Accepting request 1112966 from graphics

- version update to 7.1.1.17
  * upstream changelog:
  https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-17---2023-09-19
- modified patches
  % ImageMagick-library-installable-in-parallel.patch (refreshed)
- follow upstream, create open, limited, secure and websafe alternative
  configuration packages with different policy.xml
- removing p7zip redundant dependency

 * [bsc#1200389] CVE-2022-32546
 * [bsc#1211792] CVE-2023-34153
 * [bsc#1211791] CVE-2023-34151
- [bsc#1209141] CVE-2023-1289
- [bsc#1207982] CVE-2022-44267
- [bsc#1207983] CVE-2022-44268
- [bsc#1203450] CVE-2022-3213
- CVE-2022-2719 [bsc#1202250]
- [bsc#1199350] CVE-2022-28463
- [bsc#1200387] CVE-2022-32547
  * CVE-2022-1115 [bsc#1198701]
  * [bsc#1200389] (CVE-2022-32546
  * CVE-2022-1114 [bsc#1198700]
  * [bsc#1200388] CVE-2022-32545
  * CVE-2022-0284 [bsc#1195563]
  * CVE-2021-4219 [bsc#1196337]

OBS-URL: https://build.opensuse.org/request/show/1112966
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ImageMagick?expand=0&rev=279
This commit is contained in:
Ana Guerrero 2023-09-26 20:00:27 +00:00 committed by Git OBS Bridge
commit bd92242574
8 changed files with 229 additions and 88 deletions

BIN
ImageMagick-7.1.1-15.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmTGad0ACgkQiatj1IJ3
N3q70A//VACuhnStqbXC+miIR0u7kOzip6uCszmV+X5w7L4ePCdke6Hp7CoSLATo
/BJUt+CU2K8a6exHwx4tTTtNm9ALASFfubL9aUCjKCh+83H6dnHgI5NpS2gSsNMD
i+FRlmm0yKKYTZZqwgWkTYDWJvnHhEEtVX+C1vgAyljlusjb+bSmEVGYPdh+EXca
rMF2bnOT3GG+MiLvI93wJAqhIGz1Zh85Ywf+wzSRaRby2z3cvH6RUMbfQXD1bOQL
l3BT+vtEsw6+GV37iWzqhVwFMWBYNzJDZUsUN6V9HmcnLdKVpPLT9a1jDZhBBDzc
kH5f4iaseG3jp7rz9BbXYQGMC8iRpZv+Ty3ew+EzjZ5Bt7ThxXVl/VnfofXOI6de
m2qj2SnLF/G3BFctpfTVYO4SWiED1/aNt5k8S0KHuYRKmGzjGf3vBV0LBIMKXs4y
VTpCm1p+RcUjHD9MKEcRpsGi6KGyLH4dZlKDwXhQ/Vcj8hg7DvvS+O2uPq/QjXPg
Dzlp0JkdRHAIMWR7Jf1XEVe1IPfl4lrxQnQkX1SxVMQExa/vXflQR91el9ijeVTv
2EEMx6hzzp07ZmQvFBCruY/gliPwyZdCY2/BmwHJ0hMekg9Z4p8NLcna+rtEMaBJ
E7IjHdHcXXxwDPCNGpeiNLSdO/oi3Il+Z0nVFqw0pI3AbojUde8=
=0QMW
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1178b2062569d83314feb9ce586eaf1144c5daa3da3784ea641cee6d28cec00b
size 10222236

