wok diff imagemagick/receipt @ rev 19706
audit: disable some preinstalled packages
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Tue Feb 14 22:13:07 2017 +0100 (2017-02-14) |
| parents | 6f05c710673c |
| children | 93d872f4b7a7 |
line diff
1.1 --- a/imagemagick/receipt Mon Dec 08 14:44:54 2014 +0100 1.2 +++ b/imagemagick/receipt Tue Feb 14 22:13:07 2017 +0100 1.3 @@ -48,5 +48,18 @@ 1.4 cp -a $install/usr/lib/*.so* $fs/usr/lib 1.5 cp -a $install/usr/lib/$SOURCE-$SHORT_VERSION $fs/usr/lib 1.6 cp -a $install/usr/share/$SOURCE-* $fs/usr/share 1.7 + 1.8 + # CVE-2016-3714 work around v5 1.9 + sed -i '/<policymap>/r/dev/stdin' $fs/etc/ImageMagick-6/policy.xml <<EOT 1.10 + <policy domain="coder" rights="none" pattern="EPHEMERAL" /> 1.11 + <policy domain="coder" rights="none" pattern="URL" /> 1.12 + <policy domain="coder" rights="none" pattern="HTTPS" /> 1.13 + <policy domain="coder" rights="none" pattern="MVG" /> 1.14 + <policy domain="coder" rights="none" pattern="MSL" /> 1.15 + <policy domain="coder" rights="none" pattern="TEXT" /> 1.16 + <policy domain="coder" rights="none" pattern="SHOW" /> 1.17 + <policy domain="coder" rights="none" pattern="WIN" /> 1.18 + <policy domain="coder" rights="none" pattern="PLT" /> 1.19 +EOT 1.20 } 1.21