feat: update sox to 14.4.2+git20190427-5

debian/changelog

@@ -1,3 +1,107 @@
+sox (14.4.2+git20190427-5) unstable; urgency=medium
+
+  * Team upload
+  * Add patch to fix compilation with gcc-14 (Closes: #1075528).
+  * Add patch to fix vorbis memory leaks (Closes: #1029974).
+  * Enable support for Opus (Closes: #905166).
+  * Add "Build-Depends-Package" to symbols file.
+
+ -- Joachim Bauch <fancycode@debian.org>  Fri, 04 Oct 2024 21:40:28 +0200
+
+sox (14.4.2+git20190427-4) unstable; urgency=medium
+
+  * Team upload
+
+  [ Debian Janitor ]
+  * Update standards version to 4.6.1, no changes needed.
+  * Avoid explicitly specifying -Wl,--as-needed linker flag.
+  * Remove constraints unnecessary since buster (oldstable)
+
+  [ Sebastian Ramacher ]
+  * debian/control:
+    - Bump Standards-Version
+    - Bump debhelper compat to 13
+  * debian/patches: Refresh patches
+
+  [ Bastien Roucariès ]
+  * Add patch for CVE-2023-32627 (Closes: #1041112)
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Sat, 11 Nov 2023 18:26:02 +0100
+
+sox (14.4.2+git20190427-3.5) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix regression in wav-gsm decodeing introduced via fixing CVE-2021-33844.
+    (Closes: #1032082)
+
+ -- Helmut Grohne <helmut@subdivi.de>  Sun, 12 Mar 2023 10:07:49 +0100
+
+sox (14.4.2+git20190427-3.4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Ignore test failure on all mipsen (Addresses: #1030674)
+
+ -- Helmut Grohne <helmut@subdivi.de>  Tue, 07 Feb 2023 22:21:09 +0100
+
+sox (14.4.2+git20190427-3.3) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Ignore test failure on mips64el (Addresses: #1030674)
+
+ -- Helmut Grohne <helmut@subdivi.de>  Mon, 06 Feb 2023 13:02:25 +0100
+
+sox (14.4.2+git20190427-3.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Drop the CVE-unasssigned patch together with my own unnecessary change
+    introducing the vulnerability: The buffer is overallocated by 16-1 bytes
+    already and we don't overflow if we don't add to it.
+  * Replace CVE-2017-11358 patch with the non-broken one from upstream
+  * Fix big endian 64bit FTBFS: Import upstream patch to fix hcom writing
+  * Improve CVE-2021-23159 patch to also reject empty dictionaries.
+    The incomplete fix would allow an out-of-bounds read.
+  * Improve CVE-2021-3643 patch to also reject word width 1.
+    The incomplete fix would allow an out-of-bounds read.
+
+ -- Helmut Grohne <helmut@subdivi.de>  Sun, 05 Feb 2023 13:13:59 +0100
+
+sox (14.4.2+git20190427-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix some resource leaks.
+  * Fix regression in hcom reader introduced via CVE-2017-11358. (Closes:
+    #933372)
+  * Enable test suite.
+  * Fix CVE-2021-3643 and CVE-2021-23210: voc validation (Closes: #1010374)
+  * Fix CVE-2021-23159 and CVE-2021-23172: hcom validation
+    (Closes: #1021133, #1021134)
+  * Fix CVE-2021-33844: wav validation (Closes: #1021135)
+  * Fix CVE-2021-40426: sphere validation (Closes: #1012138)
+  * Fix CVE-2022-31650: aiff validation (Closes: #1012516)
+  * Fix CVE-2022-31651: reject implausible rate (Closes: #1012516)
+  * Fix CVE-unasssigned: integer overflow
+  * Silence dh_missing
+  * Add an autopkgtest
+
+ -- Helmut Grohne <helmut@subdivi.de>  Fri, 03 Feb 2023 10:21:33 +0100
+
+sox (14.4.2+git20190427-3) unstable; urgency=medium
+
+  * Team upload
+
+  [ Debian Janitor ]
+  * Drop no longer supported add-log-mailing-address setting from
+    debian/changelog.
+  * Fix day-of-week for changelog entries 12.16-1, 12.14-1, 11gamma-cb3-
+    5, 11gamma-cb3-4.
+
+  [ Sebastian Ramacher ]
+  * debian/control:
+    - Bump Standards-Version
+    - Replace libltdl3-dev with libltdl-dev
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Wed, 06 Apr 2022 10:10:57 +0200
+
 sox (14.4.2+git20190427-2) unstable; urgency=medium
 
   [ Ondřej Nový ]
@@ -887,7 +991,7 @@ sox (12.16-1) unstable; urgency=low
     moved to debhelper, added libst.a to package, fixed #40849
     stereo to mono conversion does not work.
 
