MNT-16256: Merged 5.1.N (5.1.2) to 5.1.1 (5.1.1)

126144 jphuynh: MNT-16255: Merged 5.0.N (5.0.4) to 5.1.N (5.1.2) 126142 jphuynh: MNT-16254: Merged V4.2-BUG-FIX (4.2.7) to 5.0.N (5.0.4) 126140 jphuynh: MNT-16253: Disable the vulnerable ImageMagick coders in policy.xml. - This commit will be merged to all HF branches so that it will be included in all future HFs. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/PATCHES/5.1.1/root@126181 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-14 17:58:59 +00:00 · 2016-05-05 15:43:19 +00:00
parent e666572a1c
commit cb460acb55
1 changed files with 29 additions and 1 deletions
--- a/src/main/resources/bitrock/imagemagick.xml
+++ b/src/main/resources/bitrock/imagemagick.xml
@@ -283,6 +283,34 @@ export GS_LIB
            </actionList>
        </folder>
    </folderList>
-    <postInstallationActionList/>
+    <postInstallationActionList>
+        <!-- ImageMagick: Remote execution vulnerability (CVE-2016–3714) -->
+        <if>
+            <conditionRuleList>
+                <platformTest type="unix"/>
+            </conditionRuleList>
+            <actionList>
+                <setInstallerVariable name="imagemagick_policy_path" value="${imagemagick_root_directory}/lib/ImageMagick-${imagemagick_version}/config/policy.xml"/>
+            </actionList>
+            <elseActionList>
+                <setInstallerVariable name="imagemagick_policy_path" value="${imagemagick_root_directory}/policy.xml"/>
+            </elseActionList>
+        </if>
+        <substitute>
+            <files>${imagemagick_policy_path}</files>
+            <substitutionList>
+                <substitution>
+                    <pattern><![CDATA[<policymap>]]></pattern>
+                    <value><![CDATA[<policymap>
+    <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+    <policy domain="coder" rights="none" pattern="URL" />
+    <policy domain="coder" rights="none" pattern="HTTPS" />
+    <policy domain="coder" rights="none" pattern="MVG" />
+    <policy domain="coder" rights="none" pattern="MSL" />
+    ]]></value>
+                </substitution>
+            </substitutionList>
+        </substitute>
+    </postInstallationActionList>
 </component>