[arch-commits] Commit in libimobiledevice/repos (20 files)

Jan de Groot jgc at archlinux.org
Mon Mar 27 22:27:30 UTC 2017


    Date: Monday, March 27, 2017 @ 22:27:29
  Author: jgc
Revision: 291737

archrelease: copy trunk to extra-i686, extra-x86_64

Added:
  libimobiledevice/repos/extra-i686/0001-Add-new-function-to-get-the-underlying-file-descript.patch
    (from rev 291736, libimobiledevice/trunk/0001-Add-new-function-to-get-the-underlying-file-descript.patch)
  libimobiledevice/repos/extra-i686/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch
    (from rev 291736, libimobiledevice/trunk/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch)
  libimobiledevice/repos/extra-i686/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch
    (from rev 291736, libimobiledevice/trunk/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch)
  libimobiledevice/repos/extra-i686/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch
    (from rev 291736, libimobiledevice/trunk/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch)
  libimobiledevice/repos/extra-i686/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch
    (from rev 291736, libimobiledevice/trunk/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch)
  libimobiledevice/repos/extra-i686/CVE-2016-5104.patch
    (from rev 291736, libimobiledevice/trunk/CVE-2016-5104.patch)
  libimobiledevice/repos/extra-i686/PKGBUILD
    (from rev 291736, libimobiledevice/trunk/PKGBUILD)
  libimobiledevice/repos/extra-x86_64/0001-Add-new-function-to-get-the-underlying-file-descript.patch
    (from rev 291736, libimobiledevice/trunk/0001-Add-new-function-to-get-the-underlying-file-descript.patch)
  libimobiledevice/repos/extra-x86_64/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch
    (from rev 291736, libimobiledevice/trunk/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch)
  libimobiledevice/repos/extra-x86_64/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch
    (from rev 291736, libimobiledevice/trunk/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch)
  libimobiledevice/repos/extra-x86_64/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch
    (from rev 291736, libimobiledevice/trunk/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch)
  libimobiledevice/repos/extra-x86_64/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch
    (from rev 291736, libimobiledevice/trunk/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch)
  libimobiledevice/repos/extra-x86_64/CVE-2016-5104.patch
    (from rev 291736, libimobiledevice/trunk/CVE-2016-5104.patch)
  libimobiledevice/repos/extra-x86_64/PKGBUILD
    (from rev 291736, libimobiledevice/trunk/PKGBUILD)
Deleted:
  libimobiledevice/repos/extra-i686/CVE-2016-5104.patch
  libimobiledevice/repos/extra-i686/PKGBUILD
  libimobiledevice/repos/extra-i686/disable-sslv3.patch
  libimobiledevice/repos/extra-x86_64/CVE-2016-5104.patch
  libimobiledevice/repos/extra-x86_64/PKGBUILD
  libimobiledevice/repos/extra-x86_64/disable-sslv3.patch

------------------------------------------------------------------------------+
 /CVE-2016-5104.patch                                                         |   62 +++
 /PKGBUILD                                                                    |  128 +++++++
 extra-i686/0001-Add-new-function-to-get-the-underlying-file-descript.patch   |   62 +++
 extra-i686/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch   |   41 ++
 extra-i686/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch   |   54 +++
 extra-i686/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch           |   29 +
 extra-i686/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch   |  171 ++++++++++
 extra-i686/CVE-2016-5104.patch                                               |   31 -
 extra-i686/PKGBUILD                                                          |   52 ---
 extra-i686/disable-sslv3.patch                                               |   12 
 extra-x86_64/0001-Add-new-function-to-get-the-underlying-file-descript.patch |   62 +++
 extra-x86_64/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch |   41 ++
 extra-x86_64/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch |   54 +++
 extra-x86_64/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch         |   29 +
 extra-x86_64/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch |  171 ++++++++++
 extra-x86_64/CVE-2016-5104.patch                                             |   31 -
 extra-x86_64/PKGBUILD                                                        |   52 ---
 extra-x86_64/disable-sslv3.patch                                             |   12 
 18 files changed, 904 insertions(+), 190 deletions(-)

Copied: libimobiledevice/repos/extra-i686/0001-Add-new-function-to-get-the-underlying-file-descript.patch (from rev 291736, libimobiledevice/trunk/0001-Add-new-function-to-get-the-underlying-file-descript.patch)
===================================================================
--- extra-i686/0001-Add-new-function-to-get-the-underlying-file-descript.patch	                        (rev 0)
+++ extra-i686/0001-Add-new-function-to-get-the-underlying-file-descript.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,62 @@
+From 692f7c9de72ca7fcaba51659972270d445751438 Mon Sep 17 00:00:00 2001
+From: BALATON Zoltan <balaton at eik.bme.hu>
+Date: Wed, 23 Sep 2015 02:19:27 +0200
+Subject: [PATCH] Add new function to get the underlying file descriptor of an
+ idevice connection
+
+---
+ include/libimobiledevice/libimobiledevice.h | 10 ++++++++++
+ src/idevice.c                               | 16 ++++++++++++++++
+ 2 files changed, 26 insertions(+)
+
+diff --git a/include/libimobiledevice/libimobiledevice.h b/include/libimobiledevice/libimobiledevice.h
+index 016cadb..b125adf 100644
+--- a/include/libimobiledevice/libimobiledevice.h
++++ b/include/libimobiledevice/libimobiledevice.h
+@@ -239,6 +239,16 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection);
+  */
+ idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection);
+ 
++/**
++ * Get the underlying file descriptor for a connection
++ *
++ * @param connection The connection to get fd of
++ * @param fd Pointer to an int where the fd is stored
++ *
++ * @return IDEVICE_E_SUCCESS if ok, otherwise an error code.
++ */
++idevice_error_t idevice_connection_get_fd(idevice_connection_t connection, int *fd);
++
+ /* misc */
+ 
+ /**
+diff --git a/src/idevice.c b/src/idevice.c
+index b776e84..5912aeb 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -463,6 +463,22 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive(idevice_connecti
+ 	return internal_connection_receive(connection, data, len, recv_bytes);
+ }
+ 
++LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_get_fd(idevice_connection_t connection, int *fd)
++{
++	if (!connection || !fd) {
++		return IDEVICE_E_INVALID_ARG;
++	}
++
++	idevice_error_t result = IDEVICE_E_UNKNOWN_ERROR;
++	if (connection->type == CONNECTION_USBMUXD) {
++		*fd = (int)(long)connection->data;
++		result = IDEVICE_E_SUCCESS;
++	} else {
++		debug_info("Unknown connection type %d", connection->type);
++	}
++	return result;
++}
++
+ LIBIMOBILEDEVICE_API idevice_error_t idevice_get_handle(idevice_t device, uint32_t *handle)
+ {
+ 	if (!device)
+-- 
+2.9.3
+

