#libwebp — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #libwebp, aggregated by home.social.
-
Fedi, help:
I am trying to usecwebpto convert images to webp. I have previously done this successfully in an arch distrobox. Now, though, it doesn't work.
I tried reinstalling libwebpdistrobox enter arch bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory cwebp -lossless -q 100 example.png -o example.webp bash: cwebp: command not found
but it made no difference.sudo pacman -S libwebp
It seems to be an issue only affecting webp: I can still run any other cli program in my arch distrobox.
#Webp #Libwebp #Arch #Distrobox
EDIT: SOLVED! The issue was that I hadlibwebpinstalled but notlibwebp-utils. -
Fedi, help:
I am trying to usecwebpto convert images to webp. I have previously done this successfully in an arch distrobox. Now, though, it doesn't work.
I tried reinstalling libwebpdistrobox enter arch bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory cwebp -lossless -q 100 example.png -o example.webp bash: cwebp: command not found
but it made no difference.sudo pacman -S libwebp
It seems to be an issue only affecting webp: I can still run any other cli program in my arch distrobox.
#Webp #Libwebp #Arch #Distrobox
EDIT: SOLVED! The issue was that I hadlibwebpinstalled but notlibwebp-utils. -
Fedi, help:
I am trying to usecwebpto convert images to webp. I have previously done this successfully in an arch distrobox. Now, though, it doesn't work.
I tried reinstalling libwebpdistrobox enter arch bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory cwebp -lossless -q 100 example.png -o example.webp bash: cwebp: command not found
but it made no difference.sudo pacman -S libwebp
It seems to be an issue only affecting webp: I can still run any other cli program in my arch distrobox.
#Webp #Libwebp #Arch #Distrobox
EDIT: SOLVED! The issue was that I hadlibwebpinstalled but notlibwebp-utils. -
Fedi, help:
I am trying to usecwebpto convert images to webp. I have previously done this successfully in an arch distrobox. Now, though, it doesn't work.
I tried reinstalling libwebpdistrobox enter arch bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory cwebp -lossless -q 100 example.png -o example.webp bash: cwebp: command not found
but it made no difference.sudo pacman -S libwebp
It seems to be an issue only affecting webp: I can still run any other cli program in my arch distrobox.
#Webp #Libwebp #Arch #Distrobox
EDIT: SOLVED! The issue was that I hadlibwebpinstalled but notlibwebp-utils. -
Fedi, help:
I am trying to usecwebpto convert images to webp. I have previously done this successfully in an arch distrobox. Now, though, it doesn't work.
I tried reinstalling libwebpdistrobox enter arch bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory cwebp -lossless -q 100 example.png -o example.webp bash: cwebp: command not found
but it made no difference.sudo pacman -S libwebp
It seems to be an issue only affecting webp: I can still run any other cli program in my arch distrobox.
#Webp #Libwebp #Arch #Distrobox
EDIT: SOLVED! The issue was that I hadlibwebpinstalled but notlibwebp-utils. -
Kolejny dzień, kolejna paczka #RustLang, która nie ufa dzielonym bibliotekom i zamiast tego używa swojej przypadkowej wersji #libwebp. A potem nagle trafia się CVE i z łaski swojej rozważa dopuszczenie możliwości statycznego wiązania z systemową biblioteką — tyle że było to półtora roku temu, i nic od tego czasu się nie ruszyło. A ja teraz się użeram z łataniem tego szajsu, bo coś się sypie użytkownikom #Gentoo, i jedyne co mi przychodzi do głowy to to, że włączona wersja libwebp kłóci się z systemową, której używa gtk4.
-
Kolejny dzień, kolejna paczka #RustLang, która nie ufa dzielonym bibliotekom i zamiast tego używa swojej przypadkowej wersji #libwebp. A potem nagle trafia się CVE i z łaski swojej rozważa dopuszczenie możliwości statycznego wiązania z systemową biblioteką — tyle że było to półtora roku temu, i nic od tego czasu się nie ruszyło. A ja teraz się użeram z łataniem tego szajsu, bo coś się sypie użytkownikom #Gentoo, i jedyne co mi przychodzi do głowy to to, że włączona wersja libwebp kłóci się z systemową, której używa gtk4.
