| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: icecast | Distribution: openSUSE Leap 16.0 |
| Version: 2.4.4 | Vendor: openSUSE |
| Release: lp160.1.1 | Build date: Thu Feb 22 14:36:10 2024 |
| Group: Productivity/Networking/Web/Servers | Build host: reproducible |
| Size: 583601 | Source RPM: icecast-2.4.4-lp160.1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.icecast.org/ | |
| Summary: Audio Streaming Server | |
Icecast is a MP3 and OGG streaming server able to serve many clients with MP3 and OGG audio.
GPL-2.0-or-later
* Thu Feb 22 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
* Thu Feb 08 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Provide user/group symbol for user created during pre.
* Wed Sep 22 2021 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* icecast.service
* Fri Nov 02 2018 tiwai@suse.de
- update to version 2.4.4:
* Fix buffer overflows in URL auth code (CVE-2018-18820,
bsc#1114434)
* Worked around buffer overflows in URL auth’s cURL interface
* Do not report hashed user passworts in user list
* Fixed segfault in htpasswd auth if no filename is set
* Fixed a segfault when xsltApplyStylesheet() returns error
* Do not segfault on malformed Opus streams
* Global listener count could be negative under certain
circumstances
* Added code to announce Opus streams as such towards yp servers
* Sun Dec 17 2017 avindra@opensuse.org
- update to version 2.4.3:
* Fixes Windows only vulnerability (CVE-2005-0837), where an
attacker could access the raw XSLT template file by appending a
dot “.” to the URL. To be clear, no runtime information could be
accessed this way.
- cleanup spec file with spec-cleaner
- fix bad line endings warning in CSS file
- rebase icecast-fix-no-add-needed.patch
- replace PreReq statements with Requires(pre)
* Wed Apr 08 2015 tiwai@suse.de
- update to version 2.4.2:
Fix crash when URL Auth is used with stream_autho without
credentials (bnc#926402)
* Mon Jan 19 2015 p.drouand@gmail.com
- Remove sysvinit support as the package now build only for systems
with systemd support
- Add a backward rc compatibility symlink to systemd service file
- Only require systemd-rpm-macros to build; no need to require
entire systemd environment
- Clean up specfile
* Tue Nov 25 2014 tiwai@suse.de
- updated to version 2.4.1:
* Fixes in logging, <auth> in default mounts, JSON status API
* SSL Security improvements:
* Handle empty strings in config file better
* Require Content-Type header for PUT requests
* Fix possible leak of on-connect scripts (CVE-2014-9018,bnc#906538)
More details, see http://icecast.org/news/icecast-release-2_4_1/
- Remove obsoleted patch:
icecast-2.4.0-produce-valid-json.patch
- Change doc subpackage to noarch
- Spec file cleanup
* Sat Nov 22 2014 fisiu@opensuse.org
- Add icecast-mp3-frame-validation.patch: validate mp3 frame.
* Fri Nov 14 2014 fisiu@opensuse.org
- Add icecast-2.4.0-produce-valid-json.patch: produce valid json status,
fix boo#905468.
* Sun Nov 09 2014 Led <ledest@gmail.com>
- fix bashisms in pre script
* Tue May 20 2014 mail@davykager.nl
- Update to version 2.4.0:
* Support for WebM video
* Support for Opus audio in Ogg
* Fixes for some race conditions
* Allow (standard strftime(3)) %x codes in <dump-file>. Disabled for win32.
* Dropped debian packaging directory as debian use their own.
- Disable Gentoo patches because they have no effect on the OBS builds.
icecast-2.3.3-libkate.patch (has no effect on automated builds)
icecast-2.3.3-fix-xiph_openssl.patch (spec file guarantees openssl exists)
- Rebase icecast-fix-no-add-needed.patch for version 2.4.0.
* Tue Feb 11 2014 tiwai@suse.de
- Remove the obsoleted icecast-2.3.2-CVE-2011-4612.diff that leads
to invalid access to freed memory (bnc#862096)
* Fri Nov 29 2013 pascal.bleser@opensuse.org
- remove dependency to syslog.target in icecast.service, as it doesn't exist
any more, see bnc#852314
* Wed Jun 05 2013 pascal.bleser@opensuse.org
- update to 2.3.3:
* security:
+ Improved HTTPS cipher handling and added support for chained certificates.
+ Allow the source password to be undefined. There was a corner case, where
a default password would have taken effect. It would require the admin to
remove the 'source-password' from the icecast config to take effect. Default
configs ship with the password set, so this vulnerability doesn't trigger
there.
+ Prevent error log injection of control characters by substituting
non-alphanumeric characters with a '.' (CVE-2011-4612). Injection attempts
can be identified via access.log, as that stores URL encoded requests.
Investigation if further logging code needs to have sanitized output is
ongoing.
* bugfixes:
+ On-demand relaying - Reject listeners while reconnecting. Fix stats for
relays without mount section.
+ Prevent too frequent YP updates.
