Date: Friday, February 24, 2017 @ 22:03:25 Author: jgc Revision: 289501
archrelease: copy trunk to staging-i686, staging-x86_64 Added: libimobiledevice/repos/staging-i686/ libimobiledevice/repos/staging-i686/CVE-2016-5104.patch (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch) libimobiledevice/repos/staging-i686/PKGBUILD (from rev 289500, libimobiledevice/trunk/PKGBUILD) libimobiledevice/repos/staging-i686/disable-sslv3.patch (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch) libimobiledevice/repos/staging-x86_64/ libimobiledevice/repos/staging-x86_64/CVE-2016-5104.patch (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch) libimobiledevice/repos/staging-x86_64/PKGBUILD (from rev 289500, libimobiledevice/trunk/PKGBUILD) libimobiledevice/repos/staging-x86_64/disable-sslv3.patch (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch) ------------------------------------+ staging-i686/CVE-2016-5104.patch | 31 ++++++++++++++++++++ staging-i686/PKGBUILD | 52 +++++++++++++++++++++++++++++++++++ staging-i686/disable-sslv3.patch | 12 ++++++++ staging-x86_64/CVE-2016-5104.patch | 31 ++++++++++++++++++++ staging-x86_64/PKGBUILD | 52 +++++++++++++++++++++++++++++++++++ staging-x86_64/disable-sslv3.patch | 12 ++++++++ 6 files changed, 190 insertions(+) Copied: libimobiledevice/repos/staging-i686/CVE-2016-5104.patch (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch) =================================================================== --- staging-i686/CVE-2016-5104.patch (rev 0) +++ staging-i686/CVE-2016-5104.patch 2017-02-24 22:03:25 UTC (rev 289501) @@ -0,0 +1,31 @@ +From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001 +From: Joshua Hill <posixni...@gmail.com> +Date: Tue, 29 Dec 2015 22:27:17 +0100 +Subject: [PATCH] common: [security fix] Make sure sockets only listen locally + +--- + common/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/socket.c b/common/socket.c +index b276864..e2968a6 100644 +--- a/common/socket.c ++++ b/common/socket.c +@@ -172,7 +172,7 @@ int socket_create(uint16_t port) + + memset((void *) &saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; +- saddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + saddr.sin_port = htons(port); + + if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) { +@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port) + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; +- addr.sin_addr.s_addr = htonl(INADDR_ANY); ++ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = htons(port); + + addr_len = sizeof(addr); Copied: libimobiledevice/repos/staging-i686/PKGBUILD (from rev 289500, libimobiledevice/trunk/PKGBUILD) =================================================================== --- staging-i686/PKGBUILD (rev 0) +++ staging-i686/PKGBUILD 2017-02-24 22:03:25 UTC (rev 289501) @@ -0,0 +1,52 @@ +# $Id$ +# Maintainer : Tom Gundersen <t...@jklm.no> +# Maintainer : Ionut Biru <ib...@archlinux.org> +# Contributor: Gabriel Martinez < reitaka at gmail dot com > + +pkgname=libimobiledevice +pkgver=1.2.0 +pkgrel=5 +pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux" +url="http://libimobiledevice.org/" +arch=('i686' 'x86_64') +license=('GPL2' 'LGPL2.1') +depends=('libusbmuxd' 'usbmuxd') +makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive') +source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2 + disable-sslv3.patch + CVE-2016-5104.patch) +md5sums=('8757900ba7bbe2ef5f54342415d0223e' + 'bac123da4cc67b2f5cc798727e6231a9' + 'e3535be4b4082486804b033d3f165193') + +prepare() { + cd "$pkgname-$pkgver" + patch -Np1 -i ../disable-sslv3.patch + patch -Np1 -i ../CVE-2016-5104.patch + sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4 + autoreconf -fi +} + +build() { + mkdir build-py2 + pushd build-py2 + PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make + popd + + mkdir build-py3 + pushd build-py3 + PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make +} + +package() { + pushd build-py2 + make DESTDIR="$pkgdir" install + popd + pushd build-py3/cython + make DESTDIR="$pkgdir" install + popd +} Copied: libimobiledevice/repos/staging-i686/disable-sslv3.patch (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch) =================================================================== --- staging-i686/disable-sslv3.patch (rev 0) +++ staging-i686/disable-sslv3.patch 