aniani/icecast-server
1
0
Fork 0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2025-05-18 00:58:26 -04:00
Code
icecast-server/src
History
Thomas B. "dm8tbr" Ruecker 53e6ee7abb SECURITY FIX - Override supplementary groups 
In case of <changeowner> only UID and GID were changed, 
supplementary groups were left in place.
This is a potential security issue only if <changeowner> is used.
New behaviour is to set UID, GID and set supplementary groups 
based on the UID
Even in case of icecast remaining in supplementary group 0 
this "only" gives it things like access to files that are owned 
by group 0 and according to their umask. This is obviously bad,
but not as bad as UID 0 with all its other special rights.
It's a security issue and we fix immediately and recommend users to update.

PS: Cherry picking this should be fine by distros for fixing older releases.

svn path=/icecast/trunk/icecast/; revision=19137
2014-05-06 04:53:24 +00:00
..
avl
Replaced usage of sprintf() with snprintf(). Also exported size of key printer's buffer in avl/.
2013-01-16 12:02:14 +00:00
httpp
commited support for HTTP PUT, See #1812
2012-07-16 16:05:21 +00:00
log
corrected logic checking argument. Thanks to David Binderman for reporting
2013-07-04 12:31:17 +00:00
net
bug+fix reported on icecast-dev (Petr Pisar, 06/07/2009). poll implementation
2009-07-06 14:28:16 +00:00
thread
Add handlers for spinlocks if available, map to mutexes when not.
2009-01-09 03:18:03 +00:00
timing
minor cleanups.
2009-07-07 16:37:31 +00:00
admin.c
Send charset in headers for everything, excluding file-serv and streams.
2014-02-23 21:29:35 +00:00
admin.h
const updates, no functional changes
2007-08-16 22:49:13 +00:00
auth_htpasswd.c
removed \r at end of lines
2012-10-12 14:41:12 +00:00
auth_htpasswd.h
fix bug #1141
2007-08-23 16:58:18 +00:00
auth_url.c
Added support for a default mount. See #1914.
2013-04-02 18:46:44 +00:00
auth_url.h
return type was wrong, although it probably won't affect stability
2007-10-24 22:40:42 +00:00
auth.c
Added support for a default mount. See #1914.
2013-04-02 18:46:44 +00:00
auth.h
Allow source client authentication via auth handler. Here the URL handler can
2009-01-14 01:18:22 +00:00
cfgfile.c
Fix email address, my work email was fixed since.
2014-05-04 08:07:25 +00:00
cfgfile.h
Added support for a default mount. See #1914.
2013-04-02 18:46:44 +00:00
client.c
Send charset in headers for everything, excluding file-serv and streams.
2014-02-23 21:29:35 +00:00
client.h
send 100-continue-header if client requests it
2014-01-12 12:29:27 +00:00
compat.h
win32 updates. cleanup of the start and finish of the gui and service
2009-08-05 22:32:47 +00:00
configtest.c
Add Copyright notice to each source file, as requested by debian.
2004-01-29 01:02:12 +00:00
connection.c
send 100-continue-header if client requests it
2014-01-12 12:29:27 +00:00
connection.h
Allow source client authentication via auth handler. Here the URL handler can
2009-01-14 01:18:22 +00:00
event.c
merge work. mainly stats and some log message updates
2007-10-22 02:29:49 +00:00
event.h
Add Copyright notice to each source file, as requested by debian.
2004-01-29 01:02:12 +00:00
format_ebml.c
Add WebM support.
2012-06-13 21:24:23 +00:00
format_ebml.h
Clarify that only these specific files are GPLv2 or v3.
2012-05-24 18:32:06 +00:00
format_flac.c
memory leak when handling ogg flac, and make sure that moving listeners
2006-03-15 02:24:57 +00:00
format_flac.h
Add more Ogg codec handlers, there has not been that much testing on these
2005-05-07 11:01:35 +00:00
format_kate.c
Add Kate and Skeleton codecs to ogg handler. patch by ogg.k.ogg.k
2008-04-19 02:11:37 +00:00
format_kate.h
Add Kate and Skeleton codecs to ogg handler. patch by ogg.k.ogg.k
2008-04-19 02:11:37 +00:00
format_midi.c
Add more Ogg codec handlers, there has not been that much testing on these
2005-05-07 11:01:35 +00:00
format_midi.h
Add more Ogg codec handlers, there has not been that much testing on these
2005-05-07 11:01:35 +00:00
format_mp3.c
send Expires:-headers on all cache=0 requests, close #1870
2013-02-24 02:04:43 +00:00
format_mp3.h
explicitly flag up a metadata update after they have been set. Could of led to
2009-01-15 03:38:49 +00:00
format_ogg.c
fixed(?) a memory leak: lost headers of stream because of wrong ref counter in associated refbuf objects. I HATE refbuf.
