Thu, 12 Dec 2024 14:58:41 UTC | login

Information for build sox-14.4.2.0-24.fc30

ID79839
Package Namesox
Version14.4.2.0
Release24.fc30
Epoch
SummaryA general purpose sound file conversion tool
DescriptionSoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects.
Built bydavidlt
State complete
Volume DEFAULT
StartedWed, 05 Dec 2018 03:49:19 UTC
CompletedWed, 05 Dec 2018 06:36:03 UTC
Taskbuild (f30-candidate, sox-14.4.2.0-24.fc30.src.rpm)
Tags
f30
f31
RPMs
src
sox-14.4.2.0-24.fc30.src.rpm (info) (download)
riscv64
sox-14.4.2.0-24.fc30.riscv64.rpm (info) (download)
sox-devel-14.4.2.0-24.fc30.riscv64.rpm (info) (download)
sox-debuginfo-14.4.2.0-24.fc30.riscv64.rpm (info) (download)
sox-debugsource-14.4.2.0-24.fc30.riscv64.rpm (info) (download)
Logs
riscv64
build.log
hw_info.log
mock_output.log
root.log
state.log
Changelog * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14.4.2.0-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Jun 15 2018 Richard Shaw <hobbes1069@gmail.com> - 14.4.2.0-23 - Add twolame-devel to build requirements now that it's in Fedora. * Wed Jun 06 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-22 - added patch that fixes: + "divide by zero in startread function in wav.c" (CVE-2017-11332) + "invalid memory read in read_samples function in hcom.c" (CVE-2017-11358) + "divide by zero in wavwritehdr function in wav.c" (CVE-2017-11359) resolves #1480674, #1480675, #1480676, and #1480678 * Sat Jun 02 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-21 - fix hunks in patches - prevents division by zero in src/ao.c + fixes/prevents "sox killed by SIGFPE (signal 8)" kind of bugs that appear randomly, depending on reporter's HW/environment/OS components + related bugs: #1309426, #1226675, #1540762, #1492910 * Wed Mar 21 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-20 - added patch that fixes WAV to HCOM conversion abortion on 64 bit big endian machines + resolves #1558887 * Mon Mar 19 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-19 - CVEs presence tests beakerized and moved to tests/ directory as CI tests - %check section: creating of additional binaries for testing was replaced by the libsox binary patch workaround hack; during the testing the hardcoded path to the directory with sox plugins is replaced for non-root alternative and hence running the tests under the mock is possible (before the binary patching, the backup of libsox is made, and at the end of tests it is restored); this decrease the build time of the package, but may increase the fragility of the package build process (future features in gcc toolchain may make the binary patching impossible/not working) * Thu Feb 22 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-18 - Added missing gcc dependency * Tue Feb 06 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-17 - SOX_PLUGINS environment variable is now used only while running %check during the package building; SOX_PLUGINS are now no longer available to users * Thu Feb 01 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-16 - added patch that disables hcom conversion tests on big endian architectures due to SIGABRT issues * Tue Jan 30 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-15 - added patch that fixes stack-overflow vulnerability in lsx_ms_adpcm_block_expand_i (CVE-2017-15372) + resolves #1500553, #1510919 - added patch that fixes use-after-free in lsx_aiffstartread (CVE-2017-15642) + resolves #1510923 - added patch that fixes incorrect FSF address in src/ladspa.h - added patch that introduces SOX_PLUGINS environment variable that overrides standard sox location for plugins - added patch that inserts $(DESTDIR) before ${bindir} in src/Makefile.am installcheck target - added tests that checks if previously fixed bugs remain fixed in newer releases - spec file changes: + suppressed rpmlint warning about bad Source URL + added comments to security patches + in %description: added missing sentence period + in %prep: suppressed "%setup is not quite" rpmlint warning + in %install: removed redundant slashes before %{_libdir} + added %check section * Wed Jan 10 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-14 - add patch to fix the heap-based buffer overflow in the ImaExpandS function (CVE-2017-15370) - resolves #1500554, #1510917 - sanitized macro-in-comment rpmlint warnings * Wed Jan 03 2018 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-13 - add patch to fix reachable assertion abort in function sox_append_comment (CVE-2017-15371) - resolves #1500570, #1510918 * Tue Dec 19 2017 Jiri Kucera <jkucera@redhat.com> - 14.4.2.0-12 - .gz suffix changed to .bz2 since the source archive is bzipped * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14.4.2.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14.4.2.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Wed May 17 2017 Frantisek Kluknavsky <fkluknav@redhat.com> - 14.4.2.0-9 - built with lame-devel * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 14.4.2.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Tue Dec 20 2016 Frantisek Kluknavsky <fkluknav@redhat.com> - 14.4.2.0-7 - play mp3 using libmad