Icecast-libshout issueshttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues2023-08-15T10:34:09Zhttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2340reserved identifier violation2023-08-15T10:34:09ZMarkus Elfringreserved identifier violation:eyes: I would like to point out that an identifier like “[`__LIBSHOUT_SHOUT_H__`](https://gitlab.xiph.org/xiph/icecast-libshout/-/blob/d8592a0be35867691219f470b7db506fbb8cb912/include/shout/shout.h.in#L22 "Update candidate")” [does not ...:eyes: I would like to point out that an identifier like “[`__LIBSHOUT_SHOUT_H__`](https://gitlab.xiph.org/xiph/icecast-libshout/-/blob/d8592a0be35867691219f470b7db506fbb8cb912/include/shout/shout.h.in#L22 "Update candidate")” [does not fit](https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL51-CPP.+Do+not+declare+or+define+a+reserved+identifier#DCL51CPP.Donotdeclareordefineareservedidentifier-NoncompliantCodeExample%28HeaderGuard%29 "Do not declare an identifier which is reserved for the compiler implementation.") to the expected naming convention of the C++ language standard.
:thought_balloon: Would you like to adjust your selection for unique names?https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2339Remove getters2023-03-09T10:19:51ZPhilipp SchafftRemove gettersCurrently libshout provides a number of getters for several settings. It seems unclear to me what they are useful for. Therefore I suggest to deprecate them and remove them with the next ABI change.
List of relevant getters:
* `shout_ge...Currently libshout provides a number of getters for several settings. It seems unclear to me what they are useful for. Therefore I suggest to deprecate them and remove them with the next ABI change.
List of relevant getters:
* `shout_get_host()`
* `shout_get_port()`
* `shout_get_agent()`
* `shout_get_tls()` There is/was/might be confusion on whether this returns the configuration or the current value.
* `shout_get_ca_directory()`
* `shout_get_ca_file()`
* `shout_get_allowed_ciphers()` The value is not supposed to be set by the API user. Therefore a getter may be still be good (e.g. for status display).
* `shout_get_user()`
* `shout_get_password()` Via #2338
* `shout_get_client_certificate()`
* `shout_get_mount()`
* `shout_get_audio_info()`
* `shout_get_meta()`
* `shout_get_public()`
* `shout_get_content_language()`
* `shout_get_content_format()`
* `shout_get_protocol()` There is/was/might be confusion on whether this returns the configuration or the current value.
* `shout_get_nonblocking()` The returned value is a `SHOUT_BLOCKING_xxx` constant. There had been confusion on this before.Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2338Removal of shout_get_password()2023-03-09T10:13:57ZPhilipp SchafftRemoval of shout_get_password()Currently libshout allows the retrieval of the user password via `shout_get_password()`. To me it seems like this is a very strange usecase. Specifically with a security relevant information like the user's password. Therefore I suggest ...Currently libshout allows the retrieval of the user password via `shout_get_password()`. To me it seems like this is a very strange usecase. Specifically with a security relevant information like the user's password. Therefore I suggest to deprecate this function and remove it with the next ABI change.
Notes:
* Removal of the function will clean up the code slightly.
* The information is still within the process' memory. This does not improve security against attacks. The main intention of this ticket is to hint developers into not using bad patterns.Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2337TLS connections not shutting down correctly (blocking mode)2023-02-19T15:44:55ZMoritz GrimmTLS connections not shutting down correctly (blocking mode)shout_tls_close() does not check the return value of SSL_shutdown() to complete a bidirectional shutdown. As a result the TLS connection to Icecast remains open when using libshout in blocking mode. As a result, ezstream users are unable...shout_tls_close() does not check the return value of SSL_shutdown() to complete a bidirectional shutdown. As a result the TLS connection to Icecast remains open when using libshout in blocking mode. As a result, ezstream users are unable to terminate and restart their streams (Icecast prevents multiple source connections to the same mountpoint). See https://gitlab.xiph.org/xiph/ezstream/-/issues/2269 for reference.
