From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS6130 216.105.38.0/24 X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.sourceforge.net (lists.sourceforge.net [216.105.38.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 58ABB1F5A0 for ; Tue, 7 Feb 2023 16:28:16 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=sourceforge.net header.i=@sourceforge.net header.a=rsa-sha256 header.s=x header.b=F1fGgtIB; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=sf.net header.i=@sf.net header.a=rsa-sha256 header.s=x header.b=CJ7CjBsU; dkim-atps=neutral Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1pPQpJ-0007eL-MT; Tue, 07 Feb 2023 16:28:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pPQp9-0007e9-Nv for sox-devel@lists.sourceforge.net; Tue, 07 Feb 2023 16:28:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=In-Reply-To:Content-Type:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Y6u63q76cddseP3DGJe9uEKgL3kE+hEiMke1k+92d9M=; b=F1fGgtIBKrs7JN89umcGdH8Xmn lG5nq2Jkjmrwzd1Q+H1MPk87090Ci9PGnzcbwV6oto5CnRpxF5r6TY6co/UxpyRamFMQCCD93YhhI 5iTTsI4Jnx0CRcFo0kE6tI7D2RUbEr1CA92y1pNfKq4W3Gjkcrj3bn9UiMvn+GdsArQc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To :From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Y6u63q76cddseP3DGJe9uEKgL3kE+hEiMke1k+92d9M=; b=CJ7CjBsUU8LS/ZtdnUY1a+qyyX VC/Tk4pK8wilzp3l+YScHUb68ohN/2jUym4nX6shud83o/CNEVUTSOuhQmhRhck+dytk5UETfbMML QHfVq4bkUvty0TW3XpiSf94HY+WLq88Uz96A+IGsa7f8XK40o7YnapE0qlMoRLpoPEuY=; Received: from uvt.stare.cz ([185.63.96.79] helo=mx.stare.cz) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1pPQp1-0007jq-Uo for sox-devel@lists.sourceforge.net; Tue, 07 Feb 2023 16:28:02 +0000 Received: from localhost (stare.cz [local]) by stare.cz (OpenSMTPD) with ESMTPA id 57e85d93; Tue, 7 Feb 2023 17:27:44 +0100 (CET) Date: Tue, 7 Feb 2023 17:27:44 +0100 From: Jan Stary To: =?iso-8859-1?Q?M=E5ns_Rullg=E5rd?= Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Headers-End: 1pPQp1-0007jq-Uo Subject: Re: upstream and bugfixes X-BeenThere: sox-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: sox-devel@lists.sourceforge.net Cc: sox-devel@lists.sourceforge.net Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: sox-devel-bounces@lists.sourceforge.net On Feb 07 14:20:42, mans@mansr.com wrote: > Jan Stary writes: > > > Hi Mans, > > > > just to clear it up for myself: > > https://sourceforge.net/p/sox/code/ci/master/tree/ > > is still the ultimate upstream, right? > > Yes, that is the most current code. > > > For reference: there is also > > https://github.com/cbagwell/sox (last commit 2015, 4 issues, 2 PRs) > > https://github.com/mansr/sox (forked, last 2017, 1PR, no issue tracker) > > (and a bunch of nobody's forks of these of course, such as mine). > > > > These can be ignored when packaging downstream, right? > > Right, packagers should ignore those. > > > Are the commits in your GH fork included in the SF git? > > Some, not all. There are some things there of a more experimental > nature that I'm not comfortable making official. > > > What is currently the right way to report bugs and propose fixes? > > Are diffs to this devel list the preffered way? > > This list or the SF trackers are both fine by me. OK, thanks for clearing that up. > > Last commit to the SF git is May 2021; where should current fixes > > such as https://marc.info/?l=oss-security&m=167546008232629&w=2 be sent? > > I detest so-called security people and the way they handle their > so-called vulnerabilities. If they cared about anything other than > their own egos, they'd try to engage constructively with the code > authors/maintainers rather than filing CVE entries without asking or > understanding, then sending menacing emails in private. Well, the purpose of my message is precisely to engage constructively about these patches. The original diffs (by Helmut Grohne) https://marc.info/?t=167546017100001&r=1&w=2 were prepared against the Debian fork and do not apply to the SF git master. They are then tweaked by Steffen Nurpmeso to apply to the last commit of Sun May 9 21:17:32 2021 (which is what the OpenBSD audio/sox port is). That seems like a good opportunity to get them in. As a first attempt, here is the simplest of them: when failing an open_read(), sox does not deallocate the comments. diff --git a/src/formats.c b/src/formats.c index 3fcf4382..5eda5e36 100644 --- a/src/formats.c +++ b/src/formats.c @@ -627,6 +627,7 @@ error: free(ft->priv); free(ft->filename); free(ft->filetype); + sox_delete_comments(&ft->oob.comments); free(ft); return NULL; } Jan _______________________________________________ SoX-devel mailing list SoX-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sox-devel