basebuilder_pel7x64builder0
6 years ago
8 changed files with 679 additions and 0 deletions
@ -0,0 +1,61 @@ |
|||||||
|
From 692f7c9de72ca7fcaba51659972270d445751438 Mon Sep 17 00:00:00 2001 |
||||||
|
From: BALATON Zoltan <balaton@eik.bme.hu> |
||||||
|
Date: Wed, 23 Sep 2015 02:19:27 +0200 |
||||||
|
Subject: [PATCH] Add new function to get the underlying file descriptor of an |
||||||
|
idevice connection |
||||||
|
|
||||||
|
--- |
||||||
|
include/libimobiledevice/libimobiledevice.h | 10 ++++++++++ |
||||||
|
src/idevice.c | 16 ++++++++++++++++ |
||||||
|
2 files changed, 26 insertions(+) |
||||||
|
|
||||||
|
diff --git a/include/libimobiledevice/libimobiledevice.h b/include/libimobiledevice/libimobiledevice.h |
||||||
|
index 016cadb..b125adf 100644 |
||||||
|
--- a/include/libimobiledevice/libimobiledevice.h |
||||||
|
+++ b/include/libimobiledevice/libimobiledevice.h |
||||||
|
@@ -239,6 +239,16 @@ idevice_error_t idevice_connection_enable_ssl(idevice_connection_t connection); |
||||||
|
*/ |
||||||
|
idevice_error_t idevice_connection_disable_ssl(idevice_connection_t connection); |
||||||
|
|
||||||
|
+/** |
||||||
|
+ * Get the underlying file descriptor for a connection |
||||||
|
+ * |
||||||
|
+ * @param connection The connection to get fd of |
||||||
|
+ * @param fd Pointer to an int where the fd is stored |
||||||
|
+ * |
||||||
|
+ * @return IDEVICE_E_SUCCESS if ok, otherwise an error code. |
||||||
|
+ */ |
||||||
|
+idevice_error_t idevice_connection_get_fd(idevice_connection_t connection, int *fd); |
||||||
|
+ |
||||||
|
/* misc */ |
||||||
|
|
||||||
|
/** |
||||||
|
diff --git a/src/idevice.c b/src/idevice.c |
||||||
|
index b776e84..5912aeb 100644 |
||||||
|
--- a/src/idevice.c |
||||||
|
+++ b/src/idevice.c |
||||||
|
@@ -463,6 +463,22 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive(idevice_connecti |
||||||
|
return internal_connection_receive(connection, data, len, recv_bytes); |
||||||
|
} |
||||||
|
|
||||||
|
+LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_get_fd(idevice_connection_t connection, int *fd) |
||||||
|
+{ |
||||||
|
+ if (!connection || !fd) { |
||||||
|
+ return IDEVICE_E_INVALID_ARG; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ idevice_error_t result = IDEVICE_E_UNKNOWN_ERROR; |
||||||
|
+ if (connection->type == CONNECTION_USBMUXD) { |
||||||
|
+ *fd = (int)(long)connection->data; |
||||||
|
+ result = IDEVICE_E_SUCCESS; |
||||||
|
+ } else { |
||||||
|
+ debug_info("Unknown connection type %d", connection->type); |
||||||
|
+ } |
||||||
|
+ return result; |
||||||
|
+} |
||||||
|
+ |
||||||
|
LIBIMOBILEDEVICE_API idevice_error_t idevice_get_handle(idevice_t device, uint32_t *handle) |
||||||
|
{ |
||||||
|
if (!device) |
||||||
|
-- |
||||||
|
2.9.3 |
@ -0,0 +1,27 @@ |
|||||||
|
From 13bf235cac2201747de11652cf14fe2714ca0718 Mon Sep 17 00:00:00 2001 |
||||||
|
From: David Weinstein <dweinst@insitusec.com> |
||||||
|
Date: Mon, 21 Mar 2016 17:45:59 -0400 |
||||||
|
Subject: [PATCH] Fix SSL version negotiation for newer versions of OpenSSL |
||||||
|
|
||||||
|
Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()` |
||||||
|
would return NULL on some systems and also `SSLv23_method()` fails with some older |
||||||
|
iOS versions... |
||||||
|
--- |
||||||
|
src/idevice.c | 2 +- |
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/src/idevice.c b/src/idevice.c |
||||||
|
index f2de6a3..1dcdae2 100644 |
||||||
|
--- a/src/idevice.c |
||||||
|
+++ b/src/idevice.c |
||||||
|
@@ -703,7 +703,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne |
||||||
|
} |
||||||
|
BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); |
||||||
|
|
||||||
|
- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method()); |
||||||
|
+ SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method()); |
||||||
|
if (ssl_ctx == NULL) { |
||||||
|
debug_info("ERROR: Could not create SSL context."); |
||||||
