summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2020-03-12 00:04:15 +0100
committerThomas Deutschmann <whissi@gentoo.org>2020-03-12 00:04:25 +0100
commita78339232a6abb455f581e378c1e6820cd882994 (patch)
tree399fa1f0d4c9e511a179f5ed02325e894e238b72 /media-gfx
parentmedia-gfx/imagemagick: move stable keywords (bug #712036) (diff)
downloadgentoo-a78339232a6abb455f581e378c1e6820cd882994.tar.gz
gentoo-a78339232a6abb455f581e378c1e6820cd882994.tar.bz2
gentoo-a78339232a6abb455f581e378c1e6820cd882994.zip
media-gfx/imagemagick: security cleanup (bug #712036)
Bug: https://bugs.gentoo.org/712036 Package-Manager: Portage-2.3.93, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'media-gfx')
-rw-r--r--media-gfx/imagemagick/Manifest2
-rw-r--r--media-gfx/imagemagick/imagemagick-6.9.10.96.ebuild250
-rw-r--r--media-gfx/imagemagick/imagemagick-7.0.9.26.ebuild262
3 files changed, 0 insertions, 514 deletions
diff --git a/media-gfx/imagemagick/Manifest b/media-gfx/imagemagick/Manifest
index ffa4b2b00303..95c18f5d5722 100644
--- a/media-gfx/imagemagick/Manifest
+++ b/media-gfx/imagemagick/Manifest
@@ -1,4 +1,2 @@
-DIST ImageMagick-6.9.10-96.tar.xz 9071708 BLAKE2B e122275c2b18527ecd1e1086ccb636c5cea7c895b5540fffc39a98a7f0ac44dfddfc706668dd5a5c0bfd0f3d3037efe4576d200391e4f9dee821b82db3b02f75 SHA512 d1502c287bf0d592e4271d84bdbe9b17c8bd0aeff2bcb374d13b482c3c19deade1b96360a58972872a46c0677ebab8b84af6d0e4036a7a271cf615362e6086b9
DIST ImageMagick-6.9.11-0.tar.xz 9072040 BLAKE2B 8e3df83c5a009e3a03599a20b9bc2d6f1e91add659d8de150a4ebeafb91218bc62aac25c755a6a1010e00c2d14853a0d8a4849e2b55c899587acdf2d28d8b7c5 SHA512 fe6786365dfe8973e4660f4070cb85335f88985ec9e2484fe382d1f5c1f0123476cdf8e976107072b5ed13b05190f906be89e5215e16dc62e5daebe3ede40bf2
DIST ImageMagick-7.0.10-0.tar.xz 9532856 BLAKE2B 510e1ac8010b7e2267950e868ce8d0fcd36e37c936c67b1603f4dfdc247cda8dd4aa59fc0d88f5d2a2c0a9a199331cca834797f315814964b68dfad1ab24f355 SHA512 d997429855fa4bc48da32e00ea5c45467a6bd3265c35c0aff8f150346e467451737f276833d4fa867f0e2e52110f532416af1dafdbc8e81d2d11dd0c4c80f011
-DIST ImageMagick-7.0.9-26.tar.xz 9493028 BLAKE2B 84d3f0bb59238db3e3a0c0f40b4b4b428dc81168468d4d9e7a0f00c74e46102c9c9444891236b105f293080f9601c7ed63ad4592a8ef622554b3aa0c043bf2fb SHA512 0488c6e0e0315bd5390cea952f7acb217e3c651c325f2cd4cb02475c25f7f721a31b20b53bb8b6dce064cedfbfd51711a34627fbb8a8c515636e7627ceda67ed
diff --git a/media-gfx/imagemagick/imagemagick-6.9.10.96.ebuild b/media-gfx/imagemagick/imagemagick-6.9.10.96.ebuild
deleted file mode 100644
index ce112a772a73..000000000000
--- a/media-gfx/imagemagick/imagemagick-6.9.10.96.ebuild
+++ /dev/null
@@ -1,250 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit eapi7-ver eutils flag-o-matic libtool perl-functions toolchain-funcs multilib
-
-MY_PV="$(ver_rs 3 '-')"
-MY_P="ImageMagick-${MY_PV}"
-
-DESCRIPTION="A collection of tools and libraries for many image formats"
-HOMEPAGE="https://www.imagemagick.org/"
-SRC_URI="mirror://imagemagick/${MY_P}.tar.xz"
-
-LICENSE="imagemagick"
-SLOT="0/${PV}"
-KEYWORDS="~alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib"
-
-REQUIRED_USE="corefonts? ( truetype )
- test? ( corefonts )"
-
-RESTRICT="perl? ( userpriv )
- !test? ( test )"
-
-RDEPEND="
- dev-libs/libltdl:0
