Your message dated Sun, 22 Jan 2017 20:51:21 +0000
with message-id <e1cvp6f-000huj...@fasolo.debian.org>
and subject line Bug#847977: fixed in libimobiledevice 1.2.0+dfsg-3.1
has caused the Debian Bug report #847977,
regarding libimobiledevice4 GnuTLS settings broken with iOS 10
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
847977: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847977
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libimobiledevice4
Version: 1.1.6+dfsg-3.1
On devices (iPhones) upgraded to iOS 10, there are errors that prevent
connecting. I did not find this in deb bugs.
This was fixed in master upstream, using TLS1.0 instead of SSL3.0. We
should really get this fixed in jessie (in 1.1.6), otherwise iOS 10
devices become unusable with Debian.
Requires two commits:
13bf235cac2201747de11652cf14fe2714ca0718
72643b2b83990b9cf97cc84b285b30763d44a72d
After these, rebuilding and reinstalling, the iOS 10 devices works fine
for me.
Nathan
Patch:
--- libimobiledevice-1.1.6+dfsg.orig/src/idevice.c
+++ libimobiledevice-1.1.6+dfsg/src/idevice.c
@@ -777,7 +777,7 @@ idevice_error_t idevice_connection_enabl
}
BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);
- SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
+ SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method());
if (ssl_ctx == NULL) {
debug_info("ERROR: Could not create SSL context.");
BIO_free(ssl_bio);
@@ -838,7 +838,7 @@ idevice_error_t idevice_connection_enabl
gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate,
internal_cert_callback);
gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
- gnutls_priority_set_direct(ssl_data_loc->session,
"NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL",
NULL);
+ gnutls_priority_set_direct(ssl_data_loc->session,
"NONE:+VERS-TLS1.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL",
NULL);
gnutls_credentials_set(ssl_data_loc->session,
GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);
--- End Message ---
--- Begin Message ---
Source: libimobiledevice
Source-Version: 1.2.0+dfsg-3.1
We believe that the bug you reported is fixed in the latest version of
libimobiledevice, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 847...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas Boulenguez <nico...@debian.org> (supplier of updated libimobiledevice
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 03 Jan 2017 01:32:36 +0100
Source: libimobiledevice
Binary: libimobiledevice6 libimobiledevice-dev libimobiledevice6-dbg
python-imobiledevice libimobiledevice-utils libimobiledevice-doc
Architecture: source
Version: 1.2.0+dfsg-3.1
Distribution: unstable
Urgency: medium
Maintainer: gtkpod Maintainers <pkg-gtkpod-de...@lists.alioth.debian.org>
Changed-By: Nicolas Boulenguez <nico...@debian.org>
Description:
libimobiledevice-dev - Library for communicating with iPhone and iPod Touch
devices
libimobiledevice-doc - Library for communicating with iPhone and iPod Touch
devices
libimobiledevice-utils - Library for communicating with iPhone and iPod Touch
devices
libimobiledevice6 - Library for communicating with the iPhone and iPod Touch
libimobiledevice6-dbg - Library for communicating with iPhone and iPod Touch
devices
python-imobiledevice - Library for communicating with iPhone and iPod Touch
devices
Closes: 840931 847977
Changes:
libimobiledevice (1.2.0+dfsg-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Upstream commits replacing SSL3.0 with TLS1.0. Closes: #840931, #847977.
Also fix related bug in GNUTLS pairing record generation, see
https://github.com/libimobiledevice/libimobiledevice/issues/413.
Checksums-Sha1:
c781204295f3ea7b818031806730281cbbbc9b0d 2782
libimobiledevice_1.2.0+dfsg-3.1.dsc
16544820115a968fc086f310767864bf63cc92ac 14668
libimobiledevice_1.2.0+dfsg-3.1.debian.tar.xz
Checksums-Sha256:
cf7debc5ea75d9586a4af547672348d8b1dd19ef3737cc3708272c6a513f0802 2782
libimobiledevice_1.2.0+dfsg-3.1.dsc
a38d5b79fcbde163ef54bbd2971b000e2e7377befcbea2841ec0d7720a20cc9d 14668
libimobiledevice_1.2.0+dfsg-3.1.debian.tar.xz
Files:
925b73d93a511815eb752f8154abd3c4 2782 libs optional
libimobiledevice_1.2.0+dfsg-3.1.dsc
8c84aa85903c4fce0be65728f0c20345 14668 libs optional
libimobiledevice_1.2.0+dfsg-3.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEYtlNMqmXIhEvWffytSqc9EkN/I0FAliCa/sTHG5pY29sYXNA
ZGViaWFuLm9yZwAKCRC1Kpz0SQ38jZmTEACNQ7MMgZXNTAQqNVIoDz75Xsv+qXBY
B4l15Bj6CiLTnK7how/XOfozqUkFXT2K8xxVtqrbrK6yJCIFW3H1aWwa3ondk3Gn
oqxAMBHfsA1gIxy8fv5I+xcJ0p6CpTkLekMBOfqJNnkc/k253m6qDQiOuOnN45y9
6PB43PzzGFKhg8Mv5nAd0RV5t2cInpnvsVWfxZirlo2BW+t9poVx8b7mHvEWCiyn
wD3qaZevatmtZiYnRtRm7e+VAbV/44bMm1VFBNMf6I2cysxPCxt7z8cmObqhm5E5
e/wtRaKmytwmVEFGS5fG3w7PowQ1lQnyHjpIWkgx+KGr98i6l+R9Iu9ToffAkzoL
sjfLn93a9gDxTxtcNTN4SYA2CvP2JfxJUAZJc4tIB/gv0kfLPlnJ5dzphp/IE8Hu
5ys5nbcZi25rUz1ZdonmgwllEQ2cvnrtm0mzyr1JwPIgkN+H59uySxxwk2hqWBpq
5ZZRc6Krb1CE3pwfRAILdhbQ6LXJMY53wD4fNTe9/YAmO66bi0UQr8aD+6R86CHF
FMyufflYDUohdSB33s6dNrKp2X2gI+13slMh5gbDs4C4DsABog/x9BUa7JLV6sSe
u6XoekygKpIJhFG4u9d9HAcNvVVSQXDq4a1as4/hKDS7o1YQ1vblflg9eaxXWs/I
qJ9T7oCPOQX7tA==
=gK9H
-----END PGP SIGNATURE-----
--- End Message ---
