It appears if I can work out how to define SPLASH_CMYK for the build, then I can fix CVE-2019-10871 too. So I will investigate this possibility. -- Brian May <bam@debian.org>