Overview

File ImageMagick-configuration-SUSE.patch of Package ImageMagick

Index: ImageMagick-7.1.1-30/config/policy-secure.xml
===================================================================
--- ImageMagick-7.1.1-30.orig/config/policy-secure.xml
+++ ImageMagick-7.1.1-30/config/policy-secure.xml
@@ -62,7 +62,7 @@
   <policy domain="resource" name="disk" value="1GiB"/>
   <!-- Set the maximum length of an image sequence.  When this limit is
        exceeded, an exception is thrown. -->
-  <policy domain="resource" name="list-length" value="32"/>
+  <policy domain="resource" name="list-length" value="128"/>
   <!-- Set the maximum width of an image.  When this limit is exceeded, an
        exception is thrown. -->
   <policy domain="resource" name="width" value="8KP"/>
@@ -83,17 +83,19 @@
   <!-- Replace passphrase for secure distributed processing -->
   <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> -->
   <!-- Do not permit any delegates to execute. -->
-  <policy domain="delegate" rights="none" pattern="*"/>
+  <!--policy domain="delegate" rights="none" pattern="*"/-->
   <!-- Do not permit any image filters to load. -->
   <policy domain="filter" rights="none" pattern="*"/>
   <!-- Don't read/write from/to stdin/stdout. -->
-  <policy domain="path" rights="none" pattern="-"/>
+  <!--policy domain="path" rights="none" pattern="-"/-->
   <!-- don't read sensitive paths. -->
   <policy domain="path" rights="none" pattern="/etc/*"/>
   <!-- Indirect reads are not permitted. -->
   <policy domain="path" rights="none" pattern="@*"/>
+  <!-- These image types can expose risks on read and write -->
+  <policy domain="module" rights="none" pattern="{EPHEMERAL,URL,HTTPS,MVG,MSL,TEXT,SHOW,WIN,PLT}"/>
   <!-- These image types are security risks on read, but write is fine -->
-  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
+  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,URL,XPS,PDF,EPI,EPS,PCL,PS1,PS2,PS3}"/>
   <!-- This policy sets the number of times to replace content of certain
        memory buffers and temporary files before they are freed or deleted. -->
   <policy domain="system" name="shred" value="1"/>
openSUSE Build Service is sponsored by
Places