Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#60754 - ImageMagick 7.0.8-14, default installation doesn't 'convert' to pdf

Attached to Project: Arch Linux
Opened by atul akb (whyGi) - Friday, 09 November 2018, 10:41 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 09 November 2018, 13:29 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


ImageMagick 7.0.8-14 Q16 x86_64 2018-10-24

 FS#60607  - imagemagick gives an error trying to write an image to a PDF file
 FS#60580  - imagemagick does not work with PDF's

1- cmd> convert xzy.jpg xyzpdf

2- output> convert: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.
(ie) the conversion fails.

3- the solutions in the two threads above both worked (ie) edit /etc/imageMagick-7/policy.xml to delete the line: <policy domain="coder" rights="none" pattern="{PS,PS2,PS3,EPS,PDF,XPS}" /> or change it from "none" to "all"

Comments/ Request
1- please go easy - I'm a healthworker not a programmer :: this is my first bug report - ever. Most of all I just want to 'upvote' the 2 previous threads but don't think that's possible.

2- I'm guessing that with the next Imagemagick update is going to over-write the fix. Which means that the shipped convert utility is going to get broken (for my usecase) every time it updates.

3- The same policy might affect other functions that I don't use very often?? does anyone know?

4- I infer that there's a security risk associated with giving the "coder" all rights but I don't actually understand what. I would guess that in some environments (eg running on a server?? running as an automated script?) the coder could do harm. I don't know if a person's home PC is one of those vulnerable environments but in terms of end user the risk mitigation makes the utility non-functional and breaks the previous function that I've always used it for.

5- Might I suggest an alternative approach. Could the installer be interactive and do something, anything to ask whether the 'coder' should be denied rights (to increase the security but reduce functionality) and the default option be to set the policy so that "convert" works?

6- I'm sure there's a million other ways to address this so I'm hopeful that one of my favourite "look what I can do on linux" tools is repaired. Maybe a more informative response in place of that 'operation not allowed' message??

thanks & kind regards

Additional info:
* package version(s) -- above
* config and/or log files etc. -- above

Steps to reproduce: -- above
This task depends upon

Closed by  Doug Newgard (Scimmia)
Friday, 09 November 2018, 13:29 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#60580   FS#60607 

Don't do that.