diff options
author | Daniel Bermond | 2018-11-26 10:39:14 +0000 |
---|---|---|
committer | Daniel Bermond | 2018-11-26 10:39:14 +0000 |
commit | 8a16b7f2268b51b018a369ba8e83887a147bbb1c (patch) | |
tree | 46b2f33feb69945f17ae7e0f3db20314c91b5164 | |
parent | 7f0a5dae51addb6362a7edefd811845903c44d6a (diff) | |
download | aur-8a16b7f2268b51b018a369ba8e83887a147bbb1c.tar.gz |
Do not rename the source. gs security fix. Add zstd. Improvements.
-rw-r--r-- | .SRCINFO | 70 | ||||
-rw-r--r-- | PKGBUILD | 153 | ||||
-rw-r--r-- | imagemagick-full-security-fix.patch | 20 |
3 files changed, 129 insertions, 114 deletions
@@ -1,64 +1,69 @@ pkgbase = imagemagick-full pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features) pkgver = 7.0.8.14 - pkgrel = 1 - url = http://www.imagemagick.org/ + pkgrel = 2 + url = https://www.imagemagick.org/ arch = i686 arch = x86_64 license = custom makedepends = git makedepends = perl + makedepends = jbigkit makedepends = opencl-headers - makedepends = chrpath makedepends = glu makedepends = ghostpcl makedepends = ghostxps - depends = libltdl + makedepends = zstd + makedepends = chrpath depends = lcms2 - depends = fontconfig - depends = libxext - depends = liblqr depends = libraqm - depends = libpng + depends = liblqr + depends = fftw depends = libxml2 - depends = ghostscript - depends = gsfonts - depends = ttf-dejavu - depends = libraw - depends = librsvg - depends = libwebp - depends = libwmf - depends = ocl-icd - depends = openexr - depends = openjpeg2 - depends = pango - depends = jemalloc - depends = bzip2 + depends = fontconfig + depends = freetype2 + depends = libxext depends = libx11 - depends = libsm - depends = libice - depends = libxt + depends = bzip2 depends = zlib - depends = fftw + depends = libltdl + depends = jemalloc depends = djvulibre - depends = freetype2 - depends = libheif + depends = libraw depends = graphviz - depends = jbigkit + depends = openexr + depends = libheif + depends = openjpeg2 depends = libjpeg-turbo depends = xz + depends = glib2 + depends = pango + depends = cairo + depends = libpng + depends = ghostscript + depends = ming + depends = librsvg depends = libtiff - depends = libumem-git + depends = libwebp + depends = libwmf + depends = ocl-icd + depends = gsfonts + depends = ttf-dejavu + depends = pstoedit-nomagick depends = autotrace-nomagick depends = flif depends = libfpx - source = imagemagick-full-git::git+https://github.com/ImageMagick/ImageMagick.git#commit=ba0aedf286650098de0d51a493c679adeb39a4ac + depends = libumem-git + source = git+https://github.com/ImageMagick/ImageMagick.git#commit=ba0aedf286650098de0d51a493c679adeb39a4ac + source = imagemagick-full-security-fix.patch source = arch-fonts.diff sha256sums = SKIP + sha256sums = e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e sha256sums = a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73 pkgname = libmagick-full pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features) (library) + optdepends = ttf-mac-fonts: for Apple fonts support provides = libmagick provides = libMagickCore-7.Q32HDRI.so provides = libMagickWand-7.Q32HDRI.so @@ -66,11 +71,9 @@ pkgname = libmagick-full conflicts = libmagick options = !emptydirs options = libtool - backup = etc//coder.xml backup = etc//colors.xml backup = etc//delegates.xml backup = etc//log.xml - backup = etc//magic.xml backup = etc//mime.xml backup = etc//policy.xml backup = etc//quantization-table.xml @@ -80,10 +83,9 @@ pkgname = libmagick-full backup = etc//type-ghostscript.xml pkgname = imagemagick-full - depends = libmagick-full=7.0.8.14-1 + depends = libmagick-full=7.0.8.14-2 depends = perl optdepends = imagemagick-full-doc: manual and API docs - optdepends = ttf-mac-fonts: for Apple fonts support provides = imagemagick conflicts = imagemagick options = !emptydirs @@ -1,4 +1,4 @@ -# Maintainer: Daniel Bermond < yahoo-com: danielbermond > +# Maintainer: Daniel Bermond < gmail-com: danielbermond > # NOTE (1): # DPS (Display PostScript) feature is obsolete and thus not enabled. @@ -6,79 +6,73 @@ # http://www.x.org/releases/X11R7.7/doc/xorg-docs/graphics/dps.html # NOTE (2): -# change font directories bellow to match yours: -# - deJaVu and GhostScript font directories provided bellow are -# the default ones -# - Windows font directory provided bellow is set according to -# the example in Arch Linux Wiki -# - this Windows font directory example is for people that -# copy/link fonts from a Windows installation. If you prefer, -# you can choose an AUR package that provides the Windows fonts -# as described in the Wiki and change the directory accordingly. +# change font directories in build() to match yours: +# - deJaVu and GhostScript font directories are the default ones +# - Windows font directory is set according to a Wiki example -_dejavu_font_dir='/usr/share/fonts/TTF' -_gs_font_dir='/usr/share/fonts/gsfonts' -_urw_font_dir='/usr/share/fonts/gsfonts' -_windows_font_dir='/usr/share/fonts/WindowsFonts' -_1st_apple_font_dir='/usr/share/fonts/TTF' -_2nd_apple_font_dir='/usr/share/fonts/Type1' _commit='ba0aedf286650098de0d51a493c679adeb39a4ac' _qdepth='32' pkgbase=imagemagick-full pkgname=('libmagick-full' 'imagemagick-full' 'imagemagick-full-doc') +_srcname=ImageMagick pkgver=7.0.8.14 -pkgrel=1 +pkgrel=2 arch=('i686' 'x86_64') pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all libs and features)" -url='http://www.imagemagick.org/' +url='https://www.imagemagick.org/' license=('custom') depends=( # official repositories: - 'libltdl' 'lcms2' 'fontconfig' 'libxext' 'liblqr' 'libraqm' 'libpng' 'libxml2' - 'ghostscript' 'gsfonts' 'ttf-dejavu' 'libraw' 'librsvg' 'libwebp' 'libwmf' - 'ocl-icd' 'openexr' 'openjpeg2' 'pango' - 'jemalloc' 'bzip2' 'libx11' 'libsm' 'libice' 'libxt' 'zlib' 'fftw' 'djvulibre' - 'freetype2' 'libheif' 'graphviz' 'jbigkit' 'libjpeg-turbo' 'xz' 'libtiff' + 'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext' + 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz' + 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo' + 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd' + 'gsfonts' 'ttf-dejavu' # AUR: - 'libumem-git' 'autotrace-nomagick' 'flif' 'libfpx' + 'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git' ) -makedepends=('git' 'perl' 'opencl-headers' 'chrpath' 'glu' 'ghostpcl' 'ghostxps') -source=("${pkgbase}-git"::"git+https://github.com/ImageMagick/ImageMagick.git#commit=${_commit}" +makedepends=('git' 'perl' 'jbigkit' 'opencl-headers' 'glu' 'ghostpcl' 'ghostxps' + 'zstd' 'chrpath') +source=("git+https://github.com/ImageMagick/ImageMagick.git#commit=${_commit}" + 'imagemagick-full-security-fix.patch' 'arch-fonts.diff') sha256sums=('SKIP' + 'e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e' 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73') prepare() { - cd "${pkgbase}-git" + cd "$_srcname" - # fix for 'sh: gitversion.sh: command not found' during autoreconf - sed -i 's|(gitversion|(./gitversion|' configure.ac + # 1) workaround for ghostscript security issues: + # https://bugs.archlinux.org/task/59778 + # 2) security fix: + # https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 + # https://imagetragick.com/ + patch -Np1 -i "${srcdir}/imagemagick-full-security-fix.patch" # fix up typemaps to match Arch Linux packages, where possible patch -Np1 -i "${srcdir}/arch-fonts.diff" + + # fix for 'sh: gitversion.sh: command not found' during autoreconf + sed -i 's|(gitversion|(./gitversion|' configure.ac + + autoreconf -fis } build() { - cd "${pkgbase}-git" + cd "$_srcname" export CFLAGS="${CFLAGS} -I/usr/include/FLIF" - autoreconf -fis - ./configure \ --prefix='/usr' \ --sysconfdir='/etc' \ --enable-openmp \ --enable-opencl \ - --enable-largefile \ - --enable-static='no' \ - --enable-shared='yes' \ - --enable-fast-install='yes' \ --disable-delegate-build \ --enable-cipher \ --enable-hdri \ - --enable-hugepages \ --enable-docs \ --with-threads \ --with-modules \ @@ -91,6 +85,7 @@ build() { --with-bzlib \ --with-x \ --with-zlib \ + --with-zstd \ --with-autotrace \ --without-dps \ --with-fftw \ @@ -118,25 +113,40 @@ build() { --with-webp \ --with-wmf \ --with-xml \ - --with-dejavu-font-dir="$_dejavu_font_dir" \ - --with-gs-font-dir="$_gs_font_dir" \ - --with-urw-base35-font-dir="$_urw_font_dir" \ - --with-windows-font-dir="$_windows_font_dir" \ - --with-apple-font-dir="$_1st_apple_font_dir" \ - --with-fontpath="$_2nd_apple_font_dir" \ + --with-dejavu-font-dir='/usr/share/fonts/TTF' \ + --with-gs-font-dir='/usr/share/fonts/gsfonts' \ + --with-urw-base35-font-dir='/usr/share/fonts/gsfonts' \ + --with-windows-font-dir='/usr/share/fonts/WindowsFonts' \ + --with-apple-font-dir='/usr/share/fonts/TTF' \ + --with-fontpath='/usr/share/fonts/Type1' \ PSDelegate='/usr/bin/gs' \ XPSDelegate='/usr/bin/gxps' \ - PCLDelegate='/usr/bin/gpcl6' \ - + PCLDelegate='/usr/bin/gpcl6' + + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make } +check() ( + cd "$_srcname" + + ulimit -n 4096 + sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch + + make check +) + package_libmagick-full() { local _majorver="${pkgver%%.*}" local _etcdir="ImageMagick-${_majorver}" pkgdesc+=' (library)' - backup=(etc/"$_etcdir"/{coder,colors,delegates,log,magic,mime,policy,quantization-table,thresholds,type,type-{dejavu,ghostscript}}.xml) + optdepends=( + # AUR: + 'ttf-mac-fonts: for Apple fonts support' + ) + backup=(etc/"$_etcdir"/{colors,delegates,log,mime,policy,quantization-table,thresholds,type,type-{dejavu,ghostscript}}.xml) options=('!emptydirs' 'libtool') provides=('libmagick' "libMagickCore-${pkgver%%.*}.Q${_qdepth}HDRI.so" @@ -144,40 +154,24 @@ package_libmagick-full() { "libMagick++-${pkgver%%.*}.Q${_qdepth}HDRI.so") conflicts=('libmagick') - cd "${pkgbase}-git" + cd "$_srcname" make DESTDIR="$pkgdir" install - rm -f "$pkgdir"/usr/lib/*.la + rm "$pkgdir"/usr/lib/*.la - install -D -m644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" - install -D -m644 NOTICE "${pkgdir}/usr/share/licenses/${pkgname}/NOTICE" + install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" + install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" rm -rf binpkg/* docpkg/* - mkdir -p binpkg/usr/lib {binpkg,docpkg}/usr/share # split 'imagemagick' - cd binpkg - mv -f "${pkgdir}/usr/bin" usr/ - mv -f "${pkgdir}/usr/lib/perl5" usr/lib/ - mv -f "${pkgdir}/usr/share/man" usr/share/ + mv "${pkgdir}/usr/bin" binpkg/usr/ + mv "${pkgdir}/usr/lib/perl5" binpkg/usr/lib/ + mv "${pkgdir}/usr/share/man" binpkg/usr/share/ # split docs - cd "${srcdir}/${pkgbase}-git/docpkg" - mv -f "${pkgdir}/usr/share/doc" usr/share/ - - # security fix - # https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 - # https://imagetragick.com/ - sed -i '65i\ \<policy