Announcement

Collapse
No announcement yet.

FFmpeg 4.4 Released With AV1 VA-API Decoder, SVT-AV1 Encoding

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by elatllat View Post
    How long till this version is default in distrobutions though? Are fedora/centos even packaging ffmpeg?
    https://koji.rpmfusion.org/koji/pack...o?packageID=54

    Comment


    • #12
      In Linux, Hardware acceleration isn't that bad these days, even latest versions of Google-Chrome added vaapi-based mojo video decoder support and performing very well, also MPV doing great in offline and stream hardware-accelerated decoding.
      Last edited by chromer; 09 April 2021, 08:51 AM.

      Comment


      • #13
        Originally posted by uid313 View Post
        Since FFmpeg isn't written in Rust, all applications that use FFmpeg should probably sandboxed with Snap or Flatpak.
        Not a bad suggestion. Since it drags in far too many dependencies to be "trustworthy" I have been running this kind of stuff in a Jail for years.

        For a consumer home media center it probably doesn't matter though.

        Comment


        • #14
          Originally posted by birdie View Post

          Fedora/RHEL cannot package it due to patents. Other distros often strip large chunks of it to avoid patents.
          Most of distros provide two version of FFmpeg. As example Mandriva derivates from years by default provide free version of FFmpeg and as option in restricted repo also version that contains a lot of stuff that can broke patents stuff.
          So this is user choice, use free by default or install from repo restricted version.

          Also OpenMandriva use cool stuff which solves this issue in yet another way. They are using dllopen. This mean, FFmpeg (and others aplication) can support restricted libs like x264 or x265 etc at runtime. This mean, FFmpeg is compiled via dllopen and if you need for example support for x265, then you only need install x265 lib from repo and then ffmpeg start supporting it without any recompiltion. Just out-of-box.

          Comment


          • #15
            Originally posted by birdie View Post

            A tinfoil hat probably won't hurt as well.
            CVE-2019-17539

            The vulnerability exists due to a NULL pointer dereference error within the avcodec_open2 in libavcodec/utils.c in in FFmpeg. A remote attacker can pass specially crafted media content to the affected application and perform a denial of service (DoS) attack or execute arbitrary code on the system.
            There's been quite a few CVSS 10s in there over the years as well as multiple RCEs triggered by simply opening a file.

            Comment


            • #16
              Originally posted by kpedersen View Post

              Not a bad suggestion. Since it drags in far too many dependencies to be "trustworthy" I have been running this kind of stuff in a Jail for years.

              For a consumer home media center it probably doesn't matter though.
              The way it is usually used is by only using a few well proven codecs. It unfortunately ships everything in a single package so you can't trust it to be safe for all that it supports.

              Comment


              • #17
                Originally posted by s_j_newbury View Post
                VA-API works fine here (in Wayland too). What's the problem with it?
                1. CPU use/power consumption is still quite a lot higher than in Windows
                2. mpv doesn't enable it by default
                3. Firefox doesn't enable it by default even under Wayland
                4. Some prominent distros, e.g. Fedora, don't even include libva-intel-driver - you have to manually enable third-party repos to install the driver.

                Otherwise it's all perfect, right.

                Originally posted by numacross View Post
                There's been quite a few CVSS 10s in there over the years as well as multiple RCEs triggered by simply opening a file.
                FFmpeg and distros normally resolve such issues fast.

                Originally posted by -MacNuke- View Post

                Maybe because nVidia moved to their own vendor-locked cuda/nvdec API?
                True so and also VDPAU doesn't offer hardware accelerated video encoding - that's the biggest issue with it.
                Last edited by birdie; 09 April 2021, 10:10 AM.

                Comment


                • #18
                  Originally posted by birdie View Post
                  FFmpeg and distros normally resolve such issues fast.
                  And fire-fighters usually put out fires fast.


                  Comment


                  • #19
                    Originally posted by numacross View Post

                    And fire-fighters usually put out fires fast.

                    Are you aware of anyone who's been hacked through specially crafted media files while using FFmpeg libraries? I'm just curious.

                    Comment


                    • #20
                      Originally posted by birdie View Post

                      Are you aware of anyone who's been hacked through specially crafted media files while using FFmpeg libraries? I'm just curious.
                      Why do distros patch it fast if nobody gets hacked?

                      Comment

                      Working...
                      X