packages/sane-backends
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:5581cf66dbfcb3215a333f264efed4a39f69ce68
Branches Tags
packages:main
..
compare: packages:9fa2f49b09b16282b16dd4bfedbc97787cab5a90
Branches Tags
packages:main

No commits in common. "5581cf66dbfcb3215a333f264efed4a39f69ce68" and "9fa2f49b09b16282b16dd4bfedbc97787cab5a90" have entirely different histories.
5581cf66db ... 9fa2f49b09

8 changed files with 2 additions and 642 deletions
Show Stats Expand all files Collapse all files

37
Add-check-for-ports-to-avoid-Segmentation-fault.patch
View File

@ -1,37 +0,0 @@
From d7bd15792ea3d2613aa5a0b09d948dc2ef77dfcf Mon Sep 17 00:00:00 2001
From: lingsheng <lingsheng@huawei.com>
Date: Wed, 27 Jan 2021 15:00:32 +0800
Subject: [PATCH] Add check for ports to avoid Segmentation fault
---
tools/umax_pp.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/tools/umax_pp.c b/tools/umax_pp.c
index 7b127e3..00ffea9 100644
--- a/tools/umax_pp.c
+++ b/tools/umax_pp.c
@@ -355,12 +355,15 @@ main (int argc, char **argv)
if (rc != 1)
{
ports = sanei_parport_find_port ();
- i = 0;
- rc = 0;
- while ((ports[i] != NULL) && (rc != 1))
+ if (ports != NULL)
{
- rc = sanei_umax_pp_initPort (strtol (ports[i], NULL, 16), NULL);
- i++;
+ i = 0;
+ rc = 0;
+ while ((ports[i] != NULL) && (rc != 1))
+ {
+ rc = sanei_umax_pp_initPort (strtol (ports[i], NULL, 16), NULL);
+ i++;
+ }
}
}
if (rc != 1)
--
2.23.0

75
CVE-2020-12862.patch
View File

@ -1,75 +0,0 @@
From 27ea994d23ee52fe1ec1249c92ebc1080a358288 Mon Sep 17 00:00:00 2001
From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
Date: Thu, 30 Apr 2020 21:15:45 +0900
Subject: [PATCH] epsonds: Do not read beyond the end of the token
Addresses GHSL-2020-082, re #279.
---
backend/epsonds-cmd.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/backend/epsonds-cmd.c b/backend/epsonds-cmd.c
index 9a4db3080..7ca660f1f 100644
--- a/backend/epsonds-cmd.c
+++ b/backend/epsonds-cmd.c
@@ -255,18 +255,20 @@ static int decode_value(char *buf, int len)
}
/* h000 */
-static char *decode_binary(char *buf)
+static char *decode_binary(char *buf, int len)
{
char tmp[6];
int hl;
memcpy(tmp, buf, 4);
tmp[4] = '\0';
+ len -= 4;
if (buf[0] != 'h')
return NULL;
hl = strtol(tmp + 1, NULL, 16);
+ if (hl > len) hl = len;
if (hl) {
char *v = malloc(hl + 1);
@@ -279,9 +281,9 @@ static char *decode_binary(char *buf)
return NULL;
}
-static char *decode_string(char *buf)
+static char *decode_string(char *buf, int len)
{
- char *p, *s = decode_binary(buf);
+ char *p, *s = decode_binary(buf, len);
if (s == NULL)
return NULL;
@@ -326,20 +328,20 @@ static SANE_Status info_cb(void *userdata, char *token, int len)
if (strncmp("PRD", token, 3) == 0) {
free(s->hw->model);
- s->hw->model = decode_string(value);
+ s->hw->model = decode_string(value, len);
s->hw->sane.model = s->hw->model;
DBG(1, " product: %s\n", s->hw->model);
/* we will free the string later */
}
if (strncmp("VER", token, 3) == 0) {
- char *v = decode_string(value);
+ char *v = decode_string(value, len);
DBG(1, " version: %s\n", v);
free(v);
}
if (strncmp("S/N", token, 3) == 0) {
- char *v = decode_string(value);
+ char *v = decode_string(value, len);
DBG(1, " serial: %s\n", v);
free(v);
}
--
GitLab

