From patchwork Thu Oct 29 13:24:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1390110 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=PKAN5reb; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CMR4j1529z9sTR for ; Fri, 30 Oct 2020 00:24:53 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8EB46875D9; Thu, 29 Oct 2020 13:24:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WXFr0idAydT6; Thu, 29 Oct 2020 13:24:46 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id AC697875DA; Thu, 29 Oct 2020 13:24:46 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id EC6481BF2A6 for ; Thu, 29 Oct 2020 13:24:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id E8C66875D9 for ; Thu, 29 Oct 2020 13:24:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MRbe5LxUaW+4 for ; Thu, 29 Oct 2020 13:24:43 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by hemlock.osuosl.org (Postfix) with ESMTPS id 9731487591 for ; Thu, 29 Oct 2020 13:24:43 +0000 (UTC) Received: by mail-wr1-f43.google.com with SMTP id t9so2723506wrq.11 for ; Thu, 29 Oct 2020 06:24:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=LrCsWOI1kKGxkfCkGPruqOwFjpaFXuCobRzFPMSQNio=; b=PKAN5rebcWLxJZT5zk4i5BV6eVXZV31nBMXqvjQSQLEjAPgRBPz0XqOo6hlZccEQ67 MfXlO51Ufhb05G35uMSIQcJyZ5BCioVZOr0KVKdMFrOlO9ZFV4fLZTHOpUOOpx29O9Lq d+jFdJEGLExoTdCjHmla/QpKtP1hPpvqRD5xolP+Oa0uGgfEcbPRu0S0ioWmNEZeolRb 4SGOBK+vGw6+wb3BuX+qe5+sUSVUrlayQDSfAm79TEQ8ZEJEHjwoNnl9DAXUsXCDYn/k lhf9OqdBc3Tmn7Ls3r/m8cEPxEA/+U15pLUv06WzV6BzWpptHcO+quSdLg8gqeCrl8SK 2rSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=LrCsWOI1kKGxkfCkGPruqOwFjpaFXuCobRzFPMSQNio=; b=HbWjD1K1KdU3KHuS/SAbRZz2CTLlaYk7z0hXRAG9WISGlyKXy9gL6/GC8zLOH9KsR6 1k2KonGnCZoX9oSGyQAN5OS2lY1jjKyCcwSLVaLNxZmWZLCw23elm95XjET9kcAHP4lX Zvuuhxau3gWTN97x1l9A21zU+Bb8VnPu4D6ttj/hBP74M+eTNm9ZXQrsodLWdMjI23w3 e5CPm9PVvh+Z+15Q23XM6wRuW89Z+UUbqXRiRiOkiWj0Mtg7mNgifPbCSuCXXUMQclXO 0IF8oYletFem+/hGsKhRvprh31IDiwqxZlwY64aJHZK0JcbEEZM57tx8y7rTeuaB9EYM xG5g== X-Gm-Message-State: AOAM530Issmao/cLvPB510YbuWoXIZZi9KVHiRKKznFtEwIi/Dw8nCOn ZHCmwYwZaUWsr7a187JSZ+KrJBFDZfY= X-Google-Smtp-Source: ABdhPJxpTRzbZoRXOvL9XkIalTUfXwFzWLJd14eJhDmupaYSnEeJHfQGhn9dtfwxWxrVo3u8K9AHPQ== X-Received: by 2002:a5d:424e:: with SMTP id s14mr6114928wrr.149.1603977881793; Thu, 29 Oct 2020 06:24:41 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id m1sm4254528wme.48.2020.10.29.06.24.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Oct 2020 06:24:41 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Thu, 29 Oct 2020 14:24:29 +0100 Message-Id: <20201029132429.392911-1-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/libass: bump to version 0.15 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Fabrice Fontaine , Maxime Hadjinlian Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - harfbuzz is mandatory since https://github.com/libass/libass/commit/f3e2c97e1818598afb0b1c7010003ffe4823ff21 - Fix CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.) through https://github.com/libass/libass/commit/676f9dc5b52ef406c5527bdadbcb947f11392929 which does not apply cleanly over version 0.14. It should be noted that version 0.15 also fixes other integer overflows (which have no CVE assigned) - Update indentation in hash file (two spaces) https://github.com/libass/libass/releases/tag/0.15.0 Signed-off-by: Fabrice Fontaine --- package/gstreamer1/gst1-plugins-bad/Config.in | 8 ++++++++ package/kodi/Config.in | 2 ++ package/libass/Config.in | 9 +++++++++ package/libass/libass.hash | 4 ++-- package/libass/libass.mk | 10 ++-------- 5 files changed, 23 insertions(+), 10 deletions(-) diff --git a/package/gstreamer1/gst1-plugins-bad/Config.in b/package/gstreamer1/gst1-plugins-bad/Config.in index 6523dde8c2..72909ae643 100644 --- a/package/gstreamer1/gst1-plugins-bad/Config.in +++ b/package/gstreamer1/gst1-plugins-bad/Config.in @@ -330,8 +330,16 @@ comment "plugins with external dependencies" config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_ASSRENDER bool "assrender" + depends on BR2_INSTALL_LIBSTDCPP # libass -> harfbuzz + depends on BR2_TOOLCHAIN_HAS_SYNC_4 # libass -> harfbuzz + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # libass -> harfbuzz select BR2_PACKAGE_LIBASS +comment "assrender plugin needs a toolchain w/ C++, gcc => 4.8" + depends on BR2_TOOLCHAIN_HAS_SYNC_4 + depends on !BR2_INSTALL_LIBSTDCPP || \ + !