diff options
author | Andreas K. Hüttel <dilfridge@gentoo.org> | 2023-06-09 16:41:16 +0200 |
---|---|---|
committer | Andreas K. Hüttel <dilfridge@gentoo.org> | 2023-06-09 16:41:37 +0200 |
commit | 1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1 (patch) | |
tree | e26f2114b48c5b958a1bd09b875e288c17282123 /media-gfx/imagemagick | |
parent | dev-python/reportlab: Bump to 4.0.4 (diff) | |
download | gentoo-1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1.tar.gz gentoo-1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1.tar.bz2 gentoo-1acdac076fe0168b2dc1ea9ed4340ba5ac3cdcb1.zip |
media-gfx/imagemagick: Drop overreaching hardening
Closes: https://bugs.gentoo.org/716674
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Diffstat (limited to 'media-gfx/imagemagick')
-rw-r--r-- | media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild | 229 | ||||
-rw-r--r-- | media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild | 239 | ||||
-rw-r--r-- | media-gfx/imagemagick/imagemagick-9999.ebuild | 42 |
3 files changed, 468 insertions, 42 deletions
diff --git a/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild b/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild new file mode 100644 index 000000000000..564d60496adb --- /dev/null +++ b/media-gfx/imagemagick/imagemagick-6.9.12.89-r1.ebuild @@ -0,0 +1,229 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +QA_PKGCONFIG_VERSION=$(ver_cut 1-3) +inherit flag-o-matic libtool perl-functions toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick6.git" + inherit git-r3 + MY_P="imagemagick-9999" +else + MY_PV="$(ver_rs 3 '-')" + MY_P="ImageMagick-${MY_PV}" + SRC_URI="mirror://imagemagick/${MY_P}.tar.xz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris" +fi + +S="${WORKDIR}/${MY_P}" + +DESCRIPTION="A collection of tools and libraries for many image formats" +HOMEPAGE="https://www.imagemagick.org/" + +LICENSE="imagemagick" +# Please check this on bumps, SONAME is often not updated! Use abidiff on old/new. +# If ABI is broken, change the bit after the '-'. +SLOT="0/$(ver_cut 1-3)-58" +IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k lcms lqr lzma opencl openexr openmp pango perl +png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zlib" + +REQUIRED_USE="corefonts? ( truetype ) + svg? ( xml ) + test? ( corefonts )" + +RESTRICT="!test? ( test )" + +RDEPEND=" + !media-gfx/graphicsmagick[imagemagick] + dev-libs/libltdl + bzip2? ( app-arch/bzip2 ) + corefonts? ( media-fonts/corefonts ) + djvu? ( app-text/djvu ) + fftw? ( sci-libs/fftw:3.0 ) + fontconfig? ( media-libs/fontconfig ) + fpx? ( >=media-libs/libfpx-1.3.0-r1 ) + graphviz? ( media-gfx/graphviz ) + heif? ( media-libs/libheif:=[x265] ) + jbig? ( >=media-libs/jbigkit-2:= ) + jpeg? ( media-libs/libjpeg-turbo:= ) + jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 ) + lcms? ( media-libs/lcms:2= ) + lqr? ( media-libs/liblqr ) + opencl? ( virtual/opencl ) + openexr? ( media-libs/openexr:0= ) + pango? ( x11-libs/pango ) + perl? ( >=dev-lang/perl-5.8.8:= ) + png? ( media-libs/libpng:= ) + postscript? ( app-text/ghostscript-gpl:= ) + raw? ( media-libs/libraw:= ) + svg? ( + gnome-base/librsvg + media-gfx/potrace + ) + tiff? ( media-libs/tiff:= ) + truetype? ( + media-fonts/urw-fonts + >=media-libs/freetype-2 + ) + webp? ( media-libs/libwebp:= ) + wmf? ( media-libs/libwmf ) + X? ( + x11-libs/libICE + x11-libs/libSM + x11-libs/libXext + x11-libs/libXt + ) + xml? ( dev-libs/libxml2 ) + lzma? ( app-arch/xz-utils ) + zlib? ( sys-libs/zlib:= )" +DEPEND="${RDEPEND} + X? ( x11-base/xorg-proto )" +BDEPEND="virtual/pkgconfig" + +pkg_pretend() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +src_prepare() { + default + + # for Darwin modules + elibtoolize + + # For testsuite, see bug #500580#c3 + local ati_cards mesa_cards nvidia_cards render_cards + shopt -s nullglob + ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') + if test -n "${ati_cards}"; then + addpredict "${ati_cards}" + fi + mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g') + if test -n "${mesa_cards}"; then + addpredict "${mesa_cards}" + fi + nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g') + if test -n "${nvidia_cards}"; then + addpredict "${nvidia_cards}" + fi + render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g') + if test -n "${render_cards}"; then + addpredict "${render_cards}" + fi + shopt -u nullglob + addpredict /dev/nvidiactl +} + +src_configure() { + local depth=16 + use q8 && depth=8 + use q32 && depth=32 + + use perl && perl_check_env + + [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket + + local myeconfargs=( + $(use_enable static-libs static) + $(use_enable hdri) + $(use_enable opencl) + $(use_enable openmp) + --with-threads + --with-modules + --with-quantum-depth=${depth} + $(use_with cxx magick-plus-plus) + $(use_with perl) + --with-perl-options='INSTALLDIRS=vendor' + --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts + $(use_with bzip2 bzlib) + $(use_with X x) + $(use_with zlib) + --without-autotrace + $(use_with postscript dps) + $(use_with djvu) + --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu + $(use_with fftw) + $(use_with fpx) + $(use_with fontconfig) + $(use_with truetype freetype) + $(use_with postscript gslib) + $(use_with graphviz gvc) + $(use_with heif heic) + $(use_with jbig) + $(use_with jpeg) + $(use_with jpeg2k openjp2) + $(use_with lcms) + $(use_with lqr) + $(use_with lzma) + $(use_with openexr) + $(use_with pango) + $(use_with png) + $(use_with raw) + $(use_with svg rsvg) + $(use_with tiff) + $(use_with webp) + $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts) + $(use_with wmf) + $(use_with xml) + --with-gcc-arch=no-automagic + ) + + CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}" +} + +src_test() { + # Install default (unrestricted) policy in ${HOME} for test suite, bug #664238 + local _im_local_config_home="${HOME}/.config/ImageMagick" + mkdir -p "${_im_local_config_home}" || \ + die "Failed to create IM config dir in '${_im_local_config_home}'" + cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \ + die "Failed to install default blank policy.xml in '${_im_local_config_home}'" + + local im_command= IM_COMMANDS=() + IM_COMMANDS+=( "identify -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built + IM_COMMANDS+=( "identify -list policy" ) # Verify that policy.xml is used + IM_COMMANDS+=( "emake check" ) # Run tests + + for im_command in "${IM_COMMANDS[@]}"; do + eval "${S}"/magick.sh \ + ${im_command} || \ + die "Failed to run \"${im_command}\"" + done +} + +src_install() { + # Ensure documentation installation files and paths with each release! + emake \ + DESTDIR="${D}" \ + DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \ + install + + rm -f "${ED}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt} + dodoc {AUTHORS,README}.txt + + if use perl; then + find "${ED}" -type f -name perllocal.pod -exec rm -f {} + + find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} + + fi + + find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} + + # .la files in parent are not needed, keep plugin .la files + find "${ED}"/usr/$(get_libdir)/ -maxdepth 1 -name "*.la" -delete || die + + if use opencl; then + cat <<-EOF > "${T}"/99${PN} + SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/card0:/dev/dri/renderD128" + EOF + + insinto /etc/sandbox.d + # bug #472766 + doins "${T}"/99${PN} + fi + + insinto /usr/share/${PN} + doins config/*icm +} diff --git a/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild b/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild new file mode 100644 index 000000000000..7ebb6810d720 --- /dev/null +++ b/media-gfx/imagemagick/imagemagick-7.1.1.11-r1.ebuild @@ -0,0 +1,239 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +QA_PKGCONFIG_VERSION=$(ver_cut 1-3) +inherit autotools flag-o-matic perl-functions toolchain-funcs + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/ImageMagick/ImageMagick.git" + inherit