summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas K. Hüttel <dilfridge@gentoo.org>2023-06-09 16:41:16 +0200
committerAndreas K. Hüttel <dilfridge@gentoo.org>2023-06-09 16:41:37 +0200
commit1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1 (patch)
treee26f2114b48c5b958a1bd09b875e288c17282123 /media-gfx/imagemagick
parentdev-python/reportlab: Bump to 4.0.4 (diff)
downloadgentoo-1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1.tar.gz
gentoo-1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1.tar.bz2
gentoo-1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1.zip
media-gfx/imagemagick: Drop overreaching hardening
Closes: https://bugs.gentoo.org/716674 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Diffstat (limited to 'media-gfx/imagemagick')
-rw-r--r--media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild229
-rw-r--r--media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild239
-rw-r--r--media-gfx/imagemagick/imagemagick-9999.ebuild42
3 files changed, 468 insertions, 42 deletions
diff --git a/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild b/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild
new file mode 100644
index 000000000000..564d60496adb
--- /dev/null
+++ b/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild
@@ -0,0 +1,229 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1-3)
+inherit flag-o-matic libtool perl-functions toolchain-funcs
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick6.git"
+ inherit git-r3
+ MY_P="imagemagick-9999"
+else
+ MY_PV="$(ver_rs 3 '-')"
+ MY_P="ImageMagick-${MY_PV}"
+ SRC_URI="mirror://imagemagick/${MY_P}.tar.xz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}/${MY_P}"
+
+DESCRIPTION="A collection of tools and libraries for many image formats"
+HOMEPAGE="https://www.imagemagick.org/"
+
+LICENSE="imagemagick"
+# Please check this on bumps, SONAME is often not updated! Use abidiff on old/new.
+# If ABI is broken, change the bit after the '-'.
+SLOT="0/$(ver_cut 1-3)-58"
+IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl +png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib"
+
+REQUIRED_USE="corefonts? ( truetype )
+ svg? ( xml )
+ test? ( corefonts )"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ !media-gfx/graphicsmagick[imagemagick]
+ dev-libs/libltdl
+ bzip2? ( app-arch/bzip2 )
+ corefonts? ( media-fonts/corefonts )
+ djvu? ( app-text/djvu )
+ fftw? ( sci-libs/fftw:3.0 )
+ fontconfig? ( media-libs/fontconfig )
+ fpx? ( >=media-libs/libfpx-1.3.0-r1 )
+ graphviz? ( media-gfx/graphviz )
+ heif? ( media-libs/libheif:=[x265] )
+ jbig? ( >=media-libs/jbigkit-2:= )
+ jpeg? ( media-libs/libjpeg-turbo:= )
+ jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 )
+ lcms? ( media-libs/lcms:2= )
+ lqr? ( media-libs/liblqr )
+ opencl? ( virtual/opencl )
+ openexr? ( media-libs/openexr:0= )
+ pango? ( x11-libs/pango )
+ perl? ( >=dev-lang/perl-5.8.8:= )
+ png? ( media-libs/libpng:= )
+ postscript? ( app-text/ghostscript-gpl:= )
+ raw? ( media-libs/libraw:= )
+ svg? (
+ gnome-base/librsvg
+ media-gfx/potrace
+ )
+ tiff? ( media-libs/tiff:= )
+ truetype? (
+ media-fonts/urw-fonts
+ >=media-libs/freetype-2
+ )
+ webp? ( media-libs/libwebp:= )
+ wmf? ( media-libs/libwmf )
+ X? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libXext
+ x11-libs/libXt
+ )
+ xml? ( dev-libs/libxml2 )
+ lzma? ( app-arch/xz-utils )
+ zlib? ( sys-libs/zlib:= )"
+DEPEND="${RDEPEND}
+ X? ( x11-base/xorg-proto )"
+BDEPEND="virtual/pkgconfig"
+
+pkg_pretend() {
+ [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp
+}
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp
+}
+
+src_prepare() {
+ default
+
+ # for Darwin modules
+ elibtoolize
+
+ # For testsuite, see bug #500580#c3
+ local ati_cards mesa_cards nvidia_cards render_cards
+ shopt -s nullglob
+ ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
+ if test -n "${ati_cards}"; then
+ addpredict "${ati_cards}"
+ fi
+ mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+ if test -n "${mesa_cards}"; then
+ addpredict "${mesa_cards}"
+ fi
+ nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g')
+ if test -n "${nvidia_cards}"; then