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 + config BR2_PACKAGE_GST1_PLUGINS_BAD_PLUGIN_BLUEZ bool "bluez" depends on BR2_USE_WCHAR # bluez5_utils -> libglib2 diff --git a/package/kodi/Config.in b/package/kodi/Config.in index 2acb271992..31ad8630d6 100644 --- a/package/kodi/Config.in +++ b/package/kodi/Config.in @@ -7,6 +7,7 @@ config BR2_PACKAGE_KODI_ARCH_SUPPORTS comment "kodi needs python w/ .py modules, a uClibc or glibc toolchain w/ C++, threads, wchar, dynamic library, gcc >= 4.8" depends on BR2_PACKAGE_KODI_ARCH_SUPPORTS + depends on BR2_TOOLCHAIN_HAS_SYNC_4 depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \ || !BR2_USE_WCHAR || BR2_STATIC_LIBS \ || !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 \ @@ -61,6 +62,7 @@ comment "kodi needs an OpenGL EGL backend with OpenGL support" menuconfig BR2_PACKAGE_KODI bool "kodi" depends on BR2_INSTALL_LIBSTDCPP + depends on BR2_TOOLCHAIN_HAS_SYNC_4 # libass -> harfbuzz depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 depends on BR2_TOOLCHAIN_HAS_THREADS depends on !BR2_TOOLCHAIN_USES_MUSL diff --git a/package/libass/Config.in b/package/libass/Config.in index c654d8212a..42644d6745 100644 --- a/package/libass/Config.in +++ b/package/libass/Config.in @@ -1,9 +1,18 @@ config BR2_PACKAGE_LIBASS bool "libass" + depends on BR2_INSTALL_LIBSTDCPP # harfbuzz + depends on BR2_TOOLCHAIN_HAS_SYNC_4 # harfbuzz + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # harfbuzz select BR2_PACKAGE_FREETYPE + select BR2_PACKAGE_HARFBUZZ select BR2_PACKAGE_LIBFRIBIDI help libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format https://github.com/libass/libass + +comment "libass needs a toolchain w/ C++, gcc => 4.8" + depends on BR2_TOOLCHAIN_HAS_SYNC_4 + depends on !BR2_INSTALL_LIBSTDCPP || \ + !BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 diff --git a/package/libass/libass.hash b/package/libass/libass.hash index 74ea5f921d..cd3c3af61c 100644 --- a/package/libass/libass.hash +++ b/package/libass/libass.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 881f2382af48aead75b7a0e02e65d88c5ebd369fe46bc77d9270a94aa8fd38a2 libass-0.14.0.tar.xz -sha256 f7e30699d02798351e7f839e3d3bfeb29ce65e44efa7735c225464c4fd7dfe9c COPYING +sha256 9f09230c9a0aa68ef7aa6a9e2ab709ca957020f842e52c5b2e52b801a7d9e833 libass-0.15.0.tar.xz +sha256 f7e30699d02798351e7f839e3d3bfeb29ce65e44efa7735c225464c4fd7dfe9c COPYING diff --git a/package/libass/libass.mk b/package/libass/libass.mk index 50600963ed..818bff234e 100644 --- a/package/libass/libass.mk +++ b/package/libass/libass.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBASS_VERSION = 0.14.0 +LIBASS_VERSION = 0.15.0 LIBASS_SOURCE = libass-$(LIBASS_VERSION).tar.xz # Do not use the github helper here, the generated tarball is *NOT* # the same as the one uploaded by upstream for the release. @@ -15,6 +15,7 @@ LIBASS_LICENSE_FILES = COPYING LIBASS_DEPENDENCIES = \ host-pkgconf \ freetype \ + harfbuzz \ libfribidi \ $(if $(BR2_PACKAGE_LIBICONV),libiconv) @@ -31,11 +32,4 @@ else LIBASS_CONF_OPTS += --disable-fontconfig --disable-require-system-font-provider endif -ifeq ($(BR2_PACKAGE_HARFBUZZ),y) -LIBASS_DEPENDENCIES += harfbuzz -LIBASS_CONF_OPTS += --enable-harfbuzz -else -LIBASS_CONF_OPTS += --disable-harfbuzz -endif - $(eval $(autotools-package))