cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bb3e57117a
openbsd-ports/net/icecast/patches/patch-conf_icecast_xml_in
gonzalo 31f09f54a6 Update for Icecast to 2.3.3: 
* Improved HTTPS cipher handling and added support for chained certificates.
* Allow the source password to be undefined. There was a corner case,
  where a default password would have taken effect. It would require the
  admin to remove the 'source-password' from the icecast config to take
  effect. Default configs ship with the password set, so this
  vulnerability doesn't trigger there.
* Prevent error log injection of control characters by substituting
  non-alphanumeric characters with a '.' (CVE-2011-4612). Injection
  attempts can be identified via access.log, as that stores URL encoded
  requests. Investigation if further logging code needs to have
  sanitized output is ongoing.

Tested on amd64.

Reads fine aja@
2012-09-01 17:35:54 +00:00

40 lines
1.4 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-conf_icecast_xml_in,v 1.6 2012/09/01 17:35:54 gonzalo Exp $
--- conf/icecast.xml.in.orig Mon Jun 11 13:45:19 2012
+++ conf/icecast.xml.in Mon Aug 13 13:31:38 2012
@@ -131,14 +131,14 @@
<paths>
<!-- basedir is only used if chroot is enabled -->
- <basedir>@pkgdatadir@</basedir>
+ <basedir>/var/icecast</basedir>
<!-- Note that if <chroot> is turned on below, these paths must both
be relative to the new root, not the original root -->
- <logdir>@localstatedir@/log/@PACKAGE@</logdir>
- <webroot>@pkgdatadir@/web</webroot>
- <adminroot>@pkgdatadir@/admin</adminroot>
- <!-- <pidfile>@pkgdatadir@/icecast.pid</pidfile> -->
+ <logdir>/log</logdir>
+ <webroot>/web</webroot>
+ <adminroot>/admin</adminroot>
+ <!-- <pidfile>@localstatedir@/run/icecast.pid</pidfile> -->
<!-- Aliases: treat requests for 'source' path as being for 'dest' path
May be made specific to a port or bound address using the "port"
@@ -169,12 +169,10 @@
</logging>
<security>
- <chroot>0</chroot>
- <!--
+ <chroot>1</chroot>
<changeowner>
- <user>nobody</user>
- <group>nogroup</group>
+ <user>_icecast</user>
+ <group>_icecast</group>
</changeowner>
- -->
</security>
</icecast>
Reference in New Issue View Git Blame Copy Permalink