diff options
author | Daniel Bermond | 2018-11-26 10:37:15 +0000 |
---|---|---|
committer | Daniel Bermond | 2018-11-26 10:37:15 +0000 |
commit | c89ba1678f1d998e7e6cc73dd29a3d108fd58c3a (patch) | |
tree | d1efeb432a5929947df86ba2af714e63cfd30c3d | |
parent | 347a533395b33bc96487e3ef40336e50d87807cf (diff) | |
download | aur-c89ba1678f1d998e7e6cc73dd29a3d108fd58c3a.tar.gz |
Do not rename the source. gs security fix. Add zstd. Improvements.
-rw-r--r-- | .SRCINFO | 116 | ||||
-rw-r--r-- | PKGBUILD | 160 | ||||
-rw-r--r-- | imagemagick-full-security-fix.patch | 20 |
3 files changed, 127 insertions, 169 deletions
@@ -1,103 +1,69 @@ pkgbase = imagemagick-full-git pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features, git version) - pkgver = 7.0.8.15.r14948.g2f1375d5f + pkgver = 7.0.8.15.r15029.g459b67438 pkgrel = 1 url = http://www.imagemagick.org/ arch = i686 arch = x86_64 license = custom makedepends = git - makedepends = libltdl - makedepends = lcms2 - makedepends = fontconfig - makedepends = libxext - makedepends = liblqr - makedepends = libraqm - makedepends = libpng - makedepends = gsfonts - makedepends = ttf-dejavu + makedepends = perl + makedepends = jbigkit makedepends = opencl-headers - makedepends = chrpath + makedepends = glu makedepends = ghostpcl makedepends = ghostxps - makedepends = ghostscript - makedepends = libraw - makedepends = librsvg - makedepends = libwebp - makedepends = libwmf - makedepends = libxml2 - makedepends = ocl-icd - makedepends = openexr - makedepends = openjpeg2 - makedepends = pango - makedepends = glu - makedepends = libxt - makedepends = bzip2 - makedepends = djvulibre - makedepends = fftw - makedepends = freetype2 - makedepends = graphviz - makedepends = jbigkit - makedepends = jemalloc - makedepends = libjpeg-turbo - makedepends = libtiff - makedepends = pango - makedepends = xz - makedepends = zlib - makedepends = autotrace-nomagick - makedepends = flif - makedepends = libde265 - makedepends = libfpx - makedepends = libraqm - makedepends = libumem-git - depends = libltdl + makedepends = zstd + makedepends = chrpath depends = lcms2 + depends = libraqm + depends = liblqr + depends = fftw + depends = libxml2 depends = fontconfig + depends = freetype2 depends = libxext - depends = liblqr - depends = libraqm + depends = libx11 + depends = bzip2 + depends = zlib + depends = libltdl + depends = jemalloc + depends = djvulibre + depends = libraw + depends = graphviz + depends = openexr + depends = libheif + depends = openjpeg2 + depends = libjpeg-turbo + depends = xz + depends = glib2 + depends = pango + depends = cairo depends = libpng - depends = gsfonts - depends = ttf-dejavu - depends = ghostpcl - depends = ghostxps depends = ghostscript - depends = libraw + depends = ming depends = librsvg + depends = libtiff depends = libwebp depends = libwmf - depends = libxml2 depends = ocl-icd - depends = openexr - depends = openjpeg2 - depends = pango - depends = glu - depends = libxt - depends = bzip2 - depends = djvulibre - depends = fftw - depends = freetype2 - depends = graphviz - depends = jbigkit - depends = jemalloc - depends = libjpeg-turbo - depends = libtiff - depends = pango - depends = xz - depends = zlib + depends = gsfonts + depends = ttf-dejavu + depends = pstoedit-nomagick depends = autotrace-nomagick depends = flif - depends = libde265 depends = libfpx - depends = libraqm depends = libumem-git - source = imagemagick-full-git::git+https://github.com/ImageMagick/ImageMagick.git + source = git+https://github.com/ImageMagick/ImageMagick.git + source = imagemagick-full-security-fix.patch source = arch-fonts.diff sha256sums = SKIP + sha256sums = e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e sha256sums = a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73 pkgname = libmagick-full-git pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features, git version) (library) + optdepends = ttf-mac-fonts: for Apple fonts support provides = libmagick provides = libmagick-git