[arch-commits] Commit in imagemagick6/trunk (IM6-GS-policy.patch PKGBUILD)
Antonio Rojas
arojas at archlinux.org
Sun Jul 21 13:27:25 UTC 2019
Date: Sunday, July 21, 2019 @ 13:27:24
Author: arojas
Revision: 358470
Update to 6.9.10.56, relax security policy (FS#62785,FS#62171)
Modified:
imagemagick6/trunk/PKGBUILD
Deleted:
imagemagick6/trunk/IM6-GS-policy.patch
---------------------+
IM6-GS-policy.patch | 10 ----------
PKGBUILD | 18 ++++++++----------
2 files changed, 8 insertions(+), 20 deletions(-)
Deleted: IM6-GS-policy.patch
===================================================================
--- IM6-GS-policy.patch 2019-07-21 13:17:52 UTC (rev 358469)
+++ IM6-GS-policy.patch 2019-07-21 13:27:24 UTC (rev 358470)
@@ -1,10 +0,0 @@
---- ImageMagick-7.0.8-13/config/policy.xml.orig 2018-10-22 15:13:51.713995553 +0000
-+++ ImageMagick-7.0.8-13/config/policy.xml 2018-10-22 15:14:22.650737457 +0000
-@@ -68,6 +68,7 @@
- <!-- <policy domain="resource" name="throttle" value="0"/> -->
- <!-- <policy domain="resource" name="time" value="3600"/> -->
- <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
-+ <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />
- <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
- <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
- <!-- <policy domain="path" rights="none" pattern="@*" /> -->
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-07-21 13:17:52 UTC (rev 358469)
+++ PKGBUILD 2019-07-21 13:27:24 UTC (rev 358470)
@@ -2,7 +2,7 @@
pkgbase=imagemagick6
pkgname=(libmagick6)
-pkgver=6.9.10.53
+pkgver=6.9.10.56
pkgrel=1
pkgdesc="An image viewing/manipulation program (version 6)"
url="https://legacy.imagemagick.org/"
@@ -15,11 +15,10 @@
_relname=ImageMagick-${pkgver%%.*}
_tarname=ImageMagick-${pkgver%.*}-${pkgver##*.}
source=(https://www.imagemagick.org/download/$_tarname.tar.xz{,.asc}
- arch-fonts.diff IM6-GS-policy.patch)
-sha256sums=('d0df08723369010118f639624a96c3bd3298e058ea23558b8b4cbb869d85fdd9'
+ arch-fonts.diff)
+sha256sums=('d62bd1c0197581ee29b7e408cd09ceb0546dde6707bd739cd5d267dedf11d91e'
'SKIP'
- 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73'
- 'f20c09860da65a4259ec9627ceeca7d993949b7460fa199c5ffd874633814cf6')
+ 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73')
validpgpkeys=(D8272EF51DA223E4D05B466989AB63D48277377A) # Lexie Parsimoniae
prepare() {
@@ -30,9 +29,6 @@
# Fix up typemaps to match our packages, where possible
patch -Np1 -i ../arch-fonts.diff
- # Workaround ghostscript security issues https://bugs.archlinux.org/task/59778
- patch -p1 -i ../IM6-GS-policy.patch
-
# Don't run auto(re)conf; assumes use of git
}
@@ -49,7 +45,7 @@
PCLDelegate=/usr/bin/gpcl6 \
--enable-hdri \
--enable-opencl \
- --with-gslib \
+ --without-gslib \
--with-lqr \
--with-modules \
--with-openexr \
@@ -74,7 +70,6 @@
check() (
cd $_tarname
ulimit -n 4096
- sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch
make check || :
)
@@ -107,4 +102,7 @@
mv "$pkgdir/usr/bin" usr/
mv "$pkgdir/usr/lib/perl5" usr/lib/
mv "$pkgdir/usr/share/man" usr/share/
+
+# Harden security policy https://bugs.archlinux.org/task/62785
+ sed -e '/<\/policymap>/i \ \ <policy domain="delegate" rights="none" pattern="gs" \/>' -i "$pkgdir"/etc/ImageMagick-6/policy.xml
}
More information about the arch-commits
mailing list