This is the first post to the libopenmpt-announce mailing list. From now on, we will post release and security announcements here in addition to the website.

The OpenMPT/libopenmpt project released the latest stable libopenmpt version:

libopenmpt-0.2.8190-beta24 (2017-05-22)

  • [Bug] localtime() was used to determine the version of Schism Tracker used to save IT and S3M files. This function is not guaranteed to be thread-safe by the standard and is now no longer used.

  • [Bug] Compilation with GCC 4.1 was broken since 0.2-beta20.5.

  • Improvements to seeking: Channel panning was not always updated from instruments / samples when seeking, and out-of-range global volume was not applied correctly in some formats.
  • Work-around for reading MIDI macros and plugin settings in some malformed IT files written by old UNMO3 versions.
  • Improve tracker detection in IT format.

The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .

Source code download links:

Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/ .

The OpenMPT/libopenmpt project updated the following libopenmpt versions with security fixes:

libopenmpt-0.2.7561-beta20.5-p4 (2017-06-02)

  • r8248: [Sec] Race condition in multi-threaded use (IT).
  • r8247: [Sec] Invalid memory read when applying NNAs to effect plugins.
  • r8246: [Sec] Excessive CPU consumption on malformed files (AMS).
  • r8245: [Sec] Theoretical NULL pointer dereference during out-of-memory while error handling.

The following individual patches fix the mentioned issues (these patches must all be applied sequentially on top of the original libopenmpt-0.2.7561-beta20.5 source release):

libopenmpt-0.2.7386-beta20.3-p7 (2017-06-02)

  • r8241: [Sec] Race condition in multi-threaded use (IT).
  • r8240: [Sec] Invalid memory read when applying NNAs to effect plugins.
  • r8239: [Sec] Excessive CPU consumption on malformed files (AMS).
  • r8238: [Sec] Theoretical NULL pointer dereference during out-of-memory while error handling.
  • r8237: [Sec] Excessive CPU consumption on malformed files (DMF, MDL).
  • r8236: [Sec] Infinite loop in plugin routing.
  • r8235: [Sec] Division by zero in tempo calculation.

The following individual patches fix the mentioned issues (these patches must all be applied sequentially on top of the original libopenmpt-0.2.7386-beta20.3 source release):

The following libopenmpt versions are currently supported with security fixes by the OpenMPT/libopenmpt project:

  • 0.2.8190-beta24
    • Current stable version.
    • Receives security updates.
    • Receives minor playback fixes.
  • 0.2.7561-beta20.5-p4
    • Older stable version which is supported on Unix-like systems only.
    • Receives only security fixes.
  • 0.2.7386-beta20.3-p7
    • Older stable version which is supported on Unix-like systems only.
    • Receives only security fixes.
  • 0.3 (SVN trunk)
    • development
    • security updates
    • playback fixes
    • new features
    • new file formats

Please update to the new versions.

This is an announcement-only mailing list. You cannot post here. This mailing list’s website is at https://lists.sourceforge.net/lists/listinfo/modplug-libopenmpt-announce .

The libopenmpt website is at https://lib.openmpt.org/libopenmpt/ .

For general discussion, please use the forums at https://forum.openmpt.org/ .

For bug reports, please use the bug tracker at https://bugs.openmpt.org/ .

For security-related reports or discussion, you may also use the libopenmpt security contact address at security@… .