Do not rename the source. gs security fix. Add zstd. Improvements.

3 files changed, 129 insertions, 114 deletions

diff --git a/.SRCINFO b/.SRCINFO
index d49a15a018d3..4cf9f2a82efe 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,64 +1,69 @@
 pkgbase = imagemagick-full
 	pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features)
 	pkgver = 7.0.8.14
-	pkgrel = 1
-	url = http://www.imagemagick.org/
+	pkgrel = 2
+	url = https://www.imagemagick.org/
 	arch = i686
 	arch = x86_64
 	license = custom
 	makedepends = git
 	makedepends = perl
+	makedepends = jbigkit
 	makedepends = opencl-headers
-	makedepends = chrpath
 	makedepends = glu
 	makedepends = ghostpcl
 	makedepends = ghostxps
-	depends = libltdl
+	makedepends = zstd
+	makedepends = chrpath
 	depends = lcms2
-	depends = fontconfig
-	depends = libxext
-	depends = liblqr
 	depends = libraqm
-	depends = libpng
+	depends = liblqr
+	depends = fftw
 	depends = libxml2
-	depends = ghostscript
-	depends = gsfonts
-	depends = ttf-dejavu
-	depends = libraw
-	depends = librsvg
-	depends = libwebp
-	depends = libwmf
-	depends = ocl-icd
-	depends = openexr
-	depends = openjpeg2
-	depends = pango
-	depends = jemalloc
-	depends = bzip2
+	depends = fontconfig
+	depends = freetype2
+	depends = libxext
 	depends = libx11
-	depends = libsm
-	depends = libice
-	depends = libxt
+	depends = bzip2
 	depends = zlib
-	depends = fftw
+	depends = libltdl
+	depends = jemalloc
 	depends = djvulibre
-	depends = freetype2
-	depends = libheif
+	depends = libraw
 	depends = graphviz
-	depends = jbigkit
+	depends = openexr
+	depends = libheif
+	depends = openjpeg2
 	depends = libjpeg-turbo
 	depends = xz
+	depends = glib2
+	depends = pango
+	depends = cairo
+	depends = libpng
+	depends = ghostscript
+	depends = ming
+	depends = librsvg
 	depends = libtiff
-	depends = libumem-git
+	depends = libwebp
+	depends = libwmf
+	depends = ocl-icd
+	depends = gsfonts
+	depends = ttf-dejavu
+	depends = pstoedit-nomagick
 	depends = autotrace-nomagick
 	depends = flif
 	depends = libfpx
-	source = imagemagick-full-git::git+https://github.com/ImageMagick/ImageMagick.git#commit=ba0aedf286650098de0d51a493c679adeb39a4ac
+	depends = libumem-git
+	source = git+https://github.com/ImageMagick/ImageMagick.git#commit=ba0aedf286650098de0d51a493c679adeb39a4ac
+	source = imagemagick-full-security-fix.patch
 	source = arch-fonts.diff
 	sha256sums = SKIP
+	sha256sums = e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e
 	sha256sums = a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73
 
 pkgname = libmagick-full
 	pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features) (library)
+	optdepends = ttf-mac-fonts: for Apple fonts support
 	provides = libmagick
 	provides = libMagickCore-7.Q32HDRI.so
 	provides = libMagickWand-7.Q32HDRI.so
@@ -66,11 +71,9 @@ pkgname = libmagick-full
 	conflicts = libmagick
 	options = !emptydirs
 	options = libtool
-	backup = etc//coder.xml
 	backup = etc//colors.xml
 	backup = etc//delegates.xml
 	backup = etc//log.xml
-	backup = etc//magic.xml
 	backup = etc//mime.xml
 	backup = etc//policy.xml
 	backup = etc//quantization-table.xml
@@ -80,10 +83,9 @@ pkgname = libmagick-full
 	backup = etc//type-ghostscript.xml
 
 pkgname = imagemagick-full
-	depends = libmagick-full=7.0.8.14-1
+	depends = libmagick-full=7.0.8.14-2
 	depends = perl
 	optdepends = imagemagick-full-doc: manual and API docs
-	optdepends = ttf-mac-fonts: for Apple fonts support
 	provides = imagemagick
 	conflicts = imagemagick
 	options = !emptydirs
diff --git a/PKGBUILD b/PKGBUILD
index 4319b3321b58..b2e0c1ba6eba 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,4 +1,4 @@
-# Maintainer: Daniel Bermond < yahoo-com: danielbermond >
+# Maintainer: Daniel Bermond < gmail-com: danielbermond >
 
