diff options
author | Daniel Bermond | 2019-10-03 13:26:44 +0000 |
---|---|---|
committer | Daniel Bermond | 2019-10-03 13:26:44 +0000 |
commit | 6a063d350fe28a2cf24a27cbea0c70ff56459797 (patch) | |
tree | e72b8f3cf26cdcfba8197feb90aee2ff8daa7b8e | |
parent | fe45606c9bee900967ec467c8ed8fbc493b2074e (diff) | |
download | aur-6a063d350fe28a2cf24a27cbea0c70ff56459797.tar.gz |
Updated to version 7.0.8.67. Add tcmalloc. gs security issues.
-rw-r--r-- | .SRCINFO | 22 | ||||
-rw-r--r-- | PKGBUILD | 58 | ||||
-rw-r--r-- | imagemagick-full-disable-avaraging-tests.patch | 26 | ||||
-rw-r--r-- | imagemagick-full-security-fix.patch | 20 |
4 files changed, 34 insertions, 92 deletions
@@ -1,6 +1,6 @@ pkgbase = imagemagick-full - pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features) - pkgver = 7.0.8.61 + pkgdesc = An image viewing/manipulation program (Q32 HDRI with all features) + pkgver = 7.0.8.67 pkgrel = 1 url = https://www.imagemagick.org/ arch = x86_64 @@ -28,6 +28,7 @@ pkgbase = imagemagick-full makedepends = libltdl makedepends = jemalloc makedepends = djvulibre + makedepends = gperftools makedepends = libraw makedepends = graphviz makedepends = openexr @@ -54,14 +55,10 @@ pkgbase = imagemagick-full makedepends = flif makedepends = libfpx makedepends = libumem-git - source = git+https://github.com/ImageMagick/ImageMagick.git#commit=fe13879b6e00afd2e9a7f2c8a1e33d9c39c8ee9d - source = imagemagick-full-security-fix.patch + source = git+https://github.com/ImageMagick/ImageMagick.git#commit=dfdb6a98316f870cc56318e6222ae738f6fd7b04 source = arch-fonts.diff - source = imagemagick-full-disable-avaraging-tests.patch sha256sums = SKIP - sha256sums = e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e sha256sums = a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73 - sha256sums = 2ff7366526a705b195074438266064fb1d347552707bf7bbca739d5eb0c65db9 pkgname = imagemagick-full depends = lcms2 @@ -77,6 +74,7 @@ pkgname = imagemagick-full depends = zlib depends = libltdl depends = jemalloc + depends = gperftools depends = djvulibre depends = libraw depends = graphviz @@ -105,9 +103,9 @@ pkgname = imagemagick-full depends = libfpx depends = libumem-git optdepends = imagemagick-full-doc: manual and API docs - provides = imagemagick=7.0.8.61 - provides = libmagick=7.0.8.61 - provides = libmagick-full=7.0.8.61 + provides = imagemagick=7.0.8.67 + provides = libmagick=7.0.8.67 + provides = libmagick-full=7.0.8.67 conflicts = imagemagick conflicts = libmagick replaces = libmagick-full @@ -125,8 +123,8 @@ pkgname = imagemagick-full backup = etc//type-ghostscript.xml pkgname = imagemagick-full-doc - pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features) (manual and API docs) + pkgdesc = An image viewing/manipulation program (Q32 HDRI with all features) (manual and API docs) arch = any - provides = imagemagick-doc=7.0.8.61 + provides = imagemagick-doc=7.0.8.67 conflicts = imagemagick-doc @@ -5,21 +5,25 @@ # For more information about DPS being obsolete please visit: # http://www.x.org/releases/X11R7.7/doc/xorg-docs/graphics/dps.html -# NOTE (2): +# NOTE (2): linking to ghostscript libs (gslib) is disabled due to +# security issues. ImageMagick will call 'gs' executable directly +# instead. See: https://bugs.archlinux.org/task/62171 + +# NOTE (3): # change font directories in build() to match yours: # - deJaVu and GhostScript font directories are the default ones # - Windows font directory is set according to a Wiki example -_commit='fe13879b6e00afd2e9a7f2c8a1e33d9c39c8ee9d' +_commit='dfdb6a98316f870cc56318e6222ae738f6fd7b04' _qdepth='32' pkgbase=imagemagick-full pkgname=('imagemagick-full' 'imagemagick-full-doc') _srcname=ImageMagick -pkgver=7.0.8.61 +pkgver=7.0.8.67 pkgrel=1 arch=('x86_64') -pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all libs and features)" +pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all features)" url='https://www.imagemagick.org/' license=('custom') makedepends=( @@ -27,42 +31,26 @@ makedepends=( 'git' 'perl' 'jbigkit' 'opencl-headers' 'glu' 'ghostpcl' 'ghostxps' 'zstd' 'chrpath' 'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext' - 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz' - 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo' - 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd' - 'gsfonts' 'ttf-dejavu' 'perl' + 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'gperftools' 'libraw' + 'graphviz' 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' + 'cairo' 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' + 'ocl-icd' 'gsfonts' 'ttf-dejavu' 'perl' # AUR: 'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git' ) source=("git+https://github.com/ImageMagick/ImageMagick.git#commit=${_commit}" - 'imagemagick-full-security-fix.patch' - 'arch-fonts.diff' - 'imagemagick-full-disable-avaraging-tests.patch') + 'arch-fonts.diff') sha256sums=('SKIP' - 'e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e' - 