1141cc406Sopenharmony_cicommit d5187355f6e0de529b562569509a1851dda7ad84 2141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 3141cc406Sopenharmony_ciDate: 2020-05-17 20:16:28 +0900 4141cc406Sopenharmony_ci 5141cc406Sopenharmony_ci NEWS: Document changes for 1.0.30 release 6141cc406Sopenharmony_ci 7141cc406Sopenharmony_cicommit 1fe94e6674d0572d2408361903730f012c60fc6c 8141cc406Sopenharmony_ciMerge: 898ab1834864 5104b80fc8f0 9141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 10141cc406Sopenharmony_ciDate: 2020-05-17 16:26:00 +0900 11141cc406Sopenharmony_ci 12141cc406Sopenharmony_ci Merge branch '279-confidential-issue' into release/1.0.30 13141cc406Sopenharmony_ci 14141cc406Sopenharmony_cicommit 5104b80fc8f0d6528b856233a52846a414ae6616 15141cc406Sopenharmony_ciMerge: f38c9f0d64a5 30b1831a28f2 16141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 17141cc406Sopenharmony_ciDate: 2020-05-14 09:36:25 +0000 18141cc406Sopenharmony_ci 19141cc406Sopenharmony_ci Merge branch 'mitigate-epsonds-net-security-issue' into '279-confidential-issue' 20141cc406Sopenharmony_ci 21141cc406Sopenharmony_ci epsonds: Mitigate potential network related security issues. Re #279 22141cc406Sopenharmony_ci 23141cc406Sopenharmony_ci See merge request paddy-hack/backends!9 24141cc406Sopenharmony_ci 25141cc406Sopenharmony_cicommit 30b1831a28f24ab2921b9f717c66d37f02bb81cc 26141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 27141cc406Sopenharmony_ciDate: 2020-05-11 21:07:12 +0900 28141cc406Sopenharmony_ci 29141cc406Sopenharmony_ci epsonds: Mitigate potential network related security issues. Re #279 30141cc406Sopenharmony_ci 31141cc406Sopenharmony_ci This pre-empts the possibility of triggering GHSL-2020-079, GHSL-2020-080 32141cc406Sopenharmony_ci and GHSL-2020-081. 33141cc406Sopenharmony_ci 34141cc406Sopenharmony_cicommit f38c9f0d64a52697562abdfbf9c9044cb1b7e897 35141cc406Sopenharmony_ciMerge: 3d005c2570a7 b9b0173409df 36141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 37141cc406Sopenharmony_ciDate: 2020-05-07 09:42:42 +0000 38141cc406Sopenharmony_ci 39141cc406Sopenharmony_ci Merge branch 'issue09-esci2-img-buffer-size-check' into '279-confidential-issue' 40141cc406Sopenharmony_ci 41141cc406Sopenharmony_ci epsonds: Prevent possible buffer overflow when reading image data 42141cc406Sopenharmony_ci 43141cc406Sopenharmony_ci See merge request paddy-hack/backends!8 44141cc406Sopenharmony_ci 45141cc406Sopenharmony_cicommit b9b0173409df73e235da2aa0dae5edd21fb55967 46141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 47141cc406Sopenharmony_ciDate: 2020-04-27 18:48:29 +0900 48141cc406Sopenharmony_ci 49141cc406Sopenharmony_ci epsonds: Prevent possible buffer overflow when reading image data 50141cc406Sopenharmony_ci 51141cc406Sopenharmony_ci Addresses GHSL-2020-084, re #279. 52141cc406Sopenharmony_ci 53141cc406Sopenharmony_cicommit 3d005c2570a71fe93a63192d9c47ee54cb39049b 54141cc406Sopenharmony_ciMerge: 226d9c92899f 27ea994d23ee 55141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 56141cc406Sopenharmony_ciDate: 2020-05-06 04:06:49 +0000 57141cc406Sopenharmony_ci 58141cc406Sopenharmony_ci Merge branch 'issue05-out-of-bounds-read-decode_binary' into '279-confidential-issue' 59141cc406Sopenharmony_ci 60141cc406Sopenharmony_ci epsonds: Do not read beyond the end of the token 61141cc406Sopenharmony_ci 62141cc406Sopenharmony_ci See merge request paddy-hack/backends!5 63141cc406Sopenharmony_ci 64141cc406Sopenharmony_cicommit 27ea994d23ee52fe1ec1249c92ebc1080a358288 65141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 66141cc406Sopenharmony_ciDate: 2020-04-30 21:15:45 +0900 67141cc406Sopenharmony_ci 68141cc406Sopenharmony_ci epsonds: Do not read beyond the end of the token 69141cc406Sopenharmony_ci 70141cc406Sopenharmony_ci Addresses GHSL-2020-082, re #279. 