Bug#958916: buster-pu: package taglib/1.11.1+dfsg.1-0.3+deb10u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Sun, 2020-04-26 at 20:11 +0100, Adam D. Barratt wrote:
> On Sun, 2020-04-26 at 14:37 -0400, Boyuan Yang wrote:
[...]
> > Do we need to solve the bug on Sid/Testing first before doing a
> > stable update?
> 
> Having the issue resolved in unstable is usually a prerequisite, yes.
> The fix doesn't have to have reached testing (although obviously it's
> expected that it /will/).

It looks like that happened now, so please go ahead.

Regards,

Adam

Bug#958916: buster-pu: package taglib/1.11.1+dfsg.1-0.3+deb10u1

[Adam D. Barratt]

On Sun, 2020-04-26 at 14:37 -0400, Boyuan Yang wrote:
> Control: tags -1 -moreinfo
> 
> Hi Adam,
> 
> 在 2020-04-26星期日的 18:23 +0100，Adam D. Barratt写道：
> > Control: tags -1 + moreinfo
> > 
> > On Sun, 2020-04-26 at 13:05 -0400, Boyuan Yang wrote:
> > > I just took over maintenance of src:taglib via the ITS process.
> > > It
> > > has a popcon of 9+ with an annoying bug 
> > > https://bugs.debian.org/915281 floating
> > > around for 4 years. It corrupts OGG files under certain
> > > circumstances
> > > and this bug is fixed in all major Linux distributions except
> > > Debian/Ubuntu.
> > > 
> > 
> > The metadata for that bug suggests that it affects the package in
> > unstable, and is not yet fixed there? Is that correct?
> 
> Currently yes, since I'm still evaluating whether I'd backport the
> patch on Sid or directly package upstream new relesae (1.12).

Thanks.

> Do we need to solve the bug on Sid/Testing first before doing a
> stable update?

Having the issue resolved in unstable is usually a prerequisite, yes.
The fix doesn't have to have reached testing (although obviously it's
expected that it /will/).

Regards,

Adam

Bug#958916: buster-pu: package taglib/1.11.1+dfsg.1-0.3+deb10u1

[Boyuan Yang]

Control: tags -1 -moreinfo

Hi Adam,

在 2020-04-26星期日的 18:23 +0100，Adam D. Barratt写道：
> Control: tags -1 + moreinfo
> 
> On Sun, 2020-04-26 at 13:05 -0400, Boyuan Yang wrote:
> > I just took over maintenance of src:taglib via the ITS process. It
> > has a popcon of 9+ with an annoying bug 
> > https://bugs.debian.org/915281 floating
> > around for 4 years. It corrupts OGG files under certain circumstances
> > and this bug is fixed in all major Linux distributions except
> > Debian/Ubuntu.
> > 
> 
> The metadata for that bug suggests that it affects the package in
> unstable, and is not yet fixed there? Is that correct?

Currently yes, since I'm still evaluating whether I'd backport the patch on
Sid or directly package upstream new relesae (1.12).

Do we need to solve the bug on Sid/Testing first before doing a stable update?
Anyway I just prepared an upload onto Sid with the backported patch first in
case that is necessary.

-- 
Regards,
Boyuan Yang


signature.asc
Description: This is a digitally signed message part

Bug#958916: buster-pu: package taglib/1.11.1+dfsg.1-0.3+deb10u1

[Adam D. Barratt]

Control: tags -1 + moreinfo

On Sun, 2020-04-26 at 13:05 -0400, Boyuan Yang wrote:
> I just took over maintenance of src:taglib via the ITS process. It
> has a popcon of 9+ with an annoying bug 
> https://bugs.debian.org/915281 floating
> around for 4 years. It corrupts OGG files under certain circumstances
> and this bug is fixed in all major Linux distributions except
> Debian/Ubuntu.
> 

The metadata for that bug suggests that it affects the package in
unstable, and is not yet fixed there? Is that correct?

Regards,

Adam

Bug#958916: buster-pu: package taglib/1.11.1+dfsg.1-0.3+deb10u1

[Boyuan Yang]

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

Dear stable release team,

I just took over maintenance of src:taglib via the ITS process. It has a
popcon of 9+ with an annoying bug https://bugs.debian.org/915281 floating
around for 4 years. It corrupts OGG files under certain circumstances and this
bug is fixed in all major Linux distributions except Debian/Ubuntu.

This stable update intends to fix this bug in Buster. It is literally a one-
line fix as you can see in the debdiff.

Git packaging repo: 
https://salsa.debian.org/multimedia-team/taglib/-/tree/debian/buster

The full debdiff is attached here. Let me know if you have any questions.
Thanks!

