diff options
| -rw-r--r-- | community/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch | 95 | ||||
| -rw-r--r-- | community/libimobiledevice/13bf235cac2201747de11652cf14fe2714ca0718.patch | 31 | ||||
| -rw-r--r-- | community/libimobiledevice/APKBUILD (renamed from testing/libimobiledevice/APKBUILD) | 23 | ||||
| -rw-r--r-- | testing/libimobiledevice/01-libressl.patch | 38 |
4 files changed, 136 insertions, 51 deletions
diff --git a/community/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch b/community/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch new file mode 100644 index 0000000000..74263fe52e --- /dev/null +++ b/community/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch @@ -0,0 +1,95 @@ +Upstream: Yes +From 02a0e03e24bc96bba2e5ea2438c30baf803fd137 Mon Sep 17 00:00:00 2001 +From: Christophe Fergeau +Date: Tue, 25 Apr 2017 14:09:48 +0200 +Subject: Avoid double free with OpenSSL 1.1.0 + +Since commit OpenSSL_1_1_0-pre3~178 +https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f +OpenSSL automatically cleans up some of its internal data when the +program exits. This conflicts with some similar clean up +libimobiledevice attempts to do, which causes a double-free. +SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2, +and is still there in 1.1.0 as a no-op, so we can use that to free +the compression methods. + +This bug can be hit with a simple idevicebackup2 --help + +==14299== Invalid read of size 4 +==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263) +==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182) +==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402) +==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56) +==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e) +==14299== by 0x4011232: _dl_fini (dl-fini.c:235) +==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) +==14299== by 0x5DC2E19: exit (exit.c:105) +==14299== by 0x5DA8604: (below main) (libc-start.c:329) +==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd +==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530) +==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830) +==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103) +==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) +==14299== by 0x4E5663A: thread_once (thread.c:104) +==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140) +==14299== by 0x4011232: _dl_fini (dl-fini.c:235) +==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) +==14299== by 0x5DC2E19: exit (exit.c:105) +==14299== by 0x5DA8604: (below main) (libc-start.c:329) +==14299== Block was alloc'd at +==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299) +==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100) +==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108) +==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830) +==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482) +==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476) +==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) +==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) +==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500) +==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845) +==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125) +==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25) +==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) +==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) +==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227) +==14299== by 0x4E43416: internal_idevice_init (idevice.c:73) += + +Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> +--- + src/idevice.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +(limited to 'src/idevice.c') + +diff --git a/src/idevice.c b/src/idevice.c +index 913038e..d1f13cb 100644 +--- a/src/idevice.c ++++ b/src/idevice.c +@@ -51,6 +51,14 @@ + #include "common/debug.h" + + #ifdef HAVE_OPENSSL ++ ++#if OPENSSL_VERSION_NUMBER < 0x10002000L ++static void SSL_COMP_free_compression_methods(void) ++{ ++ sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); ++} ++#endif ++ + static mutex_t *mutex_buf = NULL; + static void locking_function(int mode, int n, const char* file, int line) + { +@@ -100,7 +108,7 @@ static void internal_idevice_deinit(void) + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); +- sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); ++ SSL_COMP_free_compression_methods(); + #ifdef HAVE_ERR_REMOVE_THREAD_STATE + ERR_remove_thread_state(NULL); + #else +-- +cgit v1.1-32-gdbae + diff --git a/community/libimobiledevice/13bf235cac2201747de11652cf14fe2714ca0718.patch b/community/libimobiledevice/13bf235cac2201747de11652cf14fe2714ca0718.patch new file mode 100644 index 0000000000..55d004e6f5 --- /dev/null +++ b/community/libimobiledevice/13bf235cac2201747de11652cf14fe2714ca0718.patch @@ -0,0 +1,31 @@ +Upstream: Yes +From 13bf235cac2201747de11652cf14fe2714ca0718 Mon Sep 17 00:00:00 2001 +From: David Weinstein +Date: Mon, 21 Mar 2016 17:45:59 -0400 +Subject: Fix SSL version negotiation for newer versions of OpenSSL + +Depending on the OpenSSL version (and custom distribution patches), `SSLv3_method()` +would return NULL on some systems and also `SSLv23_method()` fails with some older +iOS versions... +--- + src/idevice.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +(limited to 'src/idevice.c') + +diff --git a/src/idevice.c b/src/idevice.c +index f2de6a3..1dcdae2 100644 +--- a/src/idevice.c ++++ b/src/idevice.c +@@ -703,7 +703,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne + } + BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); + +- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method()); ++ SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method()); + if (ssl_ctx == NULL) { + debug_info("ERROR: Could not create SSL context."); + BIO_free(ssl_bio); +-- +cgit v1.1-32-gdbae + diff --git a/testing/libimobiledevice/APKBUILD b/community/libimobiledevice/APKBUILD index d03c66768e..80f8085250 100644 --- a/testing/libimobiledevice/APKBUILD +++ b/community/libimobiledevice/APKBUILD @@ -6,21 +6,14 @@ pkgrel=3 pkgdesc="Library that talks the protocols to support iPhone and iPod Touch devices on Linux" url="http://libimobiledevice.org/" arch="all" -license="GPL-2.0 LGPL-2.1" -makedepends="gnutls-dev openssl-dev libgcrypt-dev libusbmuxd-dev - libtasn1-dev libplist-dev libtool automake autoconf" +license="LGPL-2.1-or-later" +makedepends="openssl-dev libusbmuxd-dev libplist-dev" subpackages="$pkgname-dev $pkgname-doc" source="http://libimobiledevice.org/downloads/$pkgname-$pkgver.tar.bz2 - 01-libressl.patch" -builddir="$srcdir"/$pkgname-$pkgver - -check() { - cd "$builddir" - make check -} + 13bf235cac2201747de11652cf14fe2714ca0718.patch + 02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch" build() { - cd "$builddir" ./configure \ --prefix=/usr \ --disable-static \ @@ -28,10 +21,14 @@ build() { make } +check() { + make check +} + package() { - cd "$builddir" make DESTDIR="$pkgdir" install } sha512sums="0de5f768aeb5d62445892855d84ceaff776f6667733c351ed6c34bf9d500802762d1a06e5efdf57f33cafc9ee788041cd9b6748fb9bad6c2e4ae2f9b9aa93589 libimobiledevice-1.2.0.tar.bz2 -74b05241aa8202aed02e33570c950c54319526b8906862b3624edc9e586992f3bdfbdad7d7b4e4334b8550b252bad82365f0e04a2b71d1f9f0a20269f40e4ce0 01-libressl.patch" +bd2d16c033796573baab41deac4b84850328103e9218e0afee500a2ae83aa4b97a9d2e5d3cf66ad8c9f120dc2fbf434b374994b2b3438c6c595ffbd39bf50da3 13bf235cac2201747de11652cf14fe2714ca0718.patch +50668350cc0540cab56c1f7ece2c7e48f49113c01cdfb5c2e0c8d3b8b4593edd4dceb170df97bb7f077d6af7ec7234f525d0fbcb8b9f0f03d5c36a9a9751f600 02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch" diff --git a/testing/libimobiledevice/01-libressl.patch b/testing/libimobiledevice/01-libressl.patch deleted file mode 100644 index 616c0dce74..0000000000 --- a/testing/libimobiledevice/01-libressl.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 69c42078cc5512ba6ed9cbfd2644f501d59c0717 Mon Sep 17 00:00:00 2001 -From: vmanoilov <vladinc@gmail.com> -Date: Mon, 21 Mar 2016 23:35:01 +0000 -Subject: [PATCH] Update idevice.c - ---- - src/idevice.c | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/src/idevice.c b/src/idevice.c -index b776e84..b5c4407 100644 ---- a/src/idevice.c -+++ b/src/idevice.c -@@ -676,14 +676,16 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne - debug_info("ERROR: Could not create SSL bio."); - return ret; - } -- BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); - -- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method()); -- if (ssl_ctx == NULL) { -- debug_info("ERROR: Could not create SSL context."); -- BIO_free(ssl_bio); -- return ret; -- } -+ BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); -+ -+ SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv23_method()); -+ if (ssl_ctx == NULL) { -+ debug_info("ERROR: Could not create SSL context."); -+ BIO_free(ssl_bio); -+ return ret; -+ -+ } - - BIO* membp; - X509* rootCert = NULL; - |