Updated to version 7.0.8.67. Add tcmalloc. gs security issues.

author: Daniel Bermond 2019-10-03 13:26:44 +0000
committer: Daniel Bermond 2019-10-03 13:26:44 +0000
commit: 6a063d350fe28a2cf24a27cbea0c70ff56459797 (patch)
tree: e72b8f3cf26cdcfba8197feb90aee2ff8daa7b8e
parent: fe45606c9bee900967ec467c8ed8fbc493b2074e (diff)
download: aur-6a063d350fe28a2cf24a27cbea0c70ff56459797.tar.gz
4 files changed, 34 insertions, 92 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 15eed24a002c..dcb764353479 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = imagemagick-full
-	pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features)
-	pkgver = 7.0.8.61
+	pkgdesc = An image viewing/manipulation program (Q32 HDRI with all features)
+	pkgver = 7.0.8.67
 	pkgrel = 1
 	url = https://www.imagemagick.org/
 	arch = x86_64
@@ -28,6 +28,7 @@ pkgbase = imagemagick-full
 	makedepends = libltdl
 	makedepends = jemalloc
 	makedepends = djvulibre
+	makedepends = gperftools
 	makedepends = libraw
 	makedepends = graphviz
 	makedepends = openexr
@@ -54,14 +55,10 @@ pkgbase = imagemagick-full
 	makedepends = flif
 	makedepends = libfpx
 	makedepends = libumem-git
-	source = git+https://github.com/ImageMagick/ImageMagick.git#commit=fe13879b6e00afd2e9a7f2c8a1e33d9c39c8ee9d
-	source = imagemagick-full-security-fix.patch
+	source = git+https://github.com/ImageMagick/ImageMagick.git#commit=dfdb6a98316f870cc56318e6222ae738f6fd7b04
 	source = arch-fonts.diff
-	source = imagemagick-full-disable-avaraging-tests.patch
 	sha256sums = SKIP
-	sha256sums = e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e
 	sha256sums = a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73
-	sha256sums = 2ff7366526a705b195074438266064fb1d347552707bf7bbca739d5eb0c65db9
 
 pkgname = imagemagick-full
 	depends = lcms2
@@ -77,6 +74,7 @@ pkgname = imagemagick-full
 	depends = zlib
 	depends = libltdl
 	depends = jemalloc
+	depends = gperftools
 	depends = djvulibre
 	depends = libraw
 	depends = graphviz
@@ -105,9 +103,9 @@ pkgname = imagemagick-full
 	depends = libfpx
 	depends = libumem-git
 	optdepends = imagemagick-full-doc: manual and API docs
-	provides = imagemagick=7.0.8.61
-	provides = libmagick=7.0.8.61
-	provides = libmagick-full=7.0.8.61
+	provides = imagemagick=7.0.8.67
+	provides = libmagick=7.0.8.67
+	provides = libmagick-full=7.0.8.67
 	conflicts = imagemagick
 	conflicts = libmagick
 	replaces = libmagick-full
@@ -125,8 +123,8 @@ pkgname = imagemagick-full
 	backup = etc//type-ghostscript.xml
 
 pkgname = imagemagick-full-doc
-	pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features) (manual and API docs)
+	pkgdesc = An image viewing/manipulation program (Q32 HDRI with all features) (manual and API docs)
 	arch = any
-	provides = imagemagick-doc=7.0.8.61
+	provides = imagemagick-doc=7.0.8.67
 	conflicts = imagemagick-doc
 
diff --git a/PKGBUILD b/PKGBUILD
index 16cafe78c43a..c4e2d9630123 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,21 +5,25 @@
 # For more information about DPS being obsolete please visit:
 # http://www.x.org/releases/X11R7.7/doc/xorg-docs/graphics/dps.html
 
