[arch-commits] Commit in imagemagick/trunk (IM7-GS-policy.patch PKGBUILD)

Antonio Rojas arojas at archlinux.org
Sun Jul 21 13:17:22 UTC 2019


    Date: Sunday, July 21, 2019 @ 13:17:21
  Author: arojas
Revision: 358468

Update to 7.0.8.56, relax security policy (FS#62785,FS#62171)

Modified:
  imagemagick/trunk/PKGBUILD
Deleted:
  imagemagick/trunk/IM7-GS-policy.patch

---------------------+
 IM7-GS-policy.patch |   10 ----------
 PKGBUILD            |   18 ++++++++----------
 2 files changed, 8 insertions(+), 20 deletions(-)

Deleted: IM7-GS-policy.patch
===================================================================
--- IM7-GS-policy.patch	2019-07-21 10:36:21 UTC (rev 358467)
+++ IM7-GS-policy.patch	2019-07-21 13:17:21 UTC (rev 358468)
@@ -1,10 +0,0 @@
---- ImageMagick-7.0.8-13/config/policy.xml.orig	2018-10-22 15:13:51.713995553 +0000
-+++ ImageMagick-7.0.8-13/config/policy.xml	2018-10-22 15:14:22.650737457 +0000
-@@ -68,6 +68,7 @@
-   <!-- <policy domain="resource" name="throttle" value="0"/> -->
-   <!-- <policy domain="resource" name="time" value="3600"/> -->
-   <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
-+  <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />
-   <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
-   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
-   <!-- <policy domain="path" rights="none" pattern="@*" /> -->

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2019-07-21 10:36:21 UTC (rev 358467)
+++ PKGBUILD	2019-07-21 13:17:21 UTC (rev 358468)
@@ -3,7 +3,7 @@
 
 pkgbase=imagemagick
 pkgname=(imagemagick imagemagick-doc)
-pkgver=7.0.8.55
+pkgver=7.0.8.56
 pkgrel=1
 pkgdesc="An image viewing/manipulation program"
 url="https://www.imagemagick.org/"
@@ -15,11 +15,10 @@
 _relname=ImageMagick-${pkgver%%.*}
 _tarname=ImageMagick-${pkgver%.*}-${pkgver##*.}
 source=(https://www.imagemagick.org/download/releases/$_tarname.tar.xz{,.asc}
-        arch-fonts.diff IM7-GS-policy.patch)
-sha256sums=('2ae7274fddbf65c4e084d3c0c87a0b1270b34f978d5358d5a54f1b3dae5ec152'
+        arch-fonts.diff)
+sha256sums=('b1f32fed2bf0a28a7553f7ac1afc86d02ee35587408d2a89916e3072d9f8d532'
             'SKIP'
-            'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73'
-            'f20c09860da65a4259ec9627ceeca7d993949b7460fa199c5ffd874633814cf6')
+            'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73')
 validpgpkeys=(D8272EF51DA223E4D05B466989AB63D48277377A)  # Lexie Parsimoniae
 
 shopt -s extglob
@@ -31,9 +30,6 @@
 
   # Fix up typemaps to match our packages, where possible
   patch -p1 -i ../arch-fonts.diff
-
-  # Work around ghostscript security issues https://bugs.archlinux.org/task/59778
-  patch -p1 -i ../IM7-GS-policy.patch
 }
 
 build() {
@@ -48,7 +44,7 @@
     PCLDelegate=/usr/bin/gpcl6 \
     --enable-hdri \
     --enable-opencl \
-    --with-gslib \
+    --without-gslib \
     --with-lqr \
     --with-modules \
     --with-openexr \
@@ -73,7 +69,6 @@
 check() (
   cd $_tarname
   ulimit -n 4096
-  sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch
   make check
 )
 
@@ -108,6 +103,9 @@
 
 # Split docs
   mv "$pkgdir/usr/share/doc" "$srcdir/docpkg/usr/share/"
+
+# Harden security policy https://bugs.archlinux.org/task/62785
+  sed -e '/<\/policymap>/i \ \ <policy domain="delegate" rights="none" pattern="gs" \/>' -i "$pkgdir"/etc/ImageMagick-7/policy.xml
 }
 
 package_imagemagick-doc() {


More information about the arch-commits mailing list