Date: Tue, 3 May 2016 21:52:32 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r414562 - in head/graphics: ImageMagick ImageMagick/files ImageMagick7 ImageMagick7/files Message-ID: <201605032152.u43LqWbr001559@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Tue May 3 21:52:32 2016 New Revision: 414562 URL: https://svnweb.freebsd.org/changeset/ports/414562 Log: Disable EPHEMERAL, HTTPS, MVG and MSL coders until a a new release can be made what fixes the CVE issues with these coders. Obtained from: ImageMagick support forum Security: CVE-2016-3714 Added: head/graphics/ImageMagick/files/ head/graphics/ImageMagick/files/patch-config_delegates.xml.in (contents, props changed) head/graphics/ImageMagick/files/patch-config_policy.xml (contents, props changed) head/graphics/ImageMagick7/files/ head/graphics/ImageMagick7/files/patch-config_delegates.xml.in (contents, props changed) head/graphics/ImageMagick7/files/patch-config_policy.xml (contents, props changed) Modified: head/graphics/ImageMagick/Makefile head/graphics/ImageMagick7/Makefile Modified: head/graphics/ImageMagick/Makefile ============================================================================== --- head/graphics/ImageMagick/Makefile Tue May 3 21:27:18 2016 (r414561) +++ head/graphics/ImageMagick/Makefile Tue May 3 21:52:32 2016 (r414562) @@ -2,6 +2,7 @@ PORTNAME= ImageMagick DISTVERSION= 6.9.3-9 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= graphics perl5 MASTER_SITES= http://www.imagemagick.org/download/ \ Added: head/graphics/ImageMagick/files/patch-config_delegates.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/ImageMagick/files/patch-config_delegates.xml.in Tue May 3 21:52:32 2016 (r414562) @@ -0,0 +1,10 @@ +--- config/delegates.xml.in.orig 2016-05-03 23:36:18.581813000 +0200 ++++ config/delegates.xml.in 2016-05-03 23:36:26.858835000 +0200 +@@ -88,7 +88,6 @@ + <delegate decode="hpgl" command=""@HPGLDecodeDelegate@" -q -m eps -f `basename "%o"` "%i"; mv -f `basename "%o"` "%o""/> + <delegate decode="htm" command=""@HTMLDecodeDelegate@" -U -o "%o" "%i""/> + <delegate decode="html" command=""@HTMLDecodeDelegate@" -U -o "%o" "%i""/> +- <delegate decode="https" command=""@WWWDecodeDelegate@" -s -k -L -o "%o" "https:%F""/>; + <delegate decode="ilbm" command=""@ILBMDecodeDelegate@" "%i" > "%o""/> + <delegate decode="jxr" command="mv "%i" "%i.jxr"; "@JXRDecodeDelegate@" -i "%i.jxr" -o "%o.bmp" -c 0; mv "%i.jxr" "%i"; mv "%o.bmp" "%o""/> + <delegate decode="man" command=""@MANDelegate@" -man -Tps "%i" > "%o""/> Added: head/graphics/ImageMagick/files/patch-config_policy.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/ImageMagick/files/patch-config_policy.xml Tue May 3 21:52:32 2016 (r414562) @@ -0,0 +1,12 @@ +--- config/policy.xml.orig 2016-05-03 23:18:45.652543000 +0200 ++++ config/policy.xml 2016-05-03 23:19:23.818471000 +0200 +@@ -58,4 +58,9 @@ + <!-- <policy domain="resource" name="time" value="3600"/> --> + <!-- <policy domain="system" name="precision" value="6"/> --> + <policy domain="cache" name="shared-secret" value="passphrase"/> ++ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++ <policy domain="coder" rights="none" pattern="URL" /> ++ <policy domain="coder" rights="none" pattern="HTTPS" /> ++ <policy domain="coder" rights="none" pattern="MVG" /> ++ <policy domain="coder" rights="none" pattern="MSL" /> + </policymap> Modified: head/graphics/ImageMagick7/Makefile ============================================================================== --- head/graphics/ImageMagick7/Makefile Tue May 3 21:27:18 2016 (r414561) +++ head/graphics/ImageMagick7/Makefile Tue May 3 21:52:32 2016 (r414562) @@ -2,6 +2,7 @@ PORTNAME= ImageMagick DISTVERSION= 7.0.1-0 +PORTREVISION= 1 CATEGORIES= graphics perl5 MASTER_SITES= http://www.imagemagick.org/download/ \ http://www.imagemagick.org/download/legacy/ \ Added: head/graphics/ImageMagick7/files/patch-config_delegates.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/ImageMagick7/files/patch-config_delegates.xml.in Tue May 3 21:52:32 2016 (r414562) @@ -0,0 +1,10 @@ +--- config/delegates.xml.in.orig 2016-05-03 23:33:12.300197000 +0200 ++++ config/delegates.xml.in 2016-05-03 23:33:29.641438000 +0200 +@@ -90,7 +90,6 @@ + <delegate decode="hpgl" command=""@HPGLDecodeDelegate@" -q -m eps -f `basename "%o"` "%i"; mv -f `basename "%o"` "%o""/> + <delegate decode="htm" command=""@HTMLDecodeDelegate@" -U -o "%o" "%i""/> + <delegate decode="html" command=""@HTMLDecodeDelegate@" -U -o "%o" "%i""/> +- <delegate decode="https" command=""@WWWDecodeDelegate@" -s -k -L -o "%o" "https:%F""/>; + <delegate decode="ilbm" command=""@ILBMDecodeDelegate@" "%i" > "%o""/> + <delegate decode="jxr" command="mv "%i" "%i.jxr"; "@JXRDecodeDelegate@" -i "%i.jxr" -o "%o.pnm"; mv "%i.jxr" "%i"; mv "%o.pnm" "%o""/> + <delegate decode="man" command=""@MANDelegate@" -man -Tps "%i" > "%o""/> Added: head/graphics/ImageMagick7/files/patch-config_policy.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/ImageMagick7/files/patch-config_policy.xml Tue May 3 21:52:32 2016 (r414562) @@ -0,0 +1,12 @@ +--- config/policy.xml.orig 2016-05-03 23:18:45.652543000 +0200 ++++ config/policy.xml 2016-05-03 23:19:23.818471000 +0200 +@@ -58,4 +58,9 @@ + <!-- <policy domain="resource" name="time" value="3600"/> --> + <!-- <policy domain="system" name="precision" value="6"/> --> + <policy domain="cache" name="shared-secret" value="passphrase"/> ++ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++ <policy domain="coder" rights="none" pattern="URL" /> ++ <policy domain="coder" rights="none" pattern="HTTPS" /> ++ <policy domain="coder" rights="none" pattern="MVG" /> ++ <policy domain="coder" rights="none" pattern="MSL" /> + </policymap>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605032152.u43LqWbr001559>