Package: libimobiledevice4
Followup-For: Bug #840931
Control: reassign 840931 libimobiledevice6 1.2.0+dfsg-3
Control: affects 840931 ifuse
Control: merge 840931 847977
Control: tags 840931 patch
Hello.
The attached diff applies the two upstream commits described above, as
well as another one described at the end of
https://github.com/libimobiledevice/libimobiledevice/issues/413.
All three patches are required to connect an iOS 4.5.1.
diff -Nru libimobiledevice-1.2.0+dfsg/debian/changelog libimobiledevice-1.2.0+dfsg/debian/changelog
--- libimobiledevice-1.2.0+dfsg/debian/changelog 2016-06-02 18:55:15.0 +0200
+++ libimobiledevice-1.2.0+dfsg/debian/changelog 2017-01-03 01:32:36.0 +0100
@@ -1,3 +1,12 @@
+libimobiledevice (1.2.0+dfsg-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Upstream commits replacing SSL3.0 with TLS1.0. Closes: #840931, #847977.
+Also fix related bug in GNUTLS pairing record generation, see
+https://github.com/libimobiledevice/libimobiledevice/issues/413.
+
+ -- Nicolas Boulenguez Tue, 03 Jan 2017 01:32:36 +0100
+
libimobiledevice (1.2.0+dfsg-3) unstable; urgency=high
* Team upload
diff -Nru libimobiledevice-1.2.0+dfsg/debian/patches/fix-ssl-version-negotiation-for-newer-versions-of-openssl.diff libimobiledevice-1.2.0+dfsg/debian/patches/fix-ssl-version-negotiation-for-newer-versions-of-openssl.diff
--- libimobiledevice-1.2.0+dfsg/debian/patches/fix-ssl-version-negotiation-for-newer-versions-of-openssl.diff 1970-01-01 01:00:00.0 +0100
+++ libimobiledevice-1.2.0+dfsg/debian/patches/fix-ssl-version-negotiation-for-newer-versions-of-openssl.diff 2017-01-03 01:32:36.0 +0100
@@ -0,0 +1,20 @@
+Description: Fix SSL version negotiation for newer versions of OpenSSL
+ Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()`
+ would return NULL on some systems and also `SSLv23_method()` fails with some older
+ iOS versions...
+Origin: upstream, https://cgit.libimobiledevice.org/libimobiledevice.git/commit/?id=13bf235cac2201747de11652cf14fe2714ca0718
+Author: David Weinstein
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840931
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847977
+
+--- a/src/idevice.c
b/src/idevice.c
+@@ -687,7 +687,7 @@
+ }
+ BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);
+
+- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
++ SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method());
+ if (ssl_ctx == NULL) {
+ debug_info("ERROR: Could not create SSL context.");
+ BIO_free(ssl_bio);
diff -Nru libimobiledevice-1.2.0+dfsg/debian/patches/idevice-update-gnutls-code-to-support-ios-10.diff libimobiledevice-1.2.0+dfsg/debian/patches/idevice-update-gnutls-code-to-support-ios-10.diff
--- libimobiledevice-1.2.0+dfsg/debian/patches/idevice-update-gnutls-code-to-support-ios-10.diff 1970-01-01 01:00:00.0 +0100
+++ libimobiledevice-1.2.0+dfsg/debian/patches/idevice-update-gnutls-code-to-support-ios-10.diff 2017-01-03 01:32:36.0 +0100
@@ -0,0 +1,21 @@
+Description: idevice: Update GnuTLS code to support iOS 10
+ As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl
+ needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some
+ of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is
+ working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0.
+Origin: upstream, https://cgit.libimobiledevice.org/libimobiledevice.git/commit/?id=72643b2b83990b9cf97cc84b285b30763d44a72d
+Author: Jay Freeman (saurik)
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840931
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847977
+
+--- a/src/idevice.c
b/src/idevice.c
+@@ -758,7 +758,7 @@
+ gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback);
+ #endif
+ gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
+- gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
++ gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-TLS1.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL);
+ gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
+ gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);
+
diff -Nru libimobiledevice-1.2.0+dfsg/debian/patches/series libimobiledevice-1.2.0+dfsg/debian/patches/series
--- libimobiledevice-1.2.0+dfsg/debian/patches/series 2016-06-02 18:55:15.0 +0200
+++ libimobiledevice-1.2.0+dfsg/debian/patches/series 2017-01-03 01:32:36.0 +0100
@@ -2,3 +2,6 @@
09_use_python_config.patch
local-only-sockets.patch
gnutls-api-update.patch
+fix-ssl-version-negotiation-for-newer-versions-of-openssl.diff
+idevice-update-gnutls-code-to-support-ios-10.diff
+userpref-gnutls-fix-pairing-record-generation-and-improve-err