From 9967655c5eb14e8ffd1bdf52a912a77d1585a226 Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: May 23 2017 10:30:32 +0000 Subject: rebase to 1.0.27 --- diff --git a/.gitignore b/.gitignore index 151ebbd..7e1d434 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ sane-backends-1.0.21.tar.gz /sane-backends-1.0.23.tar.gz /sane-backends-1.0.24.tar.gz /sane-backends-1.0.25.tar.gz +/sane-backends-1.0.27.tar.gz diff --git a/sane-backends-1.0.25-CVE-2017-6318.patch b/sane-backends-1.0.25-CVE-2017-6318.patch deleted file mode 100644 index 53de320..0000000 --- a/sane-backends-1.0.25-CVE-2017-6318.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff -up sane-backends-1.0.25/frontend/saned.c.CVE-2017-6318 sane-backends-1.0.25/frontend/saned.c ---- sane-backends-1.0.25/frontend/saned.c.CVE-2017-6318 2017-03-22 09:05:09.884788366 +0100 -+++ sane-backends-1.0.25/frontend/saned.c 2017-03-22 16:58:20.393869129 +0100 -@@ -1986,6 +1986,38 @@ process_request (Wire * w) - return 1; - } - -+ /* Addresses CVE-2017-6318 (#315576, Debian BTS #853804) */ -+ /* This is done here (rather than in sanei/sanei_wire.c where -+ * it should be done) to minimize scope of impact and amount -+ * of code change. -+ */ -+ if (w->direction == WIRE_DECODE -+ && req.value_type == SANE_TYPE_STRING -+ && req.action == SANE_ACTION_GET_VALUE) -+ { -+ if (req.value) -+ { -+ /* FIXME: If req.value contains embedded NUL -+ * characters, this is wrong but we do not have -+ * access to the amount of memory allocated in -+ * sanei/sanei_wire.c at this point. -+ */ -+ w->allocated_memory -= (1 + strlen (req.value)); -+ free (req.value); -+ } -+ req.value = malloc (req.value_size); -+ if (!req.value) -+ { -+ w->status = ENOMEM; -+ DBG (DBG_ERR, -+ "process_request: (control_option) " -+ "h=%d (%s)\n", req.handle, strerror (w->status)); -+ return 1; -+ } -+ memset (req.value, 0, req.value_size); -+ w->allocated_memory += req.value_size; -+ } -+ - can_authorize = 1; - - memset (&reply, 0, sizeof (reply)); /* avoid leaking bits */ diff --git a/sane-backends-1.0.25-avision-skip-adf.patch b/sane-backends-1.0.25-avision-skip-adf.patch deleted file mode 100644 index 2336d5f..0000000 --- a/sane-backends-1.0.25-avision-skip-adf.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 2fea21f28ecbcd83ec4c4cf6d1578cdd552b0df4 Mon Sep 17 00:00:00 2001 -From: Nils Philippsen -Date: Tue, 14 Mar 2017 17:38:49 +0100 -Subject: [PATCH] patch: avision-skip-adf - -Squashed commit of the following: - -commit 1177ca9c2673e5264741dff60010ddebaf43737c -Author: Dave Platt -Date: Thu Dec 15 22:29:16 2016 -0800 - - avision.c: Add "skip-adf" option - - The code which tries aggressively to reset/initialize HP 82xx/83xx - Automatic Document Feeders doesn't work well if there's no ADF attached, - because the scanner reports a non-zero ADF model type in this case. - The retry code makes several attempts to initialize the ADF, and then - bails out with an "Operation not supported" error. - - Add a new "option skip-adf" which will cause the backend to believe - the "ADF not present" status if that's what the scanner reports. - - Fixes #313751 - - (cherry picked from commit 6585b6f60d07a196e42c99b935e2754bbc80b3c8) ---- - backend/avision.c | 14 ++++++++++++-- - doc/sane-avision.man | 10 ++++++++++ - 2 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/backend/avision.c b/backend/avision.c -index 146125c..b02b547 100644 ---- a/backend/avision.c -+++ b/backend/avision.c -@@ -1277,6 +1277,9 @@ static SANE_Bool force_calibration = SANE_FALSE; - static SANE_Bool force_a4 = SANE_FALSE; - static SANE_Bool force_a3 = SANE_FALSE; - -+/* trust ADF-presence flag, even if ADF model is nonzero */ -+static SANE_Bool skip_adf = SANE_FALSE; -+ - /* hardware resolutions to interpolate from */ - static const int hw_res_list_c5[] = - { -@@ -3218,11 +3221,13 @@ get_accessories_info (Avision_Scanner* s) - { - dev->inquiry_duplex = 1; - dev->inquiry_duplex_interlaced = 0; -- } else if (result[0] == 0 && result[2] != 0) { -+ } else if (result[0] == 0 && result[2] != 0 && !skip_adf) { - /* Sometimes the scanner will report that there is no ADF attached, yet - * an ADF model number will still be reported. This happens on the - * HP8200 series and possibly others. In this case we need to reset the -- * the adf and try reading it again. -+ * the adf and try reading it again. Skip this if the configuration says -+ * to do so, so that we don't fail out the scanner as being broken and -+ * unsupported if there isn't actually an ADF present. - */ - DBG (3, "get_accessories_info: Found ADF model number but the ADF-present flag is not set. Trying to recover...\n"); - status = adf_reset (s); -@@ -7630,6 +7635,11 @@ sane_reload_devices (void) - linenumber); - force_a3 = SANE_TRUE; - } -+ else if (strcmp (word, "skip-adf") == 0) { -+ DBG (3, "sane_reload_devices: config file line %d: enabling skip-adf\n", -+ linenumber); -+ skip_adf = SANE_TRUE; -+ } - else if (strcmp (word, "static-red-calib") == 0) { - DBG (3, "sane_reload_devices: config file line %d: static red calibration\n", - linenumber); -diff --git a/doc/sane-avision.man b/doc/sane-avision.man -index 299bb72..6a991b6 100644 ---- a/doc/sane-avision.man -+++ b/doc/sane-avision.man -@@ -36,6 +36,7 @@ a hash mark (#) are ignored. A sample configuration file is shown below: - \ - option force\-a4 - option force\-a3 -+ option skip\-adf - option disable\-gamma\-table - option disable\-calibration - \ -@@ -61,6 +62,15 @@ known to return bogus data are marked in the backend - so if you need this option please report this to the - backend maintainer. USE WITH CARE! - .TP -+skip\-adf: -+Forces the backend to ignore an inconsistent ADF -+status returned by the scanner (ADF not present, but -+ADF model number non-zero). Without this option, the -+backend will make several attempts to reset the ADF -+and retry the query in this situation, and will fail -+with a "not supported" error if the ADF still doesn't -+respond. -+.TP - disable\-gamma\-table: - Disables the usage of the scanner's gamma-table. You - might try this if your scans hang or only produces --- -2.9.3 - diff --git a/sane-backends.spec b/sane-backends.spec index ca022b4..f8d7232 100644 --- a/sane-backends.spec +++ b/sane-backends.spec @@ -32,8 +32,8 @@ Summary: Scanner access software Name: sane-backends -Version: 1.0.25 -Release: 7%{?dist} +Version: 1.0.27 +Release: 1%{?dist} # lib/ is LGPLv2+, backends are GPLv2+ with exceptions # Tools are GPLv2+, docs are public domain # see LICENSE for details @@ -51,10 +51,6 @@ Patch0: sane-backends-1.0.25-udev.patch Patch1: sane-backends-1.0.23-soname.patch # Fedora-specific (for now): make installed sane-config multi-lib aware again Patch2: sane-backends-1.0.23-sane-config-multilib.patch -# Backported from upstream, commit 6585b6f60d07a196e42c99b935e2754bbc80b3c8 -Patch3: sane-backends-1.0.25-avision-skip-adf.patch -# CVE-2017-6318 - backported from upstream 42896939822b44f44ecd1b6d35afdfa4473ed35d -Patch4: sane-backends-1.0.25-CVE-2017-6318.patch URL: http://www.sane-project.org @@ -181,8 +177,6 @@ access image acquisition devices available on the local host. %patch0 -p1 -b .udev %patch1 -p1 -b .soname %patch2 -p1 -b .sane-config-multilib -%patch3 -p1 -b .avision-skip-adf -%patch4 -p1 -b .CVE-2017-6318 %build CFLAGS="%optflags -fno-strict-aliasing" @@ -333,6 +327,9 @@ exit 0 %{_unitdir}/saned@.service %changelog +* Tue May 23 2017 Zdenek Dohnal - 1.0.27-1 +- rebase to 1.0.27 + * Wed Mar 22 2017 Zdenek Dohnal - 1.0.25-7 - 1428886 - CVE-2017-6318 sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server [fedora-all] diff --git a/sources b/sources index e10c087..e3714a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f9ed5405b3c12f07c6ca51ee60225fe7 sane-backends-1.0.25.tar.gz +SHA512 (sane-backends-1.0.27.tar.gz) = c6552768bfc10216730fc11011c82f74ca0952182019ded3916072147ec09be5c975ce1d37dc3ccea050c488dbdf983c2ca17dcd702644060ba796ae2591f9c5