diff options
author | Daniel Bermond | 2019-10-03 13:29:27 +0000 |
---|---|---|
committer | Daniel Bermond | 2019-10-03 13:29:27 +0000 |
commit | 1b24efcf8d3238bb0e3aec6fa8f84463063a4e5a (patch) | |
tree | 740d0ade589347c42e63688c85006c0f5f2c0e28 /PKGBUILD | |
parent | b4585ebe72e1effaf202c147994c318dea3e8bf7 (diff) | |
download | aur-1b24efcf8d3238bb0e3aec6fa8f84463063a4e5a.tar.gz |
Add tcmalloc support. gs security issues.
Diffstat (limited to 'PKGBUILD')
-rw-r--r-- | PKGBUILD | 46 |
1 files changed, 21 insertions, 25 deletions
@@ -5,7 +5,11 @@ # For more information about DPS being obsolete please visit: # http://www.x.org/releases/X11R7.7/doc/xorg-docs/graphics/dps.html -# NOTE (2): +# NOTE (2): linking to ghostscript libs (gslib) is disabled due to +# security issues. ImageMagick will call 'gs' executable directly +# instead. See: https://bugs.archlinux.org/task/62171 + +# NOTE (3): # change font directories in build() to match yours: # - deJaVu and GhostScript font directories are the default ones # - Windows font directory is set according to a Wiki example @@ -15,10 +19,10 @@ _qdepth='32' pkgbase=imagemagick-full-git pkgname=('imagemagick-full-git' 'imagemagick-full-doc-git') _srcname=ImageMagick -pkgver=7.0.8.50.r15714.g84a30c031 +pkgver=7.0.8.68.r16153.g07fb0fdd5 pkgrel=1 arch=('x86_64') -pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all libs and features, git version)" +pkgdesc="An image viewing/manipulation program (Q${_qdepth} HDRI with all features, git version)" url='https://www.imagemagick.org/' license=('custom') makedepends=( @@ -26,19 +30,16 @@ makedepends=( 'git' 'perl' 'jbigkit' 'opencl-headers' 'glu' 'ghostpcl' 'ghostxps' 'zstd' 'chrpath' 'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext' - 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz' - 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo' - 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd' - 'gsfonts' 'ttf-dejavu' 'perl' + 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'gperftools' 'djvulibre' 'libraw' + 'graphviz' 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' + 'cairo' 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' + 'ocl-icd' 'gsfonts' 'ttf-dejavu' 'perl' 'gperftools' # AUR: 'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git' ) -BUILDENV+=('!check') source=('git+https://github.com/ImageMagick/ImageMagick.git' - 'imagemagick-full-security-fix.patch' 'arch-fonts.diff') sha256sums=('SKIP' - 'e2453381d283c33107194fa791d6b9b2c4c1856afb936d4fa010c05aaebe538e' 'a85b744c61b1b563743ecb7c7adad999d7ed9a8af816650e3ab9321b2b102e73') prepare() { @@ -46,13 +47,6 @@ prepare() { mkdir -p docpkg/usr/share - # 1) workaround for ghostscript security issues: - # https://bugs.archlinux.org/task/59778 - # 2) security fix: - # https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 - # https://imagetragick.com/ - patch -Np1 -i "${srcdir}/imagemagick-full-security-fix.patch" - # fix up typemaps to match Arch Linux packages, where possible patch -Np1 -i "${srcdir}/arch-fonts.diff" @@ -97,6 +91,7 @@ build() { --with-perl \ --with-perl-options='INSTALLDIRS=vendor' \ --with-jemalloc \ + --with-tcmalloc \ --with-umem \ --with-bzlib \ --with-x \ @@ -111,7 +106,7 @@ build() { --with-fontconfig \ --with-freetype \ --with-raqm \ - --with-gslib \ + --without-gslib \ --with-gvc \ --with-heic \ --with-jbig \ @@ -146,10 +141,8 @@ build() { check() ( cd "$_srcname" - ulimit -n 4096 - sed -e '/validate-formats/d' -i Makefile # these fail due to the security patch - + sed -e '/validate-formats/d' -i Makefile make check ) @@ -159,10 +152,10 @@ package_imagemagick-full-git() { depends=( # official repositories: 'lcms2' 'libraqm' 'liblqr' 'fftw' 'libxml2' 'fontconfig' 'freetype2' 'libxext' - 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'djvulibre' 'libraw' 'graphviz' - 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' 'cairo' - 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' 'ocl-icd' - 'gsfonts' 'ttf-dejavu' 'perl' + 'libx11' 'bzip2' 'zlib' 'libltdl' 'jemalloc' 'gperftools' 'djvulibre' 'libraw' + 'graphviz' 'openexr' 'libheif' 'openjpeg2' 'libjpeg-turbo' 'xz' 'glib2' 'pango' + 'cairo' 'libpng' 'ghostscript' 'ming' 'librsvg' 'libtiff' 'libwebp' 'libwmf' + 'ocl-icd' 'gsfonts' 'ttf-dejavu' 'perl' # AUR: 'pstoedit-nomagick' 'autotrace-nomagick' 'flif' 'libfpx' 'libumem-git' ) @@ -185,6 +178,9 @@ package_imagemagick-full-git() { # split docs mv "${pkgdir}/usr/share/doc" docpkg/usr/share/ + # harden security policy: https://bugs.archlinux.org/task/62785 + sed -e '/<\/policymap>/i \ \ <policy domain="delegate" rights="none" pattern="gs" \/>' -i "${pkgdir}/etc/ImageMagick-7/policy.xml" + install -D -m644 LICENSE -t "${pkgdir}/usr/share/licenses/${pkgname}" install -D -m644 NOTICE -t "${pkgdir}/usr/share/licenses/${pkgname}" } |