Icecast-Server issueshttps://gitlab.xiph.org/xiph/icecast-server/-/issues2018-09-28T15:04:52Zhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2192URL auth: override status code and send custom headers2018-09-28T15:04:52ZThomas B. RückerURL auth: override status code and send custom headersCurrently we're hardcoded to 401, if the backend refuses authentication. 403 might also be desireable or 30x with a _location_ header.
This needs two things:
* capability to set a custom status (including message)
* capability to send...Currently we're hardcoded to 401, if the backend refuses authentication. 403 might also be desireable or 30x with a _location_ header.
This needs two things:
* capability to set a custom status (including message)
* capability to send headers that will be forwarded to the client
The latter can also be used to set cookies, so is useful by itself.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2191Icecast can be crashed remotely if stream_auth is enabled.2018-04-16T22:12:13ZThomas B. RückerIcecast can be crashed remotely if stream_auth is enabled.Downstream bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
Icecast can be killed by anyone with a simple HTTP request when
<authentication type="url"> is used and a stream_auth handler is
defined.
Example configura...Downstream bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
Icecast can be killed by anyone with a simple HTTP request when
<authentication type="url"> is used and a stream_auth handler is
defined.
Example configuration:
```
<mount>
<mount-name>/test.ogg</mount-name>
<authentication type="url">
<option name="stream_auth" value="http://localhost/auth"/>
</authentication>
</mount>
```
Proof of concept exploit:
```
curl "http://stream.example.org:8000/admin/killsource?mount=/test.ogg"
```
This happens if no logon credentials are sent with the request. The crash happens regardless of a source client being connected to the vulnerable mountpoint.
This will be released in a security release 2.4.2 today.
CVE-2015-3026Icecast 2.4.2Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2188Fowarding of headers to authentication system not working2019-06-26T17:17:19ZSebastianFowarding of headers to authentication system not workingHey everyone,
i tried to forward some cookies or other headers to my authentication sytem. Unfortunately this does not work. The doc says the headers would be part of a POST but they don't appear. Can anyone confirm that?
```
<...Hey everyone,
i tried to forward some cookies or other headers to my authentication sytem. Unfortunately this does not work. The doc says the headers would be part of a POST but they don't appear. Can anyone confirm that?
```
<option name="headers" value="x-pragma,x-token"/>
<option name="header_prefix" value="ClientHeader."/>
```
```
<mount>
<mount-name>/example.ogg</mount-name>
<authentication type="url">
<option name="mount_add" value="http://auth.example.org/stream_start.php"/>
<option name="mount_remove" value="http://auth.example.org/stream_end.php"/>
<option name="listener_add" value="http://auth.example.org/listener_joined.php"/>
<option name="listener_remove" value="http://auth.example.org/listener_left.php"/>
<option name="username" value="user"/>
<option name="password" value="pass"/>
<option name="auth_header" value="icecast-auth-user: 1"/>
<option name="timelimit_header" value="icecast-auth-timelimit:"/>
<option name="headers" value="x-pragma,x-token"/>
<option name="header_prefix" value="ClientHeader."/>
<option name="stream_auth" value="http://auth.example.org/source.php"/>
</authentication>
</mount>
```
Best Regards
SebastianThomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2187implement event triggers 'client-connect' / 'client-disconnect' to match lega...2019-01-22T06:34:14ZThomas B. Rückerimplement event triggers 'client-connect' / 'client-disconnect' to match legacy url-auth```
<option name="listener_add" value="http://auth.example.org/listener_joined.php"/>
<option name="listener_remove" value="http://auth.example.org/listener_left.php"/>
```
should translate to triggers:
* 'client-connect'
* 'client-di...```
<option name="listener_add" value="http://auth.example.org/listener_joined.php"/>
<option name="listener_remove" value="http://auth.example.org/listener_left.php"/>
```
should translate to triggers:
* 'client-connect'
* 'client-disconnect'
Enables e.g. statistics collection without the potential problems of setting it up as auth.Icecast 2.5.0Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2179URL Auth with iOS not working correctly2017-10-05T10:40:40ZSebastianURL Auth with iOS not working correctlyHi guys,
when using an IOS device like iPad or iPhone the function "url_add_client" in the file "auth_url.c" seems not to forward all parameters correctly to the authentication system (in my case verify.php).
The username is missing as...Hi guys,
when using an IOS device like iPad or iPhone the function "url_add_client" in the file "auth_url.c" seems not to forward all parameters correctly to the authentication system (in my case verify.php).
The username is missing as you can see in the example below (PHP_AUTH_USER is empty).
After the initial "HTTP/1.0 401 Authentication Required" three GET requests are sent by mobile clients (Android, as well as iPhones or iPads). I checked that with Wireshark. On Android phones the username is never empty, that's why it is always working there.
On iPhones and iPads we have the result below.
The following data is captured from the requests of Icecast to the authentication system (verify.php).
Have a look at the cut off "HTTP_AUTHORIZATION" and the missing username in "PHP_AUTH_USER"
Do you have any idea what is going on there?