git-r3 + MY_P="imagemagick-9999" +else + MY_PV="$(ver_rs 3 '-')" + MY_P="ImageMagick-${MY_PV}" + SRC_URI="mirror://imagemagick/${MY_P}.tar.xz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +S="${WORKDIR}/${MY_P}" + +DESCRIPTION="A collection of tools and libraries for many image formats" +HOMEPAGE="https://www.imagemagick.org/" + +LICENSE="imagemagick" +# Please check this on bumps, SONAME is often not updated! Use abidiff on old/new. +# If ABI is broken, change the bit after the '-'. +SLOT="0/$(ver_cut 1-3)-43" +IUSE="bzip2 corefonts +cxx djvu fftw fontconfig fpx graphviz hdri heif jbig jpeg jpeg2k jpegxl lcms lqr lzma opencl openexr openmp pango perl +png postscript q32 q8 raw static-libs svg test tiff truetype webp wmf X xml zip zlib" + +REQUIRED_USE="corefonts? ( truetype ) + svg? ( xml ) + test? ( corefonts )" + +RESTRICT="!test? ( test )" + +RDEPEND=" + !media-gfx/graphicsmagick[imagemagick] + dev-libs/libltdl + bzip2? ( app-arch/bzip2 ) + corefonts? ( media-fonts/corefonts ) + djvu? ( app-text/djvu ) + fftw? ( sci-libs/fftw:3.0 ) + fontconfig? ( media-libs/fontconfig ) + fpx? ( >=media-libs/libfpx-1.3.0-r1 ) + graphviz? ( media-gfx/graphviz ) + heif? ( media-libs/libheif:=[x265] ) + jbig? ( >=media-libs/jbigkit-2:= ) + jpeg? ( media-libs/libjpeg-turbo:= ) + jpeg2k? ( >=media-libs/openjpeg-2.1.0:2 ) + jpegxl? ( >=media-libs/libjxl-0.6 ) + lcms? ( media-libs/lcms:2= ) + lqr? ( media-libs/liblqr ) + opencl? ( virtual/opencl ) + openexr? ( media-libs/openexr:0= ) + pango? ( x11-libs/pango ) + perl? ( >=dev-lang/perl-5.8.8:= ) + png? ( media-libs/libpng:= ) + postscript? ( app-text/ghostscript-gpl:= ) + raw? ( media-libs/libraw:= ) + svg? ( + gnome-base/librsvg + media-gfx/potrace + ) + tiff? ( media-libs/tiff:= ) + truetype? ( + media-fonts/urw-fonts + >=media-libs/freetype-2 + ) + webp? ( media-libs/libwebp:= ) + wmf? ( media-libs/libwmf ) + X? ( + x11-libs/libICE + x11-libs/libSM + x11-libs/libXext + x11-libs/libXt + ) + xml? ( dev-libs/libxml2 ) + lzma? ( app-arch/xz-utils ) + zip? ( dev-libs/libzip:= ) + zlib? ( sys-libs/zlib:= )" +DEPEND="${RDEPEND} + X? ( x11-base/xorg-proto )" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/${PN}-9999-nocputuning.patch" +) + +pkg_pretend() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +pkg_setup() { + [[ ${MERGE_TYPE} != binary ]] && use openmp && tc-check-openmp +} + +src_prepare() { + default + + #elibtoolize # for Darwin modules + eautoreconf + + # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 + local ati_cards mesa_cards nvidia_cards render_cards + shopt -s nullglob + ati_cards=$(echo -n /dev/ati/card* | sed 's/ /:/g') + if test -n "${ati_cards}"; then + addpredict "${ati_cards}" + fi + mesa_cards=$(echo -n /dev/dri/card* | sed 's/ /:/g') + if test -n "${mesa_cards}"; then + addpredict "${mesa_cards}" + fi + nvidia_cards=$(echo -n /dev/nvidia* | sed 's/ /:/g') + if test -n "${nvidia_cards}"; then + addpredict "${nvidia_cards}" + fi + render_cards=$(echo -n /dev/dri/renderD128* | sed 's/ /:/g') + if test -n "${render_cards}"; then + addpredict "${render_cards}" + fi + shopt -u nullglob + addpredict /dev/nvidiactl +} + +src_configure() { + local depth=16 + use q8 && depth=8 + use q32 && depth=32 + + use perl && perl_check_env + + [[ ${CHOST} == *-solaris* ]] && append-ldflags -lnsl -lsocket + + local myeconfargs=( + $(use_enable static-libs static) + $(use_enable hdri) + $(use_enable opencl) + $(use_enable openmp) + --with-threads + --with-modules + --with-quantum-depth=${depth} + $(use_with cxx magick-plus-plus) + $(use_with perl) + --with-perl-options='INSTALLDIRS=vendor' + --with-gs-font-dir="${EPREFIX}"/usr/share/fonts/urw-fonts + $(use_with bzip2 bzlib) + $(use_with X x) + $(use_with zip) + $(use_with zlib) + --without-autotrace + $(use_with postscript dps) + $(use_with djvu) + --with-dejavu-font-dir="${EPREFIX}"/usr/share/fonts/dejavu + $(use_with fftw) + $(use_with fpx) + $(use_with fontconfig) + $(use_with truetype