From e7cf95967f585dee112df851b562638b237e73ff Mon Sep 17 00:00:00 2001
From: leot <leot@pkgsrc.org>
Date: Thu, 23 Aug 2018 14:52:22 +0000
Subject: ImageMagick: Also block PS2 and PS3 coders in policy.xml

At least when reading PS2 and PS3 files via
`convert PS2:<input> <output>' and `convert PS3:<input> <output>'
gslib/ghostscript will be invoked and hence subject to VU#332928.

Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from
VU#332928 update).
---
 graphics/ImageMagick/Makefile                        | 4 ++--
 graphics/ImageMagick/distinfo                        | 4 ++--
 graphics/ImageMagick/patches/patch-config_policy.xml | 6 ++++--
 3 files changed, 8 insertions(+), 6 deletions(-)

(limited to 'graphics/ImageMagick')

diff --git a/graphics/ImageMagick/Makefile b/graphics/ImageMagick/Makefile
index d0fb40d9ecb..d5f1540ff26 100644
--- a/graphics/ImageMagick/Makefile
+++ b/graphics/ImageMagick/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.246 2018/08/22 13:39:24 leot Exp $
+# $NetBSD: Makefile,v 1.247 2018/08/23 14:52:22 leot Exp $
 
-PKGREVISION= 2
+PKGREVISION=	3
 .include "Makefile.common"
 
 PKGNAME=	ImageMagick-${DISTVERSION}
diff --git a/graphics/ImageMagick/distinfo b/graphics/ImageMagick/distinfo
index e9c1cfeb762..65003679774 100644
--- a/graphics/ImageMagick/distinfo
+++ b/graphics/ImageMagick/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.191 2018/08/22 13:39:24 leot Exp $
+$NetBSD: distinfo,v 1.192 2018/08/23 14:52:22 leot Exp $
 
 SHA1 (ImageMagick-7.0.8-10.tar.xz) = c69fb5b1ec2d04711a98df8762926a37e3f13bc5
 RMD160 (ImageMagick-7.0.8-10.tar.xz) = 9e5339d7e4f2dbc42090cd8394bca5b97dc485ba
 SHA512 (ImageMagick-7.0.8-10.tar.xz) = a4869e0a9be5e04c04fcd1fce5c4141d63968ee7f1dd78d84724921f2f088bdcea8c3b3799e1ff555a2a04dec32a1fb7c4a1e6053a6185e9a36c6ae0f1b9c6ed
 Size (ImageMagick-7.0.8-10.tar.xz) = 8635496 bytes
-SHA1 (patch-config_policy.xml) = 2b7e37cc8fedb0d06502ba1d7e65a5aea9d6ec96
+SHA1 (patch-config_policy.xml) = 2c446a00fc00f85ab33eae0691d4d8989a46289f
diff --git a/graphics/ImageMagick/patches/patch-config_policy.xml b/graphics/ImageMagick/patches/patch-config_policy.xml
index ad05cbeca22..55d01201bd9 100644
--- a/graphics/ImageMagick/patches/patch-config_policy.xml
+++ b/graphics/ImageMagick/patches/patch-config_policy.xml
@@ -1,11 +1,11 @@
-$NetBSD: patch-config_policy.xml,v 1.1 2018/08/22 13:39:24 leot Exp $
+$NetBSD: patch-config_policy.xml,v 1.2 2018/08/23 14:52:22 leot Exp $
 
 Disable ghostscript coders by default to workaround VU#332928:
 <https://www.kb.cert.org/vuls/id/332928>
 
 --- config/policy.xml.orig	2018-08-13 11:05:28.000000000 +0000
 +++ config/policy.xml
-@@ -74,4 +74,14 @@
+@@ -74,4 +74,16 @@
    <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
    <!-- <policy domain="cache" name="synchronize" value="True"/> -->
    <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
@@ -15,6 +15,8 @@ Disable ghostscript coders by default to workaround VU#332928:
 +    --  <https://www.kb.cert.org/vuls/id/332928>
 +    -->
 +  <policy domain="coder" rights="none" pattern="PS" />
++  <policy domain="coder" rights="none" pattern="PS2" />
++  <policy domain="coder" rights="none" pattern="PS3" />
 +  <policy domain="coder" rights="none" pattern="EPS" />
 +  <policy domain="coder" rights="none" pattern="PDF" />
 +  <policy domain="coder" rights="none" pattern="XPS" />
-- 
cgit v1.2.3