GNU bug report logs -
#33587
[PROPOSED] Default to disabling ImageMagick
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Sun, 2 Dec 2018 18:10:02 UTC
Severity: normal
Tags: security
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#33587: [PROPOSED] Default to disabling ImageMagick
which was filed against the emacs package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 33587 <at> debbugs.gnu.org.
--
33587: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=33587
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Paul Eggert wrote:
> At some point soon I plan to install the patch in Bug#33587#5
It wasn't soon, but I did install the patch just now. Closing the bug report.
[Message part 3 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> Penguin.CS.UCLA.EDU>
ImageMagick has continuing stability and security problems, suggesting
that 'configure' should disable it by default. See Glenn Morris's notes
at: https://lists.gnu.org/r/emacs-devel/2018-12/msg00036.html
* INSTALL, etc/NEWS: Mention this.
* configure.ac (imagemagick): Default to off.
---
INSTALL | 4 +++-
configure.ac | 2 +-
etc/NEWS | 4 ++++
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/INSTALL b/INSTALL
index 0c56fff6d4..9696904dce 100644
--- a/INSTALL
+++ b/INSTALL
@@ -294,7 +294,9 @@ or more of these options:
--without-gif for GIF image support
--without-png for PNG image support
--without-rsvg for SVG image support
- --without-imagemagick for Imagemagick support
+
+Although ImageMagick support is disabled by default due to security
+and stability concerns, you can enable it with --with-imagemagick.
Use --without-toolkit-scroll-bars to disable Motif or Xaw3d scroll bars.
diff --git a/configure.ac b/configure.ac
index 8b34c3b658..b70393925a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -354,7 +354,7 @@ AC_DEFUN
OPTION_DEFAULT_ON([libsystemd],[don't compile with libsystemd support])
OPTION_DEFAULT_OFF([cairo],[compile with Cairo drawing (experimental)])
OPTION_DEFAULT_ON([xml2],[don't compile with XML parsing support])
-OPTION_DEFAULT_ON([imagemagick],[don't compile with ImageMagick image support])
+OPTION_DEFAULT_OFF([imagemagick],[compile with ImageMagick image support])
OPTION_DEFAULT_ON([json], [don't compile with native JSON support])
OPTION_DEFAULT_ON([xft],[don't use XFT for anti aliased fonts])
diff --git a/etc/NEWS b/etc/NEWS
index 6297d07879..07c6f74c44 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -37,6 +37,10 @@ functions 'json-serialize', 'json-insert', 'json-parse-string', and
'json-parse-buffer' are typically much faster than their Lisp
counterparts from json.el.
+** Emacs no longer defaults to using ImageMagick to display images,
+due to security and stability concerns. To override the default, use
+'configure --with-imagemagick'.
+
** The etags program now uses the C library's regular expression matcher
when possible, and a compatible regex substitute otherwise. This will
let developers maintain Emacs's own regex code without having to also
--
2.19.2
This bug report was last modified 6 years and 68 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.