local_config_home}'" + elibtoolize # for Darwin modules # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 + local mesa_cards ati_cards nvidia_cards render_cards shopt -s nullglob ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') if test -n "${ati_cards}"; then @@ -184,3 +201,35 @@ src_install() { insinto /usr/share/${PN} doins config/*icm } + +pkg_postinst() { + local _show_policy_xml_notice= + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + _show_policy_xml_notice=yes + else + local v + for v in ${REPLACING_VERSIONS}; do + if ! ver_test "${v}" -gt "6.9.10.10-r2"; then + # This is an upgrade + _show_policy_xml_notice=yes + + # Show this elog only once + break + fi + done + fi + + if [[ -n "${_show_policy_xml_notice}" ]]; then + elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-6" + elog "which will prevent the usage of the following coders by default:" + elog "" + elog " - PS" + elog " - PS2" + elog " - PS3" + elog " - EPS" + elog " - PDF" + elog " - XPS" + fi +} diff --git a/media-gfx/imagemagick/imagemagick-7.0.8.8.ebuild b/media-gfx/imagemagick/imagemagick-7.0.8.10-r2.ebuild index 9b07f999f005..63922969bc3b 100644 --- a/media-gfx/imagemagick/imagemagick-7.0.8.8.ebuild +++ b/media-gfx/imagemagick/imagemagick-7.0.8.10-r2.ebuild @@ -1,19 +1,27 @@ # Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI="6" -inherit eutils flag-o-matic libtool multilib toolchain-funcs eapi7-ver +inherit eapi7-ver eutils flag-o-matic libtool multilib toolchain-funcs -MY_P=ImageMagick-$(ver_rs 3 '-') +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git" + inherit git-r3 + MY_P="imagemagick-9999" +else + MY_P=ImageMagick-$(ver_rs 3 '-') + SRC_URI="mirror://${PN}/${MY_P}.tar.xz" + KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" + + PATCHES=( "${FILESDIR}"/${P}-quantum-private-compile-fix.patch ) #664226 +fi DESCRIPTION="A collection of tools and libraries for many image formats" HOMEPAGE="https://www.imagemagick.org/" -SRC_URI="mirror://${PN}/${MY_P}.tar.xz" LICENSE="imagemagick" SLOT="0/${PV}" -KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" IUSE="bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib" RESTRICT="perl? ( userpriv )" @@ -67,12 +75,29 @@ REQUIRED_USE="corefonts? ( truetype ) S="${WORKDIR}/${MY_P}" src_prepare() { - local ati_cards mesa_cards nvidia_cards render_cards default + # Apply hardening #664236 + cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die + sed -i -e '/^<policymap>$/ { + r policy-hardening.snippet + d + }' \ + config/policy.xml || \ + die "Failed to apply hardening of policy.xml" + einfo "policy.xml hardened" + + # Install default (unrestricted) policy in $HOME for test suite #664238 + local _im_local_config_home="${HOME}/.config/ImageMagick" + mkdir -p "${_im_local_config_home}" || \ + die "Failed to create IM config dir in '${_im_local_config_home}'" + cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \ + die "Failed to install default blank policy.xml in '${_im_local_config_home}'" + elibtoolize # for Darwin modules # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 + local ati_cards mesa_cards nvidia_cards render_cards shopt -s nullglob ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') if test -n "${ati_cards}"; then @@ -184,3 +209,35 @@ src_install() { insinto /usr/share/${PN} doins config/*icm } + +pkg_postinst() { + local _show_policy_xml_notice= + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + _show_policy_xml_notice=yes + else + local v + for v in ${REPLACING_VERSIONS}; do + if ! ver_test "${v}" -gt "7.0.8.10-r2"; then + # This is an upgrade + _show_policy_xml_notice=yes + + # Show this elog only once + break + fi + done + fi + + if [[ -n "${_show_policy_xml_notice}" ]]; then + elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7" + elog "which will prevent the usage of the following coders by default:" + elog "" + elog " - PS" + elog " - PS2" + elog " - PS3" + elog " - EPS" + elog " - PDF" + elog " - XPS" + fi +} diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild index aa36a8a3e7be..25c4681ac138 100644 --- a/media-gfx/imagemagick/imagemagick-9999.ebuild +++ b/media-gfx/imagemagick/imagemagick-9999.ebuild @@ -1,16 +1,15 @@ # Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI="6" -inherit eutils flag-o-matic libtool multilib toolchain-funcs +inherit eapi7-ver eutils flag-o-matic libtool multilib toolchain-funcs if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git" inherit git-r3 MY_P="imagemagick-9999" else - inherit eapi7-ver MY_P=ImageMagick-$(ver_rs 3 '-') SRC_URI="mirror://${PN}/${MY_P}.tar.xz" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" @@ -74,12 +73,29 @@ REQUIRED_USE="corefonts? ( truetype ) S="${WORKDIR}/${MY_P}" src_prepare() { - local ati_cards mesa_cards nvidia_cards render_cards default + # Apply hardening #664236 + cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die + sed -i -e '/^<policymap>$/ { + r policy-hardening.snippet + d + }' \ + config/policy.xml || \ + die "Failed to apply hardening of policy.xml" + einfo "policy.xml hardened" + + # Install default (unrestricted) policy in $HOME for test suite #664238 + local _im_local_config_home="${HOME}/.config/ImageMagick" + mkdir -p "${_im_local_config_home}" || \ + die "Failed to create IM config dir in '${_im_local_config_home}'" + cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \ + die "Failed to install default blank policy.xml in '${_im_local_config_home}'" + elibtoolize # for Darwin modules # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 + local ati_cards mesa_cards nvidia_cards render_cards shopt -s nullglob ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') if test -n "${ati_cards}"; then @@ -191,3 +207,35 @@ src_install() { insinto /usr/share/${PN} doins config/*icm } + +pkg_postinst() { + local _show_policy_xml_notice= + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + _show_policy_xml_notice=yes + else + local v + for v in ${REPLACING_VERSIONS}; do + if ! ver_test "${v}" -gt "7.0.8.10-r2"; then + # This is an upgrade + _show_policy_xml_notice=yes + + # Show this elog only once + break + fi + done + fi + + if [[ -n "${_show_policy_xml_notice}" ]]; then + elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7" + elog "which will prevent the usage of the following coders by default:" + elog "" + elog " - PS" + elog " - PS2" + elog " - PS3" + elog " - EPS" + elog " - PDF" + elog " - XPS" + fi +} |