Hi, Update for Icecast to 2.3.3:
* Improved HTTPS cipher handling and added support for chained certificates. * Allow the source password to be undefined. There was a corner case, where a default password would have taken effect. It would require the admin to remove the 'source-password' from the icecast config to take effect. Default configs ship with the password set, so this vulnerability doesn't trigger there. * Prevent error log injection of control characters by substituting non-alphanumeric characters with a '.' (CVE-2011-4612). Injection attempts can be identified via access.log, as that stores URL encoded requests. Investigation if further logging code needs to have sanitized output is ongoing. And other on webpage, tested on amd64. Ok? Comments? Cheers. -- Sending from my VCR...
Index: Makefile =================================================================== RCS file: /cvs/ports/net/icecast/Makefile,v retrieving revision 1.49 diff -u -p -r1.49 Makefile --- Makefile 28 Apr 2012 10:52:08 -0000 1.49 +++ Makefile 13 Aug 2012 16:43:10 -0000 @@ -2,8 +2,7 @@ COMMENT= server for streaming various media formats -DISTNAME= icecast-2.3.2 -REVISION= 8 +DISTNAME= icecast-2.3.3 CATEGORIES= net audio HOMEPAGE= http://www.icecast.org/ Index: distinfo =================================================================== RCS file: /cvs/ports/net/icecast/distinfo,v retrieving revision 1.11 diff -u -p -r1.11 distinfo --- distinfo 18 Nov 2008 21:22:02 -0000 1.11 +++ distinfo 13 Aug 2012 16:43:10 -0000 @@ -1,5 +1,2 @@ -MD5 (icecast-2.3.2.tar.gz) = /1FrPM0rzDHmj0YM0xYJPw== -RMD160 (icecast-2.3.2.tar.gz) = 7BRVPM5lL7gIIzFslwX0y2F5zCo= -SHA1 (icecast-2.3.2.tar.gz) = pSsTUFVIwu/yxkqrlaQtyv2hEic= -SHA256 (icecast-2.3.2.tar.gz) = R0Kzj8VbY3OJWnwKNbrtSahI/smfXoU44/AVc4PQs/A= -SIZE (icecast-2.3.2.tar.gz) = 1152319 +SHA256 (icecast-2.3.3.tar.gz) = Gx0G9fg8mpg80ozHiqkOQDj5M1EbPSDX/Sz8EWZFw20= +SIZE (icecast-2.3.3.tar.gz) = 1161774 Index: patches/patch-Makefile_in =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-Makefile_in,v retrieving revision 1.4 diff -u -p -r1.4 patch-Makefile_in --- patches/patch-Makefile_in 18 Nov 2008 21:22:02 -0000 1.4 +++ patches/patch-Makefile_in 13 Aug 2012 16:43:10 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-Makefile_in,v 1.4 2008/11/18 21:22:02 pea Exp $ ---- Makefile.in.orig Fri May 30 01:58:59 2008 -+++ Makefile.in Fri Nov 7 10:39:29 2008 -@@ -242,7 +242,7 @@ EXTRA_DIST = HACKING m4/acx_pthread.m4 m4/ogg.m4 \ +--- Makefile.in.orig Mon Jun 11 14:03:15 2012 ++++ Makefile.in Mon Aug 13 13:31:38 2012 +@@ -324,7 +324,7 @@ EXTRA_DIST = HACKING m4/acx_pthread.m4 m4/ogg.m4 \ m4/xiph_compiler.m4 m4/xiph_curl.m4 m4/xiph_net.m4 \ m4/xiph_types.m4 m4/xiph_xml2.m4 icecast.spec Index: patches/patch-admin_Makefile_in =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-admin_Makefile_in,v retrieving revision 1.2 diff -u -p -r1.2 patch-admin_Makefile_in --- patches/patch-admin_Makefile_in 18 Nov 2008 21:22:02 -0000 1.2 +++ patches/patch-admin_Makefile_in 13 Aug 2012 16:43:10 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-admin_Makefile_in,v 1.2 2008/11/18 21:22:02 pea Exp $ ---- admin/Makefile.in.orig Fri May 30 01:58:57 2008 -+++ admin/Makefile.in Fri Nov 7 10:40:00 2008 -@@ -15,7 +15,7 @@ - @SET_MAKE@ - - VPATH = @srcdir@ +--- admin/Makefile.in.orig Mon Jun 11 14:03:11 2012 ++++ admin/Makefile.in Mon Aug 13 13:34:51 2012 +@@ -33,7 +33,7 @@ am__make_dryrun = \ + esac; \ + test $$am__dry = yes; \ + } -pkgdatadir = $(datadir)/@PACKAGE@ +pkgdatadir = $(datadir)/examples/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ - am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd + pkglibdir = $(libdir)/@PACKAGE@ + pkglibexecdir = $(libexecdir)/@PACKAGE@ Index: patches/patch-conf_Makefile_in =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-conf_Makefile_in,v retrieving revision 1.4 diff -u -p -r1.4 patch-conf_Makefile_in --- patches/patch-conf_Makefile_in 18 Nov 2008 21:22:02 -0000 1.4 +++ patches/patch-conf_Makefile_in 13 Aug 2012 16:43:10 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-conf_Makefile_in,v 1.4 2008/11/18 21:22:02 pea Exp $ ---- conf/Makefile.in.orig Fri May 30 01:58:57 2008 -+++ conf/Makefile.in Fri Nov 7 10:40:48 2008 -@@ -176,7 +176,7 @@ build_vendor = @build_vendor@ +--- conf/Makefile.in.orig Mon Jun 11 14:03:11 2012 ++++ conf/Makefile.in Mon Aug 13 13:31:38 2012 +@@ -226,7 +226,7 @@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ @@ -10,11 +10,3 @@ $OpenBSD: patch-conf_Makefile_in,v 1.4 2 dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ -@@ -354,7 +354,6 @@ info-am: - - install-data-am: install-docDATA - @$(NORMAL_INSTALL) -- $(MAKE) $(AM_MAKEFLAGS) install-data-hook - - install-dvi: install-dvi-am - Index: patches/patch-conf_icecast_minimal_xml_in =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-conf_icecast_minimal_xml_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-conf_icecast_minimal_xml_in --- patches/patch-conf_icecast_minimal_xml_in 18 Nov 2008 21:22:02 -0000 1.1 +++ patches/patch-conf_icecast_minimal_xml_in 13 Aug 2012 16:43:10 -0000 @@ -1,21 +1,7 @@ $OpenBSD: patch-conf_icecast_minimal_xml_in,v 1.1 2008/11/18 21:22:02 pea Exp $ ---- conf/icecast_minimal.xml.in.orig Mon Jul 4 00:11:52 2005 -+++ conf/icecast_minimal.xml.in Fri Nov 7 13:38:36 2008 -@@ -22,9 +22,10 @@ - </listen-socket> - <fileserve>1</fileserve> - <paths> -- <logdir>@localstatedir@/log/@PACKAGE@</logdir> -- <webroot>@pkgdatadir@/web</webroot> -- <adminroot>@pkgdatadir@/admin</adminroot> -+ <basedir>/var/icecast</basedir> -+ <logdir>/log</logdir> -+ <webroot>/web</webroot> -+ <adminroot>/admin</adminroot> - <alias source="/" dest="/status.xsl"/> - </paths> - <logging> -@@ -32,4 +33,11 @@ +--- conf/icecast_minimal.xml.in.orig Mon Jun 11 13:45:19 2012 ++++ conf/icecast_minimal.xml.in Mon Aug 13 13:31:38 2012 +@@ -32,4 +32,11 @@ <errorlog>error.log</errorlog> <loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error --> </logging> Index: patches/patch-conf_icecast_xml_in =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-conf_icecast_xml_in,v retrieving revision 1.5 diff -u -p -r1.5 patch-conf_icecast_xml_in --- patches/patch-conf_icecast_xml_in 18 Nov 2008 21:22:02 -0000 1.5 +++ patches/patch-conf_icecast_xml_in 13 Aug 2012 16:43:10 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-conf_icecast_xml_in,v 1.5 2008/11/18 21:22:02 pea Exp $ ---- conf/icecast.xml.in.orig Fri Apr 4 17:14:10 2008 -+++ conf/icecast.xml.in Fri Nov 7 13:38:41 2008 -@@ -125,14 +125,14 @@ +--- conf/icecast.xml.in.orig Mon Jun 11 13:45:19 2012 ++++ conf/icecast.xml.in Mon Aug 13 13:31:38 2012 +@@ -131,14 +131,14 @@ <paths> <!-- basedir is only used if chroot is enabled --> @@ -21,7 +21,7 @@ $OpenBSD: patch-conf_icecast_xml_in,v 1. <!