SECURITY update to icecast-2.4.4

Fixes for CVE-2018-18820 (buffer overflows in URL auth code) and other bugs. While here, address a compiler warning in md5.c. Reported by Aham Brahmasmi, ok kn@
2018-11-20 17:32:36 +00:00 · 2018-11-20 17:32:36 +00:00 · d961b2ef50
commit d961b2ef50
parent b086632fa8
9 changed files with 49 additions and 29 deletions
--- a/net/icecast/Makefile
+++ b/net/icecast/Makefile
@ -1,10 +1,9 @@
-# $OpenBSD: Makefile,v 1.64 2018/09/05 08:58:04 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.65 2018/11/20 17:32:36 jca Exp $

 COMMENT=	server for streaming various media formats
 CATEGORIES=	net audio

-DISTNAME=	icecast-2.4.3
-REVISION=	4
+DISTNAME=	icecast-2.4.4

 HOMEPAGE=	https://icecast.org/

--- a/net/icecast/distinfo
+++ b/net/icecast/distinfo
@ -1,2 +1,2 @@
-SHA256 (icecast-2.4.3.tar.gz) = yFykjHZdYQB1c+4UBqeXrmyzH7WWGkLn8ch620XdxZI=
-SIZE (icecast-2.4.3.tar.gz) = 2393358
+SHA256 (icecast-2.4.4.tar.gz) = SbWXn59hQUC2o4BGFUID7ighjY/FSYiFlqaDrWBOTUQ=
+SIZE (icecast-2.4.4.tar.gz) = 2360592
--- a/net/icecast/patches/patch-Makefile_in
+++ b/net/icecast/patches/patch-Makefile_in
@ -1,7 +1,8 @@
-$OpenBSD: patch-Makefile_in,v 1.8 2017/02/07 01:39:59 gonzalo Exp $
--- Makefile.in.orig	Mon Jan  4 18:07:07 2016
-+++ Makefile.in	Tue Jan 31 09:32:54 2017
-@@ -401,7 +401,7 @@ EXTRA_DIST = HACKING m4/acx_pthread.m4 m4/ogg.m4 \
+$OpenBSD: patch-Makefile_in,v 1.9 2018/11/20 17:32:36 jca Exp $
+Index: Makefile.in
+--- Makefile.in.orig
+++ Makefile.in
+@@ -404,7 +404,7 @@ EXTRA_DIST = HACKING m4/acx_pthread.m4 m4/ogg.m4 \
     m4/xiph_compiler.m4 m4/xiph_curl.m4 m4/xiph_net.m4 \
     m4/xiph_types.m4 m4/xiph_xml2.m4
 
--- a/net/icecast/patches/patch-conf_Makefile_in
+++ b/net/icecast/patches/patch-conf_Makefile_in
@ -1,7 +1,8 @@
-$OpenBSD: patch-conf_Makefile_in,v 1.8 2017/02/07 01:39:59 gonzalo Exp $
--- conf/Makefile.in.orig	Mon Jan  4 18:07:07 2016
-+++ conf/Makefile.in	Tue Jan 31 09:32:55 2017
-@@ -278,7 +278,7 @@ build_vendor = @build_vendor@
+$OpenBSD: patch-conf_Makefile_in,v 1.9 2018/11/20 17:32:36 jca Exp $
+Index: conf/Makefile.in
+--- conf/Makefile.in.orig
+++ conf/Makefile.in
+@@ -281,7 +281,7 @@ build_vendor = @build_vendor@
 builddir = @builddir@
 datadir = @datadir@
 datarootdir = @datarootdir@
@ -10,7 +11,7 @@ $OpenBSD: patch-conf_Makefile_in,v 1.8 2017/02/07 01:39:59 gonzalo Exp $
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
 host = @host@
-@@ -474,7 +474,6 @@ info-am:
+@@ -480,7 +480,6 @@ info-am:
 
