File: 0023-disable-ghostscript-formats.patch

package info (click to toggle)
imagemagick 8%3A6.9.11.60%2Bdfsg-1.6%2Bdeb12u3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 76,816 kB
  • sloc: ansic: 349,503; cpp: 21,804; xml: 11,029; perl: 6,417; sh: 5,877; makefile: 3,042; tcl: 459
file content (24 lines) | stat: -rw-r--r-- 901 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
Author: Steve Beattie <steve.beattie@canonical.com>
Subject: disable ghostscript handled formats based on -SAFER insecurity

Based on Tavis Ormandy's Recommendations
updated: 2019-11-11

---
 config/policy.xml |    5 +++++
 1 file changed, 5 insertions(+)

--- a/config/policy.xml
+++ b/config/policy.xml
@@ -86,4 +86,11 @@
   <policy domain="delegate" rights="none" pattern="HTTP" />
   <!-- in order to avoid to get image with password text -->
   <policy domain="path" rights="none" pattern="@*"/>
+  <!-- disable ghostscript format types -->
+  <policy domain="coder" rights="none" pattern="PS" />
+  <policy domain="coder" rights="none" pattern="PS2" />
+  <policy domain="coder" rights="none" pattern="PS3" />
+  <policy domain="coder" rights="none" pattern="EPS" />
+  <policy domain="coder" rights="none" pattern="PDF" />
+  <policy domain="coder" rights="none" pattern="XPS" />
 </policymap>