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73' - '2ff7366526a705b195074438266064fb1d347552707bf7bbca739d5eb0c65db9') + 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73') prepare() { cd "$_srcname" mkdir -p docpkg/usr/share - # 1) workaround for ghostscript security issues: - # https://bugs.archlinux.org/task/59778 - # 2) security fix: - # https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 - # https://imagetragick.com/ - patch -Np1 -i "${srcdir}/imagemagick-full-security-fix.patch" - # fix up typemaps to match Arch Linux packages, where possible patch -Np1 -i "${srcdir}/arch-fonts.diff" - # disable a test that is failing - ## https://github.com/ImageMagick/ImageMagick/issues/1570 - ## https://github.com/ImageMagick/ImageMagick/issues/1576 - patch -Np1 -i "${srcdir}/imagemagick-full-disable-avaraging-tests.patch" - # fix for 'sh: gitversion.sh: command not found' during autoreconf sed -i 's|(gitversion|(./gitversion|' configure.ac @@ -90,6 +78,7 @@ build() { --with-perl \ --with-perl-options='INSTALLDIRS=vendor' \ --with-jemalloc \ + --with-tcmalloc \ --with-umem \ --with-bzlib \ --with-x \ @@ -104,7 +93,7 @@ build() { --with-fontconfig \ --with-freetype \ --with-raqm \ - --with-gslib \ + --without-gslib \ --with-gvc \ --with-heic \ --with-jbig \ @@ -139,10 +128,8 @@ build() { check() ( cd "$_srcname" - ulimit -n 4096 - sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch - + sed -e '/validate-formats/d' -i Makefile make check ) @@ -152,10 +139,10 @@ package_imagemagick-full() { depends=( # official repositories: 'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext' - 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz' - 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo' - 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd' - 'gsfonts' 'ttf-dejavu' 'perl' + 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'gperftools' 'djvulibre' 'libraw' + 'graphviz' 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' + 'cairo' 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' + 'ocl-icd' 'gsfonts' 'ttf-dejavu' 'perl' # AUR: 'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git' ) @@ -178,6 +165,9 @@ package_imagemagick-full() { # split docs mv "${pkgdir}/usr/share/doc" docpkg/usr/share/ + # harden security policy: https://bugs.archlinux.org/task/62785 + sed -e '/<\/policymap>/i \ \ <policy domain="delegate" rights="none" pattern="gs" \/>' -i "${pkgdir}/etc/ImageMagick-7/policy.xml" + install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" } diff --git a/imagemagick-full-disable-avaraging-tests.patch b/imagemagick-full-disable-avaraging-tests.patch deleted file mode 100644 index 8e715f81e648..000000000000 --- a/imagemagick-full-disable-avaraging-tests.patch +++ /dev/null @@ -1,26 +0,0 @@ -The avaraging tests seems to be flaky due to rounding errors. Test fails on -x86 and s390x - -https://github.com/ImageMagick/ImageMagick/issues/1576#issuecomment-494595404 - -diff --git a/Magick++/tests/tests.tap b/Magick++/tests/tests.tap -index b5c15ff..bb83980 100755 ---- a/Magick++/tests/tests.tap -+++ b/Magick++/tests/tests.tap -@@ -8,14 +8,14 @@ - # - subdir=Magick++/tests - . ./common.shi --echo "1..13" -+echo "1..12" - - SRCDIR=${top_srcdir}/${subdir}/ - export SRCDIR - - cd ${subdir} || exit 1 - --for mytest in appendImages attributes averageImages coalesceImages coderInfo color colorHistogram exceptions geometry montageImages morphImages readWriteBlob readWriteImages -+for mytest in appendImages attributes coalesceImages coderInfo color colorHistogram exceptions geometry montageImages morphImages readWriteBlob readWriteImages - do - ./${mytest} && echo "ok" || echo "not ok" - done diff --git a/imagemagick-full-security-fix.patch b/imagemagick-full-security-fix.patch deleted file mode 100644 index 4f2d347fd424..000000000000 --- a/imagemagick-full-security-fix.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -Naurp a/config/policy.xml b/config/policy.xml ---- a/config/policy.xml 2018-10-24 23:55:43.000000000 +0000 -+++ b/config/policy.xml 2018-11-23 12:50:49.475631653 +0000 -@@ -69,6 +69,16 @@ - <!-- <policy domain="resource" name="throttle" value="0"/> --> - <!-- <policy domain="resource" name="time" value="3600"/> --> - <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> -+ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> -+ <policy domain="coder" rights="none" pattern="URL" /> -+ <policy domain="coder" rights="none" pattern="HTTPS" /> -+ <policy domain="coder" rights="none" pattern="MVG" /> -+ <policy domain="coder" rights="none" pattern="MSL" /> -+ <policy domain="coder" rights="none" pattern="TEXT" /> -+ <policy domain="coder" rights="none" pattern="SHOW" /> -+ <policy domain="coder" rights="none" pattern="WIN" /> -+ <policy domain="coder" rights="none" pattern="PLT" /> -+ <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" /> - <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> --> - <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> - <!-- <policy domain="path" rights="none" pattern="@*" /> --> |