NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
39,154 Commits 5 Branches 387 Tags 141 MiB
a6672bb3ca
Commit Graph

136 Commits

Author SHA1 Message Date
Bernd Kuhls
3c8dc54293 package/imagemagick: security bump to version 7.0.7-10 
Version 7.0.7-3 fixes CVE-2017-15218:
Stop potential leaks in the JNG decoder

Changelog: https://www.imagemagick.org/script/changelog.php

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-11-12 17:52:22 +01:00
Bernd Kuhls
1cf1b98de6 package/imagemagick: security bump to version 7.0.7-1 
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    https://github.com/ImageMagick/ImageMagick/issues/632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
    https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    https://github.com/ImageMagick/ImageMagick/issues/582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    https://github.com/ImageMagick/ImageMagick/issues/586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    https://github.com/ImageMagick/ImageMagick/issues/517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-09-17 18:37:03 +02:00
Bernd Kuhls
dfde97dce5 package/imagemagick: bump version to 7.0.6-0 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-18 15:52:46 +02:00
Bernd Kuhls
02edd7cd80 package/imagemagick: change download url to github 
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases

For our LTS versions we should switch to a stable upstream repo which
provides all released versions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-18 15:52:31 +02:00
Bernd Kuhls
4465096923 package/imagemagick: bump version to 7.0.5-10 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-05 15:55:49 +02:00
Bernd Kuhls
ff26b550de package/imagemagick: bump version to 7.0.5-9 
Fixes
http://autobuild.buildroot.net/results/8d9/8d94627ccce15ae1f348a7a9f54621b2b5a74321/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-06-02 08:38:58 +02:00
Bernd Kuhls
04588a378d package/imagemagick: bump version to 7.0.5-8 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-05-31 21:59:51 +02:00
Bernd Kuhls
3d311a0a3f package/imagemagick: bump version to 7.0.5-7 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-05-22 21:46:47 +02:00
Vicente Olivert Riera
9cd8ad2364 imagemagick: bump version to 7.0.5-6 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-05-16 21:36:15 +02:00
Vicente Olivert Riera
f4a3853423 imagemagick: bump version to 7.0.5-5 
0001 patch already included in this release:
  b218117cad

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-05-09 17:16:10 +02:00
Vicente Olivert Riera
49a3ed0fee imagemagick: bump version to 7.0.5-4 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-28 21:44:17 +02:00
Vicente Olivert Riera
84bc1fb532 imagemagick: bump version to 7.0.5-3 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-22 23:09:45 +01:00
Vicente Olivert Riera
22562f7f05 imagemagick: bump version to 7.0.5-2 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-18 15:52:19 +01:00
Vicente Olivert Riera
d6cc546253 imagemagick: bump version to 7.0.5-0 (security) 
- Fixed memory leak when creating nested exceptions in Magick++
  https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634

- Fixed fd leak for webp coder
  https://github.com/ImageMagick/ImageMagick/pull/382

- Fixed Spurious memory allocation message
  https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438

Full changelog: http://imagemagick.org/script/changelog.php

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-10 21:50:48 +01:00
Vicente Olivert Riera
e5f505efac imagemagick: security bump to version 7.0.4-6 
Fixes an use of uninitialized data issue in MAT image format that may have
security impact:

https://github.com/ImageMagick/ImageMagick/issues/362

[Peter: extend commit message, mention (potential) security impact]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-31 23:48:51 +01:00
Vicente Olivert Riera
ad736e199c imagemagick: bump version to 7.0.4-5 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-23 14:03:33 +01:00
Vicente Olivert Riera
a89bdc363c imagemagick: bump version to 7.0.4-4 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-16 15:29:31 +01:00
Vicente Olivert Riera
68e8c3b5a6 imagemagick: bump version to 7.0.4-3 (security) 
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
  fde5f55af9

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-09 16:25:15 +01:00
Peter Korsgaard
cbe1f288d4 imagemagick: security bump to 7.0.3-8 
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-11-27 22:23:51 +01:00
Vicente Olivert Riera
12c2c80aa3 imagemagick: bump version to 7.0.3-7 (security) 
oss-security reference:
  http://www.openwall.com/lists/oss-security/2016/11/13/1

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-11-16 13:05:28 +01:00
Peter Korsgaard
521aaf5554 imagemagick: bump version to 7.0.3-4 
7.0.3-3 is no longer available upstream and has instead been replaced by -4,
so use that instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-10-13 10:52:37 +02:00
Gustavo Zacarias
618fa6da21 imagemagick: security bump to version 7.0.3-3 
Fixes:
memory allocate failure in AcquireQuantumPixels (quantum.c)
heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)

No CVEs assigned yet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-10-13 08:05:13 +02:00
Peter Korsgaard
2567f6f2f3 imagemagick: security bump to 7.0.2-9 
Fixes a number of buffer overflows / use-after-free issues:
http://git.imagemagick.org/repos/ImageMagick/blob/master/ChangeLog

  * Prevent buffer overflow in BMP & SGI coders (bug report from
    pwchen&rayzhong of tencent).
  * Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and
    CALS coders (bug report from Donghai Zhu).
  * Prevent buffer overflow (bug report from Max Thrane).
  * Prevent memory use after free (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-08-26 15:37:17 +02:00
Jerzy Grzegorek
ba865a4c92 package/imagemagick: bump to version 7.0.2-6 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-08-03 23:28:12 +02:00
Gustavo Zacarias
d70e2fc28e imagemagick: bump to version 7.0.2-5 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-07-23 15:06:25 +02:00
Vicente Olivert Riera
2c18799b84 imagemagick: bump version to 7.0.2-4 
Option --without-jp2 removed as it doesn't exist anymore.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-07-14 12:33:52 +02:00
Robert Sohn
9834089375 imagemagick: explicitly specify ghostscript font directory 
It appears that Imagemagick needs to be configured with
 --with-gs-font-dir=/usr/share/fonts/gs else it will not find
the ghostscript fonts and /etc/ImageMagick-6/type-ghostscript.xml
will contain the wrong font paths. You end up with messages like:
Magick: unable to read font `(null)' @ error/annotate.c/RenderFreetype/1153
They are non-fatal but could get annoying fast if you are using 'convert'
on a lot of files.

