diff options
author | James Cowgill <jcowgill@debian.org> | 2019-10-04 10:01:20 +0100 |
---|---|---|
committer | James Cowgill <jcowgill@debian.org> | 2019-10-04 10:01:20 +0100 |
commit | fe26d12bd2e63d57cb196fd9b66a54ba1d54f3a0 (patch) | |
tree | 92d4ea50419f75b503c8c1cc62aba6dd26e1d23d | |
parent | 9bcdf1daa7c75e4f4141a3c76490aac37fedc770 (diff) | |
parent | 3f8fc5dffe02081c55aa8a9fbe4ab090dd831e67 (diff) |
Update upstream source from tag 'upstream/0.4.9'
Update to upstream version '0.4.9'
with Debian dir 4722dbd83d4ba10107fb5c5a529caf6366c2b337
-rw-r--r-- | common/versionNumber.h | 2 | ||||
-rwxr-xr-x | configure | 26 | ||||
-rw-r--r-- | configure.ac | 8 | ||||
-rw-r--r-- | libopenmpt/dox/changelog.md | 16 | ||||
-rw-r--r-- | libopenmpt/libopenmpt_modplug.c | 46 | ||||
-rw-r--r-- | libopenmpt/libopenmpt_modplug_cpp.cpp | 14 | ||||
-rw-r--r-- | libopenmpt/libopenmpt_version.h | 2 | ||||
-rw-r--r-- | libopenmpt/libopenmpt_version.mk | 4 | ||||
-rw-r--r-- | man/openmpt123.1 | 2 |
9 files changed, 58 insertions, 62 deletions
diff --git a/common/versionNumber.h b/common/versionNumber.h index e62b7cc..ee67ed3 100644 --- a/common/versionNumber.h +++ b/common/versionNumber.h @@ -21,7 +21,7 @@ OPENMPT_NAMESPACE_BEGIN #define VER_MAJORMAJOR 1 #define VER_MAJOR 28 #define VER_MINOR 07 -#define VER_MINORMINOR 02 +#define VER_MINORMINOR 04 //Numerical value of the version. #define MPT_VERSION_CURRENT MAKE_VERSION_NUMERIC(VER_MAJORMAJOR,VER_MAJOR,VER_MINOR,VER_MINORMINOR) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libopenmpt 0.4.8+release.autotools. +# Generated by GNU Autoconf 2.69 for libopenmpt 0.4.9+release.autotools. # # Report bugs to <https://bugs.openmpt.org/>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libopenmpt' PACKAGE_TARNAME='libopenmpt' -PACKAGE_VERSION='0.4.8+release.autotools' -PACKAGE_STRING='libopenmpt 0.4.8+release.autotools' +PACKAGE_VERSION='0.4.9+release.autotools' +PACKAGE_STRING='libopenmpt 0.4.9+release.autotools' PACKAGE_BUGREPORT='https://bugs.openmpt.org/' PACKAGE_URL='https://lib.openmpt.org/' @@ -1485,7 +1485,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libopenmpt 0.4.8+release.autotools to adapt to many kinds of systems. +\`configure' configures libopenmpt 0.4.9+release.autotools to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1556,7 +1556,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libopenmpt 0.4.8+release.autotools:";; + short | recursive ) echo "Configuration of libopenmpt 0.4.9+release.autotools:";; esac cat <<\_ACEOF @@ -1756,7 +1756,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libopenmpt configure 0.4.8+release.autotools +libopenmpt configure 0.4.9+release.autotools generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2246,7 +2246,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libopenmpt $as_me 0.4.8+release.autotools, which was +It was created by libopenmpt $as_me 0.4.9+release.autotools, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3117,7 +3117,7 @@ fi # Define the identity of the package. PACKAGE='libopenmpt' - VERSION='0.4.8+release.autotools' + VERSION='0.4.9+release.autotools' cat >>confdefs.h <<_ACEOF @@ -17281,13 +17281,13 @@ LIBOPENMPT_LTVER_AGE=1 -$as_echo "#define MPT_SVNURL \"https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.8\"" >>confdefs.h +$as_echo "#define MPT_SVNURL \"https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.9\"" >>confdefs.h -$as_echo "#define MPT_SVNVERSION \"12122\"" >>confdefs.h +$as_echo "#define MPT_SVNVERSION \"12139\"" >>confdefs.h -$as_echo "#define MPT_SVNDATE \"2019-09-30T07:50:33.283911Z\"" >>confdefs.h +$as_echo "#define