Merge branch 'release/21.09' into master

Conflicts:
	core/src/apps/ethereum/tokens.py

core/.changelog.d/1163.fixed

@@ -1 +0,0 @@
-Disable TT features (SD card, SBU, FAT) for T1 build.

core/.changelog.d/1545.changed

@@ -1 +0,0 @@
-Converted all remaining code to common layouts.

core/.changelog.d/1557.added

@@ -1 +0,0 @@
-[emulator] Added option to dump detailed Micropython memory layout

core/.changelog.d/1581.changed

@@ -1 +0,0 @@
-Memory optimization of BTC signing and CBOR decoding.

core/.changelog.d/1604.added

@@ -1 +0,0 @@
-Support for Ethereum EIP1559 transactions

core/.changelog.d/1683.changed.1

@@ -1 +0,0 @@
-Thanks to transaction streaming, Cardano now supports larger transactions (tested with 62kB transactions, but supposedly even larger transactions are supported)

core/.changelog.d/1683.changed.2

@@ -1 +0,0 @@
-Cardano transaction parameters are now streamed into the device one by one instead of being sent as one large object

core/.changelog.d/1683.fixed.4

@@ -1 +0,0 @@
-It is no longer possible to sign Cardano transactions containing paths belonging to multiple accounts (except for Byron to Shelley migration)

core/.changelog.d/1683.incompatible.3

@@ -1 +0,0 @@
-Due to transaction streaming in Cardano, it isn't possible to return the whole serialized transaction anymore. Instead the transaction hash, transaction witnesses and auxiliary data supplement are returned and the serialized transaction needs to be assembled by the client.

core/.changelog.d/1704.changed

@@ -1 +0,0 @@
-Refactor RLP codec for better clarity and some small memory savings.

core/.changelog.d/1705.fixed

@@ -1 +0,0 @@
-Add new rpId to Binance's FIDO definition.

core/.changelog.d/1707.fixed

@@ -1 +0,0 @@
-Don't use format strings in keyctl-proxy

core/.changelog.d/1708.fixed

@@ -1 +0,0 @@
-Properly respond to USB events while on a paginated screen.

core/.changelog.d/1744.changed

@@ -1 +0,0 @@
-Refer to `m/48'/...` multisig derivation paths as BIP-48 instead of Purpose48.

core/.changelog.d/1765.removed

@@ -1 +0,0 @@
-Removed support for Lisk

core/.changelog.d/1767.added

@@ -1 +0,0 @@
-Re-enabled Firo support

core/CHANGELOG.md

@@ -4,6 +4,35 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 2.4.2 [26th August 2021]
+
+### Added
+- [emulator] Added option to dump detailed Micropython memory layout  [#1557]
+- Support for Ethereum EIP1559 transactions  [#1604]
+- Re-enabled Firo support  [#1767]
+
+### Changed
+- Converted all remaining code to common layouts.  [#1545]
+- Memory optimization of BTC signing and CBOR decoding.  [#1581]
+- Cardano transaction parameters are now streamed into the device one by one instead of being sent as one large object  [#1683]
+- Thanks to transaction streaming, Cardano now supports larger transactions (tested with 62kB transactions, but supposedly even larger transactions are supported)  [#1683]
+- Refactor RLP codec for better clarity and some small memory savings.  [#1704]
+- Refer to `m/48'/...` multisig derivation paths as BIP-48 instead of Purpose48.  [#1744]
+
+### Removed
+- Removed support for Lisk  [#1765]
+
+### Fixed
+- Disable TT features (SD card, SBU, FAT) for T1 build.  [#1163]
+- It is no longer possible to sign Cardano transactions containing paths belonging to multiple accounts (except for Byron to Shelley migration)  [#1683]
+- Add new rpId to Binance's FIDO definition.  [#1705]
+- Don't use format strings in keyctl-proxy  [#1707]
+- Properly respond to USB events while on a paginated screen.  [#1708]
+
+### Incompatible changes
+- Due to transaction streaming in Cardano, it isn't possible to return the whole serialized transaction anymore. Instead the transaction hash, transaction witnesses and auxiliary data supplement are returned and the serialized transaction needs to be assembled by the client.  [#1683]
+
+
 ## 2.4.1 [14th July 2021]
 
