Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:bmwiedemann:reproducible:distribution:ring1
ImageMagick
ImageMagick-configuration-SUSE.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-configuration-SUSE.patch of Package ImageMagick
Index: ImageMagick-7.1.1-30/config/policy-secure.xml =================================================================== --- ImageMagick-7.1.1-30.orig/config/policy-secure.xml +++ ImageMagick-7.1.1-30/config/policy-secure.xml @@ -62,7 +62,7 @@ <policy domain="resource" name="disk" value="1GiB"/> <!-- Set the maximum length of an image sequence. When this limit is exceeded, an exception is thrown. --> - <policy domain="resource" name="list-length" value="32"/> + <policy domain="resource" name="list-length" value="128"/> <!-- Set the maximum width of an image. When this limit is exceeded, an exception is thrown. --> <policy domain="resource" name="width" value="8KP"/> @@ -83,17 +83,19 @@ <!-- Replace passphrase for secure distributed processing --> <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> --> <!-- Do not permit any delegates to execute. --> - <policy domain="delegate" rights="none" pattern="*"/> + <!--policy domain="delegate" rights="none" pattern="*"/--> <!-- Do not permit any image filters to load. --> <policy domain="filter" rights="none" pattern="*"/> <!-- Don't read/write from/to stdin/stdout. --> - <policy domain="path" rights="none" pattern="-"/> + <!--policy domain="path" rights="none" pattern="-"/--> <!-- don't read sensitive paths. --> <policy domain="path" rights="none" pattern="/etc/*"/> <!-- Indirect reads are not permitted. --> <policy domain="path" rights="none" pattern="@*"/> + <!-- These image types can expose risks on read and write --> + <policy domain="module" rights="none" pattern="{EPHEMERAL,URL,HTTPS,MVG,MSL,TEXT,SHOW,WIN,PLT}"/> <!-- These image types are security risks on read, but write is fine --> - <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/> + <policy domain="module" rights="write" pattern="{MSL,MVG,PS,URL,XPS,PDF,EPI,EPS,PCL,PS1,PS2,PS3}"/> <!-- This policy sets the number of times to replace content of certain memory buffers and temporary files before they are freed or deleted. --> <policy domain="system" name="shred" value="1"/>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor