Hello community, here is the log from the commit of package sane-backends for openSUSE:Factory checked in at 2020-08-23 09:21:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sane-backends (Old) and /work/SRC/openSUSE:Factory/.sane-backends.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sane-backends" Sun Aug 23 09:21:04 2020 rev:89 rq:828255 version:1.0.30 Changes: -------- --- /work/SRC/openSUSE:Factory/sane-backends/sane-backends.changes 2020-02-29 21:18:20.614052245 +0100 +++ /work/SRC/openSUSE:Factory/.sane-backends.new.3399/sane-backends.changes 2020-08-23 09:21:09.186684246 +0200 @@ -1,0 +2,19 @@ +Tue Aug 18 15:15:05 UTC 2020 - Stefan BrĂ¼ns <[email protected]> + +- Update to 1.0.30: + * epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory + management issues found while addressing that CVE + * epsonds: addresses out-of-bound memory access issues to fix + CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), + addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) + and disables network autodiscovery to mitigate CVE-2020-12866 + (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 + (GHSL-2020-081). Note that this backend does not support network + scanners to begin with. + * magicolor: fixes a floating point exception and uninitialized data + read + * fixes an overflow in sanei_tcp_read() +- Move saned to a separate package +- Cleanup spec file, remove some obsolete mangling of udev rules + +------------------------------------------------------------------- Old: ---- sane-backends-1.0.29.tar.gz New: ---- sane-backends-1.0.30.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sane-backends.spec ++++++ --- /var/tmp/diff_new_pack.47IAc5/_old 2020-08-23 09:21:09.998684696 +0200 +++ /var/tmp/diff_new_pack.47IAc5/_new 2020-08-23 09:21:10.002684699 +0200 @@ -24,7 +24,6 @@ BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel -# Cf. the comment about 'libusb' at .configure below: BuildRequires: libv4l-devel BuildRequires: net-snmp-devel BuildRequires: pkgconfig @@ -44,7 +43,7 @@ Summary: SANE (Scanner Access Now Easy) Scanner Drivers License: GPL-2.0-or-later AND SUSE-GPL-2.0+-with-sane-exception AND SUSE-Public-Domain Group: Hardware/Scanner -Version: 1.0.29 +Version: 1.0.30 Release: 0 URL: http://www.sane-project.org/ # Unfortunately, the first version does not build, as it does not contain a prebuilt configure, @@ -52,7 +51,7 @@ # https://gitlab.com/sane-project/backends/issues/248 # Use the version including a semi-random hash instead, which is a dist tarball # Source0: https://gitlab.com/sane-project/backends/-/archive/%%{version}/backends-%%{version}.tar.gz#/sane-backends-%%{version}.tar.gz -Source0: https://gitlab.com/sane-project/backends/uploads/54f858b20a364fc35d820df935a86478/sane-backends-1.0.29.tar.gz +Source0: https://gitlab.com/sane-project/backends/uploads/c3dd60c9e054b5dee1e7b01a7edc98b0/sane-backends-1.0.30.tar.gz # Source100... is SUSE specific stuff: # Source102 is the OpenSLP registration file for the saned: Source102: sane.reg @@ -168,6 +167,16 @@ If you do not like automated driver activation, do not install this package or remove it when it is already installed. +%package -n sane-saned +Summary: Sane network server +License: GPL-2.0-or-later AND LGPL-2.1-or-later AND SUSE-Public-Domain +Group: Hardware/Scanner +Provides: sane-backends:%{_sbindir}/saned +Conflicts: %{name} < %{version} + +%description -n sane-saned +Saned allows access to locally attached scanners over the network. + %prep %setup -q # Patch2 sane-backends.builttime.patch avoids build-compare noise @@ -201,14 +210,7 @@ export LDFLAGS="-L/%_lib $LDFLAGS" # Enable pthread instead of fork (used in Debian since Feb 2009 and no issues so far), # see https://bugzilla.novell.com/show_bug.cgi?id=633780 -# Enable libusb-1.0 support which is available since sane-backends 1.0.20 -# and libusb-1_0 is available at least since openSUSE 11.1. -# On all systems, the --enable-libusb* flags (in particular --enable-libusb_1_0 ) are now ignored. -# Instead, the --with-usb and --without-usb flags now control support. -# When neither is given, USB support will be enabled if possible and disabled otherwise. -# If --with-usb is requested but not possible, ./configure will fail. -# There is no support to prefer libusb-0.1 over libusb-1.0. -# When libusb-1.0 is not found, libusb-0.1 will be tried. +# # Without converting API spec to supported output formats PostScript, PDF, HTML # i.e. use none of --with_api_ps --with_api_pdf --with_api_html cf. configure.ac # because converting the API spec needs tons of stuff in the build system @@ -346,10 +348,6 @@ # Install the scanner autoconfiguration udev rules file: install -d %{buildroot}%{_udevrulesdir} install -m644 autoconfig.rules %{buildroot}%{_udevrulesdir}/56-sane-backends-autoconfig.rules -# Since version 1.0.19 there is udev and HAL support. -# Therefore the old/outdated hotplug stuff is dropped (was never used by openSUSE). -# Neither tools/hotplug/libsane.usermap nor tools/hotplug/libusbscanner is installed. -# Also the evil-hack init-script "sane-dev" is no longer provided. # Regarding udev: # Modify the generated tools/udev/libsane.rules file as follows: # All GROUP="scanner" are replaced by GROUP="lp". @@ -364,17 +362,13 @@ # to place a paper on the scanner) so that both kind of devices # should usually require the same kind of security. sed -i -e 's/GROUP="scanner"/GROUP="lp"/' tools/udev/libsane.rules -# Regarding SUBSYSTEM=="usb" see the Novell/Suse Bugzilla bug -# https://bugzilla.novell.com/show_bug.cgi?id=294161#c11 -sed -i -e '/^SUBSYSTEM/s/"usb_device"/"usb"/' tools/udev/libsane.rules # Regarding ATTRS{} (formerly SYSFS{}) versus ATTR{} see the Novell/Suse Bugzilla bug # https://bugzilla.novell.com/show_bug.cgi?id=436085#c0 # but for SCSI scanners "ATTRS" is mandatory see the Novell/Suse Bugzilla bug # https://bugzilla.novell.com/show_bug.cgi?id=681146#c20 # so that "ATTRS" is replaced by "ATTR" only for USB scanners. +# Upstream: https://gitlab.com/sane-project/backends/-/issues/341 sed -i -e '/^LABEL="libsane_usb_rules_begin"/,/^LABEL="libsane_usb_rules_end"/s/ATTRS/ATTR/g' tools/udev/libsane.rules -# Disable all ENV{DEVTYPE} lines because we (Suse/Novell) do not need them. -sed -i -e 's/^ENV{DEVTYPE}/# ENV{DEVTYPE}/' tools/udev/libsane.rules # Disable entries for USB scanners which are "unsupported" # but keep the entries for models for which the support status # is "complete", "good", "basic", "minimal", "untested" @@ -406,15 +400,9 @@ sed -i -e "/^ATTR.idVendor.