|
BIO_free(ssl_bio); |
||||||
|
-- |
||||||
|
2.9.3 |
@ -0,0 +1,40 @@ |
|||||||
|
From 6070126868069f2ee01ea9414f4cfbe5de285267 Mon Sep 17 00:00:00 2001 |
||||||
|
From: "Jay Freeman (saurik)" <saurik@saurik.com> |
||||||
|
Date: Wed, 21 Oct 2015 00:39:14 -0700 |
||||||
|
Subject: [PATCH] Fix installation_proxy when using GnuTLS instead of OpenSSL |
||||||
|
|
||||||
|
--- |
||||||
|
src/idevice.c | 8 ++++---- |
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-) |
||||||
|
|
||||||
|
diff --git a/src/idevice.c b/src/idevice.c |
||||||
|
index 7c33cdd..b776e84 100644 |
||||||
|
--- a/src/idevice.c |
||||||
|
+++ b/src/idevice.c |
||||||
|
@@ -393,10 +393,13 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive_timeout(idevice_ |
||||||
|
} |
||||||
|
|
||||||
|
if (connection->ssl_data) { |
||||||
|
-#ifdef HAVE_OPENSSL |
||||||
|
uint32_t received = 0; |
||||||
|
while (received < len) { |
||||||
|
+#ifdef HAVE_OPENSSL |
||||||
|
int r = SSL_read(connection->ssl_data->session, (void*)((char*)(data+received)), (int)len-received); |
||||||
|
+#else |
||||||
|
+ ssize_t r = gnutls_record_recv(connection->ssl_data->session, (void*)(data+received), (size_t)len-received); |
||||||
|
+#endif |
||||||
|
if (r > 0) { |
||||||
|
received += r; |
||||||
|
} else { |
||||||
|
@@ -404,9 +407,6 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_receive_timeout(idevice_ |
||||||
|
} |
||||||
|
} |
||||||
|
debug_info("SSL_read %d, received %d", len, received); |
||||||
|
-#else |
||||||
|
- ssize_t received = gnutls_record_recv(connection->ssl_data->session, (void*)data, (size_t)len); |
||||||
|
-#endif |
||||||
|
if (received > 0) { |
||||||
|
*recv_bytes = received; |
||||||
|
return IDEVICE_E_SUCCESS; |
||||||
|
-- |
||||||
|
2.5.0 |
@ -0,0 +1,53 @@ |
|||||||
|
From 2a5868411c57e25802d2f16fd6b77601f10d0b72 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Nikos Mavrogiannopoulos <nmav@redhat.com> |
||||||
|
Date: Fri, 29 Apr 2016 22:58:34 +0200 |
||||||
|
Subject: [PATCH] Updated gnutls certificate callback to new API (backwards |
||||||
|
compatible) |
||||||
|
|
||||||
|
--- |
||||||
|
src/idevice.c | 13 +++++++++++++ |
||||||
|
1 file changed, 13 insertions(+) |
||||||
|
|
||||||
|
diff --git a/src/idevice.c b/src/idevice.c |
||||||
|
index 5912aeb..f2de6a3 100644 |
||||||
|
--- a/src/idevice.c |
||||||
|
+++ b/src/idevice.c |
||||||
|
@@ -642,7 +642,11 @@ static const char *ssl_error_to_string(int e) |
||||||
|
/** |
||||||
|
* Internally used gnutls callback function that gets called during handshake. |
||||||
|
*/ |
||||||
|
+#if GNUTLS_VERSION_NUMBER >= 0x020b07 |
||||||
|
+static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr2_st * st) |
||||||
|
+#else |
||||||
|
static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st) |
||||||
|
+#endif |
||||||
|
{ |
||||||
|
int res = -1; |
||||||
|
gnutls_certificate_type_t type = gnutls_certificate_type_get(session); |
||||||
|
@@ -650,7 +654,12 @@ static int internal_cert_callback(gnutls_session_t session, const gnutls_datum_t |
||||||
|
ssl_data_t ssl_data = (ssl_data_t)gnutls_session_get_ptr(session); |
||||||
|
if (ssl_data && ssl_data->host_privkey && ssl_data->host_cert) { |
||||||
|
debug_info("Passing certificate"); |
||||||
|
+#if GNUTLS_VERSION_NUMBER >= 0x020b07 |
||||||
|
+ st->cert_type = type; |
||||||
|
+ st->key_type = GNUTLS_PRIVKEY_X509; |
||||||
|
+#else |
||||||
|
st->type = type; |
||||||
|
+#endif |
||||||
|
st->ncerts = 1; |
||||||
|
st->cert.x509 = &ssl_data->host_cert; |
||||||
|
st->key.x509 = ssl_data->host_privkey; |
||||||
|
@@ -759,7 +768,11 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne |
||||||
|
debug_info("enabling SSL mode"); |
||||||
|
errno = 0; |
||||||
|
gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate); |
||||||
|
+#if GNUTLS_VERSION_NUMBER >= 0x020b07 |
||||||
|
+ gnutls_certificate_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback); |
