Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
187a311e
Commit
187a311e
authored
May 04, 2016
by
Kazuhiko Shiozaki
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
imagemagick: make the default policy safer.
parent
b8b91dc7
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
32 additions
and
0 deletions
+32
-0
component/imagemagick/buildout.cfg
component/imagemagick/buildout.cfg
+1
-0
component/imagemagick/safe_policy.patch
component/imagemagick/safe_policy.patch
+31
-0
No files found.
component/imagemagick/buildout.cfg
View file @
187a311e
...
@@ -60,6 +60,7 @@ configure-options =
...
@@ -60,6 +60,7 @@ configure-options =
patch-options = -p1
patch-options = -p1
patches =
patches =
${:_profile_base_location_}/imagemagick-6.6.6-1-no-gsx-gsc-probe.patch#3f28ecd9f6722cf2c3238ce6ec3d7a68
${:_profile_base_location_}/imagemagick-6.6.6-1-no-gsx-gsc-probe.patch#3f28ecd9f6722cf2c3238ce6ec3d7a68
${:_profile_base_location_}/safe_policy.patch#6c3ed3be347d04f56f70a6266272d845
environment =
environment =
PATH=${freetype:location}/bin:${ghostscript:location}/bin:${inkscape:location}/bin:${libxml2:location}/bin:${patch:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${freetype:location}/bin:${ghostscript:location}/bin:${inkscape:location}/bin:${libxml2:location}/bin:${patch:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
PKG_CONFIG_PATH=${:pkg_config_depends}
...
...
component/imagemagick/safe_policy.patch
0 → 100644
View file @
187a311e
--- ImageMagick-6.8.9-1/config/policy.xml.orig 2013-01-14 14:57:39.000000000 +0100
+++ ImageMagick-6.8.9-1/config/policy.xml 2016-05-04 11:20:03.111695907 +0200
@@ -46,14 +46,19 @@
-->
<policymap>
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
- <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
- <!-- <policy domain="resource" name="map" value="4GiB"/> -->
- <!-- <policy domain="resource" name="area" value="1GB"/> -->
- <!-- <policy domain="resource" name="disk" value="16EB"/> -->
- <!-- <policy domain="resource" name="file" value="768"/> -->
- <!-- <policy domain="resource" name="thread" value="4"/> -->
- <!-- <policy domain="resource" name="throttle" value="0"/> -->
- <!-- <policy domain="resource" name="time" value="3600"/> -->
- <!-- <policy domain="system" name="precision" value="6"/> -->
+ <policy domain="resource" name="memory" value="2GiB"/>
+ <policy domain="resource" name="map" value="4GiB"/>
+ <policy domain="resource" name="area" value="1GB"/>
+ <policy domain="resource" name="disk" value="16EB"/>
+ <policy domain="resource" name="file" value="768"/>
+ <policy domain="resource" name="thread" value="4"/>
+ <policy domain="resource" name="throttle" value="0"/>
+ <policy domain="resource" name="time" value="3600"/>
+ <policy domain="system" name="precision" value="6"/>
<policy domain="cache" name="shared-secret" value="passphrase"/>
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="path" rights="none" pattern="@*" />
</policymap>
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment