Hello community,

here is the log from the commit of package icecast for openSUSE:11.4
checked in at Tue Mar 6 15:57:45 CET 2012.



--------
--- old-versions/11.4/all/icecast/icecast.changes       2008-06-18 
17:18:15.000000000 +0200
+++ 11.4/icecast/icecast.changes        2012-03-05 18:07:36.000000000 +0100
@@ -1,0 +2,5 @@
+Mon Mar  5 18:06:58 CET 2012 - ti...@suse.de
+
+- Fix VUL-1: icecast log injection (CVE-2011-4612, bnc#737255)
+
+-------------------------------------------------------------------

Package does not exist at destination yet. Using Fallback 
old-versions/11.4/all/icecast
Destination is old-versions/11.4/UPDATES/all/icecast
calling whatdependson for 11.4-i586


New:
----
  icecast-2.3.2-CVE-2011-4612.diff

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ icecast.spec ++++++
--- /var/tmp/diff_new_pack.E2l4Lr/_old  2012-03-06 15:54:05.000000000 +0100
+++ /var/tmp/diff_new_pack.E2l4Lr/_new  2012-03-06 15:54:05.000000000 +0100
@@ -1,7 +1,7 @@
 #
-# spec file for package icecast (Version 2.3.2)
+# spec file for package icecast
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,22 +15,25 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
 
 
 Name:           icecast
-BuildRequires:  curl-devel libtheora-devel libvorbis-devel libxslt-devel 
speex-devel
+BuildRequires:  curl-devel
+BuildRequires:  libtheora-devel
+BuildRequires:  libvorbis-devel
+BuildRequires:  libxslt-devel
+BuildRequires:  speex-devel
 PreReq:         /usr/sbin/useradd /usr/sbin/groupadd %insserv_prereq 
%fillup_prereq
 Summary:        Audio Streaming Server
-Version:        2.3.2
-Release:        52
+License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Servers
-AutoReqProv:    on
-License:        GPL v2 or later
+Version:        2.3.2
+Release:        60.<RELEASE61>
 Url:            http://www.icecast.org/
 Source:         %{name}-%{version}.tar.bz2
 Source1:        icecast.init
 Patch:          icecast-2.3.1_runas_icecast_user.patch
+Patch1:         icecast-2.3.2-CVE-2011-4612.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -48,6 +51,7 @@
 %prep
 %setup
 %patch
+%patch1 -p1
 
 %build
 %configure

++++++ icecast-2.3.2-CVE-2011-4612.diff ++++++
---
 src/fserve.c |   22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

--- a/src/fserve.c
+++ b/src/fserve.c
@@ -395,6 +395,19 @@ int fserve_client_create (client_t *http
     int xspf_requested = 0, xspf_file_available = 1;
     ice_config_t *config;
     FILE *file;
+    char *filtered_path, *p;
+
+    /* strip \r and \n from path string; it's duplicated, so it must be
+     * freed at return
+     */
+    filtered_path = strdup(path);
+    if (!filtered_path)
+       return -1;
+    for (p = filtered_path; *p; p++) {
+        if (*p == '\r' || *p == '\n')
+           *p = '_';
+    }
+    path = filtered_path;
 
     fullpath = util_get_path_from_normalised_uri (path);
     INFO2 ("checking for file %s (%s)", path, fullpath);
@@ -414,6 +427,7 @@ int fserve_client_create (client_t *http
             WARN2 ("req for file \"%s\" %s", fullpath, strerror (errno));
             client_send_404 (httpclient, "The file you requested could not be 
found");
             free (fullpath);
+           free (filtered_path);
             return -1;
         }
         m3u_file_available = 0;
@@ -462,6 +476,7 @@ int fserve_client_create (client_t *http
         fserve_add_client (httpclient, NULL);
         free (sourceuri);
         free (fullpath);
+       free (filtered_path);
         return 0;
     }
     if (xspf_requested && xspf_file_available == 0)
@@ -475,6 +490,8 @@ int fserve_client_create (client_t *http
         free (reference);
         admin_send_response (doc, httpclient, TRANSFORMED, "xspf.xsl");
         xmlFreeDoc(doc);
+        free (fullpath);
+       free (filtered_path);
         return 0;
     }
 
@@ -486,6 +503,7 @@ int fserve_client_create (client_t *http
         client_send_404 (httpclient, "The file you requested could not be 
found");
         config_release_config();
         free (fullpath);
+       free (filtered_path);
         return -1;
     }
     config_release_config();
@@ -495,6 +513,7 @@ int fserve_client_create (client_t *http
         client_send_404 (httpclient, "The file you requested could not be 
found");
         WARN1 ("found requested file but there is no handler for it: %s", 
fullpath);
         free (fullpath);
+       free (filtered_path);
         return -1;
     }
 
@@ -504,6 +523,7 @@ int fserve_client_create (client_t *http
         WARN1 ("Problem accessing file \"%s\"", fullpath);
         client_send_404 (httpclient, "File not readable");
         free (fullpath);
+       free (filtered_path);
         return -1;
     }
     free (fullpath);
@@ -594,6 +614,7 @@ int fserve_client_create (client_t *http
 
     stats_event_inc (NULL, "file_connections");
     fserve_add_client (httpclient, file);
+    free (filtered_path);
 
     return 0;
 
@@ -603,6 +624,7 @@ fail:
     sock_write (httpclient->con->sock, 
             "HTTP/1.0 416 Request Range Not Satisfiable\r\n\r\n");
     client_destroy (httpclient);
+    free (filtered_path);
     return -1;
 }
 
continue with "q"...



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to