From 2d2ee68cc022c7c2b9f955fac440d9525497e0de Mon Sep 17 00:00:00 2001 From: Mirco Miranda Date: Mon, 13 Apr 2026 07:52:42 +0200 Subject: [PATCH] Add more info about unsecure JXR plugin --- .kde-ci.yml | 2 +- CMakeLists.txt | 7 ++++--- README.md | 7 ++++++- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.kde-ci.yml b/.kde-ci.yml index 11cdc88..523d120 100644 --- a/.kde-ci.yml +++ b/.kde-ci.yml @@ -7,5 +7,5 @@ Dependencies: Options: test-before-installing: True require-passing-tests-on: ['Linux', 'FreeBSD', 'Windows'] - cmake-options: "-DKIMAGEFORMATS_JXR=ON -DKIMAGEFORMATS_HEIF=ON -DKIMAGEFORMATS_HEIF_TEST:STRING=OFF -DKIMAGEFORMATS_HEJ2_TEST:STRING=OFF -DKIMAGEFORMATS_AVCI_TEST:STRING=OFF" + cmake-options: "-DKIMAGEFORMATS_WITH_KNOWN_CRASHES_JXR=ON -DKIMAGEFORMATS_HEIF=ON -DKIMAGEFORMATS_HEIF_TEST:STRING=OFF -DKIMAGEFORMATS_HEJ2_TEST:STRING=OFF -DKIMAGEFORMATS_AVCI_TEST:STRING=OFF" per-test-timeout: 90 diff --git a/CMakeLists.txt b/CMakeLists.txt index fff8a50..201581b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -97,9 +97,10 @@ set_package_properties(LibRaw PROPERTIES PURPOSE "Required for the QImage plugin for RAW images" ) -# JXR plugin disabled by default due to security issues -option(KIMAGEFORMATS_JXR "Enable plugin for JPEG XR format" OFF) -if(KIMAGEFORMATS_JXR) +# JXR plugin disabled by default due to security issues. +# You should not enable it unless you know what you are doing. +option(KIMAGEFORMATS_WITH_KNOWN_CRASHES_JXR "Enable plugin for JPEG XR format" OFF) +if(KIMAGEFORMATS_WITH_KNOWN_CRASHES_JXR) find_package(LibJXR) endif() add_feature_info(LibJXR LibJXR_FOUND "required for the QImage plugin for JPEG XR images") diff --git a/README.md b/README.md index 38fa3c6..383c700 100644 --- a/README.md +++ b/README.md @@ -394,7 +394,12 @@ plugin: ### The JXR plugin **This plugin is disabled by default. It can be enabled by settings -`KIMAGEFORMATS_JXR` to `ON` in your cmake options.** +`KIMAGEFORMATS_WITH_KNOWN_CRASHES_JXR` to `ON` in your cmake options.** + +> [!caution] +> The plugin disabled by default due to security issues in [jxrlib](https://github.com/4creators/jxrlib): +> the upstream jxrlib is dead and there is no "hope" they will fix the issues. +> **You should not enable it unless you know what you are doing.** The following defines can be defined in cmake to modify the behavior of the plugin: