From owner-freebsd-ports Mon Feb 5 15:40:26 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BA7B437B6A3 for ; Mon, 5 Feb 2001 15:40:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f15Ne2A04368; Mon, 5 Feb 2001 15:40:02 -0800 (PST) (envelope-from gnats) Received: from pabst.bendnet.com (pabst.bendnet.com [199.2.205.10]) by hub.freebsd.org (Postfix) with ESMTP id A6A2B37B6A0 for ; Mon, 5 Feb 2001 15:39:25 -0800 (PST) Received: (from root@localhost) by pabst.bendnet.com (8.9.3/8.9.3) id PAA62183; Mon, 5 Feb 2001 15:39:20 -0800 (PST) (envelope-from zach) Message-Id: <200102052339.PAA62183@pabst.bendnet.com> Date: Mon, 5 Feb 2001 15:39:20 -0800 (PST) From: Zach Zurflu Reply-To: zach@pabst.bendnet.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/24885: Update Port: audio/icecast Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24885 >Category: ports >Synopsis: Update Port: audio/icecast >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Feb 05 15:40:02 PST 2001 >Closed-Date: >Last-Modified: >Originator: Zach Zurflu >Release: FreeBSD 3.5-STABLE i386 >Organization: >Environment: >Description: Update icecast port to current version (icecast-1.3.8beta2). Include patch to fix remotely exploitable buffer overflow described on bugtraq on Jan 21 2001 by cyrax of the packet knights crew. >How-To-Repeat: >Fix: diff -urN /usr/ports/audio/icecast/Makefile icecast/Makefile --- /usr/ports/audio/icecast/Makefile Mon Feb 5 15:04:15 2001 +++ icecast/Makefile Mon Feb 5 15:06:42 2001 @@ -6,12 +6,11 @@ # PORTNAME= icecast -PORTVERSION= 1.3.7 +PORTVERSION= 1.3.8.beta2 CATEGORIES= audio net MASTER_SITES= http://www.icecast.org/releases/ -FORBIDDEN= "Remotely exploitable buffer overflow" -MAINTAINER= chip@eboai.org +MAINTAINER= zach@pabst.bendnet.com HAS_CONFIGURE= yes CONFIGURE_ARGS=--with-libwrap diff -urN /usr/ports/audio/icecast/distinfo icecast/distinfo --- /usr/ports/audio/icecast/distinfo Tue Sep 5 01:47:45 2000 +++ icecast/distinfo Mon Feb 5 14:24:46 2001 @@ -1 +1 @@ -MD5 (icecast-1.3.7.tar.gz) = 74f78ca33bea3cfd562530bc90d0d214 +MD5 (icecast-1.3.8.beta2.tar.gz) = 640f750af1ff8d95bce949ed32a03685 diff -urN /usr/ports/audio/icecast/files/patch-aa icecast/files/patch-aa --- /usr/ports/audio/icecast/files/patch-aa Thu Jan 1 00:00:00 1970 +++ icecast/files/patch-aa Mon Feb 5 14:42:22 2001 @@ -0,0 +1,62 @@ +--- src/utility.c.orig Wed Jan 24 12:01:23 2001 ++++ src/utility.c Wed Jan 24 12:04:52 2001 +@@ -161,7 +161,7 @@ + con_host (con), nice_time (get_time () - con->connect_time, timebuf), admin->commands); + + if (!param) { +- fd_write (info.statsfile, ++ fd_write (info.statsfile, "%s", + buf); + flags2string (admin, NULL); + fd_write (info.statsfile, "\n"); +@@ -198,7 +198,7 @@ + nice_time (get_time () - con->connect_time, timebuf), type); + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + } +@@ -223,7 +223,7 @@ + source->num_clients); + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + } +@@ -257,7 +257,7 @@ + } + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + +@@ -267,7 +267,7 @@ + source->audiocast.mount, source->audiocast.description, source->audiocast.public); + + if (!param) +- fd_write (info.statsfile, buf); ++ fd_write (info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + +@@ -325,12 +325,12 @@ + + client = con->food.client; + +- sprintf (buf, "Client %ld\t[%s] connected for %s, %lu bytes transfered. %d errors. User agent: [%s]. Type: %s\r\n", ++ snprintf (buf, BUFSIZE, "Client %ld\t[%s] connected for %s, %lu bytes transfered. %d errors. User agent: [%s]. Type: %s\r\n", + con->id, con_host (con), nice_time (get_time () - con->connect_time, timebuf), client->write_bytes, client_errors (client), + get_user_agent (con), client->type == listener_e ? "listener" : "relay"); + + if (!param) +- fd_write(info.statsfile, buf); ++ fd_write(info.statsfile, "%s", buf); + else + sock_write (*sock, "%s", buf); + } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message