-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Jun 2026 20:46:00 +0200
Source: id3lib3.8.3
Architecture: source
Version: 3.8.3-23
Distribution: unstable
Urgency: low
Maintainer: Martin A. Godisch <godisch@debian.org>
Changed-By: Martin A. Godisch <godisch@debian.org>
Changes:
id3lib3.8.3 (3.8.3-23) unstable; urgency=low
.
* 70-warn-on-unsupported-id3v2-version.patch: make the unsupported-version
notice opt-in. It is now printed only when the ID3LIB_WARN_UNSUPPORTED
environment variable is set; by default the library stays silent. A shared
library must not write to stderr unsolicited, and ID3v2.4 tags are common,
so the previous unconditional notice was a behaviour regression for every
caller. Parsing behaviour is unchanged. Re: #449186 (still not closed).
* 67-fix-utf8-text-encoding.patch, 68-fix-utf16be-text-encoding.patch:
complete the DEP-3 headers (Last-Update, Bug-Debian). Document in 68-* that
the UTF-16BE round-trip relies on a little-endian host and is therefore not
byte-correct on big-endian architectures (e.g. s390x); this is still an
improvement over silently dropping UTF-16BE text and is left as a known
limitation rather than risking the working UTF-16 path.
* Add an autopkgtest (debian/tests/): render/parse round-trip checks for the
ISO-8859-1, UTF-8, UTF-16 and UTF-16BE text encodings, plus a guard that
ID3_Tag::Size() is never smaller than ID3_Tag::Render() writes (see below).
This gives the encoding fixes (#213239 and the companion UTF-16BE work)
regression coverage that upstream lacks: "make check" only builds the
example programs, it does not run them.
* 72-fix-render-buffer-overflow.patch: fix a heap buffer overflow in the
documented rendering idiom. ID3_Tag::Render(uchar*) does not bounds-check
its buffer, and callers size that buffer with ID3_Tag::Size(), but Size()
reported fewer bytes than Render() actually writes (by ID3_TagHeader::SIZE
with padding on, and by up to ID3_PADMULTIPLE with padding off, because the
renderer always pads). Make Size() reproduce the renderer's size
calculation so it is a safe upper bound; the bytes written by Render() and
to files are unchanged.
* d/control: Set Rules-Requires-Root: no (the build needs no root).
Checksums-Sha1:
b00ed079016d47318be44ce1629545c167c64d83 2239 id3lib3.8.3_3.8.3-23.dsc
5feb82c976a63dd3c6a1995fd2511d2cae77c30c 23924 id3lib3.8.3_3.8.3-23.debian.tar.xz
ad13b219140b86415e44515f1ee88ea90ee8a35e 7990 id3lib3.8.3_3.8.3-23_amd64.buildinfo
Checksums-Sha256:
c455d14c8438ffa9ece38d0aed78487369f706117ac44fcbee2a9b52a392b237 2239 id3lib3.8.3_3.8.3-23.dsc
b6d06112e4885c78b3f96d23bb21fde86cb56c132076f7778db036f1db6b7b08 23924 id3lib3.8.3_3.8.3-23.debian.tar.xz
e46adc7cf3cf5e87ee9b652aaa0997890001a98e43c9cd680792a84625d30e1e 7990 id3lib3.8.3_3.8.3-23_amd64.buildinfo
Files:
9e9d5ceb941203bd7001082ed6b76b7d 2239 libs optional id3lib3.8.3_3.8.3-23.dsc
74c6384c512244a0dd1d5f41c12cf04e 23924 libs optional id3lib3.8.3_3.8.3-23.debian.tar.xz
614d998194f32ff2d3f07bc6791c93c5 7990 libs optional id3lib3.8.3_3.8.3-23_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEGEIyO0/Pm5CZX6F/o1C5kfBaSFcFAmo24IoTHGdvZGlzY2hA
ZGViaWFuLm9yZwAKCRCjULmR8FpIV8OjD/90UWdhqQ3Hqhl6BlfBUHHybRlGGKGM
GTz2WWRY+CCxOI329suE5x1/8y8IAtZ0gJaB+YTeuqf2NUEHf4v2KoM0dkCMdash
iqJ87aKEp45lSTL+9+NPJEh5xTGmYW5Q8uBHRBFuRiO8aKqHRnLF/ABZKoRiI+Lv
doZoDTwzC65vtM1ePEJnB+SV2o2jSUkUAkUn2qxVJxf4CnZnOyMoS3/mjbD/AwHI
w6MKlRkcrSLAzTFK6GEJ+aSnmcHz0qKEKycSJDfxelL0uO6Umm3x6oodFPNyva8q
/GIZz/a4yTt2BAjkA019Zbfim7OTLT4SS6Ok2EWxTyFZFeHhco/AINLNRK32g7MC
Wka3ZlBhuPoUsRJB+Gn2cXrS3W6uqdvMUdan02ZEKleXn8W5Pydjwci1Ltu+/vMP
i+Z+VAhTsfpuGEfAjq4jeVsObMZNT8bjjiQWpKJ4RViCAQZZf4+vEFtuZ0ZN/w0D
A1zXMXnWvLhrTjtBG1NGKa857SVxFWCGR7eROxQ1xkQGvl4ZNc+8pmcECBsXa6sU
LOQyIYwkKuAktEukDQOXBty4IdSRl2GlwWUoqy4ems2l/OQiMgc05H9Kps9iBglz
ex5NsK4rJeTVIGsy3tWwFcTiH3SUMAsB24P8M1xL4HI6aBWlCrLaaq3o6fcWJ8zf
2HcA2ZJmBxTGZw==
=6Gg7
-----END PGP SIGNATURE-----
