[packages/ImageMagick] CVE-2016-5118 fix

glen glen at pld-linux.org
Fri Jun 3 10:02:13 CEST 2016


commit 0cd4aeaaa9e0948cce97996f28be1e5739aa4719
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Fri Jun 3 10:56:21 2016 +0300

    CVE-2016-5118 fix

 ImageMagick.spec | 2 +-
 config.patch     | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 7c577e2..c321d73 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -33,7 +33,7 @@ Summary(tr.UTF-8):	X altında resim gösterme, çevirme ve değişiklik yapma
 Summary(uk.UTF-8):	Перегляд, конвертування та обробка зображень під X Window
 Name:		ImageMagick
 Version:	%{ver}%{?pver:.%{pver}}
-Release:	3
+Release:	4
 Epoch:		1
 License:	Apache-like
 Group:		X11/Applications/Graphics
diff --git a/config.patch b/config.patch
index 36d4eab..16a1e2f 100644
--- a/config.patch
+++ b/config.patch
@@ -1,6 +1,6 @@
 --- ImageMagick-6.9.4-1/config/policy.xml	2016-05-09 20:28:58.000000000 +0300
 +++ ImageMagick-6.9.4-1/config/policy.xml.new	2016-05-26 17:37:36.934136236 +0300
-@@ -61,7 +57,16 @@
+@@ -61,7 +57,18 @@
    <!-- <policy domain="resource" name="throttle" value="0"/> -->
    <!-- <policy domain="resource" name="time" value="3600"/> -->
    <!-- <policy domain="system" name="precision" value="6"/> -->
@@ -17,5 +17,7 @@
 +  <policy domain="coder" rights="none" pattern="SHOW" />
 +  <policy domain="coder" rights="none" pattern="WIN" />
 +  <policy domain="coder" rights="none" pattern="PLT" />
++  <policy domain="path" rights="none" pattern="@*" />
++  <policy domain="path" rights="none" pattern="|*" />
    <policy domain="cache" name="shared-secret" value="passphrase"/>
  </policymap>
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/ImageMagick.git/commitdiff/0cd4aeaaa9e0948cce97996f28be1e5739aa4719



More information about the pld-cvs-commit mailing list