Bug#1125289: sox: Switch to or add sox_ng

To: Sebastian Ramacher <sramacher@debian.org>
Cc: 1125289@bugs.debian.org
Subject: Bug#1125289: sox: Switch to or add sox_ng
From: Martin Guy <martinwguy@gmail.com>
Date: Mon, 12 Jan 2026 16:58:16 +0100
Message-id: <[🔎] CAL4-wQrothN8a4gMBpZjJR=tGR+jpnSK+ENS=80fXJMaqArD3A@mail.gmail.com>
Reply-to: Martin Guy <martinwguy@gmail.com>, 1125289@bugs.debian.org
In-reply-to: <[🔎] aWTAb_kGMTl19yet@ramacher.at>
References: <[🔎] 176818674112.7329.12186832875918242732.reportbug@giacomo> <[🔎] aWTAb_kGMTl19yet@ramacher.at> <[🔎] 176818674112.7329.12186832875918242732.reportbug@giacomo>

Thanks, yes, someone told me about NEW today.
As I wrote personally (before seeing the issue update!):

Looking good, and a user tells me it cross-builds fine too,
unlike the debian/ in the distro itself. However, it probably wants
added build dependencies libspeex-dev and libspeexdsp-dev
to enable the speexdsp effect, to recommend ffmpeg and
one of wget, wget2 and curl, and there may be other issues
with the sox package to look into at the bottom of
https://codeberg.org/sox_ng/sox_ng/wiki/Distro-Debian

On Mon, 12 Jan 2026 at 10:35, Sebastian Ramacher <sramacher@debian.org> wrote:
>
> Control: severity -1 normal
> Control: merge 1108753 -1
>
> On 2026-01-12 03:59:01 +0100, Martin Guy wrote:
> > Package: sox
> > Version: 14.4.2+git20190427-5+b3
> > Severity: important
> > X-Debbugs-Cc: martinwguy@gmail.com
> >
> > sox_ng forked from sox.sf.net in May 2024. fixes all 20 or so CVEs,
> > some of which could lead to code injection using crafted malformed
> > compressed format files (whic is why I mark it as "important").
>
> There is already #1108753. The upload for the switch is already in NEW.
>
> Cheers
>
> >
> > It also fixes other bugs, SEGVs and stuff, adds support for dozens
> > more formats and has grown a few more effects.
> >
> > There are several release lines, currently at 14.4.5 to 14.7.0
> > for bug-fix only to more and more new features
> > and they can be configured to replace the standard sox filenames
> > with links to _ng or can live side by side. Most distros are deciding
> > to replace, as it is backwards-compatible, and the latest stable release
> > seems stable.
> >
> > https://codeberg.org/sox_ng/sox_ng
> >
> > I'm on good terms with all the original developers I've contacted and one
> > has been murmuring for a year or so about importing the _ng fixes to sox.sf.net
> > but they are presumed busy doing much more interesting things.
> >
> > Blessings & keep up the good work
> >
> >    M
> >
> > -- System Information:
> > Debian Release: 13.1
> >   APT prefers stable
> >   APT policy: (500, 'stable')
> > Architecture: amd64 (x86_64)
> > Foreign Architectures: i386
> >
> > Kernel: Linux 6.12.43+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
> > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
> > Shell: /bin/sh linked to /usr/bin/dash
> > Init: systemd (via /run/systemd/system)
> > LSM: AppArmor: enabled
> >
> > Versions of packages sox depends on:
> > ii  libc6             2.41-12
> > ii  libsox-fmt-alsa   14.4.2+git20190427-5+b3
> > ii  libsox-fmt-ao     14.4.2+git20190427-5+b3
> > ii  libsox-fmt-base   14.4.2+git20190427-5+b3
> > ii  libsox-fmt-oss    14.4.2+git20190427-5+b3
> > ii  libsox-fmt-pulse  14.4.2+git20190427-5+b3
> > ii  libsox3           14.4.2+git20190427-5+b3
> >
> > sox recommends no packages.
> >
> > Versions of packages sox suggests:
> > ii  libsox-fmt-all  14.4.2+git20190427-5+b3
> >
> > -- no debconf information
> >
>
> --
> Sebastian Ramacher

Reply to:

References:
- Bug#1125289: sox: Switch to or add sox_ng
  - From: Martin Guy <martinwguy@gmail.com>
- Bug#1125289: sox: Switch to or add sox_ng
  - From: Sebastian Ramacher <sramacher@debian.org>

Prev by Date: Processed: reassign 1125289 to src:sox, forcibly merging 1108753 1125289
Next by Date: Bug#1125289: sox: Switch to or add sox_ng
Previous by thread: Bug#1125289: sox: Switch to or add sox_ng
Next by thread: Processed (with 1 error): Re: Bug#1125289: sox: Switch to or add sox_ng
Index(es):
- Date
- Thread