Commit 187a311e authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

imagemagick: make the default policy safer.

parent b8b91dc7
......@@ -60,6 +60,7 @@ configure-options =
patch-options = -p1
patches =
${:_profile_base_location_}/imagemagick-6.6.6-1-no-gsx-gsc-probe.patch#3f28ecd9f6722cf2c3238ce6ec3d7a68
${:_profile_base_location_}/safe_policy.patch#6c3ed3be347d04f56f70a6266272d845
environment =
PATH=${freetype:location}/bin:${ghostscript:location}/bin:${inkscape:location}/bin:${libxml2:location}/bin:${patch:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
......
--- ImageMagick-6.8.9-1/config/policy.xml.orig 2013-01-14 14:57:39.000000000 +0100
+++ ImageMagick-6.8.9-1/config/policy.xml 2016-05-04 11:20:03.111695907 +0200
@@ -46,14 +46,19 @@
-->
<policymap>
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
- <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
- <!-- <policy domain="resource" name="map" value="4GiB"/> -->
- <!-- <policy domain="resource" name="area" value="1GB"/> -->
- <!-- <policy domain="resource" name="disk" value="16EB"/> -->
- <!-- <policy domain="resource" name="file" value="768"/> -->
- <!-- <policy domain="resource" name="thread" value="4"/> -->
- <!-- <policy domain="resource" name="throttle" value="0"/> -->
- <!-- <policy domain="resource" name="time" value="3600"/> -->
- <!-- <policy domain="system" name="precision" value="6"/> -->
+ <policy domain="resource" name="memory" value="2GiB"/>
+ <policy domain="resource" name="map" value="4GiB"/>
+ <policy domain="resource" name="area" value="1GB"/>
+ <policy domain="resource" name="disk" value="16EB"/>
+ <policy domain="resource" name="file" value="768"/>
+ <policy domain="resource" name="thread" value="4"/>
+ <policy domain="resource" name="throttle" value="0"/>
+ <policy domain="resource" name="time" value="3600"/>
+ <policy domain="system" name="precision" value="6"/>
<policy domain="cache" name="shared-secret" value="passphrase"/>
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="path" rights="none" pattern="@*" />
</policymap>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment