diff --git a/sane-backends-1.0.29.tar.gz b/sane-backends-1.0.29.tar.gz deleted file mode 100644 index f1f30b2..0000000 --- a/sane-backends-1.0.29.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aa027b4e5f59849cd41b8c26d54584cf31fffd986049019be6ad4140e11ea8ed -size 7201950 diff --git a/sane-backends-1.0.30.tar.gz b/sane-backends-1.0.30.tar.gz new file mode 100644 index 0000000..0b50fc9 --- /dev/null +++ b/sane-backends-1.0.30.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3f5d96a9c47f6124a46bb577c776bbc4896dd17b9203d8bfbc7fe8cbbcf279a3 +size 7204519 diff --git a/sane-backends.changes b/sane-backends.changes index 28bbb0f..4773a55 100644 --- a/sane-backends.changes +++ b/sane-backends.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Tue Aug 18 15:15:05 UTC 2020 - Stefan Brüns + +- Update to 1.0.30: + * epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory + management issues found while addressing that CVE + * epsonds: addresses out-of-bound memory access issues to fix + CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), + addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) + and disables network autodiscovery to mitigate CVE-2020-12866 + (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 + (GHSL-2020-081). Note that this backend does not support network + scanners to begin with. + * magicolor: fixes a floating point exception and uninitialized data + read + * fixes an overflow in sanei_tcp_read() +- Move saned to a separate package +- Cleanup spec file, remove some obsolete mangling of udev rules + ------------------------------------------------------------------- Thu Feb 20 20:00:43 UTC 2020 - Stefan Brüns diff --git a/sane-backends.spec b/sane-backends.spec index f9dc081..9b75f91 100644 --- a/sane-backends.spec +++ b/sane-backends.spec @@ -24,7 +24,6 @@ BuildRequires: gcc-c++ BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel -# Cf. the comment about 'libusb' at .configure below: BuildRequires: libv4l-devel BuildRequires: net-snmp-devel BuildRequires: pkgconfig @@ -44,7 +43,7 @@ BuildRequires: pkgconfig(systemd) Summary: SANE (Scanner Access Now Easy) Scanner Drivers License: GPL-2.0-or-later AND SUSE-GPL-2.0+-with-sane-exception AND SUSE-Public-Domain Group: Hardware/Scanner -Version: 1.0.29 +Version: 1.0.30 Release: 0 URL: http://www.sane-project.org/ # Unfortunately, the first version does not build, as it does not contain a prebuilt configure, @@ -52,7 +51,7 @@ URL: http://www.sane-project.org/ # https://gitlab.com/sane-project/backends/issues/248 # Use the version including a semi-random hash instead, which is a dist tarball # Source0: https://gitlab.com/sane-project/backends/-/archive/%%{version}/backends-%%{version}.tar.gz#/sane-backends-%%{version}.tar.gz -Source0: https://gitlab.com/sane-project/backends/uploads/54f858b20a364fc35d820df935a86478/sane-backends-1.0.29.tar.gz +Source0: https://gitlab.com/sane-project/backends/uploads/c3dd60c9e054b5dee1e7b01a7edc98b0/sane-backends-1.0.30.tar.gz # Source100... is SUSE specific stuff: # Source102 is the OpenSLP registration file for the saned: Source102: sane.reg @@ -168,6 +167,16 @@ accidentally disabled when only one scanner was disconnected. If you do not like automated driver activation, do not install this package or remove it when it is already installed. +%package -n sane-saned +Summary: Sane network server +License: