From 3eaa9d63a73604961c5f697c3fce6fd4ad8d478ff4847266bb09d88945c51376 Mon Sep 17 00:00:00 2001
From: Martin Szulecki <novell@mirell.de>
Date: Fri, 27 May 2016 13:39:16 +0000
Subject: [PATCH] Accepting request 398367 from home:dimstar:Factory

- Add libusbmuxd-CVE-2016-5104.patch: Make sure sockets only
  listen locally (CVE-2016-5104, boo#982014).

OBS-URL: https://build.opensuse.org/request/show/398367
OBS-URL: https://build.opensuse.org/package/show/hardware/libusbmuxd?expand=0&rev=11
---
 libusbmuxd-CVE-2016-5104.patch | 32 ++++++++++++++++++++++++++++++++
 libusbmuxd.changes             |  6 ++++++
 libusbmuxd.spec                |  3 +++
 3 files changed, 41 insertions(+)
 create mode 100644 libusbmuxd-CVE-2016-5104.patch

diff --git a/libusbmuxd-CVE-2016-5104.patch b/libusbmuxd-CVE-2016-5104.patch
new file mode 100644
index 0000000..9465297
--- /dev/null
+++ b/libusbmuxd-CVE-2016-5104.patch
@@ -0,0 +1,32 @@
+From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001
+From: Joshua Hill <posixninja@gmail.com>
+Date: Tue, 29 Dec 2015 23:09:37 +0100
+Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
+
+---
+ common/socket.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/common/socket.c b/common/socket.c
+index 27b93ba..4cdefd6 100644
+--- a/common/socket.c
++++ b/common/socket.c
+@@ -203,7 +203,7 @@ int socket_create(uint16_t port)
+ 
+ 	memset((void *) &saddr, 0, sizeof(saddr));
+ 	saddr.sin_family = AF_INET;
+-	saddr.sin_addr.s_addr = htonl(INADDR_ANY);
++	saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	saddr.sin_port = htons(port);
+ 
+ 	if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
+@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port)
+ 
+ 	memset(&addr, 0, sizeof(addr));
+ 	addr.sin_family = AF_INET;
+-	addr.sin_addr.s_addr = htonl(INADDR_ANY);
++	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+ 	addr.sin_port = htons(port);
+ 
+ 	addr_len = sizeof(addr);
+
diff --git a/libusbmuxd.changes b/libusbmuxd.changes
index 6c4a287..25c6a43 100644
--- a/libusbmuxd.changes
+++ b/libusbmuxd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri May 27 13:11:35 UTC 2016 - dimstar@opensuse.org
+
+- Add libusbmuxd-CVE-2016-5104.patch: Make sure sockets only
+  listen locally (CVE-2016-5104, boo#982014).
+
 -------------------------------------------------------------------
 Mon Feb 22 19:12:48 UTC 2016 - mgorse@suse.com
 
diff --git a/libusbmuxd.spec b/libusbmuxd.spec
index cb385e7..30c485b 100644
--- a/libusbmuxd.spec
+++ b/libusbmuxd.spec
@@ -25,6 +25,8 @@ Group:          System/Libraries
 Url:            http://cgit.sukimashita.com/libusbmuxd.git
 Source:         http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM libusbmuxd-CVE-2016-5104.patch CVE-2016-5104 boo#982014 dimstar@opensuse.org - Make sure sockets only listen locally
+Patch0:         libusbmuxd-CVE-2016-5104.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libplist-devel >= 1.11
 BuildRequires:  libusb-1_0-devel >= 1.0.3
@@ -92,6 +94,7 @@ notification and backup services running on the device).
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure