Commit Graph

169 Commits

Author SHA1 Message Date
Fabrice Fontaine
df20e45463 package/librsvg: bump to version 2.48.8
- Add a dependency to host-rustc
- libcroco is not a dependency since
  03ce9bd787
- gtk3 is not a dependency since
  522aeee0ca
- cairo script is mandatory since switch to rust

This bump is needed to remove libcroco which has been archived and won't
get any security updates anymore:
https://gitlab.gnome.org/Archive/libcroco/-/issues/8

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-13 15:50:47 +02:00
Fabrice Fontaine
8f2fe00f08 package/imagemagick: (security) bump to version 7.0.10-28
- Fix CVE-2019-17547: In ImageMagick before 7.0.8-62, TraceBezier in
  MagickCore/draw.c has a use-after-free.
- Fix CVE-2019-18853: ImageMagick before 7.0.9-0 allows remote attackers
  to cause a denial of service because XML_PARSE_HUGE is not properly
  restricted in coders/svg.c, related to SVG and libxml2.
- Update hash of LICENSE file (update in year with
  f775a5cf27)
- Update indentation in hash file (two spaces)
- Switch to github helper - it has always been an autogenerated archive.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: use github helper]
2020-08-30 19:03:43 +02:00
Peter Korsgaard
cf9591660a package/imagemagick: fix configure error with --disable-opencl in setups without libltdl
Fixes:
http://autobuild.buildroot.net/results/d9a/d9a84b642357f758c3f84270fb9a109abd7e2684/

configure.ac contains a test using $ax_cv_check_cl_libcl:

if test "$build_modules" != 'no' || test "X$ax_cv_check_cl_libcl" != Xno; then
  AC_MSG_RESULT([-------------------------------------------------------------])
  AC_MSG_CHECKING([for libltdl])

But ax_cv_check_cl_libcl is only assigned a value (yes/no) if
--disable-opencl is NOT passed, as the assignment logic is inside a
conditional:

AC_ARG_ENABLE([opencl],
    [AC_HELP_STRING([--disable-opencl],
                    [do not use OpenCL])],
    [disable_opencl=$enableval],
    [disable_opencl='yes'])

if test "$disable_opencl" = 'yes'; then
  ..
  AC_CACHE_CHECK([for OpenCL library], [ax_cv_check_cl_libcl],

So configure errors out if --disable-opencl is passed on setups where
libltdl isn't available:

checking if libltdl package is complete... no
configure: error: in `/home/naourr/work/instance-0/output-1/build/imagemagick-7.0.8-59':
configure: error: libltdl is required for modules and OpenCL builds

As a workaround, explictly set ax_cv_check_cl_libcl=no to skip this
conditional.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-04 22:53:22 +01:00
Julien Olivain
9056908e93 package/imagemagick: explicitly disable opencl
Some packages installs libOpenCL without declaring
BR2_PACKAGE_PROVIDES_LIBOPENCL (e.g.  imx-gpu-viv).  ImageMagick will detect
the library and will require libtool.  Since libtool is not in dependencies,
build might fail.

To prevent that situation, explicitly disable opencl support for target and host.

Signed-off-by: Julien Olivain <juju@cotds.org>
[Peter: drop unneeded ax_cv_check_cl_libcl=no]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-03 17:03:24 +01:00
Yann E. MORIN
55fc80260b packages: host gcc >= 4.8 is now guaranteed
... so we can drop all config options about it and previous versions.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 10:00:29 +01:00
Bernd Kuhls
59aa56b6dc package/imagemagick: host svg support needs host gcc >= 4.8
Due to the harfbuzz bump to version 2.5.2 host SVG support needs host
gcc >= 4.8.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-11 22:50:17 +02:00
Bernd Kuhls
e9811b52fc package/imagemagick: security bump version to 7.0.8-59
Fixes
https://github.com/ImageMagick/ImageMagick/issues/1641 (no CVE id yet)
https://github.com/ImageMagick/ImageMagick/issues/1644 (no CVE id yet)

