* Improved HTTPS cipher handling and added support for chained certificates.
* Allow the source password to be undefined. There was a corner case,
where a default password would have taken effect. It would require the
admin to remove the 'source-password' from the icecast config to take
effect. Default configs ship with the password set, so this
vulnerability doesn't trigger there.
* Prevent error log injection of control characters by substituting
non-alphanumeric characters with a '.' (CVE-2011-4612). Injection
attempts can be identified via access.log, as that stores URL encoded
requests. Investigation if further logging code needs to have
sanitized output is ongoing.
Tested on amd64.
Reads fine aja@
+ add user _icecast (home directory in /var/icecast)
+ enable chroot by default
+ populate chroot with all the necessary files
ok okan@ sthen@ ajacoutot@
