package/libass: security bump to version 0.15

- harfbuzz is mandatory since f3e2c97e18 - Fix CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.) through 676f9dc5b5 which does not apply cleanly over version 0.14. It should be noted that version 0.15 also fixes other integer overflows (which have no CVE assigned) - Update indentation in hash file (two spaces) https://github.com/libass/libass/releases/tag/0.15.0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2026-01-04 06:10:16 +03:00 · 2020-10-29 14:24:29 +01:00
parent 105004f72a
commit 4ae8ecea8f
6 changed files with 24 additions and 11 deletions
--- a/package/libass/Config.in
+++ b/package/libass/Config.in
@@ -1,9 +1,18 @@
 config BR2_PACKAGE_LIBASS
 	bool "libass"
+	depends on BR2_INSTALL_LIBSTDCPP # harfbuzz
+	depends on BR2_TOOLCHAIN_HAS_SYNC_4 # harfbuzz
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # harfbuzz
 	select BR2_PACKAGE_FREETYPE
+	select BR2_PACKAGE_HARFBUZZ
 	select BR2_PACKAGE_LIBFRIBIDI
 	help
 	  libass is a portable subtitle renderer for the ASS/SSA
 	  (Advanced Substation Alpha/Substation Alpha) subtitle format

 	  https://github.com/libass/libass
+
+comment "libass needs a toolchain w/ C++, gcc >= 4.8"
+	depends on BR2_TOOLCHAIN_HAS_SYNC_4
+	depends on !BR2_INSTALL_LIBSTDCPP || \
+		!BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
--- a/package/libass/libass.hash
+++ b/package/libass/libass.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256 881f2382af48aead75b7a0e02e65d88c5ebd369fe46bc77d9270a94aa8fd38a2  libass-0.14.0.tar.xz
-sha256 f7e30699d02798351e7f839e3d3bfeb29ce65e44efa7735c225464c4fd7dfe9c  COPYING
+sha256  9f09230c9a0aa68ef7aa6a9e2ab709ca957020f842e52c5b2e52b801a7d9e833  libass-0.15.0.tar.xz
+sha256  f7e30699d02798351e7f839e3d3bfeb29ce65e44efa7735c225464c4fd7dfe9c  COPYING
--- a/package/libass/libass.mk
+++ b/package/libass/libass.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBASS_VERSION = 0.14.0
+LIBASS_VERSION = 0.15.0
 LIBASS_SOURCE = libass-$(LIBASS_VERSION).tar.xz
 # Do not use the github helper here, the generated tarball is *NOT*
 # the same as the one uploaded by upstream for the release.
@@ -15,6 +15,7 @@ LIBASS_LICENSE_FILES = COPYING
 LIBASS_DEPENDENCIES = \
 	host-pkgconf \
 	freetype \
+	harfbuzz \
 	libfribidi \
 	$(if $(BR2_PACKAGE_LIBICONV),libiconv)

@@ -31,11 +32,4 @@ else
 LIBASS_CONF_OPTS += --disable-fontconfig --disable-require-system-font-provider
 endif

-ifeq ($(BR2_PACKAGE_HARFBUZZ),y)
-LIBASS_DEPENDENCIES += harfbuzz
-LIBASS_CONF_OPTS += --enable-harfbuzz
-else
-LIBASS_CONF_OPTS += --disable-harfbuzz
-endif
-
 $(eval $(autotools-package))