gnupg doc doesn't build due to ImageMagick default policy
Open, Needs TriagePublic



In latest Ubuntu (docker image), the default policy for ImageMagick is to forbid SVG-to-PDF conversion with convert, causing the build to fail with:

Making all in doc
convert `test -f '/gnupg/doc/gnupg-module-overview.svg' || echo '/gnupg/doc/'`/gnupg/doc/gnupg-module-overview.svg gnupg-module-overview.png
convert `test -f '/gnupg/doc/gnupg-module-overview.svg' || echo '/gnupg/doc/'`/gnupg/doc/gnupg-module-overview.svg gnupg-module-overview.pdf
fig2dev -L png `test -f '/gnupg/doc/gnupg-card-architecture.fig' || echo '/gnupg/doc/'`/gnupg/doc/gnupg-card-architecture.fig gnupg-card-architecture.png
fig2dev -L pdf `test -f '/gnupg/doc/gnupg-card-architecture.fig' || echo '/gnupg/doc/'`/gnupg/doc/gnupg-card-architecture.fig gnupg-card-architecture.pdf
convert-im6.q16: not authorized `gnupg-module-overview.pdf' @ error/constitute.c/WriteImage/1037.

More info on ImageMagick policy files here. The policy changes were added to ImageMagick in response to several vulnerabilities reported here. Ubuntu advisory here.

marcus created this task.Wed, Dec 5, 3:55 PM
werner added a subscriber: werner.Thu, Dec 6, 9:29 AM

ImageMagick version with that regression?