- -- Guenter Geiger <geiger@debian.org>  Tue, 22 Jul 1999 14:30:00 +0200
+ -- Guenter Geiger <geiger@debian.org>  Thu, 22 Jul 1999 14:30:00 +0200
 
 sox (12.15-2) unstable; urgency=low
 
@@ -911,22 +1015,22 @@ sox (12.14-1) unstable; urgency=low
 
   * new upstream version with most of Debian patches included
 
- -- Geiger Guenter <geiger@iem.mhsg.ac.at>  Tue, 18 May 1998 8:50:00 +0100
+ -- Geiger Guenter <geiger@iem.mhsg.ac.at>  Mon, 18 May 1998 08:50:00 +0100
 
 
 sox (11gamma-cb3-5) unstable; urgency=low
 
   * Close bug Bug#18608: sox: postinst script failure
     Bug#18623: sox: bad postinst
 
- -- Geiger Guenter <geiger@iem.mhsg.ac.at>  Sun, 26 Feb 1998 8:50:00 +0100
+ -- Geiger Guenter <geiger@iem.mhsg.ac.at>  Thu, 26 Feb 1998 08:50:00 +0100
 
 
 sox (11gamma-cb3-4) unstable; urgency=low
 
   * Close bug Bug#18150: register "play" with mime-support
 
- -- Geiger Guenter <geiger@iem.mhsg.ac.at>  Sun, 13 Feb 1998 12:05:00 +0100
+ -- Geiger Guenter <geiger@iem.mhsg.ac.at>  Fri, 13 Feb 1998 12:05:00 +0100
 
 sox (11gamma-cb3-3) unstable; urgency=low
 
@@ -962,7 +1066,3 @@ sox (11gamma-cb3-0.0) unstable; urgency=low
   * Closes bugs #9451, #11724.
 
  -- Joey Hess <joeyh@master.debian.org>  Sat, 30 Aug 1997 20:48:47 -0400
-
-Local variables:
-mode: debian-changelog
-End:

debian/control

@@ -5,26 +5,28 @@ Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
 Uploaders:
  Dennis Braun <d_braun@kabelmail.de>,
  Jaromír Mikeš <mira.mikes@seznam.cz>
-Build-Depends: debhelper-compat (= 12),
+Build-Depends: debhelper-compat (= 13),
                ladspa-sdk,
                libao-dev,
                libasound2-dev [linux-any],
                libgsm1-dev,
                libid3tag0-dev,
-               libltdl3-dev,
+               libltdl-dev,
                libmad0-dev,
                libmagic-dev,
                libmp3lame-dev,
                libopencore-amrnb-dev,
                libopencore-amrwb-dev,
+               libopusfile-dev,
                libpng-dev,
                libpulse-dev,
                libsamplerate0-dev,
-               libsndfile1-dev (>= 1.0.12),
+               libsndfile1-dev,
                libtwolame-dev,
                libvorbis-dev,
-               libwavpack-dev
-Standards-Version: 4.5.0
+               libwavpack-dev,
+               time <!nocheck>,
+Standards-Version: 4.6.2
 Vcs-Git: https://salsa.debian.org/multimedia-team/sox.git
 Vcs-Browser: https://salsa.debian.org/multimedia-team/sox
 Homepage: https://sox.sourceforge.io/
@@ -131,6 +133,18 @@ Description: SoX MP2 and MP3 format library
  libmad: https://www.underbit.com/products/mad/
  lame: https://lame.sourceforge.io
 