A naive patch that solves the issue is attached as [SSL_shutdown.diff](/uploads/0b95fd60e6b3293400fbf3344e7988b8/SSL_shutdown.diff), but that won't work in non-blocking mode ...https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2336a potential NPD in source file src/proto_http.c2022-09-13T10:40:11Zash1852a potential NPD in source file src/proto_http.cHi, I found a potential null pointer dereference bug in the project source code of libshout, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that gen...Hi, I found a potential null pointer dereference bug in the project source code of libshout, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the file path can be seen in the blue framed section.
![getvar](/uploads/d440a52b893294bb5844c94ffe3e2a93/getvar.jpg)
Although the code shown is for the latest but is still exist in current version.
What I'm confused about is, some empty judgment operation to return value of httpp_getvar can be found in some code snippets of the libshout project, so I'm not sure if the context of this snippet can assert that the call-statement won't return null, if so please give me some hints.thank you for checking if this bug is true.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2334Mixxx build patches2022-04-12T11:07:10ZDaniel SchürmannMixxx build patchesThis is the set of patches we apply in the Mixxx project to build libshout on Linux/Windows/MacOs.
[0006-Handle-unhandled-enum-values-in-switch-statements.patch](/uploads/697b5afa3df8c0a07efd437d36b2776b/0006-Handle-unhandled-enum-valu...This is the set of patches we apply in the Mixxx project to build libshout on Linux/Windows/MacOs.
[0006-Handle-unhandled-enum-values-in-switch-statements.patch](/uploads/697b5afa3df8c0a07efd437d36b2776b/0006-Handle-unhandled-enum-values-in-switch-statements.patch)
[0005-Verify-port-number-length.patch](/uploads/89e9c67e61740c4965d9141407c14c2c/0005-Verify-port-number-length.patch)
[0004-Fix-includes.patch](/uploads/716c9fa35c186257ef1431fb87ca865d/0004-Fix-includes.patch)
[0003-replace-illegal-void-arythmetric.patch](/uploads/f6f23b2338e477af3aa5d0c43372063b/0003-replace-illegal-void-arythmetric.patch)
[0002-fix-os.h.patch](/uploads/34c49851823f285aaeae15b3decca10b/0002-fix-os.h.patch)
[0001-Remove-unsused-strings.h.patch](/uploads/519033c12062e1d0a4cd010254840e73/0001-Remove-unsused-strings.h.patch)https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2333Support 30X Redirects2021-11-18T14:26:16ZJamie WoodsSupport 30X RedirectsIt would be very useful for libshout to natively handle receiving 301/302 redirects, when connecting as a source.
This would allow various streaming applications to connect to a different Icecast instance dynamically (for example - regi...It would be very useful for libshout to natively handle receiving 301/302 redirects, when connecting as a source.
This would allow various streaming applications to connect to a different Icecast instance dynamically (for example - regional clusters of servers)Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2332Patch for macOS >= 11.x2021-10-26T13:06:10ZMichka PopoffPatch for macOS >= 11.xHi
Here is a patch we are using in Homebrew (the package manager for macOS and Linux) to build libshout.
The current build is broken and causes the library to be linked with a flat
namespace, which might cause issues when dynamically lo...Hi
Here is a patch we are using in Homebrew (the package manager for macOS and Linux) to build libshout.
The current build is broken and causes the library to be linked with a flat
namespace, which might cause issues when dynamically loading the library with
dlopen under some modes:
```
diff -u libshout-2.4.5-old/configure libshout-2.4.5/configure
--- libshout-2.4.5-old/configure 2021-10-21 12:28:29.000000000 +0200
+++ libshout-2.4.5/configure 2021-10-21 12:31:31.000000000 +0200
@@ -7582,17 +7582,12 @@
_lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
darwin1.*)
_lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
- 10.[012]*)
- _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
- 10.*)
- _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ darwin*)
+ case ${MACOSX_DEPLOYMENT_TARGET},$host in
+ 10.[[012]],*|,*powerpc*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ *)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
esac
;;
esac
```
This is a patch for the configure file, but it should be applied to the the libtool.m4 file. I am not an expert on how you have setup the m4 folder in your project, so I'll let you handle the addition of that patch.