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2Ccu9R2iI+TQW0Zpiatj1IJ3N3oFAmUKIgoACgkQiatj1IJ3
N3o8dg//YEt4TKYNJVn7T7plRPKcIkMygVJssF+23l7RQMCPnvI1seFPfM+I8HNZ
0FWSTR2AHDBMKPSb9P4Ztu6e7DrOsllx7Nu28FMj6/2uHzL1341azC72wOp/aCHo
VDr/D8BnoYU9EAptnRxyIGgEqCpzKeu4sVlwyAx9ydoYUy1i1hGauQHNGhIXsAUm
b7/rB7nMjbB67aTl3q7LbKQO26O4frpDmxJgEh65cL1rst5LdgQXFUM+o+Y2ZfMf
a/4cvVcmb5KSplqn1PJUZrc6rjEeJO3w3hEYkEMxoOXLaujXzKpg6Gf540HdsHH8
9HdNcrxwXLZsKrzrSHWaSPWihgEqGryHKH9PjF4gSLh+k0uYJRtBPRm/17tu5d/a
Tl2CC4n5RZqkq4lB7ofYJ2O838HSrNN43j3TA2qVPBorsMxJvw/Q5xVSusn4Pt0F
ZLkpSSnHSeKZMURT2q/ptoSkmAx9/G4FO1Pe9su5hT/5JZGewV+3rGWtyBLwpHkg
LL3d0FkzONf7LuT1fALtZV4hr0xn3L8zBb99jHh+nKYxFrk+M7sqwnJyd9uXHt8o
uVbuxfIiZz8J1sB+0BbTW/9zeDJDdZ+fs+13BsBFaHILaIGqdijuAZ8VZJfWUDPj
qOm826vFF3VouRThoxSWhwN4WJ6JR+bIZKKL+Fzustzf3uZ5aKI=
=K65O
-----END PGP SIGNATURE-----

View File

@ -1,29 +1,15 @@
--- ImageMagick-7.1.0-43/config/policy.xml
+++ ImageMagick-7.1.0-43/config/policy.xml
@@ -79,5 +79,26 @@
<!-- <policy domain="cache" name="synchronize" value="true"/> -->
<!-- <policy domain="system" name="shred" value="1"/> -->
<!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> -->
+
+ <!-- Disable insecure coders by default -->
+ <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="URL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="coder" rights="none" pattern="TEXT" />
+ <policy domain="coder" rights="none" pattern="SHOW" />
+ <policy domain="coder" rights="none" pattern="WIN" />
+ <policy domain="coder" rights="none" pattern="PLT" />
+ <policy domain="coder" rights="write" pattern="PS" />
+ <policy domain="coder" rights="write" pattern="PS2" />
+ <policy domain="coder" rights="write" pattern="PS3" />
+ <policy domain="coder" rights="write" pattern="PDF" />
+ <policy domain="coder" rights="write" pattern="XPS" />
+ <policy domain="coder" rights="write" pattern="EPI" />
+ <policy domain="coder" rights="write" pattern="EPS" />
+ <policy domain="coder" rights="write" pattern="PCL" />
+ <policy domain="path" rights="none" pattern="@*"/>
<policy domain="Undefined" rights="none"/>
</policymap>
--- a/config/policy-secure.xml
+++ b/config/policy-secure.xml
@@ -92,8 +92,10 @@
<policy domain="path" rights="none" pattern="/etc/*"/>
<!-- Indirect reads are not permitted. -->
<policy domain="path" rights="none" pattern="@*"/>
+ <!-- These image types can expose risks on read and write -->
+ <policy domain="module" rights="none" pattern="{EPHEMERAL,URL,HTTPS,MVG,MSL,TEXT,SHOW,WIN,PLT}"/>
<!-- These image types are security risks on read, but write is fine -->
- <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
+ <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS,PDF,EPI,EPS,PCL,PS1,PS2,PS3}"/>
<!-- This policy sets the number of times to replace content of certain
memory buffers and temporary files before they are freed or deleted. -->
<policy domain="system" name="shred" value="1"/>

View File

@ -1,8 +1,8 @@
Index: ImageMagick-7.1.1-15/configure
Index: ImageMagick-7.1.1-17/configure
===================================================================
--- ImageMagick-7.1.1-15.orig/configure
+++ ImageMagick-7.1.1-15/configure
@@ -35317,7 +35317,9 @@ fi
--- ImageMagick-7.1.1-17.orig/configure
+++ ImageMagick-7.1.1-17/configure
@@ -34840,7 +34840,9 @@ fi
# Subdirectory to place architecture-dependent configuration files