MPT_SVNDATE \"2019-10-02T14:33:59.345896Z\"" >>confdefs.h $as_echo "#define MPT_PACKAGE true" >>confdefs.h @@ -23527,7 +23527,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libopenmpt $as_me 0.4.8+release.autotools, which was +This file was extended by libopenmpt $as_me 0.4.9+release.autotools, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -23594,7 +23594,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libopenmpt config.status 0.4.8+release.autotools +libopenmpt config.status 0.4.9+release.autotools configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 57c56e6..55f3593 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([libopenmpt], [0.4.8+release.autotools], [https://bugs.openmpt.org/], [libopenmpt], [https://lib.openmpt.org/]) +AC_INIT([libopenmpt], [0.4.9+release.autotools], [https://bugs.openmpt.org/], [libopenmpt], [https://lib.openmpt.org/]) AC_PREREQ([2.68]) AC_CONFIG_MACRO_DIR([m4]) @@ -27,9 +27,9 @@ AC_SUBST([LIBOPENMPT_LTVER_CURRENT]) AC_SUBST([LIBOPENMPT_LTVER_REVISION]) AC_SUBST([LIBOPENMPT_LTVER_AGE]) -AC_DEFINE([MPT_SVNURL], ["https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.8"], [svn version]) -AC_DEFINE([MPT_SVNVERSION], ["12122"], [svn version]) -AC_DEFINE([MPT_SVNDATE], ["2019-09-30T07:50:33.283911Z"], [svn date]) +AC_DEFINE([MPT_SVNURL], ["https://source.openmpt.org/svn/openmpt/tags/libopenmpt-0.4.9"], [svn version]) +AC_DEFINE([MPT_SVNVERSION], ["12139"], [svn version]) +AC_DEFINE([MPT_SVNDATE], ["2019-10-02T14:33:59.345896Z"], [svn date]) AC_DEFINE([MPT_PACKAGE], [true], [is package]) diff --git a/libopenmpt/dox/changelog.md b/libopenmpt/dox/changelog.md index 4aff2cf..6b4c678 100644 --- a/libopenmpt/dox/changelog.md +++ b/libopenmpt/dox/changelog.md @@ -5,6 +5,22 @@ Changelog {#changelog} For fully detailed change log, please see the source repository directly. This is just a high-level summary. +### libopenmpt 0.4.9 (2019-10-02) + + * [**Sec**] libmodplug: C API: Limit the length of strings copied to the + output buffer of `ModPlug_InstrumentName()` and `ModPlug_SampleName()` to 32 + bytes (including terminating null) as is done by original libmodplug. This + avoids potential buffer overflows in software relying on this limit instead + of querying the required buffer size beforehand. libopenmpt can return + strings longer than 32 bytes here beacuse the internal limit of 32 bytes + applies to strings encoded in arbitrary character encodings but the API + returns them converted to UTF-8, which can be longer. (reported by Antonio + Morales Maldonado of Semmle Security Research Team) (r12129) + * [**Sec**] libmodplug: C++ API: Do not return 0 in + `CSoundFile::GetSampleName()` and `CSoundFile::GetInstrumentName()` when a + null output pointer is provided. This behaviour differed from libmodplug and + made it impossible to determine the required buffer size. (r12130) + ### libopenmpt 0.4.8 (2019-09-30) * [**Sec**] Possible crash due to out-of-bounds read when playing an OPL note diff --git a/libopenmpt/libopenmpt_modplug.c b/libopenmpt/libopenmpt_modplug.c index d5b4695..da13edc 100644 --- a/libopenmpt/libopenmpt_modplug.c +++ b/libopenmpt/libopenmpt_modplug.c @@ -478,53 +478,35 @@ LIBOPENMPT_MODPLUG_API unsigned int ModPlug_NumChannels(ModPlugFile* file) LIBOPENMPT_MODPLUG_API unsigned int ModPlug_SampleName(ModPlugFile* file, unsigned int qual, char* buff) { const char* str; - unsigned int retval; - size_t tmpretval; + char buf[32]; if(!file) return 0; str = openmpt_module_get_sample_name(file->mod,qual-1); - if(!str){ - if(buff){ - *buff = '\0'; - } - return 0; - } - tmpretval = strlen(str); - if(tmpretval>=INT_MAX){ - tmpretval = INT_MAX-1; + memset(buf,0,32); + if(str){ + strncpy(buf,str,31); + openmpt_free_string(str); } - retval = (int)tmpretval; if(buff){ - memcpy(buff,str,retval+1); - buff[retval] = '\0'; + strncpy(buff,buf,32); } - openmpt_free_string(str); - return retval; + return (unsigned int)strlen(buf); } LIBOPENMPT_MODPLUG_API unsigned int ModPlug_InstrumentName(ModPlugFile* file, unsigned int qual, char* buff) { const char* str; - unsigned int retval; - size_t tmpretval; + char buf[32]; if(!file) return 0; str = openmpt_module_get_instrument_name(file->mod,qual-1); - if(!str){ - if(buff){ - *buff = '\0'; - } - return 0; - } - tmpretval = strlen(str); - if(tmpretval>=INT_MAX){ - tmpretval = INT_MAX-1; + memset(buf,0,32); + if(str){ + strncpy(buf,str,31); + openmpt_free_string(str); } - retval = (int)tmpretval; if(buff){ - memcpy(buff,str,retval+1); - buff[retval] = '\0'; + strncpy(buff,buf,32); } - openmpt_free_string(str); - return retval; + return (unsigned int)strlen(buf); } LIBOPENMPT_MODPLUG_API ModPlugNote* ModPlug_GetPattern(ModPlugFile* file, int pattern, unsigned int* numrows) diff --git a/libopenmpt/libopenmpt_modplug_cpp.cpp b/libopenmpt/libopenmpt_modplug_cpp.cpp index a1d36e5..f487339 100644 --- a/libopenmpt/libopenmpt_modplug_cpp.cpp +++ b/libopenmpt/libopenmpt_modplug_cpp.cpp @@ -304,9 +304,6 @@ void CSoundFile::SetCurrentOrder( UINT nOrder ) { UINT CSoundFile::GetSampleName( UINT nSample, LPSTR s ) const { mpcpplog(); - if ( !s ) { - return 0; - } char buf[32]; std::memset( buf, 0, 32 ); if ( mod ) { @@ -315,15 +312,14 @@ UINT CSoundFile::GetSampleName( UINT nSample, LPSTR s ) const { std::strncpy( buf, names[ nSample - 1 ].c_str(), 31 ); } } - std::memcpy( s, buf, 32 ); + if ( s ) { + std::strncpy( s, buf, 32 ); + } return static_cast<UINT>( std::strlen( buf ) ); } UINT CSoundFile::GetInstrumentName( UINT nInstr, LPSTR s ) const { mpcpplog(); - if ( !s ) { - return 0; - } char buf[32]; std::memset( buf, 0, 32 ); if ( mod ) { @@ -332,7 +328,9 @@ UINT CSoundFile::GetInstrumentName( UINT nInstr, LPSTR s ) const { std::strncpy( buf, names[ nInstr - 1 ].c_str(), 31 ); } } - std::memcpy( s, buf, 32 ); + if ( s ) { + std::strncpy( s, buf, 32 ); + } return static_cast<UINT>( std::strlen( buf ) ); } diff --git a/libopenmpt/libopenmpt_version.h b/libopenmpt/libopenmpt_version.h index cb1c2f3..686c351 100644 --- a/libopenmpt/libopenmpt_version.h +++ b/libopenmpt/libopenmpt_version.h @@ -19,7 +19,7 @@ /*! \brief libopenmpt minor version number */ #define OPENMPT_API_VERSION_MINOR 4 /*! \brief libopenmpt patch version number */ -#define OPENMPT_API_VERSION_PATCH 8 +#define OPENMPT_API_VERSION_PATCH 9 /*! \brief libopenmpt pre-release tag */ #define OPENMPT_API_VERSION_PREREL "" /*! \brief libopenmpt pre-release flag */ diff --git a/libopenmpt/libopenmpt_version.mk b/libopenmpt/libopenmpt_version.mk index 8b99bf9..59dd997 100644 --- a/libopenmpt/libopenmpt_version.mk +++ b/libopenmpt/libopenmpt_version.mk @@ -1,8 +1,8 @@ LIBOPENMPT_VERSION_MAJOR=0 LIBOPENMPT_VERSION_MINOR=4 -LIBOPENMPT_VERSION_PATCH=8 +LIBOPENMPT_VERSION_PATCH=9 LIBOPENMPT_VERSION_PREREL= LIBOPENMPT_LTVER_CURRENT=1 -LIBOPENMPT_LTVER_REVISION=8 +LIBOPENMPT_LTVER_REVISION=9 LIBOPENMPT_LTVER_AGE=1 diff --git a/man/openmpt123.1 b/man/openmpt123.1 index 74b6419..5f8572b 100644 --- a/man/openmpt123.1 +++ b/man/openmpt123.1 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. -.TH OPENMPT123 "1" "September 2019" "openmpt123 v0.4.8" "User Commands" +.TH OPENMPT123 "1" "October 2019" "openmpt123 v0.4.9" "User Commands" .SH NAME openmpt123 - command line module music player based on libopenmpt .SH SYNOPSIS |