<li>Fixed cross-corruption of file descriptors by on-connect/on-disconnect scripts, specifically STDIN, STDOUT and STDERRR vs TCP connections.
<ul>
<li>We actually close not just 0, 1 and 2, but the first 1024 FDs, which seems common trade-off practice, but still not ideal. A more thorough fix will need platform specific logic and significant work.</li>
<li>The STDIN/OUT/ERR problem is fixed reliably, but other problems could occur if both the script and the server use FDs >1024 at the same time</li>
<li>This is now reasonably safe, but care should be exercised nevertheless. </li>
</ul>
</li>
<li>Disabled SSLv3 and SSL compression explicitly to improve security</li>
<li>Updated the default ciphers to be more secure</li>
<li>Fixed JSON status API problems
<ul>
<li>Put the XSLT last item check into every filtered tag.</li>
<li>This way we shouldn’t run into problems of this type anymore.</li>
<li>Also it should be easier to customize the XSLT this way, if someone wants to filter differently.</li>
</ul>
</li>
<li>Fixed <code><auth></code> in <code><mount type="default"></code> to work properly.</li>
<li>Fixed listener connection duration logging in access.log. Regression was introduced for only some platforms by an earlier security fix.</li>
<li>Fixed time zone reporting in _iso8601 fields on Windows.</li>
<li>added warnings on empty and default values of <code><fileserve></code>, <code><hostname></code>, <code><location></code>, <code><admin></code> and <code><server-id></code></li>
<li>send errorlog (loglevel WARN) to stderr prior to opening logfiles.</li>
<li>Fixed handling of empty strings in config file. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port.</li>
<li>Be more verbose in case of fileserve off. People disable fileserve and then wonder why the web interface CSS breaks.</li>
<li>More details in log messages
<ul>
<li>Add source IP adress to startup and source exit logging</li>
<li>Add mountpoint to some log lines</li>
</ul>
</li>
<li>Updated the config file to avoid common pitfalls and make some things more obvious.</li>
<li>Fixed some compiler warnings</li>
<li>Fixed autogen.sh to work properly on Mac OS</li>
<li>Fixed JSON access by adding support for global and mount specific custom HTTP headers.
<ul>
<li>The purpose is to fix JSON access from browsers, by supporting basic CORS use cases. This is both important for some HTML5 <code><audio></code> or <code><video></code> use cases and accessing the JSON status API.</li>
<li>The default icecast config contains the very permissive global header: <header name="Access-Control-Allow-Origin" value="*" /></li>
</ul>
</li>
</ul>
<h4id="known-issues">Known issues</h4>
<divid="v2.4.99.1"class="article">
<h3id="version-24991">Version 2.4.99.1</h3>
<!-- FIXME -->
<ul>
<li>HTTP PUT implementation currently doesn’t support chunked encoding yet.</li>
<li>HTTP PUT with “Expect: 100-Continue” receives first a “100” and soon after a “200”, instead of the “200” at the end of transmission.</li>
<li>Caution should be exercised when using <code><on-connect></code> or <code><on-disconnect></code>, as there is a small chance of stream file descriptors being mixed up with script file descriptors, if the FD numbers go above 1024. This will be further addressed in the next Icecast release.</li>
<li>Don’t use comments inside <code><http-headers></code> as it will prevent processing of further <code><header></code> tags.</li>
<li>Roles</li>
<li>Events</li>
<li>Stuff</li>
<li>Read ChangeLog for details</li>
</ul>
</div>
<divid="v2.4.0"class="article">
<h3id="version-240">Version 2.4.0</h3>
<h4id="new-features">New Features</h4>
<ul>
<li>Support for Ogg Opus streams</li>
<li>Support for WebM streams</li>
<li>HTTP 1.1 PUT support for source connections. Deprecating SOURCE method</li>
<li><em>Default mount</em><br/>
<divid="v2.4.1"class="article">
<h3id="version-241">Version 2.4.1</h3>
<h4id="fixes">Fixes</h4>
<ul>
<li>Fixed cross-corruption of file descriptors by on-connect/on-disconnect scripts, specifically STDIN, STDOUT and STDERRR vs TCP connections.