Copied: libimobiledevice/repos/extra-i686/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch (from rev 291736, libimobiledevice/trunk/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch)
===================================================================
--- extra-i686/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch	                        (rev 0)
+++ extra-i686/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,41 @@
+From 6070126868069f2ee01ea9414f4cfbe5de285267 Mon Sep 17 00:00:00 2001
+From: "Jay Freeman (saurik)" <saurik at saurik.com>
+Date: Wed, 21 Oct 2015 00:39:14 -0700
+Subject: [PATCH] Fix installation_proxy when using GnuTLS instead of OpenSSL
+
+---
+ src/idevice.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/idevice.c b/src/idevice.c
+index 7c33cdd..b776e84 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -393,10 +393,13 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive_timeout(idevice_
+ 	}
+ 
+ 	if (connection->ssl_data) {
+-#ifdef HAVE_OPENSSL
+ 		uint32_t received = 0;
+ 		while (received < len) {
++#ifdef HAVE_OPENSSL
+ 			int r = SSL_read(connection->ssl_data->session, (void*)((char*)(data+received)), (int)len-received);
++#else
++			ssize_t r = gnutls_record_recv(connection->ssl_data->session, (void*)(data+received), (size_t)len-received);
++#endif
+ 			if (r > 0) {
+ 				received += r;
+ 			} else {
+@@ -404,9 +407,6 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive_timeout(idevice_
+ 			}
+ 		}
+ 		debug_info("SSL_read %d, received %d", len, received);
+-#else
+-		ssize_t received = gnutls_record_recv(connection->ssl_data->session, (void*)data, (size_t)len);
+-#endif
+ 		if (received > 0) {
+ 			*recv_bytes = received;
+ 			return IDEVICE_E_SUCCESS;
+-- 
+2.5.0
+

Copied: libimobiledevice/repos/extra-i686/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch (from rev 291736, libimobiledevice/trunk/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch)
===================================================================
--- extra-i686/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch	                        (rev 0)
+++ extra-i686/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,54 @@
+From 2a5868411c57e25802d2f16fd6b77601f10d0b72 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Fri, 29 Apr 2016 22:58:34 +0200
+Subject: [PATCH] Updated gnutls certificate callback to new API (backwards
+ compatible)
+
+---
+ src/idevice.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/idevice.c b/src/idevice.c
+index 5912aeb..f2de6a3 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -642,7 +642,11 @@ static const char *ssl_error_to_string(int e)
+ /**
+  * Internally used gnutls callback function that gets called during handshake.
+  */
++#if GNUTLS_VERSION_NUMBER >= 0x020b07
++static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr2_st * st)
++#else
+ static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st)
++#endif
+ {
+ 	int res = -1;
+ 	gnutls_certificate_type_t type = gnutls_certificate_type_get(session);
+@@ -650,7 +654,12 @@ static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t
+ 		ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr(session);
+ 		if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) {
+ 			debug_info("Passing certificate");
++#if GNUTLS_VERSION_NUMBER >= 0x020b07
++			st->cert_type = type;
++			st->key_type = GNUTLS_PRIVKEY_X509;
++#else
+ 			st->type = type;
++#endif
+ 			st->ncerts = 1;
+ 			st->cert.x509 = &ssl_data->host_cert;
+ 			st->key.x509 = ssl_data->host_privkey;
+@@ -759,7 +768,11 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
+ 	debug_info("enabling SSL mode");
+ 	errno = 0;
+ 	gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
++#if GNUTLS_VERSION_NUMBER >= 0x020b07
++	gnutls_certificate_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
++#else
+ 	gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
++#endif
+ 	gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
+ 	gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
+ 	gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
+-- 
+2.9.3
+

Copied: libimobiledevice/repos/extra-i686/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch (from rev 291736, libimobiledevice/trunk/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch)
===================================================================
--- extra-i686/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch	                        (rev 0)
+++ extra-i686/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,29 @@
+From 72643b2b83990b9cf97cc84b285b30763d44a72d Mon Sep 17 00:00:00 2001
+From: "Jay Freeman (saurik)" <saurik at saurik.com>
+Date: Tue, 2 Aug 2016 03:08:04 -0700
+Subject: [PATCH] idevice: Update GnuTLS code to support iOS 10
+
+As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl
+needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some
+of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is
+working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
+---
+ src/idevice.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/idevice.c b/src/idevice.c
+index 1dcdae2..b6dfe4e 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -774,7 +774,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
+ 	gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
+ #endif
+ 	gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
+-	gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
++	gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-TLS1.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
+ 	gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
+ 	gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);
+ 
+-- 
+2.9.3
+

