Summary: | audio/sox: strange --version output | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | eserte12 | ||||||
Component: | Individual Port(s) | Assignee: | Thomas Zander <riggs> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Only Me | CC: | dnelson, riggs, rodrigo.freebsd, tatsuki_makino | ||||||
Priority: | --- | Keywords: | easy, patch, patch-ready | ||||||
Version: | Latest | Flags: | rodrigo.freebsd:
maintainer-feedback+
|
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Description
eserte12
2015-12-30 12:55:59 UTC
Created attachment 164873 [details] fetch a patch that removes the pure attribute from sox_version Interesting bug :) The underlying cause is that the sox_version function is marked "pure", which means that it causes no side-effects. In reality, it does cause a side-effect, by filling in an internal version string buffer. clang optimizes away the function call, which means that the string never gets filled. A bug had already been filed against the upstream sox source tree ( https://sourceforge.net/p/sox/patches/104/ ) , so here's a patch that simply fetches that patch before building. Created attachment 164877 [details]
poudriere testport
A commit references this bug: Author: riggs Date: Thu Dec 31 08:25:36 UTC 2015 New revision: 404912 URL: https://svnweb.freebsd.org/changeset/ports/404912 Log: Display version string correctly PR: 205732 Submitted by: eserte12@yahoo.de Approved by: dnelson@allantgroup.com (maintainer) Changes: head/audio/sox/Makefile head/audio/sox/distinfo Hello. I have a question. Has the fix solved a problem below? % pkg audit sox-14.4.2 sox-14.4.2 is vulnerable: sox -- memory corruption vulnerabilities WWW: https://vuxml.FreeBSD.org/freebsd/9dd761ff-30cb-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found. (In reply to Tatsuki Makino from comment #4) No, this patch only fixes the version string. You can watch https://sourceforge.net/p/sox/bugs/265/ to see when someone creates a patch for the security issues. (In reply to Dan Nelson from comment #5) Thank you very much. pkg audit has returned wrong result since this bug was solved. % pkg audit sox-14.4.2_1 0 problem(s) in the installed packages found. |