Overview

File ImageMagick-configuration-SUSE.patch of Package ImageMagick

--- ImageMagick-7.1.1-30/config/policy.xml
+++ ImageMagick-7.1.1-30/config/policy.xml
@@ -62,7 +62,7 @@
   <policy domain="resource" name="disk" value="1GiB"/>
   <!-- Set the maximum length of an image sequence.  When this limit is
        exceeded, an exception is thrown. -->
-  <policy domain="resource" name="list-length" value="32"/>
+  <policy domain="resource" name="list-length" value="128"/>
   <!-- Set the maximum width of an image.  When this limit is exceeded, an
        exception is thrown. -->
   <policy domain="resource" name="width" value="8KP"/>
@@ -83,11 +83,11 @@
   <!-- Replace passphrase for secure distributed processing -->
   <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> -->
   <!-- Do not permit any delegates to execute. -->
-  <policy domain="delegate" rights="none" pattern="*"/>
+  <!--policy domain="delegate" rights="none" pattern="*"/ -->
   <!-- Do not permit any image filters to load. -->
   <policy domain="filter" rights="none" pattern="*"/>
   <!-- Don't read/write from/to stdin/stdout. -->
-  <policy domain="path" rights="none" pattern="-"/>
+  <!--policy domain="path" rights="none" pattern="-"/ -->
   <!-- don't read sensitive paths. -->
   <policy domain="path" rights="none" pattern="/etc/*"/>
   <!-- Indirect reads are not permitted. -->
@@ -103,4 +103,20 @@
   <!-- Set the maximum amount of memory in bytes that are permitted for
        allocation requests. -->
   <policy domain="system" name="max-memory-request" value="256MiB"/>
+  <!-- Disable insecure coders by default -->
+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
+  <policy domain="coder" rights="none" pattern="HTTPS" />
+  <policy domain="coder" rights="none" pattern="MVG" />
+  <policy domain="coder" rights="none" pattern="MSL" />
+  <policy domain="coder" rights="none" pattern="TEXT" />
+  <policy domain="coder" rights="none" pattern="SHOW" />
+  <policy domain="coder" rights="none" pattern="WIN" />
+  <policy domain="coder" rights="none" pattern="PLT" />
+  <policy domain="coder" rights="write" pattern="PS" />
+  <policy domain="coder" rights="write" pattern="PS2" />
+  <policy domain="coder" rights="write" pattern="PS3" />
+  <policy domain="coder" rights="write" pattern="PDF" />
+  <policy domain="coder" rights="write" pattern="XPS" />
+  <policy domain="coder" rights="write" pattern="PCL" />
 </policymap>
openSUSE Build Service is sponsored by
Places