From 646a5c1cbfd95873950a87b5f75d52073a967023 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Mon, 28 May 2018 19:12:29 +0000 Subject: Mon May 28 19:12:29 UTC 2018 a/pkgtools-15.0-noarch-13.txz: Rebuilt. installpkg: default line length for --terselength is the number of columns. removepkg: added --terse mode. upgradepkg: default line length for --terselength is the number of columns. upgradepkg: accept -option in addition to --option. ap/vim-8.1.0026-x86_64-1.txz: Upgraded. d/bison-3.0.5-x86_64-1.txz: Upgraded. e/emacs-26.1-x86_64-1.txz: Upgraded. kde/kopete-4.14.3-x86_64-8.txz: Rebuilt. Recompiled against libidn-1.35. n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded. n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded. n/libnftnl-1.1.0-x86_64-1.txz: Upgraded. n/links-2.16-x86_64-2.txz: Rebuilt. Rebuilt to enable X driver for -g mode. n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded. n/nftables-0.8.5-x86_64-1.txz: Upgraded. n/p11-kit-0.23.11-x86_64-1.txz: Upgraded. n/ulogd-2.0.7-x86_64-1.txz: Upgraded. n/whois-5.3.1-x86_64-1.txz: Upgraded. xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded. xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded. --- .../02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch | 89 ++++++++++++++++++++++ .../l/libimobiledevice/libimobiledevice.SlackBuild | 35 ++++++--- ...ibimobiledevice.use_tlsv1_instead_of_sslv3.diff | 13 ++++ source/l/libimobiledevice/slack-desc | 8 +- 4 files changed, 132 insertions(+), 13 deletions(-) create mode 100644 source/l/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch create mode 100644 source/l/libimobiledevice/libimobiledevice.use_tlsv1_instead_of_sslv3.diff (limited to 'source/l/libimobiledevice') diff --git a/source/l/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch b/source/l/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch new file mode 100644 index 000000000..3fa0b1792 --- /dev/null +++ b/source/l/libimobiledevice/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch @@ -0,0 +1,89 @@ +From 02a0e03e24bc96bba2e5ea2438c30baf803fd137 Mon Sep 17 00:00:00 2001 +From: Christophe Fergeau +Date: Tue, 25 Apr 2017 14:09:48 +0200 +Subject: [PATCH] Avoid double free with OpenSSL 1.1.0 + +Since commit OpenSSL_1_1_0-pre3~178 +https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f +OpenSSL automatically cleans up some of its internal data when the +program exits. This conflicts with some similar clean up +libimobiledevice attempts to do, which causes a double-free. +SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2, +and is still there in 1.1.0 as a no-op, so we can use that to free +the compression methods. + +This bug can be hit with a simple idevicebackup2 --help + +==14299== Invalid read of size 4 +==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263) +==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182) +==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402) +==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56) +==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e) +==14299== by 0x4011232: _dl_fini (dl-fini.c:235) +==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) +==14299== by 0x5DC2E19: exit (exit.c:105) +==14299== by 0x5DA8604: (below main) (libc-start.c:329) +==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd +==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530) +==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830) +==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103) +==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) +==14299== by 0x4E5663A: thread_once (thread.c:104) +==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140) +==14299== by 0x4011232: _dl_fini (dl-fini.c:235) +==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83) +==14299== by 0x5DC2E19: exit (exit.c:105) +==14299== by 0x5DA8604: (below main) (libc-start.c:329) +==14299== Block was alloc'd at +==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299) +==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100) +==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108) +==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830) +==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482) +==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476) +==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) +==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) +==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500) +==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845) +==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125) +==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25) +==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116) +==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106) +==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227) +==14299== by 0x4E43416: internal_idevice_init (idevice.c:73) += + +Signed-off-by: Christophe Fergeau +--- + src/idevice.