imagemagick: ship a safer default security policy

Arkkeeper · Sep 8, 2018 · bc4a2b8 · bc4a2b8
1 parent e0f0836
commit bc4a2b8
Showing 1 changed file with 27 additions and 1 deletion.
diff --git a/Formula/imagemagick.rb b/Formula/imagemagick.rb
@@ -7,6 +7,7 @@ class Imagemagick < Formula
   url "https://dl.bintray.com/homebrew/mirror/imagemagick--7.0.8-11.tar.xz"
   mirror "https://www.imagemagick.org/download/ImageMagick-7.0.8-11.tar.xz"
   sha256 "c15f14c054b4fde417e7b82c23950047203f81e582de7f1270cf3bdfa8a38a03"
+  revision 1
   head "https://github.com/ImageMagick/ImageMagick.git"
 
   bottle do
@@ -64,6 +65,17 @@ class Imagemagick < Formula
 
   skip_clean :la
 
+  # This isn't an upstream issue and this patch should not be removed.
+  # Imagemagick delegate configuring secure defaults to users/packagers
+  # and ship the most "open" (and thus potentially unsafe) configuration
+  # possible out of the box. This policy is inspired by both Debian's and
+  # the advice on Imagemagick's related page:
+  # https://www.imagemagick.org/script/security-policy.php
+  patch do
+    url "https://raw.githubusercontent.com/Homebrew/formula-patches/a95f9dd/imagemagick/imagemagick_safer_defaults.diff"
+    sha256 "3f22b13e206d2403b53692412b7b69d175530f5977350486b81da5027c548b44"
+  end
+
   def install
     args = %W[
       --disable-osx-universal-binary
@@ -104,7 +116,14 @@ def install
       args << "--without-openjp2"
     end
 
-    args << "--without-gslib" if build.without? "ghostscript"
+    if build.with? "ghostscript"
+      inreplace "config/policy.xml",
+                /.*EPS,PS2,PS3,PS,PDF,XPS.*$/,
+                "  <!-- \\0 -->"
+    else
+      args << "--without-gslib"
+    end
+
     args << "--with-perl" << "--with-perl-options='PREFIX=#{prefix}'" if build.with? "perl"
     args << "--with-gs-font-dir=#{HOMEBREW_PREFIX}/share/ghostscript/fonts" if build.without? "ghostscript"
     args << "--without-magick-plus-plus" if build.without? "magick-plus-plus"
@@ -140,5 +159,12 @@ def caveats
     %w[Modules freetype jpeg png tiff].each do |feature|
       assert_match feature, features
     end
+
+    # Check our security policy is working as expected.
+    cp test_fixtures("test.pdf"), testpath
+    output = shell_output("#{bin}/convert test.pdf test.jpg 2>&1", 1)
+    assert_match "not authorized", output
+    refute_predicate testpath/"test.jpg", :exist?,
+      "Imagemagick's security policy was not enforced as expected"
   end
 end