Date: Tuesday, January 24, 2017 @ 14:05:56 Author: jgc Revision: 287373
upgpkg: libimobiledevice 1.2.0-4 Add patch for CVE-2016-5104 (FS#51019) Add python 2.x and 3.x bindings Depend on usbmuxd, creating a nice dependency loop (FS#42682) Added: libimobiledevice/trunk/CVE-2016-5104.patch Modified: libimobiledevice/trunk/PKGBUILD ---------------------+ CVE-2016-5104.patch | 31 +++++++++++++++++++++++++++++++ PKGBUILD | 34 ++++++++++++++++++++++++++-------- 2 files changed, 57 insertions(+), 8 deletions(-) Added: CVE-2016-5104.patch =================================================================== --- CVE-2016-5104.patch (rev 0) +++ CVE-2016-5104.patch 2017-01-24 14:05:56 UTC (rev 287373) @@ -0,0 +1,31 @@ +From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001 +From: Joshua Hill <[email protected]> +Date: Tue, 29 Dec 2015 22:27:17 +0100 +Subject: [PATCH] common: [security fix] Make sure sockets only listen locally + +--- + common/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/socket.c b/common/socket.c +index b276864..e2968a6 100644 +--- a/common/socket.c ++++ b/common/socket.c +@@ -172,7 +172,7 @@ int socket_create(uint16_t port) + + memset((void *) &saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; +- saddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + saddr.sin_port = htons(port); + + if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) { +@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port) + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; +- addr.sin_addr.s_addr = htonl(INADDR_ANY); ++ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = htons(port); + + addr_len = sizeof(addr); Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-01-24 13:46:33 UTC (rev 287372) +++ PKGBUILD 2017-01-24 14:05:56 UTC (rev 287373) @@ -5,30 +5,48 @@ pkgname=libimobiledevice pkgver=1.2.0 -pkgrel=3 +pkgrel=4 pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux" url="http://libimobiledevice.org/"; arch=('i686' 'x86_64') license=('GPL2' 'LGPL2.1') -depends=('libusbmuxd') -makedepends=('python2') +depends=('libusbmuxd' 'usbmuxd') +makedepends=('python2' 'cython2' 'python' 'cython' 'libplist' 'autoconf-archive') source=(http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2 - disable-sslv3.patch) + disable-sslv3.patch + CVE-2016-5104.patch) md5sums=('8757900ba7bbe2ef5f54342415d0223e' - 'bac123da4cc67b2f5cc798727e6231a9') + 'bac123da4cc67b2f5cc798727e6231a9' + 'e3535be4b4082486804b033d3f165193') prepare() { cd "$pkgname-$pkgver" patch -Np1 -i ../disable-sslv3.patch + patch -Np1 -i ../CVE-2016-5104.patch + sed -e 's/AC_PYTHON_DEVEL/AX_PYTHON_DEVEL/' -i m4/cython_python.m4 + autoreconf -fi } build() { - cd "$pkgname-$pkgver" - PYTHON=/usr/bin/python2 ./configure --prefix=/usr + mkdir build-py2 + pushd build-py2 + PYTHON=/usr/bin/python2 CYTHON=/usr/bin/cython2 ../$pkgname-$pkgver/configure --prefix=/usr + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool make + popd + + mkdir build-py3 + pushd build-py3 + PYTHON=/usr/bin/python CYTHON=/usr/bin/cython ../$pkgname-$pkgver/configure --prefix=/usr + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make } package() { - cd "$pkgname-$pkgver" + pushd build-py2 make DESTDIR="$pkgdir" install + popd + pushd build-py3/cython + make DESTDIR="$pkgdir" install + popd }