New request:
```
CONTENT_TYPE: application/x-www-form-urlencoded
CONTENT_LENGTH: 349
HTTP_USER_AGENT: Icecast 2.4.99.1
HTTP_HOST: www.domain.com
HTTP_AUTHORIZATION: Basic dm9sbDpob3JzdA==
HTTP_ACCEPT: */*
HTTP_CONTENT_TYPE: application/x-www-form-urlencoded
HTTP_CONTENT_LENGTH: 349
PHP_AUTH_USER: peter
PHP_AUTH_PW: pan
```
New request:
```
CONTENT_TYPE: application/x-www-form-urlencoded
CONTENT_LENGTH: 340
HTTP_USER_AGENT: Icecast 2.4.99.1
HTTP_HOST: www.domain.com
HTTP_AUTHORIZATION: Basic OmhvcnN0
HTTP_ACCEPT: */*
HTTP_CONTENT_TYPE: application/x-www-form-urlencoded
HTTP_CONTENT_LENGTH: 340
PHP_AUTH_USER:
PHP_AUTH_PW: pan
```
New request:
```
CONTENT_TYPE: application/x-www-form-urlencoded
CONTENT_LENGTH: 340
HTTP_USER_AGENT: Icecast 2.4.99.1
HTTP_HOST: www.domain.com
HTTP_AUTHORIZATION: Basic OmhvcnN0
HTTP_ACCEPT: */*
HTTP_CONTENT_TYPE: application/x-www-form-urlencoded
HTTP_CONTENT_LENGTH: 340
PHP_AUTH_USER:
PHP_AUTH_PW: pan
```
Marvin ScholzMarvin Scholzhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2174icestats.source in /status-json.xsl is not always an array2020-10-10T11:40:10ZDavid Thompsonicestats.source in /status-json.xsl is not always an arrayWhen there is only one mount, icestats.source is an object. When there is more than one mount, icestats.source is an array. This is quite surprising, and it means that client code has to be careful to test for this case and handle it a...When there is only one mount, icestats.source is an object. When there is more than one mount, icestats.source is an array. This is quite surprising, and it means that client code has to be careful to test for this case and handle it appropriately.
icestats.source should always be an array of objects describing the mounts, even if there is only one of them.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2173Max duration support for stream dumpfiles2022-03-22T17:48:23ZThomas B. RückerMax duration support for stream dumpfilesWe've received a request on this topic:
```
My suggestion is that the dump-file tag have an interval option or tag so
that it creates a new dump file based on this interval, and named based
on some sort of dump-file-name tag which wou...We've received a request on this topic:
```
My suggestion is that the dump-file tag have an interval option or tag so
that it creates a new dump file based on this interval, and named based
on some sort of dump-file-name tag which would use BASH naming variables
to name it.
```
http://lists.xiph.org/pipermail/icecast/2015-March/013209.html
Basically boils down to setting a duration and after that reopening the dump file. We already support strftime patterns in the file name.
I have received a patch for this against 2.3.2 and we'll evaluate if it can be reused or at least used as inspiration.
Optional related feature: dump files triggered / turned on/off through admin request.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2171Improve https handling of Icecast web ui and generated files2018-11-09T07:18:34ZThomas B. RückerImprove https handling of Icecast web ui and generated filesCurrently some things break if Icecast runs with HTTPS on the primary port.
We should implement proper handling not to return HTTP URLS in such cases.
Right now this either breaks things or will make them insecure.Currently some things break if Icecast runs with HTTPS on the primary port.
We should implement proper handling not to return HTTP URLS in such cases.
Right now this either breaks things or will make them insecure.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2170Mingw32 is unable to "ignore" a pointer to that points to an incomplete type.2018-03-06T12:49:47ZSebastianMingw32 is unable to "ignore" a pointer to that points to an incomplete type.Hi guys,
i tried to compile with mingw32 on a fresh open suse 13.2 system. In order to get the .exe for Windows.
The result:
http://pastebin.com/dZpP3Dwh
Is it a missing configuration or is it really mingw32 that is unable to compile...Hi guys,
i tried to compile with mingw32 on a fresh open suse 13.2 system. In order to get the .exe for Windows.
The result:
http://pastebin.com/dZpP3Dwh
Is it a missing configuration or is it really mingw32 that is unable to compile it.
Considering the error messages: Is catching the error somehow possible in xslt.c?
Best Regards
SebastianThomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2169Improved mountpoint metadata manipulation support through /admin calls2018-11-10T12:59:34ZThomas B. RückerImproved mountpoint metadata manipulation support through /admin callsCurrently we expose this mostly as the old style shoutcast metadata hack requires the data to arrive separate from the stream. This is limited to "title".
We should expose a unified interface that allows updating all mountpoint metadata...Currently we expose this mostly as the old style shoutcast metadata hack requires the data to arrive separate from the stream. This is limited to "title".
We should expose a unified interface that allows updating all mountpoint metadata, including that of the stream/container.