27
CVE-2020-12863.patch
View File

@ -1,27 +0,0 @@
From db9480b09ea807e52029f2334769a55d4b95e45b Mon Sep 17 00:00:00 2001
From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
Date: Mon, 27 Apr 2020 18:24:56 +0900
Subject: [PATCH] epsonds: Read only up to seven hexdigits to determine payload
size
Addresses GHSL-2020-083, re #279.
---
backend/epsonds-cmd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/backend/epsonds-cmd.c b/backend/epsonds-cmd.c
index 9a4db3080..23327bb18 100644
--- a/backend/epsonds-cmd.c
+++ b/backend/epsonds-cmd.c
@@ -117,7 +117,7 @@ esci2_check_header(const char *cmd, const char *buf, unsigned int *more)
return 0;
}
- err = sscanf(&buf[5], "%x#", more);
+ err = sscanf(&buf[5], "%7x#", more);
if (err != 1) {
DBG(1, "cannot decode length from header\n");
return 0;
--
GitLab

72
CVE-2020-12865.patch
View File

@ -1,72 +0,0 @@
From b9b0173409df73e235da2aa0dae5edd21fb55967 Mon Sep 17 00:00:00 2001
From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
Date: Mon, 27 Apr 2020 18:48:29 +0900
Subject: [PATCH] epsonds: Prevent possible buffer overflow when reading image
data
Addresses GHSL-2020-084, re #279.
---
backend/epsonds-cmd.c | 5 +++++
backend/epsonds.c | 12 +++++++-----
backend/epsonds.h | 1 +
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/backend/epsonds-cmd.c b/backend/epsonds-cmd.c
index 9a4db3080..c182aa51a 100644
--- a/backend/epsonds-cmd.c
+++ b/backend/epsonds-cmd.c
@@ -876,6 +876,11 @@ esci2_img(struct epsonds_scanner *s, SANE_Int *length)
return parse_status;
}
+ /* more data than was accounted for in s->buf */
+ if (more > s->bsz) {
+ return SANE_STATUS_IO_ERROR;
+ }
+
/* ALWAYS read image data */
if (s->hw->connection == SANE_EPSONDS_NET) {
epsonds_net_request_read(s, more);
diff --git a/backend/epsonds.c b/backend/epsonds.c
index ff5d68106..fb9694a88 100644
--- a/backend/epsonds.c
+++ b/backend/epsonds.c
@@ -1230,16 +1230,18 @@ sane_start(SANE_Handle handle)
if (s->line_buffer == NULL)
return SANE_STATUS_NO_MEM;
- /* ring buffer for front page, twice bsz */
+ /* transfer buffer size, bsz */
/* XXX read value from scanner */
- status = eds_ring_init(&s->front, (65536 * 4) * 2);
+ s->bsz = (65536 * 4);
+
+ /* ring buffer for front page */
+ status = eds_ring_init(&s->front, s->bsz * 2);
if (status != SANE_STATUS_GOOD) {
return status;
}
- /* transfer buffer, bsz */
- /* XXX read value from scanner */
- s->buf = realloc(s->buf, 65536 * 4);
+ /* transfer buffer */
+ s->buf = realloc(s->buf, s->bsz);
if (s->buf == NULL)
return SANE_STATUS_NO_MEM;
diff --git a/backend/epsonds.h b/backend/epsonds.h
index 0427ef3b4..401b0f32c 100644
--- a/backend/epsonds.h
+++ b/backend/epsonds.h
@@ -160,6 +160,7 @@ struct epsonds_scanner
Option_Value val[NUM_OPTIONS];
SANE_Parameters params;
+ size_t bsz; /* transfer buffer size */
SANE_Byte *buf, *line_buffer;
ring_buffer *current, front, back;
--
GitLab