<ul>
<li>We actually close not just 0, 1 and 2, but the first 1024 FDs, which seems common trade-off practice, but still not ideal. A more thorough fix will need platform specific logic and significant work.</li>
<li>The STDIN/OUT/ERR problem is fixed reliably, but other problems could occur if both the script and the server use FDs >1024 at the same time</li>
<li>This is now reasonably safe, but care should be exercised nevertheless. </li>
</ul>
</li>
<li>Disabled SSLv3 and SSL compression explicitly to improve security</li>
<li>Updated the default ciphers to be more secure</li>
<li>Fixed JSON status API problems
<ul>
<li>Put the XSLT last item check into every filtered tag.</li>
<li>This way we shouldn’t run into problems of this type anymore.</li>
<li>Also it should be easier to customize the XSLT this way, if someone wants to filter differently.</li>
</ul>
</li>
<li>Fixed <code><auth></code> in <code><mount type="default"></code> to work properly.</li>
<li>Fixed listener connection duration logging in access.log. Regression was introduced for only some platforms by an earlier security fix.</li>
<li>Fixed time zone reporting in _iso8601 fields on Windows.</li>
<li>added warnings on empty and default values of <code><fileserve></code>, <code><hostname></code>, <code><location></code>, <code><admin></code> and <code><server-id></code></li>
<li>send errorlog (loglevel WARN) to stderr prior to opening logfiles.</li>
<li>Fixed handling of empty strings in config file. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port.</li>
<li>Be more verbose in case of fileserve off. People disable fileserve and then wonder why the web interface CSS breaks.</li>
<li>More details in log messages
<ul>
<li>Add source IP adress to startup and source exit logging</li>
<li>Add mountpoint to some log lines</li>
</ul>
</li>
<li>Updated the config file to avoid common pitfalls and make some things more obvious.</li>
<li>Fixed some compiler warnings</li>
<li>Fixed autogen.sh to work properly on Mac OS</li>
<li>Fixed JSON access by adding support for global and mount specific custom HTTP headers.
<ul>
<li>The purpose is to fix JSON access from browsers, by supporting basic CORS use cases. This is both important for some HTML5 <code><audio></code> or <code><video></code> use cases and accessing the JSON status API.</li>
<li>The default icecast config contains the very permissive global header: <header name="Access-Control-Allow-Origin" value="*" /></li>
</ul>
</li>
</ul>
<h4id="known-issues">Known issues</h4>
<ul>
<li>HTTP PUT implementation currently doesn’t support chunked encoding yet.</li>
<li>HTTP PUT with “Expect: 100-Continue” receives first a “100” and soon after a “200”, instead of the “200” at the end of transmission.</li>
<li>Caution should be exercised when using <code><on-connect></code> or <code><on-disconnect></code>, as there is a small chance of stream file descriptors being mixed up with script file descriptors, if the FD numbers go above 1024. This will be further addressed in the next Icecast release.</li>
<li>Don’t use comments inside <code><http-headers></code> as it will prevent processing of further <code><header></code> tags.</li>
</ul>
</div>
<divid="v2.4.0"class="article">
<h3id="version-240">Version 2.4.0</h3>
<h4id="new-features">New Features</h4>
<ul>
<li>Support for Ogg Opus streams</li>
<li>Support for WebM streams</li>
<li>HTTP 1.1 PUT support for source connections. Deprecating SOURCE method</li>
<li><em>Default mount</em><br/>
This allows you to define a global set of defaults for ALL mounts. This way you can use e.g. url-auth for sources and or listeners also for dynamically generated mounts.</li>
<li><em>Web interface redone</em>
<ul>
<li>Web output properly redone, credit to ePirat</li>
<li>Added <code><audio></code> element for supported audio streams</li>
<li>Now validates completely as XHTML1.0 strict</li>
<li>Also improves rendering on mobile devices</li>
</ul>
</li>
