From 9052133fca1eef245d97d3481590659bf5d96a8a Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Wed, 17 Nov 2021 11:20:45 +0100 Subject: [PATCH 1/5] fix(core): Ensure user is warned about non-standard paths. --- core/.changelog.d/noissue.security | 1 + core/src/apps/bitcoin/sign_tx/approvers.py | 23 +++++++++++++++++-- core/src/apps/bitcoin/sign_tx/bitcoin.py | 8 +++++-- core/src/apps/bitcoin/sign_tx/bitcoinlike.py | 2 ++ ...pps.bitcoin.segwit.signtx.native_p2wpkh.py | 6 +++++ tests/ui_tests/fixtures.json | 6 ++--- 6 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 core/.changelog.d/noissue.security diff --git a/core/.changelog.d/noissue.security b/core/.changelog.d/noissue.security new file mode 100644 index 000000000..dc6ae541f --- /dev/null +++ b/core/.changelog.d/noissue.security @@ -0,0 +1 @@ +Ensure that the user is always warned about non-standard paths. diff --git a/core/src/apps/bitcoin/sign_tx/approvers.py b/core/src/apps/bitcoin/sign_tx/approvers.py index 03e97a4f1..56542a4e0 100644 --- a/core/src/apps/bitcoin/sign_tx/approvers.py +++ b/core/src/apps/bitcoin/sign_tx/approvers.py @@ -5,8 +5,8 @@ from trezor.enums import OutputScriptType from apps.common import safety_checks -from .. import keychain from ..authorization import FEE_PER_ANONYMITY_DECIMALS +from ..keychain import validate_path_against_script_type from . import helpers, tx_weight from .tx_info import OriginalTxInfo, TxInfo @@ -55,6 +55,9 @@ class Approver: if txi.orig_hash: self.orig_total_in += txi.amount + async def check_internal_input(self, txi: TxInput) -> None: + pass + def add_external_input(self, txi: TxInput) -> None: self.weight.add_input(txi) self.total_in += txi.amount @@ -102,11 +105,22 @@ class BasicApprover(Approver): self.change_count = 0 # the number of change-outputs async def add_internal_input(self, txi: TxInput) -> None: - if not keychain.validate_path_against_script_type(self.coin, txi): + if not validate_path_against_script_type(self.coin, txi): await helpers.confirm_foreign_address(txi.address_n) await super().add_internal_input(txi) + async def check_internal_input(self, txi: TxInput) -> None: + if not validate_path_against_script_type(self.coin, txi): + # The following can be removed once we start validating script_pubkey in step3_verify_inputs(). + if self.orig_total_in: + # Replacement transaction. + # This mitigates a cross-coin spending attack when safety checks are disabled. + raise wire.ProcessError( + "Non-standard paths not allowed in replacement transactions." + ) + await helpers.confirm_foreign_address(txi.address_n) + def add_change_output(self, txo: TxOutput, script_pubkey: bytes) -> None: super().add_change_output(txo, script_pubkey) self.change_count += 1 @@ -293,6 +307,11 @@ class CoinJoinApprover(Approver): await super().add_internal_input(txi) + async def check_internal_input(self, txi: TxInput) -> None: + # The following can be removed once we start validating script_pubkey in step3_verify_inputs(). + if not self.authorization.check_sign_tx_input(txi, self.coin): + raise wire.ProcessError("Unauthorized path") + def add_change_output(self, txo: TxOutput, script_pubkey: bytes) -> None: super().add_change_output(txo, script_pubkey) self._add_output(txo, script_pubkey) diff --git a/core/src/apps/bitcoin/sign_tx/bitcoin.py b/core/src/apps/bitcoin/sign_tx/bitcoin.py index c0a79a0de..7242eaaa9 100644 --- a/core/src/apps/bitcoin/sign_tx/bitcoin.py +++ b/core/src/apps/bitcoin/sign_tx/bitcoin.py @@ -519,8 +519,9 @@ class Bitcoin: self.write_tx_input_derived(self.serialized_tx, txi, key_sign_pub, b"") def sign_bip143_input(self, i: int, txi: TxInput) -> tuple[bytes, bytes]: - self.tx_info.check_input(txi) if self.taproot_only: + # Prevents an attacker from bypassing prev tx checking by providing a different + # script type than the one that was provided during the confirmation phase. raise wire.ProcessError("Transaction has changed during signing") node = self.keychain.derive(txi.address_n) @@ -547,7 +548,6 @@ class Bitcoin: return public_key, signature def sign_taproot_input(self, i: int, txi: TxInput) -> bytes: - self.tx_info.check_input(txi) sigmsg_digest = self.tx_info.sig_hasher.hash341( i, self.tx_info.tx, @@ -560,6 +560,8 @@ class Bitcoin: async def sign_segwit_input(self, i: int) -> None: # STAGE_REQUEST_SEGWIT_WITNESS in legacy txi = await helpers.request_tx_input(self.tx_req, i, self.coin) + self.tx_info.check_input(txi) + await self.approver.check_internal_input(txi) if txi.script_type not in common.SEGWIT_INPUT_SCRIPT_TYPES: raise wire.ProcessError("Transaction has changed during signing") @@ -662,6 +664,8 @@ class Bitcoin: async def sign_nonsegwit_input(self, i: int) -> None: if self.taproot_only: + # Prevents an attacker from bypassing prev tx checking by providing a different + # script type than the one that was provided during the confirmation phase. raise wire.ProcessError("Transaction has changed during signing") tx_digest, txi, node = await self.get_legacy_tx_digest(i, self.tx_info) diff --git a/core/src/apps/bitcoin/sign_tx/bitcoinlike.py b/core/src/apps/bitcoin/sign_tx/bitcoinlike.py index c0369af78..9cc55880c 100644 --- a/core/src/apps/bitcoin/sign_tx/bitcoinlike.py +++ b/core/src/apps/bitcoin/sign_tx/bitcoinlike.py @@ -16,6 +16,8 @@ if False: class Bitcoinlike(Bitcoin): async def sign_nonsegwit_bip143_input(self, i_sign: int) -> None: txi = await helpers.request_tx_input(self.tx_req, i_sign, self.coin) + self.tx_info.check_input(txi) + await self.approver.check_internal_input(txi) if txi.script_type not in NONSEGWIT_INPUT_SCRIPT_TYPES: raise wire.ProcessError("Transaction has changed during signing") diff --git a/core/tests/test_apps.bitcoin.segwit.signtx.native_p2wpkh.py b/core/tests/test_apps.bitcoin.segwit.signtx.native_p2wpkh.py index 7133e21f9..d0feb364e 100644 --- a/core/tests/test_apps.bitcoin.segwit.signtx.native_p2wpkh.py +++ b/core/tests/test_apps.bitcoin.segwit.signtx.native_p2wpkh.py @@ -150,6 +150,9 @@ class TestSignSegwitTxNativeP2WPKH(unittest.TestCase): )), TxAckInput(tx=TxAckInputWrapper(input=inp1)), + helpers.UiConfirmForeignAddress(address_n=inp1.address_n), + True, + TxRequest(request_type=TXFINISHED, details=TxRequestDetailsType(), serialized=TxRequestSerializedType( serialized_tx=unhexlify('02483045022100a7ca8f097525f9044e64376dc0a0f5d4aeb8d15d66808ba97979a0475b06b66502200597c8ebcef63e047f9aeef1a8001d3560470cf896c12f6990eec4faec599b950121033add1f0e8e3c3136f7428dd4a4de1057380bd311f5b0856e2269170b4ffa65bf00000000'), signature_index=0, @@ -278,6 +281,9 @@ class TestSignSegwitTxNativeP2WPKH(unittest.TestCase): )), TxAckInput(tx=TxAckInputWrapper(input=inp1)), + helpers.UiConfirmForeignAddress(address_n=inp1.address_n), + True, + TxRequest(request_type=TXFINISHED, details=TxRequestDetailsType(), serialized=TxRequestSerializedType( serialized_tx=unhexlify('02483045022100a7ca8f097525f9044e64376dc0a0f5d4aeb8d15d66808ba97979a0475b06b66502200597c8ebcef63e047f9aeef1a8001d3560470cf896c12f6990eec4faec599b950121033add1f0e8e3c3136f7428dd4a4de1057380bd311f5b0856e2269170b4ffa65bf00000000'), signature_index=0, diff --git a/tests/ui_tests/fixtures.json b/tests/ui_tests/fixtures.json index dd444134c..8a3e15ac9 100644 --- a/tests/ui_tests/fixtures.json +++ b/tests/ui_tests/fixtures.json @@ -662,7 +662,7 @@ "test_msg_signtx_grs.py-test_send_segwit_p2sh": "e59018de5c49f902c6880c2347283b6c1830fcb19e8eab9686938a08abd930b3", "test_msg_signtx_grs.py-test_send_segwit_p2sh_change": "08251e3b7e509264dbd89a5ded2deba51544d0fcfce1dc7466b553b73298d423", "test_msg_signtx_invalid_path.py-test_invalid_path_fail": "1c100ce4b7c1e47e72428f390de0846c1ff933e9f07894872644a369a9422738", -"test_msg_signtx_invalid_path.py-test_invalid_path_pass_forkid": "85d3c2f3c85e1bcf774f3067d7eb32396c444f351ad15e68a328f87cf6bdb338", +"test_msg_signtx_invalid_path.py-test_invalid_path_pass_forkid": "ef98eb752ec5fa948c952def7599f57a2bc5240b2d6b1eec0e02cc9be5c3040f", "test_msg_signtx_invalid_path.py-test_invalid_path_prompt": "12e137210397357ed754af0f4618ef03312b3e884930f55727d1b034f969bfd5", "test_msg_signtx_komodo.py-test_one_one_fee_sapling": "6286409ed3e62a896c101112f6d1c59559dde677331d08f55ed7d2d43e6dd3b9", "test_msg_signtx_komodo.py-test_one_one_rewards_claim": "b3c056df25d639927faaf16dc18c281c1a36b790ea4e77f954f681fb27d3fa1a", @@ -796,8 +796,8 @@ "test_nonstandard_paths.py::test_signmessage[m-3'-100'-4-255-script_types1]": "4f73135d2ec9add695e0a22d855816558b4ba9329a2828f9c9930be6245bdc2d", "test_nonstandard_paths.py::test_signmessage[m-4-255-script_types0]": "0988cc8bdc5879744bd33190fddc5b5aa137fdd7214abb003c8000a871d98f14", "test_nonstandard_paths.py::test_signmessage[m-49-0-63-0-255-script_types4]": "540df94c73a4eed8fe88cdb475e2b31df752dca9e47b102792c01064ee432752", -"test_nonstandard_paths.py::test_signtx[m-1195487518-6-255-script_types3]": "37cfe119620536464ae42b3fbcae7b89d9272ad904da2bd8e8ae47b1024b4007", -"test_nonstandard_paths.py::test_signtx[m-1195487518-script_types2]": "27a03a5be542d1f5f76a839e65daec766c1d7de8ae4637404ffcfea8267ea0ec", +"test_nonstandard_paths.py::test_signtx[m-1195487518-6-255-script_types3]": "3fb1ec777c4c1a4e320740d050444077e118a0fbcfec96cb7e5ead203dfe01a2", +"test_nonstandard_paths.py::test_signtx[m-1195487518-script_types2]": "e83d90183a5899d8881271e27ce030ec252df9c4a32ca4097cad811431553c37", "test_nonstandard_paths.py::test_signtx[m-3'-100'-4-255-script_types1]": "efbe785820901471b0e55f9fd743c84a29fe719c2e1c8e6b2f87b0a20ce43cb2", "test_nonstandard_paths.py::test_signtx[m-4-255-script_types0]": "efbe785820901471b0e55f9fd743c84a29fe719c2e1c8e6b2f87b0a20ce43cb2", "test_nonstandard_paths.py::test_signtx[m-49-0-63-0-255-script_types4]": "4392475bb51d2dd9316036ed268ee84bafb6f3f7b0d2e1ab6be69a63775d5f66", From