- bzip2? ( app-arch/bzip2 )
- corefonts? ( media-fonts/corefonts )
- djvu? ( app-text/djvu )
- fftw? ( sci-libs/fftw:3.0 )
- fontconfig? ( media-libs/fontconfig )
- fpx? ( >=media-libs/libfpx-1.3.0-r1 )
- graphviz? ( media-gfx/graphviz )
- heif? ( media-libs/libheif:= )
- jbig? ( >=media-libs/jbigkit-2:= )
- jpeg? ( virtual/jpeg:0 )
- jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 )
- lcms? ( media-libs/lcms:2= )
- lqr? ( media-libs/liblqr )
- opencl? ( virtual/opencl )
- openexr? ( media-libs/openexr:0= )
- pango? ( x11-libs/pango )
- perl? ( >=dev-lang/perl-5.8.8:0= )
- png? ( media-libs/libpng:0= )
- postscript? ( app-text/ghostscript-gpl )
- raw? ( media-libs/libraw:= )
- svg? ( gnome-base/librsvg )
- tiff? ( media-libs/tiff:0= )
- truetype? (
- media-fonts/urw-fonts
- >=media-libs/freetype-2
- )
- webp? ( media-libs/libwebp:0= )
- wmf? ( media-libs/libwmf )
- X? (
- x11-libs/libICE
- x11-libs/libSM
- x11-libs/libXext
- x11-libs/libXt
- )
- xml? ( dev-libs/libxml2:= )
- lzma? ( app-arch/xz-utils )
- zlib? ( sys-libs/zlib:= )"
-DEPEND="${RDEPEND}
- !media-gfx/graphicsmagick[imagemagick]
- virtual/pkgconfig
- X? ( x11-base/xorg-proto )"
-
-S="${WORKDIR}/${MY_P}"
-#S="${WORKDIR}/ImageMagick6-${MY_PV}"
-
-src_prepare() {
- default
-
- # Apply hardening #664236
- cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
- sed -i -e '/^<policymap>$/ {
- r policy-hardening.snippet
- d
- }' \
- config/policy.xml || \
- die "Failed to apply hardening of policy.xml"
- einfo "policy.xml hardened"
-
- elibtoolize # for Darwin modules
-
- # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
- local mesa_cards ati_cards nvidia_cards render_cards
- shopt -s nullglob
- ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
- if test -n "${ati_cards}"; then
- addpredict "${ati_cards}"
- fi
- mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
- if test -n "${mesa_cards}"; then
- addpredict "${mesa_cards}"
- fi
- nvidia_cards=$(echo -n /dev/nvidia** | sed 's/ /:/g')
- if test -n "${nvidia_cards}"; then
- addpredict "${nvidia_cards}"
- fi
- render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g')
- if test -n "${render_cards}"; then
- addpredict "${render_cards}"
- fi
- shopt -u nullglob
- addpredict /dev/nvidiactl
-}
-
-src_configure() {
- local depth=16
- use q8 && depth=8
- use q32 && depth=32
-
- local openmp=disable
- use openmp && { tc-has-openmp && openmp=enable; }
-
- use perl && perl_check_env
-
- [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket
-
- local myeconfargs=(
- $(use_enable static-libs static)
- $(use_enable hdri)
- $(use_enable opencl)
- --with-threads
- --with-modules
- --with-quantum-depth=${depth}
- $(use_with cxx magick-plus-plus)
- $(use_with perl)
- --with-perl-options='INSTALLDIRS=vendor'
- --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
- $(use_with bzip2 bzlib)
- $(use_with X x)
- $(use_with zlib)
- --without-autotrace
- $(use_with postscript dps)
- $(use_with djvu)
- --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu
- $(use_with fftw)
- $(use_with fpx)
- $(use_with fontconfig)
- $(use_with truetype freetype)
- $(use_with postscript gslib)
- $(use_with graphviz gvc)
- $(use_with heif heic)
- $(use_with jbig)
- $(use_with jpeg)
- $(use_with jpeg2k openjp2)
