Accepting request 655068 from home:plater

Update to 1.11.1+git20181028 and add taglib-versionbump.patch to enable qt5 clementine to build with system taglib. Removed incorporated taglib-CVE-2017-12678.patch, taglib-CVE-2018-11439.patch and taglib-fix-ogg.patch. OBS-URL: https://build.opensuse.org/request/show/655068 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/taglib?expand=0&rev=80
2018-12-05 09:38:59 +00:00 · 2018-12-05 09:38:59 +00:00 · 13a7a3fa14
commit 13a7a3fa14
parent a11ee6a228
8 changed files with 53 additions and 115 deletions
--- a/taglib-1.11.1+git20181028.tar.gz
+++ b/taglib-1.11.1+git20181028.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:50fb6715272818c043d7c71f8d9ffb0c8364992a6121bc209e2ff81632994f9c
+size 1299993
--- a/taglib-1.11.1.tar.gz
+++ b/taglib-1.11.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b6d1a5a610aae6ff39d93de5efd0fdc787aa9e9dc1e7026fa4c961b26563526b
-size 1261620
--- a/taglib-CVE-2017-12678.patch
+++ b/taglib-CVE-2017-12678.patch
@ -1,35 +0,0 @@
-https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6
-
-From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001
-From: "Stephen F. Booth" <me@sbooth.org>
-Date: Sun, 23 Jul 2017 10:11:09 -0400
-Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame
-
-If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame
-which causes problems in rebuildAggregateFrames() when it is assumed
-that TDRC is a TextIdentificationFrame
---
- taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp
-index 759a9b7b..9347ab86 100644
--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
-+++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
-@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const
-      tag->frameList("TDAT").size() == 1)
-   {
-     TextIdentificationFrame *tdrc =
-      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
-+      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
-     UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
- 
-    if(tdrc->fieldList().size() == 1 &&
-+    if(tdrc &&
-+       tdrc->fieldList().size() == 1 &&
-        tdrc->fieldList().front().size() == 4 &&
-        tdat->data().size() >= 5)
-     {
-- 
-2.13.1
-
--- a/taglib-CVE-2018-11439.patch
+++ b/taglib-CVE-2018-11439.patch
@ -1,41 +0,0 @@
-From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001
-From: Scott Gayou <github.scott@gmail.com>
-Date: Mon, 4 Jun 2018 11:34:36 -0400
-Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
-
-CVE-2018-11439 is caused by a failure to check the minimum length
-of a ogg flac header. This header is detailed in full at:
-https://xiph.org/flac/ogg_mapping.html. Added more strict checking
-for entire header.
---
- taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
-index 53d04508a..07ea9dccc 100644
--- a/taglib/ogg/flac/oggflacfile.cpp
-+++ b/taglib/ogg/flac/oggflacfile.cpp
-@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
- 
-   if(!metadataHeader.startsWith("fLaC"))  {
-     // FLAC 1.1.2+
-+    // See https://xiph.org/flac/ogg_mapping.html for the header specification.
-+    if(metadataHeader.size() < 13)
-+      return;
-+
-+    if(metadataHeader[0] != 0x7f)
-+      return;
-+
-     if(metadataHeader.mid(1, 4) != "FLAC")
-       return;
- 
-    if(metadataHeader[5] != 1)
-      return; // not version 1
-+    if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
-+      return; // not version 1.0
-+
-+    if(metadataHeader.mid(9, 4) != "fLaC")
-+      return;
- 
-     metadataHeader = metadataHeader.mid(13);
-   }
--- a/taglib-fix-ogg.patch
+++ b/taglib-fix-ogg.patch
@ -1,25 +0,0 @@
-From 9336c82da3a04552168f208cd7a5fa4646701ea4 Mon Sep 17 00:00:00 2001
-From: Tsuda Kageyu <tsuda.kageyu@gmail.com>
-Date: Thu, 1 Dec 2016 11:32:01 +0900
-Subject: [PATCH] Fix possible Ogg packet losses.
-
---
- taglib/ogg/oggfile.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/taglib/ogg/oggfile.cpp b/taglib/ogg/oggfile.cpp
-index 86b0b076..c36e4d46 100644
--- a/taglib/ogg/oggfile.cpp
-+++ b/taglib/ogg/oggfile.cpp
-@@ -253,7 +253,7 @@ void Ogg::File::writePacket(unsigned int i, const ByteVector &packet)
-   ByteVectorList packets = firstPage->packets();
-   packets[i - firstPage->firstPacketIndex()] = packet;
- 
-  if(firstPage != lastPage && lastPage->packetCount() > 2) {
-+  if(firstPage != lastPage && lastPage->packetCount() > 1) {
-     ByteVectorList lastPagePackets = lastPage->packets();
-     lastPagePackets.erase(lastPagePackets.begin());
-     packets.append(lastPagePackets);
-- 
-2.19.1
-
--- a/taglib-versionbump.patch
+++ b/taglib-versionbump.patch
@ -0,0 +1,13 @@
+Index: taglib/toolkit/taglib.h
+===================================================================
+--- taglib/toolkit/taglib.h.orig	2018-10-28 15:43:45.000000000 +0200
+++ taglib/toolkit/taglib.h	2018-11-03 14:59:44.431327422 +0200
+@@ -30,7 +30,7 @@
+ 
+ #define TAGLIB_MAJOR_VERSION 1
+ #define TAGLIB_MINOR_VERSION 11
+-#define TAGLIB_PATCH_VERSION 1
+#define TAGLIB_PATCH_VERSION 2
+ 
+ #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 1)) || defined(__clang__)
+ #define TAGLIB_IGNORE_MISSING_DESTRUCTOR _Pragma("GCC diagnostic ignored \"-Wnon-virtual-dtor\"")
--- a/taglib.changes
+++ b/taglib.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Wed Dec  5 09:07:42 UTC 2018 - davejplater@gmail.com
+
+- Update to 1.11.1+git20181028 and add taglib-versionbump.patch to
+  enable qt5 clementine to build with system taglib.
+- Removed incorporated taglib-CVE-2017-12678.patch,
+  taglib-CVE-2018-11439.patch and taglib-fix-ogg.patch.
+- Upstream changes:
+  *Added support for DSF and DSDIFF files.
+  *Added support for WinRT.
+  *Added support for classical music tags of iTunes 12.5.
+  *Added support for file descriptor to FileStream.
+  *Added support for 'cmID', 'purl', 'egid' MP4 atoms.
+  *Enabled FileRef to detect file types based on the stream content.
+  *Check for mandatory header objects in ASF files.
+  *Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439).
+  *Fixed handling of empty MPEG files.
+  *Fixed reading MP4 atoms with zero length.
+  *Fixed reading FLAC files with zero-sized seektables.
+  *Fixed handling of lowercase field names in Vorbis Comments.
+  *Fixed handling of 'rate' atoms in MP4 files.
+  *Fixed handling of invalid UTF-8 sequences.
+  *Fixed possible file corruptions when saving Ogg files.
+  *TableOfContentsFrame::toString() improved.
+  *UserTextIdentificationFrame::toString() improved.
+  *Marked FileRef::create() deprecated.
+  *Several smaller bug fixes and performance improvements.
+
 -------------------------------------------------------------------
 Tue Nov 13 22:29:57 UTC 2018 - Jonas Kvinge <jonas@jkvinge.net>

