d961b2ef50
Fixes for CVE-2018-18820 (buffer overflows in URL auth code) and other bugs. While here, address a compiler warning in md5.c. Reported by Aham Brahmasmi, ok kn@
50 lines
1.7 KiB
Plaintext
50 lines
1.7 KiB
Plaintext
$OpenBSD: patch-conf_icecast_xml_in,v 1.9 2018/11/20 17:32:36 jca Exp $
|
|
Index: conf/icecast.xml.in
|
|
--- conf/icecast.xml.in.orig
|
|
+++ conf/icecast.xml.in
|
|
@@ -66,7 +66,7 @@
|
|
<!-- You may have multiple <listen-socket> elements -->
|
|
<listen-socket>
|
|
<port>8000</port>
|
|
- <!-- <bind-address>127.0.0.1</bind-address> -->
|
|
+ <bind-address>127.0.0.1</bind-address>
|
|
<!-- <shoutcast-mount>/stream</shoutcast-mount> -->
|
|
</listen-socket>
|
|
<!--
|
|
@@ -191,14 +191,14 @@
|
|
|
|
<paths>
|
|
<!-- basedir is only used if chroot is enabled -->
|
|
- <basedir>@pkgdatadir@</basedir>
|
|
+ <basedir>/var/icecast</basedir>
|
|
|
|
<!-- Note that if <chroot> is turned on below, these paths must both
|
|
be relative to the new root, not the original root -->
|
|
- <logdir>@localstatedir@/log/@PACKAGE@</logdir>
|
|
- <webroot>@pkgdatadir@/web</webroot>
|
|
- <adminroot>@pkgdatadir@/admin</adminroot>
|
|
- <!-- <pidfile>@pkgdatadir@/icecast.pid</pidfile> -->
|
|
+ <logdir>/log</logdir>
|
|
+ <webroot>/web</webroot>
|
|
+ <adminroot>/admin</adminroot>
|
|
+ <!-- <pidfile>@localstatedir@/run/icecast.pid</pidfile> -->
|
|
|
|
<!-- Aliases: treat requests for 'source' path as being for 'dest' path
|
|
May be made specific to a port or bound address using the "port"
|
|
@@ -233,12 +233,10 @@
|
|
</logging>
|
|
|
|
<security>
|
|
- <chroot>0</chroot>
|
|
- <!--
|
|
+ <chroot>1</chroot>
|
|
<changeowner>
|
|
- <user>nobody</user>
|
|
- <group>nogroup</group>
|
|
+ <user>_icecast</user>
|
|
+ <group>_icecast</group>
|
|
</changeowner>
|
|
- -->
|
|
</security>
|
|
</icecast>
|