de6fab3c1ee0666eff21cf7ff26f033d1a5c630e Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Wed, 17 Nov 2021 10:25:05 +0100 Subject: [PATCH 2/5] feat(tests): Test SegWit cross-coin attack. --- .../test_msg_signtx_invalid_path.py | 101 +++++++++++++++++- ...1c9994fe50b3ab3e246c44c4ceff3d326f62e.json | 22 ++++ ...54d0e0eabd3139becd4514ae635b8c7fe3a46.json | 22 ++++ tests/ui_tests/fixtures.json | 1 + 4 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 tests/txcache/bitcoin/5dfd1b037633adc7f84a17b2df31c9994fe50b3ab3e246c44c4ceff3d326f62e.json create mode 100644 tests/txcache/bitcoin/fa80a9949f1094119195064462f54d0e0eabd3139becd4514ae635b8c7fe3a46.json diff --git a/tests/device_tests/test_msg_signtx_invalid_path.py b/tests/device_tests/test_msg_signtx_invalid_path.py index e393e74f5..7c4c98a4d 100644 --- a/tests/device_tests/test_msg_signtx_invalid_path.py +++ b/tests/device_tests/test_msg_signtx_invalid_path.py @@ -18,10 +18,12 @@ import pytest from trezorlib import btc, device, messages as proto from trezorlib.exceptions import TrezorFailure -from trezorlib.tools import parse_path +from trezorlib.tools import H_, parse_path from ..tx_cache import TxCache +from .signtx import request_finished, request_input, request_meta, request_output +B = proto.ButtonRequestType TX_CACHE_MAINNET = TxCache("Bitcoin") TX_CACHE_BCASH = TxCache("Bcash") @@ -31,6 +33,12 @@ TXHASH_8cc1f4 = bytes.fromhex( TXHASH_d5f65e = bytes.fromhex( "d5f65ee80147b4bcc70b75e4bbf2d7382021b871bd8867ef8fa525ef50864882" ) +TXHASH_fa80a9 = bytes.fromhex( + "fa80a9949f1094119195064462f54d0e0eabd3139becd4514ae635b8c7fe3a46" +) +TXHASH_5dfd1b = bytes.fromhex( + "5dfd1b037633adc7f84a17b2df31c9994fe50b3ab3e246c44c4ceff3d326f62e" +) class TestMsgSigntxInvalidPath: @@ -117,3 +125,94 @@ class TestMsgSigntxInvalidPath: ) btc.sign_tx(client, "Bcash", [inp1], [out1], prev_txes=TX_CACHE_BCASH) + + def test_attack_path_segwit(self, client): + # Scenario: The attacker falsely claims that the transaction uses Testnet paths to + # avoid the path warning dialog, but in step6_sign_segwit_inputs() uses Bitcoin paths + # to get a valid signature. + + device.apply_settings( + client, safety_checks=proto.SafetyCheckLevel.PromptTemporarily + ) + + inp1 = proto.TxInputType( + # The actual input that the attcker wants to get signed. + address_n=parse_path("84'/0'/0'/0/0"), + amount=9426, + prev_hash=TXHASH_fa80a9, + prev_index=0, + script_type=proto.InputScriptType.SPENDWITNESS, + ) + inp2 = proto.TxInputType( + # The actual input that the attcker wants to get signed. + # We need this one to be from a different account, so that the match checker + # allows the transaction to pass. + address_n=parse_path("84'/0'/1'/0/1"), + amount=7086, + prev_hash=TXHASH_5dfd1b, + prev_index=0, + script_type=proto.InputScriptType.SPENDWITNESS, + ) + + out1 = proto.TxOutputType( + # Attacker's Mainnet address encoded as Testnet. + address="tb1q694ccp5qcc0udmfwgp692u2s2hjpq5h407urtu", + script_type=proto.OutputScriptType.PAYTOADDRESS, + amount=9426 + 7086 - 500, + ) + + attack_count = 6 + + def attack_processor(msg): + nonlocal attack_count + # Make the inputs look like they are coming from Testnet paths until we reach the + # signing phase. + if attack_count > 0 and msg.tx.inputs and msg.tx.inputs[0] in (inp1, inp2): + attack_count -= 1 + msg.tx.inputs[0].address_n[1] = H_(1) + + return msg + + with client: + client.set_filter(proto.TxAck, attack_processor) + client.set_expected_responses( + [ + # Step: process inputs + request_input(0), + # Attacker bypasses warning about non-standard path. + request_input(1), + # Attacker bypasses warning about non-standard path. + # Step: approve outputs + request_output(0), + proto.ButtonRequest(code=B.ConfirmOutput), + proto.ButtonRequest(code=B.SignTx), + # Step: verify inputs + request_input(0), + request_meta(TXHASH_fa80a9), + request_input(0, TXHASH_fa80a9), + request_output(0, TXHASH_fa80a9), + request_output(1, TXHASH_fa80a9), + request_input(1), + request_meta(TXHASH_5dfd1b), + request_input(0, TXHASH_5dfd1b), + request_output(0, TXHASH_5dfd1b), + request_output(1, TXHASH_5dfd1b), + # Step: serialize inputs + request_input(0), + request_input(1), + # Step: serialize outputs + request_output(0), + # Step: sign segwit inputs + request_input(0), + # Trezor must warn about non-standard path before signing. + proto.ButtonRequest(code=B.UnknownDerivationPath), + request_input(1), + # Trezor