diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-05-04 01:20:08 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-05-04 01:22:02 +0200 |
commit | 69c14985d034cf1b9add0fdcbacc4d997a576d11 (patch) | |
tree | 836583e5a307cc145b75001af5aeb126740d9e24 /pkgs/applications/graphics/ImageMagick | |
parent | 05eae0242d7483ffe29c006ce6b3b8b238bce284 (diff) | |
download | nixlib-69c14985d034cf1b9add0fdcbacc4d997a576d11.tar nixlib-69c14985d034cf1b9add0fdcbacc4d997a576d11.tar.gz nixlib-69c14985d034cf1b9add0fdcbacc4d997a576d11.tar.bz2 nixlib-69c14985d034cf1b9add0fdcbacc4d997a576d11.tar.lz nixlib-69c14985d034cf1b9add0fdcbacc4d997a576d11.tar.xz nixlib-69c14985d034cf1b9add0fdcbacc4d997a576d11.tar.zst nixlib-69c14985d034cf1b9add0fdcbacc4d997a576d11.zip |
imagemagick: Disable insecure coders (ImageTragick)
See: * https://imagetragick.com/ * https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
Diffstat (limited to 'pkgs/applications/graphics/ImageMagick')
-rw-r--r-- | pkgs/applications/graphics/ImageMagick/default.nix | 2 | ||||
-rw-r--r-- | pkgs/applications/graphics/ImageMagick/imagetragick.patch | 15 |
2 files changed, 17 insertions, 0 deletions
diff --git a/pkgs/applications/graphics/ImageMagick/default.nix b/pkgs/applications/graphics/ImageMagick/default.nix index 6957002f6e81..b97eb5a6580a 100644 --- a/pkgs/applications/graphics/ImageMagick/default.nix +++ b/pkgs/applications/graphics/ImageMagick/default.nix @@ -24,6 +24,8 @@ stdenv.mkDerivation rec { sha256 = "0q19jgn1iv7zqrw8ibxp4z57iihrc9kyb09k2wnspcacs6vrvinf"; }; + patches = [ ./imagetragick.patch ]; + outputs = [ "out" "doc" ]; enableParallelBuilding = true; diff --git a/pkgs/applications/graphics/ImageMagick/imagetragick.patch b/pkgs/applications/graphics/ImageMagick/imagetragick.patch new file mode 100644 index 000000000000..bdb152dd23a8 --- /dev/null +++ b/pkgs/applications/graphics/ImageMagick/imagetragick.patch @@ -0,0 +1,15 @@ +diff --git a/config/policy.xml b/config/policy.xml +index ca3b022..b058c05 100644 +--- a/config/policy.xml ++++ b/config/policy.xml +@@ -58,4 +58,10 @@ + <!-- <policy domain="resource" name="time" value="3600"/> --> + <!-- <policy domain="system" name="precision" value="6"/> --> + <policy domain="cache" name="shared-secret" value="passphrase"/> ++ ++ <policy domain="coder" rights="none" pattern="EPHEMERAL" /> ++ <policy domain="coder" rights="none" pattern="URL" /> ++ <policy domain="coder" rights="none" pattern="HTTPS" /> ++ <policy domain="coder" rights="none" pattern="MVG" /> ++ <policy domain="coder" rights="none" pattern="MSL" /> + </policymap> |