Package Details: adplug 2.3.3-1

Git Clone URL: https://aur.archlinux.org/adplug.git (read-only, click to copy)
Package Base: adplug
Description: AdLib sound player library
Upstream URL: http://adplug.github.io/
Licenses: LGPL
Submitter: None
Maintainer: miffe
Last Packager: miffe
Votes: 22
Popularity: 0.000000
First Submitted: 2006-09-04 20:57 (UTC)
Last Updated: 2020-06-10 19:42 (UTC)

Latest Comments

Malvineous commented on 2020-06-10 01:23 (UTC)

FYI 2.3.3 has finally been released with all the CVE fixes.

Malvineous commented on 2020-05-11 11:52 (UTC)

2.3.2 is now released which only includes a fix for CVE-2018-17825. Fixes for all the other CVEs have been merged into git master but as this is quite a lot of untested code, I'm going to hold off on a release for a couple of weeks to give people a chance to test it.

If we don't get any issues opened over the next week or two then we'll release 2.3.3 which will resolve all the currently outstanding CVEs plus a few other similar bugs without CVEs assigned.

Malvineous commented on 2020-05-09 10:30 (UTC)

Just give me a couple of days and I'll do a new AdPlug release. We haven't rushed in with a release because the bugs are pretty obscure and someone was a bit overzealous with assigning all the CVEs :) I was planning to wait until they had all been merged and then it slipped my mind so my apologies for that. If you're worried about security, just don't play any unknown files until the next release. If you do come across a compromised file make sure you let us know because it will be the first!

miffe commented on 2020-05-09 02:03 (UTC)

@JKAbrams: Ouch. You found a goldmine of CVE:s. Unfortunately, there is no releases or even tags to fetch a better version from, so i would advise everyone to use adplug-git until there is a new release. I don't want to switch this package to an random git commit, and i doubt there are compromised adlib songs out there.

JKAbrams commented on 2020-05-08 21:31 (UTC) (edited on 2020-05-08 21:36 (UTC) by JKAbrams)

But really I would not suggest anyone uses this library without PR109 (not merged yet) which fixes a big set of security critical memory problems. https://github.com/adplug/adplug/pull/109

JKAbrams commented on 2020-05-08 21:30 (UTC) (edited on 2020-05-08 21:34 (UTC) by JKAbrams)

I flagged this package as "out-of-date".

I think it would be prudent to bump the version up to 2.3.2-beta despite the "beta"-label since it is security critical release with the only other change being a compilation fix.

Changes for version 2.3.2-beta:
Bug fixes:
- FMOPL: Fix global variable pointer double-free (CVE-2018-17825)
- HERAD: Fix compilation on GCC 4.2.1

https://github.com/adplug/adplug/commit/a18ca3227a21fa4cea303b6cdc68d22466a0dd0d

The 2.3.2-beta branch: https://github.com/adplug/adplug/tree/a18ca3227a21fa4cea303b6cdc68d22466a0dd0d

jeremyvisser commented on 2018-10-21 00:55 (UTC)

adplug 2.3.1 (as currently packaged) is vulnerable to CVE-2018-17825 (double-free issue).

Fix is here: https://github.com/adplug/adplug/commit/19ebb61bf92262dc1868de10ba5a211db249ce76

Chromaryu commented on 2017-03-01 14:42 (UTC)

also change download site to new one please?

Jarshvor commented on 2015-04-16 21:35 (UTC)

so sustituting build() in PKGBUILD with package() just works...

miffe commented on 2013-05-21 13:00 (UTC)

@Bonster: I'm not seeing this. Can you email or pastebin your config.log for me to take a look at?

Bonster commented on 2013-05-13 11:10 (UTC)

Got this error while trying to install OCP (Open Cubic Player) Says im missing libbinio but i already have it installed; version 1.4-2 Anyone know how to fix this? Thanks --------------------------------- checking for libbinio... configure: error: Package requirements (libbinio >= 1.4) were not met: No package 'libbinio' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables libbinio_CFLAGS and libbinio_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. ==> ERROR: A failure occurred in build(). Aborting... ==> ERROR: Makepkg was unable to build adplug. ==> Restart building adplug ? [y/N] ==> -------------------------------

miffe commented on 2011-11-08 08:22 (UTC)

@Malvineous: OCP is the opencubicplayer, see the ocp package. I uploaded a separate adplug-mame package here https://aur.archlinux.org/packages.php?ID=53826 it should work as a drop in replacement, except for ocp...

Malvineous commented on 2011-11-07 21:37 (UTC)

What's OCP? And can it be fixed? Adplug sounds awful without the MAME patch.

miffe commented on 2011-11-07 13:24 (UTC)

adplug 2.2.1-3: - Removed the MAME patch since it breaks ocp

miffe commented on 2011-05-09 07:51 (UTC)

adplug 2.2.1-2: - Added MAME patch (Thanks Malvineous)

Malvineous commented on 2011-05-02 13:00 (UTC)

Any chance of getting the MAME patch included in this? http://www.shikadi.net/adplug/

miffe commented on 2011-01-14 14:57 (UTC)

Repo has been renamed, both for i686 and x86_64. [miffe] Server = http://arch.miffe.org/$arch/

miffe commented on 2010-11-01 09:00 (UTC)

I have created a x86_64 repo. [miffe-x86_64] Server = http://arch.miffe.org

miffe commented on 2010-09-15 17:53 (UTC)

New URL for my repo: [miffe] Server = http://arch.miffe.org/

miffe commented on 2010-06-18 19:33 (UTC)

adplug 2.2.1-1: - New upstream release

miffe commented on 2010-04-28 20:34 (UTC)

Binaries available at http://miffe.org/repos/arch/ Add to pacman.conf [miffe] Server=http://miffe.org/repos/arch/