On 2019-10-11 Graham Inggs <[email protected]> wrote: > For reference, upstream proposed that applications requiring this > function should link lutil or make their own copy of the code [1].
> Arch Linux bug report [2] refers to a patch [3], which resolves the issue. > Gentoo bug report [4] refers to a pull request [5], which was not accepted. Hello, yes, giflib upstream has dropped GifQuantizeBuffer "to reduce [...] attack surface". One could fork giflib and undo this change, I am not convinced that is a terribly good idea. (Fedora has done this recently.) OTOH I am quite sure it would be terrible idea to ship libutil as a library in Debian, the name on its own would be a strong enough reason not to do it. ;-) cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
