Icecast 2.4.4 ----------------------------------------------------------------------------- We are releasing Icecast 2.4.4, an important bugfix-only release. We recommend upgrading for increased stability and compatibility! A summary of the changes is listed below, for details please refer to the ChangeLog ## Fixes - Fix: Fixed segfault in htpasswd auth if no filename is set - Fix: Do not report hashed user passworts in user list. - Fix two mistakes in the default config's comments - Add log message for succesful streamlist requests - Fix: update_from_master() for receiving HTTP/1.1 - Fix: Spelling, thanks to Ukikie - Fix: Fixed a segfault when xsltApplyStylesheet() returns error - Fix: Do not segfaul on bad Opus streams - Fix: Corrected response and fixed TLS for 416 Request Range Not Satisfiable responses - Fix: TLS for ICECAST_PROTOCOL_SHOUTCAST source clients and investigating the bug. - Fix: global listener count could be negative under certain circumstances Thanks a lot to Simeon Völkel (0xBD4E031CDB4043C9) for reporting and investigating the bug. - Fix: Send "Content-Length: 0" on 100-continue - Fix: Do not send 100-continue in plain text over TLS sockets - Fix: Added needed code to announce Opus streams as such to yp. - Fix: Avoid invalid locking in signal handlers. - Workaround: avoid libspeex printing warnings on Opus streams. - Fix: Fixed regression introduced by r19250. The fix checks if the source client is actually known before printing it's IP-Address. - Fix: do not allow unescaped strings in XML output. ## Known issues - HTTP PUT implementation currently doesn't support chunked encoding yet. - HTTP PUT with "Expect: 100-Continue" receives first a "100" and soon after a "200", instead of the "200" at the end of transmission. - Caution should be exercised when using `<on-connect>` or `<on-disconnect>`, as there is a small chance of stream file descriptors being mixed up with script file descriptors, if the FD numbers go above 1024. This will be further addressed in the next Icecast release. - Don't use comments inside `<http-headers>` as it will prevent processing of further `<header>` tags. - Webinterface shows Login when using just `stream_auth`.
x86 stable
amd64 stable
ppc64 stable
ppc stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ff3af5be94d2f44735a2f50c015693b8d714894 commit 9ff3af5be94d2f44735a2f50c015693b8d714894 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-11-08 09:17:48 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-11-08 09:17:48 +0000 net-misc/icecast: Security cleanup. Bug: https://bugs.gentoo.org/670148 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-misc/icecast/Manifest | 1 - net-misc/icecast/icecast-2.4.3.ebuild | 91 ----------------------------------- 2 files changed, 92 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 201811-09 at https://security.gentoo.org/glsa/201811-09 by GLSA coordinator Thomas Deutschmann (whissi).