[arch-commits] Commit in sox/trunk (PKGBUILD)
Brett Cornwall
ainola at gemini.archlinux.org
Sun Aug 14 18:32:02 UTC 2022
Date: Sunday, August 14, 2022 @ 18:32:01
Author: ainola
Revision: 1266079
upgpkg: sox 14.4.2-8
Using a git snapshot as 14.4.2 has many unfixed security vulns
Modified:
sox/trunk/PKGBUILD
----------+
PKGBUILD | 82 +++++++++++++------------------------------------------------
1 file changed, 18 insertions(+), 64 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-08-14 18:04:24 UTC (rev 1266078)
+++ PKGBUILD 2022-08-14 18:32:01 UTC (rev 1266079)
@@ -1,15 +1,17 @@
# Maintainer: David Runge <dvzrv at archlinux.org>
# Contributor: Eric Bélanger <eric at archlinux.org>
+# Contributor: mysta
pkgname=sox
+# using a git snapshot as 14.4.2 has many unfixed security vulns
pkgver=14.4.2
-pkgrel=7
+pkgrel=8
pkgdesc="The Swiss Army knife of sound processing tools"
arch=('x86_64')
url="http://sox.sourceforge.net/"
license=('GPL2' 'LGPL2.1')
depends=('libltdl' 'file' 'libsndfile' 'libpng' 'lame' 'opencore-amr' 'gsm')
-makedepends=('libao' 'libmad' 'libid3tag' 'wavpack' 'libpulse' 'opusfile' 'twolame')
+makedepends=('autoconf-archive' 'libao' 'libmad' 'libid3tag' 'wavpack' 'libpulse' 'opusfile' 'twolame')
checkdepends=('time')
optdepends=('libao: for ao plugin'
'libmad: for mp3 plugin'
@@ -18,68 +20,19 @@
'libpulse: for pulse plugin'
'opusfile: for opus plugin'
'twolame: for mp3 plugin')
-source=("https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.bz2"
- CVE-2017-15371.patch::https://github.com/mansr/sox/commit/818bdd0.patch
- CVE-2017-11358.patch::https://github.com/mansr/sox/commit/6cb44a4.patch
- CVE-2017-15370.patch::https://github.com/mansr/sox/commit/ef3d8be.patch
- CVE-2017-11332.patch::https://github.com/mansr/sox/commit/7405bca.patch
- CVE-2017-11359.patch::https://github.com/mansr/sox/commit/8b590b3.patch
- CVE-2017-15372.patch::https://github.com/mansr/sox/commit/001c337.patch
- CVE-2017-15642.patch::https://github.com/mansr/sox/commit/0be259e.patch
- CVE-2017-18189.patch
- update-exported-symbol-list.patch
- add-destdir.patch
- cleanup-lsx_malloc.patch
- CVE-2019-8354.patch
- CVE-2019-8355.patch
- CVE-2019-8356.patch
- CVE-2019-8357.patch)
+_commit=("42b3557e13e0fe01a83465b672d89faddbe65f49")
+source=("https://sourceforge.net/code-snapshots/git/s/so/sox/code.git/sox-code-${_commit}.zip")
+sha512sums=('4868f9b77141b7e2caf2571ceb68a48bd744732e72f63ed787f8e0b9fe39b77de4e998b32d99c2500e10b017a1fd1a3379f4f9f8b67db6093b85d02cb3447934')
-sha512sums=('424b80e9fff43864b0581fea7a231b8308bdebb2aee0b97cc40eeaa347c093e94bcd0111e8b431e7bfe88b3c1133660ede42b6b49d14555ea0626c2c0ffa308e'
- '9f61fc979d0e0232aa2004a455a139950ceb998338577b94cd3bebfdf230896bde9765f9afef1af515ae0679b3afd245142027de3b7ce87eced3fbdb86558668'
- 'b2a096659cc98bd50322441d3611e607b71c54025feaf7c2acc322fff8c0ef5a83f06bef31099c4adf1794009b050a3f2dca71c7926892c60081261384891ac4'
- 'e5c079f8e8e4603e068a092db86ec6dea4da395f75fb4bfa284736edce2d8ea3441deda51ca7dce8865e1ac5914cdf9c6767ed74203726f26992e9d76f4d8b0b'