249
CVE-2020-12867.patch
View File

@ -1,249 +0,0 @@
From fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 Mon Sep 17 00:00:00 2001
From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
Date: Thu, 30 Apr 2020 18:24:51 +0900
Subject: [PATCH] epson2: Rewrite network I/O
This addresses GHSL-2020-075 as well as all other problematic code
uncovered as a result of investigating that. This includes:
- buffer overflows due to use of unchecked lengths
- integer overflows due to type conversions
- potential memory leaks
- checking for memory allocation failures
Re #279.
---
backend/epson2_net.c | 140 +++++++++++++++++++++++++------------------
backend/epson2_net.h | 4 +-
2 files changed, 85 insertions(+), 59 deletions(-)
diff --git a/backend/epson2_net.c b/backend/epson2_net.c
index 8d0fe9ea7..7f804eea8 100644
--- a/backend/epson2_net.c
+++ b/backend/epson2_net.c
@@ -32,11 +32,12 @@
#include "sane/sanei_debug.h"
-static int
+static ssize_t
sanei_epson_net_read_raw(Epson_Scanner *s, unsigned char *buf, ssize_t wanted,
SANE_Status *status)
{
- int ready, read = -1;
+ int ready;
+ ssize_t read = -1;
fd_set readable;
struct timeval tv;
@@ -62,111 +63,136 @@ sanei_epson_net_read_raw(Epson_Scanner *s, unsigned char *buf, ssize_t wanted,
return read;
}
-int
-sanei_epson_net_read(Epson_Scanner *s, unsigned char *buf, ssize_t wanted,
+static ssize_t
+sanei_epson_net_read_buf(Epson_Scanner *s, unsigned char *buf, ssize_t wanted,
SANE_Status * status)
{
- ssize_t size;
ssize_t read = 0;
- unsigned char header[12];
- /* read from buffer, if available */
- if (s->netptr != s->netbuf) {
- DBG(23, "reading %lu from buffer at %p, %lu available\n",
- (u_long) wanted, s->netptr, (u_long) s->netlen);
+ DBG(23, "%s: reading up to %lu from buffer at %p, %lu available\n",
+ __func__, (u_long) wanted, s->netptr, (u_long) s->netlen);
- memcpy(buf, s->netptr, wanted);
- read = wanted;
+ if ((size_t) wanted > s->netlen) {
+ *status = SANE_STATUS_IO_ERROR;
+ wanted = s->netlen;
+ }
- s->netlen -= wanted;
+ memcpy(buf, s->netptr, wanted);
+ read = wanted;
- if (s->netlen == 0) {
- DBG(23, "%s: freeing %p\n", __func__, s->netbuf);
- free(s->netbuf);
- s->netbuf = s->netptr = NULL;
- s->netlen = 0;
- }
+ s->netptr += read;
+ s->netlen -= read;
+
+ if (s->netlen == 0) {
+ DBG(23, "%s: freeing %p\n", __func__, s->netbuf);
+ free(s->netbuf);
+ s->netbuf = s->netptr = NULL;
+ s->netlen = 0;
+ }
+
+ return read;
+}
+
+ssize_t
+sanei_epson_net_read(Epson_Scanner *s, unsigned char *buf, ssize_t wanted,
+ SANE_Status * status)
+{
+ if (wanted < 0) {
+ *status = SANE_STATUS_INVAL;
+ return 0;
+ }
+
+ size_t size;
+ ssize_t read = 0;
+ unsigned char header[12];
- return read;
+ /* read from remainder of buffer */
+ if (s->netptr) {
+ return sanei_epson_net_read_buf(s, buf, wanted, status);
}
/* receive net header */
- size = sanei_epson_net_read_raw(s, header, 12, status);
- if (size != 12) {
+ read = sanei_epson_net_read_raw(s, header, 12, status);
+ if (read != 12) {
return 0;
}
+ /* validate header */
if (header[0] != 'I' || header[1] != 'S') {
DBG(1, "header mismatch: %02X %02x\n", header[0], header[1]);
*status = SANE_STATUS_IO_ERROR;
return 0;
}
+ /* parse payload size */
size = be32atoh(&header[6]);
- DBG(23, "%s: wanted = %lu, available = %lu\n", __func__,
- (u_long) wanted, (u_long) size);
