CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2012/09/01 11:35:54
Modified files:
net/icecast : Makefile distinfo
net/icecast/patches: patch-Makefile_in patch-admin_Makefile_in
patch-conf_Makefile_in
patch-conf_icecast_minimal_xml_in
patch-conf_icecast_xml_in patch-configure
patch-doc_Makefile_in patch-web_Makefile_in
net/icecast/pkg: PLIST
Log message:
Update for Icecast to 2.3.3:
* Improved HTTPS cipher handling and added support for chained certificates.
* Allow the source password to be undefined. There was a corner case,
where a default password would have taken effect. It would require the
admin to remove the 'source-password' from the icecast config to take
effect. Default configs ship with the password set, so this
vulnerability doesn't trigger there.
* Prevent error log injection of control characters by substituting
non-alphanumeric characters with a '.' (CVE-2011-4612). Injection
attempts can be identified via access.log, as that stores URL encoded
requests. Investigation if further logging code needs to have
sanitized output is ongoing.
Tested on amd64.
Reads fine aja@
