Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Apr 2001 16:46:55 -0700 (PDT)
From:      zach@pabst.bendnet.com
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/26656: Update port: audio/icecast new version, new maintainer
Message-ID:  <200104172346.QAA55713@pabst.bendnet.com>
next in thread | raw e-mail | index | archive | help 

>Number:         26656
>Category:       ports
>Synopsis:       Update port: audio/icecast new version, new maintainer
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 17 16:50:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Zach Zurflu
>Release:        FreeBSD 3.5-STABLE i386
>Organization:
>Environment:

	

>Description:

        Update audio/icecast port to version 1.3.10 to fix big security
        problems. I have permission from the old maintainer to assume
        maintainership of the icecast port.

>How-To-Repeat:

	

>Fix:

diff -urN icecast/Makefile.orig icecast/Makefile
--- icecast/Makefile.orig	Tue Apr 17 16:15:37 2001
+++ icecast/Makefile	Tue Apr 17 16:39:58 2001
@@ -6,14 +6,12 @@
 #
 
 PORTNAME=	icecast
-PORTVERSION=	1.3.7
-PORTREVISION=	1
+PORTVERSION=	1.3.10
+PORTREVISION=	0
 CATEGORIES=	audio net
 MASTER_SITES=	http://www.icecast.org/releases/
 
-MAINTAINER=	chip@eboai.org
-
-FORBIDDEN=	"Nope, still insecure..lots of tasty buffer overflows"
+MAINTAINER=	zach@pabst.bendnet.com
 
 HAS_CONFIGURE=	yes
 CONFIGURE_ARGS=--with-libwrap
diff -urN icecast/distinfo.orig icecast/distinfo
--- icecast/distinfo.orig	Tue Sep  5 01:47:45 2000
+++ icecast/distinfo	Tue Apr 17 16:41:45 2001
@@ -1 +1 @@
-MD5 (icecast-1.3.7.tar.gz) = 74f78ca33bea3cfd562530bc90d0d214
+MD5 (icecast-1.3.10.tar.gz) = e76e54daf1ad7335b4905e89e387d747
diff -urN icecast/files/patch-aa.orig icecast/files/patch-aa
--- icecast/files/patch-aa.orig	Sun Mar 11 07:21:52 2001
+++ icecast/files/patch-aa	Tue Apr 17 16:39:58 2001
@@ -1,67 +0,0 @@
---- src/http.c.orig	Wed Jul  5 10:41:27 2000
-+++ src/http.c	Sat Mar 10 23:03:45 2001
-@@ -710,7 +710,7 @@
- 	  if (fd < 0)
- 		  sock_write (clicon->sock, "%s", out);
- 	  else
--		  fd_write (fd, out);
-+		  fd_write (fd, "%s", out);
- 	  
- 	  return 1;
-   } else {
---- src/utility.c.orig	Wed Jul  5 12:52:40 2000
-+++ src/utility.c	Sat Mar 10 23:01:37 2001
-@@ -162,7 +162,7 @@
- 	
- 	if (!param) {
- 		fd_write (info.statsfile, 
--			 buf);
-+			 "%s", buf);
- 		flags2string (admin, NULL);
- 		fd_write (info.statsfile, "\n");
- 	} else {
-@@ -198,7 +198,7 @@
- 		 nice_time (get_time () - con->connect_time, timebuf), type);
- 
- 	if (!param)
--		fd_write (info.statsfile, buf);
-+		fd_write (info.statsfile, "%s", buf);
- 	else
- 		sock_write (*sock, "%s", buf);
- }
-@@ -223,7 +223,7 @@
- 		 source->num_clients);
- 	
- 	if (!param)
--		fd_write (info.statsfile, buf);
-+		fd_write (info.statsfile, "%s", buf);
- 	else
- 		sock_write (*sock, "%s", buf);
- }
-@@ -257,7 +257,7 @@
- 	}
- 
- 	if (!param)
--		fd_write (info.statsfile, buf);
-+		fd_write (info.statsfile, "%s", buf);
- 	else
- 		sock_write (*sock, "%s", buf);
- 
-@@ -267,7 +267,7 @@
- 		 source->audiocast.mount, source->audiocast.description, source->audiocast.public);
- 	
- 	if (!param)
--		fd_write (info.statsfile, buf);
-+		fd_write (info.statsfile, "%s", buf);
- 	else
- 		sock_write (*sock, "%s", buf);
- 
-@@ -330,7 +330,7 @@
- 		 get_user_agent (con), client->type == listener_e ? "listener" : "relay");
- 	
- 	if (!param)
--		fd_write(info.statsfile, buf);
-+		fd_write(info.statsfile, "%s", buf);
- 	else
- 		sock_write (*sock, "%s", buf);
- }
diff -urN icecast/pkg-install.orig icecast/pkg-install
--- icecast/pkg-install.orig	Sun Mar 11 07:21:52 2001
+++ icecast/pkg-install	Tue Apr 17 16:39:58 2001
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
-  exit 0
-fi
-
-/usr/bin/dialog --yesno "SECURITY NOTE: The icecast software suffered from numerous format string vulnerabilities, which allowed remote attackers to execute arbitrary code as the user running icecast.  Most of these have been fixed in the FreeBSD port, but a comprehensive audit has not been conducted, and there are several remaining suspicious cases which need to be carefully checked.  It is possible that further security vulnerabilities exist in this software. Do you wish to proceed with the installation of icecast anyway?" 12 70 || /usr/bin/false
-
-
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104172346.QAA55713>