[Bug 1810517] [NEW] re-enable GhostScript in ImageMagick

Mikhail Novosyolov 1810517 at bugs.launchpad.net
Fri Jan 4 12:49:40 UTC 2019 

Public bug reported:

This security updated https://usn.ubuntu.com/3785-1/ added the following
to /etc/ImageMagick-6/policy.xml

<!-- disable ghostscript format types -->
<policy domain="coder" rights="none" pattern="PS" />
<policy domain="coder" rights="none" pattern="EPI" />
<policy domain="coder" rights="none" pattern="PDF" />
<policy domain="coder" rights="none" pattern="XPS" />

This prevents from working with PDF, e.g. `convert file.pdf file.png`.
It is a very common use case and is a suggested way to convert PDF to
image on many websites, including ask.ubuntu.com

I had to remove/comment those lines from /etc/ImageMagick-6/policy.xml
to allow ImageMagick to work with PDF, otherwise it was:

$ convert test1.pdf test1.png
convert-im6.q16: not authorized `test1.pdf' @ error/constitute.c/ReadImage/412.
convert-im6.q16: no images defined `test1.png' @ error/convert.c/ConvertImageCommand/3258.

Can you please reenable GhostScript?
I don't think that it is so insecure that so common use cases must be disabled, people, who do not read usn.ubuntu.com frequently, will not understand the error.

Also, those security update disabled GhostScript on the fly; what if I
used it on servers or for daily desktop tasks?

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: imagemagick 8:6.9.7.4+dfsg-16ubuntu6.4
ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18
Uname: Linux 4.15.0-43-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Jan  4 15:43:09 2019
InstallationDate: Installed on 2018-12-21 (13 days ago)
InstallationMedia: Xubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
SourcePackage: imagemagick
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: imagemagick (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1810517

Title:
  re-enable GhostScript in ImageMagick

Status in imagemagick package in Ubuntu:
  New

Bug description:
  This security updated https://usn.ubuntu.com/3785-1/ added the
  following to /etc/ImageMagick-6/policy.xml

  <!-- disable ghostscript format types -->
  <policy domain="coder" rights="none" pattern="PS" />
  <policy domain="coder" rights="none" pattern="EPI" />
  <policy domain="coder" rights="none" pattern="PDF" />
  <policy domain="coder" rights="none" pattern="XPS" />

  This prevents from working with PDF, e.g. `convert file.pdf file.png`.
  It is a very common use case and is a suggested way to convert PDF to
  image on many websites, including ask.ubuntu.com

  I had to remove/comment those lines from /etc/ImageMagick-6/policy.xml
  to allow ImageMagick to work with PDF, otherwise it was:

  $ convert test1.pdf test1.png
  convert-im6.q16: not authorized `test1.pdf' @ error/constitute.c/ReadImage/412.
  convert-im6.q16: no images defined `test1.png' @ error/convert.c/ConvertImageCommand/3258.

  Can you please reenable GhostScript?
  I don't think that it is so insecure that so common use cases must be disabled, people, who do not read usn.ubuntu.com frequently, will not understand the error.

  Also, those security update disabled GhostScript on the fly; what if I
  used it on servers or for daily desktop tasks?

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: imagemagick 8:6.9.7.4+dfsg-16ubuntu6.4
  ProcVersionSignature: Ubuntu 4.15.0-43.46-generic 4.15.18
  Uname: Linux 4.15.0-43-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  CurrentDesktop: XFCE
  Date: Fri Jan  4 15:43:09 2019
  InstallationDate: Installed on 2018-12-21 (13 days ago)
  InstallationMedia: Xubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
  SourcePackage: imagemagick
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1810517/+subscriptions

More information about the foundations-bugs mailing list