For reference:
https://github.com/Homebrew/homebrew-core/pull/87694Marvin ScholzMarvin Scholzhttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2327When preventing caller "abuse-after-free", abort()2023-03-09T09:48:58ZMoritz GrimmWhen preventing caller "abuse-after-free", abort()The shout_free() function attempts to prevent use-after-free issues by not doing anything in case the caller still has an open connection. While this can mitigate security issues in calling applications, it covers up these flaws in the f...The shout_free() function attempts to prevent use-after-free issues by not doing anything in case the caller still has an open connection. While this can mitigate security issues in calling applications, it covers up these flaws in the form of hard to detect memory leaks.
Libshout should either leave the responsibility for these kinds of defects where they belong and not perform the "is a connection still open?" check, as it will never be able to solve _all_ of these problems (and applications running into this _will_ have other problems as well and are in some dire need of SAST tools).
However, since there is some merit to this safeguard, at least make it highly visible with a proper, noisy abort(): [shout_free_abort_before_use-after-free.diff](/uploads/7eb49ff1ce810e41d523e54cbb6f8428/shout_free_abort_before_use-after-free.diff) -- it might be a wake-up call!https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2326logic error in shout_free()2021-02-09T00:03:36ZMoritz Grimmlogic error in shout_free()A logic error in shout_free() prevents memory from being released unless there is an active connection. It should be reversed. This is a regression that was introduced with the switch to the new internal state machine.
Proposed fix: [sh...A logic error in shout_free() prevents memory from being released unless there is an active connection. It should be reversed. This is a regression that was introduced with the switch to the new internal state machine.
Proposed fix: [shout_free_logic_error_fix.diff](/uploads/efff24f90ef25e582fdfb42e1e6985b2/shout_free_logic_error_fix.diff)https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2323Build on Windows / CMake2023-03-09T10:24:28ZJan HolthuisBuild on Windows / CMakeI'm unable to find documentation regarding building on Windows.
Would you be interested in a CMake build file?I'm unable to find documentation regarding building on Windows.
Would you be interested in a CMake build file?https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2320Unable to disable SSL build in libshout-2.4.32020-10-21T07:10:11ZNight GryphonUnable to disable SSL build in libshout-2.4.3./configure --without-openssl
still do ssl tests and add
#define HAVE_OPENSSL 1
to config.h which cause tls.c and other unwanted ssl stuff to build in to library./configure --without-openssl
still do ssl tests and add
#define HAVE_OPENSSL 1
to config.h which cause tls.c and other unwanted ssl stuff to build in to libraryhttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2314Allow disabling installation of ckport database2020-02-11T08:40:50ZPetr PisarAllow disabling installation of ckport databaseI found out that libshout-2.4.3 installs libshout.ckport file although I have no use for it. An attached patch adds --disable-ckport configure option that allows users to disable the installation.
[libshout-2.4.3-Allow-disabling-ckport-...I found out that libshout-2.4.3 installs libshout.ckport file although I have no use for it. An attached patch adds --disable-ckport configure option that allows users to disable the installation.
[libshout-2.4.3-Allow-disabling-ckport-database-installation.patch](/uploads/18b0544b437ccba7c9dd352e25175354/libshout-2.4.3-Allow-disabling-ckport-database-installation.patch)https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2313ezstream hangs with libshout2019-11-18T08:44:49Zzygmundezstream hangs with libshoutHi,
Some time ago I was reported ezstream hangs with version of libshout 2.4.3 but problem still exists even with master branch, after few houres stream stops and I need to kill -9 ezstream.
