[arch-commits] Commit in libusbmuxd/trunk (CVE-2016-5104.patch PKGBUILD)

Jan de Groot jgc at archlinux.org
Sun Jun 4 22:35:29 UTC 2017 

    Date: Sunday, June 4, 2017 @ 22:35:28
  Author: jgc
Revision: 297790

upgpkg: libusbmuxd 1.0.10-2

Add security fix for CVE-2016-5104

Added:
  libusbmuxd/trunk/CVE-2016-5104.patch
Modified:
  libusbmuxd/trunk/PKGBUILD

---------------------+
 CVE-2016-5104.patch |   31 +++++++++++++++++++++++++++++++
 PKGBUILD            |   14 ++++++++++----
 2 files changed, 41 insertions(+), 4 deletions(-)

Added: CVE-2016-5104.patch
===================================================================
--- CVE-2016-5104.patch	                        (rev 0)
+++ CVE-2016-5104.patch	2017-06-04 22:35:28 UTC (rev 297790)
@@ -0,0 +1,31 @@
+From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja at gmail.com>
+Date: Tue, 29 Dec 2015 23:09:37 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index 27b93ba..4cdefd6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -203,7 +203,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-06-04 22:33:07 UTC (rev 297789)
+++ PKGBUILD	2017-06-04 22:35:28 UTC (rev 297790)
@@ -1,4 +1,3 @@
-# $Id: $
 # Maintainer: Ionut Biru <ibiru at archlinux.org>
 # Maintainer: Jan de Groot <jgc at archlinux.org>
 # Contributor: Gabriel Martinez < reitaka at gmail dot com >
@@ -5,7 +4,7 @@
 
 pkgname=libusbmuxd
 pkgver=1.0.10
-pkgrel=1
+pkgrel=2
 pkgdesc="USB Multiplex Daemon"
 url="http://marcansoft.com/blog/iphonelinux/usbmuxd/"
 arch=('i686' 'x86_64')
@@ -12,9 +11,16 @@
 license=('LGPL2.1' 'GPL2')
 depends=('libusb' 'libplist')
 conflicts=('usbmuxd<1.0.9')
-source=(http://www.libimobiledevice.org/downloads/libusbmuxd-$pkgver.tar.bz2)
-md5sums=('e5351ff6f6eedcb50701e02d91cc480c')
+source=(http://www.libimobiledevice.org/downloads/libusbmuxd-$pkgver.tar.bz2
+	CVE-2016-5104.patch)
+sha256sums=('1aa21391265d2284ac3ccb7cf278126d10d354878589905b35e8102104fec9f2'
+            '9f3a84c8d0a32df13985f6574f5f0e86af435a67606612c0811df631070a97e3')
 
+prepare() {
+  cd libusbmuxd-${pkgver}
+  patch -Np1 -i ../CVE-2016-5104.patch
+}
+
 build() {
   cd libusbmuxd-${pkgver}
   ./configure --prefix=/usr

More information about the arch-commits mailing list