MKVToolNix v9.4.0 released
Monday 22 August 2016 @ 5:40 pm

Time for the next release of MKVToolNix. This time it’s really just polishing of existing functionality.

Dear package maintainers: I have to say again that MKVToolNix v9.3.1 and later requires the recently released libEBML v1.3.4 and libMatroska v1.4.5. Even though both libraries are API and ABI compatible with their prior releases this only means that a program compiled against an older version of the library will still work when run against a newer version of the library.

However, MKVToolNix v9.3.1 and newer use features newly introduced in libMatroska v1.4.4. This means that you cannot compile MKVToolNix v1.4.5 and try to run it against v1.4.4 — that’ll fail with symbol lookup errors from ld.

I’ve received multiple reports of MKVToolNix v9.3.x packages that could be installed with libMatroska v1.4.4. This won’t work. Please make the dependency on v1.4.5+ explicit. Thanks.

You can download the source code or one of the binaries. The Windows and Mac OS binaries are available. Most of the Linux binaries are still being built and will be available in a couple of hours.

Here’s the full ChangeLog since the previous release:

Have fun :)

Comments (4) - Posted in Matroska by  

MKVToolNix not affected by FossHub breach
Monday 8 August 2016 @ 10:56 am

Last week FossHub was breached by attackers from the group PeggleCrew. As I’m using FossHub as the primary mean of distributing Windows and MacOS binaries for MKVToolNix users have asked my whether MKVToolNix or my other servers have been compromised, too.

To the best of my knowledge the answer is: no.

I base this on several facts:

Another thing the attackers did have access to was the account database used for the developer section of the site. That database includes the passwords, and they’ve allegedly not been salted. This, however, doesn’t pose a problem for me either:

There are two things Windows users can do to verify that the binaries they’ve downloaded from FossHub are clean. The first is to verify its SHA-1 and SHA-512 checksums. I provide both checksums on my own server, and they’re always linked to from the download page: SHA1 checksums for 9.3.1, SHA512 checksums. Checksums for other versions can be queried by replacing the version number 9.3.1 in the URL with the one you’re interested in.

The second thing is to check that the executables (both the installer’s executable as well as the ones for the actual tools) are signed by the right certificate. I’m using a certificate signed by StartSSL (StartCom) (“CN = StartCom Class 2 Object CA, OU = StartCom Certification Authority, O = StartCom Ltd., C = IL”). My current certificate’s serial number is ‎5a:d8:f8:75:9a:c3:46:ae:8b:ec:99:15:eb:b5:5d:04 and its SHA1 fingerprint is 48:13:1B:5D:41:63:12:07:D2:86:20:6C:28:F3:78:C8:06:6F:34:AA, though those two values are subject to change when the certificate will be renewed in 2018.

Comments (1) - Posted in Uncategorized by