+ Only allow raw metadata updates from same IP as connected source (unless
user is admin). This addresses broken client software that issues updates
without being connected.
+ Minor memory leaks
+ XSPF file installation
+ Fix case of global listeners count becoming out of sync.
+ Setting an interval of 0 in mount should disable shoutcast metadata inserts.
* authentication:
+ Sources can now be authenticated via URL, like listeners. Post info is
"action=stream_auth&mount=/stream&ip=IP&server=SERVER&port=8000&user=fred&pass=pass"
As admin requests can come in for a stream (eg metadata update) these
requests can be issued while stream is active. For these &admin=1 is added to
the POST details.
* XSL update:
+ automatically generate VCLT playlist like we do with M3U, the mountpoint
extension is .vclt
- package updates:
* add systemd service file
* add logrotate configuration
* add Gentoo patches
* set pidfile directive in default config file to make it work with
systemd
* split out HTML documentation into -doc subpackage
* Tue Jan 22 2013 jw@suse.com
- nuked %make_install to make SLES11 SP2 happy.
* Mon Nov 19 2012 dimstar@opensuse.org
- Fix useradd invocation: -o is useless without -u and newer
versions of pwdutils/shadowutils fail on this now.
* Mon Mar 05 2012 tiwai@suse.de
- Fix VUL-1: icecast log injection (CVE-2011-4612, bnc#737255)
* Sat Oct 15 2011 coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
* Mon Aug 29 2011 crrodriguez@opensuse.org
- Fix build with --no-add-needed
- Enable SSL support.
* Wed Jun 18 2008 tiwai@suse.de
- updated to version 2.3.2:
* Character set support
* Authentication improvements
* Listening socket update
* XSL update
* Updates for stream directory handling.
* Updates for Win32.
* Accept/Ban IP support.
* A Mountpoint is exported to the slaves even if no mount
section is defined for it.
* Relays handle redirection (HTTP 302) if one is received at
startup.
* Automatically generate XSPF playlist like we do with M3U, the
mountpoint extension is .xspf
* Header updates for proxy handling and certain clients like
some shoutcast source clients and flash players.
* Added Kate/Skeleton codecs to Ogg handler.
* Various stats cleanups.
* The streamlist passed from master to slave had a limited
length
* Documentation updates.
* Relay startup/shutdown is cleaner.
* several build cleanups.
* several resource leaks and race conditions fixed
* Fri Feb 02 2007 mmarek@suse.cz
- fix build with curl-7.16
- fixed more comparison with string literals by using static char*
variables instead of #defines to string constans to detect
whether a default or malloced value is used
* Tue Dec 19 2006 tiwai@suse.de
- fix comparison of string literal in cfgfile.c (#226380).
* Wed Oct 11 2006 tiwai@suse.de
- added icecast-2.3.1_runas_icecast_user.patch:
run icecast as "icecast" user and group by default
- added init script
- added log/home dir to the fileist
- dont run suse_update_config/autoreconf seems unneeded.
(tested with the buildservice on 10.0->Factory)
- replaced manual configure call with %configure
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Mon Dec 12 2005 tiwai@suse.de
- fix the log directory of the sample xml file (#137965).
* Fri Dec 02 2005 tiwai@suse.de
- updated to version 2.3.1.
* Sat Oct 15 2005 max@suse.de
- Enabled support for ogg/speex and ogg/theora streams.
* Fri Oct 07 2005 stark@suse.de
- update to version 2.3.0
* Tue Jun 14 2005 tiwai@suse.de
- repackaged - initial version: 2.2.0.
/etc/icecast.xml /etc/logrotate.d/icecast /usr/bin/icecast /usr/lib/systemd/system/icecast.service /usr/sbin/rcicecast /usr/share/doc/packages/icecast /usr/share/doc/packages/icecast/AUTHORS /usr/share/doc/packages/icecast/COPYING /usr/share/doc/packages/icecast/ChangeLog /usr/share/doc/packages/icecast/NEWS /usr/share/doc/packages/icecast/README /usr/share/doc/packages/icecast/TODO /usr/share/icecast /usr/share/icecast/admin /usr/share/icecast/admin/listclients.xsl /usr/share/icecast/admin/listmounts.xsl /usr/share/icecast/admin/manageauth.xsl /usr/share/icecast/admin/moveclients.xsl /usr/share/icecast/admin/response.xsl /usr/share/icecast/admin/stats.xsl /usr/share/icecast/admin/updatemetadata.xsl /usr/share/icecast/admin/vclt.xsl /usr/share/icecast/admin/xspf.xsl /usr/share/icecast/web /usr/share/icecast/web/auth.xsl /usr/share/icecast/web/icecast.png /usr/share/icecast/web/key.png /usr/share/icecast/web/server_version.xsl /usr/share/icecast/web/status-json.xsl /usr/share/icecast/web/status.xsl /usr/share/icecast/web/style.css /usr/share/icecast/web/tunein.png /usr/share/icecast/web/xml2json.xslt /var/lib/icecast /var/log/icecast
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Jan 12 00:19:47 2025