ImageMagick/ImageMagick-configuration-SUSE.patch

Index: ImageMagick-7.1.1-29/config/policy-secure.xml
===================================================================
--- ImageMagick-7.1.1-29.orig/config/policy-secure.xml
+++ ImageMagick-7.1.1-29/config/policy-secure.xml
@@ -83,17 +83,19 @@
   <!-- Replace passphrase for secure distributed processing -->
   <!-- <policy domain="cache" name="shared-secret" value="secret-passphrase" stealth="true"/> -->
   <!-- Do not permit any delegates to execute. -->
-  <policy domain="delegate" rights="none" pattern="*"/>
+  <!--policy domain="delegate" rights="none" pattern="*"/-->
   <!-- Do not permit any image filters to load. -->
   <policy domain="filter" rights="none" pattern="*"/>
   <!-- Don't read/write from/to stdin/stdout. -->
-  <policy domain="path" rights="none" pattern="-"/>
+  <!--policy domain="path" rights="none" pattern="-"/-->
   <!-- don't read sensitive paths. -->
   <policy domain="path" rights="none" pattern="/etc/*"/>
   <!-- Indirect reads are not permitted. -->
   <policy domain="path" rights="none" pattern="@*"/>
+  <!-- These image types can expose risks on read and write -->
+  <policy domain="module" rights="none" pattern="{EPHEMERAL,URL,HTTPS,MVG,MSL,TEXT,SHOW,WIN,PLT}"/>
   <!-- These image types are security risks on read, but write is fine -->
-  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/>
+  <policy domain="module" rights="write" pattern="{MSL,MVG,PS,URL,XPS,PDF,EPI,EPS,PCL,PS1,PS2,PS3}"/>
   <!-- This policy sets the number of times to replace content of certain
        memory buffers and temporary files before they are freed or deleted. -->
   <policy domain="system" name="shred" value="1"/>