Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/imagemagick/
Date: Fri, 24 Apr 2020 09:51:55
Message-Id: 1587721791.3a7675dea3b1f6267beda622d1b0d6b3e5a3f145.whissi@gentoo
1 commit: 3a7675dea3b1f6267beda622d1b0d6b3e5a3f145
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Fri Apr 24 09:49:15 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Fri Apr 24 09:49:51 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a7675de
7
8 Revert "media-gfx/imagemagick: Hardening is not needed for a long time"
9
10 This reverts commit a16dd0232d57a8b29eabb27a2afb0ae8c20a02fe.
11
12 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14 media-gfx/imagemagick/imagemagick-9999.ebuild | 42 +++++++++++++++++++++++++++
15 1 file changed, 42 insertions(+)
16
17 diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild
18 index 8f24371e266..4d2561accf7 100644
19 --- a/media-gfx/imagemagick/imagemagick-9999.ebuild
20 +++ b/media-gfx/imagemagick/imagemagick-9999.ebuild
21 @@ -83,6 +83,16 @@ S="${WORKDIR}/${MY_P}"
22 src_prepare() {
23 default
24
25 + # Apply hardening #664236
26 + cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
27 + sed -i -e '/^<policymap>$/ {
28 + r policy-hardening.snippet
29 + d
30 + }' \
31 + config/policy.xml || \
32 + die "Failed to apply hardening of policy.xml"
33 + einfo "policy.xml hardened"
34 +
35 elibtoolize # for Darwin modules
36
37 # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
38 @@ -223,3 +233,35 @@ src_install() {
39 insinto /usr/share/${PN}
40 doins config/*icm
41 }
42 +
43 +pkg_postinst() {
44 + local _show_policy_xml_notice=
45 +
46 + if [[ -z "${REPLACING_VERSIONS}" ]]; then
47 + # This is a new installation
48 + _show_policy_xml_notice=yes
49 + else
50 + local v
51 + for v in ${REPLACING_VERSIONS}; do
52 + if ! ver_test "${v}" -gt "7.0.8.10-r2"; then
53 + # This is an upgrade
54 + _show_policy_xml_notice=yes
55 +
56 + # Show this elog only once
57 + break
58 + fi
59 + done
60 + fi
61 +
62 + if [[ -n "${_show_policy_xml_notice}" ]]; then
63 + elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
64 + elog "which will prevent the usage of the following coders by default:"
65 + elog ""
66 + elog " - PS"
67 + elog " - PS2"
68 + elog " - PS3"
69 + elog " - EPS"
70 + elog " - PDF"
71 + elog " - XPS"
72 + fi
73 +}
Report Message
Find on MARC Find on Google Groups