Without patch we end up with (depending on what is available on the host):

  Font Configuration:
  Apple fonts       --with-apple-font-dir=default
  Dejavu fonts      --with-dejavu-font-dir=default      none
  Ghostscript fonts --with-gs-font-dir=default  /usr/share/fonts/type1/gsfonts/
  Windows fonts     --with-windows-font-dir=default     none

And with the patch:

  Font Configuration:
  Apple fonts       --with-apple-font-dir=default
  Dejavu fonts      --with-dejavu-font-dir=default      none
  Ghostscript fonts --with-gs-font-dir=/usr/share/fonts/gs      /usr/share/fonts/gs/
  Windows fonts     --with-windows-font-dir=default     none

[Peter: reworked/extended commit message]
Signed-off-by: Robert Sohn <grepper@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-07-04 17:50:43 +02:00
Vicente Olivert Riera
cf5e7bc63b imagemagick: bump version to 7.0.2-1 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-24 17:12:25 +02:00
Gustavo Zacarias
fa693c37dc imagemagick: add explicit lzma (xz) support 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-15 23:11:54 +02:00
Gustavo Zacarias
fa23075573 imagemagick: add explicit pango support 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-15 23:11:49 +02:00
Gustavo Zacarias
de81d2e541 imagemagick: bump to version 7.0.2-0 
Add new disables for libraries that aren't supported in buildroot and
sort them for ease of maintenance.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-15 23:11:44 +02:00
Bernd Kuhls
61dd71243d package/imagemagick: bump version to 6.9.4-6 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-06-01 21:20:56 +02:00
Gustavo Zacarias
72b93bb676 imagemagick: security bump to version 6.9.4-1 
Fixes:
Fix GetNextToken() off by one error.
Check for buffer overflow in magick/draw.c/DrawStrokePolygon().
Remove support for internal ephemeral coder.

These are all related to the recent ImageTragick bundle that were
partially fixed in 6.9.3-10 as well.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-05-10 21:44:50 +02:00
Jerzy Grzegorek
1f2744bfa9 imagemagick: bump to version 6.9.3-10 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-05-07 14:15:49 +02:00
Jerzy Grzegorek
b2090e18a0 imagemagick: bump to version 6.9.3-7 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-03-24 22:31:45 +01:00
Bernd Kuhls
9d12f12846 package/imagemagick: add optional support for webp 
When webp was compiled before, imagemagick will use it as optional
dependency:

$ output/host/usr/bin/x86_64-linux-readelf -a output/target/usr/bin/stream | grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [libMagickCore-6.Q16.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libMagickWand-6.Q16.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libjpeg.so.8]
 0x0000000000000001 (NEEDED)             Shared library: [libwebp.so.5]
[...]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-02-21 21:30:57 +01:00
Bernd Kuhls
6fa25a8fb7 package/imagemagick: add optional support for lcms2 
When lcms2 was compiled before, imagemagick will use it as optional
dependency:

$ output/host/usr/bin/x86_64-linux-readelf -a output/target/usr/bin/identify | grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [libMagickCore-6.Q16.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [libMagickWand-6.Q16.so.2]
 0x0000000000000001 (NEEDED)             Shared library: [liblcms2.so.2]
[...]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-02-21 14:45:22 +01:00
Ricardo Martincoski
19d9146823 imagemagick: bump version to 6.9.3-3 
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Reviewed-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Tested-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-02-08 12:13:02 +01:00
Bernd Kuhls
9bea9d6c52 package/imagemagick: bump version to 6.9.3-2 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-01-28 22:31:31 +01:00
Jerzy Grzegorek
4c09a15aa8 imagemagick: bump to version 6.9.2-10 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-12-21 23:05:29 +01:00
Vicente Olivert Riera
b768ed4d06 imagemagick: bump version to 6.9.2-7 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-11-30 17:04:48 +01:00
Jerzy Grzegorek
4369e9a5c4 imagemagick: bump to version 6.9.2-5 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-11-02 15:41:51 +01:00
Bernd Kuhls
24e714df89 package/imagemagick: bump version to 6.9.2-4 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-10-12 18:00:11 +02:00
Gustavo Zacarias
2871e7ea78 imagemagick: bump to version 6.9.2-3 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-10-02 16:32:35 +02:00
Jerzy Grzegorek
f1ea43c60f imagemagick: bump to version 6.9.1-8 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-07-18 11:18:19 +02:00
Jerzy Grzegorek
82da9aa830 imagemagick: bump to version 6.9.1-7 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-07-06 11:42:56 +02:00
Gustavo Zacarias
02e217d672 imagemagick: bump to version 6.9.1-6 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-06-22 22:14:14 +02:00
Jerzy Grzegorek
3302263870 imagemagick: bump to version 6.9.1-4 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-06-01 23:58:27 +02:00
Jerzy Grzegorek
ba4d7d3779 imagemagick: bump to version 6.9.1-1 
Also update hash file.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-04-14 10:06:53 +02:00
Jerzy Grzegorek
1ec2187edf imagemagick: bump to version 6.9.1-0 
Also update hash file.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-04-02 10:15:27 +02:00