| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not yet part of any release.
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fixed memory leak when creating nested exceptions in Magick++
https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
- Fixed fd leak for webp coder
https://github.com/ImageMagick/ImageMagick/pull/382
- Fixed Spurious memory allocation message
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
Full changelog: http://imagemagick.org/script/changelog.php
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/d20/d20eecec8e7b947759185f77a6c8e610dd7393f3/
http://autobuild.buildroot.net/results/ee1/ee15efa8ae3f95244980810155ff7ba9f885a59d/
http://autobuild.buildroot.net/results/aa8/aa80f2fd4c7dd884ea8a1b55ad15a40c7bf40501/
http://autobuild.buildroot.net/results/9aa/9aaa044f78115d7f599ea09669c0d6bface5633e/
This combination is broken since 7.0.4-6.
Since commit a9e228f8ac26 (Implemented a private PNG caNv (canvas) chunk),
PNGsLong gets called unconditionally, but it is only defined if JPEG
support is enabled (which defines JNG_SUPPORTED), breaking the build:
MagickCore/.libs/libMagickCore-7.Q16HDRI.a(MagickCore_libMagickCore_7_Q16HDRI_la-png.o): In function `WriteOnePNGImage':
png.c:(.text+0x748d): undefined reference to `PNGsLong'
png.c:(.text+0x74b7): undefined reference to `PNGsLong'
Fix it by adding a patch unconditionally defining the helper function.
Patch submitted upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes an use of uninitialized data issue in MAT image format that may have
security impact:
https://github.com/ImageMagick/ImageMagick/issues/362
[Peter: extend commit message, mention (potential) security impact]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
http://git.imagemagick.org/repos/ImageMagick/commit/fde5f55af94f189f16958535a9c22b439d71ac93
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
oss-security reference:
http://www.openwall.com/lists/oss-security/2016/11/13/1
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
7.0.3-3 is no longer available upstream and has instead been replaced by -4,
so use that instead.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes:
memory allocate failure in AcquireQuantumPixels (quantum.c)
heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)
No CVEs assigned yet.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a number of buffer overflows / use-after-free issues:
http://git.imagemagick.org/repos/ImageMagick/blob/master/ChangeLog
* Prevent buffer overflow in BMP & SGI coders (bug report from
pwchen&rayzhong of tencent).
* Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and
CALS coders (bug report from Donghai Zhu).
* Prevent buffer overflow (bug report from Max Thrane).
* Prevent memory use after free (reference
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Option --without-jp2 removed as it doesn't exist anymore.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It appears that Imagemagick needs to be configured with
--with-gs-font-dir=/usr/share/fonts/gs else it will not find
the ghostscript fonts and /etc/ImageMagick-6/type-ghostscript.xml
will contain the wrong font paths. You end up with messages like:
Magick: unable to read font `(null)' @ error/annotate.c/RenderFreetype/1153
They are non-fatal but could get annoying fast if you are using 'convert'
on a lot of files.
Without patch we end up with (depending on what is available on the host):
Font Configuration:
Apple fonts --with-apple-font-dir=default
Dejavu fonts --with-dejavu-font-dir=default none
Ghostscript fonts --with-gs-font-dir=default /usr/share/fonts/type1/gsfonts/
Windows fonts --with-windows-font-dir=default none
And with the patch:
Font Configuration:
Apple fonts --with-apple-font-dir=default
Dejavu fonts --with-dejavu-font-dir=default none
Ghostscript fonts --with-gs-font-dir=/usr/share/fonts/gs /usr/share/fonts/gs/
Windows fonts --with-windows-font-dir=default none
[Peter: reworked/extended commit message]
Signed-off-by: Robert Sohn <grepper@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
Add new disables for libraries that aren't supported in buildroot and
sort them for ease of maintenance.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
Fix GetNextToken() off by one error.
Check for buffer overflow in magick/draw.c/DrawStrokePolygon().
Remove support for internal ephemeral coder.
These are all related to the recent ImageTragick bundle that were
partially fixed in 6.9.3-10 as well.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When webp was compiled before, imagemagick will use it as optional
dependency:
$ output/host/usr/bin/x86_64-linux-readelf -a output/target/usr/bin/stream | grep NEEDED
0x0000000000000001 (NEEDED) Shared library: [libMagickCore-6.Q16.so.2]
0x0000000000000001 (NEEDED) Shared library: [libMagickWand-6.Q16.so.2]
0x0000000000000001 (NEEDED) Shared library: [libjpeg.so.8]
0x0000000000000001 (NEEDED) Shared library: [libwebp.so.5]
[...]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When lcms2 was compiled before, imagemagick will use it as optional
dependency:
$ output/host/usr/bin/x86_64-linux-readelf -a output/target/usr/bin/identify | grep NEEDED
0x0000000000000001 (NEEDED) Shared library: [libMagickCore-6.Q16.so.2]
0x0000000000000001 (NEEDED) Shared library: [libMagickWand-6.Q16.so.2]
0x0000000000000001 (NEEDED) Shared library: [liblcms2.so.2]
[...]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Reviewed-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Tested-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since commit 12a6c5b12cd1 (imagemagick: use official download site,
2015-02-17) we use the official ImageMagic size. Use it also as hash source.
That's the conversion we use in all other packages when upstream provides
hashes.
Cc: Fabio Porcedda <Fabio.Porcedda@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
| |
Also update hash file.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Also update hash file.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
Now that largefile is mandatory removes package dependencies and
conditionals.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
| |
Also update hash file.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |\
| |
| |
| | |
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Fabio Porcedda <Fabio.Porcedda@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| | |
| |
| |
| |
| | |
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
