[arch-commits] Commit in libimobiledevice/trunk (CVE-2016-5104.patch PKGBUILD)
Jan de Groot
jgc at archlinux.org
Tue Jan 24 14:05:57 UTC 2017
Date: Tuesday, January 24, 2017 @ 14:05:56
Author: jgc
Revision: 287373
upgpkg: libimobiledevice 1.2.0-4
Add patch for CVE-2016-5104 (FS#51019)
Add python 2.x and 3.x bindings
Depend on usbmuxd, creating a nice dependency loop (FS#42682)
Added:
libimobiledevice/trunk/CVE-2016-5104.patch
Modified:
libimobiledevice/trunk/PKGBUILD
---------------------+
CVE-2016-5104.patch | 31 +++++++++++++++++++++++++++++++
PKGBUILD | 34 ++++++++++++++++++++++++++--------
2 files changed, 57 insertions(+), 8 deletions(-)
Added: CVE-2016-5104.patch
===================================================================
--- CVE-2016-5104.patch (rev 0)
+++ CVE-2016-5104.patch 2017-01-24 14:05:56 UTC (rev 287373)
@@ -0,0 +1,31 @@
+From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja at gmail.com>
+Date: Tue, 29 Dec 2015 22:27:17 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index b276864..e2968a6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
+
+ memset((void *) &saddr, 0, sizeof(saddr));
+ saddr.sin_family = AF_INET;
+- saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ saddr.sin_port = htons(port);
+
+ if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+- addr.sin_addr.s_addr = htonl(INADDR_ANY);
++ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ addr.sin_port = htons(port);
+
+ addr_len = sizeof(addr);
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-01-24 13:46:33 UTC (rev 287372)
+++ PKGBUILD 2017-01-24 14:05:56 UTC (rev 287373)
@@ -5,30 +5,48 @@
pkgname=libimobiledevice
pkgver=1.2.0
-pkgrel=3
+pkgrel=4
pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
url="http://libimobiledevice.org/"
arch=('i686' 'x86_64')
license=('GPL2' 'LGPL2.1')
-depends=('libusbmuxd')
-makedepends=('python2')
+depends=('libusbmuxd' 'usbmuxd')
+makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
- disable-sslv3.patch)
+ disable-sslv3.patch
+ CVE-2016-5104.patch)
md5sums=('8757900ba7bbe2ef5f54342415d0223e'
- 'bac123da4cc67b2f5cc798727e6231a9')
+ 'bac123da4cc67b2f5cc798727e6231a9'
+ 'e3535be4b4082486804b033d3f165193')
prepare() {
cd "$pkgname-$pkgver"
patch -Np1 -i ../disable-sslv3.patch
+ patch -Np1 -i ../CVE-2016-5104.patch
+ sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
+ autoreconf -fi
}
build() {
- cd "$pkgname-$pkgver"
- PYTHON=/usr/bin/python2 ./configure --prefix=/usr
+ mkdir build-py2
+ pushd build-py2
+ PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
make
+ popd
+
+ mkdir build-py3
+ pushd build-py3
+ PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
}
package() {
- cd "$pkgname-$pkgver"
+ pushd build-py2
make DESTDIR="$pkgdir" install
+ popd
+ pushd build-py3/cython
+ make DESTDIR="$pkgdir" install
+ popd
}
More information about the arch-commits
mailing list