- Added patches:
* CVE-2017-11332.patch: Fixed the startread function in wav.c, which allowed
remote attackers to cause a DoS (divide-by-zero) via a crafted wav file.
(CVE-2017-11332 bsc#1081140)
* CVE-2017-11358.patch: Fixed the read_samples function in hcom.c, which
allowed remote attackers to cause a DoS (invalid memory read) via a crafted
hcom file. (CVE-2017-11358 bsc#1081141)
* CVE-2017-11359.patch: Fixed the wavwritehdr function in wav.c, which
allowed remote attackers to cause a DoS (divide-by-zero) when converting a
a crafted snd file to a wav file. (CVE-2017-11359 bsc#1081142)
* CVE-2017-15370.patch: Fixed a heap-based buffer overflow in the ImaExpandS
function of ima_rw.c, which allowed remote attackers to cause a DoS during
conversion of a crafted audio file. (CVE-2017-15370 bsc#1063439)
* CVE-2017-15371.patch: Fixed an assertion abort in the function
sox_append_comment() in formats.c, which allowed remote attackers to cause
a DoS during conversion of a crafted audio file. (CVE-2017-15371
bsc#1063450)
* CVE-2017-15372.patch: Fixed a stack-based buffer overflow in the
lsx_ms_adpcm_block_expand_i function of adpcm.c, which allowed remote
attackers to cause a DoS during conversion of a crafted audio file.
(CVE-2017-15372 bsc#1063456)
* CVE-2017-15642.patch: Fixed an Use-After-Free vulnerability in
lsx_aiffstartread in aiff.c, which could be triggered by an attacker by
providing a malformed AIFF file. (CVE-2017-15642 bsc#1064576)
* CVE-2017-18189.patch: Fixed a NULL pointer dereference triggered by a
corrupt header specifying zero channels in the startread function in
xa.c, which allowed remote attackers to cause a DoS (CVE-2017-18189
bsc#1081146).
- Removed sox-doublefree.patch
OBS-URL: https://build.opensuse.org/request/show/576951
OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/sox?expand=0&rev=38
- Update to version 14.4.1
o Fix pipe file-type detection regression
o MAUD write fixes
o Fix crash when seeking within a FLAC file
o Fix Ogg Vorbis files with certain numbers of channels being
truncated
o Fix reading 64-bit float WAVs
o Fix potential buffer overrun when writing FLAC files directly via
sox_write()
o Check whether pulseaudio is available before choosing it as
default
o Restore 8 seconds default for spectrogram, if the input length is
not known
o Set output length for splice to unknown instead of 0
o Increase maximum width for spectrograms
o Fix memory leaks in LADSPA effect
o Fix hang in several effects (rate, tempo, and those based on
dft_filter) when processing long files
o Prevent (m)compand from tampering with their arguments
o Fix input length calculation for combine methods other than
concatenate
o Fix to configure.ac to work with Autoconf 2.69
- Rebase sox-14.4.0-ocloexec.patch (forwarded request 198562 from RedDwarf)
OBS-URL: https://build.opensuse.org/request/show/198881
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sox?expand=0&rev=36
- Update to version 14.4.1
o Fix pipe file-type detection regression
o MAUD write fixes
o Fix crash when seeking within a FLAC file
o Fix Ogg Vorbis files with certain numbers of channels being
truncated
o Fix reading 64-bit float WAVs
o Fix potential buffer overrun when writing FLAC files directly via
sox_write()
o Check whether pulseaudio is available before choosing it as
default
o Restore 8 seconds default for spectrogram, if the input length is
not known
o Set output length for splice to unknown instead of 0
o Increase maximum width for spectrograms
o Fix memory leaks in LADSPA effect
o Fix hang in several effects (rate, tempo, and those based on
dft_filter) when processing long files
o Prevent (m)compand from tampering with their arguments
o Fix input length calculation for combine methods other than
concatenate
o Fix to configure.ac to work with Autoconf 2.69
- Rebase sox-14.4.0-ocloexec.patch
OBS-URL: https://build.opensuse.org/request/show/198562
OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/sox?expand=0&rev=28
- Update to version 14.4.0
o Add floating point encodings in AIFF-C files.
o Pad WAV data chunks to an even number of bytes.
o Made Pulse Audio driver the default driver.
o Lots of improvements to man pages.
o New upsample, hilbert, and downsample effects.
o Fix fading bugs.
o Enable --plot on biquad and fir effects.
o Now effects chain can be unlimitted length.
o Fix newfile/restart effects when merging or mixing files.
o Fix crash in compand and mcompand effect.
o Improved audio length calculations when using effects.
o New trim effect with enhanced capabilities.
o Improved large file support.
o MP2 write support.
- Split librarires to follow SLPP
- Optionally enable twolame support
- Use pkgconfig() style BuildRequires
- Update ocloexec patch to apply to the new version
- Remove audioio.h/sunaudio support
- Remove unneeded ncurses BuildRequire
- Remove patches not needed anymore (sox-14.3.2-new_ffmpeg.patch,
sox-14.3.1-undefined.patch and sox-14.3.1-aliasing.patch) (forwarded request 113678 from RedDwarf)
OBS-URL: https://build.opensuse.org/request/show/113699
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sox?expand=0&rev=31
- Update to version 14.4.0
o Add floating point encodings in AIFF-C files.
o Pad WAV data chunks to an even number of bytes.
o Made Pulse Audio driver the default driver.
o Lots of improvements to man pages.
o New upsample, hilbert, and downsample effects.
o Fix fading bugs.
o Enable --plot on biquad and fir effects.
o Now effects chain can be unlimitted length.
o Fix newfile/restart effects when merging or mixing files.
o Fix crash in compand and mcompand effect.
o Improved audio length calculations when using effects.
o New trim effect with enhanced capabilities.
o Improved large file support.
o MP2 write support.
- Split librarires to follow SLPP
- Optionally enable twolame support
- Use pkgconfig() style BuildRequires
- Update ocloexec patch to apply to the new version
- Remove audioio.h/sunaudio support
- Remove unneeded ncurses BuildRequire
- Remove patches not needed anymore (sox-14.3.2-new_ffmpeg.patch,
sox-14.3.1-undefined.patch and sox-14.3.1-aliasing.patch)
OBS-URL: https://build.opensuse.org/request/show/113678
OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/sox?expand=0&rev=22
