Menu
▾
▴
[libopenmpt-announce] libopenmpt announcement 2017-06-02
|
From: <mod...@li...> - 2017-06-02 13:44:39
|
libopenmpt announcement 2017-06-02
==================================
This is the first post to the libopenmpt-announce mailing list. From now
on, we
will post release and security announcements here in addition to the
website.
___
The OpenMPT/libopenmpt project released the latest stable libopenmpt
version:
libopenmpt-0.2.8190-beta24 (2017-05-22)
---------------------------------------
* [**Bug**] localtime() was used to determine the version of Schism
Tracker
used to save IT and S3M files. This function is not guaranteed to be
thread-safe by the standard and is now no longer used.
* [**Bug**] Compilation with GCC 4.1 was broken since 0.2-beta20.5.
* Improvements to seeking: Channel panning was not always updated from
instruments / samples when seeking, and out-of-range global volume
was not
applied correctly in some formats.
* Work-around for reading MIDI macros and plugin settings in some
malformed IT
files written by old UNMO3 versions.
* Improve tracker detection in IT format.
The changelog for older versions can be found at
https://lib.openmpt.org/doc/changelog.html .
Source code download links:
*
https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.2.8190-beta24-autotools.tar.gz
*
https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.2.8190-beta24.tar.gz
*
https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.2.8190-beta24-windows.zip
Documentation and binary downloads can be found at the libopenmpt website at
https://lib.openmpt.org/libopenmpt/ .
___
The OpenMPT/libopenmpt project updated the following libopenmpt versions
with
security fixes:
libopenmpt-0.2.7561-beta20.5-p4 (2017-06-02)
--------------------------------------------
* r8248: [Sec] Race condition in multi-threaded use (IT).
* r8247: [Sec] Invalid memory read when applying NNAs to effect plugins.
* r8246: [Sec] Excessive CPU consumption on malformed files (AMS).
* r8245: [Sec] Theoretical NULL pointer dereference during
out-of-memory while
error handling.
The following individual patches fix the mentioned issues (these patches
must
**all** be applied sequentially **on top** of the original
libopenmpt-0.2.7561-beta20.5 source release):
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7561-beta20.5/libopenmpt-0.2.7561-beta20.5-secfix-p1-theoretical-null-pointer-dereference-during-out-of-memory-while-error-handling.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7561-beta20.5/libopenmpt-0.2.7561-beta20.5-secfix-p2-excessive-cpu-consumption-on-malformed-files-ams.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7561-beta20.5/libopenmpt-0.2.7561-beta20.5-secfix-p3-invalid-memory-read-when-applying-nnas-to-effect-plugins.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7561-beta20.5/libopenmpt-0.2.7561-beta20.5-secfix-p4-race-condition-in-multi-threaded-use-it.patch
libopenmpt-0.2.7386-beta20.3-p7 (2017-06-02)
--------------------------------------------
* r8241: [Sec] Race condition in multi-threaded use (IT).
* r8240: [Sec] Invalid memory read when applying NNAs to effect plugins.
* r8239: [Sec] Excessive CPU consumption on malformed files (AMS).
* r8238: [Sec] Theoretical NULL pointer dereference during
out-of-memory while
error handling.
* r8237: [Sec] Excessive CPU consumption on malformed files (DMF, MDL).
* r8236: [Sec] Infinite loop in plugin routing.
* r8235: [Sec] Division by zero in tempo calculation.
The following individual patches fix the mentioned issues (these patches
must
**all** be applied sequentially **on top** of the original
libopenmpt-0.2.7386-beta20.3 source release):
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7386-beta20.3/libopenmpt-0.2.7386-beta20.3-secfix-p1-division-by-zero-in-tempo-calculation.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7386-beta20.3/libopenmpt-0.2.7386-beta20.3-secfix-p2-infinite-loop-in-plugin-routing.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7386-beta20.3/libopenmpt-0.2.7386-beta20.3-secfix-p3-excessive-cpu-consumption-on-malformed-files-dmf-mdl.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7386-beta20.3/libopenmpt-0.2.7386-beta20.3-secfix-p4-theoretical-null-pointer-dereference-during-out-of-memory-while-error-handling.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7386-beta20.3/libopenmpt-0.2.7386-beta20.3-secfix-p5-excessive-cpu-consumption-on-malformed-files-ams.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7386-beta20.3/libopenmpt-0.2.7386-beta20.3-secfix-p6-invalid-memory-read-when-applying-nnas-to-effect-plugins.patch
*
https://lib.openmpt.org/files/libopenmpt/secfix/libopenmpt-0.2.7386-beta20.3/libopenmpt-0.2.7386-beta20.3-secfix-p7-race-condition-in-multi-threaded-use-it.patch
___
The following libopenmpt versions are currently supported with security
fixes by
the OpenMPT/libopenmpt project:
* 0.2.8190-beta24
* Current stable version.
* Receives security updates.
* Receives minor playback fixes.
* 0.2.7561-beta20.5-p4
* Older stable version which is supported on Unix-like systems only.
* Receives only security fixes.
* 0.2.7386-beta20.3-p7
* Older stable version which is supported on Unix-like systems only.
* Receives only security fixes.
* 0.3 (SVN trunk)
* development
* security updates
* playback fixes
* new features
* new file formats
Please update to the new versions.
___
This is an announcement-only mailing list. You cannot post here. This
mailing
list's website is at
https://lists.sourceforge.net/lists/listinfo/modplug-libopenmpt-announce .
The libopenmpt website is at https://lib.openmpt.org/libopenmpt/ .
For general discussion, please use the forums at
https://forum.openmpt.org/ .
For bug reports, please use the bug tracker at https://bugs.openmpt.org/ .
For security-related reports or discussion, you may also use the libopenmpt
security contact address at sec...@op... .
|
