[arch-commits] Commit in imagemagick6/trunk (IM6-GS-policy.patch PKGBUILD)

[Antonio Rojas]

    Date: Monday, October 22, 2018 @ 15:49:19
  Author: arojas
Revision: 337007

Update to 6.9.10.13, add workaround for GS security issues (FS#59778)

Added:
  imagemagick6/trunk/IM6-GS-policy.patch
Modified:
  imagemagick6/trunk/PKGBUILD

---------------------+
 IM6-GS-policy.patch |   11 +++++++++++
 PKGBUILD            |   12 ++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

Added: IM6-GS-policy.patch
===================================================================
--- IM6-GS-policy.patch	                        (rev 0)
+++ IM6-GS-policy.patch	2018-10-22 15:49:19 UTC (rev 337007)
@@ -0,0 +1,11 @@
+--- ImageMagick-7.0.8-13/config/policy.xml.orig	2018-10-22 15:13:51.713995553 +0000
++++ ImageMagick-7.0.8-13/config/policy.xml	2018-10-22 15:14:22.650737457 +0000
+@@ -68,7 +68,7 @@
+   <!-- <policy domain="resource" name="thread" value="4"/> -->
+   <!-- <policy domain="resource" name="throttle" value="0"/> -->
+   <!-- <policy domain="resource" name="time" value="3600"/> -->
+-  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
++  <!-- <policy domain="coder" rights="none" pattern="{MVG,PS,PS2,PS3,EPS,PDF,XPS}" /> -->
+   <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
+   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
+   <!-- <policy domain="path" rights="none" pattern="@*" /> -->

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-10-22 15:38:47 UTC (rev 337006)
+++ PKGBUILD	2018-10-22 15:49:19 UTC (rev 337007)
@@ -2,7 +2,7 @@
 
 pkgbase=imagemagick6
 pkgname=(libmagick6 imagemagick6)
-pkgver=6.9.10.12
+pkgver=6.9.10.13
 pkgrel=1
 pkgdesc="An image viewing/manipulation program (version 6)"
 url="https://legacy.imagemagick.org/"
@@ -15,10 +15,11 @@
 _relname=ImageMagick-${pkgver%%.*}
 _tarname=ImageMagick-${pkgver%.*}-${pkgver##*.}
 source=(https://www.imagemagick.org/download/$_tarname.tar.xz{,.asc}
-        arch-fonts.diff)
-sha256sums=('54549fe394598f6a7cec8cb5adc45d5d65b8b4f043745c6610693618b1372966'
+        arch-fonts.diff IM6-GS-policy.patch)
+sha256sums=('20f4e224c0546aeb910df0adeb156a94a4c9bfb8ca4df2a805d88274818b0910'
             'SKIP'
-            'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73')
+            'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73'
+            '70a5358fe0e33a4aed34a32cd32be6c9f38277de3560605d8e93f5d486d1e112')
 validpgpkeys=(D8272EF51DA223E4D05B466989AB63D48277377A)  # Lexie Parsimoniae
 
 prepare() {
@@ -29,6 +30,9 @@
   # Fix up typemaps to match our packages, where possible
   patch -Np1 -i ../arch-fonts.diff
 
+  # Workaround ghostscript security issues https://bugs.archlinux.org/task/59778
+  patch -p1 -i ../IM6-GS-policy.patch
+
   # Don't run auto(re)conf; assumes use of git
 }