From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 0FKKG8mdO197VAAA0tVLHw (envelope-from ) for ; Tue, 18 Aug 2020 09:22:17 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id yFt+F8mdO1/GZgAAB5/wlQ (envelope-from ) for ; Tue, 18 Aug 2020 09:22:17 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0749C9408FD for ; Tue, 18 Aug 2020 09:22:16 +0000 (UTC) Received: from localhost ([::1]:49806 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k7xos-0004Xs-MW for larch@yhetil.org; Tue, 18 Aug 2020 05:22:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58862) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k7xof-0004Xb-Ub for guix-patches@gnu.org; Tue, 18 Aug 2020 05:22:01 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50694) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k7xof-0000qC-LP for guix-patches@gnu.org; Tue, 18 Aug 2020 05:22:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1k7xof-0001kz-Ib for guix-patches@gnu.org; Tue, 18 Aug 2020 05:22:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42890] [PATCH] gnu: taglib: Include patch to prevent OGG corruption. Resent-From: Pierre Langlois Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 18 Aug 2020 09:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42890 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Brendan Tildesley Cc: 42890@debbugs.gnu.org X-Debbugs-Original-Cc: 42890@debbugs.gnu.org, guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15977425036730 (code B ref -1); Tue, 18 Aug 2020 09:22:01 +0000 Received: (at submit) by debbugs.gnu.org; 18 Aug 2020 09:21:43 +0000 Received: from localhost ([127.0.0.1]:34007 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k7xoN-0001kU-ED for submit@debbugs.gnu.org; Tue, 18 Aug 2020 05:21:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:57684) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k7xoJ-0001kK-Ac for submit@debbugs.gnu.org; Tue, 18 Aug 2020 05:21:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58754) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k7xoJ-0004TJ-56 for guix-patches@gnu.org; Tue, 18 Aug 2020 05:21:39 -0400 Received: from mout.gmx.net ([212.227.17.21]:58659) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k7xoH-0000o3-1U for guix-patches@gnu.org; Tue, 18 Aug 2020 05:21:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1597742487; bh=bfaFndGtRUxd2vQas08fG7ZAVzzroZVjoHlaovhGNjU=; h=X-UI-Sender-Class:References:From:To:Cc:Subject:In-reply-to:Date; b=SfwQ4Rjp6jkk77LCFJZQbiitVdPK0Ero8ywJ0oHK4bXs4ie74dG33HjJMCDxe5JZa UbxQO8wiNPFgKBJVNuugJVl14ftT9aJzpCVbq2nToTyA1gzgLhAUgUAMRoMJkrIQzB OyNi9DzFQMNZ109T/BjeBWmPWaR9SsQx6X0V/Wdc= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from e119807-lin ([82.69.64.142]) by mail.gmx.com (mrgmx104 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MvbBu-1kzEsi34z8-00siG9; Tue, 18 Aug 2020 11:21:27 +0200 References: <87r1s6oam4.fsf@gmx.com> <98bfcbfa-4142-2985-864f-c146ac8d1f92@brendan.scot> User-agent: mu4e 1.4.12; emacs 26.3 From: Pierre Langlois