[Buildroot] [PATCH 2/2] package/harfbuzz: bump to version 6.0.0

Giulio Benetti giulio.benetti at benettiengineering.com
Thu Feb 23 11:14:08 UTC 2023 

Hi Fabrice, Thomas,

On 22/02/23 16:55, Fabrice Fontaine wrote:
> Hi,
> 
> Le mer. 22 févr. 2023 à 16:37, Giulio Benetti 
> <giulio.benetti at benettiengineering.com 
> <mailto:giulio.benetti at benettiengineering.com>> a écrit :
> 
>     This patch is superseded by this one:
>     https://patchwork.ozlabs.org/project/buildroot/patch/20230222145059.1939094-1-giulio.benetti@benettiengineering.com/ <https://patchwork.ozlabs.org/project/buildroot/patch/20230222145059.1939094-1-giulio.benetti@benettiengineering.com/>
> 
> 
> This bump should be tagged as a security bump as it includes a fix for 
> CVE-2023-25193 (or you could backport fix on master).

Thanks a lot for pointing. I've found that the CVE is present in version
6.0.0 only. So as discussed on IRC with Thomas we're going to keep
version 5.3.1 for Buildroot 2023.02 and apply the patch to bump harfbuzz
to 7.0.1 to next.

Best regards
-- 
Giulio Benetti
CEO/CTO at Benetti Engineering sas

> 
> 
> 
>     Best regards
>     -- 
>     CEO/CTO at Benetti Engineering sas
> 
>     On 09/02/23 00:07, Giulio Benetti wrote:
>      > Since the major release changed all the packages that have direct
>      > dependency to harfbuzz has been succesfully built:
>      > - efl
>      > - libass
>      > - mupdf
>      > - pango
>      > - qt5base
>      > - qt5webengine
>      > - qt6base
>      > - sdl2_ttf
>      > - supertuxkart
>      > - vlc
>      > - webkitgtk
>      > - wpewebkit
>      >
>      > Signed-off-by: Giulio Benetti
>     <giulio.benetti at benettiengineering.com
>     <mailto:giulio.benetti at benettiengineering.com>>
>      > ---
>      >   package/harfbuzz/harfbuzz.hash | 2 +-
>      >   package/harfbuzz/harfbuzz.mk <http://harfbuzz.mk>   | 2 +-
>      >   2 files changed, 2 insertions(+), 2 deletions(-)
>      >
>      > diff --git a/package/harfbuzz/harfbuzz.hash
>     b/package/harfbuzz/harfbuzz.hash
>      > index 9489f25c6a..faae7b91e3 100644
>      > --- a/package/harfbuzz/harfbuzz.hash
>      > +++ b/package/harfbuzz/harfbuzz.hash
>      > @@ -1,3 +1,3 @@
>      >   # Locally computed
>      > -sha256 
>     4a6ce097b75a8121facc4ba83b5b083bfec657f45b003cd5a3424f2ae6b4434d 
>     harfbuzz-5.3.1.tar.xz
>      > +sha256 
>     1d1010a1751d076d5291e433c138502a794d679a7498d1268ee21e2d4a140eb4 
>     harfbuzz-6.0.0.tar.xz
>      >   sha256 
>     4345e1735f8bc6d812fed5180cabb5a5e88a4109d332652f2a45c13cfa5ee692 
>     COPYING
>      > diff --git a/package/harfbuzz/harfbuzz.mk <http://harfbuzz.mk>
>     b/package/harfbuzz/harfbuzz.mk <http://harfbuzz.mk>
>      > index b0112168e1..02fe4ecec3 100644
>      > --- a/package/harfbuzz/harfbuzz.mk <http://harfbuzz.mk>
>      > +++ b/package/harfbuzz/harfbuzz.mk <http://harfbuzz.mk>
>      > @@ -4,7 +4,7 @@
>      >   #
>      > 
>       ################################################################################
>      >
>      > -HARFBUZZ_VERSION = 5.3.1
>      > +HARFBUZZ_VERSION = 6.0.0
>      >   HARFBUZZ_SITE =
>     https://github.com/harfbuzz/harfbuzz/releases/download/$(HARFBUZZ_VERSION) <https://github.com/harfbuzz/harfbuzz/releases/download/$(HARFBUZZ_VERSION)>
>      >   HARFBUZZ_SOURCE = harfbuzz-$(HARFBUZZ_VERSION).tar.xz
>      >   HARFBUZZ_LICENSE = MIT, ISC (ucdn library)
> 
> 
> Best Regards,
> 
> Fabrice

More information about the buildroot mailing list