pool/ImageMagick
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 393905 from home:vitezslav_cizek:branches:graphics

Browse Source 
- Disable insecure coders [bnc#978061]
  * ImageMagick-6.8.8-1-disable-insecure-coders.patch
  * CVE-2016-3714
  * CVE-2016-3715
  * CVE-2016-3716
  * CVE-2016-3717
  * CVE-2016-3718

OBS-URL: https://build.opensuse.org/request/show/393905
OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=251
This commit is contained in:
Petr Gajdos 2016-05-05 14:05:14 +00:00 committed by Git OBS Bridge
parent 08c5ab348f
commit 27ecdde9e5
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
ImageMagick-6.8.8-1-disable-insecure-coders.patch Normal file
View File

@ -0,0 +1,20 @@
Index: ImageMagick-6.8.8-1/config/policy.xml
Disable insecure loaders by default bsc#978061
sflees@suse.de
===================================================================
--- ImageMagick-6.8.8-1.orig/config/policy.xml
+++ ImageMagick-6.8.8-1/config/policy.xml
@@ -56,4 +56,11 @@
<!-- <policy domain="resource" name="time" value="3600"/> -->
<!-- <policy domain="system" name="precision" value="6"/> -->
<policy domain="cache" name="shared-secret" value="passphrase"/>
+ <!-- Disable insecure coders by default -->
+ <!-- https://bugzilla.suse.com/show_bug.cgi?id=978061 -->
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="URL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
</policymap>

11
ImageMagick.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Thu May 5 13:31:42 UTC 2016 - vcizek@suse.com
- Disable insecure coders [bnc#978061]
* ImageMagick-6.8.8-1-disable-insecure-coders.patch
* CVE-2016-3714
* CVE-2016-3715
* CVE-2016-3716
* CVE-2016-3717
* CVE-2016-3718
------------------------------------------------------------------- -------------------------------------------------------------------
Thu May 5 09:02:32 UTC 2016 - pgajdos@suse.com Thu May 5 09:02:32 UTC 2016 - pgajdos@suse.com

2
ImageMagick.spec
View File

@ -92,6 +92,7 @@ Patch4: ImageMagick-6.8.5.7-no-XPMCompliance.patch
# bugs # bugs
# will ask upstream if needed, or if other solution exists # will ask upstream if needed, or if other solution exists
Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch Patch11: ImageMagick-6.8.4.0-dont-build-in-install.patch
Patch20: ImageMagick-6.8.8-1-disable-insecure-coders.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package -n perl-PerlMagick %package -n perl-PerlMagick
@ -251,6 +252,7 @@ HTML documentation for ImageMagick library and scene examples.
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch11 -p1 %patch11 -p1
%patch20 -p1
# remove executeable bits from per demos # remove executeable bits from per demos
chmod -x PerlMagick/demo/*.pl chmod -x PerlMagick/demo/*.pl