Copied: libimobiledevice/repos/extra-i686/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch (from rev 291736, libimobiledevice/trunk/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch)
===================================================================
--- extra-i686/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch	                        (rev 0)
+++ extra-i686/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,171 @@
+From 23069d10341ce637fdad7321d447c53752dba48c Mon Sep 17 00:00:00 2001
+From: Nikias Bassen <nikias at gmx.li>
+Date: Fri, 4 Nov 2016 02:11:39 +0100
+Subject: [PATCH] userpref: [GnuTLS] Fix pairing record generation and improve
+ error handling
+
+In newer GnuTLS versions the parameters supplied to
+gnutls_x509_privkey_import_rsa_raw() are actually checked for somewhat
+sane values. Since we were passing the same values for all parameters,
+this check fails and the device certificate is never generated.
+However due to missing checks the pairing record was saved anyway, with
+an empty device certificate. This led to TLS errors during communication,
+leading to the "GnuTLS: Error in pull function" error message appearing
+and the communication to fail.
+This commit fixes the issue by passing some sane values, and also improves
+the overall error handling during generation of the paring record.
+---
+ common/userpref.c | 85 +++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 45 insertions(+), 40 deletions(-)
+
+diff --git a/common/userpref.c b/common/userpref.c
+index d22c7f5..3ae503a 100644
+--- a/common/userpref.c
++++ b/common/userpref.c
+@@ -643,15 +643,13 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 	gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_export_size);
+ 	host_cert_pem.size = host_cert_export_size;
+ 
+-	ret = USERPREF_E_UNKNOWN_ERROR;
+-
+ 	gnutls_datum_t modulus = { NULL, 0 };
+ 	gnutls_datum_t exponent = { NULL, 0 };
+ 
+ 	/* now decode the PEM encoded key */
+-	gnutls_datum_t der_pub_key;
+-	if (GNUTLS_E_SUCCESS == gnutls_pem_base64_decode_alloc("RSA PUBLIC KEY", &public_key, &der_pub_key)) {
+-
++	gnutls_datum_t der_pub_key = { NULL, 0 };
++	int gnutls_error = gnutls_pem_base64_decode_alloc("RSA PUBLIC KEY", &public_key, &der_pub_key);
++	if (GNUTLS_E_SUCCESS == gnutls_error) {
+ 		/* initalize asn.1 parser */
+ 		ASN1_TYPE pkcs1 = ASN1_TYPE_EMPTY;
+ 		if (ASN1_SUCCESS == asn1_array2tree(pkcs1_asn1_tab, &pkcs1, NULL)) {
+@@ -670,8 +668,14 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 
+ 				ret1 = asn1_read_value(asn1_pub_key, "modulus", modulus.data, (int*)&modulus.size);
+ 				ret2 = asn1_read_value(asn1_pub_key, "publicExponent", exponent.data, (int*)&exponent.size);
+-				if (ASN1_SUCCESS == ret1 && ASN1_SUCCESS == ret2)
+-					ret = USERPREF_E_SUCCESS;
++				if (ret1 != ASN1_SUCCESS || ret2 != ASN1_SUCCESS) {
++					gnutls_free(modulus.data);
++					modulus.data = NULL;
++					modulus.size = 0;
++					gnutls_free(exponent.data);
++					exponent.data = NULL;
++					exponent.size = 0;
++				}
+ 			}
+ 			if (asn1_pub_key)
+ 				asn1_delete_structure(&asn1_pub_key);
+@@ -679,12 +683,15 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 		if (pkcs1)
+ 			asn1_delete_structure(&pkcs1);
+ 	} else {
+-		debug_info("WARNING: Could not read public key");
++		debug_info("ERROR: Could not parse public key: %s", gnutls_strerror(gnutls_error));
+ 	}
+ 
+-	/* now generate certificates */
+-	if (USERPREF_E_SUCCESS == ret && 0 != modulus.size && 0 != exponent.size) {
+-		gnutls_datum_t essentially_null = { (unsigned char*)strdup("abababababababab"), strlen("abababababababab") };
++	/* generate device certificate */
++	if (modulus.data && 0 != modulus.size && exponent.data && 0 != exponent.size) {
++
++		gnutls_datum_t prime_p = { (unsigned char*)"\x00\xca\x4a\x03\x13\xdf\x9d\x7a\xfd", 9 };
++		gnutls_datum_t prime_q = { (unsigned char*)"\x00\xf2\xff\xe0\x15\xd1\x60\x37\x63", 9 };
++		gnutls_datum_t coeff = { (unsigned char*)"\x32\x07\xf1\x68\x57\xdf\x9a\xf4", 8 };
+ 
+ 		gnutls_x509_privkey_t fake_privkey;
+ 		gnutls_x509_crt_t dev_cert;
+@@ -692,8 +699,9 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 		gnutls_x509_privkey_init(&fake_privkey);
+ 		gnutls_x509_crt_init(&dev_cert);
+ 
+-		if (GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null)) {
+-			/* generate device certificate */
++		gnutls_error = gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &exponent, &prime_p, &prime_q, &coeff);
++		if (GNUTLS_E_SUCCESS == gnutls_error) {
++			/* now generate device certificate */
+ 			gnutls_x509_crt_set_key(dev_cert, fake_privkey);
+ 			gnutls_x509_crt_set_serial(dev_cert, "\x00", 1);
+ 			gnutls_x509_crt_set_version(dev_cert, 3);
+@@ -712,9 +720,8 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 			}
+ 
+ 			gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT);
+-			gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);
+-
+-			if (USERPREF_E_SUCCESS == ret) {
++			gnutls_error = gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);
++			if (GNUTLS_E_SUCCESS == gnutls_error) {
+ 				/* if everything went well, export in PEM format */
+ 				size_t export_size = 0;
+ 				gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &export_size);
+@@ -722,13 +729,11 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 				gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_cert_pem.data, &export_size);
+ 				dev_cert_pem.size = export_size;
+ 			} else {
+-				debug_info("ERROR: Signing device certificate with root private key failed!");
++				debug_info("ERROR: Signing device certificate with root private key failed: %s", gnutls_strerror(gnutls_error));
+ 			}
++		} else {
++			debug_info("ERROR: Failed to import RSA key data: %s", gnutls_strerror(gnutls_error));
+ 		}
+-
+-		if (essentially_null.data)
+-			free(essentially_null.data);
+-
+ 		gnutls_x509_crt_deinit(dev_cert);
+ 		gnutls_x509_privkey_deinit(fake_privkey);
+ 	}
+@@ -743,27 +748,27 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 
+ 	gnutls_free(der_pub_key.data);
+ #endif
+-	if (NULL != root_cert_pem.data && 0 != root_cert_pem.size &&
+-		NULL != host_cert_pem.data && 0 != host_cert_pem.size)
++
++	/* make sure that we have all we need */
++	if (root_cert_pem.data && 0 != root_cert_pem.size
++	    && root_key_pem.data && 0 != root_key_pem.size
++	    && host_cert_pem.data && 0 != host_cert_pem.size
++	    && host_key_pem.data && 0 != host_key_pem.size
++	    && dev_cert_pem.data && 0 != dev_cert_pem.size) {
++		/* now set keys and certificates */
++		pair_record_set_item_from_key_data(pair_record, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, &host_key_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_CERTIFICATE_KEY, &host_cert_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_key_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert_pem);
+ 		ret = USERPREF_E_SUCCESS;
++	}
+ 
+-	/* now set keys and certificates */
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, &host_key_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_CERTIFICATE_KEY, &host_cert_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_key_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert_pem);
+-
+-	if (dev_cert_pem.data)
+-		free(dev_cert_pem.data);
+-	if (root_key_pem.data)
+-		free(root_key_pem.data);
+-	if (root_cert_pem.data)
+-		free(root_cert_pem.data);
+-	if (host_key_pem.data)
+-		free(host_key_pem.data);
+-	if (host_cert_pem.data)
+-		free(host_cert_pem.data);
++	free(dev_cert_pem.data);
++	free(root_key_pem.data);
++	free(root_cert_pem.data);
++	free(host_key_pem.data);
++	free(host_cert_pem.data);
+ 
+ 	return ret;
+ }
+-- 
+2.9.3
+

