diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2018-08-24 16:33:55 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2018-08-24 16:34:15 +0200 |
| commit | df7afbda6b12a68578833225e694cee011b20342 (patch) | |
| tree | ebc9eed1157703768570d984e9f0a1621551ad9f /media-gfx/imagemagick/imagemagick-9999.ebuild | |
| parent | sys-kernel/gentoo-sources: Linux patch 4.4.152 (diff) | |
| download | gentoo-df7afbda6b12a68578833225e694cee011b20342.tar.gz gentoo-df7afbda6b12a68578833225e694cee011b20342.tar.bz2 gentoo-df7afbda6b12a68578833225e694cee011b20342.zip | |
media-gfx/imagemagick: extend hardening
- PS2 and PS3 coders are now disabled by default, too.
- Instead of patching, we now use sed which should make it
easier to extend policy.xml in future.
Bug: https://bugs.gentoo.org/664236
Package-Manager: Portage-2.3.48, Repoman-2.3.10
RepoMan-Options: --force
Diffstat (limited to 'media-gfx/imagemagick/imagemagick-9999.ebuild')
| -rw-r--r-- | media-gfx/imagemagick/imagemagick-9999.ebuild | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild index c088f2a808b9..25c4681ac138 100644 --- a/media-gfx/imagemagick/imagemagick-9999.ebuild +++ b/media-gfx/imagemagick/imagemagick-9999.ebuild @@ -5,8 +5,6 @@ EAPI="6" inherit eapi7-ver eutils flag-o-matic libtool multilib toolchain-funcs -PATCHES=( "${FILESDIR}"/policy-hardening.patch ) - if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git" inherit git-r3 @@ -75,6 +73,18 @@ REQUIRED_USE="corefonts? ( truetype ) S="${WORKDIR}/${MY_P}" src_prepare() { + default + + # Apply hardening #664236 + cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die + sed -i -e '/^<policymap>$/ { + r policy-hardening.snippet + d + }' \ + config/policy.xml || \ + die "Failed to apply hardening of policy.xml" + einfo "policy.xml hardened" + # Install default (unrestricted) policy in $HOME for test suite #664238 local _im_local_config_home="${HOME}/.config/ImageMagick" mkdir -p "${_im_local_config_home}" || \ @@ -82,12 +92,10 @@ src_prepare() { cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \ die "Failed to install default blank policy.xml in '${_im_local_config_home}'" - local ati_cards mesa_cards nvidia_cards render_cards - default - elibtoolize # for Darwin modules # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 + local ati_cards mesa_cards nvidia_cards render_cards shopt -s nullglob ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') if test -n "${ati_cards}"; then @@ -209,7 +217,7 @@ pkg_postinst() { else local v for v in ${REPLACING_VERSIONS}; do - if ! ver_test "${v}" -gt "7.0.8.10-r1"; then + if ! ver_test "${v}" -gt "7.0.8.10-r2"; then # This is an upgrade _show_policy_xml_notice=yes @@ -224,6 +232,8 @@ pkg_postinst() { elog "which will prevent the usage of the following coders by default:" elog "" elog " - PS" + elog " - PS2" + elog " - PS3" elog " - EPS" elog " - PDF" elog " - XPS" |