changes:
-fixed 3 security issues:
-Improved HTTPS cipher handling and added support for chained certificates
-Allow the source password to be undefined
-Prevent error log injection of control characters by substituting
non-alphanumeric characters with a '.' (CVE-2011-4612)
-Bugfixes
-Sources can now be authenticated via URL, like listeners
-XSL update
pkgsrc change:
don't set the "chroot" flag in the installed sample config file -- this
configuration doesn't work without further work because the web server
misses its data files in the sandbox
approved by The Maintainer
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
**** New features for 2.3.0 ****
- Streaming support for ogg speex, ogg flac, ogg midi
- intro file support - per mount settable
Intro files will play when a listener first connects to a stream. This
is designed for station jingles and the like. If you don't broadcast
in ogg vorbis, you must make sure the bitrate/samplerate/number of
channels match up to your stream.
- on-demand relays, global and per-relay settable
On demand relays only connect to the relayed content when there are
listeners attached to the relay. This can save bandwidth in certain cases.
- fallback to file, extends on the intro file handling.
With this feature, you can specify a "fallback file" which will be played
in a loop and sent your currently connected listeners in the event of a
source client disconnect. This means your listeners stay connected while
you fix your disconnect problem. Same rules regarding bitrate/samplerate/
number of channels apply as with intro files.
- new mount-level settings
1. public, type/subtype, genre settings, stream description,
stream url, stream name, bitrate (override what is sent from the source
client)
2. mp3 metadata interval
3. on-[dis]connect scripts can be stated per-mount, invoked at source
start/stop and take 1 arg which is the mountpoint.
- New URL listener authenticator.
This delegates your listener authorization to an external application.
URL calls are made on listener connect/disconnect as well as source
connect/disconnect. It is meant for large broadcasters who have existing
authentication systems that need to be integrated into. Included is
an example php-based application that can be used in conjunction with
the url authenticator to manage a simple subscription-based broadcast.
- HTPasswd authenticator uses in-memory structures now.
- On demand files now can be fed through an authenticator
- Update to admin/web xslt interface
- Icecast can now be installed as a win32 service
**** Fixes for 2.3.0 ****
- real/helix works
- win32 access log correct
- stats client is stable now (curl -X STATS http://admin@host:port/)
- show mountpoints on stats that are inactive but have an active fallback
- more updates over HUP possible
- improved stability under heavy load
- moving clients will no longer sometimes deadlock the server
- avoid small writes to reduce TCP overhead.
pkg changes:
Enable theora, speex. make libxml2 dependency explicit.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
****New features for 2.2 (in no particular order):****
- Theora Video support -
Icecast now supports video streaming via theora. Currently, we require the latest
(alpha 4) version of libtheora. This is an optional compile, so if you don't
have theora then icecast will safely ignore it
- Shoutcast style source client support -
Icecast now supports the connection protocol used by the Shoutcast DSP source
client. This is the same connection protocol used by their NSV encoding tools.
This means that not only can you use the Shoutcast DSP to stream to icecast, but
that you can also stream NSV via their tools.
- AAC is added as a supported streaming format -
Not too many source clients support streaming in this format, but we support it.
- Cluster password -
Now you can specify a cluster password as a <mount> option in the config. This
will allow you to cluster multiple servers/mounts into a single listing on the
stream directory. Note that this is different than "grouping" which groups together
streams coming from the same physical IP and with the same stream name. Clusters
are meant for relays of the same stream and will only be listed *once* in the stream
directory. When a listener tunes into a cluster, they will be served an m3u file
with all the clusters for that stream.
- Playlist Log -
This is an option setting that will create an audit trail of metadata that comes through
icecast. It is a single file that contains information for all mountpoints.
- Range Support for static files -
We now support seeking in files served off the icecast fserve.
- Metadata Update via Admin -
We now support metadata updates via the admin interface for both MP3 AND Ogg Vorbis
streams.
- Per mount hidden stats and YP prevention -
You many now indicate certains mounts to be excluded (i.e. hidden) from the main
status.xsl page. This is useful when using local private relays. You can also
override the YP setting (as in disable) on a per-mount basis. Also useful for
local private relays.
- Multiple example config files -
We now have multiple config files for you to use as a base. A "simple" one for
quick-start, and a more detailed "advanced" one with all the features, as well
as a "shoutcast compatable" one, which shows how you'd config for using the
shoutcast DSP.
- Relay user/pass -
You can now specify authentication used by a relay. This is for the case where
you have listener authentication enabled for a mountpoint, and want to connect
a relay to it.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
Icecast 2.1 11/04/2004
-----------------------------------------------------------------------------
****New features for 2.1 (in no particular order):****
-Listener Authentication-
Icecast now supports listener authentication. This provides a mechanism for
creating/maintaining users and passwords for listeners. Currently, we only
have implemented a simple, file-based storage for users and passwords. New
authenticators are on the horizon (such as URL-based or possibly MySQL based)
New admin pages were also added for the maintenance of users/passwords. Please
check the docs for a more detailed description of this new feature.
-Multi-Level Fallbacks-
Multi-level fallbacks allow for specifications of a series of fallback mounts
that you could use, for instance, to set up a series of progressively lower
bitrate streams that would be cascaded through. For instance, a modem user
would connect to the highest bitrate stream, and then could be cascaded
down to a progressively lower stream until they reach a value they can
handle.
-Burst-On-Connect-
This is an new, optional config setting which will send a initial burst of
data to connecting listeners. This has the effect of reducing
(significantly) the startup buffer latency from the end-user perspective.
This option is enabled by default.
****New Enhancements for 2.1****
-Update to admin interface-
This interface has been cleaned up quite a bit and made a bit nicer.
-Rewrite of the YP listing code-
The icecast yp code has received a complete overhaul by karl, and it's a much
more stable and failure-resistant implementation.
-Lots and lots of bugs fixed-
Check the ChangeLog for a complete list of these...
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
Changes:
This patch release fixes a overflow buffer which can cause server crashes
under certain circumstances. This release contains ONLY the fix for this
issue. We are still targetting a 2.1.0 release with new features and
functionality in the near future.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.