libopenmpt security updates 0.5.14, 0.4.26, 0.3.35
The OpenMPT/libopenmpt project released the latest stable libopenmpt version:
libopenmpt 0.5.14 (2021-12-05)
-
[Sec] Possible out-of-bounds read in Chorus plugin with NaN plugin parameters. Most implementations of the “fast math” compiler optimizations will prevent this crash but it is not guaranteed. (r16096)
-
[Bug] Fixed undefined behaviour with custom tunings found with ubsan.
- OPL: Improved channel allocation strategy when there are lots of faded-out notes.
- MOD: Digital Tracker MODs have four unknown bytes right after the magic bytes which seem to be ignored even by Digital Tracker itself. Just skip over them.
- The logic when to turn off the resonant filter was broken in some edge cases since libopenmpt 0.5.1.
- IMF: Implemented XE1-XE3 commands, which disable individual envelopes. Command Nxy (cutoff slide + resonance) is now also partially supported (only resonance for now).
- IMF: Filter envelopes were upside down.
- MTM: Omitting pattern loading through the load.skip_patterns ctl caused sample data to be corrupted.
- S3M: Ignore O00 commands in files created with Scream Tracker 3.00 and 3.01, as this command only gained effect memory in version 3.03.
- STM: Use S3M-like sample swap behaviour.
-
XM: Disable arpeggio quirk for XMs made with Skale Tracker. Fixes KAPTENFL.XM.
- miniz: Update to v2.2.0 (2021-06-27).
- minimp3: Update to commit 50d2aaf360a53653b718fead8e258d654c3a7e41 (2021-11-27).
The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.14+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.14+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.5.14+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The OpenMPT/libopenmpt project also released an update to the old libopenmpt 0.4 stable branch:
libopenmpt 0.4.26 (2021-12-05)
-
[Sec] Possible out-of-bounds read in Chorus plugin with NaN plugin parameters. Most implementations of the “fast math” compiler optimization will prevent this crash but it is not guaranteed. (r16108, r16110)
- The logic when to turn off the resonant filter was broken in some edge cases since libopenmpt 0.4.14.
- IMF: Implemented XE1-XE3 commands, which disable individual envelopes. Command Nxy (cutoff slide + resonance) is now also partially supported (only resonance for now).
- IMF: Filter envelopes were upside down.
- MTM: Omitting pattern loading through the load.skip_patterns ctl caused sample data to be corrupted.
- S3M: Ignore O00 commands in files created with Scream Tracker 3.00 and 3.01, as this command only gained effect memory in version 3.03.
-
XM: Disable arpeggio quirk for XMs made with Skale Tracker. Fixes KAPTENFL.XM.
- miniz: Update to v2.2.0 (2021-06-27).
- minimp3: Update to commit 50d2aaf360a53653b718fead8e258d654c3a7e41 (2021-11-27).
The changelog for older versions can be found at https://lib.openmpt.org/doc/changelog.html .
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.26+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.26+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.4.26+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The OpenMPT/libopenmpt project also released an update to the old libopenmpt 0.3 stable branch:
libopenmpt 0.3.35 (2021-12-05)
-
[Sec] Possible out-of-bounds read in Chorus plugin with NaN plugin parameters. Most implementations of the “fast math” compiler optimizations will prevent this crash but it is not guaranteed. (r16109, r16111)
- The logic when to turn off the resonant filter was broken in some edge cases since libopenmpt 0.3.23.
- IMF: Implemented XE1-XE3 commands, which disable individual envelopes. Command Nxy (cutoff slide + resonance) is now also partially supported (only resonance for now).
- IMF: Filter envelopes were upside down.
- MTM: Omitting pattern loading through the load.skip_patterns ctl caused sample data to be corrupted.
- S3M: Ignore O00 commands in files created with Scream Tracker 3.00 and 3.01, as this command only gained effect memory in version 3.03.
-
XM: Disable arpeggio quirk for XMs made with Skale Tracker. Fixes KAPTENFL.XM.
- miniz: Update to v2.2.0 (2021-06-27).
Source code download links:
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.35+release.autotools.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.35+release.makefile.tar.gz
- https://lib.openmpt.org/files/libopenmpt/src/libopenmpt-0.3.35+release.msvc.zip
Documentation and binary downloads can be found at the libopenmpt website at https://lib.openmpt.org/libopenmpt/.
The following libopenmpt versions are currently supported with security fixes by the OpenMPT/libopenmpt project:
- 0.5.14
- Current stable version.
- Receives security updates.
- Receives minor playback fixes.
- 0.4.26
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.3.35
- Old stable version.
- Receives security updates.
- Receives trivial bug fixes.
- 0.6 (SVN trunk)
- development
- security updates
- playback fixes
- new features
- new file formats
Please update to the newest versions.