Deleted: extra-i686/CVE-2016-5104.patch
===================================================================
--- extra-i686/CVE-2016-5104.patch	2017-03-27 22:27:19 UTC (rev 291736)
+++ extra-i686/CVE-2016-5104.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -1,31 +0,0 @@
-From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
-From: Joshua Hill <posixninja at gmail.com>
-Date: Tue, 29 Dec 2015 22:27:17 +0100
-Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
-
----
- common/socket.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/common/socket.c b/common/socket.c
-index b276864..e2968a6 100644
---- a/common/socket.c
-+++ b/common/socket.c
-@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
- 
- 	memset((void *) &saddr, 0, sizeof(saddr));
- 	saddr.sin_family = AF_INET;
--	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
-+	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- 	saddr.sin_port = htons(port);
- 
- 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
-@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
- 
- 	memset(&addr, 0, sizeof(addr));
- 	addr.sin_family = AF_INET;
--	addr.sin_addr.s_addr = htonl(INADDR_ANY);
-+	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- 	addr.sin_port = htons(port);
- 
- 	addr_len = sizeof(addr);

Copied: libimobiledevice/repos/extra-i686/CVE-2016-5104.patch (from rev 291736, libimobiledevice/trunk/CVE-2016-5104.patch)
===================================================================
--- extra-i686/CVE-2016-5104.patch	                        (rev 0)
+++ extra-i686/CVE-2016-5104.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,31 @@
+From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja at gmail.com>
+Date: Tue, 29 Dec 2015 22:27:17 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index b276864..e2968a6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);

Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD	2017-03-27 22:27:19 UTC (rev 291736)
+++ extra-i686/PKGBUILD	2017-03-27 22:27:29 UTC (rev 291737)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer : Tom Gundersen <teg at jklm.no>
-# Maintainer : Ionut Biru <ibiru at archlinux.org>
-# Contributor: Gabriel Martinez < reitaka at gmail dot com >
-
-pkgname=libimobiledevice
-pkgver=1.2.0
-pkgrel=4
-pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
-url="http://libimobiledevice.org/"
-arch=('i686' 'x86_64')
-license=('GPL2' 'LGPL2.1')
-depends=('libusbmuxd' 'usbmuxd')
-makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
-source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
-        disable-sslv3.patch
-        CVE-2016-5104.patch)
-md5sums=('8757900ba7bbe2ef5f54342415d0223e'
-         'bac123da4cc67b2f5cc798727e6231a9'
-         'e3535be4b4082486804b033d3f165193')
-
-prepare() {
-  cd "$pkgname-$pkgver"
-  patch -Np1 -i ../disable-sslv3.patch
-  patch -Np1 -i ../CVE-2016-5104.patch
-  sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
-  autoreconf -fi
-}
-
-build() {
-  mkdir build-py2
-  pushd build-py2
-  PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr
-  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
-  make
-  popd
-
-  mkdir build-py3
-  pushd build-py3
-  PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr
-  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
-  make
-}
-
-package() {
-  pushd build-py2
-  make DESTDIR="$pkgdir" install
-  popd
-  pushd build-py3/cython
-  make DESTDIR="$pkgdir" install
-  popd
-}

Copied: libimobiledevice/repos/extra-i686/PKGBUILD (from rev 291736, libimobiledevice/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD	                        (rev 0)
+++ extra-i686/PKGBUILD	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,64 @@
+# $Id$
+# Maintainer : Tom Gundersen <teg at jklm.no>
+# Maintainer : Ionut Biru <ibiru at archlinux.org>
+# Contributor: Gabriel Martinez < reitaka at gmail dot com >
+
+pkgname=libimobiledevice
+pkgver=1.2.0
+pkgrel=6
+pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
+url="http://libimobiledevice.org/"
+arch=('i686' 'x86_64')
+license=('GPL2' 'LGPL2.1')
+depends=('libusbmuxd' 'usbmuxd' 'gnutls')
+makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
+source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
+        0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch
+        CVE-2016-5104.patch
+        0001-Add-new-function-to-get-the-underlying-file-descript.patch
+        0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch
+        0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch
+        0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch)
+sha256sums=('786b0de0875053bf61b5531a86ae8119e320edab724fc62fe2150cc931f11037'
+            '9fb1523276f9ab4273f0065728c52792ec6c99c09d587c28175c748175106a09'
+            '30d8032244859adc85f11df00a5b3adb017160821ddf4b22a8528f9b104c0951'
+            'a4a1844dfedc933cb998afbbe4b2066d8bcedf8d305990715160b957f754922c'
+            '9e03d66e15ad036e7e3b8639b07788a0c1959016444766ad63f708e722bd516c'
+            '173291a36ea08226c221643580c007f44e430867f345d8106395cce0f52a38c5'
+            '7d3c5a89ce6611c219d80255a1cce4a02de4ca00fb58c32e87733d9a0e20c4ce')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+  patch -Np1 -i ../0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch
+  patch -Np1 -i ../CVE-2016-5104.patch
+  patch -Np1 -i ../0001-Add-new-function-to-get-the-underlying-file-descript.patch
+  patch -Np1 -i ../0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch
+  patch -Np1 -i ../0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch
+  patch -Np1 -i ../0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch
+  sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
+  autoreconf -fi
+}
+
+build() {
+  mkdir build-py2
+  pushd build-py2
+  PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr --disable-openssl
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+  popd
+
+  mkdir build-py3
+  pushd build-py3
+  PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr --disable-openssl
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+}
+
+package() {
+  pushd build-py2
+  make DESTDIR="$pkgdir" install
+  popd
+  pushd build-py3/cython
+  make DESTDIR="$pkgdir" install
+  popd
+}