 install-data-am: install-docDATA
 	@$(NORMAL_INSTALL)
--- a/net/icecast/patches/patch-conf_icecast_xml_in
+++ b/net/icecast/patches/patch-conf_icecast_xml_in
@ -1,8 +1,9 @@
-$OpenBSD: patch-conf_icecast_xml_in,v 1.8 2015/01/19 09:14:32 dcoppa Exp $
--- conf/icecast.xml.in.orig	Tue Nov 18 00:48:48 2014
-+++ conf/icecast.xml.in	Sun Jan  4 17:06:40 2015
+$OpenBSD: patch-conf_icecast_xml_in,v 1.9 2018/11/20 17:32:36 jca Exp $
+Index: conf/icecast.xml.in
+--- conf/icecast.xml.in.orig
+++ conf/icecast.xml.in
@@ -66,7 +66,7 @@
-     <!-- You may have multiple <listener> elements -->
+     <!-- You may have multiple <listen-socket> elements -->
     <listen-socket>
         <port>8000</port>
 -        <!-- <bind-address>127.0.0.1</bind-address> -->
--- a/net/icecast/patches/patch-configure
+++ b/net/icecast/patches/patch-configure
@ -1,7 +1,8 @@
-$OpenBSD: patch-configure,v 1.13 2017/02/07 01:39:59 gonzalo Exp $
--- configure.orig	Mon Jan  4 18:07:10 2016
-+++ configure	Tue Jan 31 09:32:55 2017
-@@ -14137,7 +14137,7 @@ fi
+$OpenBSD: patch-configure,v 1.14 2018/11/20 17:32:36 jca Exp $
+Index: configure
+--- configure.orig
+++ configure
+@@ -14634,7 +14634,7 @@ fi
 
 
 if test "x$openssl_prefix" != "x" -a "x$openssl_prefix" != "xyes"; then
@ -10,7 +11,7 @@ $OpenBSD: patch-configure,v 1.13 2017/02/07 01:39:59 gonzalo Exp $
     OPENSSL_CFLAGS="-I$openssl_prefix/include"
 else
     # Extract the first word of "pkg-config", so it can be a program name with args.
-@@ -14190,7 +14190,7 @@ fi
+@@ -14687,7 +14687,7 @@ fi
         else
             openssl_prefix="$prefix"
         fi
--- a/net/icecast/patches/patch-doc_Makefile_in
+++ b/net/icecast/patches/patch-doc_Makefile_in
@ -1,7 +1,8 @@
-$OpenBSD: patch-doc_Makefile_in,v 1.8 2017/02/07 01:39:59 gonzalo Exp $
--- doc/Makefile.in.orig	Mon Jan  4 18:07:08 2016
-+++ doc/Makefile.in	Tue Jan 31 09:32:55 2017
-@@ -338,7 +338,7 @@ build_vendor = @build_vendor@
+$OpenBSD: patch-doc_Makefile_in,v 1.9 2018/11/20 17:32:36 jca Exp $
+Index: doc/Makefile.in
+--- doc/Makefile.in.orig
+++ doc/Makefile.in
+@@ -341,7 +341,7 @@ build_vendor = @build_vendor@
 builddir = @builddir@
 datadir = @datadir@
 datarootdir = @datarootdir@
--- a/net/icecast/patches/patch-src_md5_c
+++ b/net/icecast/patches/patch-src_md5_c
@ -0,0 +1,16 @@
+$OpenBSD: patch-src_md5_c,v 1.1 2018/11/20 17:32:36 jca Exp $
+
+Fix memset size param.
+
+Index: src/md5.c
+--- src/md5.c.orig
+++ src/md5.c
+@@ -174,7 +174,7 @@ void MD5Final(unsigned char digest[HASH_LEN], struct M
+     MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+     byteReverse((unsigned char *) ctx->buf, 4);
+     memcpy(digest, ctx->buf, HASH_LEN);
+-    memset(ctx, 0, sizeof(ctx));
+    memset(ctx, 0, sizeof(*ctx));
+ 	/* In case it's sensitive */
+ }
+ 
--- a/net/icecast/pkg/PLIST
+++ b/net/icecast/pkg/PLIST
@ -1,6 +1,7 @@
-@comment $OpenBSD: PLIST,v 1.14 2018/09/04 12:53:16 espie Exp $
+@comment $OpenBSD: PLIST,v 1.15 2018/11/20 17:32:36 jca Exp $
@newgroup _icecast:611
@newuser _icecast:611:_icecast:daemon:Icecast Server:/var/empty:/sbin/nologin
+@rcscript ${RCDIR}/icecast
@bin bin/icecast
 share/doc/icecast/
 share/doc/icecast/AUTHORS
@ -96,4 +97,3 @@ share/examples/icecast/web/tunein.png
@sample /var/icecast/etc/
 share/examples/icecast/web/xml2json.xslt
@sample /var/icecast/web/xml2json.xslt
-@rcscript ${RCDIR}/icecast