saving uncommitted changes in /etc prior to emerge run

diff --git a/ImageMagick-6/delegates.xml b/ImageMagick-6/delegates.xml
index 40392a3efca1c79764d1d4ee1a5c0ef846372fd2..35742a4c53ef256f03e6c7a1e09d4740412abb3d 100644 (file)
--- a/ImageMagick-6/delegates.xml
+++ b/ImageMagick-6/delegates.xml
@@ -100,6 +100,7 @@
   <delegate decode="bmp" encode="wdp" command="/bin/mv &quot;%i&quot; &quot;%i.bmp&quot;; &quot;JxrEncApp&quot; -i &quot;%i.bmp&quot; -o &quot;%o.jxr&quot;; /bin/mv &quot;%i.bmp&quot; &quot;%i&quot;; /bin/mv &quot;%o.jxr&quot; &quot;%o&quot;"/>
   <delegate decode="ppt" command="&quot;soffice&quot; --convert-to pdf -outdir `dirname &quot;%i&quot;` &quot;%i&quot; 2&gt; &quot;%u&quot;; /bin/mv &quot;%i.pdf&quot; &quot;%o&quot;"/>
   <delegate decode="pptx" command="&quot;soffice&quot; --convert-to pdf -outdir `dirname &quot;%i&quot;` &quot;%i&quot; 2&gt; &quot;%u&quot;; /bin/mv &quot;%i.pdf&quot; &quot;%o&quot;"/>
+  <delegate decode="ps" encode="prt" command='&quot;/usr/bin/lpr&quot; &quot;%i&quot;'/>
   <delegate decode="ps:alpha" stealth="True" command="&quot;gs&quot; -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pngalpha&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;-f%s&quot; &quot;-f%s&quot;"/>
   <delegate decode="ps:cmyk" stealth="True" command="&quot;gs&quot; -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pamcmyk32&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;-f%s&quot; &quot;-f%s&quot;"/>
   <delegate decode="ps:color" stealth="True" command="&quot;gs&quot; -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=pnmraw&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;-f%s&quot; &quot;-f%s&quot;"/>

diff --git a/ImageMagick-6/policy.xml b/ImageMagick-6/policy.xml
index d535e3e0b5a930f86ecc846ac1d973c2c1eaa72c..e295f80f6ef6ce61b7553d953bc4cabc1a7c9624 100644 (file)
--- a/ImageMagick-6/policy.xml
+++ b/ImageMagick-6/policy.xml
@@ -2,10 +2,16 @@
 <!DOCTYPE policymap [
 <!ELEMENT policymap (policy)+>
 <!ELEMENT policy (#PCDATA)>
-<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
+<!ATTLIST policy domain (cache|delegate|coder|path|resource|system) #IMPLIED>
 <!ATTLIST policy name CDATA #IMPLIED>
 <!ATTLIST policy rights CDATA #IMPLIED>
+<!ATTLIST policy stealth CDATA #IMPLIED>
+<!ATTLIST policy cache CDATA #IMPLIED>
+<!ATTLIST policy coder CDATA #IMPLIED>
+<!ATTLIST policy delegate CDATA #IMPLIED>
 <!ATTLIST policy pattern CDATA #IMPLIED>
+<!ATTLIST policy path CDATA #IMPLIED>
+<!ATTLIST policy system CDATA #IMPLIED>
 <!ATTLIST policy value CDATA #IMPLIED>
 ]>
 <!--
@@ -13,7 +19,7 @@
 
   Domains include system, delegate, coder, filter, path, or resource.
 
-  Rights include none, read, write, and execute.  Use | to combine them,
+  Rights include none, read, write, execute and all.  Use | to combine them,
   for example: "read | write" to permit read from, or write to, a path.
 
   Use a glob expression as a pattern.
@@ -41,28 +47,39 @@
 
   Any large image is cached to disk rather than memory:
 
-    <policy domain="resource" name="area" value="1GB"/>
+    <policy domain="resource" name="area" value="1GP"/>
 
   Define arguments for the memory, map, area, width, height, and disk resources
   with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
   for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
   exceeds policy maximum so memory limit is 1GB).
+
+  Rules are processed in order.  Here we want to restrict ImageMagick to only
+  read or write a small subset of proven web-safe image types:
+
+    <policy domain="delegate" rights="none" pattern="*" />
+    <policy domain="coder" rights="none" pattern="*" />
+    <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
 -->
 <policymap>
+  <!-- <policy domain="system" name="shred" value="2"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- <policy domain="system" name="memory-map" value="anonymous"/> -->
   <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
   <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
   <!-- <policy domain="resource" name="map" value="4GiB"/> -->
   <!-- <policy domain="resource" name="width" value="10MP"/> -->
   <!-- <policy domain="resource" name="height" value="10MP"/> -->
-  <!-- <policy domain="resource" name="area" value="1GB"/> -->
-  <!-- <policy domain="resource" name="disk" value="16EB"/> -->
+  <!-- <policy domain="resource" name="area" value="100MP"/> -->
+  <!-- <policy domain="resource" name="disk" value="16EiB"/> -->
   <!-- <policy domain="resource" name="file" value="768"/> -->
   <!-- <policy domain="resource" name="thread" value="4"/> -->
   <!-- <policy domain="resource" name="throttle" value="0"/> -->
   <!-- <policy domain="resource" name="time" value="3600"/> -->
-  <!-- <policy domain="system" name="precision" value="6"/> -->
   <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
   <!-- <policy domain="path" rights="none" pattern="@*"/>  -->
+  <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
+  <!-- <policy domain="cache" name="synchronize" value="True"/> -->
   <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
 </policymap>