[Pkg-gmagick-im-team] Bug#907336: still relevant? revert?
Tomas Pospisek
tpo at sourcepole.ch
Wed Sep 1 09:19:28 BST 2021
Dear ImageMagick Packaging Team,
Short version: is it safe today to reenable PDF/PS conversion again these
days?
Long version:
Today I was affected by the problem reported in [1], notably:
convert: attempt to perform an operation not allowed by the security
policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.
When I check /etc/ImageMagick-6/policy.xml I see that plenty of
conversions to/from (?) PDF/(E)PS* are apparently disabled by default as
delivered by Debian. Which actually covers part of the requests in this
(#907336) bugreport.
The mentioned stackoverflow Q&A however mentions that:
> Make sure ghostscript is updated kb.cert.org/vuls/id/332928
Which refers to a fix in Ghostscript 9.24 which is ages ago when compared
to the Ghostscript version 9.53 currently in Debian stable.
I have *zero* insight into the issues leading to PDF/PS conversion being
disabled in Debian and if they still are relevant and still are of
the same concern as they were at the times before Ghostscript 9.24.
Or posed differently: does it make sense to reevaluate these issues and -
if it turns out they are of no concern any more today - could the
respective converters be re-enabled by default again?
Thanks a lot for maintaining ImageMagick! Greetings,
*t
[1] https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion
More information about the Pkg-gmagick-im-team
mailing list