Updated NEWS for Icecast 2.3.3 and 2.4-beta.

Changed version to report as 2.3.99.0 for 2.4-beta release

svn path=/icecast/trunk/icecast/; revision=18457

NEWS

@@ -1,10 +1,55 @@
-Icecast 2.3.4
+Icecast 2.4 beta1
+-----------------------------------------------------------------------------
+Note: While WebM and Opus are production grade, there are other pending fixes.
+
 - Support for WebM video
 - Support for Opus audio in Ogg
+- Fixes for some race conditions
+- Allow (standard strftime(3)) %x codes in <dump-file>. Disabled for win32.
+- Dropped debian packaging directory as debian use their own.
 
 Icecast 2.3.3
 -----------------------------------------------------------------------------
-- Various bug fixes.
+- security fixes 
+
+ - Improved HTTPS cipher handling and added support for chained certificates.
+ - Allow the source password to be undefined. There was a corner case, where
+   a default password would have taken effect. It would require the admin to
+   remove the 'source-password' from the icecast config to take effect. 
+   Default configs ship with the password set, so this vulnerability doesn't
+   trigger there.
+ - Prevent error log injection of control characters by substituting 
+   non-alphanumeric characters with a '.' (CVE-2011-4612). 
+   Injection attempts can be identified via access.log, as that stores URL
+   encoded requests. Investigation if further logging code needs to have 
+   sanitized output is ongoing. 
+
+- Bugfixes
+  This is mostly a bug-fix release to flush out the accumulated fixes.
+
+ - On-demand relaying - Reject listeners while reconnecting. 
+    Fix stats for relays without mount section.
+ - Prevent too frequent YP updates.
+ - Only allow raw metadata updates from same IP as connected source 
+   (unless user is admin). This addresses broken client software that 
+   issues updates without being connected.
+ - Minor memory leaks
+ - XSPF file installation
+ - Fix case of global listeners count becoming out of sync.
+ - Setting an interval of 0 in mount should disable shoutcast metadata inserts.
+
+- Authentication
+  Sources can now be authenticated via URL, like listeners. Post info is: 
+  "action=stream_auth&mount=/stream&ip=IP&server=SERVER&port=8000&user=fred&pass=pass" 
+  As admin requests can come in for a stream (eg metadata update) these 
+  requests can be issued while stream is active. For these &admin=1 is added
+  to the POST details. 
+
+- XSL update
+  Automatically generate VCLT playlist like we do with M3U,
+  the mountpoint extension is .vclt 
+
+- Documentation updates. 
 
 Icecast 2.3.2
 -----------------------------------------------------------------------------

configure.in

@@ -1,4 +1,4 @@
-AC_INIT([Icecast], [trunk], [icecast@xiph.org])
+AC_INIT([Icecast], [2.3.99.0], [icecast@xiph.org])
 
 AC_PREREQ(2.54)
 AC_CONFIG_SRCDIR(src/main.c)