To disable DoS limits for JPEG loading. Adding API on a stable branch is
bad, but this fixes a regression, so I think it's necessary,
unfortunately.
See https://github.com/libvips/libvips/issues/2973
* CI: upgrade runner to Ubuntu 22.04
- Compile with GCC 11 and Clang 14.
- Remove redundant PPAs.
- Use system provided Meson.
- Update LeakSanitizer suppressions.
* CI: ensure `VIPS_BLOCK_UNTRUSTED` is tested
`magicksave` cannot be used for testing when building with
`-Dmodules=enabled` (default), since that would require the
loadable modules to be installed first.
* quick proposal
warn on startup if untrusted operations might run
use vips_block_untrusted_set() to block untrusted operations, set an env
var or make a file to stop the warning
* mark fits, nifti and svg as untrusted
* remove the annoying "untrusted" warning message
better to warn on the download page
leave vips_block_untrusted_set() since it's obviously useful
* separate UNTRUSTED and BLOCKED
* typos
* add VIPS_BLOCK_UNTRUSTED env var
* move BLOCK_UNTRUSTED after plugin load
obviously, ooops
* add a test, disable *magick
although *magick is fuzzed, it's probably safer to disable it in
untrusted environments
* mark some more operations as untrusted
This adds support for saving 8-Bit one band palette based PNG images
with palette based alpha channel (often called PNG8+Alpha).
The image is first converted to sRGBA and then quantized using
libimagequant controlled by the colors, Q and dither params.
This fixes the poppler-glib version requirement to version 0.16, which
is the lowest version that compiles and works properly with pdfload.
Also added a check for pdfload and enabled testing on Travis CI.