- $(use_with lcms)
- $(use_with lqr)
- $(use_with lzma)
- $(use_with openexr)
- $(use_with pango)
- $(use_with png)
- $(use_with raw)
- $(use_with svg rsvg)
- $(use_with tiff)
- $(use_with webp)
- $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts)
- $(use_with wmf)
- $(use_with xml)
- --${openmp}-openmp
- --with-gcc-arch=no-automagic
- )
- CONFIG_SHELL=$(type -P bash) econf "${myeconfargs[@]}"
-}
-
-src_test() {
- # Install default (unrestricted) policy in $HOME for test suite #664238
- local _im_local_config_home="${HOME}/.config/ImageMagick"
- mkdir -p "${_im_local_config_home}" || \
- die "Failed to create IM config dir in '${_im_local_config_home}'"
- cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \
- die "Failed to install default blank policy.xml in '${_im_local_config_home}'"
-
- local im_command= IM_COMMANDS=()
- IM_COMMANDS+=( "identify -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built
- IM_COMMANDS+=( "identify -list policy" ) # Verify that policy.xml is used
- IM_COMMANDS+=( "emake check" ) # Run tests
-
- for im_command in "${IM_COMMANDS[@]}"; do
- eval "${S}"/magick.sh \
- ${im_command} || \
- die "Failed to run \"${im_command}\""
- done
-}
-
-src_install() {
- # Ensure documentation installation files and paths with each release!
- emake \
- DESTDIR="${D}" \
- DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \
- install
-
- rm -f "${ED%/}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt}
- dodoc {AUTHORS,README}.txt ChangeLog
-
- if use perl; then
- find "${ED}" -type f -name perllocal.pod -exec rm -f {} +
- find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} +
- fi
-
- find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} +
-
- if use opencl; then
- cat <<-EOF > "${T}"/99${PN}
- SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/renderD128"
- EOF
-
- insinto /etc/sandbox.d
- doins "${T}"/99${PN} #472766
- fi
-
- insinto /usr/share/${PN}
- doins config/*icm
-}
-
-pkg_postinst() {
- local _show_policy_xml_notice=
-
- if [[ -z "${REPLACING_VERSIONS}" ]]; then
- # This is a new installation
- _show_policy_xml_notice=yes
- else
- local v
- for v in ${REPLACING_VERSIONS}; do
- if ! ver_test "${v}" -gt "6.9.10.10-r2"; then
- # This is an upgrade
- _show_policy_xml_notice=yes
-
- # Show this elog only once
- break
- fi
- done
- fi
-
- if [[ -n "${_show_policy_xml_notice}" ]]; then
- elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-6"
- elog "which will prevent the usage of the following coders by default:"
- elog ""
- elog " - PS"
- elog " - PS2"
- elog " - PS3"
- elog " - EPS"
- elog " - PDF"
- elog " - XPS"
- fi
-}
diff --git a/media-gfx/imagemagick/imagemagick-7.0.9.26.ebuild b/media-gfx/imagemagick/imagemagick-7.0.9.26.ebuild
deleted file mode 100644
index 447fb88f37fb..000000000000
--- a/media-gfx/imagemagick/imagemagick-7.0.9.26.ebuild
+++ /dev/null
@@ -1,262 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit flag-o-matic libtool perl-functions toolchain-funcs multilib
-
-if [[ ${PV} == "9999" ]] ; then
- EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"
- inherit git-r3
- MY_P="imagemagick-9999"
-else
- MY_PV="$(ver_rs 3 '-')"
- MY_P="ImageMagick-${MY_PV}"
- SRC_URI="mirror://imagemagick/${MY_P}.tar.xz"
