summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2018-08-22 02:37:22 +0200
committerThomas Deutschmann <whissi@gentoo.org>2018-08-22 02:41:20 +0200
commit02765dfc333e578af9e3fd525fc0067dc47d6528 (patch)
tree60afa04b2787f71f9c48c97a5f816d24edbe6eba /media-gfx
parentx11-libs/wxGTK: arm stable wrt bug #662526 (diff)
downloadgentoo-02765dfc333e578af9e3fd525fc0067dc47d6528.tar.gz
gentoo-02765dfc333e578af9e3fd525fc0067dc47d6528.tar.bz2
gentoo-02765dfc333e578af9e3fd525fc0067dc47d6528.zip
media-gfx/imagemagick: rev bump to address VU#332928
Link: https://www.kb.cert.org/vuls/id/332928 Package-Manager: Portage-2.3.48, Repoman-2.3.10
Diffstat (limited to 'media-gfx')
-rw-r--r--media-gfx/imagemagick/files/policy-hardening.patch15
-rw-r--r--media-gfx/imagemagick/imagemagick-6.9.10.10-r1.ebuild218
-rw-r--r--media-gfx/imagemagick/imagemagick-7.0.8.10-r1.ebuild225
-rw-r--r--media-gfx/imagemagick/imagemagick-9999.ebuild34
4 files changed, 491 insertions, 1 deletions
diff --git a/media-gfx/imagemagick/files/policy-hardening.patch b/media-gfx/imagemagick/files/policy-hardening.patch
new file mode 100644
index 000000000000..9bb8529d191a
--- /dev/null
+++ b/media-gfx/imagemagick/files/policy-hardening.patch
@@ -0,0 +1,15 @@
+--- a/config/policy.xml
++++ b/config/policy.xml
+@@ -52,6 +52,12 @@
+ <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
+ -->
+ <policymap>
++ <!-- https://www.kb.cert.org/vuls/id/332928 mitigation -->
++ <policy domain="coder" rights="none" pattern="PS" />
++ <policy domain="coder" rights="none" pattern="EPS" />
++ <policy domain="coder" rights="none" pattern="PDF" />
++ <policy domain="coder" rights="none" pattern="XPS" />
++
+ <!-- <policy domain="system" name="shred" value="2"/> -->
+ <!-- <policy domain="system" name="precision" value="6"/> -->
+ <!-- <policy domain="system" name="memory-map" value="anonymous"/> -->
diff --git a/media-gfx/imagemagick/imagemagick-6.9.10.10-r1.ebuild b/media-gfx/imagemagick/imagemagick-6.9.10.10-r1.ebuild
new file mode 100644
index 000000000000..9d95354be246
--- /dev/null
+++ b/media-gfx/imagemagick/imagemagick-6.9.10.10-r1.ebuild
@@ -0,0 +1,218 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils flag-o-matic libtool multilib toolchain-funcs eapi7-ver
+
+MY_P=ImageMagick-$(ver_rs 3 '-')
+
+DESCRIPTION="A collection of tools and libraries for many image formats"
+HOMEPAGE="https://www.imagemagick.org/"
+SRC_URI="mirror://${PN}/${MY_P}.tar.xz"
+
+LICENSE="imagemagick"
+SLOT="0/${PV}"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib"
+
+RESTRICT="perl? ( userpriv )"
+
+RDEPEND="
+ dev-libs/libltdl:0
+ bzip2? ( app-arch/bzip2 )
+ corefonts? ( media-fonts/corefonts )
+ djvu? ( app-text/djvu )
+ fftw? ( sci-libs/fftw:3.0 )
+ fontconfig? ( media-libs/fontconfig )
+ fpx? ( >=media-libs/libfpx-1.3.0-r1 )
+ graphviz? ( media-gfx/graphviz )
+ jbig? ( >=media-libs/jbigkit-2:= )
+ jpeg? ( virtual/jpeg:0 )
+ jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 )
+ lcms? ( media-libs/lcms:2= )
+ lqr? ( media-libs/liblqr )
+ opencl? ( virtual/opencl )
+ openexr? ( media-libs/openexr:0= )
+ pango? ( x11-libs/pango )
+ perl? ( >=dev-lang/perl-5.8.8:0= )
