pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/audio/libopenmpt libopenmpt: update to 0.4.11.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/34c38fc400a0
branches:  trunk
changeset: 407138:34c38fc400a0
user:      fcambus <fcambus%pkgsrc.org@localhost>
date:      Thu Jan 02 09:23:58 2020 +0000

description:
libopenmpt: update to 0.4.11.

This fixes CVE-2019-14380 and CVE-2019-17113.

ChangeLog:

### libopenmpt 0.4.11 (2019-12-22)

 *  MOD: Fix initial instrument change with no note playing. Fixes first pattern
    of Beyond Music by Captain.

### libopenmpt 0.4.10 (2019-10-30)

 *  The "date" metadata could contain a bogus date for some older IT files.
 *  Do not apply global volume ramping from initial global volume when seeking.

 *  MTM: Sample loop length was off by one.
 *  PSM: Sample loop length was off by one in most files.

 *  mpg123: Update to v1.25.13 (2019-10-26).

### libopenmpt 0.4.9 (2019-10-02)

 *  [**Sec**] libmodplug: C API: Limit the length of strings copied to the
    output buffer of `ModPlug_InstrumentName()` and `ModPlug_SampleName()` to 32
    bytes (including terminating null) as is done by original libmodplug. This
    avoids potential buffer overflows in software relying on this limit instead
    of querying the required buffer size beforehand. libopenmpt can return
    strings longer than 32 bytes here beacuse the internal limit of 32 bytes
    applies to strings encoded in arbitrary character encodings but the API
    returns them converted to UTF-8, which can be longer. (reported by Antonio
    Morales Maldonado of Semmle Security Research Team) (r12129)
    ([CVE-2019-17113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17113))
 *  [**Sec**] libmodplug: C++ API: Do not return 0 in
    `CSoundFile::GetSampleName()` and `CSoundFile::GetInstrumentName()` when a
    null output pointer is provided. This behaviour differed from libmodplug and
    made it impossible to determine the required buffer size. (r12130)

### libopenmpt 0.4.8 (2019-09-30)

 *  [**Sec**] Possible crash due to out-of-bounds read when playing an OPL note
    with active filter in S3M or MPTM files (r12118).

### libopenmpt 0.4.7 (2019-09-23)

 *  [**Bug**] Compilation fix for various platforms that do not provide
    `std::aligned_alloc` in C++17 mode. The problematic dependency has been
    removed. This should fix build problems on MinGW, OpenBSD, Haiku, and others
    for good.

 *  J2B: Ignore notes with non-existing instrument (fixes Ending.j2b).

 *  mpg123: Update to v1.25.12 (2019-08-24).
 *  ogg: Update to v1.3.4. (2019-08-31).
 *  flac: Update to v1.3.3. (2019-08-04).

### libopenmpt 0.4.6 (2019-08-10)

 *  [**Bug**] Compilation fix for OpenBSD.
 *  [**Bug**] Compilation fix for NO_PLUGINS being defined.

 *  in_openmpt: Correct documentation. `openmpt-mpg123.dll` must be placed into
    the Winamp directory.

 *  Detect IT files unpacked with early UNMO3 versions.

 *  mpg123: Update to v1.25.11 (2019-07-18).
 *  minimp3: Update to commit 977514a6dfc4960d819a103f43b358e58ac6c28f
    (2019-07-24).
 *  miniz: Update to v2.1.0 (2019-05-05).
 *  stb_vorbis: Update to v1.17 (2019-08-09).

### libopenmpt 0.4.5 (2019-05-27)

 *  [**Sec**] Possible crash during playback due out-of-bounds read in XM and
    MT2 files (r11608).
    ([CVE-2019-14380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14380))

 *  Breaking out of a sustain loop through Note-Off sometimes didn't continue in
    the regular sample loop.
 *  Seeking did not stop notes playing with XM Key Off (Kxx) effect.

