Security update for libopenmpt (moderate)

2021-06-16T20:28:51
ID OPENSUSE-SU-2021:0885-1
Type suse
Reporter Suse
Modified 2021-06-16T20:28:51

Description

An update that contains security fixes can now be installed.

Description:

This update for libopenmpt fixes the following issues:

Various bugfix and stability issues were fixed, some of those might have security impact.

libopenmpt was updated to 0.3.28:

  • Fixed excessive memory consumption with malformed files in various formats.

Changes in 0.3.27:

  • AMS: Avoid allocating excessive amount of memory for compressed song message in malformed files.
  • S3M: Some samples were imported with a too high sample rate if module was saved with Scream Tracker 3.

Changes in 0.3.26:

  • DMF: Improve import of finetune effect with parameters larger than +/-15.

Changes in 0.3.25:

  • AMS: An upper bound for uncompressed sample size is now established to avoid memory exhaustion from malformed files.
  • MO3: Avoid certain ModPlug hacks from being fixed up twice, which could lead to e.g. very narrow pan swing range for old OpenMPT IT files saved with a recent MO3 encoder version.
  • IMF: Instrument sample mapping was off by one octave, notable in the guitar part of Astaris by Karsten Koch.
  • PLM: Percentage offset (Mxx) was slightly off.

Changes in 0.3.24:

  • PP20: The first few bytes of some files were not decompressed properly, making some files unplayable (depending on the original format).

Changes in 0.3.23:

  • IT: Global volume slides with both nibbles set preferred the ���slide up��� nibble over the ���slide down��� nibble in old OpenMPT versions, unlike other slides. Such old files are now imported correctly again.
  • IT: Fixed an edge case where, if the filter hit full cutoff / no resonance on the first tick of a row where a new delayed note would be triggered, the filter would be disabled even though it should stay active. Fixes trace.it by maddie.
  • XM: Out-of-range arpeggio clamping behaviour broke in OpenMPT 1.23.05.00. The arpeggios in Binary World by Dakota now play correctly again.
  • S3M: Support old-style sample pre-amp value in very early S3M files.
  • S3M: Only force-enable fast slides for files ST 3.00. Previously, any S3M file made with an ST3 version older than 3.20 enabled them.
  • M15: Improve tracker detection heuristics to never assume SoundTracker 2.0 if there is a huge number of Dxx commands, as that is a definite hint that they should be treated as volume slides. Fixes Monty On The Run by Master Blaster.

Changes in 0.3.22:

  • IT: Disable retrigger with short notes quirk for modules saved with Chibi Tracker, as it does not implement that quirk.
  • MOD: Fix early song ending due to ProTracker pattern jump quirk (EEx + Dxx on same row) if infinite looping is disabled. Fixes Haunted Tracks.mod by Triace.
  • MOD: Vibrato type ���ramp down��� was upside down.

Changes in 0.3.21:

  • IT: Vibrato was too fast in Old Effects mode since libopenmpt 0.3.
  • XM: Treat 8bitbubsy���s FT2 clone exactly like Fasttracker 2 with respect to compatibility and playback flags. For example, FT2 Pan Law was not applied.
  • DMF: Some files had a wrong tempo since libopenmpt 0.2.5705-beta15.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-885=1