+Package: libsox-fmt-opus
+Architecture: any
+Multi-Arch: same
+Section: libs
+Depends: ${misc:Depends}, ${shlibs:Depends}
+Description: SoX Opus format library
+ SoX is the swiss army knife of sound processing.
+ .
+ This package contains the SoX Opus format library.
+ .
+ Opus: http://www.opus-codec.org/
+
 Package: libsox-fmt-oss
 Architecture: any
 Multi-Arch: same
@@ -164,6 +178,7 @@ Depends: libsox-fmt-alsa (= ${binary:Version}) [linux-any],
          libsox-fmt-ao (= ${binary:Version}),
          libsox-fmt-base (= ${binary:Version}),
          libsox-fmt-mp3 (= ${binary:Version}),
+         libsox-fmt-opus (= ${binary:Version}),
          libsox-fmt-oss (= ${binary:Version}),
          libsox-fmt-pulse (= ${binary:Version}),
          ${misc:Depends}

debian/libsox-fmt-opus.install

@@ -0,0 +1 @@
+usr/lib/*/sox/libsox_fmt_opus.so*

debian/libsox3.symbols

@@ -1,4 +1,5 @@
 libsox.so.3 libsox3 #MINVER#
+* Build-Depends-Package: libsox-dev
  lsx_check_read_params@Base 14.4.2~
  lsx_close_dllibrary@Base 14.4.2~
  lsx_debug_impl@Base 14.4.2~
@@ -91,4 +92,3 @@ libsox.so.3 libsox3 #MINVER#
  sox_version_info@Base 14.4.2~
  sox_write@Base 14.4.2~
  sox_write_handler@Base 14.4.2~
-

debian/not-installed

@@ -0,0 +1,2 @@
+usr/lib/*/libsox.la
+usr/lib/*/sox/libsox_fmt_*.la

debian/patches/0001-fix-build.patch

@@ -1,15 +1,16 @@
-Description: fix build
-Author: Mans Rullgard <mans@mansr.com>
-Forwarded: not-needed
+From: Mans Rullgard <mans@mansr.com>
+Date: Sat, 11 Nov 2023 18:18:39 +0100
+Subject: fix build
 
+Forwarded: not-needed
 ---
  src/Makefile.am | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-Index: sox/src/Makefile.am
-===================================================================
---- sox.orig/src/Makefile.am
-+++ sox/src/Makefile.am
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 7cceaaf..a3a04ed 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
 @@ -95,7 +95,7 @@ libsox_la_LIBADD += @GOMP_LIBS@
 
  libsox_la_CFLAGS = @WARN_CFLAGS@

debian/patches/0003-spelling.patch → debian/patches/0002-spelling.patch

@@ -1,11 +1,21 @@
-Description: spelling fixes
-Author: Jaromír Mikeš <mira.mikes@seznam.cz>
+From: =?utf-8?b?SmFyb23DrXIgTWlrZcWh?= <mira.mikes@seznam.cz>
+Date: Sat, 11 Nov 2023 18:18:40 +0100
+Subject: spelling fixes
+
 Forwarded: sox-devel@lists.sourceforge.net
+---
+ ChangeLog  | 2 +-
+ libsox.3   | 2 +-
+ libsox.txt | 2 +-
+ src/fap.c  | 2 +-
+ src/paf.c  | 2 +-
+ src/wav.c  | 2 +-
+ 6 files changed, 6 insertions(+), 6 deletions(-)
 
-Index: sox/ChangeLog
-===================================================================
---- sox.orig/ChangeLog
-+++ sox/ChangeLog
+diff --git a/ChangeLog b/ChangeLog
+index 809b43f..dc79b9a 100644
+--- a/ChangeLog
++++ b/ChangeLog
 @@ -972,7 +972,7 @@ sox-12.18.1	2006-05-07
 
    o The "filter" effect could go into infinite drain mode.  Now
@@ -15,11 +25,11 @@ Index: sox/ChangeLog
      effect drain operations.  This was bad if effects had
      bugs and stuck in infinite loop.
    o Stop SoX from crashing when file type could not be auto
-Index: sox/libsox.3
-===================================================================
---- sox.orig/libsox.3
-+++ sox/libsox.3
-@@ -175,7 +175,7 @@ failures. Currently, relies on \fBsox_wa
+diff --git a/libsox.3 b/libsox.3
+index 1233bc7..2af8448 100644
+--- a/libsox.3
++++ b/libsox.3
+@@ -175,7 +175,7 @@ failures. Currently, relies on \fBsox_warn\fR to print information.
  successfully read or written. If an error occurs, or the end-of-file
  is reached, the return value is a short item count or SOX_EOF. TODO:
  \fBsox_read\fR does not distiguish between end-of-file and error. Need
@@ -28,10 +38,10 @@ Index: sox/libsox.3
  .P
  Upon successful completion \fBsox_close\fR returns 0. Otherwise, SOX_EOF
  is returned. In either case, any further access (including another
-Index: sox/libsox.txt
-===================================================================
---- sox.orig/libsox.txt
-+++ sox/libsox.txt
+diff --git a/libsox.txt b/libsox.txt
+index dc627fc..742c654 100644
+--- a/libsox.txt
++++ b/libsox.txt
 @@ -148,7 +148,7 @@ RETURN VALUE
         or  written.  If  an  error  occurs, or the end-of-file is reached, the
         return value is a short item count or SOX_EOF. TODO: sox_read does  not
@@ -41,10 +51,10 @@ Index: sox/libsox.txt
 