-
Kolejny dzień, kolejna paczka #RustLang, która nie ufa dzielonym bibliotekom i zamiast tego używa swojej przypadkowej wersji #libwebp. A potem nagle trafia się CVE i z łaski swojej rozważa dopuszczenie możliwości statycznego wiązania z systemową biblioteką — tyle że było to półtora roku temu, i nic od tego czasu się nie ruszyło. A ja teraz się użeram z łataniem tego szajsu, bo coś się sypie użytkownikom #Gentoo, i jedyne co mi przychodzi do głowy to to, że włączona wersja libwebp kłóci się z systemową, której używa gtk4.
-
Kolejny dzień, kolejna paczka #RustLang, która nie ufa dzielonym bibliotekom i zamiast tego używa swojej przypadkowej wersji #libwebp. A potem nagle trafia się CVE i z łaski swojej rozważa dopuszczenie możliwości statycznego wiązania z systemową biblioteką — tyle że było to półtora roku temu, i nic od tego czasu się nie ruszyło. A ja teraz się użeram z łataniem tego szajsu, bo coś się sypie użytkownikom #Gentoo, i jedyne co mi przychodzi do głowy to to, że włączona wersja libwebp kłóci się z systemową, której używa gtk4.
-
Kolejny dzień, kolejna paczka #RustLang, która nie ufa dzielonym bibliotekom i zamiast tego używa swojej przypadkowej wersji #libwebp. A potem nagle trafia się CVE i z łaski swojej rozważa dopuszczenie możliwości statycznego wiązania z systemową biblioteką — tyle że było to półtora roku temu, i nic od tego czasu się nie ruszyło. A ja teraz się użeram z łataniem tego szajsu, bo coś się sypie użytkownikom #Gentoo, i jedyne co mi przychodzi do głowy to to, że włączona wersja libwebp kłóci się z systemową, której używa gtk4.
-
Sigh. Another day, another #RustLang packages that doesn't trust shared libraries and instead bundles random version of #libwebp. Then hits a CVE and starts considering graciously permitting people to maybe statically link to the system library — except that was 1.5 year ago and nothing happened since. And now I'm patching that crap because shit is falling apart for #Gentoo users, and my best guess is that vendored libwebp is conflicting somehow with shared libwebp that gtk4 links to.
-
Sigh. Another day, another #RustLang packages that doesn't trust shared libraries and instead bundles random version of #libwebp. Then hits a CVE and starts considering graciously permitting people to maybe statically link to the system library — except that was 1.5 year ago and nothing happened since. And now I'm patching that crap because shit is falling apart for #Gentoo users, and my best guess is that vendored libwebp is conflicting somehow with shared libwebp that gtk4 links to.
-
Sigh. Another day, another #RustLang packages that doesn't trust shared libraries and instead bundles random version of #libwebp. Then hits a CVE and starts considering graciously permitting people to maybe statically link to the system library — except that was 1.5 year ago and nothing happened since. And now I'm patching that crap because shit is falling apart for #Gentoo users, and my best guess is that vendored libwebp is conflicting somehow with shared libwebp that gtk4 links to.
-
Sigh. Another day, another #RustLang packages that doesn't trust shared libraries and instead bundles random version of #libwebp. Then hits a CVE and starts considering graciously permitting people to maybe statically link to the system library — except that was 1.5 year ago and nothing happened since. And now I'm patching that crap because shit is falling apart for #Gentoo users, and my best guess is that vendored libwebp is conflicting somehow with shared libwebp that gtk4 links to.
-
Sigh. Another day, another #RustLang packages that doesn't trust shared libraries and instead bundles random version of #libwebp. Then hits a CVE and starts considering graciously permitting people to maybe statically link to the system library — except that was 1.5 year ago and nothing happened since. And now I'm patching that crap because shit is falling apart for #Gentoo users, and my best guess is that vendored libwebp is conflicting somehow with shared libwebp that gtk4 links to.
-
So, #HurricaneMilton is on the way and how do I kill my time waiting for this sucker? I recompile #FFMPEG 7.1 for all the options I've always wanted to use...but never get to compile correctly. Like #libwebp, #vidstab, and #libbluray!
Geez! I feel like @lisamelton right now! 😂❤️ I feel like this is what she does when she's stressed!