-
*status = SANE_STATUS_GOOD;
- if (size == wanted) {
-
- DBG(15, "%s: full read\n", __func__);
-
- read = sanei_epson_net_read_raw(s, buf, size, status);
+ if (!s->netbuf) {
+ DBG(15, "%s: direct read\n", __func__);
+ DBG(23, "%s: wanted = %lu, available = %lu\n", __func__,
+ (u_long) wanted, (u_long) size);
- if (s->netbuf) {
- free(s->netbuf);
- s->netbuf = NULL;
- s->netlen = 0;
+ if ((size_t) wanted > size) {
+ wanted = size;
}
- if (read < 0) {
- return 0;
- }
-
-/* } else if (wanted < size && s->netlen == size) { */
+ read = sanei_epson_net_read_raw(s, buf, wanted, status);
} else {
- DBG(23, "%s: partial read\n", __func__);
+ DBG(15, "%s: buffered read\n", __func__);
+ DBG(23, "%s: bufferable = %lu, available = %lu\n", __func__,
+ (u_long) s->netlen, (u_long) size);
- read = sanei_epson_net_read_raw(s, s->netbuf, size, status);
- if (read != size) {
- return 0;
+ if (s->netlen > size) {
+ s->netlen = size;
}
- s->netlen = size - wanted;
- s->netptr += wanted;
- read = wanted;
-
- DBG(23, "0,4 %02x %02x\n", s->netbuf[0], s->netbuf[4]);
- DBG(23, "storing %lu to buffer at %p, next read at %p, %lu bytes left\n",
- (u_long) size, s->netbuf, s->netptr, (u_long) s->netlen);
+ /* fill buffer */
+ read = sanei_epson_net_read_raw(s, s->netbuf, s->netlen, status);
+ s->netptr = s->netbuf;
+ s->netlen = (read > 0 ? read : 0);
- memcpy(buf, s->netbuf, wanted);
+ /* copy wanted part */
+ read = sanei_epson_net_read_buf(s, buf, wanted, status);
}
return read;
}
-
-int
+size_t
sanei_epson_net_write(Epson_Scanner *s, unsigned int cmd, const unsigned char *buf,
size_t buf_size, size_t reply_len, SANE_Status *status)
{
unsigned char *h1, *h2, *payload;
unsigned char *packet = malloc(12 + 8 + buf_size);
- /* XXX check allocation failure */
+ if (!packet) {
+ *status = SANE_STATUS_NO_MEM;
+ return 0;
+ }
h1 = packet;
h2 = packet + 12;
payload = packet + 12 + 8;
if (reply_len) {
- s->netbuf = s->netptr = malloc(reply_len);
+ if (s->netbuf) {
+ DBG(23, "%s, freeing %p, %ld bytes unprocessed\n",
+ __func__, s->netbuf, (u_long) s->netlen);
+ free(s->netbuf);
+ s->netbuf = s->netptr = NULL;
+ s->netlen = 0;
+ }
+ s->netbuf = malloc(reply_len);
+ if (!s->netbuf) {
+ free(packet);
+ *status = SANE_STATUS_NO_MEM;
+ return 0;
+ }
s->netlen = reply_len;
- DBG(24, "allocated %lu bytes at %p\n",
- (u_long) reply_len, s->netbuf);
+ DBG(24, "%s: allocated %lu bytes at %p\n", __func__,
+ (u_long) s->netlen, s->netbuf);
}
DBG(24, "%s: cmd = %04x, buf = %p, buf_size = %lu, reply_len = %lu\n",
diff --git a/backend/epson2_net.h b/backend/epson2_net.h
index 6aef2b725..7db671bf1 100644
--- a/backend/epson2_net.h
+++ b/backend/epson2_net.h
@@ -4,9 +4,9 @@
#include <sys/types.h>
#include "../include/sane/sane.h"
-extern int sanei_epson_net_read(struct Epson_Scanner *s, unsigned char *buf, ssize_t buf_size,
+extern ssize_t sanei_epson_net_read(struct Epson_Scanner *s, unsigned char *buf, ssize_t buf_size,
SANE_Status *status);
-extern int sanei_epson_net_write(struct Epson_Scanner *s, unsigned int cmd, const unsigned char *buf,
+extern size_t sanei_epson_net_write(struct Epson_Scanner *s, unsigned int cmd, const unsigned char *buf,
size_t buf_size, size_t reply_len,
SANE_Status *status);
extern SANE_Status sanei_epson_net_lock(struct Epson_Scanner *s);
--
GitLab

