Date: Tue, 17 Apr 2001 16:46:55 -0700 (PDT) From: zach@pabst.bendnet.com To: FreeBSD-gnats-submit@freebsd.org Subject: ports/26656: Update port: audio/icecast new version, new maintainer Message-ID: <200104172346.QAA55713@pabst.bendnet.com>
next in thread | raw e-mail | index | archive | help
>Number: 26656 >Category: ports >Synopsis: Update port: audio/icecast new version, new maintainer >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Apr 17 16:50:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Zach Zurflu >Release: FreeBSD 3.5-STABLE i386 >Organization: >Environment: >Description: Update audio/icecast port to version 1.3.10 to fix big security problems. I have permission from the old maintainer to assume maintainership of the icecast port. >How-To-Repeat: >Fix: diff -urN icecast/Makefile.orig icecast/Makefile --- icecast/Makefile.orig Tue Apr 17 16:15:37 2001 +++ icecast/Makefile Tue Apr 17 16:39:58 2001 @@ -6,14 +6,12 @@ # PORTNAME= icecast -PORTVERSION= 1.3.7 -PORTREVISION= 1 +PORTVERSION= 1.3.10 +PORTREVISION= 0 CATEGORIES= audio net MASTER_SITES= http://www.icecast.org/releases/ -MAINTAINER= chip@eboai.org - -FORBIDDEN= "Nope, still insecure..lots of tasty buffer overflows" +MAINTAINER= zach@pabst.bendnet.com HAS_CONFIGURE= yes CONFIGURE_ARGS=--with-libwrap diff -urN icecast/distinfo.orig icecast/distinfo --- icecast/distinfo.orig Tue Sep 5 01:47:45 2000 +++ icecast/distinfo Tue Apr 17 16:41:45 2001 @@ -1 +1 @@ -MD5 (icecast-1.3.7.tar.gz) = 74f78ca33bea3cfd562530bc90d0d214 +MD5 (icecast-1.3.10.tar.gz) = e76e54daf1ad7335b4905e89e387d747 diff -urN icecast/files/patch-aa.orig icecast/files/patch-aa --- icecast/files/patch-aa.orig Sun Mar 11 07:21:52 2001 +++ icecast/files/patch-aa Tue Apr 17 16:39:58 2001 @@ -1,67 +0,0 @@ ---- src/http.c.orig Wed Jul 5 10:41:27 2000 -+++ src/http.c Sat Mar 10 23:03:45 2001 -@@ -710,7 +710,7 @@ - if (fd < 0) - sock_write (clicon->sock, "%s", out); - else -- fd_write (fd, out); -+ fd_write (fd, "%s", out); - - return 1; - } else { ---- src/utility.c.orig Wed Jul 5 12:52:40 2000 -+++ src/utility.c Sat Mar 10 23:01:37 2001 -@@ -162,7 +162,7 @@ - - if (!param) { - fd_write (info.statsfile, -- buf); -+ "%s", buf); - flags2string (admin, NULL); - fd_write (info.statsfile, "\n"); - } else { -@@ -198,7 +198,7 @@ - nice_time (get_time () - con->connect_time, timebuf), type); - - if (!param) -- fd_write (info.statsfile, buf); -+ fd_write (info.statsfile, "%s", buf); - else - sock_write (*sock, "%s", buf); - } -@@ -223,7 +223,7 @@ - source->num_clients); - - if (!param) -- fd_write (info.statsfile, buf); -+ fd_write (info.statsfile, "%s", buf); - else - sock_write (*sock, "%s", buf); - } -@@ -257,7 +257,7 @@ - } - - if (!param) -- fd_write (info.statsfile, buf); -+ fd_write (info.statsfile, "%s", buf); - else - sock_write (*sock, "%s", buf); - -@@ -267,7 +267,7 @@ - source->audiocast.mount, source->audiocast.description, source->audiocast.public); - - if (!param) -- fd_write (info.statsfile, buf); -+ fd_write (info.statsfile, "%s", buf); - else - sock_write (*sock, "%s", buf); - -@@ -330,7 +330,7 @@ - get_user_agent (con), client->type == listener_e ? "listener" : "relay"); - - if (!param) -- fd_write(info.statsfile, buf); -+ fd_write(info.statsfile, "%s", buf); - else - sock_write (*sock, "%s", buf); - } diff -urN icecast/pkg-install.orig icecast/pkg-install --- icecast/pkg-install.orig Sun Mar 11 07:21:52 2001 +++ icecast/pkg-install Tue Apr 17 16:39:58 2001 @@ -1,9 +0,0 @@ -#!/bin/sh - -if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then - exit 0 -fi - -/usr/bin/dialog --yesno "SECURITY NOTE: The icecast software suffered from numerous format string vulnerabilities, which allowed remote attackers to execute arbitrary code as the user running icecast. Most of these have been fixed in the FreeBSD port, but a comprehensive audit has not been conducted, and there are several remaining suspicious cases which need to be carefully checked. It is possible that further security vulnerabilities exist in this software. Do you wish to proceed with the installation of icecast anyway?" 12 70 || /usr/bin/false - - >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104172346.QAA55713>