Accepting request 398366 from home:dimstar:Factory

- Add libimobiledevice-CVE-2016-5104.patch: Make sure sockets only
  listen locally (CVE-2016-5104, boo#982014).

OBS-URL: https://build.opensuse.org/request/show/398366
OBS-URL: https://build.opensuse.org/package/show/hardware/libimobiledevice?expand=0&rev=8

libimobiledevice-CVE-2016-5104.patch

@@ -0,0 +1,32 @@
+From df1f5c4d70d0c19ad40072f5246ca457e7f9849e Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja@gmail.com>
+Date: Tue, 29 Dec 2015 22:27:17 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index b276864..e2968a6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -172,7 +172,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -329,7 +329,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);
+

libimobiledevice.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri May 27 13:10:37 UTC 2016 - dimstar@opensuse.org
+
+- Add libimobiledevice-CVE-2016-5104.patch: Make sure sockets only
+  listen locally (CVE-2016-5104, boo#982014).
+
 -------------------------------------------------------------------
 Wed Jul 29 06:06:53 UTC 2015 - i@marguerite.su
 

libimobiledevice.spec

@@ -26,6 +26,9 @@ Group:          System/Libraries
 Url:            http://www.libimobiledevice.org
 Source:         http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
+Patch0:         libimobiledevice-nosslv3.patch
+# PATCH-FIX-UPSTREAM libimobiledevice-CVE-2016-5104.patch CVE-2016-5104 boo#982014 dimstar@opensuse.org - Make sure sockets only listen locally
+Patch1:         libimobiledevice-CVE-2016-5104.patch
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
 BuildRequires:  libopenssl-devel
@@ -39,7 +42,6 @@ BuildRequires:  python-devel
 BuildRequires:  python-plist
 BuildRequires:  readline-devel
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Patch0:         libimobiledevice-nosslv3.patch
 
 %description
 libimobiledevice is a software library that talks the protocols to support
@@ -106,6 +108,7 @@ Contains Python bindings for developing applications that use %{name}.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 autoreconf -fi
 sed -i -e '/Requires:/d' src/%{name}-1.0.pc.in
 sed -i -e 's/-L${libdir}//' src/%{name}-1.0.pc.in