For change log, see [1].
License hash file changed, due to the addition of an URL. See [2].
Fixes: [3]
Some 32 bit architectures were failing at runtime with the message:
FATAL: time limit exceeded 'file.png' @ fatal/cache.c/GetImagePixelCache/1702
The fix is included in 7.1.1-23.
[1] https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
[2] 2c87d7da1b
[3] https://github.com/ImageMagick/ImageMagick/issues/6891
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since upstream commit
25e3a4f384
(which first appeared in version 7.1.1-19), ImageMagick does not trust
unvalidated XMP profiles in images anymore.
If such a XML profile is encountered inside e.g. a PNG image the
processing is aborted. Validating the XMP profile requires that
ImageMagick is compiled with XML support.
As host-imagemagick supports PNG file also activate XML support.
Signed-off-by: Christian Hitz <christian.hitz@bbv.ch>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Since upstream commit
07f3b487f9
(which first appeared in version 7.1.0-47), ImageMagick forces the
need of a C++ compiler to build its utilities. Despite the request of
Bernd Kuhls to revert this change, upstream declined.
Since this change is causing build failures in our autobuilders, our
only choice is to follow the choice of upstream, and disable building
the utilities when C++ support is not available.
Fixes:
http://autobuild.buildroot.net/results/4283235d697408cf2e70be5e3769dbe6ebb9ddae/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fix CVE-2022-3213: A heap buffer overflow issue was found in
ImageMagick. When an application processes a malformed TIFF file, it
could lead to undefined behavior or a crash causing a denial of
service.
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2022-1114: A heap-use-after-free flaw was found in
ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
vulnerability is triggered when an attacker passes a specially crafted
DICOM image file to ImageMagick for conversion, potentially leading to
information disclosure and a denial of service.
- Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned char'
at coders/psd.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned long'
at coders/pcl.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
address for type 'double', which requires 8 byte alignment and for
type 'float', which requires 4 byte alignment at
MagickCore/property.c. Whenever crafted or untrusted input is
processed by ImageMagick, this causes a negative impact to application
availability or other problems related to undefined behavior.
- Update hash of LICENSE (year updated with
80629dfb3f)
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
SVG support needs host gcc >= 4.9 since bump of harfbuzz to version
3.1.2 in commit 6861933d22:
In file included from ../src/hb.hh:473:0,
from ../src/hb-buffer-serialize.cc:27:
../src/hb-vector.hh:206:20: error: 'is_trivially_copy_assignable' is not a member of 'std'
hb_enable_if (std::is_trivially_copy_assignable<T>::value)>
^
Fixes:
- http://autobuild.buildroot.org/results/7b2430c5ae4eed51685ec12bf778c07a0a8b1701
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
BR2_PACKAGE_HOST_RUSTC_ARCH_SUPPORTS dependency was wrongly added to
BR2_PACKAGE_HOST_IMAGEMAGICK by commit
df20e45463, indeed host-librsvg is only
needed by BR2_PACKAGE_HOST_IMAGEMAGICK_SVG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes the following security issue:
CVE-2021-20176: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and
7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file
that is processed by ImageMagick to trigger undefined behavior through a
division by zero. The highest threat from this vulnerability is to system
availability.
For more details, see the bugtracker:
https://github.com/ImageMagick/ImageMagick/issues/3077
- bump version to 7.0.10-62
- update license file hash (copyright year update)
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Peter: mention security fix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Fix CVE-2020-29599: ImageMagick before 6.9.11-40 and 7.x before
7.0.10-40 mishandles the -authenticate option, which allows setting a
password for password-protected PDF files. The user-controlled password
was not properly escaped/sanitized and it was therefore possible to
inject additional shell commands via coders/pdf.c.
- Update license hash (correct wording to match Apache 2 license:
45e5d2493c)
https://github.com/ImageMagick/ImageMagick/blob/7.0.10-51/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Add a dependency to host-rustc
- libcroco is not a dependency since
03ce9bd787
- gtk3 is not a dependency since
522aeee0ca
- cairo script is mandatory since switch to rust
This bump is needed to remove libcroco which has been archived and won't
get any security updates anymore:
https://gitlab.gnome.org/Archive/libcroco/-/issues/8
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Fix CVE-2019-17547: In ImageMagick before 7.0.8-62, TraceBezier in
MagickCore/draw.c has a use-after-free.
