override default ImageMagick policy.xml
I’ve spent a couple hours working this and finally found a relatively simple solution.
You have to tell ImageMagick to load your config file with higher precedence than the default one, which you can do by setting the MAGICK_CONFIGURE_PATH environment variable to the directory your policy.xml is in.
I've the same issue like you. By a security update ImageMagick now disallows PDF processing by default. The underlying vulnerability in ghostscript (https://www.kb.cert.org/vuls/id/332928) is already fixed but the default config is not yet changed back.
I did some experiments with ~/.config/ImageMagick/policy.xml and found out that this config is actually used and working. BUT you can't allow things that are disabled globally. You can only add further restrictions to your users processes.
So my suggestions:
- adjust the
/etc/ImageMagick-6/policy.xml - wait until the package maintainers decide to activate the feature again by default
UPDATE:
When using #1 you should make sure to not break your automatic updates. Maybe this will help you finding a solution: https://unix.stackexchange.com/questions/138751/unattended-upgrades-and-modified-configuration-files