commit: 1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1 Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> AuthorDate: Fri Jun 9 14:41:16 2023 +0000 Commit: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> CommitDate: Fri Jun 9 14:41:37 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1acdac07
media-gfx/imagemagick: Drop overreaching hardening Closes: https://bugs.gentoo.org/716674 Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org> ...9999.ebuild => imagemagick-6.9.12.89-r1.ebuild} | 80 ++++------------------ ...-9999.ebuild => imagemagick-7.1.1.11-r1.ebuild} | 44 +----------- media-gfx/imagemagick/imagemagick-9999.ebuild | 42 ------------ 3 files changed, 15 insertions(+), 151 deletions(-) diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild similarity index 72% copy from media-gfx/imagemagick/imagemagick-9999.ebuild copy to media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild index bb71c03ea1cb..564d60496adb 100644 --- a/media-gfx/imagemagick/imagemagick-9999.ebuild +++ b/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild @@ -4,17 +4,17 @@ EAPI=8 QA_PKGCONFIG_VERSION=$(ver_cut 1-3) -inherit autotools flag-o-matic perl-functions toolchain-funcs +inherit flag-o-matic libtool perl-functions toolchain-funcs if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"; + EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick6.git"; inherit git-r3 MY_P="imagemagick-9999" else MY_PV="$(ver_rs 3 '-')" MY_P="ImageMagick-${MY_PV}" SRC_URI="mirror://imagemagick/${MY_P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" fi S="${WORKDIR}/${MY_P}" @@ -25,8 +25,8 @@ HOMEPAGE="https://www.imagemagick.org/"; LICENSE="imagemagick" # Please check this on bumps, SONAME is often not updated! Use abidiff on old/new. # If ABI is broken, change the bit after the '-'. -SLOT="0/$(ver_cut 1-3)-43" -IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k jpegxl lcms lqr lzma opencl openexr openmp pango perl +png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zip zlib" +SLOT="0/$(ver_cut 1-3)-58" +IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl +png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib" REQUIRED_USE="corefonts? ( truetype ) svg? ( xml ) @@ -48,7 +48,6 @@ RDEPEND=" jbig? ( >=media-libs/jbigkit-2:= ) jpeg? ( media-libs/libjpeg-turbo:= ) jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 ) - jpegxl? ( >=media-libs/libjxl-0.6 ) lcms? ( media-libs/lcms:2= ) lqr? ( media-libs/liblqr ) opencl? ( virtual/opencl ) @@ -77,16 +76,11 @@ RDEPEND=" ) xml? ( dev-libs/libxml2 ) lzma? ( app-arch/xz-utils ) - zip? ( dev-libs/libzip:= ) zlib? ( sys-libs/zlib:= )" DEPEND="${RDEPEND} X? ( x11-base/xorg-proto )" BDEPEND="virtual/pkgconfig" -PATCHES=( - "${FILESDIR}/${PN}-9999-nocputuning.patch" -) - pkg_pretend() { [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp } @@ -98,20 +92,10 @@ pkg_setup() { src_prepare() { default - #elibtoolize # for Darwin modules - eautoreconf - - # Apply hardening, bug #664236 - cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die - sed -i -e '/^<policymap>$/ { - r policy-hardening.snippet - d - }' \ - config/policy.xml || \ - die "Failed to apply hardening of policy.xml" - einfo "policy.xml hardened" + # for Darwin modules + elibtoolize - # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 + # For testsuite, see bug #500580#c3 local ati_cards mesa_cards nvidia_cards render_cards shopt -s nullglob ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') @@ -157,7 +141,6 @@ src_configure() { --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts $(use_with bzip2 bzlib) $(use_with X x) - $(use_with zip) $(use_with zlib) --without-autotrace $(use_with postscript dps) @@ -173,7 +156,6 @@ src_configure() { $(use_with jbig) $(use_with jpeg) $(use_with jpeg2k openjp2) - $(use_with jpegxl jxl) $(use_with lcms) $(use_with lqr) $(use_with lzma) @@ -187,13 +169,14 @@ src_configure() { $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts) $(use_with wmf) $(use_with xml) + --with-gcc-arch=no-automagic ) CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}" } src_test() { - # Install default (unrestricted) policy in $HOME for test suite, bug #664238 + # Install default (unrestricted) policy in ${HOME} for test suite, bug #664238 local _im_local_config_home="${HOME}/.config/ImageMagick" mkdir -p "${_im_local_config_home}" || \ die "Failed to create IM config dir in '${_im_local_config_home}'" @@ -201,12 +184,8 @@ src_test() { die "Failed to install default blank policy.xml in '${_im_local_config_home}'" local im_command= IM_COMMANDS=() - if [[ ${PV} == 9999 ]] ; then - IM_COMMANDS+=( "magick -version" ) # Show version we are using -- cannot verify because of live ebuild - else - IM_COMMANDS+=( "magick -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built - fi - IM_COMMANDS+=( "magick -list policy" ) # Verify that policy.xml is used + IM_COMMANDS+=( "identify -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built + IM_COMMANDS+=( "identify -list policy" ) # Verify that policy.xml is used IM_COMMANDS+=( "emake check" ) # Run tests for im_command in "${IM_COMMANDS[@]}"; do @@ -241,41 +220,10 @@ src_install() { EOF insinto /etc/sandbox.d - doins "${T}"/99${PN} #472766 + # bug #472766 + doins "${T}"/99${PN} fi insinto /usr/share/${PN} doins config/*icm } - -pkg_postinst() { - local _show_policy_xml_notice= - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - # This is a new installation - _show_policy_xml_notice=yes - else - local v - for v in ${REPLACING_VERSIONS}; do - if ! ver_test "${v}" -gt "7.0.8.10-r2"; then - # This is an upgrade - _show_policy_xml_notice=yes - - # Show this elog only once - break - fi - done - fi - - if [[ -n "${_show_policy_xml_notice}" ]]; then - elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7" - elog "which will prevent the usage of the following coders by default:" - elog "" - elog " - PS" - elog " - PS2" - elog " - PS3" - elog " - EPS" - elog " - PDF" - elog " - XPS" - fi -} diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild similarity index 87% copy from media-gfx/imagemagick/imagemagick-9999.ebuild copy to media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild index bb71c03ea1cb..7ebb6810d720 100644 --- a/media-gfx/imagemagick/imagemagick-9999.ebuild +++ b/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild @@ -14,7 +14,7 @@ else MY_PV="$(ver_rs 3 '-')" MY_P="ImageMagick-${MY_PV}" SRC_URI="mirror://imagemagick/${MY_P}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" fi S="${WORKDIR}/${MY_P}" @@ -101,16 +101,6 @@ src_prepare() { #elibtoolize # for Darwin modules eautoreconf - # Apply hardening, bug #664236 - cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die - sed -i -e '/^<policymap>$/ { - r policy-hardening.snippet - d - }' \ - config/policy.xml || \ - die "Failed to apply hardening of policy.xml" - einfo "policy.xml hardened" - # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 local ati_cards mesa_cards nvidia_cards render_cards shopt -s nullglob @@ -247,35 +237,3 @@ src_install() { insinto /usr/share/${PN} doins config/*icm } - -pkg_postinst() { - local _show_policy_xml_notice= - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - # This is a new installation - _show_policy_xml_notice=yes - else - local v - for v in ${REPLACING_VERSIONS}; do - if ! ver_test "${v}" -gt "7.0.8.10-r2"; then - # This is an upgrade - _show_policy_xml_notice=yes - - # Show this elog only once - break - fi - done - fi - - if [[ -n "${_show_policy_xml_notice}" ]]; then - elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7" - elog "which will prevent the usage of the following coders by default:" - elog "" - elog " - PS" - elog " - PS2" - elog " - PS3" - elog " - EPS" - elog " - PDF" - elog " - XPS" - fi -} diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild index bb71c03ea1cb..7b351a60af4a 100644 --- a/media-gfx/imagemagick/imagemagick-9999.ebuild +++ b/media-gfx/imagemagick/imagemagick-9999.ebuild @@ -101,16 +101,6 @@ src_prepare() { #elibtoolize # for Darwin modules eautoreconf - # Apply hardening, bug #664236 - cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die - sed -i -e '/^<policymap>$/ { - r policy-hardening.snippet - d - }' \ - config/policy.xml || \ - die "Failed to apply hardening of policy.xml" - einfo "policy.xml hardened" - # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 local ati_cards mesa_cards nvidia_cards render_cards shopt -s nullglob @@ -247,35 +237,3 @@ src_install() { insinto /usr/share/${PN} doins config/*icm } - -pkg_postinst() { - local _show_policy_xml_notice= - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - # This is a new installation - _show_policy_xml_notice=yes - else - local v - for v in ${REPLACING_VERSIONS}; do - if ! ver_test "${v}" -gt "7.0.8.10-r2"; then - # This is an upgrade - _show_policy_xml_notice=yes - - # Show this elog only once - break - fi - done - fi - - if [[ -n "${_show_policy_xml_notice}" ]]; then - elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7" - elog "which will prevent the usage of the following coders by default:" - elog "" - elog " - PS" - elog " - PS2" - elog " - PS3" - elog " - EPS" - elog " - PDF" - elog " - XPS" - fi -}