Deleted: extra-i686/disable-sslv3.patch
===================================================================
--- extra-i686/disable-sslv3.patch	2017-03-27 22:27:19 UTC (rev 291736)
+++ extra-i686/disable-sslv3.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -1,12 +0,0 @@
-diff -u -r libimobiledevice-1.2.0/src/idevice.c libimobiledevice-1.2.0-nossl3/src/idevice.c
---- libimobiledevice-1.2.0/src/idevice.c	2015-01-28 02:10:32.000000000 +0100
-+++ libimobiledevice-1.2.0-nossl3/src/idevice.c	2016-03-03 18:33:45.912308242 +0100
-@@ -678,7 +678,7 @@
- 	}
- 	BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);
- 
--	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
-+	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv23_method());
- 	if (ssl_ctx == NULL) {
- 		debug_info("ERROR: Could not create SSL context.");
- 		BIO_free(ssl_bio);

Copied: libimobiledevice/repos/extra-x86_64/0001-Add-new-function-to-get-the-underlying-file-descript.patch (from rev 291736, libimobiledevice/trunk/0001-Add-new-function-to-get-the-underlying-file-descript.patch)
===================================================================
--- extra-x86_64/0001-Add-new-function-to-get-the-underlying-file-descript.patch	                        (rev 0)
+++ extra-x86_64/0001-Add-new-function-to-get-the-underlying-file-descript.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,62 @@
+From 692f7c9de72ca7fcaba51659972270d445751438 Mon Sep 17 00:00:00 2001
+From: BALATON Zoltan <balaton at eik.bme.hu>
+Date: Wed, 23 Sep 2015 02:19:27 +0200
+Subject: [PATCH] Add new function to get the underlying file descriptor of an
+ idevice connection
+
+---
+ include/libimobiledevice/libimobiledevice.h | 10 ++++++++++
+ src/idevice.c                               | 16 ++++++++++++++++
+ 2 files changed, 26 insertions(+)
+
+diff --git a/include/libimobiledevice/libimobiledevice.h b/include/libimobiledevice/libimobiledevice.h
+index 016cadb..b125adf 100644
+--- a/include/libimobiledevice/libimobiledevice.h
++++ b/include/libimobiledevice/libimobiledevice.h
+@@ -239,6 +239,16 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection);
+  */
+ idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection);
+ 
++/**
++ * Get the underlying file descriptor for a connection
++ *
++ * @param connection The connection to get fd of
++ * @param fd Pointer to an int where the fd is stored
++ *
++ * @return IDEVICE_E_SUCCESS if ok, otherwise an error code.
++ */
++idevice_error_t idevice_connection_get_fd(idevice_connection_t connection, int *fd);
++
+ /* misc */
+ 
+ /**
+diff --git a/src/idevice.c b/src/idevice.c
+index b776e84..5912aeb 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -463,6 +463,22 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive(idevice_connecti
+ 	return internal_connection_receive(connection, data, len, recv_bytes);
+ }
+ 
++LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_get_fd(idevice_connection_t connection, int *fd)
++{
++	if (!connection || !fd) {
++		return IDEVICE_E_INVALID_ARG;
++	}
++
++	idevice_error_t result = IDEVICE_E_UNKNOWN_ERROR;
++	if (connection->type == CONNECTION_USBMUXD) {
++		*fd = (int)(long)connection->data;
++		result = IDEVICE_E_SUCCESS;
++	} else {
++		debug_info("Unknown connection type %d", connection->type);
++	}
++	return result;
++}
++
+ LIBIMOBILEDEVICE_API idevice_error_t idevice_get_handle(idevice_t device, uint32_t *handle)
+ {
+ 	if (!device)
+-- 
+2.9.3
+

Copied: libimobiledevice/repos/extra-x86_64/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch (from rev 291736, libimobiledevice/trunk/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch)
===================================================================
--- extra-x86_64/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch	                        (rev 0)
+++ extra-x86_64/0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,41 @@
+From 6070126868069f2ee01ea9414f4cfbe5de285267 Mon Sep 17 00:00:00 2001
+From: "Jay Freeman (saurik)" <saurik at saurik.com>
+Date: Wed, 21 Oct 2015 00:39:14 -0700
+Subject: [PATCH] Fix installation_proxy when using GnuTLS instead of OpenSSL
+
+---
+ src/idevice.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/idevice.c b/src/idevice.c
+index 7c33cdd..b776e84 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -393,10 +393,13 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive_timeout(idevice_
+ 	}
+ 
+ 	if (connection->ssl_data) {
+-#ifdef HAVE_OPENSSL
+ 		uint32_t received = 0;
+ 		while (received < len) {
++#ifdef HAVE_OPENSSL
+ 			int r = SSL_read(connection->ssl_data->session, (void*)((char*)(data+received)), (int)len-received);
++#else
++			ssize_t r = gnutls_record_recv(connection->ssl_data->session, (void*)(data+received), (size_t)len-received);
++#endif
+ 			if (r > 0) {
+ 				received += r;
+ 			} else {
+@@ -404,9 +407,6 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive_timeout(idevice_
+ 			}
+ 		}
+ 		debug_info("SSL_read %d, received %d", len, received);
+-#else
+-		ssize_t received = gnutls_record_recv(connection->ssl_data->session, (void*)data, (size_t)len);
+-#endif
+ 		if (received > 0) {
+ 			*recv_bytes = received;
+ 			return IDEVICE_E_SUCCESS;
+-- 
+2.5.0
+