GPL-2.0-or-later AND LGPL-2.1-or-later AND SUSE-Public-Domain +Group: Hardware/Scanner +Provides: sane-backends:%{_sbindir}/saned +Conflicts: %{name} < %{version} + +%description -n sane-saned +Saned allows access to locally attached scanners over the network. + %prep %setup -q # Patch2 sane-backends.builttime.patch avoids build-compare noise @@ -201,14 +210,7 @@ export CFLAGS="%{optflags} -D_GNU_SOURCE -DGIMP_ENABLE_COMPAT_CRUFT=1 -fno-stric export LDFLAGS="-L/%_lib $LDFLAGS" # Enable pthread instead of fork (used in Debian since Feb 2009 and no issues so far), # see https://bugzilla.novell.com/show_bug.cgi?id=633780 -# Enable libusb-1.0 support which is available since sane-backends 1.0.20 -# and libusb-1_0 is available at least since openSUSE 11.1. -# On all systems, the --enable-libusb* flags (in particular --enable-libusb_1_0 ) are now ignored. -# Instead, the --with-usb and --without-usb flags now control support. -# When neither is given, USB support will be enabled if possible and disabled otherwise. -# If --with-usb is requested but not possible, ./configure will fail. -# There is no support to prefer libusb-0.1 over libusb-1.0. -# When libusb-1.0 is not found, libusb-0.1 will be tried. +# # Without converting API spec to supported output formats PostScript, PDF, HTML # i.e. use none of --with_api_ps --with_api_pdf --with_api_html cf. configure.ac # because converting the API spec needs tons of stuff in the build system @@ -346,10 +348,6 @@ bash %{SOURCE201} >autoconfig.rules # Install the scanner autoconfiguration udev rules file: install -d %{buildroot}%{_udevrulesdir} install -m644 autoconfig.rules %{buildroot}%{_udevrulesdir}/56-sane-backends-autoconfig.rules -# Since version 1.0.19 there is udev and HAL support. -# Therefore the old/outdated hotplug stuff is dropped (was never used by openSUSE). -# Neither tools/hotplug/libsane.usermap nor tools/hotplug/libusbscanner is installed. -# Also the evil-hack init-script "sane-dev" is no longer provided. # Regarding udev: # Modify the generated tools/udev/libsane.rules file as follows: # All GROUP="scanner" are replaced by GROUP="lp". @@ -364,17 +362,13 @@ install -m644 autoconfig.rules %{buildroot}%{_udevrulesdir}/56-sane-backends-aut # to place a paper on the scanner) so that both kind of devices # should usually require the same kind of security. sed -i -e 's/GROUP="scanner"/GROUP="lp"/' tools/udev/libsane.rules -# Regarding SUBSYSTEM=="usb" see the Novell/Suse Bugzilla bug -# https://bugzilla.novell.com/show_bug.cgi?id=294161#c11 -sed -i -e '/^SUBSYSTEM/s/"usb_device"/"usb"/' tools/udev/libsane.rules # Regarding ATTRS{} (formerly SYSFS{}) versus ATTR{} see the Novell/Suse Bugzilla bug # https://bugzilla.novell.com/show_bug.cgi?id=436085#c0 # but for SCSI scanners "ATTRS" is mandatory see the Novell/Suse Bugzilla bug # https://bugzilla.novell.com/show_bug.cgi?id=681146#c20 # so that "ATTRS" is replaced by "ATTR" only for USB scanners. +# Upstream: https://gitlab.com/sane-project/backends/-/issues/341 sed -i -e '/^LABEL="libsane_usb_rules_begin"/,/^LABEL="libsane_usb_rules_end"/s/ATTRS/ATTR/g' tools/udev/libsane.rules -# Disable all ENV{DEVTYPE} lines because we (Suse/Novell) do not need them. -sed -i -e 's/^ENV{DEVTYPE}/# ENV{DEVTYPE}/' tools/udev/libsane.rules # Disable entries for USB scanners which are "unsupported" # but keep the entries for models for which the support status # is "complete", "good", "basic", "minimal", "untested" @@ -406,15 +400,9 @@ do if grep -q "^ATTR.idVendor.