Update to 0.6.0. Changes:

 * This release contains a SECURITY FIX for a command injection vulnerability
   that was found and reported by Alexandre Rebert:

   The previous handling of metadata placeholders allowed for arbitrary shell
   commands to be trivially injected and executed as the ezstream user, via
   malicious media files.

 * This release requires users to ADJUST their CONFIGURATION:

   To protect against the injection vulnerability above, metadata is now
   properly quoted and escaped from the shell. This means that any extra
   quoting must be removed from configuration files.

   Remove all quoting from metadata placeholders in <encode/> and <decode/>
   commands, e.g. replace "@M@" with @M@, and "@T@" with @T@, etc. Without
   these changes, stream metadata will look both wrong and the injection
   vulnerability may be re-introduced.

2 files changed, 6 insertions, 6 deletions

diff --git a/audio/ezstream/Makefile b/audio/ezstream/Makefile
index 36e623d3469..96cb4f8611f 100644
--- a/audio/ezstream/Makefile
+++ b/audio/ezstream/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.7 2014/10/20 11:02:53 mef Exp $
+# $NetBSD: Makefile,v 1.8 2015/10/13 18:02:10 shattered Exp $
 #
 
-DISTNAME=		ezstream-0.5.6
+DISTNAME=		ezstream-0.6.0
 CATEGORIES=		audio
 MASTER_SITES=		http://downloads.us.xiph.org/releases/ezstream/
 LICENSE=		gnu-gpl-v2
diff --git a/audio/ezstream/distinfo b/audio/ezstream/distinfo
index 0621cc731b4..5684bb550d5 100644
--- a/audio/ezstream/distinfo
+++ b/audio/ezstream/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.2 2014/10/20 11:02:53 mef Exp $
+$NetBSD: distinfo,v 1.3 2015/10/13 18:02:10 shattered Exp $
 
-SHA1 (ezstream-0.5.6.tar.gz) = f9d3ee5a2f81d156685ffbfc59b556c63afcca83
-RMD160 (ezstream-0.5.6.tar.gz) = 69fe2b41f1363ab29526d63b4632395e02a8603c
-Size (ezstream-0.5.6.tar.gz) = 263150 bytes
+SHA1 (ezstream-0.6.0.tar.gz) = 7817942031411cddf8e4f6d3dd0682a71fc1a592
+RMD160 (ezstream-0.6.0.tar.gz) = b859b39f89e363103330c1720d8c33a32f893f69
+Size (ezstream-0.6.0.tar.gz) = 250448 bytes