stable

adplug-2.3.3-1.fc33, audacious-plugins-4.0.5-3.fc33, & 1 more

FEDORA-2021-64168929e4 created by robert 3 years ago for Fedora 33

AdPlug 2.3.3

  • New RAD player replacing the old one
  • Bug fixes: (huge thanks to Alexander Miller for these)
    • CVE-2019-14690 - buffer overflow in .bmf
    • CVE-2019-14691 - buffer overflow in .dtm
    • CVE-2019-14692 - buffer overflow in .mkj
    • CVE-2019-14732 - buffer overflow in .a2m
    • CVE-2019-14733 - buffer overflow in .rad
    • CVE-2019-14734 - buffer overflow in .mtk
    • CVE-2019-15151 - double free and OOB reads in .u6m
    • OOB reads in .xad
    • OOB reads in .rix

AdPlug 2.3.2

  • Bug fixes:
    • FMOPL: Fix global variable pointer double-free (CVE-2018-17825)
    • HERAD: Fix compilation on GCC 4.2.1
    • ADL: Calling rewind() before update() causes access violation
    • Move OPL reset/init code to rewind() for some players

AdPlug 2.3.1

  • Fixed unconditional inclusion of "sys/io.h" on Linux
  • Autotools improvement
    • Non-recursive Automake, improved parallelizability
    • Compatibility fixes for FreeBSD's pmake and OpenBSD's make
    • Out-of-source building

AdPlug 2.3

  • Bug fixes:
    • CMF: Fix uninitialised variable use (thanks binarymaster)
    • CMF: Handle invalid offsets without crashing
    • ROL: Prevent access beyond end of vector
    • MSC: Fix use of uninitialised variable
    • HSC: Handle out of range patterns more gracefully
    • MID: Fix out of range array read
    • LDS: Use the tempo stored inside the Loudness-File instead of simply returning 70Hz
    • RIX: Fix several replay bugs (thanks to Palxex)
    • RIX: Big-endian fix by Wei Mingzhi
    • XAD: Tempo fix
    • Various other out of bounds array fixes, timing fixes, etc.
  • New formats:
    • BMF: Easy AdLib 1.0
    • CMF: SoundFX Macs Opera
    • GOT: God of Thunder
    • HSQ/SQX/SDB/AGD/HA2: Herbulot AdLib System (HERAD)
    • MUS/IMS/MDI: AdLib Visual Composer ROL derivatives
    • SOP: sopepos' Note Player
    • VGM: Video Game Music
  • Allow compilation on platforms that don't support real OPL hardware access
  • Add support for compiling on Appveyor and publishing a NuGet package
  • Add Visual Studio 2015 projects
  • Add support for Travis CI builds
  • Add new CRC16 and CRC32 tests
  • Addition of WoodyOPL from DOSBox SVN (thanks to NY00123)
  • Addition of NukedOPL (thanks to loki666 and nukeykt)
  • Move from SourceForge to GitHub
  • DRO player refactored (thanks to Laurence Myers and William Yates)
  • Add (mono) OPL3 support to the surround/harmonic-effect OPL
  • Fix occasional random noise in right channel when using surround OPL and Satoh synth
  • Add display for ROL comment and instrument names
  • Improve support for different Westwood ADL format versions
  • Improve CMF transpose support (per-channel now)
  • Autotools build environment updated

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-64168929e4

This update has been submitted for testing by robert.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

robert edited this update.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon leigh123linux commented & provided feedback 3 years ago
karma

Where is the .so version bump announcement?

Problem: package mpd-1:0.22.3-1.fc33.x86_64 requires libadplug-2.2.1.so.0()(64bit), but none of the providers can be installed

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

3 years ago
User Icon robert commented & provided feedback 3 years ago

Where is the .so version bump announcement?

Oh…sorry, I didn't send my draft. Thank you for the pointer. I've updated my mail and sent it now.

This update can be pushed to stable now if the maintainer wishes

3 years ago

This update has been submitted for stable by robert.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1743108 CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h
0
0
BZ#1743109 CVE-2019-15151 adplug: double free in function Cu6mPlayer in u6m.h [fedora-all]
0
0
BZ#1770224 CVE-2019-14692 adplug: heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp leads to arbitrary code execution
0
0
BZ#1770243 CVE-2019-14690 adplug: heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp leads to arbitrary code execution
0
0
BZ#1770257 CVE-2019-14691 adplug: heap-based buffer overflow in CdtmLoader::load() in dtm.cpp leads to arbitrary code execution
0
0
BZ#1778710 CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp
0
0
BZ#1778711 CVE-2019-14734 adplug: multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp [fedora-all]
0
0
BZ#1778716 CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp
0
0
BZ#1778717 CVE-2019-14732 adplug: multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp [fedora-all]
0
0
BZ#1778720 CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp
0
0
BZ#1778721 CVE-2019-14733 adplug: multiple heap-based buffer overflows in CradLoader::load() in rad.cp [fedora-all]
0
0

Automated Test Results