Hello community, here is the log from the commit of package hylafax+ for openSUSE:Factory checked in at 2018-09-19 14:31:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hylafax+ (Old) and /work/SRC/openSUSE:Factory/.hylafax+.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hylafax+" Wed Sep 19 14:31:02 2018 rev:22 rq:636444 version:5.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/hylafax+/hylafax+.changes 2018-08-27 12:59:41.140838216 +0200 +++ /work/SRC/openSUSE:Factory/.hylafax+.new/hylafax+.changes 2018-09-19 14:33:08.167312750 +0200 @@ -1,0 +2,12 @@ +Tue Sep 18 18:31:26 UTC 2018 - Hans-Peter Jansen <[email protected]> + +- version 5.6.1 +* address CVE-2018-17141, fixes JPEG vulnerabilities (18 Sep 2018) + +------------------------------------------------------------------- +Mon Sep 17 10:15:34 UTC 2018 - Hans-Peter Jansen <[email protected]> + +- use systemd template unit file for hylafax-faxgetty services +- fix services + +------------------------------------------------------------------- Old: ---- hylafax-5.6.0.tar.gz hylafax-faxgetty-ttyS0.service New: ---- hylafax-5.6.1.tar.gz [email protected] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hylafax+.spec ++++++ --- /var/tmp/diff_new_pack.azdNSY/_old 2018-09-19 14:33:11.739310336 +0200 +++ /var/tmp/diff_new_pack.azdNSY/_new 2018-09-19 14:33:11.739310336 +0200 @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %global faxspool %{_localstatedir}/spool/hylafax %define lib_version %(echo %{version} | tr \. _) Name: hylafax+ -Version: 5.6.0 +Version: 5.6.1 Release: 0 Summary: A fax server License: BSD-3-Clause @@ -30,7 +30,7 @@ Source3: hylafax+_hourly.cron Source4: hylafax-hfaxd.service Source5: hylafax-faxq.service -Source6: hylafax-faxgetty-ttyS0.service +Source6: [email protected] Source7: README.SUSE Source8: sendonly.conf BuildRequires: gcc-c++ @@ -159,11 +159,11 @@ install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/hylafax-hfaxd.service install -p -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/hylafax-faxq.service -install -p -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/hylafax-faxgetty-ttyS0.service +install -p -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/[email protected] install -p -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/cron.daily/hylafax install -p -m 755 %{SOURCE3} %{buildroot}%{_sysconfdir}/cron.hourly/hylafax -for lnk in hylafax-hfaxd hylafax-faxgetty-ttyS0 hylafax-faxq; do +for lnk in hylafax-hfaxd hylafax-faxq; do ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc$lnk done ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rchylafax @@ -180,24 +180,24 @@ %pre %service_add_pre hylafax-faxq.service -%service_add_pre hylafax-faxgetty-ttyS0.service +%service_add_pre [email protected] %service_add_pre hylafax-hfaxd.service %post /sbin/ldconfig %service_add_post hylafax-faxq.service -%service_add_post hylafax-faxgetty-ttyS0.service +%service_add_post [email protected] %service_add_post hylafax-hfaxd.service %preun %service_del_preun hylafax-faxq.service -%service_del_preun hylafax-faxgetty-ttyS0.service +%service_del_preun [email protected] %service_del_preun hylafax-hfaxd.service %postun /sbin/ldconfig %service_del_postun