30
CVE-2023-46047.patch
View File

@ -1,30 +0,0 @@
From a617461c630da22f4bcc22c687f5a299b5630e2d Mon Sep 17 00:00:00 2001
From: Ralph Little <skelband@gmail.com>
Date: Mon, 2 Oct 2023 16:40:27 -0700
Subject: [PATCH] sanei_config: malformed line can return NULL for token. We
should check.
---
sanei/sanei_config.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/sanei/sanei_config.c b/sanei/sanei_config.c
index 07c85c964..45f380337 100644
--- a/sanei/sanei_config.c
+++ b/sanei/sanei_config.c
@@ -295,6 +295,12 @@ sanei_configure_attach (const char *config_file, SANEI_Config * config,
* So we parse the line 2 time to find an option */
/* check if it is an option */
lp = sanei_config_get_string (lp, &token);
+ if (NULL == token)
+ {
+ // Invalid format?
+ continue;
+ }
+
if (strncmp (token, "option", 6) == 0)
{
/* skip the "option" token */
--
GitLab

126
CVE-2023-46052.patch
View File

@ -1,126 +0,0 @@
From 6fc47c4c1472ea244561b18d5d6e3e8eefb1cde7 Mon Sep 17 00:00:00 2001
From: Ralph Little <skelband@gmail.com>
Date: Mon, 2 Oct 2023 16:23:07 -0700
Subject: [PATCH] test: added validation checks for config string option
saelections.
This will avoid a reported buffer overflow issue related to invalid (long) options being specified.
---
backend/test.c | 63 ++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 51 insertions(+), 12 deletions(-)
diff --git a/backend/test.c b/backend/test.c
index ea7329073..4663a16e4 100644
--- a/backend/test.c
+++ b/backend/test.c
@@ -1432,6 +1432,43 @@ read_option (SANE_String line, SANE_String option_string,
return SANE_STATUS_GOOD;
}
+
+static SANE_Status
+read_option_str_list (SANE_String line, SANE_String option_string,
+ parameter_type p_type, void *value,
+ SANE_String_Const *string_list)
+{
+ SANE_String new_value = NULL;
+
+ SANE_Status ret = read_option (line, option_string, p_type, &new_value);
+ if (ret != SANE_STATUS_GOOD)
+ {
+ if (new_value)
+ {
+ free(new_value);
+ }
+ return ret;
+ }
+
+ for (SANE_String_Const *option = string_list; *option; option++)
+ {
+ if (strcmp (*option, new_value) == 0)
+ {
+
+ if (*(SANE_String*) value)
+ {
+ free (*(SANE_String*) value);
+ }
+ *(SANE_String*) value = new_value;
+
+ return SANE_STATUS_GOOD;
+ }
+ }
+
+ return SANE_STATUS_INVAL;
+}
+
+
static SANE_Status
reader_process (Test_Device * test_device, SANE_Int fd)
{
@@ -1636,7 +1673,6 @@ print_options (Test_Device * test_device)
/***************************** SANE API ****************************/
-
SANE_Status
sane_init (SANE_Int * __sane_unused__ version_code, SANE_Auth_Callback __sane_unused__ authorize)
{
@@ -1736,20 +1772,23 @@ sane_init (SANE_Int * __sane_unused__ version_code, SANE_Auth_Callback __sane_un
DBG (5, "sane_init: config file line %3d: `%s'\n",
linenumber, line);
+
if (read_option (line, "number_of_devices", param_int,
&init_number_of_devices) == SANE_STATUS_GOOD)
continue;
- if (read_option (line, "mode", param_string,
- &init_mode) == SANE_STATUS_GOOD)
- continue;
+
+ if (read_option_str_list (line, "mode", param_string,
+ &init_mode, mode_list) == SANE_STATUS_GOOD)
+ continue;
+
if (read_option (line, "hand-scanner", param_bool,
&init_hand_scanner) == SANE_STATUS_GOOD)
continue;
if (read_option (line, "three-pass", param_bool,
&init_three_pass) == SANE_STATUS_GOOD)
continue;
- if (read_option (line, "three-pass-order", param_string,
- &init_three_pass_order) == SANE_STATUS_GOOD)
+ if (read_option_str_list (line, "three-pass-order", param_string,
+ &init_three_pass_order, order_list) == SANE_STATUS_GOOD)
continue;
if (read_option (line, "resolution_min", param_fixed,
&resolution_range.min) == SANE_STATUS_GOOD)
@@ -1766,11 +1805,11 @@ sane_init (SANE_Int * __sane_unused__ version_code, SANE_Auth_Callback __sane_un
if (read_option (line, "depth", param_int,
&init_depth) == SANE_STATUS_GOOD)
continue;
- if (read_option (line, "scan-source", param_string,
- &init_scan_source) == SANE_STATUS_GOOD)
+ if (read_option_str_list (line, "scan-source", param_string,
+ &init_scan_source, source_list) == SANE_STATUS_GOOD)
continue;
- if (read_option (line, "test-picture", param_string,
- &init_test_picture) == SANE_STATUS_GOOD)
+ if (read_option_str_list (line, "test-picture", param_string,
+ &init_test_picture, test_picture_list) == SANE_STATUS_GOOD)
continue;
if (read_option (line, "invert-endianess", param_bool,
&init_invert_endianess) == SANE_STATUS_GOOD)
@@ -1787,8 +1826,8 @@ sane_init (SANE_Int * __sane_unused__ version_code, SANE_Auth_Callback __sane_un
if (read_option (line, "read-delay-duration", param_int,
&init_read_delay_duration) == SANE_STATUS_GOOD)
continue;
- if (read_option (line, "read-status-code", param_string,
- &init_read_status_code) == SANE_STATUS_GOOD)
+ if (read_option_str_list (line, "read-status-code", param_string,
+ &init_read_status_code, read_status_code_list) == SANE_STATUS_GOOD)
continue;
if (read_option (line, "ppl-loss", param_int,
&init_ppl_loss) == SANE_STATUS_GOOD)
--
GitLab

