--- Begin Message ---
Subject: |
[PATCH] gnu: taglib: Include patch to prevent OGG corruption. |
Date: |
Sun, 16 Aug 2020 16:48:19 +0100 |
User-agent: |
mu4e 1.4.13; emacs 26.3 |
Hello Guix!
As I was looking into updating clementine, I noticed it would refuse to
build with the system's taglib saying it may have a bug that corrupts
OGG files. I haven't personally encountered this bug, but I think we
should patch it anyway to be safe. It should be included in the next
release but it's unclear when this is going happen :-/
See https://github.com/taglib/taglib/issues/864 for more details. It
seems other distributions such as Archlinux also apply this fix.
Thanks!
Pierre
0001-gnu-taglib-Include-patch-to-prevent-OGG-corruption.patch
Description: Text Data
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#42890] [PATCH] gnu: taglib: Include patch to prevent OGG corruption. |
Date: |
Fri, 04 Sep 2020 12:14:26 +0100 |
User-agent: |
mu4e 1.4.13; emacs 27.1 |
Ludovic Courtès writes:
> Hi!
>
> Pierre Langlois <pierre.langlois@gmx.com> skribis:
>
>>>From 97a5d71bd50c72d2d7562a7d22baca04f4987657 Mon Sep 17 00:00:00 2001
>> From: Pierre Langlois <pierre.langlois@gmx.com>
>> Date: Tue, 18 Aug 2020 18:38:01 +0100
>> Subject: [PATCH] gnu: taglib: Update to 1.12-beta-1.
>>
>> This switches to a yet unreleased version of taglib, to make sure long
>> standings issues and CVEs are covered until a proper release is made
>> upstream.
>>
>> Among these, we have:
>>
>> - CVE-2017-12678
>> - CVE-2018-11439
>> - https://github.com/taglib/taglib/issues/864
>>
>> * gnu/packges/mp3.scm (taglib): Update to 1.12-beta-1.
>> [source]: Switch to using git-fetch.
>
> It’s a good idea to add “[security fixes]” or to list CVEs in the
> subject line of the commit log.
>
> Otherwise LGTM!
>
> You can now use your new super commit powers to push it. :-)
Whoohoo! done :-)
signature.asc
Description: PGP signature
--- End Message ---