1commit d5187355f6e0de529b562569509a1851dda7ad84
2Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
3Date:   2020-05-17 20:16:28 +0900
4
5    NEWS: Document changes for 1.0.30 release
6
7commit 1fe94e6674d0572d2408361903730f012c60fc6c
8Merge: 898ab1834864 5104b80fc8f0
9Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
10Date:   2020-05-17 16:26:00 +0900
11
12    Merge branch '279-confidential-issue' into release/1.0.30
13
14commit 5104b80fc8f0d6528b856233a52846a414ae6616
15Merge: f38c9f0d64a5 30b1831a28f2
16Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
17Date:   2020-05-14 09:36:25 +0000
18
19    Merge branch 'mitigate-epsonds-net-security-issue' into '279-confidential-issue'
20
21    epsonds: Mitigate potential network related security issues.  Re #279
22
23    See merge request paddy-hack/backends!9
24
25commit 30b1831a28f24ab2921b9f717c66d37f02bb81cc
26Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
27Date:   2020-05-11 21:07:12 +0900
28
29    epsonds: Mitigate potential network related security issues.  Re #279
30
31    This pre-empts the possibility of triggering GHSL-2020-079, GHSL-2020-080
32    and GHSL-2020-081.
33
34commit f38c9f0d64a52697562abdfbf9c9044cb1b7e897
35Merge: 3d005c2570a7 b9b0173409df
36Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
37Date:   2020-05-07 09:42:42 +0000
38
39    Merge branch 'issue09-esci2-img-buffer-size-check' into '279-confidential-issue'
40
41    epsonds: Prevent possible buffer overflow when reading image data
42
43    See merge request paddy-hack/backends!8
44
45commit b9b0173409df73e235da2aa0dae5edd21fb55967
46Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
47Date:   2020-04-27 18:48:29 +0900
48
49    epsonds: Prevent possible buffer overflow when reading image data
50
51    Addresses GHSL-2020-084, re #279.
52
53commit 3d005c2570a71fe93a63192d9c47ee54cb39049b
54Merge: 226d9c92899f 27ea994d23ee
55Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
56Date:   2020-05-06 04:06:49 +0000
57
58    Merge branch 'issue05-out-of-bounds-read-decode_binary' into '279-confidential-issue'
59
60    epsonds: Do not read beyond the end of the token
61
62    See merge request paddy-hack/backends!5
63
64commit 27ea994d23ee52fe1ec1249c92ebc1080a358288
65Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
66Date:   2020-04-30 21:15:45 +0900
67
68    epsonds: Do not read beyond the end of the token
69
70    Addresses GHSL-2020-082, re #279.
71
72commit 226d9c92899facf4b22b98c73be6ad2cd0effc4a
73Merge: 02b5d33b7a7c db9480b09ea8
74Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
75Date:   2020-05-06 04:05:59 +0000
76
77    Merge branch 'issue07-out-of-bounds-read-in-esci2_check_header' into '279-confidential-issue'
78
79    epsonds: Read only up to seven hexdigits to determine payload size
80
81    See merge request paddy-hack/backends!6
82
83commit db9480b09ea807e52029f2334769a55d4b95e45b
84Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
85Date:   2020-04-27 18:24:56 +0900
86
87    epsonds: Read only up to seven hexdigits to determine payload size
88
89    Addresses GHSL-2020-083, re #279.
90
91commit 02b5d33b7a7c0b72137f5b968c46a1d52a75aa63
92Merge: 4c9e4efd4a82 8682023faa27
93Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
94Date:   2020-05-06 04:04:18 +0000
95
96    Merge branch 'issue08-integer-overflow-sanei_tcp_read' into '279-confidential-issue'
97
98    sanei: Integer overflow sanei tcp read
99
100    See merge request paddy-hack/backends!7
101
102commit 8682023faa27c61156a354955c89617a3304d66f
103Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
104Date:   2020-05-04 11:54:35 +0900
105
106    sanei_tcp: Address possible integer overflow.  Re #279, issue 8
107
108commit fe08bbee6b238ea0be73af67b560ffc2c47562fd
109Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
110Date:   2020-05-04 11:48:46 +0900
111
112    epsonds: Handle error condition.  Re #279, issue 8
113
114commit 4c9e4efd4a82214719eeb1377a900e3a85c1c369
115Merge: 2b4aa45bad61 fff83e7eacd0
116Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
117Date:   2020-05-06 04:03:19 +0000
118
119    Merge branch 'issue01-null-pointer-deref-sanei_epson_net_read' into '279-confidential-issue'
120
121    epson2: Rewrite network I/O
122
123    See merge request paddy-hack/backends!3
124
125commit fff83e7eacd0f27bb2d71c42488e0fd735c15ac3
126Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
127Date:   2020-04-30 18:24:51 +0900
128
129    epson2: Rewrite network I/O
130
131    This addresses GHSL-2020-075 as well as all other problematic code
132    uncovered as a result of investigating that.  This includes:
133
134    - buffer overflows due to use of unchecked lengths
135    - integer overflows due to type conversions
136    - potential memory leaks
137    - checking for memory allocation failures
138
139    Re #279.
140
141commit 2b4aa45bad61d5e34996645581a606fd8795a48c
142Merge: 37b142494bf6 07e3834127f8
143Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
144Date:   2020-05-04 08:24:19 +0000
145
146    Merge branch 'issue11-read_of_uninitialized_data' into '279-confidential-issue'
147
148    magicolor: Added security mediation to device discovery
149
150    See merge request paddy-hack/backends!2
151
152commit 07e3834127f8bcd9dac02b91c17127dc41fbfb5b
153Author: Ralph Little <skelband@gmail.com>
154Date:   2020-04-30 23:21:00 -0700
155
156    magicolor: Added security mediation to device discovery
157
158    Extraction of values from the SNMP response were not checked.
159    Also fixed a bug that mistakenly matched any SNMP OIDs with the
160    first model in the model list, in function mc_get_device_from_identification().
161
162commit 37b142494bf659d8147b6f0fcb8629408717d14d
163Merge: e52a5bf71979 af0442f15cc9
164Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
165Date:   2020-05-04 05:28:37 +0000
166
167    Merge branch 'issue10-SIGFPE-in-mc_setup_block_mode' into '279-confidential-issue'
168
169    magicolor: Added security remediation for pixels_per_line.
170
171    See merge request paddy-hack/backends!1
172
173commit af0442f15cc966bbc3d7d9322380005ea0ee8340
174Author: Ralph Little <skelband@gmail.com>
175Date:   2020-04-26 13:04:41 -0700
176
177    magicolor: Added security remediation for pixels_per_line.
178
179    This implements a security issue reported by GitHub Security Lab.
180    The details are disclosed in GitLab issue #279.
181    The issue relates to an invalid scan parameter block being sent to
182    the backend containing 8 bytes of 0x00 which leads to pixels_per_line
183    being set to 0. Later arithmetic involves the division by this value
184    which causes a div by zero crash.
185
186commit 898ab1834864e3b813f0d0ae234f38ac05813756
187Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
188Date:   2020-02-06 20:56:21 +0900
189
190    Really remove libxml2 linker/loader flags from dependencies.  Re #239
191
192commit 76bf742aba32ec1ed4ae641285f8e6a0b038326d
193Author: Olaf Meeuwissen <paddy-hack@member.fsf.org>
194Date:   2020-02-05 21:30:11 +0900
195
196    Remove libxml2 linker/loader flags from dependencies.  Re #239
197