| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  |  | 
|  |  | 
|  | When building libimobiledevice with libressl 3.9 it fails with an
implicit declaration for X509V3_EXT_cleanup().
This was removed in libressl "because it was part of a dangerous,
incomplete and mostly useless API".
Additionally it doesn't seem to be actually used by libimobiledevice:
"It cleans up the stack containing custom extensions which
libimobiledevice doesn't use, it's only needed after calls to
X509V3_EXT_add{,_list,_alias}()."
Reference: https://github.com/libressl/portable/issues/1050
Signed-off-by: orbea <orbea@riseup.net> | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | There are several missing headers as well as deprecated functions for
which compatibility was added as needed. | 
|  | The 40 characters length check on the device UDID made newer devices unusable
with the libimobiledevice tools and was actually redundant since an invalid
UDID will always fail to resolve. This commit removes the length check
alltogether (but makes sure it is not an empty string ""). | 
|  |  | 
|  | Another change in 3.6.0 is that a serial of '\0' is not valid anymore.
Bump it to one. | 
|  | Verification will fail if a special flag is not passed. Use
gnutls_x509_crt_sign2() instead of gnutls_x509_crt_sign() to make
sure that passing this flag works in 3.6.0 and stays working with
3.6.1. | 
|  | In newer GnuTLS versions the parameters supplied to
gnutls_x509_privkey_import_rsa_raw() are actually checked for somewhat
sane values. Since we were passing the same values for all parameters,
this check fails and the device certificate is never generated.
However due to missing checks the pairing record was saved anyway, with
an empty device certificate. This led to TLS errors during communication,
leading to the "GnuTLS: Error in pull function" error message appearing
and the communication to fail.
This commit fixes the issue by passing some sane values, and also improves
the overall error handling during generation of the paring record. | 
|  | Since pair records are meanwhile handled by usbmuxd there is no need to check
for the existence of a pair record on disk. Asking usbmuxd for a pair record of
a given UDID is sufficient to know if it exists or not. | 
|  |  | 
|  | userpref_read_system_buid()
Also, add a debug message that will print the actual error code. | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | pair_record_generate_keys_and_certs() | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | This refactoring is mandatory as libimobiledevice should not interact with
the pair record configuration directory which is owned by the usbmuxd user.
This change also adds compatibility for the native usbmuxd and thus pair
records saved by iTunes. | 
|  |  | 
|  |  | 
|  |  | 
|  | (closing #32) | 
|  | The RSA_generate_key function has been deprecated in OpenSSL
in favour of the newer function RSA_generate_key_ex.
RSA_generate_key_ex with its current interface has been
part of OpenSSL starting from version 0.9.8 (July 2005). | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | every time
This prevented iTunes from using a pairing made by libimobiledevice giving an error
that the device sent invalid data. | 
|  |  | 
|  |  | 
|  | iOS 7 introduced a new pairing workflow which increases security by showing a
trust dialog to the user before pairing with the host is allowed.
The userpref system was refactored to use the native plist format, too.
Configuration files of the native implementations are used on each platform.
Former configuration files are no longer in use and can be deleted. | 
|  |  | 
|  |  | 
|  | When finding the user's home directory to generate a subdirectory in $HOME/.config, we would
fall back to /tmp if there were no environment variables for HOME or XDG_CONFIG_HOME.
Since libimobiledevice gets used by upower, and since upowerd runs as root, this would cause
a /tmp/root directory to be created insecurely, leaving upowerd vulnerable to a symlink attack.
Now we fall back to getpwuid_r() to find the user's home directory if it is not provided
in environment variables - this is the case when upowerd gets run via systemd, for example.
The result is that we'll end up creating /root/.config, a safe directory, since regular
users cannot create symlinks in /root.
In the future we'll need a way for libimobiledevice to find where to store its pairing data
on behalf of the console user, rather than writing it to /root.
http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use | 
|  |  |