mastodon/lib
Pierre Bourdon 7b466291fd blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.

Fixes #19235.
2022-11-14 10:54:30 +01:00
..
action_dispatch replace all instances of "ends_with?" with "end_with?" (#15745) 2021-02-19 09:56:14 +01:00
active_record Remove dependency on pluck_each gem (#16012) 2021-04-12 03:35:58 +02:00
assets Add emoji autosuggest (#5053) 2017-09-23 14:47:32 +02:00
chewy/strategy Fix unnecessary queries when batch-removing statuses, 100x faster (#15387) 2020-12-22 17:13:55 +01:00
devise Fix authentication before 2FA challenge (#11943) 2019-09-24 04:35:36 +02:00
generators Add post-deployment migration system (#8182) 2018-08-13 13:40:01 +02:00
json_ld Fixed code quality issues (#15541) 2021-01-31 21:26:09 +01:00
mastodon Bump version to 3.4.8 2022-05-26 22:13:33 +02:00
paperclip blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388) 2022-11-14 10:54:30 +01:00
rails Fix obsolete digitalocean.rake file breaking rake tasks (#15618) 2021-02-11 02:11:30 +01:00
redis Change Redis#exists calls to Redis#exists? to avoid deprecation warning (#14191) 2020-07-01 19:05:21 +02:00
sanitize_ext Prepare Mastodon for zeitwerk autoloader (#15917) 2021-03-19 02:42:43 +01:00
tasks Change mastodon:webpush:generate_vapid_key task to not require functional env (#17338) 2022-02-02 23:30:15 +01:00
templates Add post-deployment migration system (#8182) 2018-08-13 13:40:01 +02:00
terrapin Add Ruby 3.0 support (#16046) 2021-05-06 14:22:54 +02:00
webpacker Add subresource integrity for JS and CSS assets (#15096) 2020-11-06 11:56:31 +01:00
cli.rb Fix tootctl self-destruct not sending Delete activities for recently-suspended accounts (#16688) 2021-11-05 23:46:24 +01:00
enumerable.rb Optimize map { ... }.compact calls (#15513) 2021-01-10 00:32:01 +01:00
exceptions.rb Fix media redownload worker retrying on unexpected response codes (#16111) 2021-05-05 23:46:59 +02:00