mirror of
https://github.com/penpot/penpot.git
synced 2026-06-20 14:22:08 +00:00
9e52bb40d0
* ✨ Add font processing resource limits via prlimit Font processing tools (fontforge, sfnt2woff, woff2sfnt, woff2_decompress) were invoked via clojure.java.shell/sh with no timeouts or resource limits. This adds process-level resource limits using prlimit(1) and the shell/exec! infrastructure from the ImageMagick hardening work. shell/exec! changes: - Add :prlimit parameter that prepends prlimit(1) to the command - :prlimit takes {:mem <MiB> :cpu <seconds>} for address space and CPU time limits, enforced by the kernel's RLIMIT subsystem - prlimit-cmd builds the prlimit command prefix (private helper) Font processing changes: - Replace all clojure.java.shell/sh calls with shell/exec! via exec-font! - exec-font! applies font-prlimit (512 MiB, 30s CPU, 60s wall-clock) - All 5 conversion functions (ttf->otf, otf->ttf, ttf-or-otf->woff, woff->sfnt, woff2->sfnt) use try/finally for explicit temp file cleanup - Remove clojure.java.shell require from media.clj Tests: - Add exec-prlimit-normal, exec-prlimit-cpu, exec-prlimit-memory tests Closes #10234 Co-authored-by: mimo-v2.5-pro <mimo-v2.5-pro@penpot.app> * ✨ Make font processing resource limits configurable Replace hardcoded font-prlimit map and wall-clock timeout with config-driven values under the PENPOT_FONT_PROCESS_* namespace. The prlimit implementation detail is not exposed in config keys. Co-authored-by: deepseek-v4-flash <deepseek-v4-flash@penpot.app> --------- Co-authored-by: mimo-v2.5-pro <mimo-v2.5-pro@penpot.app> Co-authored-by: deepseek-v4-flash <deepseek-v4-flash@penpot.app>