Deny indirect reads by policy

diff --git a/MagickCore/property.c b/MagickCore/property.c
index 69be1c95076403439c72ab76efb9405d80af6cb8..082ae7ea39c95976081620a345c94eed80db6e08 100644 (file)
--- a/MagickCore/property.c
+++ b/MagickCore/property.c
@@ -3313,7 +3313,6 @@ RestoreMSCWarning
     p++;
   if (*p == '\0')
     return(ConstantString(""));
-#if defined(MAGICKCORE_INDIRECT_READS_SUPPORT)
   if ((*p == '@') && (IsPathAccessible(p+1) != MagickFalse))
     {
       /*
@@ -3330,7 +3329,6 @@ RestoreMSCWarning
       if (interpret_text != (char *) NULL)
         return(interpret_text);
     }
-#endif
   /*
     Translate any embedded format characters.
   */

diff --git a/config/policy.xml b/config/policy.xml
index 29d8a0b8b392e2ab9e19a04eaf0a643bbd7ab472..762de15c9f3a3e3e8a3e7c3349ab733f9aa418ac 100644 (file)
--- a/config/policy.xml
+++ b/config/policy.xml
@@ -65,5 +65,6 @@
   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
   <!-- <policy domain="path" rights="none" pattern="@*" /> -->
   <!-- <policy domain="path" rights="none" pattern="|*" /> -->
+  <policy domain="path" rights="none" pattern="@*"/>  <!-- indirect reads not permitted -->
   <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
 </policymap>

diff --git a/configure b/configure
index fd4fb670483802149b1e51b66d49f89ec007e623..3bbb39811b8eb80afae1768dab3998993b4ac05c 100755 (executable)
--- a/configure
+++ b/configure
@@ -1168,7 +1168,6 @@ enable_cipher
 enable_zero_configuration
 enable_hdri
 enable_pipes
-enable_indirect_reads
 enable_assert
 enable_maintainer_mode
 enable_hugepages
@@ -1938,7 +1937,6 @@ Optional Features:
   --enable-hdri           accurately represent the wide range of intensity
                           levels found in real scenes
   --enable-pipes          enable pipes (|) in filenames
-  --enable-indirect-reads enable indirect reads (@) in filenames
   --disable-assert        disable assert() statements in build
   --enable-maintainer-mode
                           enable make rules and dependencies not useful (and
@@ -4519,7 +4517,7 @@ MAGICK_PATCHLEVEL_VERSION=10
 
 MAGICK_VERSION=7.0.1-10
 
-MAGICK_GIT_REVISION=18357:3cf86f2:20160603
+MAGICK_GIT_REVISION=18365:83bceaa:20160604
 
 
 # Substitute library versioning
@@ -23842,22 +23840,6 @@ $as_echo "#define PIPES_SUPPORT 1" >>confdefs.h
     MAGICK_FEATURES="Pipes $MAGICK_FEATURES"
 fi
 
-# Enable indirect reads (@) in filenames.
-# Check whether --enable-indirect-reads was given.
-if test "${enable_indirect_reads+set}" = set; then :
-  enableval=$enable_indirect_reads; enable_indirect_reads=$enableval
-else
-  enable_indirect_reads='no'
-fi
-
-
-if test "$enable_indirect-reads" = 'yes'; then
-
-$as_echo "#define INDIRECT_READS_SUPPORT 1" >>confdefs.h
-
-    MAGICK_FEATURES="IndirectReads $MAGICK_FEATURES"
-fi
-
 # Build a version of ImageMagick with assert statements.
 # Check whether --enable-assert was given.
 if test "${enable_assert+set}" = set; then :

diff --git a/configure.ac b/configure.ac
index 795f41a7e3f06855f0741a41e0401023d1dc9648..bf42361855d96cfa29be712c9a8dc6d20ff76dc1 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -696,18 +696,6 @@ if test "$enable_pipes" = 'yes'; then
     MAGICK_FEATURES="Pipes $MAGICK_FEATURES"
 fi
 
-# Enable indirect reads (@) in filenames.
-AC_ARG_ENABLE([indirect-reads],
-    [AC_HELP_STRING([--enable-indirect-reads],
-                    [enable indirect reads (@) in filenames])],
-    [enable_indirect_reads=$enableval],
-    [enable_indirect_reads='no'])
-
-if test "$enable_indirect-reads" = 'yes'; then
-    AC_DEFINE(INDIRECT_READS_SUPPORT,1,[enable indirect reads (@) in filenames])
-    MAGICK_FEATURES="IndirectReads $MAGICK_FEATURES"
-fi
-
 # Build a version of ImageMagick with assert statements.
 AC_ARG_ENABLE([assert],
     [AC_HELP_STRING([--disable-assert],