+ png? ( media-libs/libpng:0= )
+ postscript? ( app-text/ghostscript-gpl )
+ raw? ( media-libs/libraw:= )
+ svg? ( gnome-base/librsvg )
+ tiff? ( media-libs/tiff:0= )
+ truetype? (
+ media-fonts/urw-fonts
+ >=media-libs/freetype-2
+ )
+ webp? ( media-libs/libwebp:0= )
+ wmf? ( media-libs/libwmf )
+ X? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libXext
+ x11-libs/libXt
+ )
+ xml? ( dev-libs/libxml2:= )
+ lzma? ( app-arch/xz-utils )
+ zlib? ( sys-libs/zlib:= )"
+DEPEND="${RDEPEND}
+ !media-gfx/graphicsmagick[imagemagick]
+ virtual/pkgconfig
+ X? ( x11-base/xorg-proto )"
+
+REQUIRED_USE="corefonts? ( truetype )
+ test? ( corefonts )"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES=( "${FILESDIR}"/policy-hardening.patch )
+
+src_prepare() {
+ local mesa_cards ati_cards nvidia_cards render_cards
+ default
+
+ elibtoolize # for Darwin modules
+
+ # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
+ shopt -s nullglob
+ ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
+ if test -n "${ati_cards}"; then
+ addpredict "${ati_cards}"
+ fi
+ mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+ if test -n "${mesa_cards}"; then
+ addpredict "${mesa_cards}"
+ fi
+ nvidia_cards=$(echo -n /dev/nvidia** | sed 's/ /:/g')
+ if test -n "${nvidia_cards}"; then
+ addpredict "${nvidia_cards}"
+ fi
+ render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g')
+ if test -n "${render_cards}"; then
+ addpredict "${render_cards}"
+ fi
+ shopt -u nullglob
+ addpredict /dev/nvidiactl
+}
+
+src_configure() {
+ local depth=16
+ use q8 && depth=8
+ use q32 && depth=32
+
+ local openmp=disable
+ use openmp && { tc-has-openmp && openmp=enable; }
+
+ [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket
+
+ local myeconfargs=(
+ $(use_enable static-libs static)
+ $(use_enable hdri)
+ $(use_enable opencl)
+ --with-threads
+ --with-modules
+ --with-quantum-depth=${depth}
+ $(use_with cxx magick-plus-plus)
+ $(use_with perl)
+ --with-perl-options='INSTALLDIRS=vendor'
+ --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
+ $(use_with bzip2 bzlib)
+ $(use_with X x)
+ $(use_with zlib)
+ --without-autotrace
+ $(use_with postscript dps)
+ $(use_with djvu)
+ --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu
+ $(use_with fftw)
+ $(use_with fpx)
+ $(use_with fontconfig)
+ $(use_with truetype freetype)
+ $(use_with postscript gslib)
+ $(use_with graphviz gvc)
+ $(use_with jbig)
+ $(use_with jpeg)
+ $(use_with jpeg2k openjp2)
+ $(use_with lcms)
+ $(use_with lqr)
+ $(use_with lzma)
+ $(use_with openexr)
+ $(use_with pango)
+ $(use_with png)
+ $(use_with raw)
+ $(use_with svg rsvg)
+ $(use_with tiff)
+ $(use_with webp)
+ $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts)
+ $(use_with wmf)
+ $(use_with xml)
+ --${openmp}-openmp
+ --with-gcc-arch=no-automagic
+ )
+ CONFIG_SHELL=$(type -P bash) econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ LD_LIBRARY_PATH="${S}/coders/.libs:${S}/filters/.libs:${S}/Magick++/lib/.libs:${S}/magick/.libs:${S}/wand/.libs" \
+ emake check
+}
+
+src_install() {
+ # Ensure documentation installation files and paths with each release!
