My plan for libvorbis towards Jessie
Petter Reinholdtsen
pere at hungry.com
Fri Oct 24 18:10:08 UTC 2014
[Ralph Giles]
> But you didn't say what symbol the type change occured on. Could you
> have been mistaken?
Sure, I could be mistaken, it is just a worry on my part. To me a
header file with a type change is a warning sign, not a conclusion.
And I did not have time to investigate, so I raised the question and
did not go any further with the upload. And as you will see below, I
conclude that my worries were without foundation. :)
> I've just diff'd include/vorbis/*.h between the libvorbis_1.3.2-2
> source package and a checkout of upstream trunk and there are no
> differences at all.
I did a similar thing (comparing the libvorbis-dev packages between
versions) and I agree. There is no user visible API change, and most
likely not a user visible ABI change.
> Perhaps you saw the codebook change? That's internal to the library.
> https://git.xiph.org/?p=mirrors/vorbis.git;a=commitdiff;h=7874c923e2c3548aedf24ab07d2695e7d344bdf1
Yes, that is the one I saw.
>> Is there some way to rule out ABI changes in the new version?
>
> I linked earlier to
> http://upstream-tracker.org/versions/libvorbis.html which is a site
> that tracks ABI changes. It shows no differences since 1.3.2, and
> there only the const-ification of the strings passed to the vorbisfile
> entry points, which is safe.
Right. After having time to look at the issue in more detail, I am
convinced that it _is_ safe to upload the new version, and will move
ahead with that tonight.
>> Which security fixes are currently missing in unstable?
>
> I don't remember in detail. I think the last major one was
> https://git.xiph.org/?p=mirrors/vorbis.git;a=commit;h=47156649a659381d5b90b82241bf43b32ff3cd98
>
> I see a patch for floor1 overflow, but not floor0.
>
> The codebook change was for memory footprint, I think.
Thank you for the information. It has been most valuable.
--
Happy hacking
Petter Reinholdtsen
More information about the pkg-xiph-maint
mailing list