diff options
author | leot <leot@pkgsrc.org> | 2018-08-23 14:54:21 +0000 |
---|---|---|
committer | leot <leot@pkgsrc.org> | 2018-08-23 14:54:21 +0000 |
commit | 0b925bf6349f6c9fb0f94ddb33c6a306d38b824c (patch) | |
tree | c99833120e15c0437a76430dc7fa08bcb25987af /graphics/ImageMagick6 | |
parent | 357fccadd515296736018a775dc655bd9fa83b83 (diff) | |
download | pkgsrc-0b925bf6349f6c9fb0f94ddb33c6a306d38b824c.tar.gz |
ImageMagick6: Also block PS2 and PS3 coders in policy.xml
At least when reading PS2 and PS3 files via
`convert PS2:<input> <output>' and `convert PS3:<input> <output>'
gslib/ghostscript will be invoked and hence subject to VU#332928.
Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from
VU#332928 update).
Diffstat (limited to 'graphics/ImageMagick6')
-rw-r--r-- | graphics/ImageMagick6/Makefile | 4 | ||||
-rw-r--r-- | graphics/ImageMagick6/distinfo | 4 | ||||
-rw-r--r-- | graphics/ImageMagick6/patches/patch-config_policy.xml | 6 |
3 files changed, 8 insertions, 6 deletions
diff --git a/graphics/ImageMagick6/Makefile b/graphics/ImageMagick6/Makefile index 235640578fa..30838f57292 100644 --- a/graphics/ImageMagick6/Makefile +++ b/graphics/ImageMagick6/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.18 2018/08/22 13:38:00 leot Exp $ +# $NetBSD: Makefile,v 1.19 2018/08/23 14:54:21 leot Exp $ -PKGREVISION= 4 +PKGREVISION= 5 .include "Makefile.common" PKGNAME= ImageMagick6-${DISTVERSION} diff --git a/graphics/ImageMagick6/distinfo b/graphics/ImageMagick6/distinfo index 21a9ea01aae..3e0ffc2b93f 100644 --- a/graphics/ImageMagick6/distinfo +++ b/graphics/ImageMagick6/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.10 2018/08/22 13:38:00 leot Exp $ +$NetBSD: distinfo,v 1.11 2018/08/23 14:54:21 leot Exp $ SHA1 (ImageMagick-6.9.9-38.tar.xz) = 2dc6b3c415b342efb7ab64d18bb801c7f1881212 RMD160 (ImageMagick-6.9.9-38.tar.xz) = 50008946057cde9fc7a6d0149414e870a2a351b0 SHA512 (ImageMagick-6.9.9-38.tar.xz) = 78ecb605d2ea529603bab723c284be9c03a7d370814bbe708c2c34e0b91f75c1a0c193a5a2ea8f3583019d3610ac08d0d28671d8fdb2df2478865d9ab7417b91 Size (ImageMagick-6.9.9-38.tar.xz) = 8913864 bytes SHA1 (patch-Makefile.in) = bb747b5e062f2a59e307289b5b33861dd5f96ab0 -SHA1 (patch-config_policy.xml) = 2b7e37cc8fedb0d06502ba1d7e65a5aea9d6ec96 +SHA1 (patch-config_policy.xml) = 2c446a00fc00f85ab33eae0691d4d8989a46289f diff --git a/graphics/ImageMagick6/patches/patch-config_policy.xml b/graphics/ImageMagick6/patches/patch-config_policy.xml index b577fee229f..f9db7ae0a68 100644 --- a/graphics/ImageMagick6/patches/patch-config_policy.xml +++ b/graphics/ImageMagick6/patches/patch-config_policy.xml @@ -1,11 +1,11 @@ -$NetBSD: patch-config_policy.xml,v 1.1 2018/08/22 13:38:00 leot Exp $ +$NetBSD: patch-config_policy.xml,v 1.2 2018/08/23 14:54:21 leot Exp $ Disable ghostscript coders by default to workaround VU#332928: <https://www.kb.cert.org/vuls/id/332928> --- config/policy.xml.orig 2018-08-13 11:05:28.000000000 +0000 +++ config/policy.xml -@@ -74,4 +74,14 @@ +@@ -74,4 +74,16 @@ <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> <!-- <policy domain="cache" name="synchronize" value="True"/> --> <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> @@ -15,6 +15,8 @@ Disable ghostscript coders by default to workaround VU#332928: + -- <https://www.kb.cert.org/vuls/id/332928> + --> + <policy domain="coder" rights="none" pattern="PS" /> ++ <policy domain="coder" rights="none" pattern="PS2" /> ++ <policy domain="coder" rights="none" pattern="PS3" /> + <policy domain="coder" rights="none" pattern="EPS" /> + <policy domain="coder" rights="none" pattern="PDF" /> + <policy domain="coder" rights="none" pattern="XPS" /> |