+ emake \
+ DESTDIR="${D}" \
+ DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ rm -f "${ED%/}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt}
+ dodoc {AUTHORS,README}.txt ChangeLog
+
+ if use perl; then
+ find "${ED}" -type f -name perllocal.pod -exec rm -f {} +
+ find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} +
+ fi
+
+ find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} +
+
+ if use opencl; then
+ cat <<-EOF > "${T}"/99${PN}
+ SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/renderD128"
+ EOF
+
+ insinto /etc/sandbox.d
+ doins "${T}"/99${PN} #472766
+ fi
+
+ insinto /usr/share/${PN}
+ doins config/*icm
+}
+
+pkg_postinst() {
+ local _show_policy_xml_notice=
+
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+ _show_policy_xml_notice=yes
+ else
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least "6.9.10.10-r1" ${v}; then
+ # This is an upgrade
+ _show_policy_xml_notice=yes
+
+ # Show this elog only once
+ break
+ fi
+ done
+ fi
+
+ if [[ -n "${_show_policy_xml_notice}" ]]; then
+ elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-6"
+ elog "which will prevent the usage of the following coders by default:"
+ elog ""
+ elog " - PS"
+ elog " - EPS"
+ elog " - PDF"
+ elog " - XPS"
+ fi
+}
diff --git a/media-gfx/imagemagick/imagemagick-7.0.8.10-r1.ebuild b/media-gfx/imagemagick/imagemagick-7.0.8.10-r1.ebuild
new file mode 100644
index 000000000000..c4e214944021
--- /dev/null
+++ b/media-gfx/imagemagick/imagemagick-7.0.8.10-r1.ebuild
@@ -0,0 +1,225 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic libtool multilib toolchain-funcs
+
+PATCHES=( "${FILESDIR}"/policy-hardening.patch )
+
+if [[ ${PV} == "9999" ]] ; then
+ EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"
+ inherit git-r3
+ MY_P="imagemagick-9999"
+else
+ inherit eapi7-ver
+ MY_P=ImageMagick-$(ver_rs 3 '-')
+ SRC_URI="mirror://${PN}/${MY_P}.tar.xz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+fi
+
+DESCRIPTION="A collection of tools and libraries for many image formats"
+HOMEPAGE="https://www.imagemagick.org/"
+
+LICENSE="imagemagick"
+SLOT="0/${PV}"
+IUSE="bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib"
+
+RESTRICT="perl? ( userpriv )"
+
+RDEPEND="
+ dev-libs/libltdl:0
+ bzip2? ( app-arch/bzip2 )
+ corefonts? ( media-fonts/corefonts )
+ djvu? ( app-text/djvu )
+ fftw? ( sci-libs/fftw:3.0 )
+ fontconfig? ( media-libs/fontconfig )
+ fpx? ( >=media-libs/libfpx-1.3.0-r1 )
+ graphviz? ( media-gfx/graphviz )
+ jbig? ( >=media-libs/jbigkit-2:= )
+ jpeg? ( virtual/jpeg:0 )
+ jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 )
+ lcms? ( media-libs/lcms:2= )
+ lqr? ( media-libs/liblqr )
+ opencl? ( virtual/opencl )
+ openexr? ( media-libs/openexr:0= )
+ pango? ( x11-libs/pango )
+ perl? ( >=dev-lang/perl-5.8.8:0= )
+ png? ( media-libs/libpng:0= )
+ postscript? ( app-text/ghostscript-gpl )
+ raw? ( media-libs/libraw:= )
+ svg? ( gnome-base/librsvg )
+ tiff? ( media-libs/tiff:0= )
+ truetype? (
+ media-fonts/urw-fonts
+ >=media-libs/freetype-2
+ )
+ webp? ( media-libs/libwebp:0= )
+ wmf? ( media-libs/libwmf )
+ X? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libXext
+ x11-libs/libXt
+ )
+ xml? ( dev-libs/libxml2:= )
+ lzma? ( app-arch/xz-utils )
+ zlib? ( sys-libs/zlib:= )"
+DEPEND="${RDEPEND}
+ !media-gfx/graphicsmagick[imagemagick]
+ virtual/pkgconfig
+ X? ( x11-base/xorg-proto )"
+
+REQUIRED_USE="corefonts? ( truetype )
+ test? ( corefonts )"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+ local ati_cards mesa_cards nvidia_cards render_cards
+ default
+
+ elibtoolize # for Darwin modules
+
+ # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
+ shopt -s nullglob
+ ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
+ if test -n "${ati_cards}"; then
+ addpredict "${ati_cards}"
+ fi
+ mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+ if test -n "${mesa_cards}"; then
+ addpredict "${mesa_cards}"
+ fi
+ nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g')
+ if test -n "${nvidia_cards}"; then
+ addpredict "${nvidia_cards}"
+ fi
+ render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g')
+ if test -n "${render_cards}"; then
