---------- Forwarded message --------- From: Andrew Randrianasulu <[email protected]> Date: Sat, Sep 16, 2023 at 7:22 AM Subject: Re: CVE in libwebp To: Phyllis Smith <[email protected]> ah, it was "working" here because I had libwebp installed what about adding patch 0002 on top of previous one? On Sat, Sep 16, 2023 at 5:47 AM Andrew Randrianasulu <[email protected]> wrote:
сб, 16 сент. 2023 г., 04:48 Phyllis Smith <[email protected]>:
Attaching log file from build on Fedora that failed.
Can I also see
ffbuild/config.log ?
I carefully verified that configure.ac and thirdparty/Makefile have the mods in from 0001-Change... First time I tried, I used the tar.gz and when it did not work I re-made as tar.xz as was the previous libwebp 1.1.0 version. Tomorrow I will try 1.3.2 (using current build procedure) on an older Debian and Ubuntu 16 which I am almost sure use a prior version of cmake to 3.5. BUT since I make the AppImage, maybe I can either leave 1.3.2 out or upgrade the cmake to 3.5.
On Fri, Sep 15, 2023 at 12:23 PM Andrew Randrianasulu <[email protected]> wrote:
can you check this attached patch with libwebp downloaded from
https://github.com/webmproject/libwebp/archive/refs/tags/v1.3.2.tar.gz
just rename to libwebp-1.3.2.tar.gz and put in thirdparty/src
пт, 15 сент. 2023 г., 18:31 Andrew Randrianasulu <[email protected]>:
пт, 15 сент. 2023 г., 18:26 Phyllis Smith <[email protected]>:
libwebp is currently at version 1.1.0 for a reason: it requires cmake 3.5 and older versions of ubuntu as well as some other older O/S do not have that. This is documented in the manual with the suggestion of users who want an upgrade will have to first upgrade cmake to 3.5. BUT by now it may even require a later version of cmake (not sure).\
At least 1.2.4 (with this bug fixed) still contain autogen.sh/configure script?
https://github.com/webmproject/libwebp/tree/1.2.4
so may be we can switch our build to this scheme ...
On Fri, Sep 15, 2023 at 7:01 AM Andrew Randrianasulu <[email protected]> wrote:
https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8...
so far Slackware 15.0 bumped libwebp to 1.3.2
guess we ought to do the same?