[Cin] Libvpx vulnerability

Phyllis Smith phylsmith2017 at gmail.com
Wed Oct 4 03:24:08 CEST 2023


OK, I will do a few tests yet of vp8/9.

On Tue, Oct 3, 2023 at 7:19 PM Andrew Randrianasulu <randrianasulu at gmail.com>
wrote:

>
>
> ср, 4 окт. 2023 г., 04:13 Phyllis Smith <phylsmith2017 at gmail.com>:
>
>> Seems OK to me and compiled but 2 questions:
>> 1. When I downloaded with the link you provided, it did not put a "v" in
>> the name - it was just libvpx-1.13.1.tar.gz so I am a little confused about
>> the difference.
>>
>
> I downloaded with wget, may be it explain difference in resulting
> filename? Anyway, if our build system happy with file as-is - the better!
>
> 2. I think we also need to include the 1.13.0 patch because it changes the
>> line from:
>>     -#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(
>> *n*)))
>>     +#define DECLARE_ALIGNED(n, typ, val) typ val __attribute__((aligned(
>> *64*)))
>> so I will do that if you concur?
>>
>
>
> Ah, this is change from before I started to look into this part of build.
> I guess it just hardcodes alignment?
>
> I just renamed patch so filenames of source and patch matched, without
> looking into it ...
>
>
> If encoding (and decoding) of vp8/9 go brrr I think we can keep it ....
>
>>
>> On Tue, Oct 3, 2023 at 1:32 PM Andrew Randrianasulu via Cin <
>> cin at lists.cinelerra-gg.org> wrote:
>>
>>>
>>>
>>> вт, 3 окт. 2023 г., 16:50 Andrew Randrianasulu <randrianasulu at gmail.com
>>> >:
>>>
>>>>
>>>>
>>>> вт, 3 окт. 2023 г., 11:56 Andrea paz via Cin <
>>>> cin at lists.cinelerra-gg.org>:
>>>>
>>>>> A vulnerability hole in the vpx library has come out these days. Do
>>>>> you think it is worth updating?
>>>>>
>>>>
>>>> I think yes, because we at 1.13.0 already ... may be we can just
>>>> add/apply relevant patches without touching main tarball?
>>>>
>>>
>>>
>>> so I tried to download new source directly from
>>>
>>>
>>> https://github.com/webmproject/libvpx/archive/v1.13.1/libvpx-v1.13.1.tar.gz
>>>
>>> renamed it libvpx-1.13.1.tar.gz (without "v") then put in
>>> thirdparty/src, renamed corresponding libvpx  patch, edited configure.ac
>>> <http://confifure.ac> and now ffmpeg configures .... compiles ...
>>>
>>>
>>>> https://ubuntu.com/security/notices/USN-6403-1
>>>>> --
>>>>> Cin mailing list
>>>>> Cin at lists.cinelerra-gg.org
>>>>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>>>>
>>>> --
>>> Cin mailing list
>>> Cin at lists.cinelerra-gg.org
>>> https://lists.cinelerra-gg.org/mailman/listinfo/cin
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cinelerra-gg.org/pipermail/cin/attachments/20231003/565a64c4/attachment.htm>


More information about the Cin mailing list