freetype) + $(use_with postscript gslib) + $(use_with graphviz gvc) + $(use_with heif heic) + $(use_with jbig) + $(use_with jpeg) + $(use_with jpeg2k openjp2) + $(use_with jpegxl jxl) + $(use_with lcms) + $(use_with lqr) + $(use_with lzma) + $(use_with openexr) + $(use_with pango) + $(use_with png) + $(use_with raw) + $(use_with svg rsvg) + $(use_with tiff) + $(use_with webp) + $(use_with corefonts windows-font-dir "${EPREFIX}"/usr/share/fonts/corefonts) + $(use_with wmf) + $(use_with xml) + ) + + CONFIG_SHELL="${BROOT}"/bin/bash econf "${myeconfargs[@]}" +} + +src_test() { + # Install default (unrestricted) policy in $HOME for test suite, bug #664238 + local _im_local_config_home="${HOME}/.config/ImageMagick" + mkdir -p "${_im_local_config_home}" || \ + die "Failed to create IM config dir in '${_im_local_config_home}'" + cp "${FILESDIR}"/policy.test.xml "${_im_local_config_home}/policy.xml" || \ + die "Failed to install default blank policy.xml in '${_im_local_config_home}'" + + local im_command= IM_COMMANDS=() + if [[ ${PV} == 9999 ]] ; then + IM_COMMANDS+=( "magick -version" ) # Show version we are using -- cannot verify because of live ebuild + else + IM_COMMANDS+=( "magick -version | grep -q -- \"${MY_PV}\"" ) # Verify that we are using version we just built + fi + IM_COMMANDS+=( "magick -list policy" ) # Verify that policy.xml is used + IM_COMMANDS+=( "emake check" ) # Run tests + + for im_command in "${IM_COMMANDS[@]}"; do + eval "${S}"/magick.sh \ + ${im_command} || \ + die "Failed to run \"${im_command}\"" + done +} + +src_install() { + # Ensure documentation installation files and paths with each release! + emake \ + DESTDIR="${D}" \ + DOCUMENTATION_PATH="${EPREFIX}"/usr/share/doc/${PF}/html \ + install + + rm -f "${ED}"/usr/share/doc/${PF}/html/{ChangeLog,LICENSE,NEWS.txt} + dodoc {AUTHORS,README}.txt + + if use perl; then + find "${ED}" -type f -name perllocal.pod -exec rm -f {} + + find "${ED}" -depth -mindepth 1 -type d -empty -exec rm -rf {} + + fi + + find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} + + # .la files in parent are not needed, keep plugin .la files + find "${ED}"/usr/$(get_libdir)/ -maxdepth 1 -name "*.la" -delete || die + + if use opencl; then + cat <<-EOF > "${T}"/99${PN} + SANDBOX_PREDICT="/dev/nvidiactl:/dev/nvidia-uvm:/dev/ati/card:/dev/dri/card:/dev/dri/card0:/dev/dri/renderD128" + EOF + + insinto /etc/sandbox.d + doins "${T}"/99${PN} #472766 + fi + + insinto /usr/share/${PN} + doins config/*icm +} diff --git a/media-gfx/imagemagick/imagemagick-9999.ebuild b/media-gfx/imagemagick/imagemagick-9999.ebuild index bb71c03ea1cb..7b351a60af4a 100644 --- a/media-gfx/imagemagick/imagemagick-9999.ebuild +++ b/media-gfx/imagemagick/imagemagick-9999.ebuild @@ -101,16 +101,6 @@ src_prepare() { #elibtoolize # for Darwin modules eautoreconf - # Apply hardening, bug #664236 - cp "${FILESDIR}"/policy-hardening.snippet "${S}" || die - sed -i -e '/^<policymap>$/ { - r policy-hardening.snippet - d - }' \ - config/policy.xml || \ - die "Failed to apply hardening of policy.xml" - einfo "policy.xml hardened" - # For testsuite, see https://bugs.gentoo.org/show_bug.cgi?id=500580#c3 local ati_cards mesa_cards nvidia_cards render_cards shopt -s nullglob @@ -247,35 +237,3 @@ src_install() { insinto /usr/share/${PN} doins config/*icm } - -pkg_postinst() { - local _show_policy_xml_notice= - - if [[ -z "${REPLACING_VERSIONS}" ]]; then - # This is a new installation - _show_policy_xml_notice=yes - else - local v - for v in ${REPLACING_VERSIONS}; do - if ! ver_test "${v}" -gt "7.0.8.10-r2"; then - # This is an upgrade - _show_policy_xml_notice=yes - - # Show this elog only once - break - fi - done - fi - - if [[ -n "${_show_policy_xml_notice}" ]]; then - elog "For security reasons, a policy.xml file was installed in /etc/ImageMagick-7" - elog "which will prevent the usage of the following coders by default:" - elog "" - elog " - PS" - elog " - PS2" - elog " - PS3" - elog " - EPS" - elog " - PDF" - elog " - XPS" - fi -} |