d5187355f6
NEWS: Document changes for 1.0.30 release
2020-05-17 20:16:28 +09:00
1fe94e6674
Merge branch '279-confidential-issue' into release/1.0.30
2020-05-17 16:26:00 +09:00
898ab18348
Really remove libxml2 linker/loader flags from dependencies. Re #239
2020-05-14 20:41:52 +09:00
76bf742aba
Remove libxml2 linker/loader flags from dependencies. Re #239
2020-05-14 20:41:04 +09:00
5104b80fc8
Merge branch 'mitigate-epsonds-net-security-issue' into '279-confidential-issue'
...
epsonds: Mitigate potential network related security issues. Re #279
See merge request paddy-hack/backends!9
2020-05-14 09:36:25 +00:00
30b1831a28
epsonds: Mitigate potential network related security issues. Re #279
...
This pre-empts the possibility of triggering GHSL-2020-079, GHSL-2020-080
and GHSL-2020-081.
2020-05-11 21:07:12 +09:00
f38c9f0d64
Merge branch 'issue09-esci2-img-buffer-size-check' into '279-confidential-issue'
...
epsonds: Prevent possible buffer overflow when reading image data
See merge request paddy-hack/backends!8
2020-05-07 09:42:42 +00:00
3d005c2570
Merge branch 'issue05-out-of-bounds-read-decode_binary' into '279-confidential-issue'
...
epsonds: Do not read beyond the end of the token
See merge request paddy-hack/backends!5
2020-05-06 04:06:49 +00:00
226d9c9289
Merge branch 'issue07-out-of-bounds-read-in-esci2_check_header' into '279-confidential-issue'
...
epsonds: Read only up to seven hexdigits to determine payload size
See merge request paddy-hack/backends!6
2020-05-06 04:05:59 +00:00
02b5d33b7a
Merge branch 'issue08-integer-overflow-sanei_tcp_read' into '279-confidential-issue'
...
sanei: Integer overflow sanei tcp read
See merge request paddy-hack/backends!7
2020-05-06 04:04:18 +00:00
4c9e4efd4a
Merge branch 'issue01-null-pointer-deref-sanei_epson_net_read' into '279-confidential-issue'
...
epson2: Rewrite network I/O
See merge request paddy-hack/backends!3
2020-05-06 04:03:19 +00:00
2b4aa45bad
Merge branch 'issue11-read_of_uninitialized_data' into '279-confidential-issue'
...
magicolor: Added security mediation to device discovery
See merge request paddy-hack/backends!2
2020-05-04 08:24:19 +00:00
37b142494b
Merge branch 'issue10-SIGFPE-in-mc_setup_block_mode' into '279-confidential-issue'
...
magicolor: Added security remediation for pixels_per_line.
See merge request paddy-hack/backends!1
2020-05-04 05:28:37 +00:00
8682023faa
sanei_tcp: Address possible integer overflow. Re #279 , issue 8
2020-05-04 11:54:35 +09:00
fe08bbee6b
epsonds: Handle error condition. Re #279 , issue 8
2020-05-04 11:48:46 +09:00
07e3834127
magicolor: Added security mediation to device discovery
...
Extraction of values from the SNMP response were not checked.
Also fixed a bug that mistakenly matched any SNMP OIDs with the
first model in the model list, in function mc_get_device_from_identification().
2020-04-30 23:21:00 -07:00
fff83e7eac
epson2: Rewrite network I/O
...
This addresses GHSL-2020-075 as well as all other problematic code
uncovered as a result of investigating that. This includes:
- buffer overflows due to use of unchecked lengths
- integer overflows due to type conversions
- potential memory leaks
- checking for memory allocation failures
Re #279 .
2020-04-30 21:21:30 +09:00
27ea994d23
epsonds: Do not read beyond the end of the token
...
Addresses GHSL-2020-082, re #279 .
2020-04-30 21:15:45 +09:00
b9b0173409
epsonds: Prevent possible buffer overflow when reading image data
...
Addresses GHSL-2020-084, re #279 .
2020-04-27 20:24:44 +09:00
db9480b09e
epsonds: Read only up to seven hexdigits to determine payload size
...
Addresses GHSL-2020-083, re #279 .
2020-04-27 20:24:11 +09:00
af0442f15c
magicolor: Added security remediation for pixels_per_line.
...
This implements a security issue reported by GitHub Security Lab.
The details are disclosed in GitLab issue #279 .
The issue relates to an invalid scan parameter block being sent to
the backend containing 8 bytes of 0x00 which leads to pixels_per_line
being set to 0. Later arithmetic involves the division by this value
which causes a div by zero crash.
2020-04-26 13:04:41 -07:00
e52a5bf719
NEWS: Update with changes committed to the release/1.0.29 branch
2020-02-02 20:19:37 +09:00
f35aab0de7
po/*.po: Update Project-Id-Version of several translations
...