<li>Added basic JSON API (<code>/status-json.xsl</code>) based on a xml2json template by Doeke Zanstra (see <code>xml2json.xslt</code>). Output is roughly limited to data also visible through <code>status.xsl</code></li>
<li>Send charset in HTTP headers for everything, excluding file-serv and streams</li>
<li>Allow (standard strftime(3)) <code>%x</code> codes in <code><dump-file></code>. Disabled for Win32</li>
<li>Added <code>stream_start_iso8601</code>, <code>server_start_iso8601</code> to statitics. ISO8601 compliante timestamps for statistics. Should make usage in e.g. JSON much easier. Added as new variables to avoid breaking backwards compatibility</li>
<li>Now compiles for Win32 using mingw</li>
<li>Added options <code>headers</code> and <code>header_prefix</code> to URL based listener auth</li>
<li>Updated <code>listener_remove</code> handler, added <code>ip=</code> and <code>agent=</code></li>
<li>Allow full URLs to be returned by the master server</li>
</ul>
<h4id="fixes-1">Fixes</h4>
<ul>
<li><strong>Security fix</strong>: Override supplementary groups if is used</li>
<li>Fixes for some race conditions</li>
<li>Dropped debian packaging directory as debian use their own.</li>
<li>Send proper HTTP headers in responses to clients.</li>
<li>Corrected Content-Length: header in admin (raw) requests. Thanks to paluh for reporting.</li>
<li>Escape log entries in access log</li>
<li>Fixed a memory leak. Lost headers of stream because of wrong ref counter in associated refbuf objects.</li>
<li>Avoid memory leak in <code>_parse_mount()</code> when <code>type</code>-attribute is set</li>
<li>Updated web interface to be XHTML compliant.</li>
<li>Removed <code>status2.xsl</code> from release. It was only a broken example file anyway.</li>
</ul>
<h4id="known-issues-1">Known issues</h4>
<ul>
<li>Will crash if certain config tags are left empty</li>
</ul>
<li><em>Web interface redone</em>
<ul>
<li>Web output properly redone, credit to ePirat</li>
<li>Added <code><audio></code> element for supported audio streams</li>
<li>Now validates completely as XHTML1.0 strict</li>
<li>Also improves rendering on mobile devices</li>
</ul>
</li>
<li>Added basic JSON API (<code>/status-json.xsl</code>) based on a xml2json template by Doeke Zanstra (see <code>xml2json.xslt</code>). Output is roughly limited to data also visible through <code>status.xsl</code></li>
<li>Send charset in HTTP headers for everything, excluding file-serv and streams</li>
<li>Allow (standard strftime(3)) <code>%x</code> codes in <code><dump-file></code>. Disabled for Win32</li>
<li>Added <code>stream_start_iso8601</code>, <code>server_start_iso8601</code> to statitics. ISO8601 compliante timestamps for statistics. Should make usage in e.g. JSON much easier. Added as new variables to avoid breaking backwards compatibility</li>
<li>Now compiles for Win32 using mingw</li>
<li>Added options <code>headers</code> and <code>header_prefix</code> to URL based listener auth</li>
<li>Updated <code>listener_remove</code> handler, added <code>ip=</code> and <code>agent=</code></li>
<li>Allow full URLs to be returned by the master server</li>
</ul>
<h4id="fixes-1">Fixes</h4>
<ul>
<li><strong>Security fix</strong>: Override supplementary groups if is used</li>
<li>Fixes for some race conditions</li>
<li>Dropped debian packaging directory as debian use their own.</li>
<li>Send proper HTTP headers in responses to clients.</li>
<li>Corrected Content-Length: header in admin (raw) requests. Thanks to paluh for reporting.</li>
<li>Escape log entries in access log</li>
<li>Fixed a memory leak. Lost headers of stream because of wrong ref counter in associated refbuf objects.</li>
<li>Avoid memory leak in <code>_parse_mount()</code> when <code>type</code>-attribute is set</li>
<li>Updated web interface to be XHTML compliant.</li>
<li>Removed <code>status2.xsl</code> from release. It was only a broken example file anyway.</li>
</ul>
<h4id="known-issues-1">Known issues</h4>
<ul>
<li>Will crash if certain config tags are left empty</li>
<p>The following is just to show the longer approach to defining shoutcast compatability.</p>
...
