Hello community, here is the log from the commit of package icecast for openSUSE:Factory checked in at 2012-03-07 13:42:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/icecast (Old) and /work/SRC/openSUSE:Factory/.icecast.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "icecast", Maintainer is "ti...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/icecast/icecast.changes 2011-10-18 14:15:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.icecast.new/icecast.changes 2012-03-07 13:42:44.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Mar 5 18:15:03 CET 2012 - ti...@suse.de + +- Fix VUL-1: icecast log injection (CVE-2011-4612, bnc#737255) + +------------------------------------------------------------------- New: ---- icecast-2.3.2-CVE-2011-4612.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icecast.spec ++++++ --- /var/tmp/diff_new_pack.P2FCI6/_old 2012-03-07 13:42:45.000000000 +0100 +++ /var/tmp/diff_new_pack.P2FCI6/_new 2012-03-07 13:42:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package icecast # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,27 +16,27 @@ # - Name: icecast Version: 2.3.2 -Release: 62 -License: GPL-2.0+ +Release: 0 Summary: Audio Streaming Server -Url: http://www.icecast.org/ +License: GPL-2.0+ Group: Productivity/Networking/Web/Servers +Url: http://www.icecast.org/ Source: %{name}-%{version}.tar.bz2 Source1: icecast.init # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch0: icecast-2.3.1_runas_icecast_user.patch # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch1: icecast-fix-no-add-needed.patch +Patch2: icecast-2.3.2-CVE-2011-4612.diff BuildRequires: curl-devel BuildRequires: libtheora-devel +BuildRequires: libtool BuildRequires: libvorbis-devel BuildRequires: libxslt-devel -BuildRequires: libtool -BuildRequires: speex-devel BuildRequires: openssl-devel +BuildRequires: speex-devel PreReq: %fillup_prereq PreReq: %insserv_prereq PreReq: /usr/sbin/groupadd @@ -51,6 +51,7 @@ %setup -q %patch0 %patch1 +%patch2 -p1 %build autoreconf -fiv ++++++ icecast-2.3.2-CVE-2011-4612.diff ++++++ --- src/fserve.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) --- a/src/fserve.c +++ b/src/fserve.c @@ -395,6 +395,19 @@ int fserve_client_create (client_t *http int xspf_requested = 0, xspf_file_available = 1; ice_config_t *config; FILE *file; + char *filtered_path, *p; + + /* strip \r and \n from path string; it's duplicated, so it must be + * freed at return + */ + filtered_path = strdup(path); + if (!filtered_path) + return -1; + for (p = filtered_path; *p; p++) { + if (*p == '\r' || *p == '\n') + *p = '_'; + } + path = filtered_path; fullpath = util_get_path_from_normalised_uri (path); INFO2 ("checking for file %s (%s)", path, fullpath); @@ -414,6 +427,7 @@ int fserve_client_create (client_t *http WARN2 ("req for file \"%s\" %s", fullpath, strerror (errno)); client_send_404 (httpclient, "The file you requested could not be found"); free (fullpath); + free (filtered_path); return -1; } m3u_file_available = 0; @@ -462,6 +476,7 @@ int fserve_client_create (client_t *http fserve_add_client (httpclient, NULL); free (sourceuri); free (fullpath); + free (filtered_path); return 0; } if (xspf_requested && xspf_file_available == 0) @@ -475,6 +490,8 @@ int fserve_client_create (client_t *http free (reference); admin_send_response (doc, httpclient, TRANSFORMED, "xspf.xsl"); xmlFreeDoc(doc); + free (fullpath); + free (filtered_path); return 0; } @@ -486,6 +503,7 @@ int fserve_client_create (client_t *http client_send_404 (httpclient, "The file you requested could not be found"); config_release_config(); free (fullpath); + free (filtered_path); return -1; } config_release_config(); @@ -495,6 +513,7 @@ int fserve_client_create (client_t *http client_send_404 (httpclient, "The file you requested could not be found"); WARN1 ("found requested file but there is no handler for it: %s", fullpath); free (fullpath); + free (filtered_path); return -1; } @@ -504,6 +523,7 @@ int fserve_client_create (client_t *http WARN1 ("Problem accessing file \"%s\"", fullpath); client_send_404 (httpclient, "File not readable"); free (fullpath); + free (filtered_path); return -1; } free (fullpath); @@ -594,6 +614,7 @@ int fserve_client_create (client_t *http stats_event_inc (NULL, "file_connections"); fserve_add_client (httpclient, file); + free (filtered_path); return 0; @@ -603,6 +624,7 @@ fail: sock_write (httpclient->con->sock, "HTTP/1.0 416 Request Range Not Satisfiable\r\n\r\n"); client_destroy (httpclient); + free (filtered_path); return -1; } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org