Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 123432

Summary: media-sound/peercast: multiple vulnerabilities
Product: Gentoo Security Reporter: Stefan Cornelius (RETIRED) <dercorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: root, sound
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: C1 [glsa] DerCorny
Package list:
Runtime testing required: ---
Attachments:
Description Flags
New v0.1215 ebuild using peercast.org source
none
v0.1216 ebuild none

Description Stefan Cornelius (RETIRED) gentoo-dev 2006-02-19 19:09:14 UTC 
First is a segfault when opening the following URL: http://localhost:7144/sadfasdf?tip=AAAA_lots_of_As
This is somewhat limited because it has to be called from localhost.

The other one is a format string issue: enable debug logging, then telnet the box and enter:
PEERCAST CONNECT
%n%n%n%n%n%n%n

Can you confirm?
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-21 11:07:07 UTC 
Adding Giles from upstream to CC.

Semi-public since fixes are in upstream SVN, a new release is on it's way. Sound herd, maybe we can switch over from binary to source here? License is now GPL, too.
Comment 2 peercast 2006-02-22 01:16:23 UTC 
Created attachment 80408 [details]
New v0.1215 ebuild using peercast.org source

This ebuild compiles/installs v0.1215 using a source tarball from peercast.org
Comment 3 Tavis Ormandy (RETIRED) gentoo-dev 2006-02-22 02:43:07 UTC 
sound herd: please comment on ebuild, and commit if appropriate.
Comment 4 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-24 10:12:18 UTC 
sound herd, any news?
Comment 5 Andrej Kacian (RETIRED) gentoo-dev 2006-02-25 04:22:44 UTC 
I've noticed some gcc error in the build, and after adding a "|| die" check to emake in the attached ebuild, I got this:

>>> emerge (1 of 1) media-sound/peercast-0.1215 to /
>>> checksums files   ;-) peercast-0.1215.ebuild
>>> checksums files   ;-) peercast-0.1212.ebuild
>>> checksums files   ;-) files/peercast.init
>>> checksums files   ;-) files/digest-peercast-0.1212
>>> checksums files   ;-) files/digest-peercast-0.1215
>>> checksums src_uri ;-) peercast-0.1215-src.tgz
>>> Unpacking source...
>>> Unpacking peercast-0.1215-src.tgz to /var/tmp/portage/peercast-0.1215/work
>>> Source unpacked.
>>> Compiling source in /var/tmp/portage/peercast-0.1215/work ...
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c main.cpp -o main.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/unix/usys.cpp -o ../../core/unix/usys.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/unix/usocket.cpp -o ../../core/unix/usocket.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/socket.cpp -o ../../core/common/socket.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/servent.cpp -o ../../core/common/servent.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/servhs.cpp -o ../../core/common/servhs.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/servmgr.cpp -o ../../core/common/servmgr.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/xml.cpp -o ../../core/common/xml.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/stream.cpp -o ../../core/common/stream.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/sys.cpp -o ../../core/common/sys.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/gnutella.cpp -o ../../core/common/gnutella.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/html.cpp -o ../../core/common/html.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/channel.cpp -o ../../core/common/channel.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/http.cpp -o ../../core/common/http.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/inifile.cpp -o ../../core/common/inifile.o
../../core/common/channel.cpp:1215:22: warning: multi-character character constant
../../core/common/channel.cpp:1350:21: warning: multi-character character constant
../../core/common/channel.cpp:1351:21: warning: multi-character character constant
../../core/common/channel.cpp:1352:21: warning: multi-character character constant
../../core/common/channel.cpp:1370:8: warning: multi-character character constant
../../core/common/channel.cpp:1371:8: warning: multi-character character constant
../../core/common/channel.cpp:1372:8: warning: multi-character character constant
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/peercast.cpp -o ../../core/common/peercast.o
gcc -I../../core -I../../core/common  -DENABLE_BINRELOC -pthread  -D__cplusplus -D_UNIX -D_REENTRANT -I../../core -I../../core/common   -fPIC -c ../../core/common/stats.cpp -o ../../core/common/stats.o
../../core/common/gnutella.cpp: In member function `void GnuPacket::initPong(Host&, bool, GnuPacket&)':
../../core/common/gnutella.cpp:89: error: no matching function for call to `MemoryStream::MemoryStream(MemoryStream&, unsigned int&)'
../../core/common/stream.h:245: note: candidates are: MemoryStream::MemoryStream(const MemoryStream&)
../../core/common/stream.h:262: note:                 MemoryStream::MemoryStream(int)
../../core/common/stream.h:255: note:                 MemoryStream::MemoryStream(void*, int)
../../core/common/stream.h:248: note:                 MemoryStream::MemoryStream()
../../core/common/gnutella.cpp:170:16: warning: multi-character character constant
make: *** [../../core/common/gnutella.o] Error 1
make: *** Waiting for unfinished jobs....