Copied: libimobiledevice/repos/extra-x86_64/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch (from rev 291736, libimobiledevice/trunk/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch)
===================================================================
--- extra-x86_64/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch	                        (rev 0)
+++ extra-x86_64/0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,54 @@
+From 2a5868411c57e25802d2f16fd6b77601f10d0b72 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Fri, 29 Apr 2016 22:58:34 +0200
+Subject: [PATCH] Updated gnutls certificate callback to new API (backwards
+ compatible)
+
+---
+ src/idevice.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/idevice.c b/src/idevice.c
+index 5912aeb..f2de6a3 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -642,7 +642,11 @@ static const char *ssl_error_to_string(int e)
+ /**
+  * Internally used gnutls callback function that gets called during handshake.
+  */
++#if GNUTLS_VERSION_NUMBER >= 0x020b07
++static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr2_st * st)
++#else
+ static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st)
++#endif
+ {
+ 	int res = -1;
+ 	gnutls_certificate_type_t type = gnutls_certificate_type_get(session);
+@@ -650,7 +654,12 @@ static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t
+ 		ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr(session);
+ 		if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) {
+ 			debug_info("Passing certificate");
++#if GNUTLS_VERSION_NUMBER >= 0x020b07
++			st->cert_type = type;
++			st->key_type = GNUTLS_PRIVKEY_X509;
++#else
+ 			st->type = type;
++#endif
+ 			st->ncerts = 1;
+ 			st->cert.x509 = &ssl_data->host_cert;
+ 			st->key.x509 = ssl_data->host_privkey;
+@@ -759,7 +768,11 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
+ 	debug_info("enabling SSL mode");
+ 	errno = 0;
+ 	gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
++#if GNUTLS_VERSION_NUMBER >= 0x020b07
++	gnutls_certificate_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
++#else
+ 	gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
++#endif
+ 	gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
+ 	gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
+ 	gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
+-- 
+2.9.3
+

Copied: libimobiledevice/repos/extra-x86_64/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch (from rev 291736, libimobiledevice/trunk/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch)
===================================================================
--- extra-x86_64/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch	                        (rev 0)
+++ extra-x86_64/0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,29 @@
+From 72643b2b83990b9cf97cc84b285b30763d44a72d Mon Sep 17 00:00:00 2001
+From: "Jay Freeman (saurik)" <saurik at saurik.com>
+Date: Tue, 2 Aug 2016 03:08:04 -0700
+Subject: [PATCH] idevice: Update GnuTLS code to support iOS 10
+
+As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl
+needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some
+of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is
+working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
+---
+ src/idevice.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/idevice.c b/src/idevice.c
+index 1dcdae2..b6dfe4e 100644
+--- a/src/idevice.c
++++ b/src/idevice.c
+@@ -774,7 +774,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
+ 	gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
+ #endif
+ 	gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
+-	gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
++	gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-TLS1.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
+ 	gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
+ 	gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);
+ 
+-- 
+2.9.3
+

