Hello community, here is the log from the commit of package icecast for openSUSE:11.4 checked in at Tue Mar 6 15:57:45 CET 2012.
-------- --- old-versions/11.4/all/icecast/icecast.changes 2008-06-18 17:18:15.000000000 +0200 +++ 11.4/icecast/icecast.changes 2012-03-05 18:07:36.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Mar 5 18:06:58 CET 2012 - ti...@suse.de + +- Fix VUL-1: icecast log injection (CVE-2011-4612, bnc#737255) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/icecast Destination is old-versions/11.4/UPDATES/all/icecast calling whatdependson for 11.4-i586 New: ---- icecast-2.3.2-CVE-2011-4612.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icecast.spec ++++++ --- /var/tmp/diff_new_pack.E2l4Lr/_old 2012-03-06 15:54:05.000000000 +0100 +++ /var/tmp/diff_new_pack.E2l4Lr/_new 2012-03-06 15:54:05.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package icecast (Version 2.3.2) +# spec file for package icecast # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,22 +15,25 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: icecast -BuildRequires: curl-devel libtheora-devel libvorbis-devel libxslt-devel speex-devel +BuildRequires: curl-devel +BuildRequires: libtheora-devel +BuildRequires: libvorbis-devel +BuildRequires: libxslt-devel +BuildRequires: speex-devel PreReq: /usr/sbin/useradd /usr/sbin/groupadd %insserv_prereq %fillup_prereq Summary: Audio Streaming Server -Version: 2.3.2 -Release: 52 +License: GPL-2.0+ Group: Productivity/Networking/Web/Servers -AutoReqProv: on -License: GPL v2 or later +Version: 2.3.2 +Release: 60.<RELEASE61> Url: http://www.icecast.org/ Source: %{name}-%{version}.tar.bz2 Source1: icecast.init Patch: icecast-2.3.1_runas_icecast_user.patch +Patch1: icecast-2.3.2-CVE-2011-4612.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -48,6 +51,7 @@ %prep %setup %patch +%patch1 -p1 %build %configure ++++++ icecast-2.3.2-CVE-2011-4612.diff ++++++ --- src/fserve.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) --- a/src/fserve.c +++ b/src/fserve.c @@ -395,6 +395,19 @@ int fserve_client_create (client_t *http int xspf_requested = 0, xspf_file_available = 1; ice_config_t *config; FILE *file; + char *filtered_path, *p; + + /* strip \r and \n from path string; it's duplicated, so it must be + * freed at return + */ + filtered_path = strdup(path); + if (!filtered_path) + return -1; + for (p = filtered_path; *p; p++) { + if (*p == '\r' || *p == '\n') + *p = '_'; + } + path = filtered_path; fullpath = util_get_path_from_normalised_uri (path); INFO2 ("checking for file %s (%s)", path, fullpath); @@ -414,6 +427,7 @@ int fserve_client_create (client_t *http WARN2 ("req for file \"%s\" %s", fullpath, strerror (errno)); client_send_404 (httpclient, "The file you requested could not be found"); free (fullpath); + free (filtered_path); return -1; } m3u_file_available = 0; @@ -462,6 +476,7 @@ int fserve_client_create (client_t *http fserve_add_client (httpclient, NULL); free (sourceuri); free (fullpath); + free (filtered_path); return 0; } if (xspf_requested && xspf_file_available == 0) @@ -475,6 +490,8 @@ int fserve_client_create (client_t *http free (reference); admin_send_response (doc, httpclient, TRANSFORMED, "xspf.xsl"); xmlFreeDoc(doc); + free (fullpath); + free (filtered_path); return 0; } @@ -486,6 +503,7 @@ int fserve_client_create (client_t *http client_send_404 (httpclient, "The file you requested could not be found"); config_release_config(); free (fullpath); + free (filtered_path); return -1; } config_release_config(); @@ -495,6 +513,7 @@ int fserve_client_create (client_t *http client_send_404 (httpclient, "The file you requested could not be found"); WARN1 ("found requested file but there is no handler for it: %s", fullpath); free (fullpath); + free (filtered_path); return -1; } @@ -504,6 +523,7 @@ int fserve_client_create (client_t *http WARN1 ("Problem accessing file \"%s\"", fullpath); client_send_404 (httpclient, "File not readable"); free (fullpath); + free (filtered_path); return -1; } free (fullpath); @@ -594,6 +614,7 @@ int fserve_client_create (client_t *http stats_event_inc (NULL, "file_connections"); fserve_add_client (httpclient, file); + free (filtered_path); return 0; @@ -603,6 +624,7 @@ fail: sock_write (httpclient->con->sock, "HTTP/1.0 416 Request Range Not Satisfiable\r\n\r\n"); client_destroy (httpclient); + free (filtered_path); return -1; } continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org