[arch-commits] Commit in libusbmuxd/trunk (CVE-2016-5104.patch PKGBUILD)
Date: Friday, November 10, 2017 @ 22:45:15 Author: jgc Revision: 309407 upgpkg: libusbmuxd 1.0.10+13+gc724e70-1 Modified: libusbmuxd/trunk/PKGBUILD Deleted: libusbmuxd/trunk/CVE-2016-5104.patch -+ CVE-2016-5104.patch | 31 --- PKGBUILD| 30 -- 2 files changed, 20 insertions(+), 41 deletions(-) Deleted: CVE-2016-5104.patch === --- CVE-2016-5104.patch 2017-11-10 22:44:14 UTC (rev 309406) +++ CVE-2016-5104.patch 2017-11-10 22:45:15 UTC (rev 309407) @@ -1,31 +0,0 @@ -From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001 -From: Joshua Hill-Date: Tue, 29 Dec 2015 23:09:37 +0100 -Subject: [PATCH] common: [security fix] Make sure sockets only listen locally - - common/socket.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/common/socket.c b/common/socket.c -index 27b93ba..4cdefd6 100644 a/common/socket.c -+++ b/common/socket.c -@@ -203,7 +203,7 @@ int socket_create(uint16_t port) - - memset((void *) , 0, sizeof(saddr)); - saddr.sin_family = AF_INET; -- saddr.sin_addr.s_addr = htonl(INADDR_ANY); -+ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - saddr.sin_port = htons(port); - - if (0 > bind(sfd, (struct sockaddr *) , sizeof(saddr))) { -@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port) - - memset(, 0, sizeof(addr)); - addr.sin_family = AF_INET; -- addr.sin_addr.s_addr = htonl(INADDR_ANY); -+ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - addr.sin_port = htons(port); - - addr_len = sizeof(addr); Modified: PKGBUILD === --- PKGBUILD2017-11-10 22:44:14 UTC (rev 309406) +++ PKGBUILD2017-11-10 22:45:15 UTC (rev 309407) @@ -3,31 +3,41 @@ # Contributor: Gabriel Martinez < reitaka at gmail dot com > pkgname=libusbmuxd -pkgver=1.0.10 -pkgrel=2 +pkgver=1.0.10+13+gc724e70 +pkgrel=1 pkgdesc="USB Multiplex Daemon" url="http://marcansoft.com/blog/iphonelinux/usbmuxd/; arch=('i686' 'x86_64') license=('LGPL2.1' 'GPL2') depends=('libusb' 'libplist') +makedepends=(git) conflicts=('usbmuxd<1.0.9') -source=(http://www.libimobiledevice.org/downloads/libusbmuxd-$pkgver.tar.bz2 - CVE-2016-5104.patch) -sha256sums=('1aa21391265d2284ac3ccb7cf278126d10d354878589905b35e8102104fec9f2' -'9f3a84c8d0a32df13985f6574f5f0e86af435a67606612c0811df631070a97e3') +_commit=c724e70fb52ba45291dc73a2e369c0c5bae0ec2e # master +source=("git+https://github.com/libimobiledevice/libusbmuxd#commit=$_commit;) +sha256sums=('SKIP') +pkgver() { + cd $pkgname + git describe --tags | sed 's/-/+/g' +} + +check() { + cd $pkgname + make check +} + prepare() { - cd libusbmuxd-${pkgver} - patch -Np1 -i ../CVE-2016-5104.patch + cd $pkgname + NOCONFIGURE=1 ./autogen.sh } build() { - cd libusbmuxd-${pkgver} + cd $pkgname ./configure --prefix=/usr make } package() { - cd libusbmuxd-${pkgver} + cd $pkgname make DESTDIR="${pkgdir}" install }
[arch-commits] Commit in libusbmuxd/trunk (CVE-2016-5104.patch PKGBUILD)
Date: Sunday, June 4, 2017 @ 22:35:28 Author: jgc Revision: 297790 upgpkg: libusbmuxd 1.0.10-2 Add security fix for CVE-2016-5104 Added: libusbmuxd/trunk/CVE-2016-5104.patch Modified: libusbmuxd/trunk/PKGBUILD -+ CVE-2016-5104.patch | 31 +++ PKGBUILD| 14 ++ 2 files changed, 41 insertions(+), 4 deletions(-) Added: CVE-2016-5104.patch === --- CVE-2016-5104.patch (rev 0) +++ CVE-2016-5104.patch 2017-06-04 22:35:28 UTC (rev 297790) @@ -0,0 +1,31 @@ +From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001 +From: Joshua Hill+Date: Tue, 29 Dec 2015 23:09:37 +0100 +Subject: [PATCH] common: [security fix] Make sure sockets only listen locally + +--- + common/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/socket.c b/common/socket.c +index 27b93ba..4cdefd6 100644 +--- a/common/socket.c b/common/socket.c +@@ -203,7 +203,7 @@ int socket_create(uint16_t port) + + memset((void *) , 0, sizeof(saddr)); + saddr.sin_family = AF_INET; +- saddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + saddr.sin_port = htons(port); + + if (0 > bind(sfd, (struct sockaddr *) , sizeof(saddr))) { +@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port) + + memset(, 0, sizeof(addr)); + addr.sin_family = AF_INET; +- addr.sin_addr.s_addr = htonl(INADDR_ANY); ++ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = htons(port); + + addr_len = sizeof(addr); Modified: PKGBUILD === --- PKGBUILD2017-06-04 22:33:07 UTC (rev 297789) +++ PKGBUILD2017-06-04 22:35:28 UTC (rev 297790) @@ -1,4 +1,3 @@ -# $Id: $ # Maintainer: Ionut Biru # Maintainer: Jan de Groot # Contributor: Gabriel Martinez < reitaka at gmail dot com > @@ -5,7 +4,7 @@ pkgname=libusbmuxd pkgver=1.0.10 -pkgrel=1 +pkgrel=2 pkgdesc="USB Multiplex Daemon" url="http://marcansoft.com/blog/iphonelinux/usbmuxd/; arch=('i686' 'x86_64') @@ -12,9 +11,16 @@ license=('LGPL2.1' 'GPL2') depends=('libusb' 'libplist') conflicts=('usbmuxd<1.0.9') -source=(http://www.libimobiledevice.org/downloads/libusbmuxd-$pkgver.tar.bz2) -md5sums=('e5351ff6f6eedcb50701e02d91cc480c') +source=(http://www.libimobiledevice.org/downloads/libusbmuxd-$pkgver.tar.bz2 + CVE-2016-5104.patch) +sha256sums=('1aa21391265d2284ac3ccb7cf278126d10d354878589905b35e8102104fec9f2' +'9f3a84c8d0a32df13985f6574f5f0e86af435a67606612c0811df631070a97e3') +prepare() { + cd libusbmuxd-${pkgver} + patch -Np1 -i ../CVE-2016-5104.patch +} + build() { cd libusbmuxd-${pkgver} ./configure --prefix=/usr