71141cc406Sopenharmony_ci 72141cc406Sopenharmony_cicommit 226d9c92899facf4b22b98c73be6ad2cd0effc4a 73141cc406Sopenharmony_ciMerge: 02b5d33b7a7c db9480b09ea8 74141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 75141cc406Sopenharmony_ciDate: 2020-05-06 04:05:59 +0000 76141cc406Sopenharmony_ci 77141cc406Sopenharmony_ci Merge branch 'issue07-out-of-bounds-read-in-esci2_check_header' into '279-confidential-issue' 78141cc406Sopenharmony_ci 79141cc406Sopenharmony_ci epsonds: Read only up to seven hexdigits to determine payload size 80141cc406Sopenharmony_ci 81141cc406Sopenharmony_ci See merge request paddy-hack/backends!6 82141cc406Sopenharmony_ci 83141cc406Sopenharmony_cicommit db9480b09ea807e52029f2334769a55d4b95e45b 84141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 85141cc406Sopenharmony_ciDate: 2020-04-27 18:24:56 +0900 86141cc406Sopenharmony_ci 87141cc406Sopenharmony_ci epsonds: Read only up to seven hexdigits to determine payload size 88141cc406Sopenharmony_ci 89141cc406Sopenharmony_ci Addresses GHSL-2020-083, re #279. 90141cc406Sopenharmony_ci 91141cc406Sopenharmony_cicommit 02b5d33b7a7c0b72137f5b968c46a1d52a75aa63 92141cc406Sopenharmony_ciMerge: 4c9e4efd4a82 8682023faa27 93141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 94141cc406Sopenharmony_ciDate: 2020-05-06 04:04:18 +0000 95141cc406Sopenharmony_ci 96141cc406Sopenharmony_ci Merge branch 'issue08-integer-overflow-sanei_tcp_read' into '279-confidential-issue' 97141cc406Sopenharmony_ci 98141cc406Sopenharmony_ci sanei: Integer overflow sanei tcp read 99141cc406Sopenharmony_ci 100141cc406Sopenharmony_ci See merge request paddy-hack/backends!7 101141cc406Sopenharmony_ci 102141cc406Sopenharmony_cicommit 8682023faa27c61156a354955c89617a3304d66f 103141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 104141cc406Sopenharmony_ciDate: 2020-05-04 11:54:35 +0900 105141cc406Sopenharmony_ci 106141cc406Sopenharmony_ci sanei_tcp: Address possible integer overflow. Re #279, issue 8 107141cc406Sopenharmony_ci 108141cc406Sopenharmony_cicommit fe08bbee6b238ea0be73af67b560ffc2c47562fd 109141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 110141cc406Sopenharmony_ciDate: 2020-05-04 11:48:46 +0900 111141cc406Sopenharmony_ci 112141cc406Sopenharmony_ci epsonds: Handle error condition. Re #279, issue 8 113141cc406Sopenharmony_ci 114141cc406Sopenharmony_cicommit 4c9e4efd4a82214719eeb1377a900e3a85c1c369 115141cc406Sopenharmony_ciMerge: 2b4aa45bad61 fff83e7eacd0 116141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 117141cc406Sopenharmony_ciDate: 2020-05-06 04:03:19 +0000 118141cc406Sopenharmony_ci 119141cc406Sopenharmony_ci Merge branch 'issue01-null-pointer-deref-sanei_epson_net_read' into '279-confidential-issue' 120141cc406Sopenharmony_ci 121141cc406Sopenharmony_ci epson2: Rewrite network I/O 122141cc406Sopenharmony_ci 123141cc406Sopenharmony_ci See merge request paddy-hack/backends!3 124141cc406Sopenharmony_ci 125141cc406Sopenharmony_cicommit fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 126141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 127141cc406Sopenharmony_ciDate: 2020-04-30 18:24:51 +0900 128141cc406Sopenharmony_ci 129141cc406Sopenharmony_ci epson2: Rewrite network I/O 130141cc406Sopenharmony_ci 131141cc406Sopenharmony_ci This addresses GHSL-2020-075 as well as all other problematic code 132141cc406Sopenharmony_ci uncovered as a result of investigating that. This includes: 133141cc406Sopenharmony_ci 134141cc406Sopenharmony_ci - buffer overflows due to use of unchecked lengths 135141cc406Sopenharmony_ci - integer overflows due to type conversions 136141cc406Sopenharmony_ci - potential memory leaks 137141cc406Sopenharmony_ci - checking for memory allocation failures 138141cc406Sopenharmony_ci 139141cc406Sopenharmony_ci Re #279. 