It was either this or rewatch all the Marvel movies... 😳
-
So, #HurricaneMilton is on the way and how do I kill my time waiting for this sucker? I recompile #FFMPEG 7.1 for all the options I've always wanted to use...but never get to compile correctly. Like #libwebp, #vidstab, and #libbluray!
Geez! I feel like @lisamelton right now! 😂❤️ I feel like this is what she does when she's stressed!
It was either this or rewatch all the Marvel movies... 😳
-
So, #HurricaneMilton is on the way and how do I kill my time waiting for this sucker? I recompile #FFMPEG 7.1 for all the options I've always wanted to use...but never get to compile correctly. Like #libwebp, #vidstab, and #libbluray!
Geez! I feel like @lisamelton right now! 😂❤️ I feel like this is what she does when she's stressed!
It was either this or rewatch all the Marvel movies... 😳
-
So, #HurricaneMilton is on the way and how do I kill my time waiting for this sucker? I recompile #FFMPEG 7.1 for all the options I've always wanted to use...but never get to compile correctly. Like #libwebp, #vidstab, and #libbluray!
Geez! I feel like @lisamelton right now! 😂❤️ I feel like this is what she does when she's stressed!
It was either this or rewatch all the Marvel movies... 😳
-
So, #HurricaneMilton is on the way and how do I kill my time waiting for this sucker? I recompile #FFMPEG 7.1 for all the options I've always wanted to use...but never get to compile correctly. Like #libwebp, #vidstab, and #libbluray!
Geez! I feel like @lisamelton right now! 😂❤️ I feel like this is what she does when she's stressed!
It was either this or rewatch all the Marvel movies... 😳
-
It's been a few months since last year's #libwebp 0day (#CVE_2023_4863) came out, and I'm curious about whether the alarm has ratcheted down. It kinda seemed like this was potentially a pretty bad vuln if you're a political dissident using Electron apps to organize against oppressive governments, but probably not a super dangerous situation for most corporate networks (with basically no chance of broad automated exploitation). But as I think @TomSellers pointed out early on, the tail of apps that use the vulnerable library was always going to be long, and that usually means it's hard to track just how many are/were exploitable out of the box, and that it could be years before high-impact (remote) attack vectors are identified and fixed.
This is a fantastic overview: https://blog.isosceles.com/the-webp-0day/
-
It's been a few months since last year's #libwebp 0day (#CVE_2023_4863) came out, and I'm curious about whether the alarm has ratcheted down. It kinda seemed like this was potentially a pretty bad vuln if you're a political dissident using Electron apps to organize against oppressive governments, but probably not a super dangerous situation for most corporate networks (with basically no chance of broad automated exploitation). But as I think @TomSellers pointed out early on, the tail of apps that use the vulnerable library was always going to be long, and that usually means it's hard to track just how many are/were exploitable out of the box, and that it could be years before high-impact (remote) attack vectors are identified and fixed.
This is a fantastic overview: https://blog.isosceles.com/the-webp-0day/
-
It's been a few months since last year's #libwebp 0day (#CVE_2023_4863) came out, and I'm curious about whether the alarm has ratcheted down. It kinda seemed like this was potentially a pretty bad vuln if you're a political dissident using Electron apps to organize against oppressive governments, but probably not a super dangerous situation for most corporate networks (with basically no chance of broad automated exploitation). But as I think @TomSellers pointed out early on, the tail of apps that use the vulnerable library was always going to be long, and that usually means it's hard to track just how many are/were exploitable out of the box, and that it could be years before high-impact (remote) attack vectors are identified and fixed.
This is a fantastic overview: https://blog.isosceles.com/the-webp-0day/
-
It's been a few months since last year's #libwebp 0day (#CVE_2023_4863) came out, and I'm curious about whether the alarm has ratcheted down. It kinda seemed like this was potentially a pretty bad vuln if you're a political dissident using Electron apps to organize against oppressive governments, but probably not a super dangerous situation for most corporate networks (with basically no chance of broad automated exploitation). But as I think @TomSellers pointed out early on, the tail of apps that use the vulnerable library was always going to be long, and that usually means it's hard to track just how many are/were exploitable out of the box, and that it could be years before high-impact (remote) attack vectors are identified and fixed.
