Ubuntu
libsoxr package

[MIR] libsoxr

Bug #1702558 reported by Lastique
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
libsoxr (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

[Availability]

libsoxr is in "universe", it compiles for all target architectures:

https://launchpad.net/ubuntu/+source/libsoxr/0.1.2-2

[Rationale]

I would like libsoxr to be moved to "main" so that it can be used in PulseAudio as an audio resampler backend (see https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1574746). The library provides improved quality and performance over the currently used speex resamplers.

[Security]

The library is used for raw audio processing. Its input and output data is produced and consumed by PulseAudio server. The library builds into two library packages: libsoxr0 and libsoxr-lsr0. The library does not use network or external strings. Library from libsoxr-lsr0 uses environment variables to control some aspects of its behavior, but this library will not be used in PulseAudio (only libsoxr0 will).

The environment variables are: SOXR_LSR_NUM_THREADS, SOXR_LSR_STRICT, see src/lsr.c.

There were no CVE found for libsoxr:

http://cve.mitre.org/cve/cve.html
https://www.google.com/search?client=ubuntu&channel=fs&q=site%3Awww.openwall.com%2Flists%2Foss-security+libsoxr&ie=utf-8&oe=utf-8&gfe_rd=cr&ei=gz9dWYW3DMf37gSm-JrYCg#newwindow=1&channel=fs&q=site:www.openwall.com/lists/oss-security+libsoxr
http://people.canonical.com/~ubuntu-security/cve/universe.html

Package build scripts enable hardening.

Overall I consider this library to have low security risk.

[Quality assurance]

The package build scripts automatically run library tests. There are currently no open bug reports for the package in Ubuntu:

https://bugs.launchpad.net/ubuntu/+source/libsoxr

There are couple of bugs in Debian:

https://bugs.debian.org/src:libsoxr

There are no bugs in the upstream bug tracker:

https://sourceforge.net/p/soxr/tickets/?source=navbar

Recent discussion is happening on the project forum:

https://sourceforge.net/p/soxr/discussion/general/

Package installation does not require any manual configuration. There is a debian/watch file.

[Dependencies]

The library depends only on libc6 and libgomp1, both of which are in "main".

[Standards compliance]

AFAICS, FHS and Debian policy are fulfilled.

[Maintenance]

The package is currently maintained by Debian Multimedia Maintainers.

[Background information]

Package description adequately describe the purpose of the library.

I have been building PulseAudio locally with support for libsoxr and have been using it for a few years now, without problem. I used libsoxr in other projects as well. This is a fast library that produces audio of a very good quality.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

See also: bug 1574746

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libsoxr (Ubuntu):
status: New → Confirmed
Revision history for this message
aquegg (aquegg) wrote :

Regarding the couple of bugs in Debian mentioned above, one is resolved—only #751615 is outstanding.

Also, bug #751615 is in fact a false-positive from a code-checking tool; i.e. there is no concrete problem at run-time.

Furthermore, #751615 applies only to the libsoxr-lsr0 portion of libsoxr, which is not used by PulseAudio, so does not need to be a part of this MIR.

Revision history for this message
Matthias Klose (doko) wrote :

desktop-team, would this promotion acknowledged by the team?

Changed in libsoxr (Ubuntu):
assignee: nobody → Ubuntu Desktop (ubuntu-desktop)
status: Confirmed → Incomplete
Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Yes from me. But I will raise it with management too.

In fact pulseaudio 12.0 seems to want libsoxr aswell, so this is its only dependency not yet in main.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

What I mean is that Debian's packaging of PulseAudio 12.0-1 includes a dependency on libsoxr-dev. So it would be nice to have libsoxr in main in order to sync with Debian better. See also bug 1574746.

Revision history for this message
Sebastien Bacher (seb128) wrote :

> desktop-team, would this promotion acknowledged by the team?

yes, we have subscribed desktop-packages to the launchpad bugs now

Changed in libsoxr (Ubuntu):
status: Incomplete → New
assignee: Ubuntu Desktop (ubuntu-desktop) → nobody
Revision history for this message
Matthias Klose (doko) wrote :

this looks fine. As asked on Jul 10, the security team is waiving a security review for this package.

Please note that there is a new upstream for a few months now. Please consider packaging that.

Revision history for this message
Matthias Klose (doko) wrote :

Override component to main
libsoxr 0.1.2-3 in cosmic: universe/libs -> main
libsoxr-dev 0.1.2-3 in cosmic amd64: universe/libdevel/optional/100% -> main
libsoxr-dev 0.1.2-3 in cosmic arm64: universe/libdevel/optional/100% -> main
libsoxr-dev 0.1.2-3 in cosmic armhf: universe/libdevel/optional/100% -> main
libsoxr-dev 0.1.2-3 in cosmic i386: universe/libdevel/optional/100% -> main
libsoxr-dev 0.1.2-3 in cosmic ppc64el: universe/libdevel/optional/100% -> main
libsoxr-dev 0.1.2-3 in cosmic s390x: universe/libdevel/optional/100% -> main
libsoxr-lsr0 0.1.2-3 in cosmic amd64: universe/libs/optional/100% -> main
libsoxr-lsr0 0.1.2-3 in cosmic arm64: universe/libs/optional/100% -> main
libsoxr-lsr0 0.1.2-3 in cosmic armhf: universe/libs/optional/100% -> main
libsoxr-lsr0 0.1.2-3 in cosmic i386: universe/libs/optional/100% -> main
libsoxr-lsr0 0.1.2-3 in cosmic ppc64el: universe/libs/optional/100% -> main
libsoxr-lsr0 0.1.2-3 in cosmic s390x: universe/libs/optional/100% -> main
libsoxr0 0.1.2-3 in cosmic amd64: universe/libs/optional/100% -> main
libsoxr0 0.1.2-3 in cosmic arm64: universe/libs/optional/100% -> main
libsoxr0 0.1.2-3 in cosmic armhf: universe/libs/optional/100% -> main
libsoxr0 0.1.2-3 in cosmic i386: universe/libs/optional/100% -> main
libsoxr0 0.1.2-3 in cosmic ppc64el: universe/libs/optional/100% -> main
libsoxr0 0.1.2-3 in cosmic s390x: universe/libs/optional/100% -> main
19 publications overridden.

Revision history for this message
Daniel van Vugt (vanvugt) wrote :

Thanks doko. All done for cosmic.

See: https://launchpad.net/ubuntu/+source/libsoxr

Changed in libsoxr (Ubuntu):
status: New → Fix Released
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.