For example, Ubuntu doesn't install updates automatically out of the box. It just so happens that Ghostscript is used for all sorts of PDF manipulations, either directly or under the hood in many packages (including some of our own like spatie/laravel-media-library, spatie/pdf-to-image and spatie/pdf-to-text).ĭepending on your server configuration you might never run into this issue. One of the first changes in the log is "disable ghostscript handled types by default in policy.xml". The changelog for this update can be found here. With_items: ""Īs it turns out, these issues are caused by a recent security update for the ImageMagick package that was released on the 28th of September, 2018. name: Allow ImageMagick coder to read and write It deals with the different ImageMagick directories as well!. My colleague Ruben wrote an excellent Ansible playbook to apply the above fix. When managing a lot of applications, it might be a worth considering something like Ansible to quickly set-up, manage and patch all of your servers. You can read more about the security policy file on ImageMagick's website. The policy.xml file contains some good documentation in the comments. If you're experiencing issues with other file types or manipulations, you might need to change some of the other policies as well. In /etc/ImageMagick-6/policy.xml (or /etc/ImageMagick/policy.xml) find the following line Īnd change it to allow reading and writing by the PDF coder in ImageMagick: įinally, don't forget to restart your PHP-FPM and optionally queue workers: sudo service php7.2-fpm restart Luckily, we can edit the policy.xml file ourselves and loosen up security for working with PDFs. We can actually see the diff for this update right here. I don't care about your problems, just give me the fix!Ī recent ImageMagick security update adds some extra policies regarding PDFs (or more specifcally: Ghostscript). The weird thing is, some of these applications are quite old and haven't been updated or even touched for months, whilst others are recent and running the latest versions of packages and OS. Upon further investigation it looks like most of our sites and applications dealing with PDFs were actually experiencing issues. Unable to create temporary file `/some/path` Permission denied error/pdf.c/ReadPDFImage/465 Not authorized `/path/to/some-image.png` error/convert.c/ConvertImageCommand/3015 In Bugsnag, our error reporting service, the following exceptions have been popping up a lot: not authorized `/path/to/some-pdf.pdf` error/constitute.c/ReadImage/412Ĭonvert: not authorized `/path/to/some-pdf.pdf` error/constitute.c/WriteImage/1028 Let's look into the issue and its solution. As it turns out, these issues are caused by automatic security updates. Over the last few days we've had a couple of issues with Imagick and processing PDFs on our servers. Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.Fixing Imagick's “not authorized” exception.
0 Comments
Leave a Reply. |