provides = libMagickCore-7.Q32HDRI.so @@ -106,11 +72,9 @@ pkgname = libmagick-full-git conflicts = libmagick options = !emptydirs options = libtool - backup = etc//coder.xml backup = etc//colors.xml backup = etc//delegates.xml backup = etc//log.xml - backup = etc//magic.xml backup = etc//mime.xml backup = etc//policy.xml backup = etc//quantization-table.xml @@ -120,11 +84,9 @@ pkgname = libmagick-full-git backup = etc//type-ghostscript.xml pkgname = imagemagick-full-git - depends = libmagick-full-git=7.0.8.15.r14948.g2f1375d5f-1 - depends = perl>= - depends = perl< + depends = libmagick-full-git=7.0.8.15.r15029.g459b67438-1 + depends = perl optdepends = imagemagick-full-doc-git: manual and API docs - optdepends = ttf-mac-fonts: for Apple fonts support provides = imagemagick provides = imagemagick-git conflicts = imagemagick @@ -133,7 +95,7 @@ pkgname = imagemagick-full-git pkgname = imagemagick-full-doc-git pkgdesc = An image viewing/manipulation program (Q32 HDRI with all libs and features, git version) (manual and API docs) arch = any + depends = provides = imagemagick-doc - provides = imagemagick-doc-git conflicts = imagemagick-doc @@ -6,24 +6,16 @@ # http://www.x.org/releases/X11R7.7/doc/xorg-docs/graphics/dps.html # NOTE (2): -# Change font directories bellow to match yours. -# DeJaVu and GhostScript font directories provided bellow are the default ones. -# Windows font directory provided bellow is set according to the example in Arch Linux Wiki. -# This Windows font directory example is for people that copy/link fonts from a Windows -# installation. If you prefer, you can choose an AUR package that provides the Windows fonts -# as described in the Wiki and change the directory accordingly. +# change font directories in build() to match yours: +# - deJaVu and GhostScript font directories are the default ones +# - Windows font directory is set according to a Wiki example -_dejavu_font_dir='/usr/share/fonts/TTF' -_gs_font_dir='/usr/share/fonts/Type1' -_urw_font_dir='/usr/share/fonts/gsfonts' -_windows_font_dir='/usr/share/fonts/WindowsFonts' -_1st_apple_font_dir='/usr/share/fonts/TTF' -_2nd_apple_font_dir='/usr/share/fonts/Type1' _qdepth='32' pkgbase=imagemagick-full-git pkgname=('libmagick-full-git' 'imagemagick-full-git' 'imagemagick-full-doc-git') -pkgver=7.0.8.15.r14948.g2f1375d5f +_srcname=ImageMagick +pkgver=7.0.8.15.r15029.g459b67438 pkgrel=1 arch=('i686' 'x86_64') pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all libs and features, git version)" @@ -31,44 +23,44 @@ url='http://www.imagemagick.org/' license=('custom') depends=( # official repositories: - 'libltdl' 'lcms2' 'fontconfig' 'libxext' 'liblqr' 'libraqm' 'libpng' - 'gsfonts' 'ttf-dejavu' 'ghostpcl' 'ghostxps' - 'ghostscript' 'libraw' 'librsvg' 'libwebp' 'libwmf' 'libxml2' - 'ocl-icd' 'openexr' 'openjpeg2' 'pango' - 'glu' 'libxt' 'bzip2' 'djvulibre' 'fftw' 'freetype2' 'graphviz' - 'jbigkit' 'jemalloc' 'libjpeg-turbo' 'libtiff' 'pango' 'xz' 'zlib' + 'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext' + 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz' + 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo' + 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd' + 'gsfonts' 'ttf-dejavu' # AUR: - 'autotrace-nomagick' 'flif' 'libde265' 'libfpx' 'libraqm' 'libumem-git' + 'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git' ) -makedepends=( - # official repositories: - 'git' - 'libltdl' 'lcms2' 'fontconfig' 'libxext' 'liblqr' 'libraqm' 'libpng' - 'gsfonts' 'ttf-dejavu' 'opencl-headers' 'chrpath' 'ghostpcl' 'ghostxps' - 'ghostscript' 'libraw' 'librsvg' 'libwebp' 'libwmf' 'libxml2' - 'ocl-icd' 'openexr' 'openjpeg2' 'pango' - 'glu' 'libxt' 'bzip2' 'djvulibre' 'fftw' 'freetype2' 'graphviz' - 'jbigkit' 'jemalloc' 'libjpeg-turbo' 'libtiff' 'pango' 'xz' 'zlib' - # AUR: - 'autotrace-nomagick' 'flif' 'libde265' 'libfpx' 'libraqm' 'libumem-git' -) -source=("$pkgbase"::'git+https://github.com/ImageMagick/ImageMagick.git' +makedepends=('git' 