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Thu Sep 21 15:26:22 UTC 2023 - pgajdos@suse.com
- version update to 7.1.1.17
* upstream changelog:
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-17---2023-09-19
- modified patches
% ImageMagick-library-installable-in-parallel.patch (refreshed)
- follow upstream, create open, limited, secure and websafe alternative
configuration packages with different policy.xml
- removing p7zip redundant dependency
-------------------------------------------------------------------
Tue Aug 22 13:11:14 UTC 2023 - pgajdos@suse.com
@ -23,6 +35,9 @@ Tue May 30 08:33:42 UTC 2023 - pgajdos@suse.com
- version update to 7.1.1.11
* upstream changelog:
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-11---2023-05-29
* [bsc#1200389] CVE-2022-32546
* [bsc#1211792] CVE-2023-34153
* [bsc#1211791] CVE-2023-34151
-------------------------------------------------------------------
Thu May 25 08:05:03 UTC 2023 - pgajdos@suse.com
@ -66,6 +81,7 @@ Tue Mar 14 13:30:28 UTC 2023 - pgajdos@suse.com
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
- modified patches
% ImageMagick-library-installable-in-parallel.patch (refreshed)
- [bsc#1209141] CVE-2023-1289
-------------------------------------------------------------------
Mon Mar 13 08:45:26 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
@ -150,6 +166,8 @@ Wed Oct 26 09:27:50 UTC 2022 - Dirk Müller <dmueller@suse.com>
* latest automake configuration
* fix undefined-shift in ReadTGAImage @ https://oss-fuzz.com/testcase?key=5129864151957504
* prevent divide by zero exception
- [bsc#1207982] CVE-2022-44267
- [bsc#1207983] CVE-2022-44268
-------------------------------------------------------------------
Wed Oct 12 08:06:39 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
@ -158,6 +176,7 @@ Wed Oct 12 08:06:39 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
upstream changelog:
https://raw.githubusercontent.com/ImageMagick/Website/main/ChangeLog.md
- rebae ImageMagick-library-installable-in-parallel.patch
- [bsc#1203450] CVE-2022-3213
-------------------------------------------------------------------
Wed Sep 28 14:10:28 UTC 2022 - Dirk Müller <dmueller@suse.com>
@ -358,6 +377,9 @@ Tue Apr 19 13:37:18 UTC 2022 - Dirk Müller <dmueller@suse.com>
* Fixes #4985: 4e+26 is outside the range of representable values of type
'unsigned long' at
- fix typo on update-alternatives call
- CVE-2022-2719 [bsc#1202250]
- [bsc#1199350] CVE-2022-28463
- [bsc#1200387] CVE-2022-32547
-------------------------------------------------------------------
Sun Apr 17 12:36:12 UTC 2022 - Christian Boltz <suse-beta@cboltz.de>
@ -370,6 +392,8 @@ Thu Apr 7 07:29:22 UTC 2022 - pgajdos@suse.com
- version update to 7.1.0.29
see ChangeLog.md for details
(https://github.com/ImageMagick/ImageMagick/blob/main/ChangeLog.md)
* CVE-2022-1115 [bsc#1198701]
* [bsc#1200389] (CVE-2022-32546
-------------------------------------------------------------------
Wed Mar 23 21:46:16 UTC 2022 - Dirk Müller <dmueller@suse.com>
@ -379,6 +403,8 @@ Wed Mar 23 21:46:16 UTC 2022 - Dirk Müller <dmueller@suse.com>
* fix PS and EPS %%BoundingBox not being parsed
* fix stack based buffer overflow in _TIFFVGetField (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42549)
* fix heap buffer overflow in dcm image reading (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45640)
* CVE-2022-1114 [bsc#1198700]
* [bsc#1200388] CVE-2022-32545
-------------------------------------------------------------------
Tue Mar 15 11:34:13 UTC 2022 - pgajdos@suse.com
@ -438,6 +464,7 @@ Wed Feb 2 13:08:44 UTC 2022 - pgajdos@suse.com
https://github.com/ImageMagick/ImageMagick/discussions/4533).
* Add support for formatted text (reference
https://github.com/ImageMagick/ImageMagick/discussions/4515).
* CVE-2022-0284 [bsc#1195563]
-------------------------------------------------------------------
Thu Dec 30 09:38:20 UTC 2021 - Dirk Müller <dmueller@suse.com>
@ -446,6 +473,7 @@ Thu Dec 30 09:38:20 UTC 2021 - Dirk Müller <dmueller@suse.com>
* support -integral option.
* possible DoS for certain SVG constructs (reference
https://github.com/ImageMagick/ImageMagick/issues/4626).
* CVE-2021-4219 [bsc#1196337]
-------------------------------------------------------------------
Tue Dec 21 23:12:27 UTC 2021 - Dirk Müller <dmueller@suse.com>