||||||
|
+#else |
||||||
|
gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback); |
||||||
|
+#endif |
||||||
|
gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT); |
||||||
|
gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); |
||||||
|
gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); |
||||||
|
-- |
||||||
|
2.9.3 |
@ -0,0 +1,28 @@ |
|||||||
|
From 72643b2b83990b9cf97cc84b285b30763d44a72d Mon Sep 17 00:00:00 2001 |
||||||
|
From: "Jay Freeman (saurik)" <saurik@saurik.com> |
||||||
|
Date: Tue, 2 Aug 2016 03:08:04 -0700 |
||||||
|
Subject: [PATCH] idevice: Update GnuTLS code to support iOS 10 |
||||||
|
|
||||||
|
As of iOS 10 beta 4, the GnuTLS implementation idevice_connection_enable_ssl |
||||||
|
needs to be updated to support TLS. Using +VERS-TLS-ALL did not work on some |
||||||
|
of the devices I tested and I wasn't sure how to fix it, but +VERS-TLS1.0 is |
||||||
|
working on every device I've tested: iOS 9.0.2, 10.0b4, 8.1.1, 6.0, and 3.0. |
||||||
|
--- |
||||||
|
src/idevice.c | 2 +- |
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/src/idevice.c b/src/idevice.c |
||||||
|
index 1dcdae2..b6dfe4e 100644 |
||||||
|
--- a/src/idevice.c |
||||||
|
+++ b/src/idevice.c |
||||||
|
@@ -774,7 +774,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne |
||||||
|
gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, internal_cert_callback); |
||||||
|
#endif |
||||||
|
gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT); |
||||||
|
- gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); |
||||||
|
+ gnutls_priority_set_direct(ssl_data_loc->session, "NONE:+VERS-TLS1.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", NULL); |
||||||
|
gnutls_credentials_set(ssl_data_loc->session, GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate); |
||||||
|
gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc); |
||||||
|
|
||||||
|
-- |
||||||
|
2.9.3 |
@ -0,0 +1,170 @@ |
|||||||
|
From 23069d10341ce637fdad7321d447c53752dba48c Mon Sep 17 00:00:00 2001 |
||||||
|
From: Nikias Bassen <nikias@gmx.li> |
||||||
|
Date: Fri, 4 Nov 2016 02:11:39 +0100 |
||||||
|
Subject: [PATCH] userpref: [GnuTLS] Fix pairing record generation and improve |
||||||
|
error handling |
||||||
|
|
||||||
|
In newer GnuTLS versions the parameters supplied to |
||||||
|
gnutls_x509_privkey_import_rsa_raw() are actually checked for somewhat |
||||||
|
sane values. Since we were passing the same values for all parameters, |
||||||
|
this check fails and the device certificate is never generated. |
||||||
|
However due to missing checks the pairing record was saved anyway, with |
||||||
|
an empty device certificate. This led to TLS errors during communication, |
||||||
|
leading to the "GnuTLS: Error in pull function" error message appearing |
||||||
|
and the communication to fail. |
||||||
|
This commit fixes the issue by passing some sane values, and also improves |
||||||
|
the overall error handling during generation of the paring record. |
||||||
|
--- |
||||||
|
common/userpref.c | 85 +++++++++++++++++++++++++++++-------------------------- |
||||||
|
1 file changed, 45 insertions(+), 40 deletions(-) |
||||||
|
|
||||||
|
diff --git a/common/userpref.c b/common/userpref.c |
||||||
|
index d22c7f5..3ae503a 100644 |
||||||
|
--- a/common/userpref.c |
||||||
|
+++ b/common/userpref.c |
||||||
|
@@ -643,15 +643,13 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da |
||||||
|
gnutls_x509_crt_export(host_cert, GNUTLS_X509_FMT_PEM, host_cert_pem.data, &host_cert_export_size); |
||||||
|
host_cert_pem.size = host_cert_export_size; |
||||||
|
|
||||||
|
- ret = USERPREF_E_UNKNOWN_ERROR; |
||||||
|
- |
||||||
|
gnutls_datum_t modulus = { NULL, 0 }; |
||||||
|
gnutls_datum_t exponent = { NULL, 0 }; |
||||||
|
|
||||||
|
/* now decode the PEM encoded key */ |
||||||
|
- gnutls_datum_t der_pub_key; |
||||||
|
- if (GNUTLS_E_SUCCESS == gnutls_pem_base64_decode_alloc("RSA PUBLIC KEY", &public_key, &der_pub_key)) { |
||||||
|
- |
||||||
|
+ gnutls_datum_t der_pub_key = { NULL, 0 }; |
||||||
|
+ int gnutls_error = gnutls_pem_base64_decode_alloc("RSA PUBLIC KEY", &public_key, &der_pub_key); |
||||||
|
+ if (GNUTLS_E_SUCCESS == gnutls_error) { |
||||||
|
/* initalize asn.1 parser */ |
||||||
|
ASN1_TYPE pkcs1 = ASN1_TYPE_EMPTY; |
||||||
|
if (ASN1_SUCCESS == asn1_array2tree(pkcs1_asn1_tab, &pkcs1, NULL)) { |
||||||
|
@@ -670,8 +668,14 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da |
||||||
|
|
||||||
|
ret1 = asn1_read_value(asn1_pub_key, "modulus", modulus.data, (int*)&modulus.size); |
||||||
|
ret2 = asn1_read_value(asn1_pub_key, "publicExponent", exponent.data, (int*)&exponent.size); |
||||||
|
- if (ASN1_SUCCESS == ret1 && ASN1_SUCCESS == ret2) |
||||||
|
- ret = USERPREF_E_SUCCESS; |
||||||
|
+ if (ret1 != ASN1_SUCCESS || ret2 != ASN1_SUCCESS) { |
||||||
|
+ gnutls_free(modulus.data); |
||||||
|
+ modulus.data = NULL; |
||||||
|
+ modulus.size = 0; |
||||||
|
+ gnutls_free(exponent.data); |
||||||
|
+ exponent.data = NULL; |
||||||
|
+ exponent.size = 0; |
||||||
|
+ } |
||||||
|
} |
||||||
|
if (asn1_pub_key) |
||||||
|
asn1_delete_structure(&asn1_pub_key); |
||||||
|
@@ -679,12 +683,15 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da |
||||||
|
if (pkcs1) |
||||||
|
asn1_delete_structure(&pkcs1); |
||||||
|
} else { |
||||||
|
- debug_info("WARNING: Could not read public key"); |
||||||
|
+ debug_info("ERROR: Could not parse public key: %s", gnutls_strerror(gnutls_error)); |
||||||
|
} |
||||||
|
|
||||||
|
- /* now generate certificates */ |
||||||
|
- if (USERPREF_E_SUCCESS == ret && 0 != modulus.size && 0 != exponent.size) { |
||||||
|
- gnutls_datum_t essentially_null = { (unsigned char*)strdup("abababababababab"), strlen("abababababababab") }; |
||||||
|
+ /* generate device certificate */ |
||||||
|
+ if (modulus.data && 0 != modulus.size && exponent.data && 0 != exponent.size) { |
||||||
|
+ |
||||||
|
+ gnutls_datum_t prime_p = { (unsigned char*)"\x00\xca\x4a\x03\x13\xdf\x9d\x7a\xfd", 9 }; |
||||||
|
+ gnutls_datum_t prime_q = { (unsigned char*)"\x00\xf2\xff\xe0\x15\xd1\x60\x37\x63", 9 }; |
||||||
|
+ gnutls_datum_t coeff = { (unsigned char*)"\x32\x07\xf1\x68\x57\xdf\x9a\xf4", 8 }; |
||||||
|
|
||||||
|
gnutls_x509_privkey_t fake_privkey; |
||||||
|
gnutls_x509_crt_t dev_cert; |
||||||
|
@@ -692,8 +699,9 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da |
||||||
|
gnutls_x509_privkey_init(&fake_privkey); |
||||||
|
gnutls_x509_crt_init(&dev_cert); |
||||||
|
|
||||||
|
- if (GNUTLS_E_SUCCESS == gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &essentially_null, &essentially_null, &essentially_null, &essentially_null)) { |
||||||
|
- /* generate device certificate */ |
||||||
|
+ gnutls_error = gnutls_x509_privkey_import_rsa_raw(fake_privkey, &modulus, &exponent, &exponent, &prime_p, &prime_q, &coeff); |
||||||
|
+ if (GNUTLS_E_SUCCESS == gnutls_error) { |
||||||
|
+ /* now generate device certificate */ |
||||||
|
gnutls_x509_crt_set_key(dev_cert, fake_privkey); |
||||||
|
gnutls_x509_crt_set_serial(dev_cert, "\x00", 1); |
||||||
|
gnutls_x509_crt_set_version(dev_cert, 3); |
||||||
|
@@ -712,9 +720,8 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da |
||||||
|
} |
||||||
|
|
||||||
|
gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT); |
||||||
|
- gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey); |
||||||
|
- |
||||||
|
- if (USERPREF_E_SUCCESS == ret) { |
||||||
|
+ gnutls_error = gnutls_x509_crt_sign(dev_cert, root_cert, root_privkey); |
||||||
|
+ if (GNUTLS_E_SUCCESS == gnutls_error) { |
||||||
|
/* if everything went well, export in PEM format */ |
||||||
|
size_t export_size = 0; |
||||||
|
gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, NULL, &export_size); |
||||||
|
@@ -722,13 +729,11 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da |
||||||
|
gnutls_x509_crt_export(dev_cert, GNUTLS_X509_FMT_PEM, dev_cert_pem.data, &export_size); |
||||||
|
dev_cert_pem.size = export_size; |
||||||
|
} else { |
||||||
|
- debug_info("ERROR: Signing device certificate with root private key failed!"); |
||||||
|
+ debug_info("ERROR: Signing device certificate with root private key failed: %s", gnutls_strerror(gnutls_error)); |
||||||
|
} |
||||||
|
+ } else { |
||||||
|
+ debug_info("ERROR: Failed to import RSA key data: %s", gnutls_strerror(gnutls_error)); |
||||||
|
} |
||||||
|
- |
||||||
|
- if (essentially_null.data) |
||||||
|
- free(essentially_null.data); |
||||||
|
- |
||||||
|
gnutls_x509_crt_deinit(dev_cert); |
||||||
|
gnutls_x509_privkey_deinit(fake_privkey); |
||||||
|
} |
||||||
|
@@ -743,27 +748,27 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da |
||||||
|
|
||||||
|
gnutls_free(der_pub_key.data); |
||||||
|
#endif |
||||||
|
- if (NULL != root_cert_pem.data && 0 != root_cert_pem.size && |
||||||
|
- NULL != host_cert_pem.data && 0 != host_cert_pem.size) |
||||||
|
+ |
||||||
|
+ /* make sure that we have all we need */ |
||||||
|
+ if (root_cert_pem.data && 0 != root_cert_pem.size |
||||||
|
+ && root_key_pem.data && 0 != root_key_pem.size |
||||||
|
+ && host_cert_pem.data && 0 != host_cert_pem.size |
||||||
|
+ && host_key_pem.data && 0 != host_key_pem.size |
||||||
|
+ && dev_cert_pem.data && 0 != dev_cert_pem.size) { |
||||||
|
+ /* now set keys and certificates */ |
||||||
|
+ pair_record_set_item_from_key_data(pair_record, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert_pem); |
||||||
|
+ pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, &host_key_pem); |
||||||
|
+ pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_CERTIFICATE_KEY, &host_cert_pem); |
||||||
|
+ pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_key_pem); |
||||||
|
+ pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert_pem); |
||||||
|
ret = USERPREF_E_SUCCESS; |
||||||
|
+ } |
||||||
|
|
||||||
|
- /* now set keys and certificates */ |
||||||
|
- pair_record_set_item_from_key_data(pair_record, USERPREF_DEVICE_CERTIFICATE_KEY, &dev_cert_pem); |
||||||
|
- pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_PRIVATE_KEY_KEY, &host_key_pem); |
||||||
|
- pair_record_set_item_from_key_data(pair_record, USERPREF_HOST_CERTIFICATE_KEY, &host_cert_pem); |
||||||
|
- pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_PRIVATE_KEY_KEY, &root_key_pem); |
||||||
|
- pair_record_set_item_from_key_data(pair_record, USERPREF_ROOT_CERTIFICATE_KEY, &root_cert_pem); |
||||||
|
- |
||||||
|
- if (dev_cert_pem.data) |
||||||
|
- free(dev_cert_pem.data); |
||||||
|
- if (root_key_pem.data) |
||||||
|
- free(root_key_pem.data); |
||||||
|
- if (root_cert_pem.data) |
||||||
|
- free(root_cert_pem.data); |
||||||
|
- if (host_key_pem.data) |
||||||
|
- free(host_key_pem.data); |
||||||
|
- if (host_cert_pem.data) |
||||||
|
- free(host_cert_pem.data); |
||||||
|
+ free(dev_cert_pem.data); |
||||||
|
+ free(root_key_pem.data); |
||||||
|
+ free(root_cert_pem.data); |
||||||
|
+ free(host_key_pem.data); |
||||||
|
+ free(host_cert_pem.data); |
||||||
|
|
||||||
|
return ret; |
||||||
|
} |
||||||
|
-- |
||||||
|
2.9.3 |
@ -0,0 +1,31 @@ |
|||||||
|
From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001 |
||||||
|
From: Joshua Hill <posixninja@gmail.com> |
||||||
|
Date: Tue, 29 Dec 2015 22:27:17 +0100 |
||||||
|
Subject: [PATCH] common: [security fix] Make sure sockets only listen locally |
||||||
|
|
||||||
|
--- |
||||||
|
common/socket.c | 4 ++-- |
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/common/socket.c b/common/socket.c |
||||||
|
index b276864..e2968a6 100644 |
||||||
|
--- a/common/socket.c |
||||||
|
+++ b/common/socket.c |
||||||
|
@@ -172,7 +172,7 @@ int socket_create(uint16_t port) |
||||||
|
|
||||||
|
memset((void *) &saddr, 0, sizeof(saddr)); |
||||||
|
saddr.sin_family = AF_INET; |
||||||
|
- saddr.sin_addr.s_addr = htonl(INADDR_ANY); |
||||||
|
+ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
||||||
|
saddr.sin_port = htons(port); |
||||||
|
|
||||||
|
if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) { |
||||||
|
@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port) |
||||||
|
|
||||||
|
memset(&addr, 0, sizeof(addr)); |
||||||
|
addr.sin_family = AF_INET; |
||||||
|
- addr.sin_addr.s_addr = htonl(INADDR_ANY); |
||||||
|
+ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
||||||
|
addr.sin_port = htons(port); |
||||||
|
|
||||||
|
addr_len = sizeof(addr); |
@ -0,0 +1,269 @@ |
|||||||
|
Name: libimobiledevice |
||||||
|
Version: 1.2.0 |
||||||
|
Release: 1%{?dist} |
||||||
|
Summary: Library for connecting to mobile devices |
||||||
|
|
||||||
|
Group: System Environment/Libraries |
||||||
|
License: LGPLv2+ |
||||||
|
URL: http://www.libimobiledevice.org/ |
||||||
|
Source0: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2 |
||||||
|
Patch1: 0001-Fix-installation_proxy-when-using-GnuTLS-instead-of-.patch |
||||||
|
Patch2: CVE-2016-5104.patch |
||||||
|
Patch3: 0001-Add-new-function-to-get-the-underlying-file-descript.patch |
||||||
|
Patch4: 0001-Updated-gnutls-certificate-callback-to-new-API-backw.patch |
||||||
|
Patch5: 0001-Fix-SSL-version-negotiation-for-newer-versions-of-Op.patch |
||||||
|
Patch6: 0001-idevice-Update-GnuTLS-code-to-support-iOS-10.patch |
||||||
|
Patch7: 0001-userpref-GnuTLS-Fix-pairing-record-generation-and-im.patch |
||||||
|
|
||||||
|
BuildRequires: glib2-devel |
||||||
|
BuildRequires: gnutls-devel |
||||||
|
BuildRequires: libgcrypt-devel |
||||||
|
BuildRequires: libplist-devel |
||||||
|
BuildRequires: libplist-python |
||||||
|
BuildRequires: libtasn1-devel |
||||||
|
BuildRequires: libusbmuxd-devel |
||||||
|
BuildRequires: libusbx-devel |
||||||
|
BuildRequires: libxml2-devel |
||||||
|
|
||||||
|
%description |
||||||
|
libimobiledevice is a library for connecting to mobile devices including phones |
||||||
|
and music players |
||||||
|
|
||||||
|
%package devel |
||||||
|
Summary: Development package for libimobiledevice |
||||||
|
Group: Development/Libraries |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
|
||||||
|
%description devel |
||||||
|
Files for development with libimobiledevice. |
||||||
|
|
||||||
|
%package utils |
||||||
|
Summary: Utilites for libimobiledevice |
||||||
|
Group: Applications/System |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
|
||||||
|
%description utils |
||||||
|
Utilites for use with libimobiledevice. |
||||||
|
|
||||||
|
%package python |
||||||
|
Summary: Python bindings for libimobiledevice |
||||||
|
Group: Development/Libraries |
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release} |
||||||
|
|
||||||
|
%description python |
||||||
|
Python bindings for libimobiledevice. |
||||||
|
|
||||||
|
%prep |
||||||
|
%setup -q |
||||||
|
%patch1 -p1 |
||||||
|
%patch2 -p1 |
||||||
|
%patch3 -p1 |
||||||
|
%patch4 -p1 |
||||||
|
%patch5 -p1 |
||||||
|
%patch6 -p1 |
||||||
|
%patch7 -p1 |
||||||
|
|
||||||
|
# Fix dir permissions on html docs |
||||||
|
chmod +x docs/html |
||||||
|
|
||||||
|
%build |
||||||
|
%configure --disable-static --disable-openssl --enable-dev-tools --without-cython |
||||||
|
# Remove rpath as per https://fedoraproject.org/wiki/Packaging/Guidelines#Beware_of_Rpath |
||||||
|
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool |
||||||
|
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool |
||||||
|
|
||||||
|
make %{?_smp_mflags} V=1 |
||||||
|
|
||||||
|
%install |
||||||
|
make install DESTDIR=%{buildroot} |
||||||
|
|
||||||
|
#Remove libtool archives. |
||||||
|
find %{buildroot} -type f -name "*.la" -delete |
||||||
|
|
||||||
|
%post -p /sbin/ldconfig |
||||||
|
|
||||||
|
%postun -p /sbin/ldconfig |
||||||
|
|
||||||
|
%files |
||||||
|
%{!?_licensedir:%global license %%doc} |
||||||
|
%license COPYING.LESSER |
||||||
|
%doc AUTHORS README |
||||||
|
%{_libdir}/libimobiledevice.so.6* |
||||||
|
|
||||||
|
%files utils |
||||||
|
%doc %{_datadir}/man/man1/idevice* |
||||||
|
%{_bindir}/idevice* |
||||||
|
|
||||||
|
%files devel |
||||||
|
%doc docs/html/ |
||||||
|
%{_libdir}/pkgconfig/libimobiledevice-1.0.pc |
||||||
|
%{_libdir}/libimobiledevice.so |
||||||
|
%{_includedir}/libimobiledevice/ |
||||||
|
|
||||||
|
%files python |
||||||
|
#%{python_sitearch}/imobiledevice* |
||||||
|
|
||||||
|
%changelog |
||||||
|
* Wed Mar 01 2017 Bastien Nocera <bnocera@redhat.com> - 1.2.0-1 |
||||||
|
+ libimobiledevice-1.2.0-1 |
||||||
|
- Rebase to 1.2.0 |
||||||
|
- Fix iOS trust issues |
||||||
|
Resolves: #1387253 |
||||||
|
|
||||||
|
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.1.5-6 |
||||||
|
- Mass rebuild 2014-01-24 |
||||||
|
|
||||||
|
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.1.5-5 |
||||||
|
- Mass rebuild 2013-12-27 |
||||||
|
|
||||||
|
* Tue Nov 05 2013 Bastien Nocera <bnocera@redhat.com> 1.1.5-4 |
||||||
|
- Re-enable RPM-wide CFLAGS (regression in 1.1.5-2) |
||||||
|
Resolves: #884524 |
||||||
|
|
||||||
|
* Mon Nov 04 2013 Bastien Nocera <bnocera@redhat.com> 1.1.5-3 |
||||||
|
- Add missing libgcrypt BR |
||||||
|
Resolves: #884524 |
||||||
|
|
||||||
|
* Tue Oct 8 2013 Matthias Clasen <mclasen@redhat.com> - 1.1.5-2 |
||||||
|
- Disable strict aliasing (related: #884524) |
||||||
|
|
||||||
|
* Tue Mar 19 2013 Peter Robinson <pbrobinson@fedoraproject.org> 1.1.5-1 |
||||||
|
- New 1.1.5 release |
||||||
|
|
||||||
|
* Thu Feb 21 2013 Bastien Nocera <bnocera@redhat.com> 1.1.4-6 |
||||||
|
- Add patch to avoid multi-byte characters from being stripped |
||||||
|
from the device name |
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.4-5 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed Sep 05 2012 Bastien Nocera <bnocera@redhat.com> 1.1.4-4 |
||||||
|
- Don't make upowerd crash when run under systemd (#834359) |
||||||
|
|
||||||
|
* Fri Aug 10 2012 Rex Dieter <rdieter@fedoraproject.org> - 1.1.4-3 |
||||||
|
- disable broken python/cython bindings (for now, currently FTBFS) |
||||||
|
- track soname |
||||||
|
- tighten subpkg deps |
||||||
|
|
||||||
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.4-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild |
||||||
|
|
||||||
|
* Tue Apr 10 2012 Peter Robinson <pbrobinson@fedoraproject.org> - 1.1.4-1 |
||||||
|
- New 1.1.4 release |
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.1-5 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild |
||||||
|
|
||||||
|
* Thu Dec 08 2011 Bastien Nocera <bnocera@redhat.com> 1.1.1-4 |
||||||
|
- All the version of Fedora are > 13 now |
||||||
|
|
||||||
|
* Thu Dec 01 2011 Bastien Nocera <bnocera@redhat.com> 1.1.1-3 |
||||||
|
- Add iOS 5 support patches from upstream |
||||||
|
|
||||||
|
* Wed Sep 21 2011 Bastien Nocera <bnocera@redhat.com> 1.1.1-2 |
||||||
|
- Fix compilation against recent version of gnutls |
||||||
|
|
||||||
|
* Fri Apr 29 2011 Peter Robinson <pbrobinson@gmail.com> 1.1.1-1 |
||||||
|
- New 1.1.1 release |
||||||
|
|
||||||
|
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.0-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild |
||||||
|
|
||||||
|
* Sun Dec 26 2010 Bastien Nocera <bnocera@redhat.com> 1.1.0-1 |
||||||
|
- Update to 1.1.0 |
||||||
|
|
||||||
|
* Sun Nov 28 2010 Peter Robinson <pbrobinson@gmail.com> 1.0.4-1 |
||||||
|
- New 1.0.4 release |
||||||
|
|
||||||
|
* Mon Oct 4 2010 Peter Robinson <pbrobinson@gmail.com> 1.0.3-1 |
||||||
|
- New 1.0.3 release |
||||||
|
|
||||||
|
* Sun Aug 01 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 1.0.2-3 |
||||||
|
- Allow build against swig-2.0.0 |
||||||
|
|
||||||
|
* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 1.0.2-2 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild |
||||||
|
|
||||||
|
* Sun Jun 20 2010 Peter Robinson <pbrobinson@gmail.com> 1.0.2-1 |
||||||
|
- New upstream stable 1.0.2 release |
||||||
|
|
||||||
|
* Wed May 12 2010 Peter Robinson <pbrobinson@gmail.com> 1.0.1-1 |
||||||
|
- New upstream stable 1.0.1 release |
||||||
|
|
||||||
|
* Sun Mar 21 2010 Peter Robinson <pbrobinson@gmail.com> 1.0.0-1 |
||||||
|
- New upstream stable 1.0.0 release |
||||||
|
|
||||||
|
* Mon Feb 15 2010 Peter Robinson <pbrobinson@gmail.com> 0.9.7-3 |
||||||
|
- Add patch to fix DSO linking. Fixes bug 565084 |
||||||
|
|
||||||
|
* Wed Feb 3 2010 Peter Robinson <pbrobinson@gmail.com> 0.9.7-2 |
||||||
|
- Package review updates, add developer docs |
||||||
|
|
||||||
|
* Wed Jan 27 2010 Peter Robinson <pbrobinson@gmail.com> 0.9.7-1 |
||||||
|
- New package for new library name. Update to 0.9.7 |
||||||
|
|
||||||
|
* Sun Jan 24 2010 Peter Robinson <pbrobinson@gmail.com> 0.9.6-1 |
||||||
|
- Update to 0.9.6 release |
||||||
|
|
||||||
|
* Sat Jan 9 2010 Peter Robinson <pbrobinson@gmail.com> 0.9.5-3 |
||||||
|
- Updated to the new python sysarch spec file reqs |
||||||
|
|
||||||
|
* Tue Dec 15 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.5-2 |
||||||
|
- Update python bindings |
||||||
|
|
||||||
|
* Sat Dec 12 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.5-1 |
||||||
|
- Update to 0.9.5 release for new usbmuxd/libplist 1.0.0 final |
||||||
|
|
||||||
|
* Sat Dec 12 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.4-3 |
||||||
|
- Rebuild for libplist .so bump |
||||||
|
|
||||||
|
* Wed Oct 28 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.4-2 |
||||||
|
- Update from libusb to libusb1 |
||||||
|
|
||||||
|
* Wed Oct 28 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.4-1 |
||||||
|
- Update to 0.9.4 release for new usbmuxd 1.0.0-rc1 |
||||||
|
|
||||||
|
* Mon Aug 10 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.3-1 |
||||||
|
- Update to 0.9.3 release |
||||||
|
|
||||||
|
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.1-3 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild |
||||||
|
|
||||||
|
* Wed May 13 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.1-2 |
||||||
|
- Add new build reqs |
||||||
|
|
||||||
|
* Tue May 12 2009 Peter Robinson <pbrobinson@gmail.com> 0.9.1-1 |
||||||
|
- Update to official 0.9.1 release |
||||||
|
|
||||||
|
* Fri Apr 03 2009 - Bastien Nocera <bnocera@redhat.com> - 0.1.0-11.20090325git443edc8 |
||||||
|
- Update to latest master version |
||||||
|
|
||||||
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1.0-10.20090103git5cde554 |
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild |
||||||
|
|
||||||
|
* Sat Jan 3 2009 Peter Robinson <pbrobinson@gmail.com> 0.1.0-9.git5cde554 |
||||||
|
- Add back gnutls version patch |
||||||
|
|
||||||
|
* Sat Jan 3 2009 Peter Robinson <pbrobinson@gmail.com> 0.1.0-8.git5cde554 |
||||||
|
- Upload bzipped source file |
||||||
|
|
||||||
|
* Sat Jan 3 2009 Peter Robinson <pbrobinson@gmail.com> 0.1.0-7.git5cde554 |
||||||
|
- New git snapshot |
||||||
|
|
||||||
|
* Mon Dec 8 2008 Peter Robinson <pbrobinson@gmail.com> 0.1.0-6.git8c3a01e |
||||||
|
- Fix devel dependency |
||||||
|
|
||||||
|
* Mon Dec 8 2008 Peter Robinson <pbrobinson@gmail.com> 0.1.0-5.git8c3a01e |
||||||
|
- Fix gnutls check for new rawhide version |
||||||
|
|
||||||
|
* Mon Dec 8 2008 Peter Robinson <pbrobinson@gmail.com> 0.1.0-4.git8c3a01e |
||||||
|
- Rebuild for pkgconfig |
||||||
|
|
||||||
|
* Tue Dec 2 2008 Peter Robinson <pbrobinson@gmail.com> 0.1.0-3.git8c3a01e |
||||||
|
- Fix git file generation |
||||||
|
|
||||||
|
* Mon Dec 1 2008 Peter Robinson <pbrobinson@gmail.com> 0.1.0-2.git8c3a01e |
||||||
|
- Updates for package review |
||||||
|
|
||||||
|
* Sat Nov 29 2008 Peter Robinson <pbrobinson@gmail.com> 0.1.0-1 |
||||||
|
- Initial package |
Loading…
Reference in new issue