This only affects those languages for which translatable messages have
been updated since the last release (1.0.28).
2020-02-02 20:07:39 +09:00
0c90e6bdef
Merge branch '225-fix-genesys-testsuite-compiler-warning' into 'release/1.0.29'
...
Resolve "genesys test utility generates a compiler warning on Debian 10"
See merge request sane-project/backends!309
2020-01-19 13:09:24 +00:00
3c714b48af
Merge branch 'de-minimal-translation-updates' into 'release/1.0.29'
...
Minimal German translation updates
See merge request sane-project/backends!312
2020-01-18 19:59:38 +00:00
fe38a70d73
po/de.po: Cherry pick fixes for fuzzies and untranslated messages
2020-01-18 12:13:30 +09:00
3825e0ca64
Merge branch 'bellaperez/cat_translations' into 'release/1.0.29'
...
Update Catalan and Valencian translations
See merge request sane-project/backends!311
2020-01-18 02:53:48 +00:00
b91dca43d5
Update Catalan and Valencian translations
...
Adapted and tested:
* msgmerge --silent --previous --width=75 --lang=
* msgfmt -vc
2020-01-18 02:53:48 +00:00
f22dc84b71
Merge branch 'undefined' into 'release/1.0.29'
...
Update Ukrainian translation
See merge request sane-project/backends!305
2020-01-14 13:05:02 +00:00
f72862ddf8
Update Ukrainian translation
2020-01-14 13:05:02 +00:00
8bc98d0f7d
testsuite/backend/genesys: Fix include path for out-of-tree builds
2020-01-13 18:37:21 +09:00
ba84a8f69c
testsuite/backend/genesys: Fix [-Wcatch-value=] compiler warning
...
Exceptions ought to be caught by reference.
2020-01-13 18:35:33 +09:00
77c92f49af
Issue#113: Fix applied (thanks David Binderman).
2020-01-13 09:45:36 +01:00
d36a9ba786
INSTALL.linux: add missing development packages
...
these packages are mandatory for building escl backend
2020-01-12 21:08:01 +01:00
4a9c723646
Merge branch 'uk-english-translations' into 'release/1.0.29'
...
Update British English translations
See merge request sane-project/backends!306
2020-01-12 19:37:39 +00:00
cc31c110c9
Updated British English translations
2020-01-12 10:39:27 -08:00
ca63c6cf9a
NEWS: Add most relevant changes for 1.0.29
2020-01-12 21:28:21 +09:00
7b45c89b02
Merge branch 'dll-conf-sync' into 'master'
...
Synchronize dll configuration file
See merge request sane-project/backends!304
2020-01-12 08:26:50 +00:00
055cd9f282
dll: Sort dll.conf.in for ease of maintenance
...
Only the `net` backend is treated special to match the file comment.
2020-01-12 17:11:40 +09:00
4f77e6dcfa
dll: Add kvs40xx and pieusb backends to dll.conf.in
2020-01-12 17:10:38 +09:00
0f394f55ed
Merge branch 'i18n-update' into 'master'
...
I18n update
See merge request sane-project/backends!303
2020-01-12 07:44:10 +00:00
2b927f165b
po: Synchronize message catalogs with latest code
2020-01-12 16:26:15 +09:00
f094033990
po: Regenerate POTFILES.in
...
The file now contains only those backend files that mention SANE_I18N
and contains all of them.
2020-01-12 16:18:12 +09:00
8ae5ba0522
escl: Use standardized, translated option group titles
2020-01-12 14:46:14 +09:00
42b2562470
Merge branch 'escl-debug' into 'master'
...
Log message improvements.
See merge request sane-project/backends!302
2020-01-12 03:37:34 +00:00
75162d0f00
Merge branch '201-old-incorrect-link-in-sane-man' into 'master'
...
Resolve "Old, incorrect link in sane.man"
Closes #201
See merge request sane-project/backends!291
2020-01-12 03:19:00 +00:00
d9188a7699
Merge branch '153-is-pthread_t-check-for-non-integers-still-neccesary' into 'master'
...
Resolve "Is pthread_t check for non-integers still necessary?"
Closes #153
See merge request sane-project/backends!289
2020-01-12 03:16:45 +00:00
0830b83915
Merge branch '188-hp-scanjet-3670-fails-to-scan-at-75dpi' into 'master'
...
Resolve "HP ScanJet 3670 fails to scan at 75dpi"
Closes #188
See merge request sane-project/backends!298
2020-01-11 15:50:06 +00:00
d40a8ff90d
Delete unused file.
2020-01-11 09:15:51 +01:00
d8f983bbd9
Log message improvements.
2020-01-11 08:56:46 +01:00
Olaf Meeuwissen