Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: media-gfx/imagemagick/
Date: Fri, 24 Apr 2020 09:51:56
Message-Id: 1587721790.c03d5059039c5b0f43c019edfb541ae396162e6f.whissi@gentoo
1 commit: c03d5059039c5b0f43c019edfb541ae396162e6f
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Fri Apr 24 09:48:20 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Fri Apr 24 09:49:50 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c03d5059
7
8 media-gfx/imagemagick: restore hardening
9
10 Bug: https://bugs.gentoo.org/716674
11 Package-Manager: Portage-2.3.99, Repoman-2.3.22
12 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14 ....10.7.ebuild => imagemagick-7.0.10.7-r1.ebuild} | 42 ++++++++++++++++++++++
15 1 file changed, 42 insertions(+)
16
17 diff --git a/media-gfx/imagemagick/imagemagick-7.0.10.7.ebuild b/media-gfx/imagemagick/imagemagick-7.0.10.7-r1.ebuild
18 similarity index 86%
19 rename from media-gfx/imagemagick/imagemagick-7.0.10.7.ebuild
20 rename to media-gfx/imagemagick/imagemagick-7.0.10.7-r1.ebuild
21 index 8f24371e266..4d2561accf7 100644
22 --- a/media-gfx/imagemagick/imagemagick-7.0.10.7.ebuild
23 +++ b/media-gfx/imagemagick/imagemagick-7.0.10.7-r1.ebuild
24 @@ -83,6 +83,16 @@ S="${WORKDIR}/${MY_P}"
25 src_prepare() {
26 default
27
28 + # Apply hardening #664236
29 + cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
30 + sed -i -e '/^<policymap>$/ {
31 + r policy-hardening.snippet
32 + d
33 + }' \
34 + config/policy.xml || \
35 + die "Failed to apply hardening of policy.xml"
36 + einfo "policy.xml hardened"
37 +
38 elibtoolize # for Darwin modules
39
40 # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
41 @@ -223,3 +233,35 @@ src_install() {
42 insinto /usr/share/${PN}
43 doins config/*icm
44 }
45 +
46 +pkg_postinst() {
47 + local _show_policy_xml_notice=
48 +
49 + if [[ -z "${REPLACING_VERSIONS}" ]]; then
50 + # This is a new installation
51 + _show_policy_xml_notice=yes
52 + else
53 + local v
54 + for v in ${REPLACING_VERSIONS}; do
55 + if ! ver_test "${v}" -gt "7.0.8.10-r2"; then
56 + # This is an upgrade
57 + _show_policy_xml_notice=yes
58 +
59 + # Show this elog only once
60 + break
61 + fi
62 + done
63 + fi
64 +
65 + if [[ -n "${_show_policy_xml_notice}" ]]; then
66 + elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
67 + elog "which will prevent the usage of the following coders by default:"
68 + elog ""
69 + elog " - PS"
70 + elog " - PS2"
71 + elog " - PS3"
72 + elog " - EPS"
73 + elog " - PDF"
74 + elog " - XPS"
75 + fi
76 +}
Report Message
Find on MARC Find on Google Groups