[Pkg-gmagick-im-team] Bug#991289: /etc/ImageMagick-6/policy.xml: invalid XML due to broken comment

Kevin Locke kevin at kevinlocke.name
Mon Jul 19 22:42:47 BST 2021 

Package: imagemagick-6-common
Version: 8:6.9.11.60+dfsg-1.3
Severity: normal
File: /etc/ImageMagick-6/policy.xml

Dear Maintainer,

Line 77 of /etc/ImageMagick-6/policy.xml (for name="shared-secret")
has a comment start marker (<!--) without a comment end marker (-->)
causing the start marker on the next line to occur within a comment,
which is not valid XML[^1]:

> For compatibility, the string "--" (double-hyphen) MUST NOT occur within comments.

As demonstrated by `xmllint /etc/ImageMagick-6/policy.xml`:

    /etc/ImageMagick-6/policy.xml:77: parser error : Double hyphen within comment: <!-- <policy domain="cache" name="shared-secret" value
      <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
        ^

It does not cause any issues with the ImageMagick tools that I am
aware of, but it complicates use/checking by other tools which parse
the XML more strictly (e.g. XMLStarlet).

The issue is caused by 0007-Improve-policy-in-order-to-be-safer.patch
(d9e5818685) which removed the end marker on line 77.

Thanks,
Kevin

[^1]: https://www.w3.org/TR/REC-xml/#sec-comments


-- Package-specific info:
ImageMagick program version
---------------------------
animate:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
compare:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
convert:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
composite:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
conjure:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
display:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
identify:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
import:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
mogrify:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
montage:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
stream:  ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org

-- System Information:
Debian Release: 11.0
  APT prefers testing-debug
  APT policy: (990, 'testing-debug'), (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-security'), (500, 'stable-debug'), (500, 'unstable'), (500, 'oldstable'), (101, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.14.0-rc1 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

More information about the Pkg-gmagick-im-team mailing list