[arch-commits] Commit in libimobiledevice/trunk (CVE-2016-5104.patch PKGBUILD)

Jan de Groot jgc at archlinux.org
Tue Jan 24 14:05:57 UTC 2017


    Date: Tuesday, January 24, 2017 @ 14:05:56
  Author: jgc
Revision: 287373

upgpkg: libimobiledevice 1.2.0-4

Add patch for CVE-2016-5104 (FS#51019)
Add python 2.x and 3.x bindings
Depend on usbmuxd, creating a nice dependency loop (FS#42682)

Added:
  libimobiledevice/trunk/CVE-2016-5104.patch
Modified:
  libimobiledevice/trunk/PKGBUILD

---------------------+
 CVE-2016-5104.patch |   31 +++++++++++++++++++++++++++++++
 PKGBUILD            |   34 ++++++++++++++++++++++++++--------
 2 files changed, 57 insertions(+), 8 deletions(-)

Added: CVE-2016-5104.patch
===================================================================
--- CVE-2016-5104.patch	                        (rev 0)
+++ CVE-2016-5104.patch	2017-01-24 14:05:56 UTC (rev 287373)
@@ -0,0 +1,31 @@
+From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja at gmail.com>
+Date: Tue, 29 Dec 2015 22:27:17 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index b276864..e2968a6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-01-24 13:46:33 UTC (rev 287372)
+++ PKGBUILD	2017-01-24 14:05:56 UTC (rev 287373)
@@ -5,30 +5,48 @@
 
 pkgname=libimobiledevice
 pkgver=1.2.0
-pkgrel=3
+pkgrel=4
 pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
 url="http://libimobiledevice.org/"
 arch=('i686' 'x86_64')
 license=('GPL2' 'LGPL2.1')
-depends=('libusbmuxd')
-makedepends=('python2')
+depends=('libusbmuxd' 'usbmuxd')
+makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
 source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
-        disable-sslv3.patch)
+        disable-sslv3.patch
+        CVE-2016-5104.patch)
 md5sums=('8757900ba7bbe2ef5f54342415d0223e'
-         'bac123da4cc67b2f5cc798727e6231a9')
+         'bac123da4cc67b2f5cc798727e6231a9'
+         'e3535be4b4082486804b033d3f165193')
 
 prepare() {
   cd "$pkgname-$pkgver"
   patch -Np1 -i ../disable-sslv3.patch
+  patch -Np1 -i ../CVE-2016-5104.patch
+  sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
+  autoreconf -fi
 }
 
 build() {
-  cd "$pkgname-$pkgver"
-  PYTHON=/usr/bin/python2 ./configure --prefix=/usr
+  mkdir build-py2
+  pushd build-py2
+  PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
   make
+  popd
+
+  mkdir build-py3
+  pushd build-py3
+  PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
 }
 
 package() {
-  cd "$pkgname-$pkgver"
+  pushd build-py2
   make DESTDIR="$pkgdir" install
+  popd
+  pushd build-py3/cython
+  make DESTDIR="$pkgdir" install
+  popd
 }



More information about the arch-commits mailing list