==$m" tools/udev/libsane.rules sed -i -e "/^ATTR.idVendor.==$m/Is/^ATTR/# ATTR/" tools/udev/libsane.rules fi done -# Newer udev versions complain about NAME="%k" usage with warning messages like -# 'udevd[1234]: NAME="%k" is superfluous and breaks kernel supplied names...' -sed -i -e 's/NAME="%k", //' tools/udev/libsane.rules # Add an entry for "SCSI processor EPSON Perfection1640", # see https://bugzilla.novell.com/show_bug.cgi?id=681146#c43 sed -i -e '/^# Epson Perfection 636S /i# Epson Perfection 1640\nKERNEL=="sg[0-9]*", ATTRS{type}=="3", ATTRS{vendor}=="EPSON", ATTRS{model}=="Perfection1640", MODE="0664", GROUP="lp", ENV{libsane_matched}="yes"' tools/udev/libsane.rules -# Add a wildcard entry for any "SCSI processor EPSON SCANNER*" -# see http://lists.alioth.debian.org/pipermail/sane-devel/2011-June/028739.html -sed -i -e '/^# Epson Perfection 2450 /i# Any SCSI processor EPSON SCANNER...\nKERNEL=="sg[0-9]*", ATTRS{type}=="3", ATTRS{vendor}=="EPSON", ATTRS{model}=="SCANNER*", MODE="0664", GROUP="lp", ENV{libsane_matched}="yes"' tools/udev/libsane.rules # Install the udev rules file: install -m644 tools/udev/libsane.rules %{buildroot}%{_udevrulesdir}/55-libsane.rules # Service files: @@ -434,7 +422,7 @@ rm %{buildroot}%{_defaultdocdir}/sane-backends/{README.aix,README.beos,README.da # https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25find_lang %find_lang sane-backends -%pre +%pre -n sane-saned if [ $1 = 2 ] ; then # In case of an upgrade the erroneously created as directories saned.socket and saned@.service # must be removed, otherwise the upgrade will fail, @@ -449,26 +437,30 @@ if [ $1 = 2 ] ; then fi %service_add_pre saned.socket -%post +%post -n sane-saned %service_add_post saned.socket -%preun +%preun -n sane-saned %service_del_preun saned.socket -%postun +%postun -n sane-saned %service_del_postun saned.socket %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig -%files -f sane-backends.lang -%defattr(-,root,root) -%dir %{_sysconfdir}/sane.d -%config(noreplace) %{_sysconfdir}/sane.d/*.conf +%files -n sane-saned %dir %{_sysconfdir}/slp.reg.d %config(noreplace) %{_sysconfdir}/slp.reg.d/* -%{_udevrulesdir}/55-libsane.rules %{_sbindir}/saned +%{_unitdir}/saned@.service +%{_unitdir}/saned.socket +%doc %{_mandir}/man8/saned.8.gz + +%files -f sane-backends.lang +%dir %{_sysconfdir}/sane.d +%config(noreplace) %{_sysconfdir}/sane.d/*.conf +%{_udevrulesdir}/55-libsane.rules %{_bindir}/scanimage %{_bindir}/sane-find-scanner %{_bindir}/gamma4scanimage @@ -476,8 +468,6 @@ fi %{_datadir}/sane/ %{_libdir}/sane/ %exclude %{_libdir}/sane/libsane-dll.so.* -%{_unitdir}/saned@.service -%{_unitdir}/saned.socket #dir /var/lock/sane %doc %{_defaultdocdir}/sane-backends/ %doc %{_mandir}/man1/scanimage.1.gz @@ -485,7 +475,6 @@ fi %doc %{_mandir}/man1/gamma4scanimage.1.gz %doc %{_mandir}/man5/sane-*.5.gz %doc %{_mandir}/man7/sane.7.gz -%doc %{_mandir}/man8/saned.8.gz %files -n %{libname} %dir %{_libdir}/sane/ @@ -495,7 +484,6 @@ fi %{_libdir}/libsane.so.* %files devel -%defattr(-,root,root) %{_bindir}/sane-config %{_includedir}/sane/ %{_libdir}/libsane.so @@ -503,7 +491,6 @@ fi %doc %{_mandir}/man1/sane-config.1.gz %files autoconfig -%defattr(-,root,root) %{_udevrulesdir}/56-sane-backends-autoconfig.rules %changelog