Bump aubio from 0.4.6 to 0.4.9

[dependabot]

Bumps aubio from 0.4.6 to 0.4.9.

Release notes

Sourced from aubio's releases.

0.4.9

Version 0.4.9 includes:

• src/: improve overall stability, fixing potential crashes and memory leaks on invalid arguments (closes gh-216); improve library messages and reporting of system errors
• tests/: major clean-up (closes gh-219), check return codes, increase code coverage
• python/tests/: switch to pytest (closes gh-163), check emitted warnings
• python/: add pages to manual with brief descriptions of classes

Special thanks to Guoxiang Niu (@​niugx) for reporting the following vulnerabilities, fixed with this release:

• CVE-2018-19800 prevent a possible buffer overflow in new_aubio_tempo
• CVE-2018-19801 prevent a null-pointer dereference in new_aubio_filterbank
• CVE-2018-19802 prevent a null-pointer dereference in new_aubio_onset

Also many thanks to @​dvzrv, @​romanbsd, @​Bee-HN, @​Lord-Kamina, and everyone who helped reporting the issues solved with this release.

• Official tarball (sha256, md5, asc)
• 0.4.9 changelog entry and full ChangeLog

0.4.8

Version 0.4.8 includes:

• src/notes: new option release_drop (gh-203)
• src/spectral: new parameters added to filterbank and mfcc (gh-206)
• python/lib: start documenting module (gh-73, [debian #480018]()), improve build for
  win-amd64 (gh-154, gh-199, gh-208)
• src fixes: prevent crash when using fft sizes unsupported by vDSP (gh-207),
  prevent saturation when down-mixing a multi-channel source (avcodec/ffmpeg)

Thanks to @​mj15003, @​OneDirection9, @​notalentgeek, @​ulyssesp, @​MaxHastings, @​baozix, and everyone who reported and helped tracking down these issues.

• Official tarball (sha256, md5, asc)
• 0.4.8 changelog entry and full ChangeLog

0.4.7

Version 0.4.7 includes:

• src/io/, src/notes/, src/pitch: prevent crashes on corrupted files
• src/spectral/dct.h: add dct type II object with optimised versions
• examples/: fix jack midi output, improve messages when jack disabled
• python/: add dct support, minor bug fixes tests and demos
• wscript: improve support for BLAS/ATLAS

Many thanks to @​jcowgill, @​WIZARDISHUNGRY, @​ancorcruz, @​cyclopsian, and @​fCorleone for their patches, bug reports, and comments, and to everyone who contributed to this release.

See full ChangeLog for the detail.

• Official tarball (sha256, md5, asc)
• Full changelog

... (truncated)

Changelog

Sourced from aubio's changelog.

2018-12-19 Paul Brossier piem@aubio.org

[ Overview ]

• VERSION: bump to 0.4.9
• library: improve stability, fixing potential crashes and memory leaks on
  invalid arguments; improve library messages and reporting of system errors
• tests/: major clean-up, check return codes, increase code coverage
• python/tests/: switch to pytest (closes gh-163), check emitted warnings
• python/: add pages to manual with brief descriptions of classes

[ Fixes ]

• security: improve arguments validation in new_aubio_filterbank (prevent
  possible null-pointer dereference on invalid n_filters, CVE-2018-19801),
  new_aubio-tempo (prevent possible buffer overflow, CVE-2018-19800), and
  new_aubio_onset (prevent null-pointer dereference, CVE-2018-19802). Thanks
  to Guoxiang Niu (@​niugx), from the EaglEye Team for reporting these issues.
• tempo: fix delay_ms methods
• filterbank: fix aubio_filterbank_get_power (thanks to @​romanbsd who
  also noticed this issue)
• dct: creation fail on negative sizes or invalid accelerate radix,
  fix typo in error and warning messages, prevent possible memory leak
• pitch: prevent null pointer dereference in yinfast, comment out unused
  functions in mcomb and yin, prevent possible leak in specacf
• mfcc: always use dct module, strengthen input validation, change
  get_{scale,power} to return smpl_t
• specdesc: improve error message
• notes: prevent null pointer dereference
• hist: add validation for size argument, prevent possible leak
• awhitening: use shortest length available (closes gh-216)
• io: add macros to display system errors, add helpers to validate input
  arguments of source and sink methods, always clean-up after failure
• source: validate input sizes to prevent invalid reads
• apple_audio: use native format conversions in source and sink, prevent
  possible apple_audio crash on empty string, get_duration returns 0 on failure
• ffmpeg/avcodec: prevent deprecation warnings, read after close, and skipped
  samples warnings, improve warning messages, only show a warning when
  swr_convert failed, prevent possible memory leak when closing swr context
• wavwrite: copy to all channels if needed, check fseek and fwrite return
  values, call fflush in open to return failure on full disk-system
• source_sndfile: fix reading sizes when resampling, set error message when
  reading after close
• aubio_priv.h: include blas first (see gh-225), add STRERROR macros

[ Python ]

• documentation: add pages to manual, add minimal docstrings for fft,
  digital_filter, and generated objects, improve specdesc documentation
• filterbank: add get_norm/power documentation

... (truncated)

Commits

• c1c3a99 [py] fix compilation warning in py-source
• b4445fb [tests] also capture expected source warnings in test_sink
• 51b5f9c [tests] check resampling a source raises a warning when expected
• cd46892 [tests] add parse_file_samplerate to fetch samplerate from path
• 966c650 [py] take a copy for the last source block when iterating
• 8ad7d71 [py] define HAVE_ERRNO_H in add_local_macros
• 519d5d3 [py] raise an exception when reading source failed
• 6dc211b [tests] simplify test_source.py, skip if no test sounds
• 8797138 [tests] check reading source after close raises RuntimeError
• a9f463c [py] check if filter was created before deleting it
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.