package/libavif: security bump to version 1.1.1

The release notes for version 1.1.0 mention fixes for memory handling issues and bugs found out by fuzzing, which is the reason why this may be considered a security update, despite them not having CVEs assigned: https://github.com/AOMediaCodec/libavif/releases/tag/v1.1.0 https://github.com/AOMediaCodec/libavif/releases/tag/v1.1.1 The change checksum for the LICENSE file is caused by a path change for one of the submodules, and the addition of the licensing terms for the bundled libyuv sources. The latter are never built from the libavif tree as there is a separate libyuv package, so BSD-3-Clause does not need to be added to LIBAVIF_LICENSE. Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2024-08-06 11:08:57 +03:00 · 2024-08-06 11:08:57 +03:00 · cc7fb688b0
commit cc7fb688b0
parent d70bbedd0d
2 changed files with 7 additions and 6 deletions
--- a/package/libavif/libavif.hash
+++ b/package/libavif/libavif.hash
@ -1,3 +1,3 @@
-sha256  dc56708c83a4b934a8af2b78f67f866ba2fb568605c7cf94312acf51ee57d146  libavif-1.0.4.tar.gz
+sha256  914662e16245e062ed73f90112fbb4548241300843a7772d8d441bb6859de45b  libavif-1.1.1.tar.gz

-sha256  10952217a6d404de8bf8a997fbea9b88f682df1fe98cb9b9f467ade641525639  LICENSE
+sha256  165abf92cc04b39e80d29cadea7a6a7e8fddf59407d4ad2616507a7ebe8216f9  LICENSE
--- a/package/libavif/libavif.mk
+++ b/package/libavif/libavif.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-LIBAVIF_VERSION = 1.0.4
+LIBAVIF_VERSION = 1.1.1
 LIBAVIF_SITE = $(call github,AOMediaCodec,libavif,v$(LIBAVIF_VERSION))
 LIBAVIF_LICENSE = BSD-2-Clause, IJG, Apache-2.0
 LIBAVIF_LICENSE_FILES = LICENSE
@ -19,17 +19,18 @@ LIBAVIF_CONF_OPTS = \
 	-DAVIF_BUILD_MAN_PAGES=OFF \
 	-DAVIF_BUILD_TESTS=OFF \
 	-DAVIF_CODEC_AOM=OFF \
-	-DAVIF_CODEC_DAV1D=ON \
+	-DAVIF_CODEC_DAV1D=SYSTEM \
 	-DAVIF_CODEC_LIBGAV1=OFF \
 	-DAVIF_CODEC_RAV1E=OFF \
 	-DAVIF_CODEC_SVT=OFF \
 	-DAVIF_CODEC_AVM=OFF \
 	-DAVIF_ENABLE_GTEST=OFF

-# There is no CMake options to explicitly enable/disable usage of
-# libyuv, only autodetection :-(
 ifeq ($(BR2_PACKAGE_LIBYUV),y)
 LIBAVIF_DEPENDENCIES += libyuv
+LIBAVIF_CONF_OPTS += -DAVIF_LIBYUV=SYSTEM
+else
+LIBAVIF_CONF_OPTS += -DAVIF_LIBYUV=OFF
 endif

 $(eval $(cmake-package))