diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2020-04-24 11:48:20 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2020-04-24 11:49:50 +0200 |
| commit | c03d5059039c5b0f43c019edfb541ae396162e6f (patch) | |
| tree | 0e8cf735f269aaca93951e7dcd411ddfe445595c /media-gfx/imagemagick | |
| parent | games-strategy/settlers-2-gold-data: Depend on >=innoextract-1.8 (diff) | |
| download | gentoo-c03d5059039c5b0f43c019edfb541ae396162e6f.tar.gz gentoo-c03d5059039c5b0f43c019edfb541ae396162e6f.tar.bz2 gentoo-c03d5059039c5b0f43c019edfb541ae396162e6f.zip | |
media-gfx/imagemagick: restore hardening
Bug: https://bugs.gentoo.org/716674
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'media-gfx/imagemagick')
| -rw-r--r-- | media-gfx/imagemagick/imagemagick-7.0.10.7-r1.ebuild (renamed from media-gfx/imagemagick/imagemagick-7.0.10.7.ebuild) | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/media-gfx/imagemagick/imagemagick-7.0.10.7.ebuild b/media-gfx/imagemagick/imagemagick-7.0.10.7-r1.ebuild index 8f24371e2660..4d2561accf79 100644 --- a/media-gfx/imagemagick/imagemagick-7.0.10.7.ebuild +++ b/media-gfx/imagemagick/imagemagick-7.0.10.7-r1.ebuild @@ -83,6 +83,16 @@ S="${WORKDIR}/${MY_P}" src_prepare() { default + # Apply hardening #664236 + cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die + sed -i -e '/^<policymap>$/ { + r policy-hardening.snippet + d + }' \ + config/policy.xml || \ + die "Failed to apply hardening of policy.xml" + einfo "policy.xml hardened" + elibtoolize # for Darwin modules # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 @@ -223,3 +233,35 @@ src_install() { insinto /usr/share/${PN} doins config/*icm } + +pkg_postinst() { + local _show_policy_xml_notice= + + if [[ -z "${REPLACING_VERSIONS}" ]]; then + # This is a new installation + _show_policy_xml_notice=yes + else + local v + for v in ${REPLACING_VERSIONS}; do + if ! ver_test "${v}" -gt "7.0.8.10-r2"; then + # This is an upgrade + _show_policy_xml_notice=yes + + # Show this elog only once + break + fi + done + fi + + if [[ -n "${_show_policy_xml_notice}" ]]; then + elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7" + elog "which will prevent the usage of the following coders by default:" + elog "" + elog " - PS" + elog " - PS2" + elog " - PS3" + elog " - EPS" + elog " - PDF" + elog " - XPS" + fi +} |