catstodon/lib
Jeremy Kescher 1f2f01370b
blurhash_transcoder: prevent out-of-bound reads with <8bpp images
Backport from vanilla: 36bc90e8aa

The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.
2022-11-11 21:24:58 +01:00
..
active_record Remove dependency on pluck_each gem (#16012) 2021-04-12 03:35:58 +02:00
assets png optimization(loss less) (#19630) 2022-11-01 15:06:52 +01:00
chewy/strategy Change search indexing to use batches to minimize resource usage (#18451) 2022-05-18 23:29:14 +02:00
devise Fix authentication before 2FA challenge (#11943) 2019-09-24 04:35:36 +02:00
generators Add post-deployment migration system (#8182) 2018-08-13 18:17:20 +02:00
json_ld Fixed code quality issues (#15541) 2021-01-31 21:26:09 +01:00
mastodon Bump to v3.5.3+1.2.2 2022-11-10 21:11:44 +01:00
paperclip blurhash_transcoder: prevent out-of-bound reads with <8bpp images 2022-11-11 21:24:58 +01:00
rails Fix obsolete digitalocean.rake file breaking rake tasks (#15618) 2021-02-11 02:11:30 +01:00
redis Change Redis#exists calls to Redis#exists? to avoid deprecation warning (#14191) 2020-07-01 19:05:21 +02:00
sanitize_ext Fix link sanitization for outgoing text/html and text/markdown toots 2022-04-11 09:06:25 +02:00
simple_navigation Add customizable user roles (#18641) 2022-07-05 02:41:40 +02:00
tasks Merge branch 'main' into glitch-soc/merge-upstream 2022-11-06 09:50:41 +01:00
templates Add post-deployment migration system (#8182) 2018-08-13 18:17:20 +02:00
terrapin Add Ruby 3.0 support (#16046) 2021-05-06 14:22:54 +02:00
webpacker Add subresource integrity for JS and CSS assets (#15096) 2020-11-06 11:56:31 +01:00
cli.rb Add ability for admins to delete canonical email blocks (#16644) 2021-12-17 23:02:14 +01:00
enumerable.rb Optimize map { ... }.compact calls (#15513) 2021-01-10 00:32:01 +01:00
exceptions.rb Improve error reporting and logging when processing remote accounts (#15605) 2022-09-20 23:30:26 +02:00