View File

@ -20,7 +20,7 @@
%define asan_build 0
%define maj 7
%define mfr_version %{maj}.1.1
%define mfr_revision 15
%define mfr_revision 17
%define quantum_depth 16
%define source_version %{mfr_version}-%{mfr_revision}
%define clibver 10
@ -84,11 +84,6 @@ BuildRequires: pkgconfig(libwebpmux)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(lqr-1)
BuildRequires: pkgconfig(pango)
%if 0%{?suse_version} > 1500
BuildRequires: p7zip-full
%else
BuildRequires: p7zip
%endif
%if %{with djvu}
BuildRequires: pkgconfig(ddjvuapi)
%endif
@ -162,15 +157,38 @@ Summary: Document Files for ImageMagick Library
Group: Documentation/HTML
BuildArch: noarch
%package %{config_spec}-upstream
Summary: Upstream Configuration Files
%package %{config_spec}-upstream-open
Summary: Open ImageMagick Security Policy
Group: Development/Libraries/C and C++
Requires(post): update-alternatives
Requires(postun):update-alternatives
Provides: imagick-%{config_spec}
Obsoletes: %{config_spec}-upstream < %{version}
Provides: %{config_spec}-upstream = %{version}
%package %{config_spec}-upstream-limited
Summary: Limited ImageMagick Security Policy
Group: Development/Libraries/C and C++
Requires(post): update-alternatives
Requires(postun):update-alternatives
Provides: imagick-%{config_spec}
%package %{config_spec}-upstream-secure
Summary: Secure ImageMagick Security Policy
Group: Development/Libraries/C and C++
Requires(post): update-alternatives
Requires(postun):update-alternatives
Provides: imagick-%{config_spec}
%package %{config_spec}-upstream-websafe
Summary: Web-safe ImageMagick Security Policy
Group: Development/Libraries/C and C++
Requires(post): update-alternatives
Requires(postun):update-alternatives
Provides: imagick-%{config_spec}
%package %{config_spec}-SUSE
Summary: Upstream Configuration Files
Summary: SUSE Provided Configuration
Group: Development/Libraries/C and C++
Requires(post): update-alternatives
Requires(postun):update-alternatives
@ -274,20 +292,56 @@ support multiple generations of an image in memory at one time.
%description doc
HTML documentation for ImageMagick library and scene examples.
%description %{config_spec}-upstream
ImageMagick configuration as supplied by upstream. It does not
provide any security restrictions. ImageMagick will be vulnerable
for example by ImageTragick or PS/PDF coder issues. It should
be used in trusted environment. Version or maintenance updates
will not overwrite user changes in system configuration.
%description %{config_spec}-upstream-open
This policy is designed for usage in secure settings like those
protected by firewalls or within Docker containers. Within this framework,
ImageMagick enjoys broad access to resources and functionalities. This policy
provides convenient and adaptable options for image manipulation. However,
it's important to note that it might present security vulnerabilities in
less regulated conditions. Thus, organizations should thoroughly assess
the appropriateness of the open policy according to their particular use
case and security prerequisites.
%description %{config_spec}-upstream-limited
The primary objective of the limited security policy is to find a
middle ground between convenience and security. This policy involves the
deactivation of potentially hazardous functionalities, like specific coders
such as SVG or HTTP. Furthermore, it establishes several constraints on
the utilization of resources like memory, storage, and processing duration,
all of which are adjustable. This policy proves advantageous in situations
where there's a need to mitigate the potential threat of handling possibly
malicious or demanding images, all while retaining essential capabilities
for prevalent image formats.
%description %{config_spec}-upstream-secure
This stringent security policy prioritizes the implementation of
rigorous controls and restricted resource utilization to establish a
