NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51,123 Commits 5 Branches 387 Tags 141 MiB
b7d251293a
Commit Graph

63 Commits

Author SHA1 Message Date
Bernd Kuhls
e9811b52fc package/imagemagick: security bump version to 7.0.8-59 
Fixes
https://github.com/ImageMagick/ImageMagick/issues/1641 (no CVE id yet)
https://github.com/ImageMagick/ImageMagick/issues/1644 (no CVE id yet)

Removed patch included in version 7.0.8-54.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2019-08-09 22:06:20 +02:00
Bernd Kuhls
7f7820c535 package/imagemagick: security bump to version 7.0.8-53 
Fixes various CVE IDs:

CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13136,
CVE-2019-13137, CVE-2019-13295, CVE-2019-13296, CVE-2019-13297,
CVE-2019-13298, CVE-2019-13299, CVE-2019-13300, CVE-2019-13301,
CVE-2019-13302, CVE-2019-13303, CVE-2019-13304, CVE-2019-13305,
CVE-2019-13306, CVE-2019-13307, CVE-2019-13308, CVE-2019-13309,
CVE-2019-13310, CVE-2019-13311, CVE-2019-13391

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-07-14 12:18:44 +02:00
Peter Korsgaard
43ff6b974c package/imagemagick: security bump to version 7.0.8-42 
Fixes the following security issues:

- CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer
  overflow in the function PopHexPixel of coders/ps.c, which allows an
  attacker to cause a denial of service or code execution via a crafted
  image file.

- CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer
  over-read in the function WriteTIFFImage of coders/tiff.c, which allows an
  attacker to cause a denial of service or information disclosure via a
  crafted image file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-04-30 13:17:09 +02:00
Angelo Compagnucci
109e5c83dc package/imagemagick: bump to version 7.0.8-27 
This patch bumps imagemagick to version 7.0.8-27
Hash for license file is changed becasue the updated the copyright year
for 2019:

252dd2c52b

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2019-02-25 22:22:14 +01:00
Peter Korsgaard
811734ef90 imagemagick: security bump to version 7.0.7-39 
>From the release notes:

2018-06-06  7.0.7-39  <quetzlzacatenango@image...>
  * Fixed numerous use of uninitialized values, integer overflow, memory
    exceeded, and timeouts (credit to OSS Fuzz).

The most critical of these are:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8772
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8782

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-09-02 15:29:00 +02:00
Bernd Kuhls
c3387c59bb package/imagemagick: security bump to version 7.0.7-38 
Fixes CVE-2018-11625, CVE-2018-11624 & CVE-2018-10177.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-06-10 14:12:33 +02:00
Bernd Kuhls
31086ea1de package/imagemagick: security bump version to 7.0.7-27 
Fixes CVE-2018-6405 (upstream Github PR 964) and many others:
http://www.imagemagick.org/script/changelog.php

Added license hash.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-03-24 11:51:34 +01:00
Bernd Kuhls
3c8dc54293 package/imagemagick: security bump to version 7.0.7-10 
Version 7.0.7-3 fixes CVE-2017-15218:
Stop potential leaks in the JNG decoder

Changelog: https://www.imagemagick.org/script/changelog.php

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-11-12 17:52:22 +01:00
Bernd Kuhls
1cf1b98de6 package/imagemagick: security bump to version 7.0.7-1 
Quoting CVE-related issues from
https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog

2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp@image...>
  * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
    https://github.com/ImageMagick/ImageMagick/issues/632).

2017-07-24 7.0.6-4 Cristy <quetzlzacatenango@image...>
  * Fixed numerous memory leaks (reference
    https://github.com/ImageMagick/ImageMagick/issues) including
    https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).

2017-07-23  7.0.6-3 Glenn Randers-Pehrson <glennrp@image...>
  * Fix memory leaks when reading a malformed JNG image:
    https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
    https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).

2017-07-19 7.0.6-2 Cristy <quetzlzacatenango@image...>
  * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
    https://github.com/ImageMagick/ImageMagick/issues/582
  * coders/png.c: fixed NULL dereference when trying to write an empty MNG
    (CVE-2017-11522, reference
    https://github.com/ImageMagick/ImageMagick/issues/586).

