[arch-commits] Commit in libimobiledevice/repos (8 files)

Jan de Groot jgc at archlinux.org
Fri Feb 24 22:03:26 UTC 2017


    Date: Friday, February 24, 2017 @ 22:03:25
  Author: jgc
Revision: 289501

archrelease: copy trunk to staging-i686, staging-x86_64

Added:
  libimobiledevice/repos/staging-i686/
  libimobiledevice/repos/staging-i686/CVE-2016-5104.patch
    (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch)
  libimobiledevice/repos/staging-i686/PKGBUILD
    (from rev 289500, libimobiledevice/trunk/PKGBUILD)
  libimobiledevice/repos/staging-i686/disable-sslv3.patch
    (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch)
  libimobiledevice/repos/staging-x86_64/
  libimobiledevice/repos/staging-x86_64/CVE-2016-5104.patch
    (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch)
  libimobiledevice/repos/staging-x86_64/PKGBUILD
    (from rev 289500, libimobiledevice/trunk/PKGBUILD)
  libimobiledevice/repos/staging-x86_64/disable-sslv3.patch
    (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch)

------------------------------------+
 staging-i686/CVE-2016-5104.patch   |   31 ++++++++++++++++++++
 staging-i686/PKGBUILD              |   52 +++++++++++++++++++++++++++++++++++
 staging-i686/disable-sslv3.patch   |   12 ++++++++
 staging-x86_64/CVE-2016-5104.patch |   31 ++++++++++++++++++++
 staging-x86_64/PKGBUILD            |   52 +++++++++++++++++++++++++++++++++++
 staging-x86_64/disable-sslv3.patch |   12 ++++++++
 6 files changed, 190 insertions(+)

Copied: libimobiledevice/repos/staging-i686/CVE-2016-5104.patch (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch)
===================================================================
--- staging-i686/CVE-2016-5104.patch	                        (rev 0)
+++ staging-i686/CVE-2016-5104.patch	2017-02-24 22:03:25 UTC (rev 289501)
@@ -0,0 +1,31 @@
+From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja at gmail.com>
+Date: Tue, 29 Dec 2015 22:27:17 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index b276864..e2968a6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);

Copied: libimobiledevice/repos/staging-i686/PKGBUILD (from rev 289500, libimobiledevice/trunk/PKGBUILD)
===================================================================
--- staging-i686/PKGBUILD	                        (rev 0)
+++ staging-i686/PKGBUILD	2017-02-24 22:03:25 UTC (rev 289501)
@@ -0,0 +1,52 @@
+# $Id$
+# Maintainer : Tom Gundersen <teg at jklm.no>
+# Maintainer : Ionut Biru <ibiru at archlinux.org>
+# Contributor: Gabriel Martinez < reitaka at gmail dot com >
+
+pkgname=libimobiledevice
+pkgver=1.2.0
+pkgrel=5
+pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
+url="http://libimobiledevice.org/"
+arch=('i686' 'x86_64')
+license=('GPL2' 'LGPL2.1')
+depends=('libusbmuxd' 'usbmuxd')
+makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
+source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
+        disable-sslv3.patch
+        CVE-2016-5104.patch)
+md5sums=('8757900ba7bbe2ef5f54342415d0223e'
+         'bac123da4cc67b2f5cc798727e6231a9'
+         'e3535be4b4082486804b033d3f165193')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+  patch -Np1 -i ../disable-sslv3.patch
+  patch -Np1 -i ../CVE-2016-5104.patch
+  sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
+  autoreconf -fi
+}
+
+build() {
+  mkdir build-py2
+  pushd build-py2
+  PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+  popd
+
+  mkdir build-py3
+  pushd build-py3
+  PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+}
+
+package() {
+  pushd build-py2
+  make DESTDIR="$pkgdir" install
+  popd
+  pushd build-py3/cython
+  make DESTDIR="$pkgdir" install
+  popd
+}