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/idevice.c b/src/idevice.c +index 913038ef..d1f13cb6 100644 +--- a/src/idevice.c ++++ b/src/idevice.c +@@ -51,6 +51,14 @@ + #include "common/debug.h" + + #ifdef HAVE_OPENSSL ++ ++#if OPENSSL_VERSION_NUMBER < 0x10002000L ++static void SSL_COMP_free_compression_methods(void) ++{ ++ sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); ++} ++#endif ++ + static mutex_t *mutex_buf = NULL; + static void locking_function(int mode, int n, const char* file, int line) + { +@@ -100,7 +108,7 @@ static void internal_idevice_deinit(void) + + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); +- sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); ++ SSL_COMP_free_compression_methods(); + #ifdef HAVE_ERR_REMOVE_THREAD_STATE + ERR_remove_thread_state(NULL); + #else diff --git a/source/l/libimobiledevice/libimobiledevice.SlackBuild b/source/l/libimobiledevice/libimobiledevice.SlackBuild index fe97d57d8..322f83b57 100755 --- a/source/l/libimobiledevice/libimobiledevice.SlackBuild +++ b/source/l/libimobiledevice/libimobiledevice.SlackBuild @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/bash -# Copyright 2015 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2015, 2017, 2018 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -20,31 +20,39 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libimobiledevice VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-5} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) export ARCH=i486 ;; + i?86) export ARCH=i586 ;; arm*) export ARCH=arm ;; # Unless $ARCH is already set, use uname -m for all other archs: *) export ARCH=$( uname -m ) ;; esac fi +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + NUMJOBS=${NUMJOBS:-" -j7 "} -CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/package-${PKGNAM} rm -rf $PKG mkdir -p $TMP $PKG -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "s390" ]; then SLKCFLAGS="-O2" @@ -60,7 +68,7 @@ fi cd $TMP rm -rf ${PKGNAM}-${VERSION} tar xvf $CWD/${PKGNAM}-$VERSION.tar.?z* || exit 1 -cd ${PKGNAM}-$VERSION +cd ${PKGNAM}-$VERSION || exit 1 # Make sure ownerships and permissions are sane: chown -R root:root . @@ -70,6 +78,12 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; +# Fixes mounting issues with iOS 10: +zcat $CWD/libimobiledevice.use_tlsv1_instead_of_sslv3.diff.gz | patch -p1 --verbose || exit 1 + +# Fix for OpenSSL-1.1.x: +zcat $CWD/02a0e03e24bc96bba2e5ea2438c30baf803fd137.patch.gz | patch -p1 --verbose || exit 1 + CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ ./configure \ @@ -80,11 +94,14 @@ CXXFLAGS="$SLKCFLAGS" \ --docdir=/usr/doc/$PKGNAM-$VERSION \ --mandir=/usr/man \ --disable-static \ - --build=$ARCH-slackware-linux + --build=$ARCH-slackware-linux || exit 1 make $NUMJOBS || make || exit 1 make install DESTDIR=$PKG || exit 1 +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + # Strip binaries: find $PKG | xargs file | grep -e "executable" -e "shared object" \ | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null diff --git a/source/l/libimobiledevice/libimobiledevice.use_tlsv1_instead_of_sslv3.diff b/source/l/libimobiledevice/libimobiledevice.use_tlsv1_instead_of_sslv3.diff new file mode 100644 index 000000000..edf763ee8 --- /dev/null +++ b/source/l/libimobiledevice/libimobiledevice.use_tlsv1_instead_of_sslv3.diff @@ -0,0 +1,13 @@ +diff --git a/src/idevice.c b/src/idevice.c +index f2de6a3..1dcdae2 100644 +--- a/src/idevice.c ++++ b/src/idevice.c +@@ -703,7 +703,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne + } + BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE); + +- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method()); ++ SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method()); + if (ssl_ctx == NULL) { + debug_info("ERROR: Could not create SSL context."); + BIO_free(ssl_bio); diff --git a/source/l/libimobiledevice/slack-desc b/source/l/libimobiledevice/slack-desc index eecc8e531..b08e90ff4 100644 --- a/source/l/libimobiledevice/slack-desc +++ b/source/l/libimobiledevice/slack-desc @@ -1,8 +1,8 @@ # HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line +# The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| @@ -11,7 +11,7 @@ libimobiledevice: libimobiledevice: A library to communicate with services of Apple iOS devices using native libimobiledevice: protocols. libimobiledevice: -libimobiledevice: The libimobiledevice homepage: http://www.libimobiledevice.org/ +libimobiledevice: The libimobiledevice homepage: http://www.libimobiledevice.org/ libimobiledevice: libimobiledevice: libimobiledevice: -- cgit v1.2.3-79-gdb01