[packages/ImageMagick] policy.xml changes to mitigate imagetragick

glen glen at pld-linux.org
Thu May 26 16:44:11 CEST 2016 

commit b721b050c0cd63ad00f987bc3a6389ac2a7282e0
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Thu May 26 17:43:23 2016 +0300

    policy.xml changes to mitigate imagetragick
    
    recommended config from https://imagetragick.com/

 ImageMagick.spec |  4 +++-
 config.patch     | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)
---
diff --git a/ImageMagick.spec b/ImageMagick.spec
index d43816b..e311d01 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -33,12 +33,13 @@ Summary(tr.UTF-8):	X altında resim gösterme, çevirme ve değişiklik yapma
 Summary(uk.UTF-8):	Перегляд, конвертування та обробка зображень під X Window
 Name:		ImageMagick
 Version:	%{ver}%{?pver:.%{pver}}
-Release:	1
+Release:	2
 Epoch:		1
 License:	Apache-like
 Group:		X11/Applications/Graphics
 Source0:	ftp://ftp.imagemagick.org/pub/ImageMagick/%{name}-%{ver}-%{pver}.tar.xz
 # Source0-md5:	430d33915b19f38012b55f98904c4f37
+Patch0:		config.patch
 Patch1:		%{name}-link.patch
 Patch2:		%{name}-libpath.patch
 Patch3:		%{name}-ldflags.patch
@@ -657,6 +658,7 @@ Moduł kodera dla plików WMF.
 
 %prep
 %setup -q -n %{name}-%{ver}-%{pver}
+%patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
diff --git a/config.patch b/config.patch
new file mode 100644
index 0000000..efe62fc
--- /dev/null
+++ b/config.patch
@@ -0,0 +1,19 @@
+--- ImageMagick-6.9.4-1/config/policy.xml	2016-05-09 20:28:58.000000000 +0300
++++ ImageMagick-6.9.4-1/config/policy.xml.new	2016-05-26 17:37:36.934136236 +0300
+@@ -61,7 +57,14 @@
+   <!-- <policy domain="resource" name="throttle" value="0"/> -->
+   <!-- <policy domain="resource" name="time" value="3600"/> -->
+   <!-- <policy domain="system" name="precision" value="6"/> -->
+-  <!-- <policy domain="coder" rights="none" pattern="HTTPS" /> -->
+-  <!-- <policy domain="path" rights="none" pattern="@*" /> -->
++  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
++  <policy domain="coder" rights="none" pattern="URL" />
++  <policy domain="coder" rights="none" pattern="HTTPS" />
++  <policy domain="coder" rights="none" pattern="MVG" />
++  <policy domain="coder" rights="none" pattern="MSL" />
++  <policy domain="coder" rights="none" pattern="TEXT" />
++  <policy domain="coder" rights="none" pattern="SHOW" />
++  <policy domain="coder" rights="none" pattern="WIN" />
++  <policy domain="coder" rights="none" pattern="PLT" />
+   <policy domain="cache" name="shared-secret" value="passphrase"/>
+ </policymap>
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/ImageMagick.git/commitdiff/b721b050c0cd63ad00f987bc3a6389ac2a7282e0

More information about the pld-cvs-commit mailing list