 ### Added
@@ -389,6 +418,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 [#1133]: https://github.com/trezor/trezor-firmware/issues/1133
 [#1139]: https://github.com/trezor/trezor-firmware/issues/1139
 [#1159]: https://github.com/trezor/trezor-firmware/issues/1159
+[#1163]: https://github.com/trezor/trezor-firmware/issues/1163
 [#1165]: https://github.com/trezor/trezor-firmware/pull/1165
 [#1167]: https://github.com/trezor/trezor-firmware/issues/1167
 [#1173]: https://github.com/trezor/trezor-firmware/pull/1173
@@ -421,8 +451,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 [#1538]: https://github.com/trezor/trezor-firmware/issues/1538
 [#1540]: https://github.com/trezor/trezor-firmware/issues/1540
 [#1541]: https://github.com/trezor/trezor-firmware/issues/1541
+[#1545]: https://github.com/trezor/trezor-firmware/issues/1545
 [#1554]: https://github.com/trezor/trezor-firmware/issues/1554
+[#1557]: https://github.com/trezor/trezor-firmware/issues/1557
 [#1565]: https://github.com/trezor/trezor-firmware/issues/1565
+[#1581]: https://github.com/trezor/trezor-firmware/issues/1581
+[#1604]: https://github.com/trezor/trezor-firmware/issues/1604
 [#1606]: https://github.com/trezor/trezor-firmware/issues/1606
 [#1620]: https://github.com/trezor/trezor-firmware/issues/1620
 [#1647]: https://github.com/trezor/trezor-firmware/issues/1647
@@ -431,3 +465,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 [#1659]: https://github.com/trezor/trezor-firmware/issues/1659
 [#1671]: https://github.com/trezor/trezor-firmware/issues/1671
 [#1672]: https://github.com/trezor/trezor-firmware/issues/1672
+[#1683]: https://github.com/trezor/trezor-firmware/issues/1683
+[#1704]: https://github.com/trezor/trezor-firmware/issues/1704
+[#1705]: https://github.com/trezor/trezor-firmware/issues/1705
+[#1707]: https://github.com/trezor/trezor-firmware/issues/1707
+[#1708]: https://github.com/trezor/trezor-firmware/issues/1708
+[#1744]: https://github.com/trezor/trezor-firmware/issues/1744
+[#1765]: https://github.com/trezor/trezor-firmware/issues/1765
+[#1767]: https://github.com/trezor/trezor-firmware/issues/1767

legacy/firmware/.changelog.d/1705.fixed

@@ -1 +0,0 @@
-Add new rpId to Binance's FIDO definition.

legacy/firmware/.changelog.d/1743.changed

@@ -1 +0,0 @@
-Emulator properly waits for IO without busy loop

legacy/firmware/.changelog.d/1765.removed

@@ -1 +0,0 @@
-Removed support for Lisk

legacy/firmware/.changelog.d/1767.added

@@ -1 +0,0 @@
-Re-enabled Firo support

legacy/firmware/CHANGELOG.md

@@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## 1.10.3 [26th August 2021]
+
+### Added
+- Re-enabled Firo support  [#1767]
+
+### Changed
+- Emulator properly waits for IO without busy loop  [#1743]
+
+### Removed
+- Removed support for Lisk  [#1765]
+
+### Fixed
+- Add new rpId to Binance's FIDO definition.  [#1705]
+
+### Security
+- Stricter protobuf field handling in Stellar.
+
+
 ## 1.10.2 [14th July 2021]
 