+ addpredict "${nvidia_cards}"
+ fi
+ render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g')
+ if test -n "${render_cards}"; then
+ addpredict "${render_cards}"
+ fi
+ shopt -u nullglob
+ addpredict /dev/nvidiactl
+}
+
+src_configure() {
+ local depth=16
+ use q8 && depth=8
+ use q32 && depth=32
+
+ use perl && perl_check_env
+
+ [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket
+
+ local myeconfargs=(
+ $(use_enable static-libs static)
+ $(use_enable hdri)
+ $(use_enable opencl)
+ $(use_enable openmp)
+ --with-threads
+ --with-modules
+ --with-quantum-depth=${depth}
+ $(use_with cxx magick-plus-plus)
+ $(use_with perl)
+ --with-perl-options='INSTALLDIRS=vendor'
+ --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
+ $(use_with bzip2 bzlib)
+ $(use_with X x)
+ $(use_with zlib)
+ --without-autotrace
+ $(use_with postscript dps)
+ $(use_with djvu)
+ --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu
+ $(use_with fftw)
+ $(use_with fpx)
+ $(use_with fontconfig)
+ $(use_with truetype freetype)
+ $(use_with postscript gslib)
+ $(use_with graphviz gvc)
+ $(use_with heif heic)
+ $(use_with jbig)
+ $(use_with jpeg)
+ $(use_with jpeg2k openjp2)
+ $(use_with lcms)
+ $(use_with lqr)
+ $(use_with lzma)
+ $(use_with openexr)
+ $(use_with pango)
+ $(use_with png)
+ $(use_with raw)
+ $(use_with svg rsvg)
+ $(use_with tiff)
+ $(use_with webp)
+ $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts)
+ $(use_with wmf)
+ $(use_with xml)
+ --with-gcc-arch=no-automagic
+ )
+
+ CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # Install default (unrestricted) policy in ${HOME} for test suite, bug #664238
+ local _im_local_config_home="${HOME}/.config/ImageMagick"
+ mkdir -p "${_im_local_config_home}" || \
+ die "Failed to create IM config dir in '${_im_local_config_home}'"
+ cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \
+ die "Failed to install default blank policy.xml in '${_im_local_config_home}'"
+
+ local im_command= IM_COMMANDS=()
+ IM_COMMANDS+=( "identify -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built
+ IM_COMMANDS+=( "identify -list policy" ) # Verify that policy.xml is used
+ IM_COMMANDS+=( "emake check" ) # Run tests
+
+ for im_command in "${IM_COMMANDS[@]}"; do
+ eval "${S}"/magick.sh \
+ ${im_command} || \
+ die "Failed to run \"${im_command}\""
+ done
+}
+
+src_install() {
+ # Ensure documentation installation files and paths with each release!
+ emake \
+ DESTDIR="${D}" \
+ DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ rm -f "${ED}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt}
+ dodoc {AUTHORS,README}.txt
+
+ if use perl; then
+ find "${ED}" -type f -name perllocal.pod -exec rm -f {} +
+ find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} +
+ fi
+
+ find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} +
+ # .la files in parent are not needed, keep plugin .la files
+ find "${ED}"/usr/$(get_libdir)/ -maxdepth 1 -name "*.la" -delete || die
+
+ if use opencl; then
+ cat <<-EOF > "${T}"/99${PN}
+ SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/card0:/dev/dri/renderD128"
+ EOF
+
+ insinto /etc/sandbox.d
+ # bug #472766
+ doins "${T}"/99${PN}
+ fi
+
+ insinto /usr/share/${PN}
+ doins config/*icm
+}
diff --git a/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild b/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild
new file mode 100644
index 000000000000..7ebb6810d720
--- /dev/null
+++ b/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild
@@ -0,0 +1,239 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+QA_PKGCONFIG_VERSION=$(ver_cut 1-3)
+inherit autotools flag-o-matic perl-functions toolchain-funcs
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git"
+ inherit git-r3
+ MY_P="imagemagick-9999"
+else
+ MY_PV="$(ver_rs 3 '-')"
+ MY_P="ImageMagick-${MY_PV}"
+ SRC_URI="mirror://imagemagick/${MY_P}.tar.xz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+S="${WORKDIR}/${MY_P}"
+
+DESCRIPTION="A collection of tools and libraries for many image formats"
+HOMEPAGE="https://www.imagemagick.org/"
+
+LICENSE="imagemagick"
+# Please check this on bumps, SONAME is often not updated! Use abidiff on old/new.
