upmpdcli,mpd,libnpupnp,imagemagick,graphicsmagick: bump versions; add some tests#29212
Open
commodo wants to merge 5 commits intoopenwrt:masterfrom
Open
upmpdcli,mpd,libnpupnp,imagemagick,graphicsmagick: bump versions; add some tests#29212commodo wants to merge 5 commits intoopenwrt:masterfrom
commodo wants to merge 5 commits intoopenwrt:masterfrom
Conversation
commodo
force-pushed
the
upgrades-multimedia-batch1
branch
5 times, most recently
from
ad9549f to
4615ab9
Compare
Security fixes: - Fix MSL/SVG parsers to use libxml2 SAX handlers, removing archaic cruft with potential security issues - Fix JP2 Jasper max_samples calculation to avoid DoS via huge images - Apply image dimension resource limits and fix heap write overflow in JXL - Fix WPG palette buffer allocation (SF bug openwrt#750) - Fix ColorFloodfillImage() to error when clip-mask is present Bug fixes: - Fix JPEG CMYK inversion regression introduced in 1.3.43 - Re-implement PNG8 writer with correct indexed-color and binary transparency - Re-write HEIF reader (AVIF, HEIC) based on heif_image_get_plane_readonly2(), adding deep image support and YCbCr/monochrome output - Fix Hull transform arithmetic overflow regression from Oct 2023 - Fix -crop percentage tiling regression - Re-enable EXPERIMENTAL_EXIF_TAGS by default with known issues fixed - Fix Magick++ thread safety regression since 2003 (pthreads support) New features: - Add support for newer Artifex urw-base35-fonts (OpenType and Type 1) - Add ImagesResource limit to control simultaneous loaded images - Add EXIF Version 3.0 decoding and validation - Add preliminary MP4 coder with HEIF sequence support - Require C99 compiler compatibility in build infrastructure Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Security fixes (18 GHSAs addressed between 7.1.2-1 and 7.1.2-21): - Fix stack buffer overflow in MagnifyImage (GHSA-rqq8-jh93-f4vg, high) - Fix heap buffer overflow in WaveletDenoiseImage (GHSA-5ggv-92r5-cp4p) - Fix uninitialized pointer dereference in JBIG decoder (GHSA-wj8w-pjxf-9g4f, high) - Fix heap buffer over-write in PNG encoder with large profiles (GHSA-qmw5-2p58-xvrc) - Fix heap buffer overflow in UHDR encoder (GHSA-h95r-c8c7-mrwx) - Fix stack buffer overflow in sixel encoder (GHSA-49hx-7656-jpg3) - Fix heap-buffer-overflow in NewXMLTree XML parsing (GHSA-gc62-2v5p-qpmp) - Fix heap buffer over-write on 32-bit systems in SFW decoder (GHSA-56jp-jfqg-f8f4) - Add overflow checks to BMP/DIB, SGI, PS3, JXL, and sixel write paths Bug fixes: - Fix double-free in SVG gradientTransform/transform parsing - Fix NULL pointer dereference in HEIC NCLX color profile allocation - Fix heap over-read in BilateralBlurImage with even-dimension kernels - Fix infinite loop when decoding JXL with -limit height/width - Fix race condition using properties instead of global splaytree Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 6.2.1: - Build without expat by default (switch to picoxml) - Fix build errors with -Dipv6=false option (issue openwrt#142) - Check size of POST upload data and response data against g_maxContentLength; change default from 16k to 2MB - Use IPv6 socket when looking for an available port with IPv6 enabled - Fix MHD start error handling to not delete minisocket array prematurely - Remove code assuming different v4/v6 listening ports - Add per-subsystem debug logging control via environment variable - SSDP code cleanups and header removal - Fix win32 compile issue (setsockopt args) - Avoid leaking private headers to consumers via meson build Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Drop 020-string-view.patch: mpd 0.23.17 uses std::string_view directly in src/tag/GenParseName.cxx, making the patch redundant. Changes since 0.23.16: - Optimize the "albumart" command to send larger chunks when available - Explicitly disallow 'idle' and 'noidle' commands in command lists - Require libnfs 4.0 or later for NFS storage support - Trigger inotify database update after symlink creation - Prefer FFmpeg over sndfile and audiofile for DTS-WAV support - Add support for libfmt 11.1 Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 1.8.11: - 1.8.16: Enhanced Tidal/Subsonic modules; improved Recoll 1.40 compatibility - 1.8.17: Resolved Qobuz plugin incompatibilities on modern distributions - 1.8.18: Fix many issues with the thoroughly broken Qobuz plugin - 1.9.0: Restructured Qobuz plugin; improved search; fixed custom icon support - 1.9.1: Subsonic and Tidal module enhancements - 1.9.2: Resolved Qobuz login issues with OpenHome credentials service - 1.9.5: Repaired broken Qobuz plugin; fixed gcc 15 compilation crash - 1.9.6: Fixed media server crash with malformed proxy URLs - 1.9.7: Fixed streaming URL handling with colon characters - 1.9.11: Vastly improved Qobuz search; uprcl property operators and indexing - 1.9.12: Accelerated uprcl initialization via stored Recoll data - 1.9.13: Improved OpenHome source switching; major Subsonic plugin overhaul - 1.9.14: Custom HTTP headers support for plugins; fixed rare proxy deadlock - 1.9.15: Enhanced Linn Kinsky compatibility; improved radio metadata handling - 1.9.17: Restored Qobuz connectivity via new OAuth method Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
commodo
force-pushed
the
upgrades-multimedia-batch1
branch
from
4615ab9 to
90808e1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📦 Package Details
Maintainer: me
Description:
🧪 Run Testing Details
✅ Formalities