Bug 205732 - audio/sox: strange --version output
Summary: audio/sox: strange --version output
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Thomas Zander
Keywords: easy, patch, patch-ready
Depends on:
Reported: 2015-12-30 12:55 UTC by eserte12
Modified: 2016-01-20 01:29 UTC (History)
4 users (show)

See Also:
rodrigo.freebsd: maintainer-feedback+

fetch a patch that removes the pure attribute from sox_version (959 bytes, patch)
2015-12-30 18:11 UTC, Dan Nelson
dnelson: maintainer-approval+
Details | Diff
poudriere testport (352.42 KB, text/plain)
2015-12-30 21:09 UTC, Rodrigo N. Hernandez
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description eserte12 2015-12-30 12:55:59 UTC
Running "sox --version" returns:

sox:      SoX v

Apparently the version is missing. On a linux system it looks like this:

$ sox --version
sox:      SoX v14.4.1

Additional information: installed package is sox-14.4.2. Problem seen on a freebsd 10.1 system.
Comment 1 Dan Nelson 2015-12-30 18:11:39 UTC
Created attachment 164873 [details]
fetch a patch that removes the pure attribute from sox_version

Interesting bug :)  The underlying cause is that the sox_version function is marked "pure", which means that it causes no side-effects.  In reality, it does cause a side-effect, by filling in an internal version string buffer.  clang optimizes away the function call, which means that the string never gets filled.  A bug had already been filed against the upstream sox source tree ( https://sourceforge.net/p/sox/patches/104/ ) , so here's a patch that simply fetches that patch before building.
Comment 2 Rodrigo N. Hernandez freebsd_triage 2015-12-30 21:09:40 UTC
Created attachment 164877 [details]
poudriere testport
Comment 3 commit-hook freebsd_committer 2015-12-31 08:26:18 UTC
A commit references this bug:

Author: riggs
Date: Thu Dec 31 08:25:36 UTC 2015
New revision: 404912
URL: https://svnweb.freebsd.org/changeset/ports/404912

  Display version string correctly

  PR:		205732
  Submitted by:	eserte12@yahoo.de
  Approved by:	dnelson@allantgroup.com (maintainer)

Comment 4 Tatsuki Makino 2016-01-13 22:06:47 UTC
Hello. I have a question. Has the fix solved a problem below?

% pkg audit sox-14.4.2
sox-14.4.2 is vulnerable:
sox -- memory corruption vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/9dd761ff-30cb-11e5-a4a5-002590263bf5.html

1 problem(s) in the installed packages found.
Comment 5 Dan Nelson 2016-01-18 15:27:20 UTC
(In reply to Tatsuki Makino from comment #4)
No, this patch only fixes the version string.  You can watch https://sourceforge.net/p/sox/bugs/265/ to see when someone creates a patch for the security issues.
Comment 6 Tatsuki Makino 2016-01-20 01:29:13 UTC
(In reply to Dan Nelson from comment #5)
Thank you very much.

pkg audit has returned wrong result since this bug was solved.

% pkg audit sox-14.4.2_1
0 problem(s) in the installed packages found.