In-reply-to: <98bfcbfa-4142-2985-864f-c146ac8d1f92@brendan.scot> Date: Tue, 18 Aug 2020 10:21:25 +0100 Message-ID: <87blj82tt6.fsf@gmx.com> MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K1:VY5aAfZooAqwCb7rTk0cdexcofut46R8fkDXmtOuMrMC4IPNsib ImQE3VemyYwHOC1EvUND1GcHd3oA5qFn3/tpoxQgx0m8TfR6bhePNsJmkxfgWcUlyO/4cd5 K6LYUZKLXLpUBo4cEeU0DzxVvo9U2xMvb0vZBcxK38sV0kBvG9z5/HfsfRxyA+uTUEwEZBf ZVhL79+gIWC6pu92Qv1Ag== X-UI-Out-Filterresults: notjunk:1;V03:K0:Bzb+4hN9EaE=:fAPL1hbTGNDPYjGz6u9vuw AtZaq+AINNdMaPf/HUOaCWHRcCRk9h+3oI07X8Ez5s50kOKh7IXMhHjJI//YRL9lNwvGD8H7j XioU0m8BONeeoeeQP4uxyTIoZ8uPNw4HNf/+I5ABLU60fMBUxumDhLoP80RI2cusVHvNn9iIY r7ZdgJKU87wna4eLuslkx5ePrIml/iWmpvTCYv86vmHS9aTWevwHy6ZCFeAO9Pe8HsIAIh60a jgEPFkpWURzdonN5PM0CJVb0YmhbP45EAAY757s/eZJA2LAE5B1pFh+jxo3V5j41+ttiiEuCd 9TQeCH8ktUpoMlmsL63igVjwdiPq/9NGj4FtaE/m6i1ujM6scgvxnTr1FiJvr7qidM7MQY/HV 0P3i0DJ7s7im9CwcIPDTtgJGwRfqnJSGG2csnR4jGvZdLXqD9vwleuXm4nJ0qbHLBTKOf/Zyd jktxzm9lutkeS7EGm7CF7EJoJM3rOUabuJrxgBPLtHCBZFwk60LuruP9DNkoGKpC6mhQewYwZ ZKyDkJA+GqIt7cRfjW1EKKUyG35M5KGj0VCm8pE8boalHBbxvSA5ahjX+MU4bA1b2EVFMoFu5 53yxP18aIZgHFqaxdcYkCm/A0otdp1teFCkI9ZF6Dd5WsswWc5IF9oRiebSqKO6Wtrkd9D3Ft d492Zy3XGfwfE1fkvy1bWp1fVQKa8GfyjZYoL+NoL3A9S3A1nZJrdI7Mgu97+W3A2dH3EU1Or Oasv+KZOlomYjpOKz0HC//xGRSZd+futAJTHfSgOz5vlohb0Fi21DtklsowkqppqsOGuaXqer FZT7PtjZ8atN5anIa5i+PqYyhDtPpEaa7WjAIAfuovfthWXHywcdLeQv6yC8OYA78BKmlg/35 HEZJsJq8j52UPfCBAAdHuXUpcLPHImu14ajgRPV1d3CMIrmfylho0od69hNwQL3CWAOscmUkq lmwG+2VFwmlTQtLu7O/H9lMDdRg6z5tpzioBxvmq8hieTVUuBSnUPhLa9JjtUlT5vABKuBibt TJ5qZIX36ACgvN9ADHoOoKywdDnCTtcofQJnarmU3eBAjNynozDeBn7/roGBG4qkDm2tE5xha Ll592kBZW9KiO/7b79UP8oOeSf9SoElbgTOMpNCzSA7d9psyVJY3w8Q8bdKE7jIzPsGZJd+WI T/zuBLGtKbbMfIYFPwB6Cgh5bTD1rlx4XcBbCP/hY17C6r2cm4Gv6+k1/CJIp9Qn/dTzBSAOp g0ZEmJTQ24EhJ8scwekCIyV4MEZvXJI+40pc54w== Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=212.227.17.21; envelope-from=pierre.langlois@gmx.com; helo=mout.gmx.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/18 05:21:34 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -35 X-Spam_score: -3.6 X-Spam_bar: --- X-Spam_report: (-3.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -2.4 (--) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=gmx.net header.s=badeba3b8450 header.b=SfwQ4Rjp; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: 2.49 X-TUID: ZMhoRKMi3EXq Hi Brendan, Brendan Tildesley writes: > I should apologise. I also prepared this same patch to submit over a > year or two ago but ended up neglecting it. I also discovered these two > CVE patches (attached) from another distribution that i was going to > add. Perhaps the best solution is to switch to git-reference and choose > a more recent commit that includes all these fixes. Your patch is in > master at > https://github.com/taglib/taglib/commit/9336c82da3a04552168f208cd7a5fa46= 46701ea4 > and the two I attached are also in master. No worries! Yeah I think it's a good to just use a git-reference in this case, I'll try that and submit another patch, thanks for the suggestion! Pierre