profoundly secure setting while employing ImageMagick. It deactivates
conceivably hazardous functionalities, including specific coders like
SVG or HTTP. The policy promotes the tailoring of security measures to
harmonize with the requirements of the local environment and the guidelines
of the organization. This protocol encompasses explicit particulars like
limitations on memory consumption, sanctioned pathways for reading and
writing, confines on image sequences, the utmost permissible duration of
workflows, allocation of disk space intended for image data, and even an
undisclosed passphrase for remote connections. By adopting this robust
policy, entities can elevate their overall security stance and alleviate
potential vulnerabilities.
%description %{config_spec}-upstream-websafe
This security protocol designed for web-safe usage focuses on situations
where ImageMagick is applied in publicly accessible contexts, like websites.
It deactivates the capability to read from or write to any image formats
other than web-safe formats like GIF, JPEG, and PNG. Additionally, this
policy prohibits the execution of image filters and indirect reads, thereby
thwarting potential security breaches. By implementing these limitations,
the web-safe policy fortifies the safeguarding of systems accessible to
the public, reducing the risk of exploiting ImageMagick's capabilities
for potential attacks.
%description %{config_spec}-SUSE
ImageMagick configuration as provide by SUSE. It is more security
aware than config-upstream variant. It does disable some coders,
that are insecure by design to prevent user to use them
inadvertently. Configuration can be subject of change by future
version and maintenance updates and system changes will not be
preserved.
ImageMagick configuration as provide by SUSE. It is upstream 'secure'
policy plus disable few other coders for reading and/or writing.
%prep
%setup -q -n ImageMagick-%{source_version}
@ -363,9 +417,9 @@ cp -r Magick++/demo Magick++/examples
cp -r PerlMagick/demo PerlMagick/examples
# other improvements
chmod -x PerlMagick/demo/*.pl
exit 0
%check
exit 0
%if %{debug_build} || %{asan_build}
# testsuite does not succeed for some reason
# research TODO
@ -390,8 +444,12 @@ cd ..
%make_install pkgdocdir=%{_defaultdocdir}/%{name}-%{maj}/
# configuration magic
mv -t %{buildroot}%{_sysconfdir}/%{name}* %{buildroot}%{_datadir}/%{name}*/*.xml
mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream}
cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{-upstream,-SUSE}
for policy in open limited secure websafe; do
cp -r %{buildroot}%{_sysconfdir}/%{config_dir}{,-upstream-$policy}
cp config/policy-$policy.xml %{buildroot}%{_sysconfdir}/%{config_dir}-upstream-$policy
done
mv %{buildroot}%{_sysconfdir}/%{config_dir}{,-SUSE}
cp config/policy-secure.xml %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE
patch --fuzz=0 --dir %{buildroot}%{_sysconfdir}/%{config_dir}-SUSE < %{PATCH0}
mkdir -p %{buildroot}%{_sysconfdir}/alternatives/
ln -sf %{_sysconfdir}/alternatives/%{config_dir} %{buildroot}%{_sysconfdir}/%{config_dir}
@ -421,7 +479,32 @@ sed -i 's:%{buildroot}::' %{buildroot}/%{_libdir}/ImageMagick-%{mfr_version}/con
%postun -n libMagickWand%{libspec}%{cwandver} -p /sbin/ldconfig
%post -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
%postun -n libMagick++%{libspec}%{cxxlibver} -p /sbin/ldconfig
%pretrans %{config_spec}-upstream -p <lua>
%post %{config_spec}-upstream-open
%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-open 1
%postun %{config_spec}-upstream-open
if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
%{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream
fi
%post %{config_spec}-upstream-limited
%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-limited 5
%postun %{config_spec}-upstream-limited