-# NOTE (2):
+# NOTE (2): linking to ghostscript libs (gslib) is disabled due to
+# security issues. ImageMagick will call 'gs' executable directly
+# instead. See: https://bugs.archlinux.org/task/62171
+
+# NOTE (3):
 # change font directories in build() to match yours:
 #   - deJaVu and GhostScript font directories are the default ones
 #   - Windows font directory is set according to a Wiki example
 
-_commit='fe13879b6e00afd2e9a7f2c8a1e33d9c39c8ee9d'
+_commit='dfdb6a98316f870cc56318e6222ae738f6fd7b04'
 _qdepth='32'
 
 pkgbase=imagemagick-full
 pkgname=('imagemagick-full' 'imagemagick-full-doc')
 _srcname=ImageMagick
-pkgver=7.0.8.61
+pkgver=7.0.8.67
 pkgrel=1
 arch=('x86_64')
-pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all libs and features)"
+pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all features)"
 url='https://www.imagemagick.org/'
 license=('custom')
 makedepends=(
@@ -27,42 +31,26 @@ makedepends=(
         'git' 'perl' 'jbigkit' 'opencl-headers' 'glu' 'ghostpcl' 'ghostxps'
         'zstd' 'chrpath'
         'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext'
-        'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz'
-        'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo'
-        'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd'
-        'gsfonts' 'ttf-dejavu' 'perl'
+        'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'gperftools' 'libraw'
+        'graphviz' 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango'
+        'cairo' 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf'
+        'ocl-icd' 'gsfonts' 'ttf-dejavu' 'perl'
     # AUR:
         'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git'
 )
 source=("git+https://github.com/ImageMagick/ImageMagick.git#commit=${_commit}"
-        'imagemagick-full-security-fix.patch'
-        'arch-fonts.diff'
-        'imagemagick-full-disable-avaraging-tests.patch')
+        'arch-fonts.diff')
 sha256sums=('SKIP'
-            'e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e'
-            'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73'
-            '2ff7366526a705b195074438266064fb1d347552707bf7bbca739d5eb0c65db9')
+            'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73')
 
 prepare() {
     cd "$_srcname"
     
     mkdir -p docpkg/usr/share
     
-    # 1) workaround for ghostscript security issues:
-    #      https://bugs.archlinux.org/task/59778
-    # 2) security fix:
-    #      https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
-    #      https://imagetragick.com/
-    patch -Np1 -i "${srcdir}/imagemagick-full-security-fix.patch"
-    
     # fix up typemaps to match Arch Linux packages, where possible
     patch -Np1 -i "${srcdir}/arch-fonts.diff"
     
-    # disable a test that is failing
-    ## https://github.com/ImageMagick/ImageMagick/issues/1570
-    ## https://github.com/ImageMagick/ImageMagick/issues/1576
-    patch -Np1 -i "${srcdir}/imagemagick-full-disable-avaraging-tests.patch"
-    
     # fix for 'sh: gitversion.sh: command not found' during autoreconf
     sed -i 's|(gitversion|(./gitversion|' configure.ac
     
@@ -90,6 +78,7 @@ build() {
         --with-perl \
         --with-perl-options='INSTALLDIRS=vendor' \
         --with-jemalloc \
+        --with-tcmalloc \
         --with-umem \
         --with-bzlib \
         --with-x \
@@ -104,7 +93,7 @@ build() {
         --with-fontconfig \
         --with-freetype \
         --with-raqm \
-        --with-gslib \
+        --without-gslib \
         --with-gvc \
         --with-heic \
         --with-jbig \
@@ -139,10 +128,8 @@ build() {
 
 check() (
     cd "$_srcname"
-    
     ulimit -n 4096
-    sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch
-    
+    sed -e '/validate-formats/d' -i Makefile
     make check
 )
 
