Overview

File ImageMagick-configuration-SUSE.patch of Package ImageMagick

diff -ur ImageMagick-7.1.2-8_fix/config/policy-secure.xml ImageMagick-7.1.2-8_fix2/config/policy-secure.xml
--- ImageMagick-7.1.2-8/config/policy-secure.xml	2025-11-06 15:30:11.995056081 +0100
+++ ImageMagick-7.1.2-8_fix/config/policy-secure.xml	2025-11-06 15:46:05.605527563 +0100
@@ -62,7 +62,7 @@
   <policy domain="resource" name="disk" value="1GiB"/>
   <!-- Set the maximum length of an image sequence.  When this limit is
        exceeded, an exception is thrown. -->
-  <policy domain="resource" name="list-length" value="32"/>
+  <policy domain="resource" name="list-length" value="128"/>
   <!-- Set the maximum width of an image.  When this limit is exceeded, an
        exception is thrown. -->
   <policy domain="resource" name="width" value="8KP"/>
@@ -85,11 +85,11 @@
   <!-- Replace passphrase for secure distributed processing -->
   <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> -->
   <!-- Do not permit any delegates to execute. -->
-  <policy domain="delegate" rights="none" pattern="*"/>
+  <!--policy domain="delegate" rights="none" pattern="*"/ -->
   <!-- Do not permit any image filters to load. -->
   <policy domain="filter" rights="none" pattern="*"/>
   <!-- Don't read/write from/to stdin/stdout. -->
-  <policy domain="path" rights="none" pattern="-"/>
+  <!--policy domain="path" rights="none" pattern="-"/ -->
   <!-- don't read sensitive paths. -->
   <policy domain="path" rights="none" pattern="/etc/*"/>
   <!-- but allow to read own data. -->
@@ -107,4 +107,20 @@
   <!-- Set the maximum amount of memory in bytes that are permitted for
        allocation requests. -->
   <policy domain="system" name="max-memory-request" value="256MiB"/>
+  <!-- Disable insecure coders by default -->
+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
+  <policy domain="coder" rights="none" pattern="HTTPS" />
+  <policy domain="coder" rights="none" pattern="MVG" />
+  <policy domain="coder" rights="none" pattern="MSL" />
+  <policy domain="coder" rights="none" pattern="TEXT" />
+  <policy domain="coder" rights="none" pattern="SHOW" />
+  <policy domain="coder" rights="none" pattern="WIN" />
+  <policy domain="coder" rights="none" pattern="PLT" />
+  <policy domain="coder" rights="write" pattern="PS" />
+  <policy domain="coder" rights="write" pattern="PS2" />
+  <policy domain="coder" rights="write" pattern="PS3" />
+  <policy domain="coder" rights="write" pattern="PDF" />
+  <policy domain="coder" rights="write" pattern="XPS" />
+  <policy domain="coder" rights="write" pattern="PCL" />
 </policymap>
openSUSE Build Service is sponsored by
Places