pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: sox -> sox_ng?



Hi Martin!

Thanks for reaching out!

On Tue, Jun 30, 2026 at 02:01:39PM +0100, Martin Guy wrote:
> sox_ng is the maintenance and development of sox, as I was unable to wrest
> sox.sf.net from its no-releases-in-nine-years maintainer, so I hard forked
> it in May 2024 and have been working on it for two years.
> 
> All 20 CVEs are fixed as well as many, many other bugs, and the release
> series 14.[5678].* each add new effects, options and audio file formats,
> but remaining backward-compatible is a criterion for it (except for fixing
> things that previously were unusable or gave wrong output.
> 
> Most distros are switching their "sox" package to use sox_ng as its upstream
> in "./configure --enable-replace" mode to create links sox->sox_ng,
> play->play_ng and so on for libs, headers, manual pages, etc.
> 
> I see that pkgsrc now has separate sox and sox_ng packages at 14.4.2 and
> 14.6.0.2 respectively, presumably leaving users to have to know about
> sox_ng, install it explicitly and modify their scripts to use sox_ng instead
> of sox; unless they do this, anything that uses sox or depends on libsox
> remains two dozen security holes and all the things that didn't work
> properly and have been fixed.
> 
> If making pkgsrc's "sox" package transition to "sox_ng" is not an option now
> that both exist, or if making "sox" use sox_ng-latest seems risky, I would
> at least suggest making "sox" transition to the latest sox_ng-14.4.* which
> is for CVE and bug fixes only to old sox-14.4.2.
> There have been occasional reports of things that worked before not working
> in some new-feature releases, such as reading very broken WAV files, but all
> that have been reported have been fixed in subsequent patch releases
> (14.X.Y.*).
> In any case, updating "sox_ng" package from 14.6 to 14.8 would bring another
> year's work of improvements.

I've just updated the sox_ng to the latest version, added installation
of the compatibility symlinks, and removed the sox package.

> Compilation and testing is done regularly on NetBSDen on mips and evbarm
> architectures, big and little endian, 32- and 64-bit thanks to the GCC
> Compile Farm.

It shows! All pkgsrc patches and workarounds for sox_ng were merged
and the upgrade was easy.

Thank you for maintaining this!
 Thomas


Home | Main Index | Thread Index | Old Index