--- libgig/trunk/ChangeLog 2017/05/21 12:46:05 3198 +++ libgig/trunk/ChangeLog 2017/10/03 17:12:07 3349 @@ -10,6 +10,8 @@ - print compiler warning if no RTTI available - Fixed potential crash in command line tools gig2stereo, korg2gig, korgdump and sf2extract. + - Fixed CVE-2017-12950, CVE-2017-12952, CVE-2017-12953 + (original patch by Paul Brossier, slightly modified). * src/gig.cpp, src/gig.h: - fixed bug in Script::SetGroup: the script chunk wasn't moved @@ -40,6 +42,14 @@ textual format specifiers like with printf(). - On unknown leverage controller exception: show precise unknown leverage controller number found. + - Ignore invalid leverage controller types and just show a warning on the + console instead of throwing an exception. + - Added new struct eg_opt_t and new class member variable + DimensionRegion::EG1Options and DimensionRegion::EG2Options as an + extension to the gig file format, which allows to override the default + behavior of the first two EGs' state machines. + - Fixed undefined behavior when loading a gig file with invalid + velocity curve parameters (fixes CVE-2017-12951). * src/DLS.cpp, src/DLS.h: - Sample: wave pool offsets are now 64 bits (to allow support for files @@ -82,6 +92,8 @@ representations like "yes", "no", "true", "false" as expected. - Exception class now has a variadic constructor which allows to add textual format specifiers like with printf(). + - DataType fix: Retain backward compatibility to older versions of native + C++ classes/structs. * src/tools/akaidump.cpp, src/tools/akaiextract.cpp: - improved output of non-ascii characters in usage messages @@ -103,6 +115,7 @@ rebuilding the gig file's global checksum table (i.e. in case the file's checksum table was damaged) - print samples' CRC32 checksums + - Print the new EG behavior options (eg_opt_t). * src/tools/gigextract.cpp: - Fix: if sample name contains a path separator (slash or backslash) then