[Cin] Libvpx vulnerability

Andrew Randrianasulu randrianasulu at gmail.com
Wed Oct 4 03:18:49 CEST 2023 

ср, 4 окт. 2023 г., 04:13 Phyllis Smith <phylsmith2017 at gmail.com>:

> Seems OK to me and compiled but 2 questions:
> 1. When I downloaded with the link you provided, it did not put a "v" in
> the name - it was just libvpx-1.13.1.tar.gz so I am a little confused about
> the difference.
>

I downloaded with wget, may be it explain difference in resulting filename?
Anyway, if our build system happy with file as-is - the better!

2. I think we also need to include the 1.13.0 patch because it changes the
> line from:
>     -#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(
> *n*)))
>     +#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(
> *64*)))
> so I will do that if you concur?
>


Ah, this is change from before I started to look into this part of build. I
guess it just hardcodes alignment?

I just renamed patch so filenames of source and patch matched, without
looking into it ...


If encoding (and decoding) of vp8/9 go brrr I think we can keep it ....

>
> On Tue, Oct 3, 2023 at 1:32 PM Andrew Randrianasulu via Cin <
> cin at lists.cinelerra-gg.org> wrote:
>
>>
>>
>> вт, 3 окт. 2023 г., 16:50 Andrew Randrianasulu <randrianasulu at gmail.com>:
>>
>>>
>>>
>>> вт, 3 окт. 2023 г., 11:56 Andrea paz via Cin <cin at lists.cinelerra-gg.org
>>> >:
>>>
>>>> A vulnerability hole in the vpx library has come out these days. Do
>>>> you think it is worth updating?
>>>>
>>>
>>> I think yes, because we at 1.13.0 already ... may be we can just
>>> add/apply relevant patches without touching main tarball?
>>>
>>
>>
>> so I tried to download new source directly from
>>
>>
>> https://github.com/webmproject/libvpx/archive/v1.13.1/libvpx-v1.13.1.tar.gz
>>
>> renamed it libvpx-1.13.1.tar.gz (without "v") then put in thirdparty/src,
>> renamed corresponding libvpx  patch, edited configure.ac
>> <http://confifure.ac> and now ffmpeg configures .... compiles ...
>>
>>
>>> https://ubuntu.com/security/notices/USN-6403-1
>>>> --
>>>> Cin mailing list
>>>> Cin at lists.cinelerra-gg.org
>>>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>>>
>>> --
>> Cin mailing list
>> Cin at lists.cinelerra-gg.org
>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20231004/d625f9da/attachment.htm>

More information about the Cin mailing list