Removed patch included in version 7.0.8-54.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-08-09 22:06:20 +02:00
Peter Korsgaard
273427f928 package/imagemagick: fix host build for old distributions
Fixes:
http://autobuild.buildroot.net/results/5f0/5f0b85033e800c9eebc46812592966ec6826bb5d/

imagemagick uses clock_gettime, which was provided by librt rather than libc
in glibc < 2.17 - Causing link errors.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-02 19:46:40 +02:00
Bernd Kuhls
0287136ff7 package/imagemagick: add upstream security fix for CVE-2019-13454
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:19:24 +02:00
Bernd Kuhls
7f7820c535 package/imagemagick: security bump to version 7.0.8-53
Fixes various CVE IDs:

CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13136,
CVE-2019-13137, CVE-2019-13295, CVE-2019-13296, CVE-2019-13297,
CVE-2019-13298, CVE-2019-13299, CVE-2019-13300, CVE-2019-13301,
CVE-2019-13302, CVE-2019-13303, CVE-2019-13304, CVE-2019-13305,
CVE-2019-13306, CVE-2019-13307, CVE-2019-13308, CVE-2019-13309,
CVE-2019-13310, CVE-2019-13311, CVE-2019-13391

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-14 12:18:44 +02:00
Yann E. MORIN
6a7a584b24 package/imagemagick: add optional SVG support to host variant
SVG can be regarded as the "source code" for assets, like logos or other
graphical elements.

However, SVG needs to be rendered, which requires an XML parser and an
SVG "parser/rendered". As such, it has various runtime impacts, like
bad performance or security. As such, SVG are often pre-rendered to the
required sizes/depths/resolutions into other format, such as PNG, at
build time.

While rsvg-convert (from host-librsvg) would allow the rendering, it
does not allow more complex tasks taht ImageMagick allows for:
compositing more than one image, 2D transforamtions (rotation, skew...).

Yet, SVG support in ImageMagick relies on librsvg, which adds quite a
few dependencies, and thus has a noticeable impact on the build time.

Add an option to allow concerned users to enable/disable SVG support
in ImageMagick.

Enabling SVG support relies on librsvg, which in turns relies on a few
additional packages that ImageMagick can also optionally use. So,
automatically enable the corresponding support as well.

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-23 17:37:01 +02:00
Yann E. MORIN
3971917210 package/imagemagick: add prompt for host variant
Sometimes, it is required to call imagemagick from a post-build script
or the likes, so we have to allow the user to enable the host variant
for imagemagick.

Update the linux package to select the host variant now.

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-06-23 17:34:49 +02:00
Peter Korsgaard
43ff6b974c package/imagemagick: security bump to version 7.0.8-42
Fixes the following security issues:

- CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer
  overflow in the function PopHexPixel of coders/ps.c, which allows an
  attacker to cause a denial of service or code execution via a crafted
  image file.

- CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer
  over-read in the function WriteTIFFImage of coders/tiff.c, which allows an
  attacker to cause a denial of service or information disclosure via a
  crafted image file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-30 13:17:09 +02:00
Fabrice Fontaine
e1b691884b package/imagemagick: disable locale with uclibc
Fixes:
 - http://autobuild.buildroot.org/results/f7be30ffa28b7f367fb5343a7d69dc8bc7c3a170

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-15 23:01:51 +01:00
Peter Korsgaard
da49312af9 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-05 10:59:38 +01:00
Angelo Compagnucci
109e5c83dc package/imagemagick: bump to version 7.0.8-27
This patch bumps imagemagick to version 7.0.8-27
Hash for license file is changed becasue the updated the copyright year
for 2019:

252dd2c52b

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-02-25 22:22:14 +01:00
Yann E. MORIN
858d2e9a27 package/imagemagick: fixup help text layout
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-20 23:48:04 +01:00
Gwenhael Goavec-Merou
d7eb196b10 package/imagemagick: use the new fftw-double package
This patch add an explicitly dependency to fftw-double (the only compatible
fftw's flavor) instead of default behavior where the package do assumption
about the compatible version.

Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-02-06 10:14:46 +01:00
Angelo Compagnucci
5c29b905f3 package/imagemagick: add host package
This patch adds the host package for imagemagick.
It comes with a minimal selection of configure options to
compile fast cause it is used only to convert
the image files for the custom linux logo.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Peter: explicitly disable other configure options like it is done for the
	target variant, add host-pkgconf]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-21 18:16:29 +02:00
Peter Korsgaard
811734ef90 imagemagick: security bump to version 7.0.7-39
>From the release notes:

2018-06-06  7.0.7-39  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

The most critical of these are:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8772
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8782

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-09-02 15:29:00 +02:00
Bernd Kuhls
c3387c59bb package/imagemagick: security bump to version 7.0.7-38
Fixes CVE-2018-11625, CVE-2018-11624 & CVE-2018-10177.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-06-10 14:12:33 +02:00
Bernd Kuhls
31086ea1de package/imagemagick: security bump version to 7.0.7-27
Fixes CVE-2018-6405 (upstream Github PR 964) and many others:
http://www.imagemagick.org/script/changelog.php

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-24 11:51:34 +01:00
Bernd Kuhls
3c8dc54293 package/imagemagick: security bump to version 7.0.7-10
Version 7.0.7-3 fixes CVE-2017-15218:
Stop potential leaks in the JNG decoder

Changelog: https://www.imagemagick.org/script/changelog.php

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-11-12 17:52:22 +01:00
Bernd Kuhls
1cf1b98de6 package/imagemagick: security bump to version 7.0.7-1
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    https://github.com/ImageMagick/ImageMagick/issues/632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
    https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    https://github.com/ImageMagick/ImageMagick/issues/582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    https://github.com/ImageMagick/ImageMagick/issues/586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    https://github.com/ImageMagick/ImageMagick/issues/517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-09-17 18:37:03 +02:00
Adam Duskett
d0b45144c3 package/i*: fix wrapping of Config.in help text
The check-package script when ran gives warnings on text wrapping
on all of these Config files.  This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter i in the package directory.

The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-31 19:09:34 +02:00
Bernd Kuhls
dfde97dce5 package/imagemagick: bump version to 7.0.6-0
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-18 15:52:46 +02:00
Bernd Kuhls
02edd7cd80 package/imagemagick: change download url to github
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases

For our LTS versions we should switch to a stable upstream repo which
provides all released versions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-18 15:52:31 +02:00
Bernd Kuhls
4465096923 package/imagemagick: bump version to 7.0.5-10
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-06-05 15:55:49 +02:00
Bernd Kuhls
ff26b550de package/imagemagick: bump version to 7.0.5-9
Fixes
http://autobuild.buildroot.net/results/8d9/8d94627ccce15ae1f348a7a9f54621b2b5a74321/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-06-02 08:38:58 +02:00
Bernd Kuhls
04588a378d package/imagemagick: bump version to 7.0.5-8
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-31 21:59:51 +02:00
Bernd Kuhls
3d311a0a3f package/imagemagick: bump version to 7.0.5-7
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-22 21:46:47 +02:00
Vicente Olivert Riera
9cd8ad2364 imagemagick: bump version to 7.0.5-6
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-16 21:36:15 +02:00
Vicente Olivert Riera
f4a3853423 imagemagick: bump version to 7.0.5-5
0001 patch already included in this release:
  b218117cad

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-09 17:16:10 +02:00
Peter Korsgaard
665560856e imagemagick: add upstream security fix for CVE-2017-7606
This is not yet part of any release.