'perl' 'jbigkit' 'opencl-headers' 'glu' 'ghostpcl' 'ghostxps' + 'zstd' 'chrpath') +source=('git+https://github.com/ImageMagick/ImageMagick.git' + 'imagemagick-full-security-fix.patch' 'arch-fonts.diff') sha256sums=('SKIP' + 'e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e' 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73') prepare() { - cd "$pkgbase" + cd "$_srcname" - # fix for 'sh: gitversion.sh: command not found' during autoreconf - sed -i 's|(gitversion|(./gitversion|' configure.ac + # 1) workaround for ghostscript security issues: + # https://bugs.archlinux.org/task/59778 + # 2) security fix: + # https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 + # https://imagetragick.com/ + patch -Np1 -i "${srcdir}/imagemagick-full-security-fix.patch" # fix up typemaps to match Arch Linux packages, where possible patch -Np1 -i "${srcdir}/arch-fonts.diff" + + # fix for 'sh: gitversion.sh: command not found' during autoreconf + sed -i 's|(gitversion|(./gitversion|' configure.ac + + autoreconf -fis } pkgver() { - cd "$pkgbase" + cd "$_srcname" local _version local _release @@ -82,25 +74,18 @@ pkgver() { } build() { - cd "$pkgbase" + cd "$_srcname" export CFLAGS="${CFLAGS} -I/usr/include/FLIF" - autoreconf -fis - ./configure \ --prefix='/usr' \ --sysconfdir='/etc' \ --enable-openmp \ --enable-opencl \ - --enable-largefile \ - --enable-static='no' \ - --enable-shared='yes' \ - --enable-fast-install='yes' \ --disable-delegate-build \ --enable-cipher \ --enable-hdri \ - --enable-hugepages \ --enable-docs \ --with-threads \ --with-modules \ @@ -113,6 +98,7 @@ build() { --with-bzlib \ --with-x \ --with-zlib \ + --with-zstd \ --with-autotrace \ --without-dps \ --with-fftw \ @@ -140,25 +126,40 @@ build() { --with-webp \ --with-wmf \ --with-xml \ - --with-dejavu-font-dir="$_dejavu_font_dir" \ - --with-gs-font-dir="$_gs_font_dir" \ - --with-urw-base35-font-dir="$_urw_font_dir" \ - --with-windows-font-dir="$_windows_font_dir" \ - --with-apple-font-dir="$_1st_apple_font_dir" \ - --with-fontpath="$_2nd_apple_font_dir" \ + --with-dejavu-font-dir='/usr/share/fonts/TTF' \ + --with-gs-font-dir='/usr/share/fonts/gsfonts' \ + --with-urw-base35-font-dir='/usr/share/fonts/gsfonts' \ + --with-windows-font-dir='/usr/share/fonts/WindowsFonts' \ + --with-apple-font-dir='/usr/share/fonts/TTF' \ + --with-fontpath='/usr/share/fonts/Type1' \ PSDelegate='/usr/bin/gs' \ XPSDelegate='/usr/bin/gxps' \ - PCLDelegate='/usr/bin/gpcl6' \ + PCLDelegate='/usr/bin/gpcl6' + + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool make } +check() ( + cd "$_srcname" + + ulimit -n 4096 + sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch + + make check +) + package_libmagick-full-git() { local _majorver="${pkgver%%.*}" local _etcdir="ImageMagick-${_majorver}" pkgdesc+=' (library)' - backup=(etc/"$_etcdir"/{coder,colors,delegates,log,magic,mime,policy,quantization-table,thresholds,type,type-{dejavu,ghostscript}}.xml) + optdepends=( + # AUR: + 'ttf-mac-fonts: for Apple fonts support' + ) + backup=(etc/"$_etcdir"/{colors,delegates,log,mime,policy,quantization-table,thresholds,type,type-{dejavu,ghostscript}}.xml) options=('!emptydirs' 'libtool') provides=('libmagick' 'libmagick-git' "libMagickCore-${pkgver%%.*}.Q${_qdepth}HDRI.so" @@ -166,67 +167,41 @@ package_libmagick-full-git() { "libMagick++-${pkgver%%.*}.Q${_qdepth}HDRI.so") conflicts=('libmagick') - cd "$pkgbase" + cd "$_srcname" make DESTDIR="$pkgdir" install - rm -f "$pkgdir"/usr/lib/*.la + rm "$pkgdir"/usr/lib/*.la install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" rm -rf binpkg/* docpkg/* - mkdir -p binpkg/usr/lib {binpkg,docpkg}/usr/share # split 'imagemagick' - cd binpkg - mv -f "${pkgdir}/usr/bin" usr/ - mv -f "${pkgdir}/usr/lib/perl5" usr/lib/ - mv -f "${pkgdir}/usr/share/man" usr/share/ + mv "${pkgdir}/usr/bin" binpkg/usr/ + mv "${pkgdir}/usr/lib/perl5" binpkg/usr/lib/ + mv "${pkgdir}/usr/share/man" binpkg/usr/share/ # split docs - cd "${srcdir}/${pkgbase}/docpkg" - mv -f "${pkgdir}/usr/share/doc" usr/share/ - - # security fix - # https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 - # https://imagetragick.com/ - sed -i '65i\ \<policy domain="coder" rights="none" pattern="EPHEMERAL" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '66i\ \<policy domain="coder" rights="none" pattern="URL" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '67i\ \<policy domain="coder" rights="none" pattern="HTTPS" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '68i\ \<policy domain="coder" rights="none" pattern="MVG" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '69i\ \<policy domain="coder" rights="none" pattern="MSL" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '70i\ \<policy domain="coder" rights="none" pattern="TEXT" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '71i\ \<policy domain="coder" rights="none" pattern="SHOW" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '72i\ \<policy domain="coder" rights="none" pattern="WIN" />' "${pkgdir}/etc/${_etcdir}/policy.xml" - sed -i '73i\ \<policy domain="coder" rights="none" pattern="PLT" />' "${pkgdir}/etc/${_etcdir}/policy.xml" + mv "${pkgdir}/usr/share/doc" docpkg/usr/share/ } package_imagemagick-full-git() { - depends=("libmagick-full-git=${pkgver}-${pkgrel}") + depends=("libmagick-full-git=${pkgver}-${pkgrel}" 'perl') optdepends=( # AUR: 'imagemagick-full-doc-git: manual and API docs' - 'ttf-mac-fonts: for Apple fonts support' ) provides=('imagemagick' 'imagemagick-git') conflicts=('imagemagick') options=('!emptydirs') - cd "$pkgbase" - - mv -f binpkg/* "$pkgdir" + cd "$_srcname" - find "$pkgdir/usr/lib/perl5" -name '*.so' -exec chrpath -d {} + + cp -a binpkg/* "$pkgdir" - # template start; name=perl-binary-module-dependency; version=1; - if [ "$(find "${pkgdir}/usr/lib/perl5/" -name '*.so')" ] - then - local _perlver_min="$(perl -e '$v = $^V->{version}; print $v->[0].".".($v->[1]);')" - local _perlver_max="$(perl -e '$v = $^V->{version}; print $v->[0].".".($v->[1]+1);')" - depends+=("perl>=${_perlver_min}" "perl<${_perlver_max}") - fi - # template end; + find "${pkgdir}/usr/lib/perl5" -name '*.so' -exec chrpath -d {} + install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" @@ -235,12 +210,13 @@ package_imagemagick-full-git() { package_imagemagick-full-doc-git() { pkgdesc+=' (manual and API docs)' arch=('any') - provides=('imagemagick-doc' 'imagemagick-doc-git') + depends=() + provides=('imagemagick-doc') conflicts=('imagemagick-doc') - cd "$pkgbase" + cd "$_srcname" - mv -f docpkg/* "$pkgdir" + cp -a docpkg/* "$pkgdir" install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" diff --git a/imagemagick-full-security-fix.patch b/imagemagick-full-security-fix.patch new file mode 100644 index 000000000000..4f2d347fd424 --- /dev/null +++ b/imagemagick-full-security-fix.patch @@ -0,0 +1,20 @@ +diff -Naurp a/config/policy.xml b/config/policy.xml +--- a/config/policy.xml 2018-10-24 23:55:43.000000000 +0000 ++++ b/config/policy.xml 2018-11-23 12:50:49.475631653 +0000 +@@ -69,6 +69,16 @@ + <!-- <policy domain="resource" name="throttle" value="0"/> --> + <!-- <policy domain="resource" name="time" value="3600"/> --> + <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> ++ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++ <policy domain="coder" rights="none" pattern="URL" /> ++ <policy domain="coder" rights="none" pattern="HTTPS" /> ++ <policy domain="coder" rights="none" pattern="MVG" /> ++ <policy domain="coder" rights="none" pattern="MSL" /> ++ <policy domain="coder" rights="none" pattern="TEXT" /> ++ <policy domain="coder" rights="none" pattern="SHOW" /> ++ <policy domain="coder" rights="none" pattern="WIN" /> ++ <policy domain="coder" rights="none" pattern="PLT" /> ++ <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" /> + <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> --> + <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> + <!-- <policy domain="path" rights="none" pattern="@*" /> --> |