2017-02-24 22:03:25 UTC (rev 289501) @@ -0,0 +1,12 @@ +diff -u -r libimobiledevice-1.2.0/src/idevice.c libimobiledevice-1.2.0-nossl3/src/idevice.c +--- libimobiledevice-1.2.0/src/idevice.c 2015-01-28 02:10:32.000000000 +0100 ++++ libimobiledevice-1.2.0-nossl3/src/idevice.c 2016-03-03 18:33:45.912308242 +0100 +@@ -678,7 +678,7 @@ + } + BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); + +- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method()); ++ SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv23_method()); + if (ssl_ctx == NULL) { + debug_info("ERROR: Could not create SSL context."); + BIO_free(ssl_bio); Copied: libimobiledevice/repos/staging-x86_64/CVE-2016-5104.patch (from rev 289500, libimobiledevice/trunk/CVE-2016-5104.patch) =================================================================== --- staging-x86_64/CVE-2016-5104.patch (rev 0) +++ staging-x86_64/CVE-2016-5104.patch 2017-02-24 22:03:25 UTC (rev 289501) @@ -0,0 +1,31 @@ +From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001 +From: Joshua Hill <posixni...@gmail.com> +Date: Tue, 29 Dec 2015 22:27:17 +0100 +Subject: [PATCH] common: [security fix] Make sure sockets only listen locally + +--- + common/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/socket.c b/common/socket.c +index b276864..e2968a6 100644 +--- a/common/socket.c ++++ b/common/socket.c +@@ -172,7 +172,7 @@ int socket_create(uint16_t port) + + memset((void *) &saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; +- saddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + saddr.sin_port = htons(port); + + if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) { +@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port) + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; +- addr.sin_addr.s_addr = htonl(INADDR_ANY); ++ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = htons(port); + + addr_len = sizeof(addr); Copied: libimobiledevice/repos/staging-x86_64/PKGBUILD (from rev 289500, libimobiledevice/trunk/PKGBUILD) =================================================================== --- staging-x86_64/PKGBUILD (rev 0) +++ staging-x86_64/PKGBUILD 2017-02-24 22:03:25 UTC (rev 289501) @@ -0,0 +1,52 @@ +# $Id$ +# Maintainer : Tom Gundersen <t...@jklm.no> +# Maintainer : Ionut Biru <ib...@archlinux.org> +# Contributor: Gabriel Martinez < reitaka at gmail dot com > + +pkgname=libimobiledevice +pkgver=1.2.0 +pkgrel=5 +pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux" +url="http://libimobiledevice.org/" +arch=('i686' 'x86_64') +license=('GPL2' 'LGPL2.1') +depends=('libusbmuxd' 'usbmuxd') +makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive') +source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2 + disable-sslv3.patch + CVE-2016-5104.patch) +md5sums=('8757900ba7bbe2ef5f54342415d0223e' + 'bac123da4cc67b2f5cc798727e6231a9' + 'e3535be4b4082486804b033d3f165193') + +prepare() { + cd "$pkgname-$pkgver" + patch -Np1 -i ../disable-sslv3.patch + patch -Np1 -i ../CVE-2016-5104.patch + sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4 + autoreconf -fi +} + +build() { + mkdir build-py2 + pushd build-py2 + PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make + popd + + mkdir build-py3 + pushd build-py3 + PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make +} + +package() { + pushd build-py2 + make DESTDIR="$pkgdir" install + popd + pushd build-py3/cython + make DESTDIR="$pkgdir" install + popd +} Copied: libimobiledevice/repos/staging-x86_64/disable-sslv3.patch (from rev 289500, libimobiledevice/trunk/disable-sslv3.patch) =================================================================== --- staging-x86_64/disable-sslv3.patch (rev 0) +++ staging-x86_64/disable-sslv3.patch 2017-02-24 22:03:25 UTC (rev 289501) @@ -0,0 +1,12 @@ +diff -u -r libimobiledevice-1.2.0/src/idevice.c libimobiledevice-1.2.0-nossl3/src/idevice.c +--- libimobiledevice-1.2.0/src/idevice.c 2015-01-28 02:10:32.000000000 +0100 ++++ libimobiledevice-1.2.0-nossl3/src/idevice.c 2016-03-03 18:33:45.912308242 +0100 +@@ -678,7 +678,7 @@ + } + BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); + +- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method()); ++ SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv23_method()); + if (ssl_ctx == NULL) { + debug_info("ERROR: Could not create SSL context."); + BIO_free(ssl_bio);