This is to announce the release of Icecast 2.4.1.
This is a pure bugfix-only release. Upgrading to it is recommended,
especially due to security fixes. A summary of the changes is listed
below, for details please refer to the ChangeLog.
Fixes
* Fix autogen.sh to work properly on OS X
* Removed threadpool from the example config
(it is long gone and unused)
* More detailed logging:
- Add source IP adress to source start/stop logging
- Add mountpoints to some log lines
* Fix logging to send errors to STDERR prior to opening log files
* Fix <auth> in default mounts (<mount
type="default">)
* Fix the JSON status API (status-json.xsl),
which could return invalid JSON in some cases
* SSL Security improvements:
- Disable SSLv3
- Disable SSL compression
- Updated the default ciphers to be more secure
* Handle empty strings in config file better
* Fix logging of client connection duration time on Windows
* Fix possibly broken XML on Windows
* Require Content-Type header for PUT requests
* Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR
corruption due to shared file descriptors.
* Fix JSON access by adding support for global and mount specific
custom HTTP headers
Known issues
* HTTP PUT implementation currently doesn?t support
chunked encoding yet.
* HTTP PUT with ?Expect: 100-Continue? receives first a ?100? and
soon after a ?200?, instead of the ?200? at end of transmission.
* Caution should be exercised when using <on-connect> or
<on-disconnect>, as there is a small chance of stream file
descriptors being mixed up with script file descriptors, if the
FD numbers go above 1024. This will be further addressed in the
next Icecast release.
* Don?t use comments inside <http-headers> as it will prevent
processing of further <header> tags.
* Web interface shows Login when using just stream_auth.
Change log:
http://svn.xiph.org/icecast/tags/icecast-2.4.1/ChangeLog
Source tar ball:
http://downloads.xiph.org/releases/icecast/icecast-2.4.1.tar.gz
Windows build:
http://downloads.xiph.org/releases/icecast/icecast_win32_2.4.1.zip
Soon I'll also update the OBS repositories from 2.4.0 to 2.4.1:
https://build.opensuse.org/package/show?package=icecast&project=home%3Adm8tbr
The package repositories are here:
http://download.opensuse.org/repositories/home:/dm8tbr/
While the packages don't go through extensive testing, they should work
fine, please report any issues you encounter on the icecast mailing list.
Cheers
Thomas
Hi, Quick update below. On 11/20/2014 09:20 AM, "Thomas B. R?cker" wrote:> This is to announce the release of Icecast 2.4.1. > > Fixes > [?] > * Fix on-connect and on-disconnect script STDIN/STDOUT/STDERR > corruption due to shared file descriptors.On request of the RedHat security team to the oss-security list, MITRE has assigned this issue the following identifier: CVE-2014-9018 I'd like to thank the Debian and RedHat teams for taking care of Icecast and this issue. Also I'd like to remind everyone, that 2.4.0?2.4.1 is a pure bug-fix release and a real no-brainer to upgrade, please do so. Cheers Thomas
Hi again! If you haven't updated to 2.4.1 yet, now you have even less excuses. Read below! On 11/20/2014 09:20 AM, "Thomas B. R?cker" wrote:> This is to announce the release of Icecast 2.4.1.[?]> Soon I'll also update the OBS repositories from 2.4.0 to 2.4.1: > https://build.opensuse.org/package/show?package=icecast&project=home%3Adm8tbr > The package repositories are here: > http://download.opensuse.org/repositories/home:/dm8tbr/Sadly it took me quite a while to figure out some issues introduced by our new documentation directory layout. But I finally have things working. Some people already tried out the test packages I had (where docs were still "broken") and didn't report any problems. So go ahead to the URLs above and add the matching repository to your distribution. As a bonus: Those packages should now all be built with openSSL support enabled. While the packages don't go through extensive testing, they should work fine, please report any issues you encounter to the Icecast mailing list or me directly. Cheers Thomas
"Thomas B. Rücker"
2014-Dec-26 21:35 UTC
[Icecast] [Icecast-dev] Icecast 2.4.1 release (Windows Installer)
Hi once again! Merry whatever doesn't offend you! I've taken the time to set up a clean automated build of Icecast for Windows. This is on the Open Build Service instance of the OpenSUSE folks. It is now building against a clean and up to date MinGW32 environment, maintained as part of openSUSE. This needed some fixes to our code to build properly. Erik van Pienbroek, of the Fedora project, was of invaluable help and spent some hours cleaning up our MinGW32 specific code. The last two days I've spent hours building on top of the great ground work for a new Windows installer started by our Stephan Jauernick. Utilizing the Nullsoft Installer framework we're able to create Windows installers also from our Linux build environment. I've chosen to redo the Windows release of Icecast 2.4.1, as the original one for Windows was just the provisional Zip file. Also we're not going to have a new stable release for the next couple of months, so I want our Windows users to have a nice installation experience without the need to wait long. (Spoiler: There will be a beta release during the next few days though.) Without further ado, here's the Windows installer: http://downloads.xiph.org/releases/icecast/icecast_win32_2.4.1.exe Notes: - Not usable to upgrade older versions, you MUST back up your config XML and uninstall any old versions before installing this version. If you used the Zip file 2.4.0/2.4.1 builds, please don't try to install into such a directory but delete it first, only retaining the config XML. - Will install cleanly over itself and not overwrite existing config. - Properly registers with the Windows software management infrastructure. - Start menu contains items for: starting server (console window MUST stay open), web interface and documentation. - Supports HTTPS aka "SSL" (TLSv1 and up, really), see documentation for details. Things still on my ToDo list for future releases: - Windows service installation (there is a workaround utilizing "nssm" though) - Uninstall option to purge also config and web files, currently retained to enable easy reinstallation I've done some installation and runtime testing including HTTPS and didn't notice any problems. Actually I'm listening to a stream right now over HTTPS. If there are any issues, please let me know if you run into problems. Cheers Thomas PS: The 2.4.1 zip file is now deprecated and shouldn't be used anymore! Website will update shortly.