SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for icecast-2.4.4-167.3.i586.rpm :

* Fri Nov 02 2018 tiwaiAATTsuse.de- update to version 2.4.4:
* Fix buffer overflows in URL auth code (CVE-2018-18820, bsc#1114434)
* Worked around buffer overflows in URL auth’s cURL interface
* Do not report hashed user passworts in user list
* Fixed segfault in htpasswd auth if no filename is set
* Fixed a segfault when xsltApplyStylesheet() returns error
* Do not segfault on malformed Opus streams
* Global listener count could be negative under certain circumstances
* Added code to announce Opus streams as such towards yp servers
* Sun Dec 17 2017 avindraAATTopensuse.org- update to version 2.4.3:
* Fixes Windows only vulnerability (CVE-2005-0837), where an attacker could access the raw XSLT template file by appending a dot “.” to the URL. To be clear, no runtime information could be accessed this way.- cleanup spec file with spec-cleaner- fix bad line endings warning in CSS file- rebase icecast-fix-no-add-needed.patch- replace PreReq statements with Requires(pre)
* Wed Apr 08 2015 tiwaiAATTsuse.de- update to version 2.4.2: Fix crash when URL Auth is used with stream_autho without credentials (bnc#926402)
* Mon Jan 19 2015 p.drouandAATTgmail.com- Remove sysvinit support as the package now build only for systems with systemd support- Add a backward rc compatibility symlink to systemd service file- Only require systemd-rpm-macros to build; no need to require entire systemd environment- Clean up specfile
* Tue Nov 25 2014 tiwaiAATTsuse.de- updated to version 2.4.1:
* Fixes in logging, in default mounts, JSON status API
* SSL Security improvements:
* Handle empty strings in config file better
* Require Content-Type header for PUT requests
* Fix possible leak of on-connect scripts (CVE-2014-9018,bnc#906538) More details, see http://icecast.org/news/icecast-release-2_4_1/- Remove obsoleted patch: icecast-2.4.0-produce-valid-json.patch- Change doc subpackage to noarch- Spec file cleanup
* Sat Nov 22 2014 fisiuAATTopensuse.org- Add icecast-mp3-frame-validation.patch: validate mp3 frame.
* Fri Nov 14 2014 fisiuAATTopensuse.org- Add icecast-2.4.0-produce-valid-json.patch: produce valid json status, fix boo#905468.
* Sun Nov 09 2014 Led - fix bashisms in pre script
* Tue May 20 2014 mailAATTdavykager.nl- Update to version 2.4.0:
* Support for WebM video
* Support for Opus audio in Ogg
* Fixes for some race conditions
* Allow (standard strftime(3)) %x codes in . Disabled for win32.
* Dropped debian packaging directory as debian use their own.- Disable Gentoo patches because they have no effect on the OBS builds. icecast-2.3.3-libkate.patch (has no effect on automated builds) icecast-2.3.3-fix-xiph_openssl.patch (spec file guarantees openssl exists)- Rebase icecast-fix-no-add-needed.patch for version 2.4.0.
* Tue Feb 11 2014 tiwaiAATTsuse.de- Remove the obsoleted icecast-2.3.2-CVE-2011-4612.diff that leads to invalid access to freed memory (bnc#862096)
* Fri Nov 29 2013 pascal.bleserAATTopensuse.org- remove dependency to syslog.target in icecast.service, as it doesn\'t exist any more, see bnc#852314
* Wed Jun 05 2013 pascal.bleserAATTopensuse.org- update to 2.3.3:
* security: + Improved HTTPS cipher handling and added support for chained certificates. + Allow the source password to be undefined. There was a corner case, where a default password would have taken effect. It would require the admin to remove the \'source-password\' from the icecast config to take effect. Default configs ship with the password set, so this vulnerability doesn\'t trigger there. + Prevent error log injection of control characters by substituting non-alphanumeric characters with a \'.\' (CVE-2011-4612). Injection attempts can be identified via access.log, as that stores URL encoded requests. Investigation if further logging code needs to have sanitized output is ongoing.
* bugfixes: + On-demand relaying - Reject listeners while reconnecting. Fix stats for relays without mount section. + Prevent too frequent YP updates. + Only allow raw metadata updates from same IP as connected source (unless user is admin). This addresses broken client software that issues updates without being connected. + Minor memory leaks + XSPF file installation + Fix case of global listeners count becoming out of sync. + Setting an interval of 0 in mount should disable shoutcast metadata inserts.
* authentication: + Sources can now be authenticated via URL, like listeners. Post info is \"action=stream_auth&mount=/stream&ip=IP&server=SERVER&port=8000&user=fred&pass=pass\" As admin requests can come in for a stream (eg metadata update) these requests can be issued while stream is active. For these &admin=1 is added to the POST details.
* XSL update: + automatically generate VCLT playlist like we do with M3U, the mountpoint extension is .vclt- package updates:
* add systemd service file
* add logrotate configuration
* add Gentoo patches
* set pidfile directive in default config file to make it work with systemd
* split out HTML documentation into -doc subpackage
* Tue Jan 22 2013 jwAATTsuse.com- nuked %make_install to make SLES11 SP2 happy.
* Mon Nov 19 2012 dimstarAATTopensuse.org- Fix useradd invocation: -o is useless without -u and newer versions of pwdutils/shadowutils fail on this now.
* Mon Mar 05 2012 tiwaiAATTsuse.de- Fix VUL-1: icecast log injection (CVE-2011-4612, bnc#737255)
* Sat Oct 15 2011 cooloAATTsuse.com- add libtool as buildrequire to make the spec file more reliable
* Mon Aug 29 2011 crrodriguezAATTopensuse.org- Fix build with --no-add-needed- Enable SSL support.
  
ICM