Changelog for sox-devel-14.4.2-pm151.5.9.x86_64.rpm :

* Wed Feb 14 2018 kbabiochAATTsuse.com- Added patches:
* CVE-2017-11332.patch: Fixed the startread function in wav.c, which allowed remote attackers to cause a DoS (divide-by-zero) via a crafted wav file. (CVE-2017-11332 bsc#1081140)
* CVE-2017-11358.patch: Fixed the read_samples function in hcom.c, which allowed remote attackers to cause a DoS (invalid memory read) via a crafted hcom file. (CVE-2017-11358 bsc#1081141)
* CVE-2017-11359.patch: Fixed the wavwritehdr function in wav.c, which allowed remote attackers to cause a DoS (divide-by-zero) when converting a a crafted snd file to a wav file. (CVE-2017-11359 bsc#1081142)
* CVE-2017-15370.patch: Fixed a heap-based buffer overflow in the ImaExpandS function of ima_rw.c, which allowed remote attackers to cause a DoS during conversion of a crafted audio file. (CVE-2017-15370 bsc#1063439)
* CVE-2017-15371.patch: Fixed an assertion abort in the function sox_append_comment() in formats.c, which allowed remote attackers to cause a DoS during conversion of a crafted audio file. (CVE-2017-15371 bsc#1063450)
* CVE-2017-15372.patch: Fixed a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c, which allowed remote attackers to cause a DoS during conversion of a crafted audio file. (CVE-2017-15372 bsc#1063456)
* CVE-2017-15642.patch: Fixed an Use-After-Free vulnerability in lsx_aiffstartread in aiff.c, which could be triggered by an attacker by providing a malformed AIFF file. (CVE-2017-15642 bsc#1064576)
* CVE-2017-18189.patch: Fixed a NULL pointer dereference triggered by a corrupt header specifying zero channels in the startread function in xa.c, which allowed remote attackers to cause a DoS (CVE-2017-18189 bsc#1081146).- Removed sox-doublefree.patch
* Tue Dec 19 2017 meissnerAATTsuse.com- sox-doublefree.patch: initialize comment, it might get returned back with OK. (bsc#1064576 CVE-2017-15642)
* Fri Aug 25 2017 olafAATTaepfle.de- Enable lame/mad/twolame unconditionally- Remove ffmpeg/opus conditional because it is always present
* Mon Mar 06 2017 zaitorAATTopensuse.org- Replace libopus-devel with pkgconfig(opusfile) BuildRequires: this is what configure looks for, and will actually build the optional opus support as intended.
* Tue Sep 22 2015 mpluskalAATTsuse.com- Update to 14.4.2 o Add optional support for reading Ogg Opus files. o Fix for max size text chunks in aiff files. o Add reading support for RF64 WAV files. o Work around for libsndfile created RF64 files with invalid sizes. o Detect MS ADPCM WAV files with invalid blocks. o Detect Sphere files with invalid header sizes. o \'Deemph\' can now also be used at 48kHz sample rate. o \'Rate\' now much faster in many cases. o Allow sending spectrograms to stdout. o Allow use of Dolph window with spectrograms. o Allow mixing time and sample-count arguments for the delay effect, and for spectrogram -S and -d. o Support multi-channel LADSPA plugins. o Support infinite repetition with repeat. o Improved pink noise frequency response in synth. o Extended syntax for specifying audio positions to several effects. o Fix integer overflow in mcompand. [3590093] o Add optional latency compenstation for LADSPA plugins. o New -p option for soxi to display sample precision. o New libsox example6: give explicit output attributes. o Speed optimization for effects that operate on channels independently. o Fix memory leaks. o Most internal symbols (lsx_
*) are no longer exported.- Drop sox-14.4.0-ocloexec.patch as it brings little enhancement and there has been no activity at upstreaming it- Enable ffmpeg and opus by default
* Wed Sep 11 2013 reddwarfAATTopensuse.org- Update to version 14.4.1 o Fix pipe file-type detection regression o MAUD write fixes o Fix crash when seeking within a FLAC file o Fix Ogg Vorbis files with certain numbers of channels being truncated o Fix reading 64-bit float WAVs o Fix potential buffer overrun when writing FLAC files directly via sox_write() o Check whether pulseaudio is available before choosing it as default o Restore 8 seconds default for spectrogram, if the input length is not known o Set output length for splice to unknown instead of 0 o Increase maximum width for spectrograms o Fix memory leaks in LADSPA effect o Fix hang in several effects (rate, tempo, and those based on dft_filter) when processing long files o Prevent (m)compand from tampering with their arguments o Fix input length calculation for combine methods other than concatenate o Fix to configure.ac to work with Autoconf 2.69- Rebase sox-14.4.0-ocloexec.patch
* Thu Feb 07 2013 crrodriguezAATTopensuse.org- sox-14.4.0-ocloexec.patch: edited, config.h must be included _everywhere_ and GNU_SOURCE defined so O_CLOEXEC is available for all targets.
* Sat Nov 17 2012 crrodriguezAATTopensuse.org- Disable OSS support, alsa and pulse are enough for us now.
* Sat Apr 14 2012 reddwarfAATTopensuse.org- Update to version 14.4.0 o Add floating point encodings in AIFF-C files. o Pad WAV data chunks to an even number of bytes. o Made Pulse Audio driver the default driver. o Lots of improvements to man pages. o New upsample, hilbert, and downsample effects. o Fix fading bugs. o Enable --plot on biquad and fir effects. o Now effects chain can be unlimitted length. o Fix newfile/restart effects when merging or mixing files. o Fix crash in compand and mcompand effect. o Improved audio length calculations when using effects. o New trim effect with enhanced capabilities. o Improved large file support. o MP2 write support.- Split librarires to follow SLPP- Optionally enable twolame support- Use pkgconfig() style BuildRequires- Update ocloexec patch to apply to the new version- Remove audioio.h/sunaudio support- Remove unneeded ncurses BuildRequire- Remove patches not needed anymore (sox-14.3.2-new_ffmpeg.patch, sox-14.3.1-undefined.patch and sox-14.3.1-aliasing.patch)
* Sun Nov 27 2011 pascal.bleserAATTopensuse.org- fix build on < 12.1 by not applying the O_CLOEXEC patch there as it is not in the glibc- fix build on >= 12.1 by adding ncurses-devel to the BuildRequires