-- 
Regards,
Boyuan Yang


---
diff -Nru taglib-1.11.1+dfsg.1/debian/changelog taglib-
1.11.1+dfsg.1/debian/changelog
--- taglib-1.11.1+dfsg.1/debian/changelog   2019-02-19 17:24:40.0
-0500
+++ taglib-1.11.1+dfsg.1/debian/changelog   2020-04-26 12:41:23.0
-0400
@@ -1,3 +1,12 @@
+taglib (1.11.1+dfsg.1-0.3+deb10u1) buster; urgency=medium
+
+  * debian/patches/0005: Add patch to fix corruption on
+handling ogg files. (Closes: #915281, upstream issue 775) 
+  * debian/control: Update maintainer and Vcs information
+accordingly.
+
+ -- Boyuan Yang   Sun, 26 Apr 2020 12:41:23 -0400
+
 taglib (1.11.1+dfsg.1-0.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru taglib-1.11.1+dfsg.1/debian/control taglib-
1.11.1+dfsg.1/debian/control
--- taglib-1.11.1+dfsg.1/debian/control 2017-10-12 05:15:27.0 -0400
+++ taglib-1.11.1+dfsg.1/debian/control 2020-04-26 12:41:21.0 -0400
@@ -1,14 +1,16 @@
 Source: taglib
 Section: libs
 Priority: optional
-Maintainer: Modestas Vainius 
+Maintainer: Debian Multimedia Maintainers 
+Uploaders:
+ Boyuan Yang ,
 Build-Depends: cmake, debhelper (>= 9), zlib1g-dev,
  pkg-kde-tools, libboost-dev, libicu-dev
 Build-Depends-Indep: doxygen, graphviz, gsfonts-x11
 Standards-Version: 4.1.1
 Homepage: http://taglib.github.io/
-Vcs-Git: https://anonscm.debian.org/git/collab-maint/taglib.git
-Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/taglib.git/
+Vcs-Git: https://salsa.debian.org/multimedia-team/taglib.git
+Vcs-Browser: https://salsa.debian.org/multimedia-team/taglib
 
 Package: libtag1v5
 Architecture: any
diff -Nru taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch
--- taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch1969-12-31 19:00:00.0 -0500
+++ taglib-1.11.1+dfsg.1/debian/patches/0005-Fix-possible-Ogg-packet-
losses.patch2020-04-26 12:38:10.0 -0400
@@ -0,0 +1,23 @@
+From: Tsuda Kageyu 
+Date: Thu, 1 Dec 2016 11:32:01 +0900
+Subject: Fix possible Ogg packet losses.
+
+Bug-Debian: https://bugs.debian.org/915281
+Applied-Upstream: 
https://github.com/taglib/taglib/commit/9336c82da3a04552168f208cd7a5fa4646701ea4
+---
+ taglib/ogg/oggfile.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/taglib/ogg/oggfile.cpp b/taglib/ogg/oggfile.cpp
+index 86b0b07..c36e4d4 100644
+--- a/taglib/ogg/oggfile.cpp
 b/taglib/ogg/oggfile.cpp
+@@ -253,7 +253,7 @@ void Ogg::File::writePacket(unsigned int i, const
ByteVector )
+   ByteVectorList packets = firstPage->packets();
+   packets[i - firstPage->firstPacketIndex()] = packet;
+ 
+-  if(firstPage != lastPage && lastPage->packetCount() > 2) {
++  if(firstPage != lastPage && lastPage->packetCount() > 1) {
+ ByteVectorList lastPagePackets = lastPage->packets();
+ lastPagePackets.erase(lastPagePackets.begin());
+ packets.append(lastPagePackets);
diff -Nru taglib-1.11.1+dfsg.1/debian/patches/series taglib-
1.11.1+dfsg.1/debian/patches/series
--- taglib-1.11.1+dfsg.1/debian/patches/series  2019-02-19 17:24:29.0
-0500
+++ taglib-1.11.1+dfsg.1/debian/patches/series  2020-04-26 12:38:10.0
-0400
@@ -2,3 +2,4 @@
 icu.patch
 CVE-2017-12678.diff
 CVE-2018-11439.patch
+0005-Fix-possible-Ogg-packet-losses.patch

===
diff -Nru taglib-1.11.1+dfsg.1/debian/changelog taglib-1.11.1+dfsg.1/debian/changelog
--- taglib-1.11.1+dfsg.1/debian/changelog	2019-02-19 17:24:40.0 -0500
+++ taglib-1.11.1+dfsg.1/debian/changelog	2020-04-26 12:41:23.0 -0400
@@ -1,3 +1,12 @@
+taglib (1.11.1+dfsg.1-0.3+deb10u1) buster; urgency=medium
+
+  * debian/patches/0005: Add patch to fix corruption on
+handling ogg files. (Closes: #915281, upstream issue 775) 
+  * debian/control: Update maintainer and Vcs information
+accordingly.
+
+ -- Boyuan Yang   Sun, 26 Apr 2020 12:41:23 -0400
+
 taglib (1.11.1+dfsg.1-0.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru taglib-1.11.1+dfsg.1/debian/control taglib-1.11.1+dfsg.1/debian/control
--- taglib-1.11.1+dfsg.1/debian/control	2017-10-12 05:15:27.0 -0400
+++ taglib-1.11.1+dfsg.1/debian/control