==$m/Is/^ATTR/# ATTR/" tools/udev/libsane.rules fi done -# Newer udev versions complain about NAME="%k" usage with warning messages like -# 'udevd[1234]: NAME="%k" is superfluous and breaks kernel supplied names...' -sed -i -e 's/NAME="%k", //' tools/udev/libsane.rules # Add an entry for "SCSI processor EPSON Perfection1640", # see https://bugzilla.novell.com/show_bug.cgi?id=681146#c43 sed -i -e '/^# Epson Perfection 636S /i# Epson Perfection 1640\nKERNEL=="sg[0-9]*", ATTRS{type}=="3", ATTRS{vendor}=="EPSON", ATTRS{model}=="Perfection1640", MODE="0664", GROUP="lp", ENV{libsane_matched}="yes"' tools/udev/libsane.rules -# Add a wildcard entry for any "SCSI processor EPSON SCANNER*" -# see http://lists.alioth.debian.org/pipermail/sane-devel/2011-June/028739.html -sed -i -e '/^# Epson Perfection 2450 /i# Any SCSI processor EPSON SCANNER...\nKERNEL=="sg[0-9]*", ATTRS{type}=="3", ATTRS{vendor}=="EPSON", ATTRS{model}=="SCANNER*", MODE="0664", GROUP="lp", ENV{libsane_matched}="yes"' tools/udev/libsane.rules # Install the udev rules file: install -m644 tools/udev/libsane.rules %{buildroot}%{_udevrulesdir}/55-libsane.rules # Service files: @@ -434,7 +422,7 @@ # https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25find_lang %find_lang sane-backends -%pre +%pre -n sane-saned if [ $1 = 2 ] ; then # In case of an upgrade the erroneously created as directories saned.socket and [email protected] # must be removed, otherwise the upgrade will fail, @@ -449,26 +437,30 @@ fi %service_add_pre saned.socket -%post +%post -n sane-saned %service_add_post saned.socket -%preun +%preun -n sane-saned %service_del_preun saned.socket -%postun +%postun -n sane-saned %service_del_postun saned.socket %post -n %{libname} -p /sbin/ldconfig %postun -n %{libname} -p /sbin/ldconfig +%files -n sane-saned +%dir %{_sysconfdir}/slp.reg.d +%config(noreplace) %{_sysconfdir}/slp.reg.d/* +%{_sbindir}/saned +%{_unitdir}/[email protected] +%{_unitdir}/saned.socket +%doc %{_mandir}/man8/saned.8.gz + %files -f sane-backends.lang -%defattr(-,root,root) %dir %{_sysconfdir}/sane.d %config(noreplace) %{_sysconfdir}/sane.d/*.conf -%dir %{_sysconfdir}/slp.reg.d -%config(noreplace) %{_sysconfdir}/slp.reg.d/* %{_udevrulesdir}/55-libsane.rules -%{_sbindir}/saned %{_bindir}/scanimage %{_bindir}/sane-find-scanner %{_bindir}/gamma4scanimage @@ -476,8 +468,6 @@ %{_datadir}/sane/ %{_libdir}/sane/ %exclude %{_libdir}/sane/libsane-dll.so.* -%{_unitdir}/[email protected] -%{_unitdir}/saned.socket #dir /var/lock/sane %doc %{_defaultdocdir}/sane-backends/ %doc %{_mandir}/man1/scanimage.1.gz @@ -485,7 +475,6 @@ %doc %{_mandir}/man1/gamma4scanimage.1.gz %doc %{_mandir}/man5/sane-*.5.gz %doc %{_mandir}/man7/sane.7.gz -%doc %{_mandir}/man8/saned.8.gz %files -n %{libname} %dir %{_libdir}/sane/ @@ -495,7 +484,6 @@ %{_libdir}/libsane.so.* %files devel -%defattr(-,root,root) %{_bindir}/sane-config %{_includedir}/sane/ %{_libdir}/libsane.so @@ -503,7 +491,6 @@ %doc %{_mandir}/man1/sane-config.1.gz %files autoconfig -%defattr(-,root,root) %{_udevrulesdir}/56-sane-backends-autoconfig.rules %changelog ++++++ sane-backends-1.0.29.tar.gz -> sane-backends-1.0.30.tar.gz ++++++ /work/SRC/openSUSE:Factory/sane-backends/sane-backends-1.0.29.tar.gz /work/SRC/openSUSE:Factory/.sane-backends.new.3399/sane-backends-1.0.30.tar.gz differ: char 5, line 1