Copied: libimobiledevice/repos/staging-i686/disable-sslv3.patch (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch)
===================================================================
--- staging-i686/disable-sslv3.patch	                        (rev 0)
+++ staging-i686/disable-sslv3.patch	2017-02-24 22:03:25 UTC (rev 289501)
@@ -0,0 +1,12 @@
+diff -u -r libimobiledevice-1.2.0/src/idevice.c libimobiledevice-1.2.0-nossl3/src/idevice.c
+--- libimobiledevice-1.2.0/src/idevice.c	2015-01-28 02:10:32.000000000 +0100
++++ libimobiledevice-1.2.0-nossl3/src/idevice.c	2016-03-03 18:33:45.912308242 +0100
+@@ -678,7 +678,7 @@
+ 	}
+ 	BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);
+ 
+-	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
++	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv23_method());
+ 	if (ssl_ctx == NULL) {
+ 		debug_info("ERROR: Could not create SSL context.");
+ 		BIO_free(ssl_bio);

Copied: libimobiledevice/repos/staging-x86_64/CVE-2016-5104.patch (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch)
===================================================================
--- staging-x86_64/CVE-2016-5104.patch	                        (rev 0)
+++ staging-x86_64/CVE-2016-5104.patch	2017-02-24 22:03:25 UTC (rev 289501)
@@ -0,0 +1,31 @@
+From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja at gmail.com>
+Date: Tue, 29 Dec 2015 22:27:17 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index b276864..e2968a6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);

Copied: libimobiledevice/repos/staging-x86_64/PKGBUILD (from rev 289500, libimobiledevice/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2017-02-24 22:03:25 UTC (rev 289501)
@@ -0,0 +1,52 @@
+# $Id$
+# Maintainer : Tom Gundersen <teg at jklm.no>
+# Maintainer : Ionut Biru <ibiru at archlinux.org>
+# Contributor: Gabriel Martinez < reitaka at gmail dot com >
+
+pkgname=libimobiledevice
+pkgver=1.2.0
+pkgrel=5
+pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
+url="http://libimobiledevice.org/"
+arch=('i686' 'x86_64')
+license=('GPL2' 'LGPL2.1')
+depends=('libusbmuxd' 'usbmuxd')
+makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
+source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
+        disable-sslv3.patch
+        CVE-2016-5104.patch)
+md5sums=('8757900ba7bbe2ef5f54342415d0223e'
+         'bac123da4cc67b2f5cc798727e6231a9'
+         'e3535be4b4082486804b033d3f165193')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+  patch -Np1 -i ../disable-sslv3.patch
+  patch -Np1 -i ../CVE-2016-5104.patch
+  sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
+  autoreconf -fi
+}
+
+build() {
+  mkdir build-py2
+  pushd build-py2
+  PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+  popd
+
+  mkdir build-py3
+  pushd build-py3
+  PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+}
+
+package() {
+  pushd build-py2
+  make DESTDIR="$pkgdir" install
+  popd
+  pushd build-py3/cython
+  make DESTDIR="$pkgdir" install
+  popd
+}

Copied: libimobiledevice/repos/staging-x86_64/disable-sslv3.patch (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch)
===================================================================
--- staging-x86_64/disable-sslv3.patch	                        (rev 0)
+++ staging-x86_64/disable-sslv3.patch	2017-02-24 22:03:25 UTC (rev 289501)
@@ -0,0 +1,12 @@
+diff -u -r libimobiledevice-1.2.0/src/idevice.c libimobiledevice-1.2.0-nossl3/src/idevice.c
+--- libimobiledevice-1.2.0/src/idevice.c	2015-01-28 02:10:32.000000000 +0100
++++ libimobiledevice-1.2.0-nossl3/src/idevice.c	2016-03-03 18:33:45.912308242 +0100
+@@ -678,7 +678,7 @@
+ 	}
+ 	BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);
+ 
+-	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
++	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv23_method());
+ 	if (ssl_ctx == NULL) {
+ 		debug_info("ERROR: Could not create SSL context.");
+ 		BIO_free(ssl_bio);



More information about the arch-commits mailing list