140141cc406Sopenharmony_ci 141141cc406Sopenharmony_cicommit 2b4aa45bad61d5e34996645581a606fd8795a48c 142141cc406Sopenharmony_ciMerge: 37b142494bf6 07e3834127f8 143141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 144141cc406Sopenharmony_ciDate: 2020-05-04 08:24:19 +0000 145141cc406Sopenharmony_ci 146141cc406Sopenharmony_ci Merge branch 'issue11-read_of_uninitialized_data' into '279-confidential-issue' 147141cc406Sopenharmony_ci 148141cc406Sopenharmony_ci magicolor: Added security mediation to device discovery 149141cc406Sopenharmony_ci 150141cc406Sopenharmony_ci See merge request paddy-hack/backends!2 151141cc406Sopenharmony_ci 152141cc406Sopenharmony_cicommit 07e3834127f8bcd9dac02b91c17127dc41fbfb5b 153141cc406Sopenharmony_ciAuthor: Ralph Little <skelband@gmail.com> 154141cc406Sopenharmony_ciDate: 2020-04-30 23:21:00 -0700 155141cc406Sopenharmony_ci 156141cc406Sopenharmony_ci magicolor: Added security mediation to device discovery 157141cc406Sopenharmony_ci 158141cc406Sopenharmony_ci Extraction of values from the SNMP response were not checked. 159141cc406Sopenharmony_ci Also fixed a bug that mistakenly matched any SNMP OIDs with the 160141cc406Sopenharmony_ci first model in the model list, in function mc_get_device_from_identification(). 161141cc406Sopenharmony_ci 162141cc406Sopenharmony_cicommit 37b142494bf659d8147b6f0fcb8629408717d14d 163141cc406Sopenharmony_ciMerge: e52a5bf71979 af0442f15cc9 164141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 165141cc406Sopenharmony_ciDate: 2020-05-04 05:28:37 +0000 166141cc406Sopenharmony_ci 167141cc406Sopenharmony_ci Merge branch 'issue10-SIGFPE-in-mc_setup_block_mode' into '279-confidential-issue' 168141cc406Sopenharmony_ci 169141cc406Sopenharmony_ci magicolor: Added security remediation for pixels_per_line. 170141cc406Sopenharmony_ci 171141cc406Sopenharmony_ci See merge request paddy-hack/backends!1 172141cc406Sopenharmony_ci 173141cc406Sopenharmony_cicommit af0442f15cc966bbc3d7d9322380005ea0ee8340 174141cc406Sopenharmony_ciAuthor: Ralph Little <skelband@gmail.com> 175141cc406Sopenharmony_ciDate: 2020-04-26 13:04:41 -0700 176141cc406Sopenharmony_ci 177141cc406Sopenharmony_ci magicolor: Added security remediation for pixels_per_line. 178141cc406Sopenharmony_ci 179141cc406Sopenharmony_ci This implements a security issue reported by GitHub Security Lab. 180141cc406Sopenharmony_ci The details are disclosed in GitLab issue #279. 181141cc406Sopenharmony_ci The issue relates to an invalid scan parameter block being sent to 182141cc406Sopenharmony_ci the backend containing 8 bytes of 0x00 which leads to pixels_per_line 183141cc406Sopenharmony_ci being set to 0. Later arithmetic involves the division by this value 184141cc406Sopenharmony_ci which causes a div by zero crash. 185141cc406Sopenharmony_ci 186141cc406Sopenharmony_cicommit 898ab1834864e3b813f0d0ae234f38ac05813756 187141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 188141cc406Sopenharmony_ciDate: 2020-02-06 20:56:21 +0900 189141cc406Sopenharmony_ci 190141cc406Sopenharmony_ci Really remove libxml2 linker/loader flags from dependencies. Re #239 191141cc406Sopenharmony_ci 192141cc406Sopenharmony_cicommit 76bf742aba32ec1ed4ae641285f8e6a0b038326d 193141cc406Sopenharmony_ciAuthor: Olaf Meeuwissen <paddy-hack@member.fsf.org> 194141cc406Sopenharmony_ciDate: 2020-02-05 21:30:11 +0900 195141cc406Sopenharmony_ci 196141cc406Sopenharmony_ci Remove libxml2 linker/loader flags from dependencies. Re #239 197