src/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix build

ChangeLog | 2 1 + 1 - 0 !
libsox.3 | 2 1 + 1 - 0 !
libsox.txt | 2 1 + 1 - 0 !
src/fap.c | 2 1 + 1 - 0 !
src/paf.c | 2 1 + 1 - 0 !
src/wav.c | 2 1 + 1 - 0 !
6 files changed, 6 insertions(+), 6 deletions(-)

 spelling fixes

src/flac.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 [patch] flac: fix crash on corrupt metadata (cve-2017-15371)

src/hcom.c | 13 13 + 0 - 0 !
1 file changed, 13 insertions(+)

 [patch] hcom: fix crash on input with corrupt dictionary
 (CVE-2017-11358)

src/wav.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] wav: ima_adpcm: fix buffer overflow on corrupt input
 (CVE-2017-15370)

Add the same check bad block size as was done for MS adpcm in commit
f39c574b ("More checks for invalid MS ADPCM blocks").

src/wav.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch] wav: fix crash if channel count is zero (cve-2017-11332)

src/wav.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 [patch] wav: fix crash writing header when channel count >64k
 (CVE-2017-11359)

src/wavpack.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 wavpack: check errors when initializing

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881145

sox.1 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix - w: sox: manpage-has-errors-from-man
 usr/share/man/man1/sox.1.gz  file `<standard input>'
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Jaromr Mike <mira.mikes@seznam.cz>

src/xa.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 a corrupt header specifying zero channels would send read_channels()
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

into an infinite loop.  Prevent this by sanity checking the channel
count in open_read().  Also add an upper bound to prevent overflow
in multiplication.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121

src/adpcm.c | 8 7 + 1 - 0 !
src/adpcm.h | 3 3 + 0 - 0 !
src/wav.c | 5 4 + 1 - 0 !
3 files changed, 14 insertions(+), 2 deletions(-)

 adpcm: fix stack overflow with >4 channels (cve-2017-15372)

src/aiff.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 this fixes a use after free and double free if an empty comment

chunk follows a non-empty one.

src/vorbis.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 [patch] handle vorbis_analysis_headerout errors

This is related to

    https://github.com/xiph/vorbis/pull/34

but could also happen today with on other errors in the called function.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882236

src/effects_i_dsp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cve-2019-8354

src/Makefile.am | 2 1 + 1 - 0 !
src/xmalloc.c | 10 10 + 0 - 0 !
src/xmalloc.h | 6 4 + 2 - 0 !
3 files changed, 15 insertions(+), 3 deletions(-)

 cve-2019-8355

src/fft4g.c | 18 18 + 0 - 0 !
src/fft4g.h | 2 2 + 0 - 0 !
2 files changed, 20 insertions(+)

 cve-2019-8356

src/effects_i_dsp.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 cve-2019-8357

src/sox-fmt.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 cve-2019-13590

src/formats.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix a resource leak of comments on input parsing failure

src/hcom.c | 11 8 + 3 - 0 !
1 file changed, 8 insertions(+), 3 deletions(-)

 hcom: fix dictionary resource leaks

startread and stopread should release p->dictionary in all failure modes.

src/hcom.c | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 [patch] hcom: fix pointer type confusion [bug #308]

The compress() call fails on big endian systems with size_t bigger
than int32_t.  Fix by using the correct types.

src/voc.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 voc: word width should never be 0 to avoid division by zero

Bug: https://sourceforge.net/p/sox/bugs/351/
Bug-Debian: https://bugs.debian.org/1010374

This patch fixes both CVE-2021-3643 and CVE-2021-23210.

src/hcom.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 hcom: validate dictsize

Bug: https://sourceforge.net/p/sox/bugs/350/
Bug: https://sourceforge.net/p/sox/bugs/352/
Bug-Debian: https://bugs.debian.org/1021133
Bug-Debian: https://bugs.debian.org/1021134

This patch fixes both CVE-2021-23159 and CVE-2021-23172.

src/testall.sh | 1 1 + 0 - 0 !
src/wav.c | 7 6 + 1 - 0 !
2 files changed, 7 insertions(+), 1 deletion(-)

 wav: reject 0 bits per sample to avoid division by zero

Bug: https://sourceforge.net/p/sox/bugs/349/
Bug-Debian: https://bugs.debian.org/1021135

src/sphere.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 sphere: avoid integer underflow

Link: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434
Bug: https://sourceforge.net/p/sox/bugs/362/
Bug-Debian: https://bugs.debian.org/1012138

src/aiff.c | 5 5 + 0 - 0 !
src/formats_i.c | 10 8 + 2 - 0 !
2 files changed, 13 insertions(+), 2 deletions(-)

 formats+aiff: reject implausibly large number of channels

Bug: https://sourceforge.net/p/sox/bugs/360/
Bug-Debian: https://bugs.debian.org/1012516

src/formats_i.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 formats: reject implausible rate

Bug: https://sourceforge.net/p/sox/bugs/360/
Bug-Debian: https://bugs.debian.org/1012516

src/voc.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 cve-2023-32627 filter null sampling rate in voc coder

Avoid a divide by zero and out of bound read by rejecting null sampling rate in VOC file

bug: https://sourceforge.net/p/sox/bugs/369/
bug-redhat: https://bugzilla.redhat.com/show_bug.cgi?id=2212282
bug-debian: https://bugs.debian.org/1041112
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2023-32627

src/sox_sample_test.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 add missing include for "fabs".

This fixes ftbfs with gcc-14.

src/vorbis.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] vorbis: fix memory leaks