From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-185680-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 79114138334
	for <garchives@archives.gentoo.org>; Sun,  9 Dec 2018 15:12:35 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 91D34E0965;
	Sun,  9 Dec 2018 15:12:26 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id D6C7DE095D
	for <gentoo-user@lists.gentoo.org>; Sun,  9 Dec 2018 15:12:25 +0000 (UTC)
Received: from thetick.localnet ([77.47.110.32]) by mail.gmx.com (mrgmx102
 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MFR2O-1gi3zD220y-00ENST for
 <gentoo-user@lists.gentoo.org>; Sun, 09 Dec 2018 16:12:11 +0100
From: Marc Joliet <marcec@gmx.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] ...I not allowed to make pdfs from images??????
Date: Sun, 09 Dec 2018 16:12:04 +0100
Message-ID: <4033499.4avh0Wvs14@thetick>
In-Reply-To: <20181209103516.GA1924@ca.inter.net>
References: <20181208132357.rwrvpds3vck4pwcq@solfire> <2226612.MtFqqg0rX7@thetick> <20181209103516.GA1924@ca.inter.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1961667.ZWAy33uJOd"; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Provags-ID: V03:K1:aB2FvTV3CJX30yLIcqbob39dudc//vbh+I0PKUzziWCD72vSkcO
 MrlYFD0rrLp5HSWRFmOm3krlar+MDIdN08bmI+xmVmmqMAlvuSxncx5o+fYCckS5TvXpFdq
 /NBcH2ZYY5puSapdfmlUinNCsTuvk6oq/IWHfkYyHMsGXwadz+ZayqIRE+TLo3+iAT3R59k
 uQxtnT2Zyi8D33K3XiT2Q==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:QSxjC7rq3Qk=:jfglo+LrcLNR750ZxRZXsG
 9sBmmbzHHxoJ/Al5HvH6hwAjAfeg9ZdzcqNa7E+1ACq1INm9k/vfBcfcLMqCETaSS3s/hLSxs
 tFutm1nugXZISA4vW9n61jiK2RsJDK/Jwguw/x+TdZRkbf0/zTYNkP4+1EkuNDfZaBOgx3+3A
 uzSvVxCWL/8mvgbG1rd7D0gors/+bBKleL5QEXzLTykI01QTLRjvKzkChfBqiHhGOWRxUvENe
 kELZQTBaj7ptoQfgg7MfccTlIda2+4JyayLwS8CSCo4rVqISExgPjMB4itved9ePy13rAV7WB
 vFd2AhW5n2DymYbVhn1A8HALA80nS/H5NQ59i+xEQ0QB+2nsM/WIoerXmBAesmkIjiXDMFKxN
 GCgyYjAI8VaPGxiWlb4jIJgczz+0qVeyrMXlikBl435DP5zp2snO9pgej93r52hgN1he5zLTe
 LcvfTdyFJVX3QnX3LPMLJmbZbRrCaA4x8HOGGrRioYOpHApJdOpaYal+jd4ShxOlYyX+gxEs2
 v6xjmLaN4kgezp0AlWT6Qmq8Yl6gN5WgDK1P9x8GYgjrqD51+C70DqQg62cWnnh+4/kZKxvDi
 pN40oR/dDuQosVvK09h0L5MuSqCEIDmZxXCol9oHtfN9iqcoJ38W4DgeJQVpYFtV0AD+cJl6w
 9ehUZdono+LaazFkJ7DXmN0SYqHb/PJxOZR0BioDe+9/Ohx33JmFHYVcUfGNPWKlByR4zxE1W
 NtqyzC3rbq6TCCDPRSAOAR6VuLHmAfnAQFE6YuYsNVszREdsgDAMv9a/6+IkR81SgDtiAzXL1
 67BvdG4BDWePkECQ1lKtR1r9HwGQazAItQEWrTsc0yq7XmqIz9CTp4KUVCUmCBGeLc8QheVn4
 nd/IfB74Yv/t++6rBp+YLVJVb01R9w+DIGBjXX4jI=
X-Archives-Salt: 20175f66-b1e2-4d7e-955b-027f77414610
X-Archives-Hash: eab0aac4a69ff8de57df56cd690c4f58

--nextPart1961667.ZWAy33uJOd
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"

Am Sonntag, 9. Dezember 2018, 11:35:16 CET schrieb Philip Webb:
> 181208 Marc Joliet wrote:
> > This is mentioned in the emerge output when installing imagemagick.
> > 
> > From the 7.0.8.14 ebuild :
> >   elog "For security reasons, a policy.xml file was installed in
> >   /etc/ImageMagick-7"
> >   elog "which will prevent the usage of the following coders by default:"
> >   elog ""
> >   elog "  - PS"
> >   elog "  - PS2"
> >   elog "  - PS3"
> >   elog "  - EPS"
> >   elog "  - PDF"
> >   elog "  - XPS"
> 
> What exactly are the "security reasons" ?
> Do they apply to a single-user system ? -- if not,
> why is the restrictive version of the policy file installed by default
> rather than a warning at the end of the emerge output ?

Good question.  Checking the git log, the change was mode over two commits:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?
id=02765dfc333e578af9e3fd525fc0067dc47d6528
https://gitweb.gentoo.org/repo/gentoo.git/commit/?
id=df7afbda6b12a68578833225e694cee011b20342

The commit messages point to https://www.kb.cert.org/vuls/id/332928/ and 
https://bugs.gentoo.org/664236, which basically explain in more detail what 
Mick already summarized yesterday.

-- 
Marc Joliet
--
"People who think they know everything really annoy those of us who know we
don't" - Bjarne Stroustrup

--nextPart1961667.ZWAy33uJOd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEax7Ya5gDQFOJHKGQv9DmhiyIePQFAlwNMMQACgkQv9DmhiyI
ePQydg/9F0RiRPCvi7BxDUCMypz8eFbeTp2y/ruytgP+UkUnkYLHUlB9SQL39aMI
Gu8o3iEVkOgNvAixZBkhIgFnVKGp+UgUOF7NyrCiPcFE6aZ08r20H1Xs/3xZ4ldq
do8hWfHDuMoXdac9gHTkQT3z+ikC4ipfoif388XoNkjzgI1RL2GcQNOM8AxFr+G2
tkNZaQFzRJ3zXHtG4mQ5xr6njgjXzxx8f8EujWaIWNVQw9rA1JtR/2o5SV9Hfq9C
tSwXW6eeWTZLOg+quS0QURF2lgYo6ZWosNRxCtoQmiNhjD3v1a++u9LZkSt3l5s+
MM1mx1JETByIif3rplAVqVKCGUEGMj9zd0Q+Xm4iWfrU/vs5UuxWJzYJZSV+8lWw
ygS83EzQGKHpYs933xpSNcQccA8B6bhxcWrPi9au/AyopQCAYAPPV877F1ZxQh47
NgJR7X2+9BQWqrDxU6KubV8nxqPc/Lu5aR1xBSAYFMMy2i2EAtZsCDx07JQdnEl1
Gk2o0KAclElz4m4EImt4HeyiOSuO2snOFPYwcdqpy6sdkSZ0oJHOmAoObiv8nBbs
slAoVo00MQQAAsV+Y2DBchTmCkxSh9YVizS5Nxr0Eu3W4Qmo8Yfuq3Gsv/9QMSjG
SLrd6QYzv+c1cYiWSoKA3LL6ygnOX2yqkDsT8W79jc8+A2yA27w=
=R7KS
-----END PGP SIGNATURE-----

--nextPart1961667.ZWAy33uJOd--