diff --git a/sane-backends-1.0.18-string-oob.patch b/sane-backends-1.0.18-string-oob.patch deleted file mode 100644 index bfdbd40..0000000 --- a/sane-backends-1.0.18-string-oob.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -ur sane-backends-1.0.18.orig/backend/fujitsu.c sane-backends-1.0.18/backend/fujitsu.c ---- sane-backends-1.0.18.orig/backend/fujitsu.c 2008-01-18 19:38:27.000000000 +0000 -+++ sane-backends-1.0.18/backend/fujitsu.c 2008-01-18 19:47:13.000000000 +0000 -@@ -416,6 +416,9 @@ - - /* delete newline characters at end */ - len = strlen (line); -+ if (!len) -+ continue; -+ - if (line[len - 1] == '\n') - line[--len] = '\0'; - diff --git a/sane-backends-1.0.19-uninitialized.patch b/sane-backends-1.0.19-uninitialized.patch new file mode 100644 index 0000000..cce1e2f --- /dev/null +++ b/sane-backends-1.0.19-uninitialized.patch @@ -0,0 +1,96 @@ +diff -up sane-backends-1.0.19/backend/epjitsu.c.uninitialized sane-backends-1.0.19/backend/epjitsu.c +--- sane-backends-1.0.19/backend/epjitsu.c.uninitialized 2007-12-30 02:31:13.000000000 +0100 ++++ sane-backends-1.0.19/backend/epjitsu.c 2008-02-14 19:31:38.000000000 +0100 +@@ -210,7 +210,6 @@ sane_init (SANE_Int * version_code, SANE + struct scanner *dev; + char line[PATH_MAX]; + const char *lp; +- size_t len; + + authorize = authorize; /* get rid of compiler warning */ + +@@ -233,17 +232,12 @@ sane_init (SANE_Int * version_code, SANE + + while (sanei_config_read (line, PATH_MAX, fp)) { + ++ lp = line; ++ + /* ignore comments */ +- if (line[0] == '#') ++ if (*lp == '#') + continue; + +- /* delete newline characters at end */ +- len = strlen (line); +- if (line[len - 1] == '\n') +- line[--len] = '\0'; +- +- lp = sanei_config_skip_whitespace (line); +- + /* skip empty lines */ + if (*lp == 0) + continue; +diff -up sane-backends-1.0.19/backend/fujitsu.c.uninitialized sane-backends-1.0.19/backend/fujitsu.c +--- sane-backends-1.0.19/backend/fujitsu.c.uninitialized 2008-01-23 02:21:21.000000000 +0100 ++++ sane-backends-1.0.19/backend/fujitsu.c 2008-02-14 19:31:38.000000000 +0100 +@@ -480,7 +480,6 @@ find_scanners () + struct fujitsu *dev; + char line[PATH_MAX]; + const char *lp; +- size_t len; + FILE *fp; + int num_devices=0; + int i=0; +@@ -498,17 +497,12 @@ find_scanners () + + while (sanei_config_read (line, PATH_MAX, fp)) { + ++ lp = line; ++ + /* ignore comments */ +- if (line[0] == '#') ++ if (*lp == '#') + continue; + +- /* delete newline characters at end */ +- len = strlen (line); +- if (line[len - 1] == '\n') +- line[--len] = '\0'; +- +- lp = sanei_config_skip_whitespace (line); +- + /* skip empty lines */ + if (*lp == 0) + continue; +diff -up sane-backends-1.0.19/backend/cardscan.c.uninitialized sane-backends-1.0.19/backend/cardscan.c +--- sane-backends-1.0.19/backend/cardscan.c.uninitialized 2007-10-26 16:56:37.000000000 +0200 ++++ sane-backends-1.0.19/backend/cardscan.c 2008-02-14 19:31:38.000000000 +0100 +@@ -320,7 +320,6 @@ sane_get_devices (const SANE_Device *** + struct scanner *dev; + char line[PATH_MAX]; + const char *lp; +- size_t len; + FILE *fp; + int num_devices=0; + int i=0; +@@ -337,17 +336,12 @@ sane_get_devices (const SANE_Device *** + + while (sanei_config_read (line, PATH_MAX, fp)) { + ++ lp = line; ++ + /* ignore comments */ +- if (line[0] == '#') ++ if (*lp == '#') + continue; + +- /* delete newline characters at end */ +- len = strlen (line); +- if (line[len - 1] == '\n') +- line[--len] = '\0'; +- +- lp = sanei_config_skip_whitespace (line); +- + /* skip empty lines */ + if (*lp == 0) + continue; diff --git a/sane-backends.spec b/sane-backends.spec index 5acaef1..bbc69ac 100644 --- a/sane-backends.spec +++ b/sane-backends.spec @@ -22,7 +22,7 @@ Summary: Scanner access software Name: sane-backends Version: 1.0.19 -Release: 4%{?dist} +Release: 5%{?dist} License: GPL (programs), relaxed LGPL (libraries), and public domain (docs) Group: System Environment/Libraries Source0: ftp://ftp.sane-project.org/pub/sane/%{name}-%{version}/%{name}-%{version}.tar.gz @@ -33,7 +33,7 @@ Patch1: sane-backends-1.0.18-rpath.patch Patch2: sane-backends-1.0.19-pkgconfig.patch Patch3: sane-backends-1.0.18-glibc-2.7.patch Patch4: sane-backends-1.0.19-policykit.patch -Patch5: sane-backends-1.0.18-string-oob.patch +Patch5: sane-backends-1.0.19-uninitialized.patch URL: http://www.sane-project.org BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%__id_u -n) BuildRequires: tetex-latex @@ -118,7 +118,7 @@ want to access digital cameras. %patch2 -p1 -b .pkgconfig %patch3 -p1 -b .glibc-2.7 %patch4 -p1 -b .policykit -%patch5 -p1 -b .string-oob +%patch5 -p1 -b .uninitialized for i in agfafocus avision coolscan2 umax_pp; do iconv -f iso-8859-1 -t utf-8 < "doc/sane-$i.man" > "doc/sane-$i.man_" @@ -237,6 +237,10 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/sane-backends.pc %changelog +* Thu Feb 14 2008 Nils Philippsen - 1.0.19-5 +- replace string-oob patch with uninitialized patch by upstream which covers + more backends + * Thu Feb 14 2008 Nils Philippsen - 1.0.19-4 - guard against out-of-bounds string access in fujitsu backend (#429338, patch by Caolan McNamara)