This is a fantastic overview: https://blog.isosceles.com/the-webp-0day/
-
It's been a few months since last year's #libwebp 0day (#CVE_2023_4863) came out, and I'm curious about whether the alarm has ratcheted down. It kinda seemed like this was potentially a pretty bad vuln if you're a political dissident using Electron apps to organize against oppressive governments, but probably not a super dangerous situation for most corporate networks (with basically no chance of broad automated exploitation). But as I think @TomSellers pointed out early on, the tail of apps that use the vulnerable library was always going to be long, and that usually means it's hard to track just how many are/were exploitable out of the box, and that it could be years before high-impact (remote) attack vectors are identified and fixed.
This is a fantastic overview: https://blog.isosceles.com/the-webp-0day/
-
"Patching the libwebp vulnerability across the Python ecosystem"
https://sethmlarson.dev/security-developer-in-residence-weekly-report-16?date=2023-10-25
-
"Patching the libwebp vulnerability across the Python ecosystem"
https://sethmlarson.dev/security-developer-in-residence-weekly-report-16?date=2023-10-25
-
"Patching the libwebp vulnerability across the Python ecosystem"
https://sethmlarson.dev/security-developer-in-residence-weekly-report-16?date=2023-10-25
-
"Patching the libwebp vulnerability across the Python ecosystem"
https://sethmlarson.dev/security-developer-in-residence-weekly-report-16?date=2023-10-25
-
Seth Larson documented his experience mobilizing the Python ecosystem patching the libwebp vulnerability: https://sethmlarson.dev/security-developer-in-residence-weekly-report-16?date=2023-10-25
-
Seth Larson documented his experience mobilizing the Python ecosystem patching the libwebp vulnerability: https://sethmlarson.dev/security-developer-in-residence-weekly-report-16?date=2023-10-25
-
Seth Larson documented his experience mobilizing the Python ecosystem patching the libwebp vulnerability: https://sethmlarson.dev/security-developer-in-residence-weekly-report-16?date=2023-10-25
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.
-
MS claim #cve20234863 is patched in Teams 1.6.00.26474 but still with Electron 19.1.8. Does anyone know if this means it's only patched in 'new' mode (Webview2) or always?
#libwebp #msteams -
MS claim #cve20234863 is patched in Teams 1.6.00.26474 but still with Electron 19.1.8. Does anyone know if this means it's only patched in 'new' mode (Webview2) or always?
#libwebp #msteams -
MS claim #cve20234863 is patched in Teams 1.6.00.26474 but still with Electron 19.1.8. Does anyone know if this means it's only patched in 'new' mode (Webview2) or always?
#libwebp #msteams -
MS claim #cve20234863 is patched in Teams 1.6.00.26474 but still with Electron 19.1.8. Does anyone know if this means it's only patched in 'new' mode (Webview2) or always?
#libwebp #msteams -
Woohoo, another day, another #0day like the #libwebp one, this time in #libvpx: https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
Let the purge / patch crunch begin!
-
Woohoo, another day, another #0day like the #libwebp one, this time in #libvpx: https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
Let the purge / patch crunch begin!
-
Woohoo, another day, another #0day like the #libwebp one, this time in #libvpx: https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
Let the purge / patch crunch begin!
-
Woohoo, another day, another #0day like the #libwebp one, this time in #libvpx: https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
Let the purge / patch crunch begin!
-
Woohoo, another day, another #0day like the #libwebp one, this time in #libvpx: https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/
Let the purge / patch crunch begin!
-
I see that with the whole #libwebp mess, this 14 years old blog post is still totally relevant: https://flameeyes.blog/2009/01/02/bundling-libraries-for-despair-and-insecurity/
-
I see that with the whole #libwebp mess, this 14 years old blog post is still totally relevant: https://flameeyes.blog/2009/01/02/bundling-libraries-for-despair-and-insecurity/
-
I see that with the whole #libwebp mess, this 14 years old blog post is still totally relevant: https://flameeyes.blog/2009/01/02/bundling-libraries-for-despair-and-insecurity/
-
I see that with the whole #libwebp mess, this 14 years old blog post is still totally relevant: https://flameeyes.blog/2009/01/02/bundling-libraries-for-despair-and-insecurity/