ImageMagick/ImageMagick-6.8.8-1-disable-insecure-coders.patch

--- config/policy.xml.orig	2016-07-29 11:23:54.608603779 +0200
+++ config/policy.xml	2016-07-29 11:27:20.327153334 +0200
@@ -65,4 +65,15 @@
   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
 	<!-- <policy domain="path" rights="none" pattern="@*"/>  -->
   <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+  <!-- Disable insecure coders by default -->
+  <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="URL" />
+  <policy domain="coder" rights="none" pattern="HTTPS" />
+  <policy domain="coder" rights="none" pattern="MVG" />
+  <policy domain="coder" rights="none" pattern="MSL" />
+  <policy domain="coder" rights="none" pattern="TEXT" />
+  <policy domain="coder" rights="none" pattern="SHOW" />
+  <policy domain="coder" rights="none" pattern="WIN" />
+  <policy domain="coder" rights="none" pattern="PLT" />
 </policymap>
Accepting request 415795 from home:marc_schuetz:branches:graphics Update to 6.9.5-3 This release fixes a bug in the previous version which makes it impossible to use the Rails Paperclip gem: https://github.com/ImageMagick/ImageMagick/issues/214 OBS-URL: https://build.opensuse.org/request/show/415795 OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=261 2016-08-01 09:38:51 +00:00			`--- config/policy.xml.orig 2016-07-29 11:23:54.608603779 +0200`
			`+++ config/policy.xml 2016-07-29 11:27:20.327153334 +0200`
			`@@ -65,4 +65,15 @@`
			`<!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->`
			`<!-- <policy domain="path" rights="none" pattern="@*"/> -->`
- updated to 6.9.4-5: * Most OpenCL operations are now executed asynchronous. * Security improvements to TEXT coder broke it (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29754). * Fix stroke offset problem for -annotate (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29626). * Add additional checks to DCM reader to prevent data-driven faults (bug report from Hanno Böck). * Fixed proper placement of text annotation for east / west gravity. 2016-05-15 6.9.4-3 Cristy <quetzlzacatenango@image...> * Fix pixel cache on disk regression (reference https://github.com/ImageMagick/ImageMagick/issues/202). * Quote passwords when passed to a delegate program. * Can read geo-related EXIF metdata once-again (reference https://github.com/ImageMagick/ImageMagick/issues/198). * Sanitize all delegate emedded formatting characters. * Don't sync pixel cache in AcquireAuthenticCacheView() (bug report from Hanno Böck). + ImageMagick-CVE-2016-5118.patch OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=257 2016-05-31 08:38:38 +00:00			`<policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>`
Accepting request 393905 from home:vitezslav_cizek:branches:graphics - Disable insecure coders [bnc#978061] * ImageMagick-6.8.8-1-disable-insecure-coders.patch * CVE-2016-3714 * CVE-2016-3715 * CVE-2016-3716 * CVE-2016-3717 * CVE-2016-3718 OBS-URL: https://build.opensuse.org/request/show/393905 OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=251 2016-05-05 14:05:14 +00:00			`+ <!-- Disable insecure coders by default -->`
			`+ <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->`
			`+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />`
			`+ <policy domain="coder" rights="none" pattern="URL" />`
			`+ <policy domain="coder" rights="none" pattern="HTTPS" />`
			`+ <policy domain="coder" rights="none" pattern="MVG" />`
			`+ <policy domain="coder" rights="none" pattern="MSL" />`
Accepting request 394840 from home:computersalat:devel:graphics rework ImageMagick-6.8.8-1-disable-insecure-coders.patch, rebase patches OBS-URL: https://build.opensuse.org/request/show/394840 OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=253 2016-05-13 19:31:18 +00:00			`+ <policy domain="coder" rights="none" pattern="TEXT" />`
			`+ <policy domain="coder" rights="none" pattern="SHOW" />`
			`+ <policy domain="coder" rights="none" pattern="WIN" />`
			`+ <policy domain="coder" rights="none" pattern="PLT" />`
Accepting request 393905 from home:vitezslav_cizek:branches:graphics - Disable insecure coders [bnc#978061] * ImageMagick-6.8.8-1-disable-insecure-coders.patch * CVE-2016-3714 * CVE-2016-3715 * CVE-2016-3716 * CVE-2016-3717 * CVE-2016-3718 OBS-URL: https://build.opensuse.org/request/show/393905 OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=251 2016-05-05 14:05:14 +00:00			`</policymap>`