Use the bitwise OR assignment operator to ensure that derived
classes does not overwrite the flags from the base class. Also,
move the flags from `openslideload_source` to its base class.
* quick proposal
warn on startup if untrusted operations might run
use vips_block_untrusted_set() to block untrusted operations, set an env
var or make a file to stop the warning
* mark fits, nifti and svg as untrusted
* remove the annoying "untrusted" warning message
better to warn on the download page
leave vips_block_untrusted_set() since it's obviously useful
* separate UNTRUSTED and BLOCKED
* typos
* add VIPS_BLOCK_UNTRUSTED env var
* move BLOCK_UNTRUSTED after plugin load
obviously, ooops
* add a test, disable *magick
although *magick is fuzzed, it's probably safer to disable it in
untrusted environments
* mark some more operations as untrusted
Use GLib's i18n support instead of copying and pasting that
logic into its own header. This deprecates the vips/intl.h
header in favour of glib/gi18n.h.
When we image_new_from_source, the source object has some of the loader
state: it tracks the current read position of the load library. This
means that we mustn't keep source loaders in the operation cache, since
a second call could give a different result because the source object
read position might have changed.
Also: add a rewind to get_flags_source in spngload, and jp2k needs to
tag its load region as having no thread ownership or you'll get assert
fails in the test suite with debug enabled.
tell buffer and target savers the file format
Currently, buffer and target savers are not told the format they should
write.
This is usually OK (the JPEG saver already knows it should write JPEG),
but some savers can write several formats, and these currently need an
extra parameter.
For example:
```ruby
buf = x.write_to_buffer ".bmp", format: "bmp"
```
The first ".bmp" gets libvips to pick magicksave, the second
`format:` param is necessary to tell magicksave to write BMP.
This patch adds stub subclasses so that the savers know the exact format. It also improves PPM save.
- ppmload was not setting interpretation, filename, etc. for files read via
mmap
- files not read via mmap were never byteswapped
- some cleanups
see https://github.com/libvips/libvips/issues/1916
We had a half-baked idea that RGB could mean generic RGB space and sRGB
would mean strict sRGB interpretation.
Unfortunately, this did not work well in practice. For example,
`icc_transform("srgb")` would tag the result as RGB rather than sRGB
(the converter didn't know it was writing sRGB pixels, it just saw
conversion to RGB with an ICC profile), and then later stages would do
unnecessary icc_imports, or worse, fail.
This patch makes RGB and sRGB strict synonyms. If you want to treat an
RGB image as something other than sRGB, you'll need to do it by hand
with the icc_ functions.
See
https://github.com/libvips/pyvips/issues/14446212e92b1 (r34904985)https://github.com/libvips/libvips/issues/1494
vips_image_new_from_memory() allowed you to use length == 0 to mean
"don't check memory length". This was part of some very old vips7
compatibility.
The ppm loader could pass length == 0 if header size was equal to file
size, bypassing the length check.
The VipsStreamib (stream input buffered) was misleading -- it was
implemented on top of VipsStreami, but was not a subclass.
Rename as VipsBufis (buffered input stream). It's a silly name, but
easy to remember and reflects the purpose better,
vips has built-in support for rad, analyze and ppm ... add configure
switches to disable these readers
useful to reduce the attack surface in some applications
John Cupitt
Kleis Auke Wolthuizen
Alistair Thomas
Benjamin Gilbert