---------- Forwarded message --------- From: Andrew Randrianasulu <[email protected]> Date: Sat, Sep 16, 2023 at 7:22 AM Subject: Re: CVE in libwebp To: Phyllis Smith <[email protected]>
ah, it was "working" here because I had libwebp installed what about adding patch 0002 on top of previous one? On Sat, Sep 16, 2023 at 5:47 AM Andrew Randrianasulu <[email protected]> wrote: > > > > сб, 16 сент. 2023 г., 04:48 Phyllis Smith <[email protected]>: >> >> Attaching log file from build on Fedora that failed. > > > Can I also see > > ffbuild/config.log ? > > >> I carefully verified that configure.ac and thirdparty/Makefile have the mods >> in from 0001-Change... >> First time I tried, I used the tar.gz and when it did not work I re-made as >> tar.xz as was the previous libwebp 1.1.0 version. >> Tomorrow I will try 1.3.2 (using current build procedure) on an older Debian >> and Ubuntu 16 which I am almost sure use a prior version of cmake to 3.5. >> BUT since I make the AppImage, maybe I can either leave 1.3.2 out or upgrade >> the cmake to 3.5. >> >> On Fri, Sep 15, 2023 at 12:23 PM Andrew Randrianasulu >> <[email protected]> wrote: >>> >>> can you check this attached patch with libwebp downloaded from >>> >>> https://github.com/webmproject/libwebp/archive/refs/tags/v1.3.2.tar.gz >>> >>> just rename to libwebp-1.3.2.tar.gz and put in thirdparty/src >>> >>> >>> >>> >>> >>> пт, 15 сент. 2023 г., 18:31 Andrew Randrianasulu <[email protected]>: >>>> >>>> >>>> >>>> пт, 15 сент. 2023 г., 18:26 Phyllis Smith <[email protected]>: >>>>> >>>>> libwebp is currently at version 1.1.0 for a reason: it requires cmake >>>>> 3.5 and older versions of ubuntu as well as some other older O/S do not >>>>> have that. This is documented in the manual with the suggestion of users >>>>> who want an upgrade will have to first upgrade cmake to 3.5. BUT by now >>>>> it may even require a later version of cmake (not sure).\ >>>> >>>> >>>> At least 1.2.4 (with this bug fixed) still contain autogen.sh/configure >>>> script? >>>> >>>> https://github.com/webmproject/libwebp/tree/1.2.4 >>>> >>>> so may be we can switch our build to this scheme ... >>>> >>>>> >>>>> On Fri, Sep 15, 2023 at 7:01 AM Andrew Randrianasulu >>>>> <[email protected]> wrote: >>>>>> >>>>>> https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a >>>>>> >>>>>> so far Slackware 15.0 bumped libwebp to 1.3.2 >>>>>> >>>>>> guess we ought to do the same?
From 385e95cdc50e416e6bf5622cdb6feeaff6f004c8 Mon Sep 17 00:00:00 2001 From: Andrew Randrianasulu <[email protected]> Date: Fri, 15 Sep 2023 21:18:45 +0300 Subject: [PATCH 1/2] Change libwebp to 1.3.2/autotools build --- cinelerra-5.1/configure.ac | 7 ++++--- cinelerra-5.1/thirdparty/Makefile | 6 ++++-- cinelerra-5.1/thirdparty/src/libwebp-1.3.2.patch0 | 12 ++++++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) create mode 100644 cinelerra-5.1/thirdparty/src/libwebp-1.3.2.patch0 diff --git a/cinelerra-5.1/configure.ac b/cinelerra-5.1/configure.ac index f9d2ab8a..5a150e27 100644 --- a/cinelerra-5.1/configure.ac +++ b/cinelerra-5.1/configure.ac @@ -472,9 +472,10 @@ PKG_3RD([dav1d],[auto], [ usr/local/include ]) PKG_3RD([libwebp],[auto], - [libwebp-1.1.0], - [ usr/local/lib*/libwebp*.a ], - [ usr/local/include ]) + [libwebp-1.3.2], + [ usr/local/lib*/libwebp*.a \ + usr/local/lib*/libsharpyuv*.a ], + [ usr/local/include/webp ]) PKG_3RD([ffnvcodec],[auto], [ffnvcodec], diff --git a/cinelerra-5.1/thirdparty/Makefile b/cinelerra-5.1/thirdparty/Makefile index 7aa050c9..659ab3fe 100644 --- a/cinelerra-5.1/thirdparty/Makefile +++ b/cinelerra-5.1/thirdparty/Makefile @@ -129,6 +129,7 @@ esound.cfg_params= --enable-shared=no --with-pic esound.mak_vars+= CFLAGS="" esound.ldflags=" -lm -lstdc++" fftw.cfg_params= --disable-fortran --enable-shared=no +ffmpeg.cfg_vars?= PKG_CONFIG_PATH="$(call bld_path,libwebp)/usr/local/lib/pkgconfig" ffmpeg.cfg_params= \ --enable-pthreads --disable-avdevice --enable-gpl --disable-ffplay \ $(call if_want,VAAPI,--enable-vaapi,--disable-vaapi) \ @@ -209,8 +210,9 @@ libaom.cfg_params?= -DENABLE_TESTS=no -DCMAKE_BUILD_TYPE=Release -DENABLE_DOCS= libaom.mak_params?= ; $(MAKE) -C libaom*/aom.build install dav1d.cfg_vars?=echo "echo dav1d custom make" >> configure; chmod +x ./configure; dav1d.mak_params?=; $(MAKE) -C dav1d* install DESTDIR="$(call bld_path,dav1d)" -libwebp.cfg_vars?= mkdir build && cd build && $(call cmake_config,..) -libwebp.mak_params?= -C build all install DESTDIR=$(call bld_path,libwebp) +libwebp.cfg_vars?= ./autogen.sh; +libwebp.cfg_params?= --prefix=$(call bld_path,libwebp)usr/local --enable-static --disable-shared --disable-libwebpdemux --disable-libwebpmux; \ + make install; mjpegtools.cflags?="$(call inc_path,libjpeg) $(call ld_path,libjpeg,build)" mjpegtools.cfg_vars?= ./autogen.sh; export CXXFLAGS+="-std=c++11"; mjpegtools.cfg_params?= --enable-shared=no --without-libquicktime --without-libdv \ diff --git a/cinelerra-5.1/thirdparty/src/libwebp-1.3.2.patch0 b/cinelerra-5.1/thirdparty/src/libwebp-1.3.2.patch0 new file mode 100644 index 00000000..bc1628e7 --- /dev/null +++ b/cinelerra-5.1/thirdparty/src/libwebp-1.3.2.patch0 @@ -0,0 +1,12 @@ +--- libwebp-1.3.2/src/libwebp.pc.in.orig 2023-09-15 19:52:28.960943568 +0300 ++++ libwebp-1.3.2/src/libwebp.pc.in 2023-09-15 19:55:00.828943460 +0300 +@@ -6,7 +6,7 @@ + Name: libwebp + Description: Library for the WebP graphics format + Version: @PACKAGE_VERSION@ +-Requires.private: libsharpyuv ++Requires: libsharpyuv + Cflags: -I${includedir} +-Libs: -L${libdir} -l@webp_libname_prefix@webp ++Libs: -L${libdir} -l@webp_libname_prefix@webp -lsharpyuv + Libs.private: -lm @PTHREAD_CFLAGS@ @PTHREAD_LIBS@ -- 2.35.7
From c911275c0c8bd8271411d52217926db6cd9d58cb Mon Sep 17 00:00:00 2001 From: Andrew Randrianasulu <[email protected]> Date: Sat, 16 Sep 2023 07:19:37 +0300 Subject: [PATCH 2/2] Fix libwebp-1.3.2 includes --- cinelerra-5.1/configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cinelerra-5.1/configure.ac b/cinelerra-5.1/configure.ac index 5a150e27..f8d57a73 100644 --- a/cinelerra-5.1/configure.ac +++ b/cinelerra-5.1/configure.ac @@ -475,7 +475,8 @@ PKG_3RD([libwebp],[auto], [libwebp-1.3.2], [ usr/local/lib*/libwebp*.a \ usr/local/lib*/libsharpyuv*.a ], - [ usr/local/include/webp ]) + [ usr/local/include/webp \ + usr/local/include/ ]) PKG_3RD([ffnvcodec],[auto], [ffnvcodec], -- 2.35.7
-- Cin mailing list [email protected] https://lists.cinelerra-gg.org/mailman/listinfo/cin
