aboutsummaryrefslogtreecommitdiffstats
path: root/audio/icecast
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2001-03-11 15:21:52 +0800
committerkris <kris@FreeBSD.org>2001-03-11 15:21:52 +0800
commiteb7a96729e3c6a5f1c5456fc8bb48d98a5d41564 (patch)
treef3b6ceb6db7b45570bb24c7f421ebab283c55198 /audio/icecast
parent1e12aa05eaaa4ef6e6046828b112ee505df10b75 (diff)
downloadfreebsd-ports-gnome-eb7a96729e3c6a5f1c5456fc8bb48d98a5d41564.tar.gz
freebsd-ports-gnome-eb7a96729e3c6a5f1c5456fc8bb48d98a5d41564.tar.zst
freebsd-ports-gnome-eb7a96729e3c6a5f1c5456fc8bb48d98a5d41564.zip
Fix most of the format string abuses including those which are known to
cause a security vulnerabilities. Not fixed are a number of more subtle cases which may or may not allow security violations (I don't have time to conduct a thorough audit now), and which are difficult/impossible to fix anyway without something like fmtcheck(). Document this in pkg-install and remove FORBIDDEN tag.
Diffstat (limited to 'audio/icecast')
-rw-r--r--audio/icecast/Makefile7
-rw-r--r--audio/icecast/files/patch-aa67
-rw-r--r--audio/icecast/pkg-install9
3 files changed, 82 insertions, 1 deletions
diff --git a/audio/icecast/Makefile b/audio/icecast/Makefile
index 3cf961e96b50..7b5be0cac13f 100644
--- a/audio/icecast/Makefile
+++ b/audio/icecast/Makefile
@@ -7,15 +7,20 @@
PORTNAME= icecast
PORTVERSION= 1.3.7
+PORTREVISION= 1
CATEGORIES= audio net
MASTER_SITES= http://www.icecast.org/releases/
-FORBIDDEN= "Remotely exploitable buffer overflow"
MAINTAINER= chip@eboai.org
HAS_CONFIGURE= yes
CONFIGURE_ARGS=--with-libwrap
+pre-fetch:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+ ${SH} pkg-install
+.endif
+
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/src/icecast ${PREFIX}/sbin
${MKDIR} ${PREFIX}/etc/icecast/conf
diff --git a/audio/icecast/files/patch-aa b/audio/icecast/files/patch-aa
new file mode 100644
index 000000000000..bd3c746dfc71
--- /dev/null
+++ b/audio/icecast/files/patch-aa
@@ -0,0 +1,67 @@
+--- src/http.c.orig Wed Jul 5 10:41:27 2000
++++ src/http.c Sat Mar 10 23:03:45 2001
+@@ -710,7 +710,7 @@
+ if (fd < 0)
+ sock_write (clicon->sock, "%s", out);
+ else
+- fd_write (fd, out);
++ fd_write (fd, "%s", out);
+
+ return 1;
+ } else {
+--- src/utility.c.orig Wed Jul 5 12:52:40 2000
++++ src/utility.c Sat Mar 10 23:01:37 2001
+@@ -162,7 +162,7 @@
+
+ if (!param) {
+ fd_write (info.statsfile,
+- buf);
++ "%s", buf);
+ flags2string (admin, NULL);
+ fd_write (info.statsfile, "\n");
+ } else {
+@@ -198,7 +198,7 @@
+ nice_time (get_time () - con->connect_time, timebuf), type);
+
+ if (!param)
+- fd_write (info.statsfile, buf);
++ fd_write (info.statsfile, "%s", buf);
+ else
+ sock_write (*sock, "%s", buf);
+ }
+@@ -223,7 +223,7 @@
+ source->num_clients);
+
+ if (!param)
+- fd_write (info.statsfile, buf);
++ fd_write (info.statsfile, "%s", buf);
+ else
+ sock_write (*sock, "%s", buf);
+ }
+@@ -257,7 +257,7 @@
+ }
+
+ if (!param)
+- fd_write (info.statsfile, buf);
++ fd_write (info.statsfile, "%s", buf);
+ else
+ sock_write (*sock, "%s", buf);
+
+@@ -267,7 +267,7 @@
+ source->audiocast.mount, source->audiocast.description, source->audiocast.public);
+
+ if (!param)
+- fd_write (info.statsfile, buf);
++ fd_write (info.statsfile, "%s", buf);
+ else
+ sock_write (*sock, "%s", buf);
+
+@@ -330,7 +330,7 @@
+ get_user_agent (con), client->type == listener_e ? "listener" : "relay");
+
+ if (!param)
+- fd_write(info.statsfile, buf);
++ fd_write(info.statsfile, "%s", buf);
+ else
+ sock_write (*sock, "%s", buf);
+ }
diff --git a/audio/icecast/pkg-install b/audio/icecast/pkg-install
new file mode 100644
index 000000000000..df572c129f2f
--- /dev/null
+++ b/audio/icecast/pkg-install
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$2" = "POST-INSTALL" -o -n "${PACKAGE_BUILDING}" ]; then
+ exit 0
+fi
+
+/usr/bin/dialog --yesno "SECURITY NOTE: The icecast software suffered from numerous format string vulnerabilities, which allowed remote attackers to execute arbitrary code as the user running icecast. Most of these have been fixed in the FreeBSD port, but a comprehensive audit has not been conducted, and there are several remaining suspicious cases which need to be carefully checked. It is possible that further security vulnerabilities exist in this software. Do you wish to proceed with the installation of icecast anyway?" 12 70 || /usr/bin/false
+
+