Seems OK to me and compiled but 2 questions:

1. When I downloaded with the link you provided, it did not put a "v" in the name - it was just libvpx-1.13.1.tar.gz so I am a little confused about the difference.

2. I think we also need to include the 1.13.0 patch because it changes the line from:

-#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(n)))
+#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(64)))

so I will do that if you concur?

On Tue, Oct 3, 2023 at 1:32 PM Andrew Randrianasulu via Cin <cin@lists.cinelerra-gg.org> wrote:

вт, 3 окт. 2023 г., 16:50 Andrew Randrianasulu <randrianasulu@gmail.com>:

вт, 3 окт. 2023 г., 11:56 Andrea paz via Cin <cin@lists.cinelerra-gg.org>:
A vulnerability hole in the vpx library has come out these days. Do
you think it is worth updating?

I think yes, because we at 1.13.0 already ... may be we can just add/apply relevant patches without touching main tarball?

so I tried to download new source directly from

https://github.com/webmproject/libvpx/archive/v1.13.1/libvpx-v1.13.1.tar.gz

renamed it libvpx-1.13.1.tar.gz (without "v") then put in thirdparty/src, renamed corresponding libvpx patch, edited configure.ac and now ffmpeg configures .... compiles ...

https://ubuntu.com/security/notices/USN-6403-1
--
Cin mailing list
Cin@lists.cinelerra-gg.org
https://lists.cinelerra-gg.org/mailman/listinfo/cin

--
Cin mailing list
Cin@lists.cinelerra-gg.org
https://lists.cinelerra-gg.org/mailman/listinfo/cin