- Fix CVE-2019-18853: ImageMagick before 7.0.9-0 allows remote attackers
to cause a denial of service because XML_PARSE_HUGE is not properly
restricted in coders/svg.c, related to SVG and libxml2.
- Update hash of LICENSE file (update in year with
f775a5cf27)
- Update indentation in hash file (two spaces)
- Switch to github helper - it has always been an autogenerated archive.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Arnout: use github helper]
Fixes:
http://autobuild.buildroot.net/results/d9a/d9a84b642357f758c3f84270fb9a109abd7e2684/
configure.ac contains a test using $ax_cv_check_cl_libcl:
if test "$build_modules" != 'no' || test "X$ax_cv_check_cl_libcl" != Xno; then
AC_MSG_RESULT([-------------------------------------------------------------])
AC_MSG_CHECKING([for libltdl])
But ax_cv_check_cl_libcl is only assigned a value (yes/no) if
--disable-opencl is NOT passed, as the assignment logic is inside a
conditional:
AC_ARG_ENABLE([opencl],
[AC_HELP_STRING([--disable-opencl],
[do not use OpenCL])],
[disable_opencl=$enableval],
[disable_opencl='yes'])
if test "$disable_opencl" = 'yes'; then
..
AC_CACHE_CHECK([for OpenCL library], [ax_cv_check_cl_libcl],
So configure errors out if --disable-opencl is passed on setups where
libltdl isn't available:
checking if libltdl package is complete... no
configure: error: in `/home/naourr/work/instance-0/output-1/build/imagemagick-7.0.8-59':
configure: error: libltdl is required for modules and OpenCL builds
As a workaround, explictly set ax_cv_check_cl_libcl=no to skip this
conditional.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Some packages installs libOpenCL without declaring
BR2_PACKAGE_PROVIDES_LIBOPENCL (e.g. imx-gpu-viv). ImageMagick will detect
the library and will require libtool. Since libtool is not in dependencies,
build might fail.
To prevent that situation, explicitly disable opencl support for target and host.
Signed-off-by: Julien Olivain <juju@cotds.org>
[Peter: drop unneeded ax_cv_check_cl_libcl=no]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
... so we can drop all config options about it and previous versions.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Due to the harfbuzz bump to version 2.5.2 host SVG support needs host
gcc >= 4.8.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
SVG can be regarded as the "source code" for assets, like logos or other
graphical elements.
However, SVG needs to be rendered, which requires an XML parser and an
SVG "parser/rendered". As such, it has various runtime impacts, like
bad performance or security. As such, SVG are often pre-rendered to the
required sizes/depths/resolutions into other format, such as PNG, at
build time.
While rsvg-convert (from host-librsvg) would allow the rendering, it
does not allow more complex tasks taht ImageMagick allows for:
compositing more than one image, 2D transforamtions (rotation, skew...).
Yet, SVG support in ImageMagick relies on librsvg, which adds quite a
few dependencies, and thus has a noticeable impact on the build time.
Add an option to allow concerned users to enable/disable SVG support
in ImageMagick.
Enabling SVG support relies on librsvg, which in turns relies on a few
additional packages that ImageMagick can also optionally use. So,
automatically enable the corresponding support as well.
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sometimes, it is required to call imagemagick from a post-build script
or the likes, so we have to allow the user to enable the host variant
for imagemagick.
Update the linux package to select the host variant now.
Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issues:
- CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer
overflow in the function PopHexPixel of coders/ps.c, which allows an
attacker to cause a denial of service or code execution via a crafted
image file.
- CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer
over-read in the function WriteTIFFImage of coders/tiff.c, which allows an
attacker to cause a denial of service or information disclosure via a
crafted image file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch bumps imagemagick to version 7.0.8-27
Hash for license file is changed becasue the updated the copyright year
for 2019:
252dd2c52b
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch add an explicitly dependency to fftw-double (the only compatible
fftw's flavor) instead of default behavior where the package do assumption
about the compatible version.
Signed-off-by: Gwenhael Goavec-Merou <gwenhael.goavec-merou@trabucayre.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch adds the host package for imagemagick.
It comes with a minimal selection of configure options to
compile fast cause it is used only to convert
the image files for the custom linux logo.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Peter: explicitly disable other configure options like it is done for the
target variant, add host-pkgconf]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The check-package script when ran gives warnings on text wrapping
on all of these Config files. This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter i in the package directory.
The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Upstream quickly removes old versions from
http://www.imagemagick.org/download/releases
For our LTS versions we should switch to a stable upstream repo which
provides all released versions.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
