Overview

File ImageMagick_policy_etc.patch of Package ImageMagick.20260320061246

diff -ur ImageMagick-7.1.2-15.orig/config/policy-limited.xml ImageMagick-7.1.2-15/config/policy-limited.xml
--- ImageMagick-7.1.2-15.orig/config/policy-limited.xml	2026-02-22 22:26:44.000000000 +0100
+++ ImageMagick-7.1.2-15/config/policy-limited.xml	2026-02-23 22:27:10.002838088 +0100
@@ -82,6 +82,8 @@
   <!-- <policy domain="path" rights="none" pattern="-"/> -->
   <!-- don't read sensitive paths. -->
   <policy domain="path" rights="none" pattern="/etc/*"/>
+  <!-- but allow to read own data. -->
+  <policy domain="path" rights="read" pattern="/etc/IM*"/>
   <!-- Indirect reads are not permitted. -->
   <policy domain="path" rights="none" pattern="@*"/>
   <!-- These image types are security risks on read, but write is fine -->
diff -ur ImageMagick-7.1.2-15.orig/config/policy-open.xml ImageMagick-7.1.2-15/config/policy-open.xml
--- ImageMagick-7.1.2-15.orig/config/policy-open.xml	2026-02-22 22:26:44.000000000 +0100
+++ ImageMagick-7.1.2-15/config/policy-open.xml	2026-02-23 22:28:58.555653280 +0100
@@ -137,6 +137,8 @@
   <!-- <policy domain="path" rights="none" pattern="-"/> -->
   <!-- don't read sensitive paths. -->
   <!-- <policy domain="path" rights="none" pattern="/etc/*"/> -->
+  <!-- but allow to read own data. -->
+  <!-- <policy domain="path" rights="read" pattern="/etc/IM*"/> -->
   <!-- Indirect reads are not permitted. -->
   <!-- <policy domain="path" rights="none" pattern="@*"/> -->
   <!-- These image types are security risks on read, but write is fine -->
diff -ur ImageMagick-7.1.2-15.orig/config/policy-secure.xml ImageMagick-7.1.2-15/config/policy-secure.xml
--- ImageMagick-7.1.2-15.orig/config/policy-secure.xml	2026-02-22 22:26:44.000000000 +0100
+++ ImageMagick-7.1.2-15/config/policy-secure.xml	2026-02-23 22:24:51.662615465 +0100
@@ -93,6 +93,8 @@
   <policy domain="path" rights="none" pattern="fd:*"/>
   <!-- Sensitive paths are not permitted. -->
   <policy domain="path" rights="none" pattern="/etc/*"/>
+  <!-- but allow to read own data. -->
+  <policy domain="path" rights="read" pattern="/etc/IM*"/>
   <!-- Relative paths are not permitted. -->
   <policy domain="path" rights="none" pattern="*../*"/>
   <!-- Indirect reading is not permitted. -->
diff -ur ImageMagick-7.1.2-15.orig/config/policy-websafe.xml ImageMagick-7.1.2-15/config/policy-websafe.xml
--- ImageMagick-7.1.2-15.orig/config/policy-websafe.xml	2026-02-22 22:26:44.000000000 +0100
+++ ImageMagick-7.1.2-15/config/policy-websafe.xml	2026-02-23 22:25:26.342788070 +0100
@@ -89,6 +89,8 @@
   <policy domain="path" rights="none" pattern="fd:*"/>
   <!-- Sensitive paths are not permitted. -->
   <policy domain="path" rights="none" pattern="/etc/*"/>
+  <!-- but allow to read own data. -->
+  <policy domain="path" rights="read" pattern="/etc/IM*"/>
   <!-- Relative paths are not permitted. -->
   <policy domain="path" rights="none" pattern="*../*"/>
   <!-- Indirect reading is not permitted. -->
openSUSE Build Service is sponsored by
Places