ImageMagick: Also block PS2 and PS3 coders in policy.xml
At least when reading PS2 and PS3 files via `convert PS2:<input> <output>' and `convert PS3:<input> <output>' gslib/ghostscript will be invoked and hence subject to VU#332928. Pointed out by Bob Friesenhahn via oss-security@ ML (and follow up from VU#332928 update).
This commit is contained in:
parent
8bec775ea4
commit
4fe88bb391
3 changed files with 8 additions and 6 deletions
|
@ -1,6 +1,6 @@
|
|||
# $NetBSD: Makefile,v 1.246 2018/08/22 13:39:24 leot Exp $
|
||||
# $NetBSD: Makefile,v 1.247 2018/08/23 14:52:22 leot Exp $
|
||||
|
||||
PKGREVISION= 2
|
||||
PKGREVISION= 3
|
||||
.include "Makefile.common"
|
||||
|
||||
PKGNAME= ImageMagick-${DISTVERSION}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$NetBSD: distinfo,v 1.191 2018/08/22 13:39:24 leot Exp $
|
||||
$NetBSD: distinfo,v 1.192 2018/08/23 14:52:22 leot Exp $
|
||||
|
||||
SHA1 (ImageMagick-7.0.8-10.tar.xz) = c69fb5b1ec2d04711a98df8762926a37e3f13bc5
|
||||
RMD160 (ImageMagick-7.0.8-10.tar.xz) = 9e5339d7e4f2dbc42090cd8394bca5b97dc485ba
|
||||
SHA512 (ImageMagick-7.0.8-10.tar.xz) = a4869e0a9be5e04c04fcd1fce5c4141d63968ee7f1dd78d84724921f2f088bdcea8c3b3799e1ff555a2a04dec32a1fb7c4a1e6053a6185e9a36c6ae0f1b9c6ed
|
||||
Size (ImageMagick-7.0.8-10.tar.xz) = 8635496 bytes
|
||||
SHA1 (patch-config_policy.xml) = 2b7e37cc8fedb0d06502ba1d7e65a5aea9d6ec96
|
||||
SHA1 (patch-config_policy.xml) = 2c446a00fc00f85ab33eae0691d4d8989a46289f
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
$NetBSD: patch-config_policy.xml,v 1.1 2018/08/22 13:39:24 leot Exp $
|
||||
$NetBSD: patch-config_policy.xml,v 1.2 2018/08/23 14:52:22 leot Exp $
|
||||
|
||||
Disable ghostscript coders by default to workaround VU#332928:
|
||||
<https://www.kb.cert.org/vuls/id/332928>
|
||||
|
||||
--- config/policy.xml.orig 2018-08-13 11:05:28.000000000 +0000
|
||||
+++ config/policy.xml
|
||||
@@ -74,4 +74,14 @@
|
||||
@@ -74,4 +74,16 @@
|
||||
<!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
|
||||
<!-- <policy domain="cache" name="synchronize" value="True"/> -->
|
||||
<!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
|
||||
|
@ -15,6 +15,8 @@ Disable ghostscript coders by default to workaround VU#332928:
|
|||
+ -- <https://www.kb.cert.org/vuls/id/332928>
|
||||
+ -->
|
||||
+ <policy domain="coder" rights="none" pattern="PS" />
|
||||
+ <policy domain="coder" rights="none" pattern="PS2" />
|
||||
+ <policy domain="coder" rights="none" pattern="PS3" />
|
||||
+ <policy domain="coder" rights="none" pattern="EPS" />
|
||||
+ <policy domain="coder" rights="none" pattern="PDF" />
|
||||
+ <policy domain="coder" rights="none" pattern="XPS" />
|
||||
|
|
Loading…
Reference in a new issue