hylafax-faxq.service -%service_del_postun hylafax-faxgetty-ttyS0.service +%service_del_postun [email protected] %service_del_postun hylafax-hfaxd.service %post -n libfaxutil%{lib_version} -p /sbin/ldconfig @@ -206,8 +206,7 @@ %files %{_unitdir}/hylafax-hfaxd.service %{_unitdir}/hylafax-faxq.service -%{_unitdir}/hylafax-faxgetty-ttyS0.service -%{_sbindir}/rchylafax-faxgetty-ttyS0 +%{_unitdir}/[email protected] %{_sbindir}/rchylafax-faxq %{_sbindir}/rchylafax-hfaxd %{_sbindir}/rchylafax ++++++ README.SUSE ++++++ --- /var/tmp/diff_new_pack.azdNSY/_old 2018-09-19 14:33:11.771310314 +0200 +++ /var/tmp/diff_new_pack.azdNSY/_new 2018-09-19 14:33:11.771310314 +0200 @@ -29,18 +29,16 @@ Receiving faxes --------------- -In case you want to receive faxes as well, a TEMPLATE is attached for starting -faxgetty on a modem on ttyS0: -hylafax-faxgetty-ttyS0.service -Please use this template and modify it according to the interface(s) the modem -is attached to. You need to have one service file per modem. +In order to receive faxes as well, you need to run one faxgetty for each +interface, e.g.: -The Template is in /usr/lib/systemd/system +systemctl start [email protected] +systemctl start [email protected] -Enable systemd service for the faxgetty-daemon: +Starting them at boot time with: -systemctl enable hylafax-faxgetty-ttyS0.service -systemctl start hylafax-faxgetty-ttyS0.service +systemctl enable [email protected] +systemctl enable [email protected] Send-only environment --------------------- ++++++ hylafax-5.6.0.tar.gz -> hylafax-5.6.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hylafax-5.6.0/CHANGES new/hylafax-5.6.1/CHANGES --- old/hylafax-5.6.0/CHANGES 2018-07-05 02:37:28.000000000 +0200 +++ new/hylafax-5.6.1/CHANGES 2018-09-18 05:48:32.000000000 +0200 @@ -2,6 +2,12 @@ New Changes +(5.6.1) + +* address CVE-2018-17141, fixes JPEG vulnerabilities (18 Sep 2018) + +(5.6.0) + * some adjustments to assist AIX 6.1 builds (29 Jun 2018) * initial support for systemd in faxsetup (29 Jun 2018) * fix RFC2047 encoding by notify (27 Jun, 3 Jul 2018) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hylafax-5.6.0/VERSION new/hylafax-5.6.1/VERSION --- old/hylafax-5.6.0/VERSION 2018-07-05 02:37:28.000000000 +0200 +++ new/hylafax-5.6.1/VERSION 2018-09-18 06:08:43.000000000 +0200 @@ -1 +1 @@ -5.6.0 +5.6.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hylafax-5.6.0/faxd/Class2.c++ new/hylafax-5.6.1/faxd/Class2.c++ --- old/hylafax-5.6.0/faxd/Class2.c++ 2018-07-05 02:37:28.000000000 +0200 +++ new/hylafax-5.6.1/faxd/Class2.c++ 2018-09-18 05:45:59.000000000 +0200 @@ -500,6 +500,8 @@ } else { if (jpscan == 0x1) params.jp = JP_GREY; else if (jpscan & 0x2) params.jp = JP_COLOR; + /* See the comment in util/Class2Params.c++:setFromDCS() regarding JPEG use invalidating MH/MR/MMR/JBIG. */ + if (params.jp != JP_NONE) params.df = 0; } return (true); } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hylafax-5.6.0/faxd/CopyQuality.c++ new/hylafax-5.6.1/faxd/CopyQuality.c++ --- old/hylafax-5.6.0/faxd/CopyQuality.c++ 2018-07-05 02:37:28.000000000 +0200 +++ new/hylafax-5.6.1/faxd/CopyQuality.c++ 2018-09-18 05:30:58.000000000 +0200 @@ -411,8 +411,12 @@ if (params.df == DF_JBIG) { flushRawData(tif, 