[packages/ImageMagick] policy.xml changes to mitigate imagetragick

Thu May 26 18:38:01 CEST 2016

On Thursday 26 of May 2016, glen wrote:
> commit b721b050c0cd63ad00f987bc3a6389ac2a7282e0
> Author: Elan Ruusamäe <glen at delfi.ee>
> Date:   Thu May 26 17:43:23 2016 +0300
> 
>     policy.xml changes to mitigate imagetragick
> 
>     recommended config from https://imagetragick.com/

Isn't that just disabling specified formats which makes little sense as this 
version is supposed to have these extensions fixed?

> 
>  ImageMagick.spec |  4 +++-
>  config.patch     | 19 +++++++++++++++++++
>  2 files changed, 22 insertions(+), 1 deletion(-)
> ---
> diff --git a/ImageMagick.spec b/ImageMagick.spec
> index d43816b..e311d01 100644
> --- a/ImageMagick.spec
> +++ b/ImageMagick.spec
> @@ -33,12 +33,13 @@ Summary(tr.UTF-8):	X altında resim gösterme, çevirme ve
> değişiklik yapma Summary(uk.UTF-8):	Перегляд, конвертування та обробка
> зображень під X Window Name:		ImageMagick
>  Version:	%{ver}%{?pver:.%{pver}}
> -Release:	1
> +Release:	2
>  Epoch:		1
>  License:	Apache-like
>  Group:		X11/Applications/Graphics
>  Source0:	
ftp://ftp.imagemagick.org/pub/ImageMagick/%{name}-%{ver}-%{pver}.
> tar.xz # Source0-md5:	430d33915b19f38012b55f98904c4f37
> +Patch0:		config.patch
>  Patch1:		%{name}-link.patch
>  Patch2:		%{name}-libpath.patch
>  Patch3:		%{name}-ldflags.patch
> @@ -657,6 +658,7 @@ Moduł kodera dla plików WMF.
> 
>  %prep
>  %setup -q -n %{name}-%{ver}-%{pver}
> +%patch0 -p1
>  %patch1 -p1
>  %patch2 -p1
>  %patch3 -p1
> diff --git a/config.patch b/config.patch
> new file mode 100644
> index 0000000..efe62fc
> --- /dev/null
> +++ b/config.patch
> @@ -0,0 +1,19 @@
> +--- ImageMagick-6.9.4-1/config/policy.xml	2016-05-09 20:28:58.000000000
> +0300 ++++ ImageMagick-6.9.4-1/config/policy.xml.new	2016-05-26
> 17:37:36.934136236 +0300 +@@ -61,7 +57,14 @@
> +   <!-- <policy domain="resource" name="throttle" value="0"/> -->
> +   <!-- <policy domain="resource" name="time" value="3600"/> -->
> +   <!-- <policy domain="system" name="precision" value="6"/> -->
> +-  <!-- <policy domain="coder" rights="none" pattern="HTTPS" /> -->
> +-  <!-- <policy domain="path" rights="none" pattern="@*" /> -->
> ++  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
> ++  <policy domain="coder" rights="none" pattern="URL" />
> ++  <policy domain="coder" rights="none" pattern="HTTPS" />
> ++  <policy domain="coder" rights="none" pattern="MVG" />
> ++  <policy domain="coder" rights="none" pattern="MSL" />
> ++  <policy domain="coder" rights="none" pattern="TEXT" />
> ++  <policy domain="coder" rights="none" pattern="SHOW" />
> ++  <policy domain="coder" rights="none" pattern="WIN" />
> ++  <policy domain="coder" rights="none" pattern="PLT" />
> +   <policy domain="cache" name="shared-secret" value="passphrase"/>
> + </policymap>
> ================================================================
> 
> ---- gitweb:
> 
> http://git.pld-linux.org/gitweb.cgi/packages/ImageMagick.git/commitdiff/b72
> 1b050c0cd63ad00f987bc3a6389ac2a7282e0
> 
> _______________________________________________
> pld-cvs-commit mailing list
> pld-cvs-commit at lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

-- 
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )