rpm/libusbmuxd
SHA256
1
0
Fork 0
forked from pool/libusbmuxd
Code Pull Requests Activity

Accepting request 398369 from hardware

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/398369
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libusbmuxd?expand=0&rev=5
This commit is contained in:
Dominique Leuenberger 2016-06-02 10:37:43 +00:00 committed by Git OBS Bridge
commit 53b61600f4
3 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
libusbmuxd-CVE-2016-5104.patch Normal file
View File

@ -0,0 +1,32 @@
From 4397b3376dc4e4cb1c991d0aed61ce6482614196 Mon Sep 17 00:00:00 2001
From: Joshua Hill <posixninja@gmail.com>
Date: Tue, 29 Dec 2015 23:09:37 +0100
Subject: [PATCH] common: [security fix] Make sure sockets only listen locally
---
common/socket.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/socket.c b/common/socket.c
index 27b93ba..4cdefd6 100644
--- a/common/socket.c
+++ b/common/socket.c
@@ -203,7 +203,7 @@ int socket_create(uint16_t port)
memset((void *) &saddr, 0, sizeof(saddr));
saddr.sin_family = AF_INET;
- saddr.sin_addr.s_addr = htonl(INADDR_ANY);
+ saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
saddr.sin_port = htons(port);
if (0 > bind(sfd, (struct sockaddr *) &saddr, sizeof(saddr))) {
@@ -368,7 +368,7 @@ int socket_accept(int fd, uint16_t port)
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
- addr.sin_addr.s_addr = htonl(INADDR_ANY);
+ addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
addr.sin_port = htons(port);
addr_len = sizeof(addr);

6
libusbmuxd.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri May 27 13:11:35 UTC 2016 - dimstar@opensuse.org
- Add libusbmuxd-CVE-2016-5104.patch: Make sure sockets only
listen locally (CVE-2016-5104, boo#982014).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 22 19:12:48 UTC 2016 - mgorse@suse.com Mon Feb 22 19:12:48 UTC 2016 - mgorse@suse.com

3
libusbmuxd.spec
View File

@ -25,6 +25,8 @@ Group: System/Libraries
Url: http://cgit.sukimashita.com/libusbmuxd.git Url: http://cgit.sukimashita.com/libusbmuxd.git
Source: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2 Source: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2
Source99: baselibs.conf Source99: baselibs.conf
# PATCH-FIX-UPSTREAM libusbmuxd-CVE-2016-5104.patch CVE-2016-5104 boo#982014 dimstar@opensuse.org - Make sure sockets only listen locally
Patch0: libusbmuxd-CVE-2016-5104.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libplist-devel >= 1.11 BuildRequires: libplist-devel >= 1.11
BuildRequires: libusb-1_0-devel >= 1.0.3 BuildRequires: libusb-1_0-devel >= 1.0.3
@ -92,6 +94,7 @@ notification and backup services running on the device).
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
%configure %configure