slackware-current/source/xap/imagemagick/policy.xml.diff

--- ./config/policy.xml.orig	2016-06-10 07:19:41.000000000 -0500
+++ ./config/policy.xml	2016-06-17 17:30:47.311584022 -0500
@@ -49,6 +49,21 @@
   exceeds policy maximum so memory limit is 1GB).
 -->
 <policymap>
+  <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+  <!-- SECURITY:  disable potentially insecure coders: -->
+  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+  <policy domain="coder" rights="none" pattern="HTTPS" />
+  <policy domain="coder" rights="none" pattern="MVG" />
+  <policy domain="coder" rights="none" pattern="MSL" />
+  <policy domain="coder" rights="none" pattern="TEXT" />
+  <policy domain="coder" rights="none" pattern="SHOW" />
+  <policy domain="coder" rights="none" pattern="WIN" />
+  <policy domain="coder" rights="none" pattern="PLT" />
+  <!-- SECURITY:  prevent indirect reads: -->
+  <policy domain="path" rights="none" pattern="@*" />
+  <!-- SECURITY:  prevent pipe to shell: -->
+  <policy domain="path" rights="none" pattern="|*" />
+  <!-- Some examples: -->
   <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
   <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
   <!-- <policy domain="resource" name="map" value="4GiB"/> -->
@@ -61,8 +76,4 @@
   <!-- <policy domain="resource" name="throttle" value="0"/> -->
   <!-- <policy domain="resource" name="time" value="3600"/> -->
   <!-- <policy domain="system" name="precision" value="6"/> -->
-  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
-  <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
-	<!-- <policy domain="path" rights="none" pattern="@*"/>  -->
-  <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
 </policymap>
Slackware 14.2 Thu Jun 30 20:26:57 UTC 2016 Slackware 14.2 x86_64 stable is released! The long development cycle (the Linux community has lately been living in "interesting times", as they say) is finally behind us, and we're proud to announce the release of Slackware 14.2. The new release brings many updates and modern tools, has switched from udev to eudev (no systemd), and adds well over a hundred new packages to the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-) 2016-06-30 22:26:57 +02:00			`--- ./config/policy.xml.orig 2016-06-10 07:19:41.000000000 -0500`
			`+++ ./config/policy.xml 2016-06-17 17:30:47.311584022 -0500`
			`@@ -49,6 +49,21 @@`
			`exceeds policy maximum so memory limit is 1GB).`
			`-->`
			`<policymap>`
			`+ <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>`
			`+ <!-- SECURITY: disable potentially insecure coders: -->`
			`+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />`
			`+ <policy domain="coder" rights="none" pattern="HTTPS" />`
			`+ <policy domain="coder" rights="none" pattern="MVG" />`
			`+ <policy domain="coder" rights="none" pattern="MSL" />`
			`+ <policy domain="coder" rights="none" pattern="TEXT" />`
			`+ <policy domain="coder" rights="none" pattern="SHOW" />`
			`+ <policy domain="coder" rights="none" pattern="WIN" />`
			`+ <policy domain="coder" rights="none" pattern="PLT" />`
			`+ <!-- SECURITY: prevent indirect reads: -->`
			`+ <policy domain="path" rights="none" pattern="@*" />`
			`+ <!-- SECURITY: prevent pipe to shell: -->`
			`+ <policy domain="path" rights="none" pattern="\|*" />`
			`+ <!-- Some examples: -->`
			`<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->`
			`<!-- <policy domain="resource" name="memory" value="2GiB"/> -->`
			`<!-- <policy domain="resource" name="map" value="4GiB"/> -->`
			`@@ -61,8 +76,4 @@`
			`<!-- <policy domain="resource" name="throttle" value="0"/> -->`
			`<!-- <policy domain="resource" name="time" value="3600"/> -->`
			`<!-- <policy domain="system" name="precision" value="6"/> -->`
			`- <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->`
			`- <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->`
			`- <!-- <policy domain="path" rights="none" pattern="@*"/> -->`
			`- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>`
			`</policymap>`