[arch-commits] Commit in imagemagick/trunk (IM7-GS-policy.patch PKGBUILD)
Antonio Rojas
arojas at archlinux.org
Sun Jul 21 13:17:22 UTC 2019
Date: Sunday, July 21, 2019 @ 13:17:21
Author: arojas
Revision: 358468
Update to 7.0.8.56, relax security policy (FS#62785,FS#62171)
Modified:
imagemagick/trunk/PKGBUILD
Deleted:
imagemagick/trunk/IM7-GS-policy.patch
---------------------+
IM7-GS-policy.patch | 10 ----------
PKGBUILD | 18 ++++++++----------
2 files changed, 8 insertions(+), 20 deletions(-)
Deleted: IM7-GS-policy.patch
===================================================================
--- IM7-GS-policy.patch 2019-07-21 10:36:21 UTC (rev 358467)
+++ IM7-GS-policy.patch 2019-07-21 13:17:21 UTC (rev 358468)
@@ -1,10 +0,0 @@
---- ImageMagick-7.0.8-13/config/policy.xml.orig 2018-10-22 15:13:51.713995553 +0000
-+++ ImageMagick-7.0.8-13/config/policy.xml 2018-10-22 15:14:22.650737457 +0000
-@@ -68,6 +68,7 @@
- <!-- <policy domain="resource" name="throttle" value="0"/> -->
- <!-- <policy domain="resource" name="time" value="3600"/> -->
- <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
-+ <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />
- <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
- <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
- <!-- <policy domain="path" rights="none" pattern="@*" /> -->
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-07-21 10:36:21 UTC (rev 358467)
+++ PKGBUILD 2019-07-21 13:17:21 UTC (rev 358468)
@@ -3,7 +3,7 @@
pkgbase=imagemagick
pkgname=(imagemagick imagemagick-doc)
-pkgver=7.0.8.55
+pkgver=7.0.8.56
pkgrel=1
pkgdesc="An image viewing/manipulation program"
url="https://www.imagemagick.org/"
@@ -15,11 +15,10 @@
_relname=ImageMagick-${pkgver%%.*}
_tarname=ImageMagick-${pkgver%.*}-${pkgver##*.}
source=(https://www.imagemagick.org/download/releases/$_tarname.tar.xz{,.asc}
- arch-fonts.diff IM7-GS-policy.patch)
-sha256sums=('2ae7274fddbf65c4e084d3c0c87a0b1270b34f978d5358d5a54f1b3dae5ec152'
+ arch-fonts.diff)
+sha256sums=('b1f32fed2bf0a28a7553f7ac1afc86d02ee35587408d2a89916e3072d9f8d532'
'SKIP'
- 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73'
- 'f20c09860da65a4259ec9627ceeca7d993949b7460fa199c5ffd874633814cf6')
+ 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73')
validpgpkeys=(D8272EF51DA223E4D05B466989AB63D48277377A) # Lexie Parsimoniae
shopt -s extglob
@@ -31,9 +30,6 @@
# Fix up typemaps to match our packages, where possible
patch -p1 -i ../arch-fonts.diff
-
- # Work around ghostscript security issues https://bugs.archlinux.org/task/59778
- patch -p1 -i ../IM7-GS-policy.patch
}
build() {
@@ -48,7 +44,7 @@
PCLDelegate=/usr/bin/gpcl6 \
--enable-hdri \
--enable-opencl \
- --with-gslib \
+ --without-gslib \
--with-lqr \
--with-modules \
--with-openexr \
@@ -73,7 +69,6 @@
check() (
cd $_tarname
ulimit -n 4096
- sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch
make check
)
@@ -108,6 +103,9 @@
# Split docs
mv "$pkgdir/usr/share/doc" "$srcdir/docpkg/usr/share/"
+
+# Harden security policy https://bugs.archlinux.org/task/62785
+ sed -e '/<\/policymap>/i \ \ <policy domain="delegate" rights="none" pattern="gs" \/>' -i "$pkgdir"/etc/ImageMagick-7/policy.xml
}
package_imagemagick-doc() {
More information about the arch-commits
mailing list