- KEYWORDS="~alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-fi
-
-DESCRIPTION="A collection of tools and libraries for many image formats"
-HOMEPAGE="https://www.imagemagick.org/"
-
-LICENSE="imagemagick"
-SLOT="0/7.0.9"
-IUSE="bzip2 corefonts cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib"
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="corefonts? ( truetype )
- test? ( corefonts )"
-
-RESTRICT="!test? ( test )"
-
-BDEPEND="virtual/pkgconfig"
-
-RDEPEND="
- dev-libs/libltdl:0
- bzip2? ( app-arch/bzip2 )
- corefonts? ( media-fonts/corefonts )
- djvu? ( app-text/djvu )
- fftw? ( sci-libs/fftw:3.0 )
- fontconfig? ( media-libs/fontconfig )
- fpx? ( >=media-libs/libfpx-1.3.0-r1 )
- graphviz? ( media-gfx/graphviz )
- heif? ( media-libs/libheif:= )
- jbig? ( >=media-libs/jbigkit-2:= )
- jpeg? ( virtual/jpeg:0 )
- jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 )
- lcms? ( media-libs/lcms:2= )
- lqr? ( media-libs/liblqr )
- opencl? ( virtual/opencl )
- openexr? ( media-libs/openexr:0= )
- pango? ( x11-libs/pango )
- perl? ( >=dev-lang/perl-5.8.8:0= )
- png? ( media-libs/libpng:0= )
- postscript? ( app-text/ghostscript-gpl )
- raw? ( media-libs/libraw:= )
- svg? ( gnome-base/librsvg )
- tiff? ( media-libs/tiff:0= )
- truetype? (
- media-fonts/urw-fonts
- >=media-libs/freetype-2
- )
- webp? ( media-libs/libwebp:0= )
- wmf? ( media-libs/libwmf )
- X? (
- x11-libs/libICE
- x11-libs/libSM
- x11-libs/libXext
- x11-libs/libXt
- )
- xml? ( dev-libs/libxml2:= )
- lzma? ( app-arch/xz-utils )
- zlib? ( sys-libs/zlib:= )"
-
-DEPEND="${RDEPEND}
- !media-gfx/graphicsmagick[imagemagick]
- X? ( x11-base/xorg-proto )"
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
- default
-
- # Apply hardening #664236
- cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
- sed -i -e '/^<policymap>$/ {
- r policy-hardening.snippet
- d
- }' \
- config/policy.xml || \
- die "Failed to apply hardening of policy.xml"
- einfo "policy.xml hardened"
-
- elibtoolize # for Darwin modules
-
- # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
- local ati_cards mesa_cards nvidia_cards render_cards
- shopt -s nullglob
- ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
- if test -n "${ati_cards}"; then
- addpredict "${ati_cards}"
- fi
- mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
- if test -n "${mesa_cards}"; then
- addpredict "${mesa_cards}"
- fi
- nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g')
- if test -n "${nvidia_cards}"; then
- addpredict "${nvidia_cards}"
- fi
- render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g')
- if test -n "${render_cards}"; then
- addpredict "${render_cards}"
- fi
- shopt -u nullglob
- addpredict /dev/nvidiactl
-}
-
-src_configure() {
- local depth=16
- use q8 && depth=8
- use q32 && depth=32
-
- local openmp=disable
- use openmp && { tc-has-openmp && openmp=enable; }
-
- use perl && perl_check_env
-
- [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket
-
- local myeconfargs=(
- $(use_enable static-libs static)
- $(use_enable hdri)
- $(use_enable opencl)
- --with-threads
- --with-modules
- --with-quantum-depth=${depth}
- $(use_with cxx magick-plus-plus)
- $(use_with perl)
- --with-perl-options='INSTALLDIRS=vendor'
