[Pkg-gtkpod-devel] Bug#840931: libimobiledevice4 GnuTLS settings broken with iOS 10

[Nathan Kennedy]

Package: libimobiledevice4
Version: 1.1.6+dfsg-3.1

On devices (iPhones) upgraded to iOS 10, there are errors that prevent 
connecting. I did not find this in deb bugs.

This was fixed in master upstream, using TLS1.0 instead of SSL3.0. We 
should really get this fixed in jessie (in 1.1.6), otherwise iOS 10 
devices become unusable with Debian.

Requires two commits:
13bf235cac2201747de11652cf14fe2714ca0718
72643b2b83990b9cf97cc84b285b30763d44a72d

After these, rebuilding and reinstalling, the iOS 10 devices works fine 
for me.

Nathan

Patch:
--- libimobiledevice-1.1.6+dfsg.orig/src/idevice.c
+++ libimobiledevice-1.1.6+dfsg/src/idevice.c
@@ -777,7 +777,7 @@ idevice_error_t idevice_connection_enabl
      }
      BIO_set_fd(ssl_bio, (int)(long)connection->data, BIO_NOCLOSE);

-    SSL_CTX *ssl_ctx = SSL_CTX_new(SSLv3_method());
+    SSL_CTX *ssl_ctx = SSL_CTX_new(TLSv1_method());
      if (ssl_ctx == NULL) {
          debug_info("ERROR: Could not create SSL context.");
          BIO_free(ssl_bio);
@@ -838,7 +838,7 @@ idevice_error_t idevice_connection_enabl
gnutls_certificate_allocate_credentials(&ssl_data_loc->certificate);
gnutls_certificate_client_set_retrieve_function(ssl_data_loc->certificate, 
internal_cert_callback);
      gnutls_init(&ssl_data_loc->session, GNUTLS_CLIENT);
-    gnutls_priority_set_direct(ssl_data_loc->session, 
"NONE:+VERS-SSL3.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", 
NULL);
+    gnutls_priority_set_direct(ssl_data_loc->session, 
"NONE:+VERS-TLS1.0:+ANON-DH:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA1:+MD5:+COMP-NULL", 
NULL);
      gnutls_credentials_set(ssl_data_loc->session, 
GNUTLS_CRD_CERTIFICATE, ssl_data_loc->certificate);
      gnutls_session_set_ptr(ssl_data_loc->session, ssl_data_loc);