+ addpredict "${render_cards}"
+ fi
+ shopt -u nullglob
+ addpredict /dev/nvidiactl
+}
+
+src_configure() {
+ local depth=16
+ use q8 && depth=8
+ use q32 && depth=32
+
+ local openmp=disable
+ use openmp && { tc-has-openmp && openmp=enable; }
+
+ [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket
+
+ local myeconfargs=(
+ $(use_enable static-libs static)
+ $(use_enable hdri)
+ $(use_enable opencl)
+ --with-threads
+ --with-modules
+ --with-quantum-depth=${depth}
+ $(use_with cxx magick-plus-plus)
+ $(use_with perl)
+ --with-perl-options='INSTALLDIRS=vendor'
+ --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
+ $(use_with bzip2 bzlib)
+ $(use_with X x)
+ $(use_with zlib)
+ --without-autotrace
+ $(use_with postscript dps)
+ $(use_with djvu)
+ --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu
+ $(use_with fftw)
+ $(use_with fpx)
+ $(use_with fontconfig)
+ $(use_with truetype freetype)
+ $(use_with postscript gslib)
+ $(use_with graphviz gvc)
+ $(use_with jbig)
+ $(use_with jpeg)
+ $(use_with jpeg2k openjp2)
+ $(use_with lcms)
+ $(use_with lqr)
+ $(use_with lzma)
+ $(use_with openexr)
+ $(use_with pango)
+ $(use_with png)
+ $(use_with raw)
+ $(use_with svg rsvg)
+ $(use_with tiff)
+ $(use_with webp)
+ $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts)
+ $(use_with wmf)
+ $(use_with xml)
+ --${openmp}-openmp
+ --with-gcc-arch=no-automagic
+ )
+ CONFIG_SHELL=$(type -P bash) econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ LD_LIBRARY_PATH="${S}/coders/.libs:${S}/filters/.libs:${S}/Magick++/lib/.libs:${S}/magick/.libs:${S}/wand/.libs" \
+ emake check
+}
+
+src_install() {
+ # Ensure documentation installation files and paths with each release!
+ emake \
+ DESTDIR="${D}" \
+ DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ rm -f "${ED%/}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt}
+ dodoc {AUTHORS,README}.txt ChangeLog
+
+ if use perl; then
+ find "${ED}" -type f -name perllocal.pod -exec rm -f {} +
+ find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} +
+ fi
+
+ find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} +
+
+ if use opencl; then
+ cat <<-EOF > "${T}"/99${PN}
+ SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/renderD128"
+ EOF
+
+ insinto /etc/sandbox.d
+ doins "${T}"/99${PN} #472766
+ fi
+
+ insinto /usr/share/${PN}
+ doins config/*icm
+}
+
+pkg_postinst() {
+ local _show_policy_xml_notice=
+
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+ _show_policy_xml_notice=yes
+ else
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least "7.0.8.10-r1" ${v}; then
+ # This is an upgrade
+ _show_policy_xml_notice=yes
+
+ # Show this elog only once
+ break
+ fi
+ done
+ fi
+
+ if [[ -n "${_show_policy_xml_notice}" ]]; then
+ elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
+ elog "which will prevent the usage of the following coders by default:"
+ elog ""
+ elog " - PS"
+ elog " - EPS"
+ elog " - PDF"
+ elog " - XPS"
+ fi
+}
diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild
index aa36a8a3e7be..c4e214944021 100644
--- a/media-gfx/imagemagick/imagemagick-9999.ebuild
+++ b/media-gfx/imagemagick/imagemagick-9999.ebuild
@@ -1,10 +1,12 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
+EAPI="6"
inherit eutils flag-o-matic libtool multilib toolchain-funcs
+PATCHES=( "${FILESDIR}"/policy-hardening.patch )
+
if [[ ${PV} == "9999" ]] ; then
EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"
inherit git-r3
@@ -191,3 +193,33 @@ src_install() {
insinto /usr/share/${PN}
doins config/*icm
}
+
+pkg_postinst() {
+ local _show_policy_xml_notice=
+
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ # This is a new installation
+ _show_policy_xml_notice=yes
+ else
+ local v
+ for v in ${REPLACING_VERSIONS}; do
+ if ! version_is_at_least "7.0.8.10-r1" ${v}; then
+ # This is an upgrade
+ _show_policy_xml_notice=yes
+
+ # Show this elog only once
+ break
+ fi
+ done
+ fi
+
+ if [[ -n "${_show_policy_xml_notice}" ]]; then
+ elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
+ elog "which will prevent the usage of the following coders by default:"
+ elog ""
+ elog " - PS"
+ elog " - EPS"
+ elog " - PDF"
+ elog " - XPS"
+ fi
+}