### libopenmpt 0.4.4 (2019-04-07)

 *  [**Bug**] Channel VU meters were swapped.

 *  Startrekker: Clamp speed to 31 ticks per row.
 *  MTM: Ignore unused Exy commands on import. Command E5x (Set Finetune) is now
    applied correctly.
 *  MOD: Sample swapping was always enabled since it has been separated from the
    ProTracker 1/2 compatibility flag. Now it is always enabled for Amiga-style
    modules and otherwise the old heuristic is used again.

 *  stb_vorbis: Update to v1.16 (2019-03-05).

diffstat:

 audio/libopenmpt/Makefile |   9 ++++-----
 audio/libopenmpt/distinfo |  10 +++++-----
 2 files changed, 9 insertions(+), 10 deletions(-)

diffs (36 lines):

diff -r 3eaf0498ddff -r 34c38fc400a0 audio/libopenmpt/Makefile
--- a/audio/libopenmpt/Makefile Thu Jan 02 09:20:16 2020 +0000
+++ b/audio/libopenmpt/Makefile Thu Jan 02 09:23:58 2020 +0000
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.31 2019/11/02 21:09:14 rillig Exp $
+# $NetBSD: Makefile,v 1.32 2020/01/02 09:23:58 fcambus Exp $
 
-DISTNAME=      libopenmpt-0.4.3+release.autotools
+DISTNAME=      libopenmpt-0.4.11+release.autotools
 PKGNAME=       ${DISTNAME:C/\+.*//}
-PKGREVISION=   1
 CATEGORIES=    audio
-MASTER_SITES=  http://lib.openmpt.org/files/libopenmpt/src/
+MASTER_SITES=  https://lib.openmpt.org/files/libopenmpt/src/
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE=      http://lib.openmpt.org/libopenmpt/
+HOMEPAGE=      https://lib.openmpt.org/libopenmpt/
 COMMENT=       Library to decode tracked music files into a raw PCM audio stream
 LICENSE=       modified-bsd
 
diff -r 3eaf0498ddff -r 34c38fc400a0 audio/libopenmpt/distinfo
--- a/audio/libopenmpt/distinfo Thu Jan 02 09:20:16 2020 +0000
+++ b/audio/libopenmpt/distinfo Thu Jan 02 09:23:58 2020 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.24 2019/02/13 22:22:44 wiz Exp $
+$NetBSD: distinfo,v 1.25 2020/01/02 09:23:58 fcambus Exp $
 
-SHA1 (libopenmpt-0.4.3+release.autotools.tar.gz) = acc45e0868e8a93cf6f456eab2e5d52c1ca12d05
-RMD160 (libopenmpt-0.4.3+release.autotools.tar.gz) = 90d29352edd72b39557297eaa378ee744fd118bf
-SHA512 (libopenmpt-0.4.3+release.autotools.tar.gz) = 7d212409aa36fe5ce0d05f454f937a1e5b77fe14956f94e56bc364d4bca0e8fb5876a2924509f16eec2f9708189025fc6c5cbebcbe9937027ea46610a51e612d
-Size (libopenmpt-0.4.3+release.autotools.tar.gz) = 1462862 bytes
+SHA1 (libopenmpt-0.4.11+release.autotools.tar.gz) = edd05d565950601c2bcb11e92d7dba95dd752a4e
+RMD160 (libopenmpt-0.4.11+release.autotools.tar.gz) = dd4ca76fcbdea55573a0f0f9da90e37de63e0cdd
+SHA512 (libopenmpt-0.4.11+release.autotools.tar.gz) = d720a0c04984f624f7ecd1ee8648045cd09ced2cc8b1cf3546404b9e73b2781493076391c1881e0d0eee72cf829a38365313efb9852448cd1cfe5f7b7f535e99
+Size (libopenmpt-0.4.11+release.autotools.tar.gz) = 1471760 bytes



Home | Main Index | Thread Index | Old Index