I apologise for the late notice.
Starting with gdk-pixbuf 2.42.11, released April 19, 2024, a default build of gdk-pixbuf will not include the image loaders for the following formats:
- ANI
- BMP
- ICN and ICNS
- PNM
- QTIF
- TGA
- XBM and XPM
The loaders can be re-enabled by configuring gdk-pixbuf’s build to include the -Dothers=enabled
option; the image loaders are still going to be included inside gdk-pixbuf for the foreseeable future.
If your application requires loading assets in one or more of those formats, you will need to bundle gdk-pixbuf in your manifest, e.g.
{
"name": "gdk-pixbuf",
"buildsystem": "meson",
"config-opts": [
"-Dgtk_doc=false",
"-Dman=false",
"-Dothers=enabled"
],
"sources": [
{
"type": "git",
"url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf.git",
"branch": "master"
}
]
}
You also need to call gdk_pixbuf_init_modules()
with the path of the loaders.cache
file, which is going to be under the same prefix as your application, i.e. /app/lib/gdk-pixbuf-2.0/2.10.0
.
Application developers also need to ensure that their code manages missing image loaders properly, by using the various run time error checking in the gdk-pixbuf API; this has always been the case for gdk-pixbuf, but it’s a useful reminder to never assume that an image format will be loadable on every system just because it happens to work on your machine.
Downstream distributors should decide whether to re-enable these image loaders or not, depending on the level of stability of their platform.
The image loaders that have been disabled for multiple reasons:
- these formats are, by and large, considered niche
- the loaders are implemented directly inside gdk-pixbuf instead of relying on third party libraries that have a more formal security management
- gdk-pixbuf’s maintenance effort has been scaled back considerably over the years
Going forward, gdk-pixbuf will pivot towards being used for loading application assets that are in full control of the developers; we recommend using glycin for loading user provided images, as it uses a far better security model.