2014-01-12 21:09:04 +00:00
format_ogg.h
merge extra checks. minor cleanup work
2005-08-07 14:50:59 +00:00
format_opus.c
Clarify that only these specific files are GPLv2 or v3.
2012-05-24 18:32:06 +00:00
format_opus.h
Clarify that only these specific files are GPLv2 or v3.
2012-05-24 18:32:06 +00:00
format_skeleton.c
Do not allow Skeleton from taking control over the sync marks. Karl's proposal for the Vorbis+Skeleton issue.
2008-11-23 23:31:36 +00:00
format_skeleton.h
Add Kate and Skeleton codecs to ogg handler. patch by ogg.k.ogg.k
2008-04-19 02:11:37 +00:00
format_speex.c
no functional/structural change but cleans up the annoying signed/unsigned pointer warnings
2007-10-04 16:48:38 +00:00
format_speex.h
Add more Ogg codec handlers, there has not been that much testing on these
2005-05-07 11:01:35 +00:00
format_theora.c
fix starting point problem with low bandwidth theroa streams. listener could
2008-09-09 02:18:22 +00:00
format_theora.h
merge multi ogg codec handling. Handle theora and/or vorbis. Place new
2004-12-07 21:06:26 +00:00
format_vorbis.c
explicitly flag up a metadata update after they have been set. Could of led to
2009-01-15 03:38:49 +00:00
format_vorbis.h
merge multi ogg codec handling. Handle theora and/or vorbis. Place new
2004-12-07 21:06:26 +00:00
format.c
Add warning when using generic handler for stream sent to Icecast.
2013-04-05 16:43:16 +00:00
format.h
Add David Richard's webm support patch.
2012-05-18 17:33:17 +00:00
fserve.c
Make some more vars local (static).
2012-10-10 22:48:15 +00:00
fserve.h
Allow rereading of the mime types file on xml reload. Also allow for specifying
2007-08-13 21:33:27 +00:00
global.c
Don't impose a limit on the number of listening sockets allowed in the xml
2007-10-16 01:53:06 +00:00
global.h
more sock_t cleanups, win32 should have less warnings now
2007-10-24 22:42:49 +00:00
logging.c
Throw away the reqbuf stuff as it was not well designed. Removing it and restoring usage of %H *fixes* #1942 not just workaround it with opening security holes. close #1942
2013-04-02 12:19:33 +00:00
logging.h
Handle http 302 response when a relay starts. The socket IO is isolated into a
2007-08-10 21:33:16 +00:00
main.c
SECURITY FIX - Override supplementary groups
2014-05-06 04:53:24 +00:00
Makefile.am
Add WebM support.
2012-06-13 21:24:23 +00:00
md5.c
minor cleanups
2004-11-20 02:16:59 +00:00
md5.h
minor cleanups
2004-11-20 02:16:59 +00:00
refbuf.c
fixed(?) a memory leak: lost headers of stream because of wrong ref counter in associated refbuf objects. I HATE refbuf.
2014-01-12 21:09:04 +00:00
refbuf.h
type cleanups. reduces memory usage on 64bit, no difference on 32bit. closes #780
2007-12-15 17:02:16 +00:00
sighandler.c
updated copyright notices.
2012-10-11 22:54:53 +00:00
sighandler.h
cleanup unused var schedule_config_reread.
2012-11-13 11:25:46 +00:00
slave.c
Added support for a default mount. See #1914.
2013-04-02 18:46:44 +00:00
slave.h
add optional bind setting to relays
2009-03-17 01:45:41 +00:00
source.c
Adding stream_start_iso8601, server_start_iso8601
2014-05-04 07:14:54 +00:00
source.h
race condition patch as submitted by lds and remi, slightly motified by me. closes #1810
2012-07-17 14:03:37 +00:00
stats.c
Adding stream_start_iso8601, server_start_iso8601
2014-05-04 07:14:54 +00:00
stats.h
Adding stream_start_iso8601, server_start_iso8601
2014-05-04 07:14:54 +00:00
TODO
added new lion at end of file so it does not mess up my console.
2012-07-17 14:50:44 +00:00
util.c
corrected Date:-header format to conform the standard (see RFC1123). Thanks to cato for reporting.
2013-11-06 01:01:31 +00:00
util.h
Send proper HTTP headers in responses to clients.
2012-07-17 23:55:09 +00:00
xslt.c
Send charset in headers for everything, excluding file-serv and streams.
2014-02-23 21:29:35 +00:00
xslt.h
Patch from gtgbr@gmx.net to fix (void) function prototypes, with some minor
2005-12-17 12:23:09 +00:00
yp.c
Added support for a default mount. See #1914.
2013-04-02 18:46:44 +00:00
yp.h
Patch from gtgbr@gmx.net to fix (void) function prototypes, with some minor
2005-12-17 12:23:09 +00:00