0, (const u_char*) buf, cc, emsg); } else { - memcpy(recvRow, (const char*) buf, cc); - recvRow += cc; + /* We don't support reception of a JPEG page bigger than COLORBUFSIZ. */ + if (recvRow + cc - recvPageStart > COLORBUFSIZ) cc = recvPageStart + COLORBUFSIZ - recvRow; + if (cc > 0) { + memcpy(recvRow, (const char*) buf, cc); + recvRow += cc; + } } } while (!fin); if (params.df == DF_JBIG) clearSDNORMCount(); @@ -1123,14 +1127,20 @@ } break; } - if (params.jp != JP_GREY && params.jp != JP_COLOR) { - flushRawData(tif, 0, (const u_char*) buf, cc, emsg); - } else { - memcpy(recvRow, (const char*) buf, cc); - recvRow += cc; - } - if (seq & 2 && (params.jp == JP_GREY || params.jp == JP_COLOR)) { - fixupJPEG(tif, emsg); + switch (dataform) { + case JP_GREY+4: + case JP_COLOR+4: + /* We don't support reception of a JPEG page bigger than COLORBUFSIZ. */ + if (recvRow + cc - recvPageStart > COLORBUFSIZ) cc = recvPageStart + COLORBUFSIZ - recvRow; + if (cc > 0) { + memcpy(recvRow, (const char*) buf, cc); + recvRow += cc; + } + if (seq & 2) fixupJPEG(tif, emsg); + break; + default: + flushRawData(tif, 0, (const u_char*) buf, cc, emsg); + break; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hylafax-5.6.0/util/Class2Params.c++ new/hylafax-5.6.1/util/Class2Params.c++ --- old/hylafax-5.6.0/util/Class2Params.c++ 2018-07-05 02:37:28.000000000 +0200 +++ new/hylafax-5.6.1/util/Class2Params.c++ 2018-09-18 05:30:58.000000000 +0200 @@ -303,6 +303,15 @@ if (dcs_caps.isBitEnabled(FaxParams::BITNUM_FULLCOLOR)) { if (jp == JP_GREY) jp = JP_COLOR; } + /* + * ITU T.30 does not specify that bits 16 (MR) or 31 (MMR) must be set to zero if color fax is used; + * and ITU T.32 Table 21 provides a data field, "JP", for JPEG support separate from "DF" for data + * format and does not specify that DF is meaningless in DCS when JP is used; but because T.4/T.6 + * (MH/MR/MMR), JBIG, and JPEG are distinct formats from each other, we must conclude that any + * indiction of JPEG in DCS must, therefore, invalidate any indication in DCS of MH/MR/MMR/JBIG. + * Otherwise, having both df and jp be non-zero will be confusing and possibly cause problems. + */ + if (jp != JP_NONE) df = 0; // Yes, this is DF_1DMH, but there is no "DF_NONE". if (ec == EC_DISABLE && (df == DF_2DMMR || df == DF_JBIG || jp == JP_GREY || jp == JP_COLOR)) { // MMR, JBIG, and JPEG require ECM... we've seen cases where fax ++++++ [email protected] ++++++ [Unit] Description=HylaFAX faxgetty for %I Documentation=man:faxgetty(8C) After=hylafax-faxq.service [Service] ExecStart=-/usr/sbin/faxgetty /dev/%I Type=idle Restart=always RestartSec=0 UtmpIdentifier=%I TTYPath=/dev/%I KillMode=process IgnoreSIGPIPE=no [Install] WantedBy=multi-user.target ++++++ hylafax-faxq.service ++++++ --- /var/tmp/diff_new_pack.azdNSY/_old 2018-09-19 14:33:11.983310171 +0200 +++ /var/tmp/diff_new_pack.azdNSY/_new 2018-09-19 14:33:11.983310171 +0200 @@ -1,14 +1,14 @@ [Unit] Description=HylaFAX faxq (job scheduler service) ConditionPathExists=/var/spool/hylafax/etc/setup.cache -After=hylafax-hfaxd.service [Service] User=root Group=root Restart=always -RestartSec=30 +SuccessExitStatus=255 ExecStart=/usr/sbin/faxq -D +LimitNOFILE=8192 [Install] WantedBy=multi-user.target
