CVS commit: pkgsrc/graphics/ImageMagick

["Leonardo Taccari" <leot%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   leot
Date:           Thu Aug 23 14:52:23 UTC 2018

Modified Files:
        pkgsrc/graphics/ImageMagick: Makefile distinfo
        pkgsrc/graphics/ImageMagick/patches: patch-config_policy.xml

Log Message:
ImageMagick: Also block PS2 and PS3 coders in policy.xml

At least when reading PS2 and PS3 files via
`convert PS2:<input> <output>' and `convert PS3:<input> <output>'
gslib/ghostscript will be invoked and hence subject to VU#332928.

Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from
VU#332928 update).


To generate a diff of this commit:
cvs rdiff -u -r1.246 -r1.247 pkgsrc/graphics/ImageMagick/Makefile
cvs rdiff -u -r1.191 -r1.192 pkgsrc/graphics/ImageMagick/distinfo
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/ImageMagick/Makefile
diff -u pkgsrc/graphics/ImageMagick/Makefile:1.246 pkgsrc/graphics/ImageMagick/Makefile:1.247
--- pkgsrc/graphics/ImageMagick/Makefile:1.246  Wed Aug 22 13:39:24 2018
+++ pkgsrc/graphics/ImageMagick/Makefile        Thu Aug 23 14:52:22 2018
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.246 2018/08/22 13:39:24 leot Exp $
+# $NetBSD: Makefile,v 1.247 2018/08/23 14:52:22 leot Exp $
 
-PKGREVISION= 2
+PKGREVISION=   3
 .include "Makefile.common"
 
 PKGNAME=       ImageMagick-${DISTVERSION}

Index: pkgsrc/graphics/ImageMagick/distinfo
diff -u pkgsrc/graphics/ImageMagick/distinfo:1.191 pkgsrc/graphics/ImageMagick/distinfo:1.192
--- pkgsrc/graphics/ImageMagick/distinfo:1.191  Wed Aug 22 13:39:24 2018
+++ pkgsrc/graphics/ImageMagick/distinfo        Thu Aug 23 14:52:22 2018
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.191 2018/08/22 13:39:24 leot Exp $
+$NetBSD: distinfo,v 1.192 2018/08/23 14:52:22 leot Exp $
 
 SHA1 (ImageMagick-7.0.8-10.tar.xz) = c69fb5b1ec2d04711a98df8762926a37e3f13bc5
 RMD160 (ImageMagick-7.0.8-10.tar.xz) = 9e5339d7e4f2dbc42090cd8394bca5b97dc485ba
 SHA512 (ImageMagick-7.0.8-10.tar.xz) = a4869e0a9be5e04c04fcd1fce5c4141d63968ee7f1dd78d84724921f2f088bdcea8c3b3799e1ff555a2a04dec32a1fb7c4a1e6053a6185e9a36c6ae0f1b9c6ed
 Size (ImageMagick-7.0.8-10.tar.xz) = 8635496 bytes
-SHA1 (patch-config_policy.xml) = 2b7e37cc8fedb0d06502ba1d7e65a5aea9d6ec96
+SHA1 (patch-config_policy.xml) = 2c446a00fc00f85ab33eae0691d4d8989a46289f

Index: pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml
diff -u pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml:1.1 pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml:1.2
--- pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml:1.1     Wed Aug 22 13:39:24 2018
+++ pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml Thu Aug 23 14:52:22 2018
@@ -1,11 +1,11 @@
-$NetBSD: patch-config_policy.xml,v 1.1 2018/08/22 13:39:24 leot Exp $
+$NetBSD: patch-config_policy.xml,v 1.2 2018/08/23 14:52:22 leot Exp $
 
 Disable ghostscript coders by default to workaround VU#332928:
 <https://www.kb.cert.org/vuls/id/332928>
 
 --- config/policy.xml.orig     2018-08-13 11:05:28.000000000 +0000
 +++ config/policy.xml
-@@ -74,4 +74,14 @@
+@@ -74,4 +74,16 @@
    <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
    <!-- <policy domain="cache" name="synchronize" value="True"/> -->
    <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
@@ -15,6 +15,8 @@ Disable ghostscript coders by default to
 +    --  <https://www.kb.cert.org/vuls/id/332928>
 +    -->
 +  <policy domain="coder" rights="none" pattern="PS" />
++  <policy domain="coder" rights="none" pattern="PS2" />
++  <policy domain="coder" rights="none" pattern="PS3" />
 +  <policy domain="coder" rights="none" pattern="EPS" />
 +  <policy domain="coder" rights="none" pattern="PDF" />
 +  <policy domain="coder" rights="none" pattern="XPS" />