icecast-2.4.3-bp152.3.16

- update to version 2.4.4:
  * Fix buffer overflows in URL auth code (CVE-2018-18820,
    bsc#1114434)
  * Worked around buffer overflows in URL auth’s cURL interface
  * Do not report hashed user passworts in user list
  * Fixed segfault in htpasswd auth if no filename is set
  * Fixed a segfault when xsltApplyStylesheet() returns error
  * Do not segfault on malformed Opus streams
  * Global listener count could be negative under certain
    circumstances
  * Added code to announce Opus streams as such towards yp servers

- update to version 2.4.3:
  * Fixes Windows only vulnerability (CVE-2005-0837), where an
    attacker could access the raw XSLT template file by appending a
    dot “.” to the URL. To be clear, no runtime information could be
    accessed this way.
- cleanup spec file with spec-cleaner
- fix bad line endings warning in CSS file
- rebase icecast-fix-no-add-needed.patch
- replace PreReq statements with Requires(pre)

- update to version 2.4.2:
  Fix crash when URL Auth is used with stream_autho without
  credentials (bnc#926402)

- Remove sysvinit support as the package now build only for systems
  with systemd support
- Add a backward rc compatibility symlink to systemd service file
- Only require systemd-rpm-macros to build; no need to require
  entire systemd environment
- Clean up specfile

- updated to version 2.4.1:
  * Fixes in logging, <auth> in default mounts, JSON status API
  * SSL Security improvements:
  * Handle empty strings in config file better
  * Require Content-Type header for PUT requests
  * Fix possible leak of on-connect scripts (CVE-2014-9018,bnc#906538)
  More details, see http://icecast.org/news/icecast-release-2_4_1/
- Remove obsoleted patch:
  icecast-2.4.0-produce-valid-json.patch
- Change doc subpackage to noarch
- Spec file cleanup

- Add icecast-mp3-frame-validation.patch: validate mp3 frame.

- Add icecast-2.4.0-produce-valid-json.patch: produce valid json status,
  fix boo#905468.

- fix bashisms in pre script

- Update to version 2.4.0:
  * Support for WebM video
  * Support for Opus audio in Ogg
  * Fixes for some race conditions
  * Allow (standard strftime(3)) %x codes in <dump-file>. Disabled for win32.
  * Dropped debian packaging directory as debian use their own.
- Disable Gentoo patches because they have no effect on the OBS builds.
  icecast-2.3.3-libkate.patch (has no effect on automated builds)
  icecast-2.3.3-fix-xiph_openssl.patch (spec file guarantees openssl exists)
- Rebase icecast-fix-no-add-needed.patch for version 2.4.0.

- Remove the obsoleted icecast-2.3.2-CVE-2011-4612.diff that leads
  to invalid access to freed memory (bnc#862096)

- remove dependency to syslog.target in icecast.service, as it doesn't exist
  any more, see bnc#852314

- update to 2.3.3:
  * security:
    + Improved HTTPS cipher handling and added support for chained certificates.
    + Allow the source password to be undefined. There was a corner case, where
    a default password would have taken effect. It would require the admin to
    remove the 'source-password' from the icecast config to take effect. Default
    configs ship with the password set, so this vulnerability doesn't trigger
    there.
    + Prevent error log injection of control characters by substituting
    non-alphanumeric characters with a '.' (CVE-2011-4612). Injection attempts
    can be identified via access.log, as that stores URL encoded requests.
    Investigation if further logging code needs to have sanitized output is
    ongoing.
  * bugfixes:
    + On-demand relaying - Reject listeners while reconnecting. Fix stats for
    relays without mount section.
    + Prevent too frequent YP updates.
    + Only allow raw metadata updates from same IP as connected source (unless
    user is admin). This addresses broken client software that issues updates
    without being connected.
    + Minor memory leaks
    + XSPF file installation
    + Fix case of global listeners count becoming out of sync.
    + Setting an interval of 0 in mount should disable shoutcast metadata inserts.
  * authentication:
    + Sources can now be authenticated via URL, like listeners. Post info is
    "action=stream_auth&mount=/stream&ip=IP&server=SERVER&port=8000&user=fred&pass=pass"
    As admin requests can come in for a stream (eg metadata update) these
    requests can be issued while stream is active. For these &admin=1 is added to
    the POST details.
  * XSL update:
    + automatically generate VCLT playlist like we do with M3U, the mountpoint
    extension is .vclt
- package updates:
  * add systemd service file
  * add logrotate configuration
  * add Gentoo patches
  * set pidfile directive in default config file to make it work with
    systemd
  * split out HTML documentation into -doc subpackage

- nuked %make_install to make SLES11 SP2 happy.

- Fix useradd invocation: -o is useless without -u and newer
  versions of pwdutils/shadowutils fail on this now.

- Fix VUL-1: icecast log injection (CVE-2011-4612, bnc#737255)

- add libtool as buildrequire to make the spec file more reliable

- Fix build with --no-add-needed
- Enable SSL support.

- updated to version 2.3.2:
  * Character set support
  * Authentication improvements
  * Listening socket update
  * XSL update
  * Updates for stream directory handling.
  * Updates for Win32.
  * Accept/Ban IP support.
  * A Mountpoint is exported to the slaves even if no mount
    section is defined for it.
  * Relays handle redirection (HTTP 302) if one is received at
    startup.
  * Automatically generate XSPF playlist like we do with M3U, the
    mountpoint extension is .xspf
  * Header updates for proxy handling and certain clients like
    some shoutcast source clients and flash players.
  * Added Kate/Skeleton codecs to Ogg handler.
  * Various stats cleanups.
  * The streamlist passed from master to slave had a limited
    length
  * Documentation updates.
  * Relay startup/shutdown is cleaner.
  * several build cleanups.
  * several resource leaks and race conditions fixed

- fix build with curl-7.16
- fixed more comparison with string literals by using static char*
  variables instead of #defines to string constans to detect
  whether a default or malloced value is used

- fix comparison of string literal in cfgfile.c (#226380).

- added icecast-2.3.1_runas_icecast_user.patch:
  run icecast as "icecast" user and group by default
- added init script
- added log/home dir to the fileist
- dont run suse_update_config/autoreconf seems unneeded.
  (tested with the buildservice on 10.0->Factory)
- replaced manual configure call with %configure