Here is an update to libass 0.15.0.
CVE-2020-26682
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes
a signed integer overflow.
Index: Makefile
===================================================================
RCS file: /home/cvs/ports/multimedia/libass/Makefile,v
retrieving revision 1.24
diff -u -p -u -p -r1.24 Makefile
--- Makefile 21 Aug 2019 07:35:17 -0000 1.24
+++ Makefile 27 Oct 2020 23:07:02 -0000
@@ -2,14 +2,13 @@
COMMENT= portable ASS/SSA subtitle renderer
-VER= 0.14.0
+VER= 0.15.0
DISTNAME= libass-${VER}
-REVISION= 0
CATEGORIES= multimedia devel
MASTER_SITES= https://github.com/libass/libass/releases/download/${VER}/
EXTRACT_SUFX= .tar.xz
-SHARED_LIBS= ass 3.0
+SHARED_LIBS= ass 3.1
HOMEPAGE= https://github.com/libass/libass
@@ -18,7 +17,7 @@ MAINTAINER= Brad Smith <[email protected]
# ISC
PERMIT_PACKAGE= Yes
-WANTLIB= expat fontconfig freetype fribidi iconv m z
+WANTLIB= ${COMPILER_LIBCXX} expat fontconfig freetype fribidi iconv m z
COMPILER= base-clang ports-gcc
COMPILER_LANGS= c
Index: distinfo
===================================================================
RCS file: /home/cvs/ports/multimedia/libass/distinfo,v
retrieving revision 1.16
diff -u -p -u -p -r1.16 distinfo
--- distinfo 22 Jul 2019 06:55:41 -0000 1.16
+++ distinfo 27 Oct 2020 23:01:10 -0000
@@ -1,2 +1,2 @@
-SHA256 (libass-0.14.0.tar.xz) = iB8jgq9Irq11t6DgLmXYjF69Np/ka8d9knCpSqj9OKI=
-SIZE (libass-0.14.0.tar.xz) = 356256
+SHA256 (libass-0.15.0.tar.xz) = nwkjDJoKpo73qmqeKrcJypVwIPhC5SxbLlK4AafZ6DM=
+SIZE (libass-0.15.0.tar.xz) = 367848
Index: pkg/PLIST
===================================================================
RCS file: /home/cvs/ports/multimedia/libass/pkg/PLIST,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 PLIST
--- pkg/PLIST 21 Nov 2014 02:53:54 -0000 1.3
+++ pkg/PLIST 27 Oct 2020 23:03:55 -0000
@@ -2,7 +2,7 @@
include/ass/
include/ass/ass.h
include/ass/ass_types.h
-lib/libass.a
+@static-lib lib/libass.a
lib/libass.la
@lib lib/libass.so.${LIBass_VERSION}
lib/pkgconfig/libass.pc
