Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Pullup ticket #5819 - requested by leot
graphics/ImageMagick6: security fix
Revisions pulled up:
- graphics/ImageMagick6/Makefile 1.18-1.19
- graphics/ImageMagick6/distinfo 1.10-1.11
- graphics/ImageMagick6/patches/patch-config_policy.xml 1.1-1.2
---
Module Name: pkgsrc
Committed By: leot
Date: Wed Aug 22 13:38:00 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick6: Makefile distinfo
Added Files:
pkgsrc/graphics/ImageMagick6/patches: patch-config_policy.xml
Log Message:
ImageMagick6: Disable ghostscript coders by default in policy.xml
Disable ghostscript coders in policy.xml as a workaround for
VU#332928 (<https://www.kb.cert.org/vuls/id/332928>).
Please note that apart commenting/removing lines added in policy.xml,
the ghostscript coders can be enabled per-user by copying policy.xml
to ~/.config/ImageMagick/policy.xml and adjusting it with the
following lines:
| [...]
| <policy domain=3D"coder" rights=3D"read|write" \
pattern=3D"PS" />
| <policy domain=3D"coder" rights=3D"read|write" \
pattern=3D"EPS" />
| <policy domain=3D"coder" rights=3D"read|write" \
pattern=3D"PDF" />
| <policy domain=3D"coder" rights=3D"read|write" \
pattern=3D"XPS" />
| [...]
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: leot
Date: Thu Aug 23 14:54:21 UTC 2018
Modified Files:
pkgsrc/graphics/ImageMagick6: Makefile distinfo
pkgsrc/graphics/ImageMagick6/patches: patch-config_policy.xml
Log Message:
ImageMagick6: Also block PS2 and PS3 coders in policy.xml
At least when reading PS2 and PS3 files via
`convert PS2:<input> <output>' and `convert PS3:<input> \
<output>'
gslib/ghostscript will be invoked and hence subject to VU#332928.
Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from
VU#332928 update).
| Revision | Action | file |
| 1.16.2.1 | modify | pkgsrc/graphics/ImageMagick6/Makefile |
| 1.9.4.1 | modify | pkgsrc/graphics/ImageMagick6/distinfo |
| 1.2.2.2 | add | pkgsrc/graphics/ImageMagick6/patches/patch-config_policy.xml |