if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
%{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-limited
fi
%post %{config_spec}-upstream-secure
%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-secure 10
%postun %{config_spec}-upstream-secure
if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
%{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-secure
fi
%pretrans %{config_spec}-upstream-open -p <lua>
-- this %pretrans to be removed soon [bug#1122033#c37]
path = "%{_sysconfdir}/%{config_dir}"
st = posix.stat(path)
@ -430,13 +513,22 @@ if st and st.type == "directory" then
os.rename(path, path .. ".rpmmoved")
end
%post %{config_spec}-upstream
%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream 1
%postun %{config_spec}-upstream
if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
%{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream
fi
%pretrans %{config_spec}-upstream-limited -p <lua>
-- this %pretrans to be removed soon [bug#1122033#c37]
path = "%{_sysconfdir}/%{config_dir}"
st = posix.stat(path)
if st and st.type == "directory" then
os.remove(path .. ".rpmmoved")
os.rename(path, path .. ".rpmmoved")
end
%pretrans %{config_spec}-upstream-secure -p <lua>
-- this %pretrans to be removed soon [bug#1122033#c37]
path = "%{_sysconfdir}/%{config_dir}"
st = posix.stat(path)
if st and st.type == "directory" then
os.remove(path .. ".rpmmoved")
os.rename(path, path .. ".rpmmoved")
end
%pretrans %{config_spec}-SUSE -p <lua>
-- this %pretrans to be removed soon [bug#1122033#c37]
@ -447,14 +539,31 @@ if st and st.type == "directory" then
os.rename(path, path .. ".rpmmoved")
end
%pretrans %{config_spec}-upstream-websafe -p <lua>
-- this %pretrans to be removed soon [bug#1122033#c37]
path = "%{_sysconfdir}/%{config_dir}"
st = posix.stat(path)
if st and st.type == "directory" then
os.remove(path .. ".rpmmoved")
os.rename(path, path .. ".rpmmoved")
end
%post %{config_spec}-SUSE
%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE 10
%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE 15
%postun %{config_spec}-SUSE
if [ ! -d %{_sysconfdir}/%{config_dir}-SUSE ] ; then
%{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-SUSE
fi
%post %{config_spec}-upstream-websafe
%{_sbindir}/update-alternatives --quiet --install %{_sysconfdir}/%{config_dir} %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-websafe 20
%postun %{config_spec}-upstream-websafe
if [ ! -d %{_sysconfdir}/%{config_dir}-upstream ] ; then
%{_sbindir}/update-alternatives --quiet --remove %{config_dir} %{_sysconfdir}/%{config_dir}-upstream-websafe
fi
%files
%license LICENSE
%doc NEWS.txt
@ -534,9 +643,21 @@ fi
%files doc
%{_defaultdocdir}/%{name}-%{maj}
%files %{config_spec}-upstream
%dir %{_sysconfdir}/ImageMagick*-upstream/
%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream/*
%files %{config_spec}-upstream-open
%dir %{_sysconfdir}/ImageMagick*-upstream-open/
%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-open/*
%{_sysconfdir}/%{config_dir}
%ghost %{_sysconfdir}/alternatives/%{config_dir}
%files %{config_spec}-upstream-limited
%dir %{_sysconfdir}/ImageMagick*-upstream-limited/
%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-limited/*
%{_sysconfdir}/%{config_dir}
%ghost %{_sysconfdir}/alternatives/%{config_dir}
%files %{config_spec}-upstream-secure
%dir %{_sysconfdir}/ImageMagick*-upstream-secure/
%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-secure/*
%{_sysconfdir}/%{config_dir}
%ghost %{_sysconfdir}/alternatives/%{config_dir}
@ -546,4 +667,10 @@ fi
%{_sysconfdir}/%{config_dir}
%ghost %{_sysconfdir}/alternatives/%{config_dir}
%files %{config_spec}-upstream-websafe
%dir %{_sysconfdir}/ImageMagick*-upstream-websafe/
%config(noreplace) %{_sysconfdir}/ImageMagick*-upstream-websafe/*
%{_sysconfdir}/%{config_dir}
%ghost %{_sysconfdir}/alternatives/%{config_dir}
%changelog