 ### Removed
@@ -412,3 +430,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 [#1647]: https://github.com/trezor/trezor-firmware/issues/1647
 [#1650]: https://github.com/trezor/trezor-firmware/issues/1650
 [#1660]: https://github.com/trezor/trezor-firmware/issues/1660
+[#1705]: https://github.com/trezor/trezor-firmware/issues/1705
+[#1743]: https://github.com/trezor/trezor-firmware/issues/1743
+[#1765]: https://github.com/trezor/trezor-firmware/issues/1765
+[#1767]: https://github.com/trezor/trezor-firmware/issues/1767

legacy/firmware/stellar.c

@@ -105,10 +105,9 @@ bool stellar_signingInit(const StellarSignTx *msg) {
   // non-zero
   uint8_t has_timebounds =
       (msg->timebounds_start > 0 || msg->timebounds_end > 0);
+  // Hash: the "has timebounds?" boolean
+  stellar_hashupdate_bool(has_timebounds);
   if (has_timebounds) {
-    // Hash: the "has timebounds?" boolean
-    stellar_hashupdate_bool(true);
-
     // Timebounds are sent as uint32s since that's all we can display, but they
     // must be hashed as 64-bit values
     stellar_hashupdate_uint32(0);
@@ -117,10 +116,6 @@ bool stellar_signingInit(const StellarSignTx *msg) {
     stellar_hashupdate_uint32(0);
     stellar_hashupdate_uint32(msg->timebounds_end);
   }
-  // No timebounds, hash a false boolean
-  else {
-    stellar_hashupdate_bool(false);
-  }
 
   // Hash: memo
   stellar_hashupdate_uint32(msg->memo_type);
@@ -140,10 +135,12 @@ bool stellar_signingInit(const StellarSignTx *msg) {
     // Hash and return are the same data structure (32 byte tx hash)
     case 3:
     case 4:
-      stellar_hashupdate_bytes(msg->memo_hash.bytes, msg->memo_hash.size);
+      stellar_hashupdate_bytes(msg->memo_hash.bytes, 32);
       break;
     default:
-      break;
+      fsm_sendFailure(FailureType_Failure_DataError,
+                      _("Stellar invalid memo type"));
+      return false;
   }
 
   // Hash: number of operations
@@ -707,6 +704,7 @@ bool stellar_confirmSetOptionsOp(const StellarSetOptionsOp *msg) {
     // Hash low threshold
     stellar_hashupdate_uint32(msg->low_threshold);
   }
+
   stellar_hashupdate_bool(msg->has_medium_threshold);
   if (msg->has_medium_threshold) {
     char str_med_threshold[10 + 1] = {0};
@@ -720,6 +718,7 @@ bool stellar_confirmSetOptionsOp(const StellarSetOptionsOp *msg) {
     // Hash medium threshold
     stellar_hashupdate_uint32(msg->medium_threshold);
   }
+
   stellar_hashupdate_bool(msg->has_high_threshold);
   if (msg->has_high_threshold) {
     char str_high_threshold[10 + 1] = {0};
@@ -789,45 +788,42 @@ bool stellar_confirmSetOptionsOp(const StellarSetOptionsOp *msg) {
     strlcat(str_weight_row, str_weight, sizeof(str_weight_row));
 
