graphics/ImageMagick6/patches/patch-config_policy.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

$NetBSD: patch-config_policy.xml,v 1.2 2018/08/23 14:54:21 leot Exp $

Disable ghostscript coders by default to workaround VU#332928:
<https://www.kb.cert.org/vuls/id/332928>

--- config/policy.xml.orig	2018-08-13 11:05:28.000000000 +0000
+++ config/policy.xml
@@ -74,4 +74,16 @@
   <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
   <!-- <policy domain="cache" name="synchronize" value="True"/> -->
   <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
+
+  <!-- 
+    -- Disable ghostscript coders as suggested by VU#332928
+    --  <https://www.kb.cert.org/vuls/id/332928>
+    -->
+  <policy domain="coder" rights="none" pattern="PS" />
+  <policy domain="coder" rights="none" pattern="PS2" />
+  <policy domain="coder" rights="none" pattern="PS3" />
+  <policy domain="coder" rights="none" pattern="EPS" />
+  <policy domain="coder" rights="none" pattern="PDF" />
+  <policy domain="coder" rights="none" pattern="XPS" />
+
 </policymap>