CVS commit: pkgsrc/graphics/ImageMagick

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/ImageMagick
From: "Nia Alarie" <nia%netbsd.org@localhost>
Date: Fri, 23 Apr 2021 07:23:29 +0000

Module Name:    pkgsrc
Committed By:   nia
Date:           Fri Apr 23 07:23:29 UTC 2021

Modified Files:
        pkgsrc/graphics/ImageMagick: Makefile distinfo
        pkgsrc/graphics/ImageMagick/patches: patch-config_policy.xml

Log Message:
ImageMagick: overhaul default policy following discussion

allow writing PDF/PostScript, disallow other coders following
"imagetragick" recommendations

bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -u -r1.287 -r1.288 pkgsrc/graphics/ImageMagick/Makefile
cvs rdiff -u -r1.248 -r1.249 pkgsrc/graphics/ImageMagick/distinfo
cvs rdiff -u -r1.8 -r1.9 \
    pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/ImageMagick/Makefile
diff -u pkgsrc/graphics/ImageMagick/Makefile:1.287 pkgsrc/graphics/ImageMagick/Makefile:1.288
--- pkgsrc/graphics/ImageMagick/Makefile:1.287  Wed Apr 21 13:24:11 2021
+++ pkgsrc/graphics/ImageMagick/Makefile        Fri Apr 23 07:23:29 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.287 2021/04/21 13:24:11 adam Exp $
+# $NetBSD: Makefile,v 1.288 2021/04/23 07:23:29 nia Exp $
 
-PKGREVISION= 2
+PKGREVISION= 3
 .include "Makefile.common"
 
 PKGNAME=       ImageMagick-${DISTVERSION}

Index: pkgsrc/graphics/ImageMagick/distinfo
diff -u pkgsrc/graphics/ImageMagick/distinfo:1.248 pkgsrc/graphics/ImageMagick/distinfo:1.249
--- pkgsrc/graphics/ImageMagick/distinfo:1.248  Tue Apr 20 16:28:16 2021
+++ pkgsrc/graphics/ImageMagick/distinfo        Fri Apr 23 07:23:29 2021
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.248 2021/04/20 16:28:16 wiz Exp $
+$NetBSD: distinfo,v 1.249 2021/04/23 07:23:29 nia Exp $
 
 SHA1 (ImageMagick-7.0.11-8.tar.xz) = 04e57678910593fbdc7e57d5f5c6740de731425a
 RMD160 (ImageMagick-7.0.11-8.tar.xz) = 45176a36c35efa4af252d6633df0f89d2cfc9a41
 SHA512 (ImageMagick-7.0.11-8.tar.xz) = e4aa87b30bb75fba815cd4f617a7c0dba29523c03ad6670c7514842587678553d0b45100ccd6e041d59628cf30fe047243d440af78b39d0f82cd405ff0ea0f96
 Size (ImageMagick-7.0.11-8.tar.xz) = 10280632 bytes
-SHA1 (patch-config_policy.xml) = 55b8f30200a1e790543f38bf850026100ed5fdca
+SHA1 (patch-config_policy.xml) = 492aa9fa410dbbbded377fbcf06675f32224e5d8

Index: pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml
diff -u pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml:1.8 pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml:1.9
--- pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml:1.8     Mon Jan  4 10:20:15 2021
+++ pkgsrc/graphics/ImageMagick/patches/patch-config_policy.xml Fri Apr 23 07:23:29 2021
@@ -1,25 +1,38 @@
-$NetBSD: patch-config_policy.xml,v 1.8 2021/01/04 10:20:15 wiz Exp $
+$NetBSD: patch-config_policy.xml,v 1.9 2021/04/23 07:23:29 nia Exp $
 
-Disable ghostscript coders by default to workaround VU#332928:
-<https://www.kb.cert.org/vuls/id/332928>
+Update default policies for better resistance to untrusted input.
 
---- config/policy.xml.orig     2021-01-02 12:53:07.000000000 +0000
+Discussion:
+http://mail-index.netbsd.org/tech-pkg/2021/04/03/msg024740.html
+
+--- config/policy.xml.orig     2021-04-17 15:26:24.000000000 +0000
 +++ config/policy.xml
-@@ -76,6 +76,18 @@
+@@ -76,6 +76,29 @@
    <!-- <policy domain="cache" name="synchronize" value="True"/> -->
    <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
    <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
 +
 +  <!-- 
-+    -- Disable ghostscript coders as suggested by VU#332928
++    -- Disable ghostscript decoders as suggested by VU#332928
 +    --  <https://www.kb.cert.org/vuls/id/332928>
 +    -->
-+  <policy domain="coder" rights="none" pattern="PS" />
-+  <policy domain="coder" rights="none" pattern="PS2" />
-+  <policy domain="coder" rights="none" pattern="PS3" />
-+  <policy domain="coder" rights="none" pattern="EPS" />
-+  <policy domain="coder" rights="none" pattern="PDF" />
-+  <policy domain="coder" rights="none" pattern="XPS" />
++  <policy domain="coder" rights="write" pattern="PS" />
++  <policy domain="coder" rights="write" pattern="PS2" />
++  <policy domain="coder" rights="write" pattern="PS3" />
++  <policy domain="coder" rights="write" pattern="EPS" />
++  <policy domain="coder" rights="write" pattern="PDF" />
++  <policy domain="coder" rights="write" pattern="XPS" />
++
++  <!-- Recommended policies from <https://imagetragick.com/> -->
++  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
++  <policy domain="coder" rights="none" pattern="URL" />
++  <policy domain="coder" rights="none" pattern="HTTPS" />
++  <policy domain="coder" rights="none" pattern="MVG" />
++  <policy domain="coder" rights="none" pattern="MSL" />
++  <policy domain="coder" rights="none" pattern="TEXT" />
++  <policy domain="coder" rights="none" pattern="SHOW" />
++  <policy domain="coder" rights="none" pattern="WIN" />
++  <policy domain="coder" rights="none" pattern="PLT" />
 +
    <!-- <policy domain="system" name="shred" value="2"/> -->
    <!-- <policy domain="system" name="precision" value="6"/> -->

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/hs-data-fix
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/devel/hs-data-fix
Indexes:

Home | Main Index | Thread Index | Old Index