- '8c26bea077b503c8ec420880539f2a6e275d2b3c26eb5b4c5af38aae16b258a29ceb946aeb2252e47aeea22e5b6513c628a7ee3eb3d201d6fa541456b16bd399'
- '6fb075c09cfedaec6bb6760ba2e0d55446478c8e2873884b6a940d42f44ad8e840809f8b31b59ff3d40307dd48d74dadf809859dfef190269da8800185b462a6'
- 'b1936686a7dff2b42629d05cb59cfdb86c2a42ef843fe0cd031607d1c7174479ed8cfc0d5c6ffd3be80c9c20894dd919547e8bd861ed5b49d596ee89a19db372'
- 'e44a2327a8808bf94acb8db1d8ea13f77bbe0600be47079b7c77dab3daab44a67c3ca9be93b32db6807c2c96c6b67529884d38bf03d02dda6be04794e711cb71'
- 'a47f29cf6d6fce3143dbd905fed8eb50509294311ec7d66970331b1b5fc83858c620e968579decfa781c5074028994bf4a4a1aa978b12bb271b7d10247ca58ec'
- '0d6e244fad2cb01df9a773870db01ad0f82c0e04cfc3bbf62d2c85121841d7eebd4dad94d84cab0368607caea7ec3285933f76cfb886cadd99248ccf38160f66'
- 'db12f05db67c2c70aa28c1ea0b5b5b049e947487e2e6debda9545f98ef53827af968c6a3728aac046d17b431600b5a83569eb6c34959948e33bec2657a4342c1'
- 'a343519674390c8188f10b156ba66267872ac5128a4f88ea3aef9afd61492df8372859e50c4842e511ce13000df1d3977d503fde06a428c2a7c1c8047ad7a57e'
- '244127ec701c01f3834887414177c1d6fcc7d96e88ee5b862f3bcdd4af9c38028bc886caf7ada4ba0331f6c288c650b40736ed866850c2c6506b5238f04089c3'
- 'fad274e93f65089e4c704e5a7438377e0e25b7fb457fb2801ca8a7179fe57519d0b11cc90c9ca25271a5eecf7b0ebd372a6ea035b9315b555d5e7ebcf5d775a7'
- '8bc3fe9800a878bd9920937321dd75f0a19328dd6dcc88bba9c30e7ac12b2ba3a1d53f0e8e3ee3e0bbd42e953590f2e96c3c64e287b58c646bacbc69362917fa'
- 'ede53032a7c6288b0bcc7f5766540b4b8dcb5f5dcf65de8cdcfac632a60d940ef22119567649bf6213ed551910f8744601b655e1b4104e4ca259bf47358757b0')
-
prepare() {
- cd ${pkgname}-${pkgver}
- # fix man page installation
- sed -e 's|man1/sox.1 soxeffect.7|man1/sox.1.gz soxeffect.7.gz|' \
- -i Makefile.in
-
- # patch all (known) CVEs from 2017
- for _cve in 15371 11358 15370 11332 11359 15372 15642 18189; do
- patch -Np1 -i ../CVE-2017-$_cve.patch
- done
-
- # applying patches required to apply CVE patches cleanly
- patch -Np1 -i ../add-destdir.patch
- patch -Np1 -i ../update-exported-symbol-list.patch
- patch -Np1 -i ../cleanup-lsx_malloc.patch
-
- # patch all (known) CVEs from 2019
- for _cve in 8354 8355 8356 8357; do
- patch -p1 -i ../CVE-2019-$_cve.patch
- done
-
- # test fails with CVE-2017-11359.patch
- sed -e '/hcom/d' -i src/tests.sh
+ cd sox-code-${_commit}
+ # don't overwrite cflags
+ sed -i -e 's:CFLAGS="-g":CFLAGS="$CFLAGS -g":' configure.ac
autoreconf -vfi
}
build() {
- cd ${pkgname}-${pkgver}
+ cd sox-code-${_commit}
./configure --prefix=/usr \
--sysconfdir=/etc \
--with-dyn-default \
@@ -87,14 +40,15 @@
make
}
-check() {
- cd ${pkgname}-${pkgver}
- make bindir=. installcheck
-}
+# Disabled until broken tests are fixed
+#check() {
+# cd sox-code-${_commit}
+# make bindir=. installcheck
+#}
package() {
- cd ${pkgname}-${pkgver}
+ cd sox-code-${_commit}
make DESTDIR="${pkgdir}" install
- install -vDm 644 {AUTHORS,ChangeLog,README} \
+ install -vDm 644 {AUTHORS,ChangeLog} \
-t "${pkgdir}/usr/share/doc/${pkgname}"
}
More information about the arch-commits
mailing list