Running "sox --version" returns: sox: SoX v Apparently the version is missing. On a linux system it looks like this: $ sox --version sox: SoX v14.4.1 Additional information: installed package is sox-14.4.2. Problem seen on a freebsd 10.1 system.
Created attachment 164873 [details] fetch a patch that removes the pure attribute from sox_version Interesting bug :) The underlying cause is that the sox_version function is marked "pure", which means that it causes no side-effects. In reality, it does cause a side-effect, by filling in an internal version string buffer. clang optimizes away the function call, which means that the string never gets filled. A bug had already been filed against the upstream sox source tree ( https://sourceforge.net/p/sox/patches/104/ ) , so here's a patch that simply fetches that patch before building.
Created attachment 164877 [details] poudriere testport
A commit references this bug: Author: riggs Date: Thu Dec 31 08:25:36 UTC 2015 New revision: 404912 URL: https://svnweb.freebsd.org/changeset/ports/404912 Log: Display version string correctly PR: 205732 Submitted by: eserte12@yahoo.de Approved by: dnelson@allantgroup.com (maintainer) Changes: head/audio/sox/Makefile head/audio/sox/distinfo
Hello. I have a question. Has the fix solved a problem below? % pkg audit sox-14.4.2 sox-14.4.2 is vulnerable: sox -- memory corruption vulnerabilities WWW: https://vuxml.FreeBSD.org/freebsd/9dd761ff-30cb-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found.
(In reply to Tatsuki Makino from comment #4) No, this patch only fixes the version string. You can watch https://sourceforge.net/p/sox/bugs/265/ to see when someone creates a patch for the security issues.
(In reply to Dan Nelson from comment #5) Thank you very much. pkg audit has returned wrong result since this bug was solved. % pkg audit sox-14.4.2_1 0 problem(s) in the installed packages found.