When I downgraded to 2.4.1 everything is perf...Hi,
Some time ago I was reported ezstream hangs with version of libshout 2.4.3 but problem still exists even with master branch, after few houres stream stops and I need to kill -9 ezstream.
When I downgraded to 2.4.1 everything is perfect.https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2311Add support for JWT tokens2023-03-18T10:25:44ZThiago SantosAdd support for JWT tokensAdds support for setting a JWT authorization token (or any opaque token) to libshout. It will be used as an "Authorization: Bearer <token>" header instead of the usual user/password header for HTTP requests.Adds support for setting a JWT authorization token (or any opaque token) to libshout. It will be used as an "Authorization: Bearer <token>" header instead of the usual user/password header for HTTP requests.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2300SIGPIPE from libshout shout_send when Icecast is stopped2019-06-30T09:54:34ZJustin SouterSIGPIPE from libshout shout_send when Icecast is stoppedI'm getting a SIGPIPE signal from libshout shout_send function when Icecast is stopped. I've tried signal(SIGPIPE, SIG_IGN) and no difference. Trying to implement source client auto re-connect. Building in XCode on macOS High Sierra.I'm getting a SIGPIPE signal from libshout shout_send function when Icecast is stopped. I've tried signal(SIGPIPE, SIG_IGN) and no difference. Trying to implement source client auto re-connect. Building in XCode on macOS High Sierra.https://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2288Outdated FSF address2018-07-16T09:13:39ZFrancisco de la PeñaOutdated FSF addressThis is a well known issue and a reporting this upstream is a requirement for some distribution packaging checks, so here it is.
The Free Software Foundation postal address mentioned in license texts changed.
The new address should be ...This is a well known issue and a reporting this upstream is a requirement for some distribution packaging checks, so here it is.
The Free Software Foundation postal address mentioned in license texts changed.
The new address should be the mentioned in http://www.gnu.org/licenses/old-licenses/lgpl-2.0.txt
The old address is found at least in the COPYING and source file headers.Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2238Delete SHOUTERR_METADATA2017-11-16T12:06:13ZPhilipp SchafftDelete SHOUTERR_METADATAThe error value SHOUTERR_METADATA is never used and has no comment telling what it should be used for. Also the error-to-string function shout_get_error() doesn't include it.
This should be cleaned up as part of the next ABI change.The error value SHOUTERR_METADATA is never used and has no comment telling what it should be used for. Also the error-to-string function shout_get_error() doesn't include it.
This should be cleaned up as part of the next ABI change.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2206[PATCH] Update the libshout python bindings to the libshout git version2019-05-22T07:44:49Zdivayth[PATCH] Update the libshout python bindings to the libshout git versionI added methods for tls, ca_directory, ca_file, allowed_ciphers and for get and set_meta.
The first list is implemented as class attributes of the shout object and *_meta as methods.
It is still missing docstrings and help because I wa...I added methods for tls, ca_directory, ca_file, allowed_ciphers and for get and set_meta.
The first list is implemented as class attributes of the shout object and *_meta as methods.
It is still missing docstrings and help because I was not sure what to write.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-libshout/-/issues/2193Plugin-ify the formats code2019-05-15T09:21:43ZGuillaume QuintardPlugin-ify the formats codeCurrently, libshout support mp3, ogg and webm, but some use cases require more (in Arkena case, we need aac support). Unfortunately, due to (valid) license/political reason, integrating more formats is blocked, leading to poorly maintain...Currently, libshout support mp3, ogg and webm, but some use cases require more (in Arkena case, we need aac support). Unfortunately, due to (valid) license/political reason, integrating more formats is blocked, leading to poorly maintained forks (see https://github.com/codders/libshout).
I started working on a branch (https://github.com/gquintard/Icecast-libshout/tree/feature-plugin) to have format plugins. It is not complete, and there are several objections to it (most prominently the use of mimes to identify the relevant plugin). So this ticket is here to track remarks/questions/note about this work.Philipp SchafftPhilipp Schafft