libopenmpt security updates 0.6.2, 0.5.17, 0.4.30, 0.3.38
The OpenMPT/libopenmpt project released the latest stable libopenmpt version:
libopenmpt 0.6.2 (2022-03-13)
- [Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076)
-
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079)
- ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters.
- MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
- Correctly apply ST3-style effect memory when seeking in S3M files.
- Command S (S3M / IT style) effect memory was not applied when seeking.
-
Initial channel mute status was not reported correctly in
get_channel_mute_status
since libopenmpt 0.6.0. - FLAC: Update to v1.3.4 (2022-02-21).
- pugixml: Update to v1.12.1 (2022-02-16).
The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .
Source code download links:
- Autotools: https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.6.2+release.autotools.tar.gz
- Makefile / Android NDK: https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.6.2+release.makefile.tar.gz
- Visual Studio: https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.6.2+release.msvc.zip
Binary download links:
- Windows (openmpt123, xmp-openmpt, in_openmpt): https://lib.openmpt.org/files/libopenmpt/bin/libopenmpt-0.6.2+release.bin.windows.zip
- DOS (openmpt123) : https://lib.openmpt.org/files/libopenmpt/bin/libopenmpt-0.6.2+release.bin.dos.zip
- Windows XP SP1 (RETRO) (openmpt123, xmp-openmpt, in_openmpt): https://lib.openmpt.org/files/libopenmpt/bin/libopenmpt-0.6.2+release.bin.retro.winxp.zip
- Windows 9x (RETRO) (openmpt123, xmp-openmpt, in_openmpt): https://lib.openmpt.org/files/libopenmpt/bin/libopenmpt-0.6.2+release.bin.retro.win9x.zip
Development library download links:
- Windows: https://lib.openmpt.org/files/libopenmpt/dev/libopenmpt-0.6.2+release.dev.windows.vs2022.zip
- WebAssembly / Javascript: https://lib.openmpt.org/files/libopenmpt/dev/libopenmpt-0.6.2+release.dev.js.tar.gz
Documentation download links:
All downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The OpenMPT/libopenmpt project also released an update to the old libopenmpt 0.5 stable branch:
libopenmpt 0.5.17 (2022-03-13)
- [Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17081)
-
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17082)
- MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
- Correctly apply ST3-style effect memory when seeking in S3M files.
-
Command S (S3M / IT style) effect memory was not applied when seeking.
- FLAC: Update to v1.3.4 (2022-02-21).
- pugixml: Update to v1.12.1 (2022-02-16).
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.17+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.17+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.17+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The OpenMPT/libopenmpt project also released an update to the old libopenmpt 0.4 stable branch:
libopenmpt 0.4.30 (2022-03-13)
- [Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17084)
-
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17085, r17088)
- MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
- Correctly apply ST3-style effect memory when seeking in S3M files.
-
Command S (S3M / IT style) effect memory was not applied when seeking.
- FLAC: Update to v1.3.4 (2022-02-21).
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.30+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.30+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.30+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The OpenMPT/libopenmpt project also released an update to the old libopenmpt 0.3 stable branch:
libopenmpt 0.3.38 (2022-03-13)
- [Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17086)
-
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17087)
- MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
- Correctly apply ST3-style effect memory when seeking in S3M files.
-
Command S (S3M / IT style) effect memory was not applied when seeking.
- FLAC: Update to v1.3.4 (2022-02-21).
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.38+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.38+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.38+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The following libopenmpt versions are currently supported with security fixes by the OpenMPT/libopenmpt project:
- 0.6.2
- Current stable version.
- Receives security updates.
- Receives minor playback fixes.
- 0.5.17
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.4.30
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.3.38
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.7 (SVN trunk)
- development
- security updates
- playback fixes
- new features
- new file formats
Please update to the newest versions.