-- Aliases: treat requests for 'source' path as being for 'dest' path May be made specific to a port or bound address using the "port" -@@ -163,12 +163,10 @@ +@@ -169,12 +169,10 @@ </logging> <security> Index: patches/patch-configure =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-configure,v retrieving revision 1.9 diff -u -p -r1.9 patch-configure --- patches/patch-configure 18 Nov 2008 21:22:02 -0000 1.9 +++ patches/patch-configure 13 Aug 2012 16:43:10 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-configure,v 1.9 2008/11/18 21:22:02 pea Exp $ ---- configure.orig Fri Nov 7 11:02:00 2008 -+++ configure Fri Nov 7 11:02:31 2008 -@@ -24495,7 +24495,7 @@ fi +--- configure.orig Mon Jun 11 14:03:18 2012 ++++ configure Mon Aug 13 13:31:38 2012 +@@ -13910,7 +13910,7 @@ fi if test "x$openssl_prefix" != "x" -a "x$openssl_prefix" != "xyes"; then @@ -10,7 +10,7 @@ $OpenBSD: patch-configure,v 1.9 2008/11/ OPENSSL_CFLAGS="-I$openssl_prefix/include" else # Extract the first word of "pkg-config", so it can be a program name with args. -@@ -24548,7 +24548,7 @@ fi +@@ -13963,7 +13963,7 @@ fi else openssl_prefix="$prefix" fi Index: patches/patch-doc_Makefile_in =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-doc_Makefile_in,v retrieving revision 1.4 diff -u -p -r1.4 patch-doc_Makefile_in --- patches/patch-doc_Makefile_in 18 Nov 2008 21:22:03 -0000 1.4 +++ patches/patch-doc_Makefile_in 13 Aug 2012 16:43:10 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-doc_Makefile_in,v 1.4 2008/11/18 21:22:03 pea Exp $ ---- doc/Makefile.in.orig Fri May 30 01:58:57 2008 -+++ doc/Makefile.in Fri Nov 7 10:44:18 2008 -@@ -176,7 +176,7 @@ build_vendor = @build_vendor@ +--- doc/Makefile.in.orig Mon Jun 11 14:03:12 2012 ++++ doc/Makefile.in Mon Aug 13 13:31:38 2012 +@@ -226,7 +226,7 @@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ Index: patches/patch-web_Makefile_in =================================================================== RCS file: /cvs/ports/net/icecast/patches/patch-web_Makefile_in,v retrieving revision 1.2 diff -u -p -r1.2 patch-web_Makefile_in --- patches/patch-web_Makefile_in 18 Nov 2008 21:22:03 -0000 1.2 +++ patches/patch-web_Makefile_in 13 Aug 2012 16:43:10 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-web_Makefile_in,v 1.2 2008/11/18 21:22:03 pea Exp $ ---- web/Makefile.in.orig Fri May 30 01:58:59 2008 -+++ web/Makefile.in Fri Nov 7 10:42:57 2008 -@@ -15,7 +15,7 @@ - @SET_MAKE@ - - VPATH = @srcdir@ +--- web/Makefile.in.orig Mon Jun 11 14:03:14 2012 ++++ web/Makefile.in Mon Aug 13 13:35:19 2012 +@@ -33,7 +33,7 @@ am__make_dryrun = \ + esac; \ + test $$am__dry = yes; \ + } -pkgdatadir = $(datadir)/@PACKAGE@ +pkgdatadir = $(datadir)/examples/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ - am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd + pkglibdir = $(libdir)/@PACKAGE@ + pkglibexecdir = $(libexecdir)/@PACKAGE@ Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/icecast/pkg/PLIST,v retrieving revision 1.10 diff -u -p -r1.10 PLIST --- pkg/PLIST 11 Nov 2010 10:32:54 -0000 1.10 +++ pkg/PLIST 13 Aug 2012 16:43:10 -0000 @@ -44,6 +44,10 @@ share/examples/icecast/admin/stats.xsl @sample /var/icecast/admin/stats.xsl share/examples/icecast/admin/updatemetadata.xsl @sample /var/icecast/admin/updatemetadata.xsl +share/examples/icecast/admin/vclt.xsl +@sample /var/icecast/admin/vclt.xsl +share/examples/icecast/admin/xspf.xsl +@sample /var/icecast/admin/xspf.xsl @mode 600 share/examples/icecast/icecast.xml.dist @sample /var/icecast/icecast.xml
