Package: imagemagick-6.q16 Version: 8:6.9.7.4+dfsg-11+deb9u3 Severity: normal
Dear Maintainer, at some point after upgrading, we found that imagemagick commands hang for extended periods of time without any activity. strace showed the reason to be it trying to connect to the local irc server (running on port 6668), waiting for some specific response. as it turns out, this is due to the distributed pixel cache feature of imagemagick. I think there are a number of problems with that: 1) imagemagick should not try to connect a distributed pixel cache that isn't configured. 2) it definitely shouldn't use a port used by a well-known protocol, in this case, irc (which uses ports 6660-6669 or higher for decades). Arguably, 1) is a security issue, as any local user can bind to port 6668, and this might unexpectedly leak personal data, as the shared secret in debian is not per-user and stored in a world-readable file (/etc/ImageMagick-6/policy.xml) and apparently defaults to "passphrase". -- Package-specific info: ImageMagick program version --------------------------- animate: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org compare: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org convert: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org composite: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org conjure: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org display: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org identify: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org import: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org mogrify: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org montage: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org stream: ImageMagick 6.9.7-4 Q16 x86_64 20170114 http://www.imagemagick.org -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/bash Init: systemd (via /run/systemd/system) Versions of packages imagemagick-6.q16 depends on: ii hicolor-icon-theme 0.15-1 ii libc6 2.24-11+deb9u1 ii libmagickcore-6.q16-3 8:6.9.7.4+dfsg-11+deb9u3 ii libmagickwand-6.q16-3 8:6.9.7.4+dfsg-11+deb9u3 Versions of packages imagemagick-6.q16 recommends: ii ghostscript 9.20~dfsg-3.2+deb9u1 ii libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-11+deb9u3 ii netpbm 2:10.0-15.3+b2 Versions of packages imagemagick-6.q16 suggests: pn autotrace <none> ii cups-bsd [lpr] 2.2.1-8 ii curl 7.52.1-5+deb9u3 ii enscript 1.6.5.90-3 ii ffmpeg 10:3.3.5-dmo1+deb9u1 ii fig2dev [transfig] 1:3.2.6a-2 ii gimp 2.8.18-1 ii gnuplot 5.0.5+dfsg1-6+deb9u1 pn grads <none> ii graphviz 2.38.0-17 ii groff-base 1.22.3-9 pn hp2xx <none> pn html2ps <none> pn imagemagick-doc <none> ii libwmf-bin 0.2.8.4-10.6 ii mplayer 4:1.3.0~20170413.svn37931-dmo3+deb9u2 pn povray <none> ii radiance 4R1+20120125-1.1+b1 ii sane-utils 1.0.25-4.1 ii texlive-binaries [texlive-base-bin] 2016.20160513.41080.dfsg-2 ii transfig 1:3.2.6a-2 ii ufraw-batch 0.22-1.1 ii xdg-utils 1.1.1-1 -- no debconf information