 # NOTE (1):
 # DPS (Display PostScript) feature is obsolete and thus not enabled.
@@ -6,79 +6,73 @@
 # http://www.x.org/releases/X11R7.7/doc/xorg-docs/graphics/dps.html
 
 # NOTE (2):
-# change font directories bellow to match yours:
-#   - deJaVu and GhostScript font directories provided bellow are
-#     the default ones
-#   - Windows font directory provided bellow is set according to
-#     the example in Arch Linux Wiki
-#   - this Windows font directory example is for people that
-#     copy/link fonts from a Windows installation. If you prefer,
-#     you can choose an AUR package that provides the Windows fonts
-#     as described in the Wiki and change the directory accordingly.
+# change font directories in build() to match yours:
+#   - deJaVu and GhostScript font directories are the default ones
+#   - Windows font directory is set according to a Wiki example
 
-_dejavu_font_dir='/usr/share/fonts/TTF'
-_gs_font_dir='/usr/share/fonts/gsfonts'
-_urw_font_dir='/usr/share/fonts/gsfonts'
-_windows_font_dir='/usr/share/fonts/WindowsFonts'
-_1st_apple_font_dir='/usr/share/fonts/TTF'
-_2nd_apple_font_dir='/usr/share/fonts/Type1'
 _commit='ba0aedf286650098de0d51a493c679adeb39a4ac'
 _qdepth='32'
 
 pkgbase=imagemagick-full
 pkgname=('libmagick-full' 'imagemagick-full' 'imagemagick-full-doc')
+_srcname=ImageMagick
 pkgver=7.0.8.14
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all libs and features)"
-url='http://www.imagemagick.org/'
+url='https://www.imagemagick.org/'
 license=('custom')
 depends=(
     # official repositories:
-        'libltdl' 'lcms2' 'fontconfig' 'libxext' 'liblqr' 'libraqm' 'libpng' 'libxml2'
-        'ghostscript' 'gsfonts' 'ttf-dejavu' 'libraw' 'librsvg' 'libwebp' 'libwmf'
-        'ocl-icd' 'openexr' 'openjpeg2' 'pango'
-        'jemalloc' 'bzip2' 'libx11' 'libsm' 'libice' 'libxt' 'zlib' 'fftw' 'djvulibre'
-        'freetype2' 'libheif' 'graphviz' 'jbigkit' 'libjpeg-turbo' 'xz' 'libtiff'
+        'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext'
+        'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz'
+        'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo'
+        'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd'
+        'gsfonts' 'ttf-dejavu'
     # AUR:
-        'libumem-git' 'autotrace-nomagick' 'flif' 'libfpx'
+        'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git'
 )
-makedepends=('git' 'perl' 'opencl-headers' 'chrpath' 'glu' 'ghostpcl' 'ghostxps')
-source=("${pkgbase}-git"::"git+https://github.com/ImageMagick/ImageMagick.git#commit=${_commit}"
+makedepends=('git' 'perl' 'jbigkit' 'opencl-headers' 'glu' 'ghostpcl' 'ghostxps'
+             'zstd' 'chrpath')
+source=("git+https://github.com/ImageMagick/ImageMagick.git#commit=${_commit}"
+        'imagemagick-full-security-fix.patch'
         'arch-fonts.diff')
 sha256sums=('SKIP'
+            'e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e'
             'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73')
 
 prepare() {
-    cd "${pkgbase}-git"
+    cd "$_srcname"
     
-    # fix for 'sh: gitversion.sh: command not found' during autoreconf
-    sed -i 's|(gitversion|(./gitversion|' configure.ac
+    # 1) workaround for ghostscript security issues:
+    #      https://bugs.archlinux.org/task/59778
+    # 2) security fix:
+    #      https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
+    #      https://imagetragick.com/
+    patch -Np1 -i "${srcdir}/imagemagick-full-security-fix.patch"
     
     # fix up typemaps to match Arch Linux packages, where possible
     patch -Np1 -i "${srcdir}/arch-fonts.diff"
+    
+    # fix for 'sh: gitversion.sh: command not found' during autoreconf
+    sed -i 's|(gitversion|(./gitversion|' configure.ac
+    
+    autoreconf -fis
 }
 
 build() {
-    cd "${pkgbase}-git"
+    cd "$_srcname"
     
     export CFLAGS="${CFLAGS} -I/usr/include/FLIF"
     
