Fwd: Moiseenko Andrey's crtmpserver security patch - patch5.txt

ООО МааСофтваре support at maasoftware.ru
Wed Oct 11 21:14:18 UTC 2017 

Hello, Maintainers.

I    have    a    look    more    to    patching  code  and  have  fix
machine-depending host byte order in remote ip calculation.

So patch5.txt is a new version of patch.

And  I  have a question about how is it possible to send this fix to a bug
tracking   system   due  to  patch  maa_crtmpserver_security_path.diff
created     by     "dpkg-source     -commit"    is    not    including
/etc/crtmpserver/*txt  files,  only  manual  patch5.txt  is including.



--
Best regards,
 Moiseenko Andrey,
 e-mail: support at maasoftware.ru
 web: http://www.maasoftware.ru

---------- forwarded letter ----------
От:                  JSK MaaSoftware <support at maasoftware.ru>
К:                   Debian Multimedia Maintainers <pkg-multimedia-maintainers at lists.alioth.debian.org>
А также к:           
Время создания:      Wed, 11 Oct 2017 22:25:11 +0300
Тема:                Moiseenko Andrey's crtmpserver security patch
Прикрепленные файлы: maa_crtmpserver_security_path.diff, patch4.txt

Hello, Maintainers!

I have found a security problem in crtmpserver in December 2015, still
exists.

The  problem is any rtmp streams generators like web cams, ffmpeg, etc
can  send  they  stream  to  you  crtmpserver  server  anonymously and
playback  it.  It can be a problem for you due to anybody can use your
server for video streaming not for your sites nor your application.

To  solve  the  problem i create a patch based on code found by google
for   connect   schema   name   and   swf  name  check.  And I have my
additions   to  check  remote  (source)  and  local  IP  addresses  of
connection to allow to translate rtmp from certain static IPs.

I  am  novice  in  open source commit, and just have to read 4 configs
from  hard coding dir /etc/crtmpserver  (local_ip.txt, remote_ip.txt,
tc_url.txt, swf_url.txt).

I am trying to build modified source (Thank for Sebastian Ramacher for
Bug#878211:  crtmpserver can not be compilled from source - answered how
to compile crtmpserver from Debian source).

"dpkg-source -commit" say me:
dpkg-source:  info:  local  changes have been recorded in a new patch:
crtmpserver-1.0/debian/patches/maa_crtmpserver_security_path.diff

I think my  path  was  not sent  to  Debian Maintainers by
"dpkg-source -commit" command

I am attaching my more detailed patch4.txt with
/etc/crtmpserver/*txt samples generated by
diff -Naur crtmpserver-1.0~dfsg crtmpserver-1.0_mod >patch4.txt

Please fix me if can, about fixed path /etc/crtmpserver
Waiting for code to be integrated into new versions of crtmpserver.

--
Best regards,
 Moiseenko Andrey,
 e-mail: support at maasoftware.ru
 web: http://www.maasoftware.ru

---------- end of forwarded letter ----------
-------------- next part --------------
An embedded message was scrubbed...
From: JSK MaaSoftware <support at maasoftware.ru>
Subject: Moiseenko Andrey's crtmpserver security patch
Date: Wed, 11 Oct 2017 22:25:11 +0300
Size: 41784
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20171012/36221a97/attachment-0001.eml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: maa_crtmpserver_security_path.diff
Type: application/octet-stream
Size: 13539 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20171012/36221a97/attachment-0001.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch5.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20171012/36221a97/attachment-0001.txt>

More information about the pkg-multimedia-maintainers mailing list