     // 0 = account, 1 = pre-auth, 2 = hash(x)
-    char str_signer_type[16] = {0};
+    char *str_signer_type = NULL;
     bool needs_hash_confirm = false;
-    if (msg->signer_type == 0) {
+    switch (msg->signer_type) {
-      strlcpy(str_signer_type, _("account"), sizeof(str_signer_type));
+      case 0:
-      strlcat(str_title, str_signer_type, sizeof(str_title));
+        strlcat(str_title, _("account"), sizeof(str_title));
-
+
-      const char **str_addr_rows =
+        const char **str_addr_rows =
-          stellar_lineBreakAddress(msg->signer_key.bytes);
+            stellar_lineBreakAddress(msg->signer_key.bytes);
-      stellar_layoutTransactionDialog(str_title, str_weight_row,
+        stellar_layoutTransactionDialog(str_title, str_weight_row,
-                                      str_addr_rows[0], str_addr_rows[1],
+                                        str_addr_rows[0], str_addr_rows[1],
-                                      str_addr_rows[2]);
+                                        str_addr_rows[2]);
-      if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
+        if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall,
-        stellar_signingAbort(_("User canceled"));
+                           false)) {
-        return false;
+          stellar_signingAbort(_("User canceled"));
-      }
+          return false;
-    }
+        }
-    if (msg->signer_type == 1) {
+        break;
-      needs_hash_confirm = true;
+      case 1:
-      strlcpy(str_signer_type, _("pre-auth hash"), sizeof(str_signer_type));
+      case 2:
-      strlcat(str_title, str_signer_type, sizeof(str_title));
+        str_signer_type =
-
+            (msg->signer_type == 1) ? _("pre-auth hash") : _("hash(x)");
-      stellar_layoutTransactionDialog(str_title, str_weight_row, NULL,
+        needs_hash_confirm = true;
-                                      _("(confirm hash on next"), _("screen)"));
+        strlcat(str_title, str_signer_type, sizeof(str_title));
-      if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
+
-        stellar_signingAbort(_("User canceled"));
+        stellar_layoutTransactionDialog(str_title, str_weight_row, NULL,
+                                        _("(confirm hash on next"),
+                                        _("screen)"));
+        if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall,
+                           false)) {
+          stellar_signingAbort(_("User canceled"));
+          return false;
+        }
+        break;
+      default:
+        stellar_signingAbort(_("Stellar: invalid signer type"));
         return false;
-      }
-    }
-    if (msg->signer_type == 2) {
-      needs_hash_confirm = true;
-      strlcpy(str_signer_type, _("hash(x)"), sizeof(str_signer_type));
-      strlcat(str_title, str_signer_type, sizeof(str_title));
-
-      stellar_layoutTransactionDialog(str_title, str_weight_row, NULL,
-                                      _("(confirm hash on next"), _("screen)"));
-      if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
-        stellar_signingAbort(_("User canceled"));
-        return false;
-      }
     }
 
     // Extra confirmation step for hash signers
@@ -850,7 +846,7 @@ bool stellar_confirmSetOptionsOp(const StellarSetOptionsOp *msg) {
     // Hash: signer type
     stellar_hashupdate_uint32(msg->signer_type);
     // key
-    stellar_hashupdate_bytes(msg->signer_key.bytes, msg->signer_key.size);
+    stellar_hashupdate_bytes(msg->signer_key.bytes, 32);
     // weight
     stellar_hashupdate_uint32(msg->signer_weight);
   }
@@ -973,17 +969,21 @@ bool stellar_confirmAllowTrustOp(const StellarAllowTrustOp *msg) {
   // asset type
   stellar_hashupdate_uint32(msg->asset_type);
   // asset code
-  if (msg->asset_type == 1) {
+  char padded_code[12 + 1] = {0};
-    char code4[4 + 1] = {0};
+  switch (msg->asset_type) {
-    memzero(code4, sizeof(code4));
+    case 0:  // native asset (XLM)
-    strlcpy(code4, msg->asset_code, sizeof(code4));
+      break;
-    stellar_hashupdate_bytes((uint8_t *)code4, 4);
+    case 1:  // alphanum 4
-  }
+      strlcpy(padded_code, msg->asset_code, 4 + 1);
-  if (msg->asset_type == 2) {
+      stellar_hashupdate_bytes((uint8_t *)padded_code, 4);
-    char code12[12 + 1] = {0};
+      break;
-    memzero(code12, sizeof(code12));
+    case 2:  // alphanum 12
-    strlcpy(code12, msg->asset_code, sizeof(code12));
+      strlcpy(padded_code, msg->asset_code, 12 + 1);
-    stellar_hashupdate_bytes((uint8_t *)code12, 12);
+      stellar_hashupdate_bytes((uint8_t *)padded_code, 12);
+      break;
+    default:
+      stellar_signingAbort(_("Stellar: invalid asset type"));
+      return false;
   }
   // is authorized
   stellar_hashupdate_bool(msg->is_authorized);
@@ -1086,11 +1086,9 @@ bool stellar_confirmManageDataOp(const StellarManageDataOp *msg) {
   stellar_hashupdate_string((unsigned char *)&(msg->key),
                             strnlen(msg->key, 64));
   // value
+  stellar_hashupdate_bool(msg->has_value);
   if (msg->has_value) {
-    stellar_hashupdate_bool(true);
     stellar_hashupdate_string(msg->value.bytes, msg->value.size);
-  } else {
-    stellar_hashupdate_bool(false);
   }
 
