---
- branch: pkgsrc-2018Q2
  date: Sat Aug 25 19:26:01 UTC 2018
  files:
  - new: 1.16.2.1
    old: '1.16'
    path: pkgsrc/graphics/ImageMagick6/Makefile
    pathrev: pkgsrc/graphics/ImageMagick6/Makefile@1.16.2.1
    type: modified
  - new: 1.9.4.1
    old: '1.9'
    path: pkgsrc/graphics/ImageMagick6/distinfo
    pathrev: pkgsrc/graphics/ImageMagick6/distinfo@1.9.4.1
    type: modified
  - new: 1.2.2.2
    old: '0'
    path: pkgsrc/graphics/ImageMagick6/patches/patch-config_policy.xml
    pathrev: pkgsrc/graphics/ImageMagick6/patches/patch-config_policy.xml@1.2.2.2
    type: added
  id: 20180825T192601Z.39bdad47788ea221f2fa621236ce5d92a2fae874
  log: "Pullup ticket #5819 - requested by leot\ngraphics/ImageMagick6: security fix\n\nRevisions
    pulled up:\n- graphics/ImageMagick6/Makefile                                1.18-1.19\n-
    graphics/ImageMagick6/distinfo                                1.10-1.11\n- graphics/ImageMagick6/patches/patch-config_policy.xml
    \        1.1-1.2\n\n---\n   Module Name:\tpkgsrc\n   Committed By:\tleot\n   Date:\t\tWed
    Aug 22 13:38:00 UTC 2018\n\n   Modified Files:\n   \tpkgsrc/graphics/ImageMagick6:
    Makefile distinfo\n   Added Files:\n   \tpkgsrc/graphics/ImageMagick6/patches:
    patch-config_policy.xml\n\n   Log Message:\n   ImageMagick6: Disable ghostscript
    coders by default in policy.xml\n\n   Disable ghostscript coders in policy.xml
    as a workaround for\n   VU#332928 (<https://www.kb.cert.org/vuls/id/332928>).\n\n
    \  Please note that apart commenting/removing lines added in policy.xml,\n   the
    ghostscript coders can be enabled per-user by copying policy.xml\n   to ~/.config/ImageMagick/policy.xml
    and adjusting it with the\n   following lines:\n\n     | [...]\n     | <policy
    domain=3D\"coder\" rights=3D\"read|write\" pattern=3D\"PS\" />\n     | <policy
    domain=3D\"coder\" rights=3D\"read|write\" pattern=3D\"EPS\" />\n     | <policy
    domain=3D\"coder\" rights=3D\"read|write\" pattern=3D\"PDF\" />\n     | <policy
    domain=3D\"coder\" rights=3D\"read|write\" pattern=3D\"XPS\" />\n     | [...]\n\n
    \  Bump PKGREVISION\n\n---\n   Module Name:\tpkgsrc\n   Committed By:\tleot\n
    \  Date:\t\tThu Aug 23 14:54:21 UTC 2018\n\n   Modified Files:\n   \tpkgsrc/graphics/ImageMagick6:
    Makefile distinfo\n   \tpkgsrc/graphics/ImageMagick6/patches: patch-config_policy.xml\n\n
    \  Log Message:\n   ImageMagick6: Also block PS2 and PS3 coders in policy.xml\n\n
    \  At least when reading PS2 and PS3 files via\n   `convert PS2:<input> <output>'
    and `convert PS3:<input> <output>'\n   gslib/ghostscript will be invoked and hence
    subject to VU#332928.\n\n   Pointed out by Bob Friesenhahn via oss-security@ ML
    (and follow up from\n   VU#332928 update).\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2018Q2] pkgsrc/graphics/ImageMagick6'
  unixtime: '1535225161'
  user: bsiegert