diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ecd8faf --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libusbmuxd-1.0.10.tar.bz2 diff --git a/.libusbmuxd.metadata b/.libusbmuxd.metadata new file mode 100644 index 0000000..8f6d745 --- /dev/null +++ b/.libusbmuxd.metadata @@ -0,0 +1 @@ +9d4ce8ac058cfea66e6785d2bad5bb9c93681b16 SOURCES/libusbmuxd-1.0.10.tar.bz2 diff --git a/SOURCES/CVE-2016-5104.patch b/SOURCES/CVE-2016-5104.patch new file mode 100644 index 0000000..8de02d8 --- /dev/null +++ b/SOURCES/CVE-2016-5104.patch @@ -0,0 +1,31 @@ +From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001 +From: Joshua Hill +Date: Tue, 29 Dec 2015 23:09:37 +0100 +Subject: [PATCH] common: [security fix] Make sure sockets only listen locally + +--- + common/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/common/socket.c b/common/socket.c +index 27b93ba..4cdefd6 100644 +--- a/common/socket.c ++++ b/common/socket.c +@@ -203,7 +203,7 @@ int socket_create(uint16_t port) + + memset((void *) &saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; +- saddr.sin_addr.s_addr = htonl(INADDR_ANY); ++ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + saddr.sin_port = htons(port); + + if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) { +@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port) + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; +- addr.sin_addr.s_addr = htonl(INADDR_ANY); ++ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = htons(port); + + addr_len = sizeof(addr); diff --git a/SPECS/libusbmuxd.spec b/SPECS/libusbmuxd.spec new file mode 100644 index 0000000..33f458a --- /dev/null +++ b/SPECS/libusbmuxd.spec @@ -0,0 +1,114 @@ +Name: libusbmuxd +Version: 1.0.10 +Release: 9%{?dist} +Summary: Client library USB multiplex daemon for Apple's iOS devices + +Group: System Environment/Libraries +License: LGPLv2+ +URL: http://www.libimobiledevice.org/ +Source0: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2 +Patch0: CVE-2016-5104.patch + +BuildRequires: libplist-devel >= 1.11 + +%description +libusbmuxd is the client library used for communicating with Apple's iPod Touch, +iPhone, iPad and Apple TV devices. It allows multiple services on the device +to be accessed simultaneously. + +%package utils +Summary: Utilities for communicating with Apple's iOS devices +Group: Applications/System +License: GPLv2+ +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description utils +Utilities for Apple's iOS devices + +%package devel +Summary: Development package for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: usbmuxd-devel < 1.0.9 + +%description devel +Files for development with %{name}. + +%prep +%setup -q +%patch0 -p1 -b .soc + +%build +%configure --disable-static + +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +make %{?_smp_mflags} V=1 + +%install +make install DESTDIR=%{buildroot} INSTALL='install -p' + +#Remove libtool archives. +find %{buildroot} -type f -name "*.la" -delete + +%check +make check + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc README AUTHORS +%{_libdir}/libusbmuxd.so.4* + +%files utils +%{_bindir}/iproxy + +%files devel +%{_includedir}/usbmuxd* +%{_libdir}/pkgconfig/libusbmuxd.pc +%{_libdir}/libusbmuxd.so + +%changelog +* Wed Feb 07 2018 Fedora Release Engineering - 1.0.10-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 1.0.10-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.0.10-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1.0.10-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri May 27 2016 Peter Robinson 1.0.10-5 +- Fix CVE-2016-5104 + +* Thu Feb 04 2016 Fedora Release Engineering - 1.0.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.0.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Feb 3 2015 Peter Robinson 1.0.10-2 +- Use %%license + +* Wed Oct 15 2014 Peter Robinson 1.0.10-1 +- Update to 1.0.10 + +* Tue Sep 09 2014 Rex Dieter 1.0.9-4 +- -devel: Obsoletes: usbmuxd-devel + +* Sun Aug 17 2014 Fedora Release Engineering - 1.0.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Mar 22 2014 Peter Robinson 1.0.9-1 +- Initial package