Solved libvpx upgrade

Dams · Aug 21, 2015

Hello,

Since 2 or 3 days I'm trying to upgrade libvpx to 1.4.0.488.

But I've got a message :

Code:

libvpx-1.4.0.488 is vulnerable:
libvpx -- multiple buffer overflows

So portmaster don't want to upgrade it.

I've got some port depending on it that I cannot upgrade as well. Firefox in particular.

I look on freshport, and the upgrade to 1.4.0.488 was correcting vulnerabilities. I don't see any another vulnerabilities write there.

Do I have to wait for another version?

Or do I did something wrong with portmaster?

talsamon · Aug 21, 2015

Try: portmaster -m -DDISABLE_VULNERABILITIES multimedia/libvpx.

kpa · Aug 21, 2015

Run # pkg audit -F once and try again.

wblock@ · Aug 21, 2015

talsamon said:
Try: portmaster -m -DDISABLE_VULNERABILITIES multimedia/libvpx.

Please, if you recommend this, explain that it is dangerous. It disables protection against known vulnerabilities, and should not be used or recommended without a warning.

Dams · Aug 23, 2015

kpa said:
Run # pkg audit -F once and try again.

Thank you. I did this and after portmaster(8) did the upgrade.

Solved libvpx upgrade

Dams

talsamon

kpa

wblock@

Dams