--- a/taglib.spec
+++ b/taglib.spec
@ -12,24 +12,24 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #


+%define rev 5cb589a5b82c13ba8f0542e5e79629da7645cb3c
+
 Name:           taglib
-Version:        1.11.1
+Version:        1.11.1+git20181028
 Release:        0
 Summary:        Audio Meta-Data Library
 License:        LGPL-2.1-or-later AND MPL-1.1
 Group:          Productivity/Multimedia/Other
 URL:            http://taglib.github.io/
-Source0:        http://taglib.github.io/releases/%{name}-%{version}.tar.gz
+Source0:        https://github.com/taglib/taglib/archive/%{rev}.tar.gz#/%{name}-%{version}.tar.gz
+#Source0:        http://taglib.github.io/releases/%%{name}-%%{version}.tar.gz
 Source1:        %{name}.desktop
 Source100:      baselibs.conf
-# PATCH-FIX-SECURITY taglib-CVE-2017-12678.patch bsc1052699 CVE-2017-12678 sbrabec@suse.com -- Prevent denial of service.
-Patch0:         taglib-CVE-2017-12678.patch
-Patch1:         taglib-CVE-2018-11439.patch
-Patch2:         taglib-fix-ogg.patch
+Patch0:         taglib-versionbump.patch
 BuildRequires:  cmake >= 2.8
 BuildRequires:  doxygen
 BuildRequires:  fdupes
@ -92,10 +92,8 @@ Obsoletes:      taglib-devel <= 1.6.3
 This package contains development files for taglib.

 %prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
+%setup -q -n %{name}-%{rev}
+%patch0 -p0

 %build
 %cmake \