2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
  * Stop a memory leak in read_user_chunk_callback() (reference
    https://github.com/ImageMagick/ImageMagick/issues/517,
    CVE 2017-11310).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-09-17 18:37:03 +02:00
Bernd Kuhls
dfde97dce5 package/imagemagick: bump version to 7.0.6-0 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-18 15:52:46 +02:00
Bernd Kuhls
02edd7cd80 package/imagemagick: change download url to github 
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases

For our LTS versions we should switch to a stable upstream repo which
provides all released versions.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-18 15:52:31 +02:00
Bernd Kuhls
4465096923 package/imagemagick: bump version to 7.0.5-10 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-05 15:55:49 +02:00
Bernd Kuhls
ff26b550de package/imagemagick: bump version to 7.0.5-9 
Fixes
http://autobuild.buildroot.net/results/8d9/8d94627ccce15ae1f348a7a9f54621b2b5a74321/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-06-02 08:38:58 +02:00
Bernd Kuhls
04588a378d package/imagemagick: bump version to 7.0.5-8 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-05-31 21:59:51 +02:00
Bernd Kuhls
3d311a0a3f package/imagemagick: bump version to 7.0.5-7 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-05-22 21:46:47 +02:00
Vicente Olivert Riera
9cd8ad2364 imagemagick: bump version to 7.0.5-6 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-05-16 21:36:15 +02:00
Vicente Olivert Riera
f4a3853423 imagemagick: bump version to 7.0.5-5 
0001 patch already included in this release:
  b218117cad

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-05-09 17:16:10 +02:00
Vicente Olivert Riera
49a3ed0fee imagemagick: bump version to 7.0.5-4 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-28 21:44:17 +02:00
Vicente Olivert Riera
84bc1fb532 imagemagick: bump version to 7.0.5-3 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-22 23:09:45 +01:00
Vicente Olivert Riera
22562f7f05 imagemagick: bump version to 7.0.5-2 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-18 15:52:19 +01:00
Vicente Olivert Riera
d6cc546253 imagemagick: bump version to 7.0.5-0 (security) 
- Fixed memory leak when creating nested exceptions in Magick++
  https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634

- Fixed fd leak for webp coder
  https://github.com/ImageMagick/ImageMagick/pull/382

- Fixed Spurious memory allocation message
  https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438

Full changelog: http://imagemagick.org/script/changelog.php

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-03-10 21:50:48 +01:00
Vicente Olivert Riera
e5f505efac imagemagick: security bump to version 7.0.4-6 
Fixes an use of uninitialized data issue in MAT image format that may have
security impact:

https://github.com/ImageMagick/ImageMagick/issues/362

[Peter: extend commit message, mention (potential) security impact]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-31 23:48:51 +01:00
Vicente Olivert Riera
ad736e199c imagemagick: bump version to 7.0.4-5 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-23 14:03:33 +01:00
Vicente Olivert Riera
a89bdc363c imagemagick: bump version to 7.0.4-4 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-16 15:29:31 +01:00
Vicente Olivert Riera
68e8c3b5a6 imagemagick: bump version to 7.0.4-3 (security) 
Fixes CVE-2016-8707 (Fix possible buffer overflow when writing
compressed TIFFS). This CVE fix is included since 7.0.3-9:
  fde5f55af9

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-09 16:25:15 +01:00
Peter Korsgaard
cbe1f288d4 imagemagick: security bump to 7.0.3-8 
Fixes CVE-2016-9556 (Heap buffer overflow in IsPixelGray).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-11-27 22:23:51 +01:00
Vicente Olivert Riera
12c2c80aa3 imagemagick: bump version to 7.0.3-7 (security) 
oss-security reference:
  http://www.openwall.com/lists/oss-security/2016/11/13/1

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-11-16 13:05:28 +01:00
Peter Korsgaard
521aaf5554 imagemagick: bump version to 7.0.3-4 
7.0.3-3 is no longer available upstream and has instead been replaced by -4,
so use that instead.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-10-13 10:52:37 +02:00
Gustavo Zacarias
618fa6da21 imagemagick: security bump to version 7.0.3-3 
Fixes:
memory allocate failure in AcquireQuantumPixels (quantum.c)
heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h)

