|Summary:||audio/sox: strange --version output|
|Product:||Ports & Packages||Reporter:||eserte12|
|Component:||Individual Port(s)||Assignee:||Thomas Zander <riggs>|
|Severity:||Affects Only Me||CC:||dnelson, riggs, rodrigo.freebsd, tatsuki_makino|
|Priority:||---||Keywords:||easy, patch, patch-ready|
Description eserte12 2015-12-30 12:55:59 UTC
Running "sox --version" returns: sox: SoX v Apparently the version is missing. On a linux system it looks like this: $ sox --version sox: SoX v14.4.1 Additional information: installed package is sox-14.4.2. Problem seen on a freebsd 10.1 system.
Comment 1 Dan Nelson 2015-12-30 18:11:39 UTC
Created attachment 164873 [details] fetch a patch that removes the pure attribute from sox_version Interesting bug :) The underlying cause is that the sox_version function is marked "pure", which means that it causes no side-effects. In reality, it does cause a side-effect, by filling in an internal version string buffer. clang optimizes away the function call, which means that the string never gets filled. A bug had already been filed against the upstream sox source tree ( https://sourceforge.net/p/sox/patches/104/ ) , so here's a patch that simply fetches that patch before building.
Comment 2 Rodrigo N. Hernandez 2015-12-30 21:09:40 UTC
Created attachment 164877 [details] poudriere testport
Comment 3 commit-hook 2015-12-31 08:26:18 UTC
A commit references this bug: Author: riggs Date: Thu Dec 31 08:25:36 UTC 2015 New revision: 404912 URL: https://svnweb.freebsd.org/changeset/ports/404912 Log: Display version string correctly PR: 205732 Submitted by: firstname.lastname@example.org Approved by: email@example.com (maintainer) Changes: head/audio/sox/Makefile head/audio/sox/distinfo
Comment 4 Tatsuki Makino 2016-01-13 22:06:47 UTC
Hello. I have a question. Has the fix solved a problem below? % pkg audit sox-14.4.2 sox-14.4.2 is vulnerable: sox -- memory corruption vulnerabilities WWW: https://vuxml.FreeBSD.org/freebsd/9dd761ff-30cb-11e5-a4a5-002590263bf5.html 1 problem(s) in the installed packages found.
Comment 5 Dan Nelson 2016-01-18 15:27:20 UTC
(In reply to Tatsuki Makino from comment #4) No, this patch only fixes the version string. You can watch https://sourceforge.net/p/sox/bugs/265/ to see when someone creates a patch for the security issues.