[Pkg-gmagick-im-team] Bug#1003749: imagemagick-6.q16: convert foo.png foo.eps security violation leaves empty foo.eps

Barak A. Pearlmutter barak at pearlmutter.net
Fri Jan 14 22:43:27 GMT 2022


Package: imagemagick-6.q16
Version: 8:6.9.11.60+dfsg-1.3
Severity: normal

/usr/bin/convert should not generate incorrect output files.  If the
output cannot be correctly generated, the output file should be removed.

The current behaviour is a problem when convert is used in a Makefile,
where the first run of "make" generates an error but also an empty
output file, then a second run of "make" treats that empty output file
as correct and continues later stages of the build.

Example:

$ ls -l stroke-signs-1.eps
ls: cannot access 'stroke-signs-1.eps': No such file or directory

$ convert stroke-signs-1.png stroke-signs-1.eps
convert-im6.q16: attempt to perform an operation not allowed by the
security policy `EPS' @ error/constitute.c/IsCoderAuthorized/421.

$ ls -l stroke-signs-1.eps
-rw-rw-r-- 1 barak barak 0 Jan 14 22:36 stroke-signs-1.eps



More information about the Pkg-gmagick-im-team mailing list