@@ -152,10 +139,10 @@ package_imagemagick-full() {
     depends=(
         # official repositories:
             'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext'
-            'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz'
-            'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo'
-            'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd'
-            'gsfonts' 'ttf-dejavu' 'perl'
+            'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'gperftools' 'djvulibre' 'libraw'
+            'graphviz' 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango'
+            'cairo' 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf'
+            'ocl-icd' 'gsfonts' 'ttf-dejavu' 'perl'
         # AUR:
             'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git'
     )
@@ -178,6 +165,9 @@ package_imagemagick-full() {
     # split docs
     mv "${pkgdir}/usr/share/doc" docpkg/usr/share/
     
+    # harden security policy: https://bugs.archlinux.org/task/62785
+    sed -e '/<\/policymap>/i \ \ <policy domain="delegate" rights="none" pattern="gs" \/>' -i "${pkgdir}/etc/ImageMagick-7/policy.xml"
+    
     install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
     install -D -m644 NOTICE  -t "${pkgdir}/usr/share/licenses/${pkgname}"
 }
diff --git a/imagemagick-full-disable-avaraging-tests.patch b/imagemagick-full-disable-avaraging-tests.patch
deleted file mode 100644
index 8e715f81e648..000000000000
--- a/imagemagick-full-disable-avaraging-tests.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-The avaraging tests seems to be flaky due to rounding errors. Test fails on
-x86 and s390x
-
-https://github.com/ImageMagick/ImageMagick/issues/1576#issuecomment-494595404
-
-diff --git a/Magick++/tests/tests.tap b/Magick++/tests/tests.tap
-index b5c15ff..bb83980 100755
---- a/Magick++/tests/tests.tap
-+++ b/Magick++/tests/tests.tap
-@@ -8,14 +8,14 @@
- #
- subdir=Magick++/tests
- . ./common.shi
--echo "1..13"
-+echo "1..12"
- 
- SRCDIR=${top_srcdir}/${subdir}/
- export SRCDIR
- 
- cd ${subdir} || exit 1
- 
--for mytest in appendImages attributes averageImages coalesceImages coderInfo color colorHistogram exceptions geometry montageImages morphImages readWriteBlob readWriteImages
-+for mytest in appendImages attributes coalesceImages coderInfo color colorHistogram exceptions geometry montageImages morphImages readWriteBlob readWriteImages
- do
-   ./${mytest} && echo "ok" || echo "not ok"
- done
diff --git a/imagemagick-full-security-fix.patch b/imagemagick-full-security-fix.patch
deleted file mode 100644
index 4f2d347fd424..000000000000
--- a/imagemagick-full-security-fix.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -Naurp a/config/policy.xml b/config/policy.xml
---- a/config/policy.xml	2018-10-24 23:55:43.000000000 +0000
-+++ b/config/policy.xml	2018-11-23 12:50:49.475631653 +0000
-@@ -69,6 +69,16 @@
-   <!-- <policy domain="resource" name="throttle" value="0"/> -->
-   <!-- <policy domain="resource" name="time" value="3600"/> -->
-   <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
-+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
-+  <policy domain="coder" rights="none" pattern="URL" />
-+  <policy domain="coder" rights="none" pattern="HTTPS" />
-+  <policy domain="coder" rights="none" pattern="MVG" />
-+  <policy domain="coder" rights="none" pattern="MSL" />
-+  <policy domain="coder" rights="none" pattern="TEXT" />
-+  <policy domain="coder" rights="none" pattern="SHOW" />
-+  <policy domain="coder" rights="none" pattern="WIN" />
-+  <policy domain="coder" rights="none" pattern="PLT" />
-+  <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />
-   <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
-   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
-   <!-- <policy domain="path" rights="none" pattern="@*" /> -->
author	Daniel Bermond	2019-10-03 13:26:44 +0000
committer	Daniel Bermond	2019-10-03 13:26:44 +0000
commit	6a063d350fe28a2cf24a27cbea0c70ff56459797 (patch)
tree	e72b8f3cf26cdcfba8197feb90aee2ff8daa7b8e
parent	fe45606c9bee900967ec467c8ed8fbc493b2074e (diff)
download	aur-6a063d350fe28a2cf24a27cbea0c70ff56459797.tar.gz