Package: pdf-redact-tools Version: 0.1.2-4 Severity: serious Hi,
At least on Bullseye and sid, any pdf-redact-tools operation fails with an error like: convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/421. Touss, a fellow Tails contributor, reports this is caused by PDF support having been disabled in imagemagick: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964090 This change is effective on Buster and newer and a security team member indicated they'd rather not revert it. A workaround, to be able to use pdf-redact-tools, is to edit /etc/ImageMagick-6/policy.xml and comment out that line: <policy domain="coder" rights="none" pattern="PDF" /> … which re-introduces the attack surface that the security team wants to disable. Additionally, since May 2020 this project is not maintained upstream anymore: https://github.com/firstlookmedia/pdf-redact-tools/commit/e407942fa19027718b706033d460a1dec2097094 So I think this package should not be included in Bookworm, hence the RC severity. Cheers! -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (990, 'unstable'), (2, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.0.0-2-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_USER Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pdf-redact-tools depends on: ii file 1:5.41-4 ii imagemagick 8:6.9.11.60+dfsg-1.3+b4 ii imagemagick-6.q16 [imagemagick] 8:6.9.11.60+dfsg-1.3+b4 ii libimage-exiftool-perl 12.49+dfsg-1 ii python3 3.10.6-1 pdf-redact-tools recommends no packages. pdf-redact-tools suggests no packages. -- no debconf information