subset of my earlier patch so it can go into 2.4.1: disconnects stdio of <on-[dis]connect> scripts from random filehandles. closes #2087

svn path=/icecast/trunk/icecast/; revision=19313

patch to fix regression on header size with large headers introduced by support of <server-id> and <http-headers>. This should ensure we have at least space for 2kB of extra headers. Depending on function and call we may have much more space.

Please test this very carefully.
Some pointers what should be in the tests (NOT complet list):
- request to 'static' web/ and admin/ pages.
- requests to playlist generation.
- requests to streams.
- requests to admin/ manipulation functions.
- test everything with at least 8kB of extra headers, then reduce in 1kB (or 512B) steps.
- see if response is correct OR 500 is returned.
- run under valgrind or similar to see no buffer overflow or similiar will happen.
- take a cookie!

svn path=/icecast/trunk/icecast/; revision=19300

svn path=/icecast/trunk/icecast/; revision=19299

svn path=/icecast/trunk/icecast/; revision=19298

svn path=/icecast/trunk/icecast/; revision=19297

svn path=/icecast/trunk/icecast/; revision=19296

String taken from:
https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29

svn path=/icecast/trunk/icecast/; revision=19295

svn path=/icecast/trunk/icecast/; revision=19294

svn path=/icecast/trunk/icecast/; revision=19293

svn path=/icecast/trunk/icecast/; revision=19292

In case of SOURCE we are lenient and thus quite some source clients
don't send a proper content-type, especially if they only support mp3.

This was meant to be introduced in 2.4.0 already, sadly we missed it.

All source clients MUST send proper content-type after migrating to 
Icecast HTTP PUT protocol.

closes #2082

svn path=/icecast/trunk/icecast/; revision=19288

Fixed regression introduced in r18356 (CVE-2011-4612): client duration time is now correctly logged. PRIu64 MUST NOT be used with log_write_direct() as depending on platform PRIu64 may be using something not supported by __vsnprintf() of log/log.c. close #2081, see r18356

svn path=/icecast/trunk/icecast/; revision=19287

svn path=/icecast/trunk/icecast/; revision=19286

svn path=/icecast/trunk/net/; revision=19282

svn path=/icecast/trunk/httpp/; revision=19281

svn path=/icecast/trunk/icecast/; revision=19280

svn path=/icecast/trunk/icecast/; revision=19278

svn path=/icecast/trunk/icecast/; revision=19277

added warnings on empty and default values of <fileserve>, <hostname>, <location>, <admin> and <server-id>

svn path=/icecast/trunk/icecast/; revision=19276

svn path=/icecast/trunk/icecast/; revision=19271

svn path=/icecast/trunk/icecast/; revision=19270

Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885

svn path=/icecast/trunk/icecast/; revision=19269

handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963

svn path=/icecast/trunk/icecast/; revision=19268

svn path=/icecast/trunk/icecast/; revision=19267

svn path=/icecast/trunk/icecast/; revision=19266

svn path=/icecast/trunk/icecast/; revision=19265

This was taken from: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/#fnref2 (scroll up 2 lines)

I've tested this successfully against https://www.ssllabs.com/ssltest/ in combination with the patch for #2071. The only OS/Browser combination failing is: IE 6 / XP

svn path=/icecast/trunk/icecast/; revision=19264

svn path=/icecast/trunk/icecast/; revision=19263

This way we shouldn't run into problems of this type anymore.
Also it should be easier to customize this way,
if someone wants to filter differently.

svn path=/icecast/trunk/icecast/; revision=19262

svn path=/icecast/trunk/icecast/; revision=19258

LOG_{ERROR|WARN|INFO|DEBUG}() -> ICECAST_LOG_{ERROR|WARN|INFO|DEBUG}(); this is to avoid collision with LOG_INFO that is defined as part of syslog.

svn path=/icecast/trunk/icecast/; revision=19257

svn path=/icecast/trunk/icecast/; revision=19251

Add source IP adress to startup and source exit logging, see #2016
Add mountpoint to some log lines, see #1388


svn path=/icecast/trunk/icecast/; revision=19250

svn path=/icecast/trunk/icecast/; revision=19246

svn path=/icecast/trunk/icecast/; revision=19229

svn path=/icecast/trunk/icecast/; revision=19179

svn path=/icecast/trunk/icecast/; revision=19177

svn path=/icecast/trunk/icecast/; revision=19138

In case of <changeowner> only UID and GID were changed, 
supplementary groups were left in place.
This is a potential security issue only if <changeowner> is used.
New behaviour is to set UID, GID and set supplementary groups 
based on the UID
Even in case of icecast remaining in supplementary group 0 
this "only" gives it things like access to files that are owned 
by group 0 and according to their umask. This is obviously bad,
but not as bad as UID 0 with all its other special rights.
It's a security issue and we fix immediately and recommend users to update.

PS: Cherry picking this should be fine by distros for fixing older releases.

svn path=/icecast/trunk/icecast/; revision=19137

svn path=/icecast/trunk/icecast/; revision=19136