openSUSE Security Update: Security update for libopenmpt ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0885-1 Rating: moderate References: #1186663 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libopenmpt fixes the following issues: Various bugfix and stability issues were fixed, some of those might have security impact. libopenmpt was updated to 0.3.28: * Fixed excessive memory consumption with malformed files in various formats. Changes in 0.3.27: * AMS: Avoid allocating excessive amount of memory for compressed song message in malformed files. * S3M: Some samples were imported with a too high sample rate if module was saved with Scream Tracker 3. Changes in 0.3.26: * DMF: Improve import of finetune effect with parameters larger than +/-15. Changes in 0.3.25: * AMS: An upper bound for uncompressed sample size is now established to avoid memory exhaustion from malformed files. * MO3: Avoid certain ModPlug hacks from being fixed up twice, which could lead to e.g. very narrow pan swing range for old OpenMPT IT files saved with a recent MO3 encoder version. * IMF: Instrument sample mapping was off by one octave, notable in the guitar part of Astaris by Karsten Koch. * PLM: Percentage offset (Mxx) was slightly off. Changes in 0.3.24: * PP20: The first few bytes of some files were not decompressed properly, making some files unplayable (depending on the original format). Changes in 0.3.23: * IT: Global volume slides with both nibbles set preferred the ���slide up��� nibble over the ���slide down��� nibble in old OpenMPT versions, unlike other slides. Such old files are now imported correctly again. * IT: Fixed an edge case where, if the filter hit full cutoff / no resonance on the first tick of a row where a new delayed note would be triggered, the filter would be disabled even though it should stay active. Fixes trace.it by maddie. * XM: Out-of-range arpeggio clamping behaviour broke in OpenMPT 1.23.05.00. The arpeggios in Binary World by Dakota now play correctly again. * S3M: Support old-style sample pre-amp value in very early S3M files. * S3M: Only force-enable fast slides for files ST 3.00. Previously, any S3M file made with an ST3 version older than 3.20 enabled them. * M15: Improve tracker detection heuristics to never assume SoundTracker 2.0 if there is a huge number of Dxx commands, as that is a definite hint that they should be treated as volume slides. Fixes Monty On The Run by Master Blaster. Changes in 0.3.22: * IT: Disable retrigger with short notes quirk for modules saved with Chibi Tracker, as it does not implement that quirk. * MOD: Fix early song ending due to ProTracker pattern jump quirk (EEx + Dxx on same row) if infinite looping is disabled. Fixes Haunted Tracks.mod by Triace. * MOD: Vibrato type ���ramp down��� was upside down. Changes in 0.3.21: * IT: Vibrato was too fast in Old Effects mode since libopenmpt 0.3. * XM: Treat 8bitbubsy���s FT2 clone exactly like Fasttracker 2 with respect to compatibility and playback flags. For example, FT2 Pan Law was not applied. * DMF: Some files had a wrong tempo since libopenmpt 0.2.5705-beta15. This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-885=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libmodplug-devel-0.3.28-lp152.2.3.1 libmodplug1-0.3.28-lp152.2.3.1 libmodplug1-debuginfo-0.3.28-lp152.2.3.1 libopenmpt-debugsource-0.3.28-lp152.2.3.1 libopenmpt-devel-0.3.28-lp152.2.3.1 libopenmpt0-0.3.28-lp152.2.3.1 libopenmpt0-debuginfo-0.3.28-lp152.2.3.1 libopenmpt_modplug1-0.3.28-lp152.2.3.1 libopenmpt_modplug1-debuginfo-0.3.28-lp152.2.3.1 openmpt123-0.3.28-lp152.2.3.1 openmpt123-debuginfo-0.3.28-lp152.2.3.1 - openSUSE Leap 15.2 (x86_64): libmodplug1-32bit-0.3.28-lp152.2.3.1 libmodplug1-32bit-debuginfo-0.3.28-lp152.2.3.1 libopenmpt0-32bit-0.3.28-lp152.2.3.1 libopenmpt0-32bit-debuginfo-0.3.28-lp152.2.3.1 libopenmpt_modplug1-32bit-0.3.28-lp152.2.3.1 libopenmpt_modplug1-32bit-debuginfo-0.3.28-lp152.2.3.1 References: https://bugzilla.suse.com/1186663