Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
libopenmpt: update to 0.4.11.
This fixes CVE-2019-14380 and CVE-2019-17113.
ChangeLog:
### libopenmpt 0.4.11 (2019-12-22)
* MOD: Fix initial instrument change with no note playing. Fixes first pattern
of Beyond Music by Captain.
### libopenmpt 0.4.10 (2019-10-30)
* The "date" metadata could contain a bogus date for some older IT files.
* Do not apply global volume ramping from initial global volume when seeking.
* MTM: Sample loop length was off by one.
* PSM: Sample loop length was off by one in most files.
* mpg123: Update to v1.25.13 (2019-10-26).
### libopenmpt 0.4.9 (2019-10-02)
* [**Sec**] libmodplug: C API: Limit the length of strings copied to the
output buffer of `ModPlug_InstrumentName()` and `ModPlug_SampleName()` to 32
bytes (including terminating null) as is done by original libmodplug. This
avoids potential buffer overflows in software relying on this limit instead
of querying the required buffer size beforehand. libopenmpt can return
strings longer than 32 bytes here beacuse the internal limit of 32 bytes
applies to strings encoded in arbitrary character encodings but the API
returns them converted to UTF-8, which can be longer. (reported by Antonio
Morales Maldonado of Semmle Security Research Team) (r12129)
([CVE-2019-17113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17113))
* [**Sec**] libmodplug: C++ API: Do not return 0 in
`CSoundFile::GetSampleName()` and `CSoundFile::GetInstrumentName()` when a
null output pointer is provided. This behaviour differed from libmodplug and
made it impossible to determine the required buffer size. (r12130)
### libopenmpt 0.4.8 (2019-09-30)
* [**Sec**] Possible crash due to out-of-bounds read when playing an OPL note
with active filter in S3M or MPTM files (r12118).
### libopenmpt 0.4.7 (2019-09-23)
* [**Bug**] Compilation fix for various platforms that do not provide
`std::aligned_alloc` in C++17 mode. The problematic dependency has been
removed. This should fix build problems on MinGW, OpenBSD, Haiku, and others
for good.
* J2B: Ignore notes with non-existing instrument (fixes Ending.j2b).
* mpg123: Update to v1.25.12 (2019-08-24).
* ogg: Update to v1.3.4. (2019-08-31).
* flac: Update to v1.3.3. (2019-08-04).
### libopenmpt 0.4.6 (2019-08-10)
* [**Bug**] Compilation fix for OpenBSD.
* [**Bug**] Compilation fix for NO_PLUGINS being defined.
* in_openmpt: Correct documentation. `openmpt-mpg123.dll` must be placed into
the Winamp directory.
* Detect IT files unpacked with early UNMO3 versions.
* mpg123: Update to v1.25.11 (2019-07-18).
* minimp3: Update to commit 977514a6dfc4960d819a103f43b358e58ac6c28f
(2019-07-24).
* miniz: Update to v2.1.0 (2019-05-05).
* stb_vorbis: Update to v1.17 (2019-08-09).
### libopenmpt 0.4.5 (2019-05-27)
* [**Sec**] Possible crash during playback due out-of-bounds read in XM and
MT2 files (r11608).
([CVE-2019-14380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14380))
* Breaking out of a sustain loop through Note-Off sometimes didn't continue in
the regular sample loop.
* Seeking did not stop notes playing with XM Key Off (Kxx) effect.
### libopenmpt 0.4.4 (2019-04-07)
* [**Bug**] Channel VU meters were swapped.
* Startrekker: Clamp speed to 31 ticks per row.
* MTM: Ignore unused Exy commands on import. Command E5x (Set Finetune) is now
applied correctly.
* MOD: Sample swapping was always enabled since it has been separated from the
ProTracker 1/2 compatibility flag. Now it is always enabled for Amiga-style
modules and otherwise the old heuristic is used again.
* stb_vorbis: Update to v1.16 (2019-03-05).
| Revision | Action | file |
| 1.32 | modify | pkgsrc/audio/libopenmpt/Makefile |
| 1.25 | modify | pkgsrc/audio/libopenmpt/distinfo |