On Mon, May 13, 2024 at 8:36 PM Michael Catanzaro <mcatanzaro@xxxxxxxxxx> wrote: > > Hi, > > gdk-pixbuf 2.42.11 has dropped support for several uncommon image > formats. This is causing several applications to crash in Fedora > rawhide [1][2]. (The change also got backported to F40 and F39, but > I've reverted it there.) > > Benjamin Gilbert has proposed reenabling the removed loaders [3], but > this is not likely to be accepted upstream. So he's currently planning > to package the removed loaders for Fedora in a separate package. You'll > be able to depend on these if needed to avoid crashing, but please do > so only if you really need to, since the goal of removing the extra > loaders is to reduce attack surface. (Unfortunately gdk-pixbuf is a > fairly risky dependency: many applications require it, but it's not > very safe.) Most applications should use modern image formats instead. Just out of curiosity, would glycin be a better mechanism than gdk-pixbuf for loading "untrusted" images / "unsafe" image formats? Its loaders are sandboxed via SECCOMP and support for most image formats is implemented in Rust (except HEIF and JPEG-XL - they use the C reference implementations). (It looks like the Rust "image" crate doesn't - yet - support some obscure image formats like XPM, so it wouldn't help in this particular case, though.) Fabio -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