28
sane-backends.spec
View File

@ -3,9 +3,9 @@
Name: sane-backends Name: sane-backends
Version: 1.0.28 Version: 1.0.28
Release: 12 Release: 7
Summary: Scanner access software Summary: Scanner access software
License: GPLv2+ and GPLv2+ and Public Domain and IJG and LGPLv2+ and MIT License: GPLv2+ and GPLv2+ with exceptions and Public Domain and IJG and LGPLv2+ and MIT
URL: http://www.sane-project.org URL: http://www.sane-project.org
Source0: https://gitlab.com/sane-project/backends/uploads/9e718daff347826f4cfe21126c8d5091/%{name}-%{version}.tar.gz Source0: https://gitlab.com/sane-project/backends/uploads/9e718daff347826f4cfe21126c8d5091/%{name}-%{version}.tar.gz
Source1: saned.socket Source1: saned.socket
@ -22,15 +22,6 @@ Patch0000: 0001-genesys-Make-sure-calib_reg-are-available-before-wri.pat
Patch0001: sane-xerox-mfp-blacklist-C460-for-JPEG.patch Patch0001: sane-xerox-mfp-blacklist-C460-for-JPEG.patch
Patch0002: sane-genesys-vector-glibcxxassert.patch Patch0002: sane-genesys-vector-glibcxxassert.patch
Patch0003: CVE-2020-12861-CVE-2020-12866-CVE-2020-12864.patch Patch0003: CVE-2020-12861-CVE-2020-12866-CVE-2020-12864.patch
Patch0004: CVE-2020-12867.patch
Patch0005: Add-check-for-ports-to-avoid-Segmentation-fault.patch
Patch0006: CVE-2020-12862.patch
Patch0007: CVE-2020-12865.patch
Patch0008: CVE-2020-12863.patch
# https://gitlab.com/sane-project/backends/-/commit/fd7b83c8f7b4da4a9e1fb715d070aa2fd96832ff
Patch0009: CVE-2023-46047.patch
# https://gitlab.com/sane-project/backends/-/commit/a92ffb3d978329c29513b0acb98ae7987ec1bed7
Patch0010: CVE-2023-46052.patch
%description %description
SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners SANE (Scanner Access Now Easy) is a sane and simple interface to both local and networked scanners
@ -213,21 +204,6 @@ exit 0
%{_unitdir}/* %{_unitdir}/*
%changelog %changelog
* Fri May 10 2024 yaoxin <yao_xin001@hoperun.com> - 1.0.28-12
- Fix CVE-2023-46047 and CVE-2023-46052
* Sat Oct 09 2021 houyingchao <houyingchao@huawei.com> - 1.0.28-11
- Fix CVE-2020-12863
* Fri Feb 05 2021 wangyue <wangyue92@huawei.com> - 1.0.28-10
- Fix CVE-2020-12862 CVE-2020-12865
* Wed Jan 27 2021 lingsheng <lingsheng@huawei.com> - 1.0.28-9
- Add check for ports to avoid Segmentation fault
* Mon Jan 18 2021 zhanghua <zhanghua40@huawei.com> - 1.0.28-8
- fix CVE-2020-12867
* Wed Dec 16 2020 zhanghua <zhanghua40@huawei.com> - 1.0.28-7 * Wed Dec 16 2020 zhanghua <zhanghua40@huawei.com> - 1.0.28-7
- fix CVE-2020-12861, CVE-2020-12866, CVE-2020-12864 - fix CVE-2020-12861, CVE-2020-12866, CVE-2020-12864