Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Dear stable release team,
I just took over maintenance of src:taglib via the ITS process. It has a
popcon of 90000+ with an annoying bug https://bugs.debian.org/915281 floating
around for 4 years. It corrupts OGG files under certain circumstances and this
bug is fixed in all major Linux distributions except Debian/Ubuntu.
This stable update intends to fix this bug in Buster. It is literally a one-
line fix as you can see in the debdiff.
Git packaging repo:
https://salsa.debian.org/multimedia-team/taglib/-/tree/debian/buster
The full debdiff is attached here. Let me know if you have any questions.
Thanks!
--
Regards,
Boyuan Yang
---
diff -Nru taglib-1.11.1+dfsg.1/debian/changelog taglib-
1.11.1+dfsg.1/debian/changelog
--- taglib-1.11.1+dfsg.1/debian/changelog 2019-02-19 17:24:40.000000000
-0500
+++ taglib-1.11.1+dfsg.1/debian/changelog 2020-04-26 12:41:23.000000000
-0400
@@ -1,3 +1,12 @@
+taglib (1.11.1+dfsg.1-0.3+deb10u1) buster; urgency=medium
+
+ * debian/patches/0005: Add patch to fix corruption on
+ handling ogg files. (Closes: #915281, upstream issue 775)
+ * debian/control: Update maintainer and Vcs information
+ accordingly.
+
+ -- Boyuan Yang <byang@debian.org> Sun, 26 Apr 2020 12:41:23 -0400
+
taglib (1.11.1+dfsg.1-0.3) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru taglib-1.11.1+dfsg.1/debian/control taglib-
1.11.1+dfsg.1/debian/control
--- taglib-1.11.1+dfsg.1/debian/control 2017-10-12 05:15:27.000000000 -0400
+++ taglib-1.11.1+dfsg.1/debian/control 2020-04-26 12:41:21.000000000 -0400
@@ -1,14 +1,16 @@
Source: taglib
Section: libs
Priority: optional
-Maintainer: Modestas Vainius <modax@debian.org>
+Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org
>
+Uploaders:
+ Boyuan Yang <byang@debian.org>,
Build-Depends: cmake, debhelper (>= 9), zlib1g-dev,
pkg-kde-tools, libboost-dev, libicu-dev
Build-Depends-Indep: doxygen, graphviz, gsfonts-x11
Standards-Version: 4.1.1
Homepage: http://taglib.github.io/
-Vcs-Git: https://anonscm.debian.org/git/collab-maint/taglib.git
-Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/taglib.git/
+Vcs-Git: https://salsa.debian.org/multimedia-team/taglib.git
+Vcs-Browser: https://salsa.debian.org/multimedia-team/taglib
Package: libtag1v5
Architecture: any
diff -Nru taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch
--- taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch 1969-12-31 19:00:00.000000000 -0500
+++ taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch 2020-04-26 12:38:10.000000000 -0400
@@ -0,0 +1,23 @@
+From: Tsuda Kageyu <tsuda.kageyu@gmail.com>
+Date: Thu, 1 Dec 2016 11:32:01 +0900
+Subject: Fix possible Ogg packet losses.
+
+Bug-Debian: https://bugs.debian.org/915281
+Applied-Upstream:
https://github.com/taglib/taglib/commit/9336c82da3a04552168f208cd7a5fa4646701ea4
+---
+ taglib/ogg/oggfile.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/taglib/ogg/oggfile.cpp b/taglib/ogg/oggfile.cpp
+index 86b0b07..c36e4d4 100644
+--- a/taglib/ogg/oggfile.cpp
++++ b/taglib/ogg/oggfile.cpp
+@@ -253,7 +253,7 @@ void Ogg::File::writePacket(unsigned int i, const
ByteVector &packet)
+ ByteVectorList packets = firstPage->packets();
+ packets[i - firstPage->firstPacketIndex()] = packet;
+
+- if(firstPage != lastPage && lastPage->packetCount() > 2) {
++ if(firstPage != lastPage && lastPage->packetCount() > 1) {
+ ByteVectorList lastPagePackets = lastPage->packets();
+ lastPagePackets.erase(lastPagePackets.begin());
+ packets.append(lastPagePackets);
diff -Nru taglib-1.11.1+dfsg.1/debian/patches/series taglib-
1.11.1+dfsg.1/debian/patches/series
--- taglib-1.11.1+dfsg.1/debian/patches/series 2019-02-19 17:24:29.000000000
-0500
+++ taglib-1.11.1+dfsg.1/debian/patches/series 2020-04-26 12:38:10.000000000
-0400
@@ -2,3 +2,4 @@
icu.patch
CVE-2017-12678.diff
CVE-2018-11439.patch
+0005-Fix-possible-Ogg-packet-losses.patch
===================
diff -Nru taglib-1.11.1+dfsg.1/debian/changelog taglib-1.11.1+dfsg.1/debian/changelog
--- taglib-1.11.1+dfsg.1/debian/changelog 2019-02-19 17:24:40.000000000 -0500
+++ taglib-1.11.1+dfsg.1/debian/changelog 2020-04-26 12:41:23.000000000 -0400
@@ -1,3 +1,12 @@
+taglib (1.11.1+dfsg.1-0.3+deb10u1) buster; urgency=medium
+
+ * debian/patches/0005: Add patch to fix corruption on
+ handling ogg files. (Closes: #915281, upstream issue 775)
+ * debian/control: Update maintainer and Vcs information
+ accordingly.