         Upon successful completion sox_close returns 0. Otherwise,  SOX_EOF  is
         returned. In either case, any further access (including another call to
-Index: sox/src/fap.c
-===================================================================
---- sox.orig/src/fap.c
-+++ sox/src/fap.c
+diff --git a/src/fap.c b/src/fap.c
+index cc32a1a..6cb2521 100644
+--- a/src/fap.c
++++ b/src/fap.c
 @@ -26,7 +26,7 @@ LSX_FORMAT_HANDLER(fap)
    static sox_format_handler_t handler;
    handler = *lsx_sndfile_format_fn();
@@ -54,10 +64,10 @@ Index: sox/src/fap.c
    handler.names = names;
    handler.write_formats = write_encodings;
    return &handler;
-Index: sox/src/paf.c
-===================================================================
---- sox.orig/src/paf.c
-+++ sox/src/paf.c
+diff --git a/src/paf.c b/src/paf.c
+index e8e4c32..b1c5174 100644
+--- a/src/paf.c
++++ b/src/paf.c
 @@ -26,7 +26,7 @@ LSX_FORMAT_HANDLER(paf)
    static sox_format_handler_t handler;
    handler = *lsx_sndfile_format_fn();
@@ -67,11 +77,11 @@ Index: sox/src/paf.c
    handler.names = names;
    handler.write_formats = write_encodings;
    return &handler;
-Index: sox/src/wav.c
-===================================================================
---- sox.orig/src/wav.c
-+++ sox/src/wav.c
-@@ -442,7 +442,7 @@ static int findChunk(sox_format_t * ft,
+diff --git a/src/wav.c b/src/wav.c
+index 5202556..d935958 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -442,7 +442,7 @@ static int findChunk(sox_format_t * ft, const char *Label, uint64_t *len)
              }
              else
              {

debian/patches/0005-CVE-2017-15371.patch → debian/patches/0003-CVE-2017-15371.patch

@@ -1,4 +1,3 @@
-From 818bdd0ccc1e5b6cae742c740c17fd414935cf39 Mon Sep 17 00:00:00 2001
 From: Mans Rullgard <mans@mansr.com>
 Date: Sun, 5 Nov 2017 15:57:48 +0000
 Subject: [PATCH] flac: fix crash on corrupt metadata (CVE-2017-15371)
@@ -7,11 +6,11 @@ Subject: [PATCH] flac: fix crash on corrupt metadata (CVE-2017-15371)
  src/flac.c | 8 +++++---
  1 file changed, 5 insertions(+), 3 deletions(-)
 
-Index: sox/src/flac.c
-===================================================================
---- sox.orig/src/flac.c
-+++ sox/src/flac.c
-@@ -119,9 +119,10 @@ static void decoder_metadata_callback(FL
+diff --git a/src/flac.c b/src/flac.c
+index 0d7829e..07f45c1 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -119,9 +119,10 @@ static void decoder_metadata_callback(FLAC__StreamDecoder const * const flac, FL
      p->total_samples = metadata->data.stream_info.total_samples;
    }
    else if (metadata->type == FLAC__METADATA_TYPE_VORBIS_COMMENT) {
@@ -23,7 +22,7 @@ Index: sox/src/flac.c
        return;
 
      if (ft->oob.comments != NULL) {
-@@ -129,8 +130,9 @@ static void decoder_metadata_callback(FL
+@@ -129,8 +130,9 @@ static void decoder_metadata_callback(FLAC__StreamDecoder const * const flac, FL
        return;
      }