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-04-26 09:20:16 +02:00
Vicente Olivert Riera
49a3ed0fee imagemagick: bump version to 7.0.5-4
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-28 21:44:17 +02:00
Vicente Olivert Riera
84bc1fb532 imagemagick: bump version to 7.0.5-3
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-22 23:09:45 +01:00
Vicente Olivert Riera
22562f7f05 imagemagick: bump version to 7.0.5-2
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-18 15:52:19 +01:00
Vicente Olivert Riera
d6cc546253 imagemagick: bump version to 7.0.5-0 (security)
- Fixed memory leak when creating nested exceptions in Magick++
  https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634

- Fixed fd leak for webp coder
  https://github.com/ImageMagick/ImageMagick/pull/382

- Fixed Spurious memory allocation message
  https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438

Full changelog: http://imagemagick.org/script/changelog.php

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-10 21:50:48 +01:00
Peter Korsgaard
c6f8088fdd imagemagick: fix build of png support when jpeg support is disabled
Fixes:
http://autobuild.buildroot.net/results/d20/d20eecec8e7b947759185f77a6c8e610dd7393f3/
http://autobuild.buildroot.net/results/ee1/ee15efa8ae3f95244980810155ff7ba9f885a59d/
http://autobuild.buildroot.net/results/aa8/aa80f2fd4c7dd884ea8a1b55ad15a40c7bf40501/
http://autobuild.buildroot.net/results/9aa/9aaa044f78115d7f599ea09669c0d6bface5633e/

This combination is broken since 7.0.4-6.

Since commit a9e228f8ac26 (Implemented a private PNG caNv (canvas) chunk),
PNGsLong gets called unconditionally, but it is only defined if JPEG
support is enabled (which defines JNG_SUPPORTED), breaking the build:

MagickCore/.libs/libMagickCore-7.Q16HDRI.a(MagickCore_libMagickCore_7_Q16HDRI_la-png.o): In function `WriteOnePNGImage':
png.c:(.text+0x748d): undefined reference to `PNGsLong'
png.c:(.text+0x74b7): undefined reference to `PNGsLong'

Fix it by adding a patch unconditionally defining the helper function.

Patch submitted upstream.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-06 19:19:32 +01:00
Vicente Olivert Riera
e5f505efac imagemagick: security bump to version 7.0.4-6
Fixes an use of uninitialized data issue in MAT image format that may have
security impact:

https://github.com/ImageMagick/ImageMagick/issues/362

[Peter: extend commit message, mention (potential) security impact]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-31 23:48:51 +01:00
Vicente Olivert Riera
ad736e199c imagemagick: bump version to 7.0.4-5
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-23 14:03:33 +01:00
Vicente Olivert Riera
a89bdc363c imagemagick: bump version to 7.0.4-4
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-16 15:29:31 +01:00
Vicente Olivert Riera
68e8c3b5a6 imagemagick: bump version to 7.0.4-3 (security)
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
  fde5f55af9

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-09 16:25:15 +01:00
Peter Korsgaard
cbe1f288d4 imagemagick: security bump to 7.0.3-8
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-27 22:23:51 +01:00
Vicente Olivert Riera
12c2c80aa3 imagemagick: bump version to 7.0.3-7 (security)
oss-security reference:
  http://www.openwall.com/lists/oss-security/2016/11/13/1

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-16 13:05:28 +01:00
Peter Korsgaard
521aaf5554 imagemagick: bump version to 7.0.3-4
7.0.3-3 is no longer available upstream and has instead been replaced by -4,
so use that instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-13 10:52:37 +02:00
Gustavo Zacarias
618fa6da21 imagemagick: security bump to version 7.0.3-3
Fixes:
memory allocate failure in AcquireQuantumPixels (quantum.c)
heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)

No CVEs assigned yet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-10-13 08:05:13 +02:00
Peter Korsgaard
2567f6f2f3 imagemagick: security bump to 7.0.2-9
Fixes a number of buffer overflows / use-after-free issues:
http://git.imagemagick.org/repos/ImageMagick/blob/master/ChangeLog

  * Prevent buffer overflow in BMP & SGI coders (bug report from
    pwchen&rayzhong of tencent).
  * Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and
    CALS coders (bug report from Donghai Zhu).
  * Prevent buffer overflow (bug report from Max Thrane).
  * Prevent memory use after free (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-08-26 15:37:17 +02:00
Jerzy Grzegorek
ba865a4c92 package/imagemagick: bump to version 7.0.2-6
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-08-03 23:28:12 +02:00
Gustavo Zacarias
d70e2fc28e imagemagick: bump to version 7.0.2-5
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-23 15:06:25 +02:00