+# If ABI is broken, change the bit after the '-'.
+SLOT="0/$(ver_cut 1-3)-43"
+IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k jpegxl lcms lqr lzma opencl openexr openmp pango perl +png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zip zlib"
+
+REQUIRED_USE="corefonts? ( truetype )
+ svg? ( xml )
+ test? ( corefonts )"
+
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ !media-gfx/graphicsmagick[imagemagick]
+ dev-libs/libltdl
+ bzip2? ( app-arch/bzip2 )
+ corefonts? ( media-fonts/corefonts )
+ djvu? ( app-text/djvu )
+ fftw? ( sci-libs/fftw:3.0 )
+ fontconfig? ( media-libs/fontconfig )
+ fpx? ( >=media-libs/libfpx-1.3.0-r1 )
+ graphviz? ( media-gfx/graphviz )
+ heif? ( media-libs/libheif:=[x265] )
+ jbig? ( >=media-libs/jbigkit-2:= )
+ jpeg? ( media-libs/libjpeg-turbo:= )
+ jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 )
+ jpegxl? ( >=media-libs/libjxl-0.6 )
+ lcms? ( media-libs/lcms:2= )
+ lqr? ( media-libs/liblqr )
+ opencl? ( virtual/opencl )
+ openexr? ( media-libs/openexr:0= )
+ pango? ( x11-libs/pango )
+ perl? ( >=dev-lang/perl-5.8.8:= )
+ png? ( media-libs/libpng:= )
+ postscript? ( app-text/ghostscript-gpl:= )
+ raw? ( media-libs/libraw:= )
+ svg? (
+ gnome-base/librsvg
+ media-gfx/potrace
+ )
+ tiff? ( media-libs/tiff:= )
+ truetype? (
+ media-fonts/urw-fonts
+ >=media-libs/freetype-2
+ )
+ webp? ( media-libs/libwebp:= )
+ wmf? ( media-libs/libwmf )
+ X? (
+ x11-libs/libICE
+ x11-libs/libSM
+ x11-libs/libXext
+ x11-libs/libXt
+ )
+ xml? ( dev-libs/libxml2 )
+ lzma? ( app-arch/xz-utils )
+ zip? ( dev-libs/libzip:= )
+ zlib? ( sys-libs/zlib:= )"
+DEPEND="${RDEPEND}
+ X? ( x11-base/xorg-proto )"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-9999-nocputuning.patch"
+)
+
+pkg_pretend() {
+ [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp
+}
+
+pkg_setup() {
+ [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp
+}
+
+src_prepare() {
+ default
+
+ #elibtoolize # for Darwin modules
+ eautoreconf
+
+ # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
+ local ati_cards mesa_cards nvidia_cards render_cards
+ shopt -s nullglob
+ ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g')
+ if test -n "${ati_cards}"; then
+ addpredict "${ati_cards}"
+ fi
+ mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g')
+ if test -n "${mesa_cards}"; then
+ addpredict "${mesa_cards}"
+ fi
+ nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g')
+ if test -n "${nvidia_cards}"; then
+ addpredict "${nvidia_cards}"
+ fi
+ render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g')
+ if test -n "${render_cards}"; then
+ addpredict "${render_cards}"
+ fi
+ shopt -u nullglob
+ addpredict /dev/nvidiactl
+}
+
+src_configure() {
+ local depth=16
+ use q8 && depth=8
+ use q32 && depth=32
+
+ use perl && perl_check_env
+
+ [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket
+
+ local myeconfargs=(
+ $(use_enable static-libs static)
+ $(use_enable hdri)
+ $(use_enable opencl)
+ $(use_enable openmp)
+ --with-threads
+ --with-modules
+ --with-quantum-depth=${depth}
+ $(use_with cxx magick-plus-plus)
+ $(use_with perl)
+ --with-perl-options='INSTALLDIRS=vendor'
+ --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts
+ $(use_with bzip2 bzlib)
+ $(use_with X x)
+ $(use_with zip)
+ $(use_with zlib)
+ --without-autotrace
+ $(use_with postscript dps)
+ $(use_with djvu)
+ --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu
+ $(use_with fftw)
+ $(use_with fpx)
+ $(use_with fontconfig)
+ $(use_with truetype freetype)
+ $(use_with postscript gslib)
+ $(use_with graphviz gvc)
+ $(use_with heif heic)
+ $(use_with jbig)
+ $(use_with jpeg)