This would make things a lot more flexible and enable new use cases, like adjusting mountpoint information without having to reconnect the source.
Assigned to 2.5.0, pending feasibility checks.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2166Customizable .ico file via config2018-03-06T12:49:47ZSebastianCustomizable .ico file via configI want to be able to replace it with my own =) Just a wish...I want to be able to replace it with my own =) Just a wish...Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2164Mime-Type file config option should be in the path section2018-03-06T12:49:47ZMarvin ScholzMime-Type file config option should be in the path sectionThe `<mime-types>` configuration option should be move to the `<paths>` section, to keep the configuration file structured correctly.The `<mime-types>` configuration option should be move to the `<paths>` section, to keep the configuration file structured correctly.Icecast 2.5.0Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2159RFC 2817 "Upgrading to TLS Within HTTP/1.1" Support2018-03-06T12:49:47ZPhilipp SchafftRFC 2817 "Upgrading to TLS Within HTTP/1.1" SupportRFC 2817 should be supported.
This will also be helpful with libshout. See #2152.RFC 2817 should be supported.
This will also be helpful with libshout. See #2152.Icecast 2.5.0Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2158No metadata for the listenerer when sourcing with Mixxx on Windows2020-02-14T12:59:17ZSebastianNo metadata for the listenerer when sourcing with Mixxx on Windows2.4.99.1 aka 2.5 beta1 on windows with Mixxx as source client.
Unfortunately the metadata (title and artist) is not visible on iTunes anymore.
In 2.4.1 this was no problem. I tried to use the charset UTF-8 in Mixxx and in Icecast but i...2.4.99.1 aka 2.5 beta1 on windows with Mixxx as source client.
Unfortunately the metadata (title and artist) is not visible on iTunes anymore.
In 2.4.1 this was no problem. I tried to use the charset UTF-8 in Mixxx and in Icecast but it didn't work either.
Maybe someone could have a look at it.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2147Split up Icecast certificate handling into private and public key files2018-06-15T21:17:45ZThomas B. RückerSplit up Icecast certificate handling into private and public key filesThis would make it easier for people who are used to most software requiring two files, also it would make it easier to share certificate files with other server software like e.g. Apache httpd or dovecot imapd.This would make it easier for people who are used to most software requiring two files, also it would make it easier to share certificate files with other server software like e.g. Apache httpd or dovecot imapd.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2146Icecast should send the "admin" field from config to YP2018-03-06T12:49:47ZThomas B. RückerIcecast should send the "admin" field from config to YPThis would allow the YP admins to contact the server administrator in case of problems with the listing/streams.
It would address a very common problem, finding out the contact details for a server admin.This would allow the YP admins to contact the server administrator in case of problems with the listing/streams.
It would address a very common problem, finding out the contact details for a server admin.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2144Icecast might hang with 100% cpu use upon failed startup2018-10-27T11:17:45ZThomas B. RückerIcecast might hang with 100% cpu use upon failed startupI just ran into it again. It looks like it gets caught up in waiting for something.
Example output when trying to bind to inexistent IPv4 address:
```
$ /usr/bin/icecast -c /etc/icecast.xml
[2015-01-08 05:21:48] EROR connection/connec...I just ran into it again. It looks like it gets caught up in waiting for something.
Example output when trying to bind to inexistent IPv4 address:
```
$ /usr/bin/icecast -c /etc/icecast.xml
[2015-01-08 05:21:48] EROR connection/connection_setup_sockets Could not create listener socket on port 8000 bind 203.0.113.23
[2015-01-08 05:21:48] EROR connection/connection_setup_sockets No listening sockets established
Server startup failed. Exiting
```
"strace -f" doesn't produce any output after writing that last message.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2143Regresion: reloadconfig* got de-linked on redesign of admin intrerface2018-03-06T12:49:47ZPhilipp SchafftRegresion: reloadconfig* got de-linked on redesign of admin intrerfaceLinks to the reloadconfig-admin command got lost on update of the design. Those should be re-linked.Links to the reloadconfig-admin command got lost on update of the design. Those should be re-linked.Icecast 2.5.0Thomas B. RückerThomas B. Rückerhttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2135Return "return" code for command_manageauth iceresponse2018-07-16T09:12:54ZMarvin ScholzReturn "return" code for command_manageauth iceresponseReturn "return" code in iceresponse for command_manageauth, to indicate if it failed or succeeded.Return "return" code in iceresponse for command_manageauth, to indicate if it failed or succeeded.Philipp SchafftPhilipp Schaffthttps://gitlab.xiph.org/xiph/icecast-server/-/issues/2133Regression: Role management not possible via admin interface2018-03-06T12:49:47ZPhilipp SchafftRegression: Role management not possible via admin interfaceRole management via admin/ interface is currently not possible as there is no lists of roles displayed. listings of roles must be implemented so user can find the right link to the management page.Role management via admin/ interface is currently not possible as there is no lists of roles displayed. listings of roles must be implemented so user can find the right link to the management page.Icecast 2.5.0Marvin ScholzMarvin Scholz