diff options
| author | Koop Mast <kwm@FreeBSD.org> | 2016-05-03 21:52:32 +0000 |
|---|---|---|
| committer | Koop Mast <kwm@FreeBSD.org> | 2016-05-03 21:52:32 +0000 |
| commit | d46f171c65fda2a031c58b2ac6292d870351e481 (patch) | |
| tree | 5f9088df5976529e874708dfbd30ce13659b540e /graphics/ImageMagick7 | |
| parent | ea352546c2be861affb53e96cfba6023d73ea943 (diff) | |
| download | ports-d46f171c65fda2a031c58b2ac6292d870351e481.tar.gz ports-d46f171c65fda2a031c58b2ac6292d870351e481.zip | |
Disable EPHEMERAL, HTTPS, MVG and MSL coders until a a new release can be
made what fixes the CVE issues with these coders.
Obtained from: ImageMagick support forum
Security: CVE-2016-3714
Notes
Notes:
svn path=/head/; revision=414562
Diffstat (limited to 'graphics/ImageMagick7')
| -rw-r--r-- | graphics/ImageMagick7/Makefile | 1 | ||||
| -rw-r--r-- | graphics/ImageMagick7/files/patch-config_delegates.xml.in | 10 | ||||
| -rw-r--r-- | graphics/ImageMagick7/files/patch-config_policy.xml | 12 |
3 files changed, 23 insertions, 0 deletions
diff --git a/graphics/ImageMagick7/Makefile b/graphics/ImageMagick7/Makefile index c8aca4972fa4..649ef90f416e 100644 --- a/graphics/ImageMagick7/Makefile +++ b/graphics/ImageMagick7/Makefile @@ -2,6 +2,7 @@ PORTNAME= ImageMagick DISTVERSION= 7.0.1-0 +PORTREVISION= 1 CATEGORIES= graphics perl5 MASTER_SITES= http://www.imagemagick.org/download/ \ http://www.imagemagick.org/download/legacy/ \ diff --git a/graphics/ImageMagick7/files/patch-config_delegates.xml.in b/graphics/ImageMagick7/files/patch-config_delegates.xml.in new file mode 100644 index 000000000000..c269fb5771f6 --- /dev/null +++ b/graphics/ImageMagick7/files/patch-config_delegates.xml.in @@ -0,0 +1,10 @@ +--- config/delegates.xml.in.orig 2016-05-03 23:33:12.300197000 +0200 ++++ config/delegates.xml.in 2016-05-03 23:33:29.641438000 +0200 +@@ -90,7 +90,6 @@ + <delegate decode="hpgl" command=""@HPGLDecodeDelegate@" -q -m eps -f `basename "%o"` "%i"; mv -f `basename "%o"` "%o""/> + <delegate decode="htm" command=""@HTMLDecodeDelegate@" -U -o "%o" "%i""/> + <delegate decode="html" command=""@HTMLDecodeDelegate@" -U -o "%o" "%i""/> +- <delegate decode="https" command=""@WWWDecodeDelegate@" -s -k -L -o "%o" "https:%F""/> + <delegate decode="ilbm" command=""@ILBMDecodeDelegate@" "%i" > "%o""/> + <delegate decode="jxr" command="mv "%i" "%i.jxr"; "@JXRDecodeDelegate@" -i "%i.jxr" -o "%o.pnm"; mv "%i.jxr" "%i"; mv "%o.pnm" "%o""/> + <delegate decode="man" command=""@MANDelegate@" -man -Tps "%i" > "%o""/> diff --git a/graphics/ImageMagick7/files/patch-config_policy.xml b/graphics/ImageMagick7/files/patch-config_policy.xml new file mode 100644 index 000000000000..171053813054 --- /dev/null +++ b/graphics/ImageMagick7/files/patch-config_policy.xml @@ -0,0 +1,12 @@ +--- config/policy.xml.orig 2016-05-03 23:18:45.652543000 +0200 ++++ config/policy.xml 2016-05-03 23:19:23.818471000 +0200 +@@ -58,4 +58,9 @@ + <!-- <policy domain="resource" name="time" value="3600"/> --> + <!-- <policy domain="system" name="precision" value="6"/> --> + <policy domain="cache" name="shared-secret" value="passphrase"/> ++ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++ <policy domain="coder" rights="none" pattern="URL" /> ++ <policy domain="coder" rights="none" pattern="HTTPS" /> ++ <policy domain="coder" rights="none" pattern="MVG" /> ++ <policy domain="coder" rights="none" pattern="MSL" /> + </policymap> |