mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-18 07:46:09 +01:00
imagemagick: Disable insecure coders (ImageTragick)
See: * https://imagetragick.com/ * https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
This commit is contained in:
Franz Pletz
parent
05eae0242d
commit
69c14985d0
2 changed files with 17 additions and 0 deletions
|
|
@ -24,6 +24,8 @@ stdenv.mkDerivation rec {
|
|||
sha256 = "0q19jgn1iv7zqrw8ibxp4z57iihrc9kyb09k2wnspcacs6vrvinf";
|
||||
};
|
||||
|
||||
patches = [ ./imagetragick.patch ];
|
||||
|
||||
outputs = [ "out" "doc" ];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
|
|
|||
15
pkgs/applications/graphics/ImageMagick/imagetragick.patch
Normal file
15
pkgs/applications/graphics/ImageMagick/imagetragick.patch
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
diff --git a/config/policy.xml b/config/policy.xml
|
||||
index ca3b022..b058c05 100644
|
||||
--- a/config/policy.xml
|
||||
+++ b/config/policy.xml
|
||||
@@ -58,4 +58,10 @@
|
||||
<!-- <policy domain="resource" name="time" value="3600"/> -->
|
||||
<!-- <policy domain="system" name="precision" value="6"/> -->
|
||||
<policy domain="cache" name="shared-secret" value="passphrase"/>
|
||||
+
|
||||
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
|
||||
+ <policy domain="coder" rights="none" pattern="URL" />
|
||||
+ <policy domain="coder" rights="none" pattern="HTTPS" />
|
||||
+ <policy domain="coder" rights="none" pattern="MVG" />
|
||||
+ <policy domain="coder" rights="none" pattern="MSL" />
|
||||
</policymap>
|
||||
Loading…
Reference in a new issue