-    autoreconf -fis
-    
     ./configure \
         --prefix='/usr' \
         --sysconfdir='/etc' \
         --enable-openmp \
         --enable-opencl \
-        --enable-largefile \
-        --enable-static='no' \
-        --enable-shared='yes' \
-        --enable-fast-install='yes' \
         --disable-delegate-build \
         --enable-cipher \
         --enable-hdri \
-        --enable-hugepages \
         --enable-docs \
         --with-threads \
         --with-modules \
@@ -91,6 +85,7 @@ build() {
         --with-bzlib \
         --with-x \
         --with-zlib \
+        --with-zstd \
         --with-autotrace \
         --without-dps \
         --with-fftw \
@@ -118,25 +113,40 @@ build() {
         --with-webp \
         --with-wmf \
         --with-xml \
-        --with-dejavu-font-dir="$_dejavu_font_dir" \
-        --with-gs-font-dir="$_gs_font_dir" \
-        --with-urw-base35-font-dir="$_urw_font_dir" \
-        --with-windows-font-dir="$_windows_font_dir" \
-        --with-apple-font-dir="$_1st_apple_font_dir" \
-        --with-fontpath="$_2nd_apple_font_dir" \
+        --with-dejavu-font-dir='/usr/share/fonts/TTF' \
+        --with-gs-font-dir='/usr/share/fonts/gsfonts' \
+        --with-urw-base35-font-dir='/usr/share/fonts/gsfonts' \
+        --with-windows-font-dir='/usr/share/fonts/WindowsFonts' \
+        --with-apple-font-dir='/usr/share/fonts/TTF' \
+        --with-fontpath='/usr/share/fonts/Type1' \
         PSDelegate='/usr/bin/gs' \
         XPSDelegate='/usr/bin/gxps' \
-        PCLDelegate='/usr/bin/gpcl6' \
-            
+        PCLDelegate='/usr/bin/gpcl6'
+        
+    sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+    
     make
 }
 
+check() (
+   cd "$_srcname"
+   
+   ulimit -n 4096
+   sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch
+   
+   make check
+)
+
 package_libmagick-full() {
     local _majorver="${pkgver%%.*}"
     local _etcdir="ImageMagick-${_majorver}"
     
     pkgdesc+=' (library)'
-    backup=(etc/"$_etcdir"/{coder,colors,delegates,log,magic,mime,policy,quantization-table,thresholds,type,type-{dejavu,ghostscript}}.xml)
+    optdepends=(
+        # AUR:
+            'ttf-mac-fonts: for Apple fonts support'
+    )
+    backup=(etc/"$_etcdir"/{colors,delegates,log,mime,policy,quantization-table,thresholds,type,type-{dejavu,ghostscript}}.xml)
     options=('!emptydirs' 'libtool')
     provides=('libmagick'
               "libMagickCore-${pkgver%%.*}.Q${_qdepth}HDRI.so"
@@ -144,40 +154,24 @@ package_libmagick-full() {
                 "libMagick++-${pkgver%%.*}.Q${_qdepth}HDRI.so")
     conflicts=('libmagick')
     
-    cd "${pkgbase}-git"
+    cd "$_srcname"
     make DESTDIR="$pkgdir" install
     
-    rm -f "$pkgdir"/usr/lib/*.la
+    rm "$pkgdir"/usr/lib/*.la
     
-    install -D -m644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-    install -D -m644 NOTICE  "${pkgdir}/usr/share/licenses/${pkgname}/NOTICE"
+    install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
+    install -D -m644 NOTICE  -t "${pkgdir}/usr/share/licenses/${pkgname}"
     
     rm -rf binpkg/* docpkg/*
-    
     mkdir -p binpkg/usr/lib {binpkg,docpkg}/usr/share
     
     # split 'imagemagick'
-    cd binpkg
-    mv -f "${pkgdir}/usr/bin"       usr/
-    mv -f "${pkgdir}/usr/lib/perl5" usr/lib/
-    mv -f "${pkgdir}/usr/share/man" usr/share/
+    mv "${pkgdir}/usr/bin"       binpkg/usr/
+    mv "${pkgdir}/usr/lib/perl5" binpkg/usr/lib/
+    mv "${pkgdir}/usr/share/man" binpkg/usr/share/
     