Copied: libimobiledevice/repos/extra-x86_64/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch (from rev 291736, libimobiledevice/trunk/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch)
===================================================================
--- extra-x86_64/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch	                        (rev 0)
+++ extra-x86_64/0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,171 @@
+From 23069d10341ce637fdad7321d447c53752dba48c Mon Sep 17 00:00:00 2001
+From: Nikias Bassen <nikias at gmx.li>
+Date: Fri, 4 Nov 2016 02:11:39 +0100
+Subject: [PATCH] userpref: [GnuTLS] Fix pairing record generation and improve
+ error handling
+
+In newer GnuTLS versions the parameters supplied to
+gnutls_x509_privkey_import_rsa_raw() are actually checked for somewhat
+sane values. Since we were passing the same values for all parameters,
+this check fails and the device certificate is never generated.
+However due to missing checks the pairing record was saved anyway, with
+an empty device certificate. This led to TLS errors during communication,
+leading to the "GnuTLS: Error in pull function" error message appearing
+and the communication to fail.
+This commit fixes the issue by passing some sane values, and also improves
+the overall error handling during generation of the paring record.
+---
+ common/userpref.c | 85 +++++++++++++++++++++++++++++--------------------------
+ 1 file changed, 45 insertions(+), 40 deletions(-)
+
+diff --git a/common/userpref.c b/common/userpref.c
+index d22c7f5..3ae503a 100644
+--- a/common/userpref.c
++++ b/common/userpref.c
+@@ -643,15 +643,13 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 	gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_export_size);
+ 	host_cert_pem.size = host_cert_export_size;
+ 
+-	ret = USERPREF_E_UNKNOWN_ERROR;
+-
+ 	gnutls_datum_t modulus = { NULL, 0 };
+ 	gnutls_datum_t exponent = { NULL, 0 };
+ 
+ 	/* now decode the PEM encoded key */
+-	gnutls_datum_t der_pub_key;
+-	if (GNUTLS_E_SUCCESS == gnutls_pem_base64_decode_alloc("RSA PUBLIC KEY", &public_key, &der_pub_key)) {
+-
++	gnutls_datum_t der_pub_key = { NULL, 0 };
++	int gnutls_error = gnutls_pem_base64_decode_alloc("RSA PUBLIC KEY", &public_key, &der_pub_key);
++	if (GNUTLS_E_SUCCESS == gnutls_error) {
+ 		/* initalize asn.1 parser */
+ 		ASN1_TYPE pkcs1 = ASN1_TYPE_EMPTY;
+ 		if (ASN1_SUCCESS == asn1_array2tree(pkcs1_asn1_tab, &pkcs1, NULL)) {
+@@ -670,8 +668,14 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 
+ 				ret1 = asn1_read_value(asn1_pub_key, "modulus", modulus.data, (int*)&modulus.size);
+ 				ret2 = asn1_read_value(asn1_pub_key, "publicExponent", exponent.data, (int*)&exponent.size);
+-				if (ASN1_SUCCESS == ret1 && ASN1_SUCCESS == ret2)
+-					ret = USERPREF_E_SUCCESS;
++				if (ret1 != ASN1_SUCCESS || ret2 != ASN1_SUCCESS) {
++					gnutls_free(modulus.data);
++					modulus.data = NULL;
++					modulus.size = 0;
++					gnutls_free(exponent.data);
++					exponent.data = NULL;
++					exponent.size = 0;
++				}
+ 			}
+ 			if (asn1_pub_key)
+ 				asn1_delete_structure(&asn1_pub_key);
+@@ -679,12 +683,15 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 		if (pkcs1)
+ 			asn1_delete_structure(&pkcs1);
+ 	} else {
+-		debug_info("WARNING: Could not read public key");
++		debug_info("ERROR: Could not parse public key: %s", gnutls_strerror(gnutls_error));
+ 	}
+ 
+-	/* now generate certificates */
+-	if (USERPREF_E_SUCCESS == ret && 0 != modulus.size && 0 != exponent.size) {
+-		gnutls_datum_t essentially_null = { (unsigned char*)strdup("abababababababab"), strlen("abababababababab") };
++	/* generate device certificate */
++	if (modulus.data && 0 != modulus.size && exponent.data && 0 != exponent.size) {
++
++		gnutls_datum_t prime_p = { (unsigned char*)"\x00\xca\x4a\x03\x13\xdf\x9d\x7a\xfd", 9 };
++		gnutls_datum_t prime_q = { (unsigned char*)"\x00\xf2\xff\xe0\x15\xd1\x60\x37\x63", 9 };
++		gnutls_datum_t coeff = { (unsigned char*)"\x32\x07\xf1\x68\x57\xdf\x9a\xf4", 8 };
+ 
+ 		gnutls_x509_privkey_t fake_privkey;
+ 		gnutls_x509_crt_t dev_cert;
+@@ -692,8 +699,9 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 		gnutls_x509_privkey_init(&fake_privkey);
+ 		gnutls_x509_crt_init(&dev_cert);
+ 
+-		if (GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null)) {
+-			/* generate device certificate */
++		gnutls_error = gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &exponent, &prime_p, &prime_q, &coeff);
++		if (GNUTLS_E_SUCCESS == gnutls_error) {
++			/* now generate device certificate */
+ 			gnutls_x509_crt_set_key(dev_cert, fake_privkey);
+ 			gnutls_x509_crt_set_serial(dev_cert, "\x00", 1);
+ 			gnutls_x509_crt_set_version(dev_cert, 3);
+@@ -712,9 +720,8 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 			}
+ 
+ 			gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT);
+-			gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);
+-
+-			if (USERPREF_E_SUCCESS == ret) {
++			gnutls_error = gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey);
++			if (GNUTLS_E_SUCCESS == gnutls_error) {
+ 				/* if everything went well, export in PEM format */
+ 				size_t export_size = 0;
+ 				gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &export_size);
+@@ -722,13 +729,11 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 				gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_cert_pem.data, &export_size);
+ 				dev_cert_pem.size = export_size;
+ 			} else {
+-				debug_info("ERROR: Signing device certificate with root private key failed!");
++				debug_info("ERROR: Signing device certificate with root private key failed: %s", gnutls_strerror(gnutls_error));
+ 			}
++		} else {
++			debug_info("ERROR: Failed to import RSA key data: %s", gnutls_strerror(gnutls_error));
+ 		}
+-
+-		if (essentially_null.data)
+-			free(essentially_null.data);
+-
+ 		gnutls_x509_crt_deinit(dev_cert);
+ 		gnutls_x509_privkey_deinit(fake_privkey);
+ 	}
+@@ -743,27 +748,27 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
+ 
+ 	gnutls_free(der_pub_key.data);
+ #endif
+-	if (NULL != root_cert_pem.data && 0 != root_cert_pem.size &&
+-		NULL != host_cert_pem.data && 0 != host_cert_pem.size)
++
++	/* make sure that we have all we need */
++	if (root_cert_pem.data && 0 != root_cert_pem.size
++	    && root_key_pem.data && 0 != root_key_pem.size
++	    && host_cert_pem.data && 0 != host_cert_pem.size
++	    && host_key_pem.data && 0 != host_key_pem.size
++	    && dev_cert_pem.data && 0 != dev_cert_pem.size) {
++		/* now set keys and certificates */
++		pair_record_set_item_from_key_data(pair_record, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, &host_key_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_CERTIFICATE_KEY, &host_cert_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_key_pem);
++		pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert_pem);
+ 		ret = USERPREF_E_SUCCESS;
++	}
+ 
+-	/* now set keys and certificates */
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, &host_key_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_CERTIFICATE_KEY, &host_cert_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_key_pem);
+-	pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert_pem);
+-
+-	if (dev_cert_pem.data)
+-		free(dev_cert_pem.data);
+-	if (root_key_pem.data)
+-		free(root_key_pem.data);
+-	if (root_cert_pem.data)
+-		free(root_cert_pem.data);
+-	if (host_key_pem.data)
+-		free(host_key_pem.data);
+-	if (host_cert_pem.data)
+-		free(host_cert_pem.data);
++	free(dev_cert_pem.data);
++	free(root_key_pem.data);
++	free(root_cert_pem.data);
++	free(host_key_pem.data);
++	free(host_cert_pem.data);
+ 
+ 	return ret;
+ }
+-- 
+2.9.3
+

Deleted: extra-x86_64/CVE-2016-5104.patch
===================================================================
--- extra-x86_64/CVE-2016-5104.patch	2017-03-27 22:27:19 UTC (rev 291736)
+++ extra-x86_64/CVE-2016-5104.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -1,31 +0,0 @@
-From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
-From: Joshua Hill <posixninja at gmail.com>
-Date: Tue, 29 Dec 2015 22:27:17 +0100
-Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
-
----
- common/socket.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/common/socket.c b/common/socket.c
-index b276864..e2968a6 100644
---- a/common/socket.c
-+++ b/common/socket.c
-@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
- 
- 	memset((void *) &saddr, 0, sizeof(saddr));
- 	saddr.sin_family = AF_INET;
--	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
-+	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- 	saddr.sin_port = htons(port);
- 
- 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
-@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
- 
- 	memset(&addr, 0, sizeof(addr));
- 	addr.sin_family = AF_INET;
--	addr.sin_addr.s_addr = htonl(INADDR_ANY);
-+	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
- 	addr.sin_port = htons(port);
- 
- 	addr_len = sizeof(addr);