...
@@ -257,8 +282,7 @@ be required and often confuses people.</p>
<dd>An optional IP address that can be used to bind to a specific network
card. If not supplied, then it will bind to all interfaces.</dd>
<dt>ssl</dt>
<dd>If set to 1 will enable HTTPS on this listen-socket. Icecast must have been compiled against openSSL to be able
to do so.</dd>
<dd>If set to 1 will enable HTTPS on this listen-socket. Icecast must have been compiled against openSSL to be able to do so.</dd>
<dt>shoutcast-mount</dt>
<dd>An optional mountpoint setting to be used when shoutcast DSP compatible clients connect. The default global setting
is <code>/stream</code> but can be overridden here to use an alternative name which may include an extension that some clients
...
...
@@ -296,7 +320,7 @@ of <code>8000</code> and it must not also be defined as <code>shoutcast-compat</
<dl>
<dt>http-headers</dt>
<dd>This element is placed anywhere inside the main section of the icecast config. It will contain <code><header></code> child elements, that specify the actual headers one by one.</dd>
<dd>This element is placed anywhere inside the main section of the Icecast config. It will contain <code><header></code> child elements, that specify the actual headers one by one.</dd>
<dt>header</dt>
<dd>This tag specifies the actual header to be sent to a HTTP client in response to every request.
This tag can contain the following attributes:
...
...
@@ -310,7 +334,7 @@ This tag can contain the following attributes:
</dl>
<p>At the moment only global headers will be sent in case the HTTP status is not “200”. This is subject to change in the future.
Avoid placing comments inside <code><http-headers></code> as, in this release, it will prevent icecast from parsing further <code><header></code> tags.</p>
Avoid placing comments inside <code><http-headers></code> as, in this release, it will prevent Icecast from parsing further <code><header></code> tags.</p>
</div>
...
...
@@ -421,6 +445,8 @@ limit bandwidth costs when no one is listening.</dd>
<divclass="article">
<h3id="mountsettings">Mount Specific Settings</h3>
@@ -477,11 +503,19 @@ corresponding to your mountpoint.</dd>
<dt>mount-name</dt>
<dd>The name of the mount point for which these settings apply.
MUST NOT be used in case of mount type “default”.</dd>
</dl>
<!-- FIXME -->
<dl>
<dt>username</dt>
<dd>An optional value which will set the username that a source must use to connect using this mountpoint.
Do not set this value unless you are sure that the source clients connecting to the mount point can be
configured to send a username other than <code>source</code>.<br/>
If this value is not present the default username is <code>source</code>.</dd>
</dl>
<!-- FIXME -->
<dl>
<dt>password</dt>
<dd>An optional value which will set the password that a source must use to connect using this mountpoint.
There is also a <ahref="auth.html#stream-auth">URL based authentication method</a> for sources that can be used instead.</dd>
...
...
@@ -568,11 +602,15 @@ default is either the hardcoded server default or the value passed from a relay.