+ $(use_with jpeg2k openjp2)
+ $(use_with jpegxl jxl)
+ $(use_with lcms)
+ $(use_with lqr)
+ $(use_with lzma)
+ $(use_with openexr)
+ $(use_with pango)
+ $(use_with png)
+ $(use_with raw)
+ $(use_with svg rsvg)
+ $(use_with tiff)
+ $(use_with webp)
+ $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts)
+ $(use_with wmf)
+ $(use_with xml)
+ )
+
+ CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ # Install default (unrestricted) policy in $HOME for test suite, bug #664238
+ local _im_local_config_home="${HOME}/.config/ImageMagick"
+ mkdir -p "${_im_local_config_home}" || \
+ die "Failed to create IM config dir in '${_im_local_config_home}'"
+ cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \
+ die "Failed to install default blank policy.xml in '${_im_local_config_home}'"
+
+ local im_command= IM_COMMANDS=()
+ if [[ ${PV} == 9999 ]] ; then
+ IM_COMMANDS+=( "magick -version" ) # Show version we are using -- cannot verify because of live ebuild
+ else
+ IM_COMMANDS+=( "magick -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built
+ fi
+ IM_COMMANDS+=( "magick -list policy" ) # Verify that policy.xml is used
+ IM_COMMANDS+=( "emake check" ) # Run tests
+
+ for im_command in "${IM_COMMANDS[@]}"; do
+ eval "${S}"/magick.sh \
+ ${im_command} || \
+ die "Failed to run \"${im_command}\""
+ done
+}
+
+src_install() {
+ # Ensure documentation installation files and paths with each release!
+ emake \
+ DESTDIR="${D}" \
+ DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \
+ install
+
+ rm -f "${ED}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt}
+ dodoc {AUTHORS,README}.txt
+
+ if use perl; then
+ find "${ED}" -type f -name perllocal.pod -exec rm -f {} +
+ find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} +
+ fi
+
+ find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} +
+ # .la files in parent are not needed, keep plugin .la files
+ find "${ED}"/usr/$(get_libdir)/ -maxdepth 1 -name "*.la" -delete || die
+
+ if use opencl; then
+ cat <<-EOF > "${T}"/99${PN}
+ SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/card0:/dev/dri/renderD128"
+ EOF
+
+ insinto /etc/sandbox.d
+ doins "${T}"/99${PN} #472766
+ fi
+
+ insinto /usr/share/${PN}
+ doins config/*icm
+}
diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild
index bb71c03ea1cb..7b351a60af4a 100644
--- a/media-gfx/imagemagick/imagemagick-9999.ebuild
+++ b/media-gfx/imagemagick/imagemagick-9999.ebuild
@@ -101,16 +101,6 @@ src_prepare() {
#elibtoolize # for Darwin modules
eautoreconf
- # Apply hardening, bug #664236
- cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die
- sed -i -e '/^<policymap>$/ {
- r policy-hardening.snippet
- d
- }' \
- config/policy.xml || \
- die "Failed to apply hardening of policy.xml"
- einfo "policy.xml hardened"
-
# For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3
local ati_cards mesa_cards nvidia_cards render_cards
shopt -s nullglob
@@ -247,35 +237,3 @@ src_install() {
insinto /usr/share/${PN}
doins config/*icm
}
-
-pkg_postinst() {
- local _show_policy_xml_notice=
-
- if [[ -z "${REPLACING_VERSIONS}" ]]; then
- # This is a new installation
- _show_policy_xml_notice=yes
- else
- local v
- for v in ${REPLACING_VERSIONS}; do
- if ! ver_test "${v}" -gt "7.0.8.10-r2"; then
- # This is an upgrade
- _show_policy_xml_notice=yes
-
- # Show this elog only once
- break
- fi
- done
- fi
-
- if [[ -n "${_show_policy_xml_notice}" ]]; then
- elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7"
- elog "which will prevent the usage of the following coders by default:"
- elog ""
- elog " - PS"
- elog " - PS2"
- elog " - PS3"
- elog " - EPS"
- elog " - PDF"
- elog " - XPS"
- fi
-}