No CVEs assigned yet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-10-13 08:05:13 +02:00
Peter Korsgaard
2567f6f2f3 imagemagick: security bump to 7.0.2-9 
Fixes a number of buffer overflows / use-after-free issues:
http://git.imagemagick.org/repos/ImageMagick/blob/master/ChangeLog

  * Prevent buffer overflow in BMP & SGI coders (bug report from
    pwchen&rayzhong of tencent).
  * Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and
    CALS coders (bug report from Donghai Zhu).
  * Prevent buffer overflow (bug report from Max Thrane).
  * Prevent memory use after free (reference
    https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-08-26 15:37:17 +02:00
Jerzy Grzegorek
ba865a4c92 package/imagemagick: bump to version 7.0.2-6 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-08-03 23:28:12 +02:00
Gustavo Zacarias
d70e2fc28e imagemagick: bump to version 7.0.2-5 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-07-23 15:06:25 +02:00
Vicente Olivert Riera
2c18799b84 imagemagick: bump version to 7.0.2-4 
Option --without-jp2 removed as it doesn't exist anymore.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-07-14 12:33:52 +02:00
Vicente Olivert Riera
cf5e7bc63b imagemagick: bump version to 7.0.2-1 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-24 17:12:25 +02:00
Gustavo Zacarias
de81d2e541 imagemagick: bump to version 7.0.2-0 
Add new disables for libraries that aren't supported in buildroot and
sort them for ease of maintenance.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-15 23:11:44 +02:00
Bernd Kuhls
61dd71243d package/imagemagick: bump version to 6.9.4-6 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-06-01 21:20:56 +02:00
Gustavo Zacarias
72b93bb676 imagemagick: security bump to version 6.9.4-1 
Fixes:
Fix GetNextToken() off by one error.
Check for buffer overflow in magick/draw.c/DrawStrokePolygon().
Remove support for internal ephemeral coder.

These are all related to the recent ImageTragick bundle that were
partially fixed in 6.9.3-10 as well.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-05-10 21:44:50 +02:00
Jerzy Grzegorek
1f2744bfa9 imagemagick: bump to version 6.9.3-10 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-05-07 14:15:49 +02:00
Jerzy Grzegorek
b2090e18a0 imagemagick: bump to version 6.9.3-7 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-03-24 22:31:45 +01:00
Ricardo Martincoski
19d9146823 imagemagick: bump version to 6.9.3-3 
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Cc: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Reviewed-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Tested-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-02-08 12:13:02 +01:00
Bernd Kuhls
9bea9d6c52 package/imagemagick: bump version to 6.9.3-2 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-01-28 22:31:31 +01:00
Jerzy Grzegorek
4c09a15aa8 imagemagick: bump to version 6.9.2-10 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-12-21 23:05:29 +01:00
Vicente Olivert Riera
b768ed4d06 imagemagick: bump version to 6.9.2-7 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-11-30 17:04:48 +01:00
Baruch Siach
5a55506210 imagemagick: use download location as hash source 
Since commit 12a6c5b12c (imagemagick: use official download site,
2015-02-17) we use the official ImageMagic size. Use it also as hash source.
That's the conversion we use in all other packages when upstream provides
hashes.

Cc: Fabio Porcedda <Fabio.Porcedda@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-11-03 15:44:35 +01:00
Jerzy Grzegorek
4369e9a5c4 imagemagick: bump to version 6.9.2-5 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-11-02 15:41:51 +01:00
Bernd Kuhls
24e714df89 package/imagemagick: bump version to 6.9.2-4 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-10-12 18:00:11 +02:00
Gustavo Zacarias
2871e7ea78 imagemagick: bump to version 6.9.2-3 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-10-02 16:32:35 +02:00
Jerzy Grzegorek
f1ea43c60f imagemagick: bump to version 6.9.1-8 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-07-18 11:18:19 +02:00
Jerzy Grzegorek
82da9aa830 imagemagick: bump to version 6.9.1-7 
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-07-06 11:42:56 +02:00
Gustavo Zacarias
02e217d672 imagemagick: bump to version 6.9.1-6 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-06-22 22:14:14 +02:00