<dt>hidden</dt>
<dd>Enable this to prevent this mount from being shown on the xsl pages. This is mainly for cases where a local relay is configured
and you do not want the source of the local relay to be shown.</dd>
</dl>
<!-- FIXME -->
<dl>
<dt>authentication</dt>
<dd>This specifies that the named mount point will require listener (or source) authentication. Currently, we support a file-based
authentication scheme (<code>type=htpasswd</code>) and URL based authentication request forwarding. A mountpoint configured with an authenticator
will display a red key next to the mount point name on the admin screens.<br/>
You can read more about listener authentication and URL based source authentication <ahref="auth.html">here</a>.</dd>
You can read more about authentication and URL based source authentication <ahref="auth.html">here</a>.</dd>
<dt>http-headers</dt>
<dd>This element is placed anywhere inside the mount section of the icecast config. It will contain <code><header></code> child elements, that specify the actual HTTP headers one by one.</dd>
<dt>header</dt>
...
...
@@ -618,7 +656,7 @@ Caution should be exercised as there is a small chance of stream file descriptor
<dl>
<dt>basedir</dt>
<dd>This path is used in conjunction with the chroot settings, and specified the base directory that is chrooted to when the server is started.<br/>
<dd>This path is used in conjunction with the chroot settings, and specifies the base directory that is chrooted to when the server is started.<br/>
<em>This feature is not supported on Win32.</em></dd>
<dt>logdir</dt>
<dd>This path specifies the base directory used for logging. Both the <code>error.log</code> and <code>access.log</code> will be created relative to this directory.</dd>
...
...
@@ -640,6 +678,10 @@ The format of the file is simple, one IP per line.</dd>
<dd>If specified, this points to the location of a file that contains a list of IP addressess that will be dropped immediately.
This is mainly for problem clients when you have no access to any firewall configuration.<br/>
The format of the file is simple, one IP per line.</dd>
</dl>
<!-- FIXME -->
<dl>
<dt>alias</dt>
<dd>Aliases are used to provide a way to create multiple mountpoints that refer to the same mountpoint.<br/>
For example: <code><alias source="/foo" dest="/bar"></code></dd>
...
...
@@ -680,7 +722,7 @@ STDERR instead of a file.</p>
this file can grow fairly large over time. Currently, there is no log-rotation implemented.</dd>
<dt>playlistlog</dt>
<dd>Into this file, a log of all metadata for each mountpoint will be written. The format of the logfile will most likely change over time
as we narrow in on a standard format for this. Currently, the file is pipe delimited. This option is optional and can be removed entirely
as we narrow in on a standard format for this. Currently, the file is pipe delimited. This is optional and can be removed entirely
from the config file.</dd>
<dt>logsize</dt>
<dd>This value specifies (in Kbytes) the maxmimum size of any of the log files. When the logfile grows beyond this value, icecast will either
...
...
@@ -738,4 +780,4 @@ These need to be valid users on the system. Icecast must be started as root for
<p>Icecast is a streaming media server which currently supports Ogg Vorbis and MP3 audio streams. It can be used to create an Internet radio station or a privately running jukebox and many things in between. It is very versatile in that new formats can be added relatively easily and supports open standards for commuincation and interaction.</p>
<p>Icecast is a streaming media server which currently supports Ogg Vorbis, Opus, Theora and WebM streams, MP3 and AAC streams are known to work. It can be used to create an Internet radio station or a privately running jukebox and many things in between. It is very versatile in that new formats can be added relatively easily and supports open standards for commuincation and interaction.</p>
<p>There are two major parts to most streaming media servers: the component providing the content (what we call source clients) and the component which is responsible for serving that content to listeners (this is the function of icecast).</p>
</div>
...
...
@@ -56,8 +56,8 @@
<p>Best Ways:</p>
<ul>
<li>Icecast mailing list <ahref="http://www.xiph.org/archives">http://www.xiph.org/archives</a></li>
<li>Icecast Developers mailing list <ahref="http://www.xiph.org/archives">http://www.xiph.org/archives</a></li>
<li>Icecast mailing list <ahref="http://lists.xiph.org/mailman/listinfo/icecast">http://lists.xiph.org/mailman/listinfo/icecast</a></li>
<li>Icecast Developers mailing list <ahref="http://lists.xiph.org/mailman/listinfo/icecast-dev">http://lists.xiph.org/mailman/listinfo/icecast-dev</a></li>
