From URL: - `epson2`: fixes CVE-2020-12867 (GHSL-2020-075) and several memory management issues found while addressing that CVE - `epsonds`: addresses out-of-bound memory access issues to fix CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) and disables network autodiscovery to mitigate CVE-2020-12866 (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 (GHSL-2020-081). Note that this backend does not support network scanners to begin with. - `magicolor`: fixes a floating point exception and uninitialized data read - fixes an overflow in `sanei_tcp_read()`
NOTE: there was an (abandoned) PR for 1.0.28 (we need 1.0.30), https://github.com/gentoo/gentoo/pull/14330, which may be useful.
There is an important post-release patch to prevent compile errors at https://gitlab.com/sane-project/backends/-/commit/6bb87fdf1f3dc190cfc4b7d64b0c8c8c3d10151b.diff
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2359950077b026cc6bbe861b1126f5d34b6eac45 commit 2359950077b026cc6bbe861b1126f5d34b6eac45 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-06-22 21:42:47 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-26 22:34:03 +0000 media-gfx/sane-backends: security bump to 1.0.30 Closes: https://bugs.gentoo.org/691204 Bug: https://bugs.gentoo.org/729312 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/16384 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-gfx/sane-backends/Manifest | 1 + ...ne-backends-1.0.30-missing-stdint-include.patch | 14 + .../sane-backends/sane-backends-1.0.30.ebuild | 344 +++++++++++++++++++++ 3 files changed, 359 insertions(+)
Let's give it a few days until stabilisation because I don't use this package, and we were a few versions behind until now.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4f54515916bb0fb696fb3cbf7632573e1651d60 commit a4f54515916bb0fb696fb3cbf7632573e1651d60 Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-06-27 05:21:55 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-06-28 07:40:46 +0000 media-gfx/sane-backends: add ricoh2 backend, fix IUSE defaults, etc Changes: * Add the ricoh2 backend * Set +zeroconf by default, to avoid a REQUIRED_USE choice being required out of the box. The other backends with a REQUIRED_USE are disabled by default. We could switch to turning off escl by default instead, if defaulting to zeroconf is unfavourable. * Switch escl dep to be multilib, and add missing avahi dependency. * Add pixma libjpeg dep, which was referenced in the ChangeLog for 1.0.28. Bug: https://bugs.gentoo.org/729312 Closes: https://bugs.gentoo.org/729850 Closes: https://bugs.gentoo.org/729808 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Closes: https://github.com/gentoo/gentoo/pull/16447 Signed-off-by: Joonas Niilola <juippis@gentoo.org> .../sane-backends/sane-backends-1.0.30-r2.ebuild | 345 +++++++++++++++++++++ 1 file changed, 345 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49491819885af7f659dafe3a116ada80fbcfe1d7 commit 49491819885af7f659dafe3a116ada80fbcfe1d7 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-06-28 08:23:11 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-06-28 08:24:53 +0000 media-gfx/sane-backends: Fix genesys backend on bigendian Fixes a compile failure on HPPA (and other BE architectures): backend/genesys/low.cpp:542:9: error: ‘depth’ was not declared in this scope Package-Manager: Portage-2.3.103, Repoman-2.3.23 Bug: https://bugs.gentoo.org/729312 Signed-off-by: Jeroen Roovers <jer@gentoo.org> .../files/sane-backends-1.0.30-bigendian-depth.patch | 14 ++++++++++++++ media-gfx/sane-backends/sane-backends-1.0.30-r2.ebuild | 3 ++- 2 files changed, 16 insertions(+), 1 deletion(-)
(In reply to Larry the Git Cow from comment #6) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=49491819885af7f659dafe3a116ada80fbcfe1d7 > > commit 49491819885af7f659dafe3a116ada80fbcfe1d7 > Author: Jeroen Roovers <jer@gentoo.org> Thanks jer for this.
ppc/ppc64 stable
arm64 stable
arm stable
sparc stable
amd64, x86, hppa: ping
amd64 stable
~hppa is fine.
GLSA vote: no
x86 stable
~hppa is fine
Needs cleanup.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=619a6b6164660089f7dee5fcb6ea484f7bcff72b commit 619a6b6164660089f7dee5fcb6ea484f7bcff72b Author: Sam James <sam@gentoo.org> AuthorDate: 2020-09-17 23:20:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-09-17 23:20:22 +0000 media-gfx/sane-backends: security cleanup Bug: https://bugs.gentoo.org/729312 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/sane-backends/Manifest | 1 - .../sane-backends-1.0.27-canon-lide-100.patch | 17 - .../files/sane-backends-1.0.27-network.patch | 42 --- .../sane-backends-1.0.27-revert-samsung.patch | 406 --------------------- ...ne-backends-1.0.27-uninitialized-variable.patch | 25 -- .../sane-backends/sane-backends-1.0.27-r3.ebuild | 344 ----------------- 6 files changed, 835 deletions(-)