+
+ -- Boyuan Yang <byang@debian.org> Sun, 26 Apr 2020 12:41:23 -0400
+
taglib (1.11.1+dfsg.1-0.3) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru taglib-1.11.1+dfsg.1/debian/control taglib-1.11.1+dfsg.1/debian/control
--- taglib-1.11.1+dfsg.1/debian/control 2017-10-12 05:15:27.000000000 -0400
+++ taglib-1.11.1+dfsg.1/debian/control 2020-04-26 12:41:21.000000000 -0400
@@ -1,14 +1,16 @@
Source: taglib
Section: libs
Priority: optional
-Maintainer: Modestas Vainius <modax@debian.org>
+Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
+Uploaders:
+ Boyuan Yang <byang@debian.org>,
Build-Depends: cmake, debhelper (>= 9), zlib1g-dev,
pkg-kde-tools, libboost-dev, libicu-dev
Build-Depends-Indep: doxygen, graphviz, gsfonts-x11
Standards-Version: 4.1.1
Homepage: http://taglib.github.io/
-Vcs-Git: https://anonscm.debian.org/git/collab-maint/taglib.git
-Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/taglib.git/
+Vcs-Git: https://salsa.debian.org/multimedia-team/taglib.git
+Vcs-Browser: https://salsa.debian.org/multimedia-team/taglib
Package: libtag1v5
Architecture: any
diff -Nru taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-losses.patch taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-losses.patch
--- taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-losses.patch 1969-12-31 19:00:00.000000000 -0500
+++ taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-losses.patch 2020-04-26 12:38:10.000000000 -0400
@@ -0,0 +1,23 @@
+From: Tsuda Kageyu <tsuda.kageyu@gmail.com>
+Date: Thu, 1 Dec 2016 11:32:01 +0900
+Subject: Fix possible Ogg packet losses.
+
+Bug-Debian: https://bugs.debian.org/915281
+Applied-Upstream: https://github.com/taglib/taglib/commit/9336c82da3a04552168f208cd7a5fa4646701ea4
+---
+ taglib/ogg/oggfile.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/taglib/ogg/oggfile.cpp b/taglib/ogg/oggfile.cpp
+index 86b0b07..c36e4d4 100644
+--- a/taglib/ogg/oggfile.cpp
++++ b/taglib/ogg/oggfile.cpp
+@@ -253,7 +253,7 @@ void Ogg::File::writePacket(unsigned int i, const ByteVector &packet)
+ ByteVectorList packets = firstPage->packets();
+ packets[i - firstPage->firstPacketIndex()] = packet;
+
+- if(firstPage != lastPage && lastPage->packetCount() > 2) {
++ if(firstPage != lastPage && lastPage->packetCount() > 1) {
+ ByteVectorList lastPagePackets = lastPage->packets();
+ lastPagePackets.erase(lastPagePackets.begin());
+ packets.append(lastPagePackets);
diff -Nru taglib-1.11.1+dfsg.1/debian/patches/series taglib-1.11.1+dfsg.1/debian/patches/series
--- taglib-1.11.1+dfsg.1/debian/patches/series 2019-02-19 17:24:29.000000000 -0500
+++ taglib-1.11.1+dfsg.1/debian/patches/series 2020-04-26 12:38:10.000000000 -0400
@@ -2,3 +2,4 @@
icu.patch
CVE-2017-12678.diff
CVE-2018-11439.patch
+0005-Fix-possible-Ogg-packet-losses.patch
Attachment:
signature.asc
Description: This is a digitally signed message part