domain="coder" rights="none" pattern="EPHEMERAL" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '66i\ \<policy domain="coder" rights="none" pattern="URL" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '67i\ \<policy domain="coder" rights="none" pattern="HTTPS" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '68i\ \<policy domain="coder" rights="none" pattern="MVG" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '69i\ \<policy domain="coder" rights="none" pattern="MSL" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '70i\ \<policy domain="coder" rights="none" pattern="TEXT" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '71i\ \<policy domain="coder" rights="none" pattern="SHOW" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '72i\ \<policy domain="coder" rights="none" pattern="WIN" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '73i\ \<policy domain="coder" rights="none" pattern="PLT" />' "${pkgdir}/etc/${_etcdir}/policy.xml" + mv "${pkgdir}/usr/share/doc" docpkg/usr/share/ } package_imagemagick-full() { @@ -185,20 +179,19 @@ package_imagemagick-full() { optdepends=( # AUR: 'imagemagick-full-doc: manual and API docs' - 'ttf-mac-fonts: for Apple fonts support' ) - options=('!emptydirs') provides=('imagemagick') conflicts=('imagemagick') + options=('!emptydirs') - cd "${pkgbase}-git" + cd "$_srcname" - mv -f binpkg/* "$pkgdir" + cp -a binpkg/* "$pkgdir" find "${pkgdir}/usr/lib/perl5" -name '*.so' -exec chrpath -d {} + - install -D -m644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" - install -D -m644 NOTICE "${pkgdir}/usr/share/licenses/${pkgname}/NOTICE" + install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" + install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" } package_imagemagick-full-doc() { @@ -208,10 +201,10 @@ package_imagemagick-full-doc() { provides=('imagemagick-doc') conflicts=('imagemagick-doc') - cd "${pkgbase}-git" + cd "$_srcname" - mv -f docpkg/* "$pkgdir" + cp -a docpkg/* "$pkgdir" - install -D -m644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" - install -D -m644 NOTICE "${pkgdir}/usr/share/licenses/${pkgname}/NOTICE" + install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" + install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" } diff --git a/imagemagick-full-security-fix.patch b/imagemagick-full-security-fix.patch new file mode 100644 index 000000000000..4f2d347fd424 --- /dev/null +++ b/imagemagick-full-security-fix.patch @@ -0,0 +1,20 @@ +diff -Naurp a/config/policy.xml b/config/policy.xml +--- a/config/policy.xml 2018-10-24 23:55:43.000000000 +0000 ++++ b/config/policy.xml 2018-11-23 12:50:49.475631653 +0000 +@@ -69,6 +69,16 @@ + <!-- <policy domain="resource" name="throttle" value="0"/> --> + <!-- <policy domain="resource" name="time" value="3600"/> --> + <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> ++ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++ <policy domain="coder" rights="none" pattern="URL" /> ++ <policy domain="coder" rights="none" pattern="HTTPS" /> ++ <policy domain="coder" rights="none" pattern="MVG" /> ++ <policy domain="coder" rights="none" pattern="MSL" /> ++ <policy domain="coder" rights="none" pattern="TEXT" /> ++ <policy domain="coder" rights="none" pattern="SHOW" /> ++ <policy domain="coder" rights="none" pattern="WIN" /> ++ <policy domain="coder" rights="none" pattern="PLT" /> ++ <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" /> + <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> --> + <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> + <!-- <policy domain="path" rights="none" pattern="@*" /> --> |