!!! ERROR: media-sound/peercast-0.1215 failed.
Call stack:
  ebuild.sh, line 1909:   Called dyn_compile
  ebuild.sh, line 956:   Called src_compile

!!! emake failed
!!! If you need support, post the topmost build error, and the call stack if relevant.

$ sudo emerge --info
Portage 2.1_pre4-r1 (default-linux/x86/2006.0, gcc-3.4.5-vanilla, glibc-2.3.6-r3, 2.6.15-gentoo-r5 i686)
=================================================================
System uname: 2.6.15-gentoo-r5 i686 Intel(R) Celeron(R) CPU 2.60GHz
Gentoo Base System version 1.12.0_pre16
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.4 [enabled]
dev-lang/python:     2.3.5, 2.4.2-r1
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -ggdb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-march=pentium4 -O2 -pipe -ggdb"
DISTDIR="/usr/gentoo/distfiles"
FEATURES="autoconfig ccache collision-protect confcache cvs digest distcc distlocks nostrip sandbox sfperms sign strict"
GENTOO_MIRRORS="http://mirror.gentoo.sk/pub http://ftp.easynet.nl/mirror/gentoo"
MAKEOPTS="-j4"
PKGDIR="/usr/gentoo/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/gentoo/portage"
PORTDIR_OVERLAY="/usr/gentoo/overlay"
SYNC="rsync://gentoo.ynet.sk/gentoo-portage"
USE="x86 X aac aalib alsa apm avi bash-completion berkdb bitmap-fonts bluetooth bzip2 cairo crypt divx4linux dvd dvdr dvdread eds emboss encode faad ffmpeg flac foomaticdb gdbm gif gpm gstreamer gtk gtk2 icecast imlib jpeg libg++ libwww mad mbox mikmod mmx moznocompose moznoirc moznomail moznoxft mp3 mpeg ncurses nls nntp nptl nptlonly nvidia ogg oggvorbis opengl openssl oss pam pdflib perl png python quicktime readline real rtc sample sdl sse sse2 ssl syslog tcpd tiff truetype truetype-fonts type1 type1-fonts udev unicode vim-with-x vorbis xml xml2 xv xvid zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux userland_GNU video_cards_nvidia video_cards_nv"
Unset:  ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 6 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-28 09:51:26 UTC 
in /core/common/gnutella.cpp, line 89: change MemoryStream data(data,len); to MemoryStream data(&data,len);

did the job here. (sorry for not supplying a patch)
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2006-03-04 08:23:32 UTC 
sound team please provide fixed ebuild
Comment 8 peercast 2006-03-04 09:18:43 UTC 
Our bad, please find the fixed source at :

http://www.peercast.org/src/peercast-0.1216-src.tgz

The ebuild source should not need changing.
Comment 9 peercast 2006-03-04 09:34:47 UTC 
Created attachment 81303 [details]
v0.1216 ebuild
Comment 10 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-07 07:38:35 UTC 
Sound herd, we need to make progress here. Upstream was so kind and made a new release and ebuild (thanks!), could you please test and commit?
Comment 11 Diego Elio Pettenò (RETIRED) gentoo-dev 2006-03-07 10:16:39 UTC 
peercast-0.1216 added to portage. I've updated LICENSE and mostly rewritten parts of the ebuild as it now builds from sources, it doesn't install in /opt anymore but rather in /usr (/usr/share/peercast for html pages and /usr/libexec for the binary, a wrapper is provided in /usr/sbin/peercast).

I've applied two patches to the sources, one allow it to build (by changing typedef of int64_t with an inclusion of stdint.h that allows to have that type defined on linux - and mostly on every unix-like system but OpenBSD), and the other to respect user CFLAGS and LDFLAGS (you know I'm quite paranoid on that :P).

Seems to work fine here, although I'd like x86 to test it from scratch, so I dropped ~x86 keyword leaving only ~amd64 (I also dropped -* now that is no more a binary).
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2006-03-07 13:21:33 UTC 
x86, amd64: please test thoroughly and mark stable if stable :)
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-09 09:42:38 UTC 
back to ebuild status, more issues have been discovered, we need an ebuild for 0.1217.

http://www.infigo.hr/in_focus/INFIGO-2006-03-01
Comment 14 Diego Elio Pettenò (RETIRED) gentoo-dev 2006-03-09 10:42:54 UTC 
Ebuild updated.
Comment 15 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-09 10:55:21 UTC 
thx flameeyes, arches please test+stable the new ebuild
Comment 16 Chris White (RETIRED) gentoo-dev 2006-03-10 18:48:20 UTC 
x86 stable.
Comment 17 Simon Stelling (RETIRED) gentoo-dev 2006-03-12 09:53:49 UTC 
amd64 stable too
Comment 18 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-03-21 05:26:39 UTC 
Thx everyone

GLSA 200603-17