pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2018Q2] pkgsrc/graphics/ImageMagick6

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sat Aug 25 19:26:01 UTC 2018

Modified Files:
        pkgsrc/graphics/ImageMagick6 [pkgsrc-2018Q2]: Makefile distinfo
Added Files:
        pkgsrc/graphics/ImageMagick6/patches [pkgsrc-2018Q2]:
            patch-config_policy.xml

Log Message:
Pullup ticket #5819 - requested by leot
graphics/ImageMagick6: security fix

Revisions pulled up:
- graphics/ImageMagick6/Makefile                                1.18-1.19
- graphics/ImageMagick6/distinfo                                1.10-1.11
- graphics/ImageMagick6/patches/patch-config_policy.xml         1.1-1.2

---
   Module Name: pkgsrc
   Committed By:        leot
   Date:                Wed Aug 22 13:38:00 UTC 2018

   Modified Files:
        pkgsrc/graphics/ImageMagick6: Makefile distinfo
   Added Files:
        pkgsrc/graphics/ImageMagick6/patches: patch-config_policy.xml

   Log Message:
   ImageMagick6: Disable ghostscript coders by default in policy.xml

   Disable ghostscript coders in policy.xml as a workaround for
   VU#332928 (<https://www.kb.cert.org/vuls/id/332928>).

   Please note that apart commenting/removing lines added in policy.xml,
   the ghostscript coders can be enabled per-user by copying policy.xml
   to ~/.config/ImageMagick/policy.xml and adjusting it with the
   following lines:

     | [...]
     | <policy domain=3D"coder" rights=3D"read|write" pattern=3D"PS" />
     | <policy domain=3D"coder" rights=3D"read|write" pattern=3D"EPS" />
     | <policy domain=3D"coder" rights=3D"read|write" pattern=3D"PDF" />
     | <policy domain=3D"coder" rights=3D"read|write" pattern=3D"XPS" />
     | [...]

   Bump PKGREVISION

---
   Module Name: pkgsrc
   Committed By:        leot
   Date:                Thu Aug 23 14:54:21 UTC 2018

   Modified Files:
        pkgsrc/graphics/ImageMagick6: Makefile distinfo
        pkgsrc/graphics/ImageMagick6/patches: patch-config_policy.xml

   Log Message:
   ImageMagick6: Also block PS2 and PS3 coders in policy.xml

   At least when reading PS2 and PS3 files via
   `convert PS2:<input> <output>' and `convert PS3:<input> <output>'
   gslib/ghostscript will be invoked and hence subject to VU#332928.

   Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from
   VU#332928 update).


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.16.2.1 pkgsrc/graphics/ImageMagick6/Makefile
cvs rdiff -u -r1.9 -r1.9.4.1 pkgsrc/graphics/ImageMagick6/distinfo
cvs rdiff -u -r0 -r1.2.2.2 \
    pkgsrc/graphics/ImageMagick6/patches/patch-config_policy.xml

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/graphics/ImageMagick6/Makefile
diff -u pkgsrc/graphics/ImageMagick6/Makefile:1.16 pkgsrc/graphics/ImageMagick6/Makefile:1.16.2.1
--- pkgsrc/graphics/ImageMagick6/Makefile:1.16  Tue Apr 17 22:29:32 2018
+++ pkgsrc/graphics/ImageMagick6/Makefile       Sat Aug 25 19:26:01 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.16 2018/04/17 22:29:32 wiz Exp $
+# $NetBSD: Makefile,v 1.16.2.1 2018/08/25 19:26:01 bsiegert Exp $
 
-PKGREVISION= 2
+PKGREVISION=   5
 .include "Makefile.common"
 
 PKGNAME=       ImageMagick6-${DISTVERSION}

Index: pkgsrc/graphics/ImageMagick6/distinfo
diff -u pkgsrc/graphics/ImageMagick6/distinfo:1.9 pkgsrc/graphics/ImageMagick6/distinfo:1.9.4.1
--- pkgsrc/graphics/ImageMagick6/distinfo:1.9   Mon Mar 12 15:47:00 2018
+++ pkgsrc/graphics/ImageMagick6/distinfo       Sat Aug 25 19:26:01 2018
@@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.9 2018/03/12 15:47:00 fhajny Exp $
+$NetBSD: distinfo,v 1.9.4.1 2018/08/25 19:26:01 bsiegert Exp $
 
 SHA1 (ImageMagick-6.9.9-38.tar.xz) = 2dc6b3c415b342efb7ab64d18bb801c7f1881212
 RMD160 (ImageMagick-6.9.9-38.tar.xz) = 50008946057cde9fc7a6d0149414e870a2a351b0
 SHA512 (ImageMagick-6.9.9-38.tar.xz) = 78ecb605d2ea529603bab723c284be9c03a7d370814bbe708c2c34e0b91f75c1a0c193a5a2ea8f3583019d3610ac08d0d28671d8fdb2df2478865d9ab7417b91
 Size (ImageMagick-6.9.9-38.tar.xz) = 8913864 bytes
 SHA1 (patch-Makefile.in) = bb747b5e062f2a59e307289b5b33861dd5f96ab0
+SHA1 (patch-config_policy.xml) = 2c446a00fc00f85ab33eae0691d4d8989a46289f

Added files:

Index: pkgsrc/graphics/ImageMagick6/patches/patch-config_policy.xml
diff -u /dev/null pkgsrc/graphics/ImageMagick6/patches/patch-config_policy.xml:1.2.2.2
--- /dev/null   Sat Aug 25 19:26:01 2018
+++ pkgsrc/graphics/ImageMagick6/patches/patch-config_policy.xml        Sat Aug 25 19:26:01 2018
@@ -0,0 +1,24 @@
+$NetBSD: patch-config_policy.xml,v 1.2.2.2 2018/08/25 19:26:01 bsiegert Exp $
+
+Disable ghostscript coders by default to workaround VU#332928:
+<https://www.kb.cert.org/vuls/id/332928>
+
+--- config/policy.xml.orig     2018-08-13 11:05:28.000000000 +0000
++++ config/policy.xml
+@@ -74,4 +74,16 @@
+   <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
+   <!-- <policy domain="cache" name="synchronize" value="True"/> -->
+   <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
++
++  <!-- 
++    -- Disable ghostscript coders as suggested by VU#332928
++    --  <https://www.kb.cert.org/vuls/id/332928>
++    -->
++  <policy domain="coder" rights="none" pattern="PS" />
++  <policy domain="coder" rights="none" pattern="PS2" />
++  <policy domain="coder" rights="none" pattern="PS3" />
++  <policy domain="coder" rights="none" pattern="EPS" />
++  <policy domain="coder" rights="none" pattern="PDF" />
++  <policy domain="coder" rights="none" pattern="XPS" />
++
+ </policymap>
Home | Main Index | Thread Index | Old Index