Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ffmpeg-full: 3.1.3 -> 3.2.2 #22163

Merged
merged 1 commit into from Jan 27, 2017
Merged

ffmpeg-full: 3.1.3 -> 3.2.2 #22163

merged 1 commit into from Jan 27, 2017

Conversation

MP2E
Copy link

@MP2E MP2E commented Jan 26, 2017

Not sure if there's a specific reason ffmpeg is kept at the 3.1.x series :) I updated the ffmpeg-full package which doesn't seem to have anything which depends on it currently.

also removed a few flags for features that have been entirely removed from
ffmpeg

removed:

  • faac
  • aacplus
  • incompatibleLibavAbi option

please use fdk-aac or the built-in encoder for aac audio

  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

ffmpeg-full: 3.1.3 -> 3.2.2
35d48f3 
also removed a few flags for features that have been entirely removed from
ffmpeg

removed:
- faac
- aacplus
- incompatibleLibavAbi option

please use fdk-aac or the built-in encoder for your aac audio needs
@mention-bot
Copy link

@MP2E, thanks for your PR! By analyzing the history of the files in this pull request, we identified @wkennington, @codyopel and @acowley to be potential reviewers.

@vcunat
Copy link
Member

vcunat commented Jan 26, 2017

According to tracker the update is fully API-compatible, so it should be safe.

@MP2E
Copy link
Author

MP2E commented Jan 26, 2017

Thanks for the link! Very useful :)

@grahamc
Copy link
Member

grahamc commented Jan 27, 2017

Are there security implications with this update, @MP2E?

@grahamc
Copy link
Member

grahamc commented Jan 27, 2017

Everything builds ok according to https://prs.nix.gsc.io/jobset/nixos/pr-22163, too. Thank you!

@grahamc grahamc merged commit 70270ca into NixOS:master Jan 27, 2017
@MP2E
Copy link
Author

MP2E commented Jan 27, 2017

thanks for the merge! Indeed, upgrading from ffmpeg 3.1.3 -> 3.2.2 seems to fix 9 security vulnerabilities! I checked for known vulnerabilities in 3.2.2 and did not see any.

https://www.cvedetails.com/vulnerability-list/vendor_id-3611/Ffmpeg.html

This is where I got my information, I also manually looked through the ffmpeg bug tracker

@MP2E MP2E deleted the ffmpeg_full_update branch January 27, 2017 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcunat vcunat vcunat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@MP2E @mention-bot @vcunat @grahamc