   // At this point, the operation is confirmed
@@ -1628,36 +1626,36 @@ void stellar_layoutTransactionSummary(const StellarSignTx *msg) {
   // Reset lines for displaying memo
   memzero(str_lines, sizeof(str_lines));
 
-  // Memo: none
+  switch (msg->memo_type) {
-  if (msg->memo_type == 0) {
+    case 0:  // Memo: none
-    strlcpy(str_lines[0], _("[No Memo Set]"), sizeof(str_lines[0]));
+      strlcpy(str_lines[0], _("[No Memo Set]"), sizeof(str_lines[0]));
-    strlcpy(str_lines[1], _("Important:"), sizeof(str_lines[0]));
+      strlcpy(str_lines[1], _("Important:"), sizeof(str_lines[0]));
-    strlcpy(str_lines[2], _("Many exchanges require"), sizeof(str_lines[0]));
+      strlcpy(str_lines[2], _("Many exchanges require"), sizeof(str_lines[0]));
-    strlcpy(str_lines[3], _("a memo when depositing."), sizeof(str_lines[0]));
+      strlcpy(str_lines[3], _("a memo when depositing."), sizeof(str_lines[0]));
-  }
+      break;
-  // Memo: text
+    case 1:  // Memo: text
-  if (msg->memo_type == 1) {
+      strlcpy(str_lines[0], _("Memo (TEXT)"), sizeof(str_lines[0]));
-    strlcpy(str_lines[0], _("Memo (TEXT)"), sizeof(str_lines[0]));
+
-
+      // Split 28-character string into two lines of 19 / 9
-    // Split 28-character string into two lines of 19 / 9
+      // todo: word wrap method?
-    // todo: word wrap method?
+      strlcpy(str_lines[1], (const char *)msg->memo_text, 19 + 1);
-    strlcpy(str_lines[1], (const char *)msg->memo_text, 19 + 1);
+      strlcpy(str_lines[2], (const char *)(msg->memo_text + 19), 9 + 1);
-    strlcpy(str_lines[2], (const char *)(msg->memo_text + 19), 9 + 1);
+      break;
-  }
+    case 2:  // Memo: ID
-  // Memo: ID
+      strlcpy(str_lines[0], _("Memo (ID)"), sizeof(str_lines[0]));
-  if (msg->memo_type == 2) {
+      stellar_format_uint64(msg->memo_id, str_lines[1], sizeof(str_lines[1]));
-    strlcpy(str_lines[0], _("Memo (ID)"), sizeof(str_lines[0]));
+      break;
-    stellar_format_uint64(msg->memo_id, str_lines[1], sizeof(str_lines[1]));
+    case 3:  // Memo: hash
-  }
+      needs_memo_hash_confirm = 1;
-  // Memo: hash
+      strlcpy(str_lines[0], _("Memo (HASH)"), sizeof(str_lines[0]));
-  if (msg->memo_type == 3) {
+      break;
-    needs_memo_hash_confirm = 1;
+    case 4:  // Memo: return
-    strlcpy(str_lines[0], _("Memo (HASH)"), sizeof(str_lines[0]));
+      needs_memo_hash_confirm = 1;
-  }
+      strlcpy(str_lines[0], _("Memo (RETURN)"), sizeof(str_lines[0]));
-  // Memo: return
+      break;
-  if (msg->memo_type == 4) {
+    default:
-    needs_memo_hash_confirm = 1;
+      stellar_signingAbort(_("Stellar invalid memo type"));
-    strlcpy(str_lines[0], _("Memo (RETURN)"), sizeof(str_lines[0]));
+      return;
   }
 
   if (needs_memo_hash_confirm) {