This will be the final release in the 0.8.x branch, unless 0.8.D introduces any major bug(s) that do not have workaround(s).
Changes since the last stable release, 0.8.C:
SMS: Some state that wasn't being saved in save states now is, which should fix netplay desynch problems with SMS/GG games.
Fixed a couple of remotely-exploitable(if connected to a malicious server) stack manipulation bugs in the network play code.
Fixed an incorrect object creation bug in pce/adpcm.cpp.
NES: Added a missing CPU emulator variable to save states.
PCE: Added a missing CPU emulator variable to save states.
Lynx: Fixed a bug in the cart loader code that would cause a crash if the ROM bank size was larger than the actual data available in the
file(as is the case with some homebrew programs). Thanks to "Wookie" for the patch.
Build files were regenerated using autoconf 2.64 and aclocal 1.11(previously, they were generated with autoconf 2.61 and aclocal 1.10.1).
Fixed a crashing problem when entering an invalid menu choice("0") in the cheat interface. Thanks to
tsenart for reporting the bug.
GB: The GameBoy module now respects the "filesys.disablesavegz" setting in respect to saved
Added support for "lurkers" on the network play server. Previous versions of Mednafen don't lack support for this per se, but there
would be cosmetic issues with status messages printed to the internal console.
SexyAL: Fixed a bug affecting the return value from RawCanWrite() in the ALSA driver. The returned value was typically too
small by a factor of 4. The effects of this bug included potential long periods of garbled sound
Fixed the return value from RawCanWrite() in the JACK driver. It was being clamped to a value
that was too small by a factor of 4; however, the clamp value was already excessively large in a way
that this bug would should have only been triggered if the "soundbufsize" setting was excessively large.
The effects of this bug would be similar to the ALSA RawCanWrite() bug.
The ALSA and OSS drivers will now try to set audio output to 2 channels if the source data only has 1 channel, and 16-bit signed if the
source data is 8-bit(automatic conversion is done). This is done to allow for lower period/fragment sizes, as, in ALSA's internals at least,
the minimum period sizes are expressed in bytes, not sound frames.
The ALSA and OSS drivers will now try to set lower period/fragment sizes than previous versions of Mednafen did. With default settings, for
ALSA, the new period/fragment size is 50% of what it was before, and for OSS, 25%. Also, there's a new setting to override
the SexyAL's driver's preferred period/fragment sizes, named "sound.period_time"(default value of 0: no override).
The period/fragment size is expressed in microseconds. If the new, lower fragment sizes cause problems, the setting can be changed to "2666"
to approximate the fragment size selection in previous versions of Mednafen when using ALSA output, and "5333" when using OSS output.
Added a workaround to the OSS driver for a bug in ALSA(and hence, ALSA's in-kernel OSS emulation) that could cause the emulator to run far
too fast for a short period of time if a buffer underflow occurred.
The ALSA's driver's RawCanWrite() method now(finally) uses snd_pcm_avail_update() instead of snd_pcm_delay().
This should improve performance and frameskipping behavior when the ALSA output is not routed directly to a physical device, such as the case with
PulseAudio(though PulseAudio is still not recommended :b).
Created attachment 236893 [details]
Thanks for the version bump notice. Assigning to maintainer
0.8.13 is now in portage. Thanks
"Fixed a couple of remotely-exploitable(if connected to a malicious server)
stack manipulation bugs in the network play code."
This is a security release. Security, I think the committed ebuild is okay, we just need a stabilization round (and according to a recent post to -dev I should not cc archs myself but leave that up to security).
These vulnerabilities have been assigned CVE-2010-3085.
Stabilization took place via Bug 337536. GLSA Request filed.
The network-play implementation in Mednafen before 0.8.D might allow remote
servers to execute arbitrary code via unspecified vectors, related to "stack
That version is no more in the tree. The only version is the 0.9.21
This issue was resolved and addressed in
GLSA 201311-01 at http://security.gentoo.org/glsa/glsa-201311-01.xml
by GLSA coordinator Sergey Popov (pinkbyte).