Copied: libimobiledevice/repos/extra-x86_64/CVE-2016-5104.patch (from rev 291736, libimobiledevice/trunk/CVE-2016-5104.patch)
===================================================================
--- extra-x86_64/CVE-2016-5104.patch	                        (rev 0)
+++ extra-x86_64/CVE-2016-5104.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,31 @@
+From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja at gmail.com>
+Date: Tue, 29 Dec 2015 22:27:17 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index b276864..e2968a6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);

Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD	2017-03-27 22:27:19 UTC (rev 291736)
+++ extra-x86_64/PKGBUILD	2017-03-27 22:27:29 UTC (rev 291737)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer : Tom Gundersen <teg at jklm.no>
-# Maintainer : Ionut Biru <ibiru at archlinux.org>
-# Contributor: Gabriel Martinez < reitaka at gmail dot com >
-
-pkgname=libimobiledevice
-pkgver=1.2.0
-pkgrel=4
-pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
-url="http://libimobiledevice.org/"
-arch=('i686' 'x86_64')
-license=('GPL2' 'LGPL2.1')
-depends=('libusbmuxd' 'usbmuxd')
-makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
-source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
-        disable-sslv3.patch
-        CVE-2016-5104.patch)
-md5sums=('8757900ba7bbe2ef5f54342415d0223e'
-         'bac123da4cc67b2f5cc798727e6231a9'
-         'e3535be4b4082486804b033d3f165193')
-
-prepare() {
-  cd "$pkgname-$pkgver"
-  patch -Np1 -i ../disable-sslv3.patch
-  patch -Np1 -i ../CVE-2016-5104.patch
-  sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
-  autoreconf -fi
-}
-
-build() {
-  mkdir build-py2
-  pushd build-py2
-  PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr
-  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
-  make
-  popd
-
-  mkdir build-py3
-  pushd build-py3
-  PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr
-  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
-  make
-}
-
-package() {
-  pushd build-py2
-  make DESTDIR="$pkgdir" install
-  popd
-  pushd build-py3/cython
-  make DESTDIR="$pkgdir" install
-  popd
-}

Copied: libimobiledevice/repos/extra-x86_64/PKGBUILD (from rev 291736, libimobiledevice/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD	                        (rev 0)
+++ extra-x86_64/PKGBUILD	2017-03-27 22:27:29 UTC (rev 291737)
@@ -0,0 +1,64 @@
+# $Id$
+# Maintainer : Tom Gundersen <teg at jklm.no>
+# Maintainer : Ionut Biru <ibiru at archlinux.org>
+# Contributor: Gabriel Martinez < reitaka at gmail dot com >
+
+pkgname=libimobiledevice
+pkgver=1.2.0
+pkgrel=6
+pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux"
+url="http://libimobiledevice.org/"
+arch=('i686' 'x86_64')
+license=('GPL2' 'LGPL2.1')
+depends=('libusbmuxd' 'usbmuxd' 'gnutls')
+makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive')
+source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2
+        0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch
+        CVE-2016-5104.patch
+        0001-Add-new-function-to-get-the-underlying-file-descript.patch
+        0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch
+        0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch
+        0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch)
+sha256sums=('786b0de0875053bf61b5531a86ae8119e320edab724fc62fe2150cc931f11037'
+            '9fb1523276f9ab4273f0065728c52792ec6c99c09d587c28175c748175106a09'
+            '30d8032244859adc85f11df00a5b3adb017160821ddf4b22a8528f9b104c0951'
+            'a4a1844dfedc933cb998afbbe4b2066d8bcedf8d305990715160b957f754922c'
+            '9e03d66e15ad036e7e3b8639b07788a0c1959016444766ad63f708e722bd516c'
+            '173291a36ea08226c221643580c007f44e430867f345d8106395cce0f52a38c5'
+            '7d3c5a89ce6611c219d80255a1cce4a02de4ca00fb58c32e87733d9a0e20c4ce')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+  patch -Np1 -i ../0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch
+  patch -Np1 -i ../CVE-2016-5104.patch
+  patch -Np1 -i ../0001-Add-new-function-to-get-the-underlying-file-descript.patch
+  patch -Np1 -i ../0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch
+  patch -Np1 -i ../0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch
+  patch -Np1 -i ../0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch
+  sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4
+  autoreconf -fi
+}
+
+build() {
+  mkdir build-py2
+  pushd build-py2
+  PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr --disable-openssl
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+  popd
+
+  mkdir build-py3
+  pushd build-py3
+  PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr --disable-openssl
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+  make
+}
+
+package() {
+  pushd build-py2
+  make DESTDIR="$pkgdir" install
+  popd
+  pushd build-py3/cython
+  make DESTDIR="$pkgdir" install
+  popd
+}

Deleted: extra-x86_64/disable-sslv3.patch
===================================================================
--- extra-x86_64/disable-sslv3.patch	2017-03-27 22:27:19 UTC (rev 291736)
+++ extra-x86_64/disable-sslv3.patch	2017-03-27 22:27:29 UTC (rev 291737)
@@ -1,12 +0,0 @@
-diff -u -r libimobiledevice-1.2.0/src/idevice.c libimobiledevice-1.2.0-nossl3/src/idevice.c
---- libimobiledevice-1.2.0/src/idevice.c	2015-01-28 02:10:32.000000000 +0100
-+++ libimobiledevice-1.2.0-nossl3/src/idevice.c	2016-03-03 18:33:45.912308242 +0100
-@@ -678,7 +678,7 @@
- 	}
- 	BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);
- 
--	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
-+	SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv23_method());
- 	if (ssl_ctx == NULL) {
- 		debug_info("ERROR: Could not create SSL context.");
- 		BIO_free(ssl_bio);


More information about the arch-commits mailing list