2018-02-14 - email@example.com
- Added patches:
* CVE-2017-11332.patch: Fixed the startread function in wav.c, which allowed
remote attackers to cause a DoS (divide-by-zero) via a crafted wav file.
* CVE-2017-11358.patch: Fixed the read_samples function in hcom.c, which
allowed remote attackers to cause a DoS (invalid memory read) via a crafted
hcom file. (CVE-2017-11358 bsc#1081141)
* CVE-2017-11359.patch: Fixed the wavwritehdr function in wav.c, which
allowed remote attackers to cause a DoS (divide-by-zero) when converting a
a crafted snd file to a wav file. (CVE-2017-11359 bsc#1081142)
* CVE-2017-15370.patch: Fixed a heap-based buffer overflow in the ImaExpandS
function of ima_rw.c, which allowed remote attackers to cause a DoS during
conversion of a crafted audio file. (CVE-2017-15370 bsc#1063439)
* CVE-2017-15371.patch: Fixed an assertion abort in the function
sox_append_comment() in formats.c, which allowed remote attackers to cause
a DoS during conversion of a crafted audio file. (CVE-2017-15371
* CVE-2017-15372.patch: Fixed a stack-based buffer overflow in the
lsx_ms_adpcm_block_expand_i function of adpcm.c, which allowed remote
attackers to cause a DoS during conversion of a crafted audio file.
* CVE-2017-15642.patch: Fixed an Use-After-Free vulnerability in
lsx_aiffstartread in aiff.c, which could be triggered by an attacker by
providing a malformed AIFF file. (CVE-2017-15642 bsc#1064576)
* CVE-2017-18189.patch: Fixed a NULL pointer dereference triggered by a
corrupt header specifying zero channels in the startread function in
xa.c, which allowed remote attackers to cause a DoS (CVE-2017-18189
- Removed sox-doublefree.patch
2017-12-19 - firstname.lastname@example.org
- sox-doublefree.patch: initialize comment, it might
get returned back with OK. (bsc#1064576 CVE-2017-15642)
2017-08-25 - email@example.com
- Enable lame/mad/twolame unconditionally
- Remove ffmpeg/opus conditional because it is always present
2017-03-06 - firstname.lastname@example.org
- Replace libopus-devel with pkgconfig(opusfile) BuildRequires:
this is what configure looks for, and will actually build the
optional opus support as intended.
2015-09-22 - email@example.com
- Update to 14.4.2
o Add optional support for reading Ogg Opus files.
o Fix for max size text chunks in aiff files.
o Add reading support for RF64 WAV files.
o Work around for libsndfile created RF64 files with invalid
o Detect MS ADPCM WAV files with invalid blocks.
o Detect Sphere files with invalid header sizes.
o 'Deemph' can now also be used at 48kHz sample rate.
o 'Rate' now much faster in many cases.
o Allow sending spectrograms to stdout.
o Allow use of Dolph window with spectrograms.
o Allow mixing time and sample-count arguments for the delay
effect, and for spectrogram -S and -d.
o Support multi-channel LADSPA plugins.
o Support infinite repetition with repeat.
o Improved pink noise frequency response in synth.
o Extended syntax for specifying audio positions to several
o Fix integer overflow in mcompand. 
o Add optional latency compenstation for LADSPA plugins.
o New -p option for soxi to display sample precision.
o New libsox example6: give explicit output attributes.
o Speed optimization for effects that operate on channels
o Fix memory leaks.
o Most internal symbols (lsx_*) are no longer exported.
- Drop sox-14.4.0-ocloexec.patch as it brings little enhancement
and there has been no activity at upstreaming it
- Enable ffmpeg and opus by default