- --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
- $(use_with bzip2 bzlib)
- $(use_with X x)
- $(use_with zlib)
- --without-autotrace
- $(use_with postscript dps)
- $(use_with djvu)
- --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu
- $(use_with fftw)
- $(use_with fpx)
- $(use_with fontconfig)
- $(use_with truetype freetype)
- $(use_with postscript gslib)
- $(use_with graphviz gvc)
- $(use_with heif heic)
- $(use_with jbig)
- $(use_with jpeg)
- $(use_with jpeg2k openjp2)
- --without-jxl
- $(use_with lcms)
- $(use_with lqr)
- $(use_with lzma)
- $(use_with openexr)
- $(use_with pango)
- $(use_with png)
- $(use_with raw)
- $(use_with svg rsvg)
- $(use_with tiff)
- $(use_with webp)
- $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts)
- $(use_with wmf)
- $(use_with xml)
- --${openmp}-openmp
- --with-gcc-arch=no-automagic
- )
- CONFIG_SHELL=$(type -P bash) econf "${myeconfargs[@]}"
-}
-
-src_test() {
- # Install default (unrestricted) policy in $HOME for test suite #664238
- local _im_local_config_home="${HOME}/.config/ImageMagick"
- mkdir -p "${_im_local_config_home}" || \
- die "Failed to create IM config dir in '${_im_local_config_home}'"
- cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \
- die "Failed to install default blank policy.xml in '${_im_local_config_home}'"
-
- local im_command= IM_COMMANDS=()
- if [[ ${PV} == "9999" ]] ; then
- IM_COMMANDS+=( "magick -version" ) # Show version we are using -- cannot verify because of live ebuild
- else
- IM_COMMANDS+=( "magick -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built
- fi
- IM_COMMANDS+=( "magick -list policy" ) # Verify that policy.xml is used
- IM_COMMANDS+=( "emake check" ) # Run tests
-
- for im_command in "${IM_COMMANDS[@]}"; do
- eval "${S}"/magick.sh \
- ${im_command} || \
- die "Failed to run \"${im_command}\""
- done
-}
-
-src_install() {
- # Ensure documentation installation files and paths with each release!
- emake \
- DESTDIR="${D}" \
- DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \
- install
-
- rm -f "${ED}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt}
- dodoc {AUTHORS,README}.txt ChangeLog
-
- if use perl; then
- find "${ED}" -type f -name perllocal.pod -exec rm -f {} +
- find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} +
- fi
-
- find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} +
-
- if use opencl; then
- cat <<-EOF > "${T}"/99${PN}
- SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/renderD128"
- EOF
-
- insinto /etc/sandbox.d
- doins "${T}"/99${PN} #472766
- fi
-
- insinto /usr/share/${PN}
- doins config/*icm
-}
-
-pkg_postinst() {
- local _show_policy_xml_notice=
-
- if [[ -z "${REPLACING_VERSIONS}" ]]; then
- # This is a new installation
- _show_policy_xml_notice=yes
- else
- local v
- for v in ${REPLACING_VERSIONS}; do
- if ! ver_test "${v}" -gt "7.0.8.10-r2"; then
- # This is an upgrade
- _show_policy_xml_notice=yes
-
- # Show this elog only once
- break
- fi
- done
- fi
-
- if [[ -n "${_show_policy_xml_notice}" ]]; then
- elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
- elog "which will prevent the usage of the following coders by default:"
- elog ""
- elog " - PS"
- elog " - PS2"
- elog " - PS3"
- elog " - EPS"
- elog " - PDF"
- elog " - XPS"
- fi
-}