     # split docs
-    cd "${srcdir}/${pkgbase}-git/docpkg"
-    mv -f "${pkgdir}/usr/share/doc" usr/share/
-    
-    # security fix
-    # https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
-    # https://imagetragick.com/
-    sed -i '65i\  \<policy domain="coder" rights="none" pattern="EPHEMERAL" />' "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '66i\  \<policy domain="coder" rights="none" pattern="URL" />'       "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '67i\  \<policy domain="coder" rights="none" pattern="HTTPS" />'     "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '68i\  \<policy domain="coder" rights="none" pattern="MVG" />'       "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '69i\  \<policy domain="coder" rights="none" pattern="MSL" />'       "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '70i\  \<policy domain="coder" rights="none" pattern="TEXT" />'      "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '71i\  \<policy domain="coder" rights="none" pattern="SHOW" />'      "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '72i\  \<policy domain="coder" rights="none" pattern="WIN" />'       "${pkgdir}/etc/${_etcdir}/policy.xml"
-    sed -i '73i\  \<policy domain="coder" rights="none" pattern="PLT" />'       "${pkgdir}/etc/${_etcdir}/policy.xml"
+    mv "${pkgdir}/usr/share/doc" docpkg/usr/share/
 }
 
 package_imagemagick-full() {
@@ -185,20 +179,19 @@ package_imagemagick-full() {
     optdepends=(
         # AUR:
             'imagemagick-full-doc: manual and API docs'
-            'ttf-mac-fonts: for Apple fonts support'
     )
-    options=('!emptydirs')
     provides=('imagemagick')
     conflicts=('imagemagick')
+    options=('!emptydirs')
     
-    cd "${pkgbase}-git"
+    cd "$_srcname"
     
-    mv -f binpkg/* "$pkgdir"
+    cp -a binpkg/* "$pkgdir"
     
     find "${pkgdir}/usr/lib/perl5" -name '*.so' -exec chrpath -d {} +
     
-    install -D -m644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-    install -D -m644 NOTICE  "${pkgdir}/usr/share/licenses/${pkgname}/NOTICE"
+    install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
+    install -D -m644 NOTICE  -t "${pkgdir}/usr/share/licenses/${pkgname}"
 }
 
 package_imagemagick-full-doc() {
@@ -208,10 +201,10 @@ package_imagemagick-full-doc() {
     provides=('imagemagick-doc')
     conflicts=('imagemagick-doc')
     
-    cd "${pkgbase}-git"
+    cd "$_srcname"
     
-    mv -f docpkg/* "$pkgdir"
+    cp -a docpkg/* "$pkgdir"
     
-    install -D -m644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-    install -D -m644 NOTICE  "${pkgdir}/usr/share/licenses/${pkgname}/NOTICE"
+    install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}"
+    install -D -m644 NOTICE  -t "${pkgdir}/usr/share/licenses/${pkgname}"
 }
diff --git a/imagemagick-full-security-fix.patch b/imagemagick-full-security-fix.patch
new file mode 100644
index 000000000000..4f2d347fd424
--- /dev/null
+++ b/imagemagick-full-security-fix.patch
@@ -0,0 +1,20 @@
+diff -Naurp a/config/policy.xml b/config/policy.xml
+--- a/config/policy.xml	2018-10-24 23:55:43.000000000 +0000
++++ b/config/policy.xml	2018-11-23 12:50:49.475631653 +0000
+@@ -69,6 +69,16 @@
+   <!-- <policy domain="resource" name="throttle" value="0"/> -->
+   <!-- <policy domain="resource" name="time" value="3600"/> -->
+   <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
++  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
++  <policy domain="coder" rights="none" pattern="URL" />
++  <policy domain="coder" rights="none" pattern="HTTPS" />
++  <policy domain="coder" rights="none" pattern="MVG" />
++  <policy domain="coder" rights="none" pattern="MSL" />
++  <policy domain="coder" rights="none" pattern="TEXT" />
++  <policy domain="coder" rights="none" pattern="SHOW" />
++  <policy domain="coder" rights="none" pattern="WIN" />
++  <policy domain="coder" rights="none" pattern="PLT" />
++  <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" />
+   <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
+   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
+   <!-- <policy domain="path" rights="none" pattern="@*" /> -->