must warn about non-standard path before signing. + proto.ButtonRequest(code=B.UnknownDerivationPath), + request_finished(), + ] + ) + + btc.sign_tx( + client, "Testnet", [inp1, inp2], [out1], prev_txes=TX_CACHE_MAINNET + ) diff --git a/tests/txcache/bitcoin/5dfd1b037633adc7f84a17b2df31c9994fe50b3ab3e246c44c4ceff3d326f62e.json b/tests/txcache/bitcoin/5dfd1b037633adc7f84a17b2df31c9994fe50b3ab3e246c44c4ceff3d326f62e.json new file mode 100644 index 000000000..16a310d14 --- /dev/null +++ b/tests/txcache/bitcoin/5dfd1b037633adc7f84a17b2df31c9994fe50b3ab3e246c44c4ceff3d326f62e.json @@ -0,0 +1,22 @@ +{ + "bin_outputs": [ + { + "amount": 7086, + "script_pubkey": "0014f6740e521befc61400662d9489a5f744883ca681" + }, + { + "amount": 20120, + "script_pubkey": "001404278d66e85ad1073d6f7a8eeee8b96ca633e6e8" + } + ], + "inputs": [ + { + "prev_hash": "939cda2b4b609be5f5772dea5885431e18a61834bcbe5e0f895d6dfa05d2cc70", + "prev_index": 0, + "script_sig": "", + "sequence": 4294967293 + } + ], + "lock_time": 0, + "version": 1 +} diff --git a/tests/txcache/bitcoin/fa80a9949f1094119195064462f54d0e0eabd3139becd4514ae635b8c7fe3a46.json b/tests/txcache/bitcoin/fa80a9949f1094119195064462f54d0e0eabd3139becd4514ae635b8c7fe3a46.json new file mode 100644 index 000000000..ea31974ea --- /dev/null +++ b/tests/txcache/bitcoin/fa80a9949f1094119195064462f54d0e0eabd3139becd4514ae635b8c7fe3a46.json @@ -0,0 +1,22 @@ +{ + "bin_outputs": [ + { + "amount": 9426, + "script_pubkey": "0014ece6935b2a5a5b5ff997c87370b16fa10f164410" + }, + { + "amount": 309896, + "script_pubkey": "a914dfe58cc93d35fb99e15436f47d3bbfce8203280687" + } + ], + "inputs": [ + { + "prev_hash": "86a6e02943dcd057cfbe349f2c2274478a3a1be908eb788606a6950e727a0d36", + "prev_index": 0, + "script_sig": "16001495f41f5c0e0ec2c7fe27f0ac4bd59a5632a40b5f", + "sequence": 4294967295 + } + ], + "lock_time": 0, + "version": 1 +} diff --git a/tests/ui_tests/fixtures.json b/tests/ui_tests/fixtures.json index 8a3e15ac9..67b776c81 100644 --- a/tests/ui_tests/fixtures.json +++ b/tests/ui_tests/fixtures.json @@ -661,6 +661,7 @@ "test_msg_signtx_grs.py-test_send_segwit_native_change": "fd8b04e26d71fad1c59f5e548c35f22f2031cfb99f9077824242e264fcbedfe6", "test_msg_signtx_grs.py-test_send_segwit_p2sh": "e59018de5c49f902c6880c2347283b6c1830fcb19e8eab9686938a08abd930b3", "test_msg_signtx_grs.py-test_send_segwit_p2sh_change": "08251e3b7e509264dbd89a5ded2deba51544d0fcfce1dc7466b553b73298d423", +"test_msg_signtx_invalid_path.py-test_attack_path_segwit": "3feaa01d47aa9757e9d74f668927fd1445493c367adff94215405eb8e0a2749b", "test_msg_signtx_invalid_path.py-test_invalid_path_fail": "1c100ce4b7c1e47e72428f390de0846c1ff933e9f07894872644a369a9422738", "test_msg_signtx_invalid_path.py-test_invalid_path_pass_forkid": "ef98eb752ec5fa948c952def7599f57a2bc5240b2d6b1eec0e02cc9be5c3040f", "test_msg_signtx_invalid_path.py-test_invalid_path_prompt": "12e137210397357ed754af0f4618ef03312b3e884930f55727d1b034f969bfd5", From 38134732dc3d74d6d96494a1e9828eeed4c00ba0 Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Fri, 19 Nov 2021 00:37:39 +0100 Subject: [PATCH 3/5] fix(legacy): Ensure user is warned about non-standard paths. --- legacy/firmware/.changelog.d/noissue.security | 1 + legacy/firmware/signing.c | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 legacy/firmware/.changelog.d/noissue.security diff --git a/legacy/firmware/.changelog.d/noissue.security b/legacy/firmware/.changelog.d/noissue.security new file mode 100644 index 000000000..dc6ae541f --- /dev/null +++ b/legacy/firmware/.changelog.d/noissue.security @@ -0,0 +1 @@ +Ensure that the user is always warned about non-standard paths. diff --git a/legacy/firmware/signing.c b/legacy/firmware/signing.c index 7d1e37f84..4071b1914 100644 --- a/legacy/firmware/signing.c +++ b/legacy/firmware/signing.c @@ -702,6 +702,14 @@ static bool derive_node(TxInputType *tinput) { if (!coin_path_check(coin, tinput->script_type, tinput->address_n_count, tinput->address_n, tinput->has_multisig, CoinPathCheckLevel_BASIC)) { + if (is_replacement) { + fsm_sendFailure( + FailureType_Failure_ProcessError, + _("Non-standard paths not allowed in replacement transactions.")); + layoutHome(); + return false; + } + if (config_getSafetyCheckLevel() == SafetyCheckLevel_Strict) { fsm_sendFailure(FailureType_Failure_DataError, _("Forbidden key path")); signing_abort(); From 61164febf280c99d5ca3f29729747486735a5a38 Mon Sep 17 00:00:00 2001 From: Martin Milata Date: Tue, 23 Nov 2021 12:14:33 +0100 Subject: [PATCH 4/5] docs(legacy): changelog for 1.10.4 --- legacy/firmware/.changelog.d/1586.added | 1 - legacy/firmware/.changelog.d/1586.added.1 | 1 - legacy/firmware/.changelog.d/1586.added.2 | 1 - legacy/firmware/.changelog.d/1633.fixed | 1 - legacy/firmware/.changelog.d/1639.changed | 1 - legacy/firmware/.changelog.d/1642.security | 1 - legacy/firmware/.changelog.d/1656.added | 1 - legacy/firmware/.changelog.d/1656.added.1 | 1 - legacy/firmware/.changelog.d/1656.added.2 | 1 - legacy/firmware/.changelog.d/1656.changed | 1 - legacy/firmware/.changelog.d/1656.changed.1 | 1 - legacy/firmware/.changelog.d/1710.added | 1 - .../firmware/.changelog.d/1755.incompatible | 1 - legacy/firmware/.changelog.d/1771.added | 1 - .../firmware/.changelog.d/1794.incompatible | 1 - legacy/firmware/.changelog.d/1834.added | 1 - legacy/firmware/.changelog.d/1838.added | 1 - .../firmware/.changelog.d/1838.incompatible | 1 - legacy/firmware/.changelog.d/1854.fixed | 1 - legacy/firmware/.changelog.d/1857.added | 1 - legacy/firmware/.changelog.d/1872.removed | 1 - legacy/firmware/.changelog.d/1897.added | 1 - legacy/firmware/.changelog.d/1897.changed | 1 - legacy/firmware/.changelog.d/noissue.security | 1 - legacy/firmware/CHANGELOG.md | 54 +++++++++++++++++++ 25 files changed, 54 insertions(+), 24 deletions(-) delete mode 100644 legacy/firmware/.changelog.d/1586.added delete mode 100644 legacy/firmware/.changelog.d/1586.added.1 delete mode 100644 legacy/firmware/.changelog.d/1586.added.2 delete mode 100644 legacy/firmware/.changelog.d/1633.fixed delete mode 100644 legacy/firmware/.changelog.d/1639.changed delete mode 100644 legacy/firmware/.changelog.d/1642.security delete mode 100644 legacy/firmware/.changelog.d/1656.added delete mode 100644 legacy/firmware/.changelog.d/1656.added.1 delete mode 100644 legacy/firmware/.changelog.d/1656.added.2 delete mode 100644 legacy/firmware/.changelog.d/1656.changed delete mode 100644 legacy/firmware/.changelog.d/1656.changed.1 delete mode 100644 legacy/firmware/.changelog.d/1710.added delete mode 100644 legacy/firmware/.changelog.d/1755.incompatible delete mode 100644 legacy/firmware/.changelog.d/1771.added delete mode 100644 legacy/firmware/.changelog.d/1794.incompatible delete mode 100644 legacy/firmware/.changelog.d/1834.added delete mode 100644 legacy/firmware/.changelog.d/1838.added delete mode 100644 legacy/firmware/.changelog.d/1838.incompatible delete mode 100644 legacy/firmware/.changelog.d/1854.fixed delete mode 100644 legacy/firmware/.changelog.d/1857.added delete mode 100644 legacy/firmware/.changelog.d/1872.removed delete mode 100644 legacy/firmware/.changelog.d/1897.added delete mode 100644 legacy/firmware/.changelog.d/1897.changed delete mode 100644 legacy/firmware/.changelog.d/noissue.security diff --git a/legacy/firmware/.changelog.d/1586.added b/legacy/firmware/.changelog.d/1586.added deleted file mode 100644 index b740dbe15..000000000 --- a/legacy/firmware/.changelog.d/1586.added +++ /dev/null @@ -1 +0,0 @@ -Support no_script_type option in SignMessage. diff --git a/legacy/firmware/.changelog.d/1586.added.1 b/legacy/firmware/.changelog.d/1586.added.1 deleted file mode 100644 index 04f09d2ff..000000000 --- a/legacy/firmware/.changelog.d/1586.added.1 +++ /dev/null @@ -1 +0,0 @@ -Show address confirmation in SignMessage. diff --git a/legacy/firmware/.changelog.d/1586.added.2 b/legacy/firmware/.changelog.d/1586.added.2 deleted file mode 100644 index 5ddfd8e9e..000000000 --- a/legacy/firmware/.changelog.d/1586.added.2 +++ /dev/null @@ -1 +0,0 @@ -Implement pagination in SignMessage and VerifyMessage. diff --git a/legacy/firmware/.changelog.d/1633.fixed b/legacy/firmware/.changelog.d/1633.fixed deleted file mode 100644 index 3ac6f55b1..000000000 --- a/legacy/firmware/.changelog.d/1633.fixed +++ /dev/null @@ -1 +0,0 @@ -Remove rest of altcoin logic from bitcoin-only build. diff --git a/legacy/firmware/.changelog.d/1639.changed b/legacy/firmware/.changelog.d/1639.changed deleted file mode 100644 index ae915c924..000000000 --- a/legacy/firmware/.changelog.d/1639.changed +++ /dev/null @@ -1 +0,0 @@ -Update QR-code-generator library version. diff --git a/legacy/firmware/.changelog.d/1642.security b/legacy/firmware/.changelog.d/1642.security deleted file mode 100644 index cc5ff3093..000000000 --- a/legacy/firmware/.changelog.d/1642.security +++ /dev/null @@ -1 +0,0 @@ -Avoid accidental build with broken stack protector diff --git a/legacy/firmware/.changelog.d/1656.added b/legacy/firmware/.changelog.d/1656.added deleted file mode 100644 index 08d61672e..000000000 --- a/legacy/firmware/.changelog.d/1656.added +++ /dev/null @@ -1 +0,0 @@ -Support sending to Taproot addresses. diff --git a/legacy/firmware/.changelog.d/1656.added.1 b/legacy/firmware/.changelog.d/1656.added.1 deleted file mode 100644 index b54695a7d..000000000 --- a/legacy/firmware/.changelog.d/1656.added.1 +++ /dev/null @@ -1 +0,0 @@ -Support GetAddress for Taproot addresses. diff --git a/legacy/firmware/.changelog.d/1656.added.2 b/legacy/firmware/.changelog.d/1656.added.2 deleted file mode 100644 index aae521d9f..000000000 --- a/legacy/firmware/.changelog.d/1656.added.2 +++ /dev/null @@ -1 +0,0 @@ -Support spending from Taproot UTXOs. diff --git a/legacy/firmware/.changelog.d/1656.changed b/legacy/firmware/.changelog.d/1656.changed deleted file mode 100644 index f800dab48..000000000 --- a/legacy/firmware/.changelog.d/1656.changed +++ /dev/null @@ -1 +0,0 @@ -Disable previous transaction streaming in Bitcoin if all internal inputs are Taproot. diff --git a/legacy/firmware/.changelog.d/1656.changed.1 b/legacy/firmware/.changelog.d/1656.changed.1 deleted file mode 100644 index e73c934c4..000000000 --- a/legacy/firmware/.changelog.d/1656.changed.1 +++ /dev/null @@ -1 +0,0 @@ -Show warning dialog in SignMessage if a non-standard path is used. diff --git a/legacy/firmware/.changelog.d/1710.added b/legacy/firmware/.changelog.d/1710.added deleted file mode 100644 index ec233c514..000000000 --- a/legacy/firmware/.changelog.d/1710.added +++ /dev/null @@ -1 +0,0 @@ -Support for Taproot descriptors diff --git a/legacy/firmware/.changelog.d/1755.incompatible b/legacy/firmware/.changelog.d/1755.incompatible deleted file mode 100644 index 686117f28..000000000 --- a/legacy/firmware/.changelog.d/1755.incompatible +++ /dev/null @@ -1 +0,0 @@ -Timebounds must be set for a Stellar transaction diff --git a/legacy/firmware/.changelog.d/1771.added b/legacy/firmware/.changelog.d/1771.added deleted file mode 100644 index fe5e9ab41..000000000 --- a/legacy/firmware/.changelog.d/1771.added +++ /dev/null @@ -1 +0,0 @@ -Ethereum: support 64-bit chain IDs diff --git a/legacy/firmware/.changelog.d/1794.incompatible b/legacy/firmware/.changelog.d/1794.incompatible deleted file mode 100644 index 5c1e49365..000000000 --- a/legacy/firmware/.changelog.d/1794.incompatible +++ /dev/null @@ -1 +0,0 @@ -Ethereum non-EIP-155 cross-chain signing is no longer supported. diff --git a/legacy/firmware/.changelog.d/1834.added b/legacy/firmware/.changelog.d/1834.added deleted file mode 100644 index 75fb6a8d8..000000000 --- a/legacy/firmware/.changelog.d/1834.added +++ /dev/null @@ -1 +0,0 @@ -Support for Ethereum EIP-1559 transactions. diff --git a/legacy/firmware/.changelog.d/1838.added b/legacy/firmware/.changelog.d/1838.added deleted file mode 100644 index 43800dd76..000000000 --- a/legacy/firmware/.changelog.d/1838.added +++ /dev/null @@ -1 +0,0 @@ -Stellar: add support for StellarManageBuyOfferOp and StellarPathPaymentStrictSendOp. diff --git a/legacy/firmware/.changelog.d/1838.incompatible b/legacy/firmware/.changelog.d/1838.incompatible deleted file mode 100644 index 3c6f73c6d..000000000 --- a/legacy/firmware/.changelog.d/1838.incompatible +++ /dev/null @@ -1 +0,0 @@ -Stellar: rename StellarManageOfferOp to StellarManageSellOfferOp, StellarPathPaymentOp to StellarPathPaymentStrictReceiveOp and StellarCreatePassiveOfferOp to StellarCreatePassiveSellOfferOp. diff --git a/legacy/firmware/.changelog.d/1854.fixed b/legacy/firmware/.changelog.d/1854.fixed deleted file mode 100644 index de0953826..000000000 --- a/legacy/firmware/.changelog.d/1854.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix incorrect compile-time check of maximum protobuf message size. diff --git a/legacy/firmware/.changelog.d/1857.added b/legacy/firmware/.changelog.d/1857.added deleted file mode 100644 index 4b3f9803b..000000000 --- a/legacy/firmware/.changelog.d/1857.added +++ /dev/null @@ -1 +0,0 @@ -Add script_pubkey field to TxInput message. diff --git a/legacy/firmware/.changelog.d/1872.removed b/legacy/firmware/.changelog.d/1872.removed deleted file mode 100644 index 07c943676..000000000 --- a/legacy/firmware/.changelog.d/1872.removed +++ /dev/null @@ -1 +0,0 @@ -Remove BELL, ZNY support. diff --git a/legacy/firmware/.changelog.d/1897.added b/legacy/firmware/.changelog.d/1897.added deleted file mode 100644 index fb8804f7b..000000000 --- a/legacy/firmware/.changelog.d/1897.added +++ /dev/null @@ -1 +0,0 @@ -Support of BIP-340 Schnorr signatures (using secp256k1-zkp). diff --git a/legacy/firmware/.changelog.d/1897.changed b/legacy/firmware/.changelog.d/1897.changed deleted file mode 100644 index 8ecb09ff3..000000000 --- a/legacy/firmware/.changelog.d/1897.changed +++ /dev/null @@ -1 +0,0 @@ -Faster ECDSA signing and verification (using secp256k1-zkp). diff --git a/legacy/firmware/.changelog.d/noissue.security b/legacy/firmware/.changelog.d/noissue.security deleted file mode 100644 index dc6ae541f..000000000 --- a/legacy/firmware/.changelog.d/noissue.security +++ /dev/null @@ -1 +0,0 @@ -Ensure that the user is always warned about non-standard paths. diff --git a/legacy/firmware/CHANGELOG.md b/legacy/firmware/CHANGELOG.md index 11f46cc8f..de684e61b 100644 --- a/legacy/firmware/CHANGELOG.md +++ b/legacy/firmware/CHANGELOG.md @@ -4,6 +4,45 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 1.10.4 [8th December 2021] + +### Added +- Support no_script_type option in SignMessage. [#1586] +- Implement pagination in SignMessage and VerifyMessage. [#1586] +- Show address confirmation in SignMessage. [#1586] +- Support GetAddress for Taproot addresses. [#1656] +- Support sending to Taproot addresses. [#1656] +- Support spending from Taproot UTXOs. [#1656] +- Support for Taproot descriptors. [#1710] +- Ethereum: support 64-bit chain IDs. [#1771] +- Support for Ethereum EIP-1559 transactions. [#1834] +- Stellar: add support for StellarManageBuyOfferOp and StellarPathPaymentStrictSendOp. [#1838] +- Add script_pubkey field to TxInput message. [#1857] +- Support of BIP-340 Schnorr signatures (using secp256k1-zkp). [#1897] + +### Changed +- Update QR-code-generator library version. [#1639] +- Show warning dialog in SignMessage if a non-standard path is used. [#1656] +- Disable previous transaction streaming in Bitcoin if all internal inputs are Taproot. [#1656] +- Faster ECDSA signing and verification (using secp256k1-zkp). [#1897] + +### Removed +- Remove BELL, ZNY support. [#1872] + +### Fixed +- Remove rest of altcoin logic from bitcoin-only build. [#1633] +- Fix incorrect compile-time check of maximum protobuf message size. [#1854] + +### Security +- Ensure that the user is always warned about non-standard paths. +- Avoid accidental build with broken stack protector. [#1642] + +### Incompatible changes +- Timebounds must be set for a Stellar transaction. [#1755] +- Ethereum non-EIP-155 cross-chain signing is no longer supported. [#1794] +- Stellar: rename StellarManageOfferOp to StellarManageSellOfferOp, StellarPathPaymentOp to StellarPathPaymentStrictReceiveOp and StellarCreatePassiveOfferOp to StellarCreatePassiveSellOfferOp. [#1838] + + ## 1.10.3 [16th September 2021] ### Added @@ -426,11 +465,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [#1491]: https://github.com/trezor/trezor-firmware/issues/1491 [#1518]: https://github.com/trezor/trezor-firmware/issues/1518 [#1549]: https://github.com/trezor/trezor-firmware/issues/1549 +[#1586]: https://github.com/trezor/trezor-firmware/issues/1586 [#1627]: https://github.com/trezor/trezor-firmware/issues/1627 +[#1633]: https://github.com/trezor/trezor-firmware/issues/1633 +[#1639]: https://github.com/trezor/trezor-firmware/issues/1639 +[#1642]: https://github.com/trezor/trezor-firmware/issues/1642 [#1647]: https://github.com/trezor/trezor-firmware/issues/1647 [#1650]: https://github.com/trezor/trezor-firmware/issues/1650 +[#1656]: https://github.com/trezor/trezor-firmware/issues/1656 [#1660]: https://github.com/trezor/trezor-firmware/issues/1660 [#1705]: https://github.com/trezor/trezor-firmware/issues/1705 +[#1710]: https://github.com/trezor/trezor-firmware/issues/1710 [#1743]: https://github.com/trezor/trezor-firmware/issues/1743 +[#1755]: https://github.com/trezor/trezor-firmware/issues/1755 [#1765]: https://github.com/trezor/trezor-firmware/issues/1765 [#1767]: https://github.com/trezor/trezor-firmware/issues/1767 +[#1771]: https://github.com/trezor/trezor-firmware/issues/1771 +[#1794]: https://github.com/trezor/trezor-firmware/issues/1794 +[#1834]: https://github.com/trezor/trezor-firmware/issues/1834 +[#1838]: https://github.com/trezor/trezor-firmware/issues/1838 +[#1854]: https://github.com/trezor/trezor-firmware/issues/1854 +[#1857]: https://github.com/trezor/trezor-firmware/issues/1857 +[#1872]: https://github.com/trezor/trezor-firmware/issues/1872 +[#1897]: https://github.com/trezor/trezor-firmware/issues/1897 From 595b14254c1abb2be3f69e42c7932f1eca8cf1b1 Mon Sep 17 00:00:00 2001 From: Martin Milata Date: Tue, 23 Nov 2021 12:20:07 +0100 Subject: [PATCH 5/5] docs(core): changelog for 2.4.3 --- core/.changelog.d/1231.changed | 1 - core/.changelog.d/1231.incompatible | 1 - core/.changelog.d/1586.added | 1 - core/.changelog.d/1586.added.1 | 1 - core/.changelog.d/1633.fixed | 1 - core/.changelog.d/1639.changed | 1 - core/.changelog.d/1642.security | 1 - core/.changelog.d/1656.added | 1 - core/.changelog.d/1656.added.1 | 1 - core/.changelog.d/1656.added.2 | 1 - core/.changelog.d/1656.added.3 | 1 - core/.changelog.d/1656.added.4 | 1 - core/.changelog.d/1656.added.5 | 1 - core/.changelog.d/1656.removed | 1 - core/.changelog.d/1678.added | 1 - core/.changelog.d/1678.changed | 1 - core/.changelog.d/1710.added | 1 - core/.changelog.d/1755.changed | 1 - core/.changelog.d/1755.changed.1 | 1 - core/.changelog.d/1755.incompatible | 1 - core/.changelog.d/1771.added | 1 - core/.changelog.d/1772.added | 1 - core/.changelog.d/1783.added | 1 - core/.changelog.d/1783.incompatible | 1 - core/.changelog.d/1789.changed | 1 - core/.changelog.d/1794.added | 1 - core/.changelog.d/1794.incompatible | 1 - core/.changelog.d/1811.changed | 1 - core/.changelog.d/1819.fixed | 1 - core/.changelog.d/1835.added | 1 - core/.changelog.d/1838.added | 1 - core/.changelog.d/1838.incompatible | 1 - core/.changelog.d/1857.added | 1 - core/.changelog.d/1872.removed | 1 - core/.changelog.d/741.added | 1 - core/.changelog.d/noissue.security | 1 - core/CHANGELOG.md | 72 +++++++++++++++++++++++++++++ 37 files changed, 72 insertions(+), 36 deletions(-) delete mode 100644 core/.changelog.d/1231.changed delete mode 100644 core/.changelog.d/1231.incompatible delete mode 100644 core/.changelog.d/1586.added delete mode 100644 core/.changelog.d/1586.added.1 delete mode 100644 core/.changelog.d/1633.fixed delete mode 100644 core/.changelog.d/1639.changed delete mode 100644 core/.changelog.d/1642.security delete mode 100644 core/.changelog.d/1656.added delete mode 100644 core/.changelog.d/1656.added.1 delete mode 100644 core/.changelog.d/1656.added.2 delete mode 100644 core/.changelog.d/1656.added.3 delete mode 100644 core/.changelog.d/1656.added.4 delete mode 100644 core/.changelog.d/1656.added.5 delete mode 100644 core/.changelog.d/1656.removed delete mode 100644 core/.changelog.d/1678.added delete mode 100644 core/.changelog.d/1678.changed delete mode 100644 core/.changelog.d/1710.added delete mode 100644 core/.changelog.d/1755.changed delete mode 100644 core/.changelog.d/1755.changed.1 delete mode 100644 core/.changelog.d/1755.incompatible delete mode 100644 core/.changelog.d/1771.added delete mode 100644 core/.changelog.d/1772.added delete mode 100644 core/.changelog.d/1783.added delete mode 100644 core/.changelog.d/1783.incompatible delete mode 100644 core/.changelog.d/1789.changed delete mode 100644 core/.changelog.d/1794.added delete mode 100644 core/.changelog.d/1794.incompatible delete mode 100644 core/.changelog.d/1811.changed delete mode 100644 core/.changelog.d/1819.fixed delete mode 100644 core/.changelog.d/1835.added delete mode 100644 core/.changelog.d/1838.added delete mode 100644 core/.changelog.d/1838.incompatible delete mode 100644 core/.changelog.d/1857.added delete mode 100644 core/.changelog.d/1872.removed delete mode 100644 core/.changelog.d/741.added delete mode 100644 core/.changelog.d/noissue.security diff --git a/core/.changelog.d/1231.changed b/core/.changelog.d/1231.changed deleted file mode 100644 index 20266e332..000000000 --- a/core/.changelog.d/1231.changed +++ /dev/null @@ -1 +0,0 @@ -Cardano root is derived together with the normal master secret. diff --git a/core/.changelog.d/1231.incompatible b/core/.changelog.d/1231.incompatible deleted file mode 100644 index a3a51e1ac..000000000 --- a/core/.changelog.d/1231.incompatible +++ /dev/null @@ -1 +0,0 @@ -Session must be configured with Initialize(derive_cardano=True), otherwise Cardano functions will fail. diff --git a/core/.changelog.d/1586.added b/core/.changelog.d/1586.added deleted file mode 100644 index b740dbe15..000000000 --- a/core/.changelog.d/1586.added +++ /dev/null @@ -1 +0,0 @@ -Support no_script_type option in SignMessage. diff --git a/core/.changelog.d/1586.added.1 b/core/.changelog.d/1586.added.1 deleted file mode 100644 index 04f09d2ff..000000000 --- a/core/.changelog.d/1586.added.1 +++ /dev/null @@ -1 +0,0 @@ -Show address confirmation in SignMessage. diff --git a/core/.changelog.d/1633.fixed b/core/.changelog.d/1633.fixed deleted file mode 100644 index 1a66e573d..000000000 --- a/core/.changelog.d/1633.fixed +++ /dev/null @@ -1 +0,0 @@ -Remove altcoin message definitions from bitcoin-only build. diff --git a/core/.changelog.d/1639.changed b/core/.changelog.d/1639.changed deleted file mode 100644 index ae915c924..000000000 --- a/core/.changelog.d/1639.changed +++ /dev/null @@ -1 +0,0 @@ -Update QR-code-generator library version. diff --git a/core/.changelog.d/1642.security b/core/.changelog.d/1642.security deleted file mode 100644 index cc5ff3093..000000000 --- a/core/.changelog.d/1642.security +++ /dev/null @@ -1 +0,0 @@ -Avoid accidental build with broken stack protector diff --git a/core/.changelog.d/1656.added b/core/.changelog.d/1656.added deleted file mode 100644 index 08d61672e..000000000 --- a/core/.changelog.d/1656.added +++ /dev/null @@ -1 +0,0 @@ -Support sending to Taproot addresses. diff --git a/core/.changelog.d/1656.added.1 b/core/.changelog.d/1656.added.1 deleted file mode 100644 index aae521d9f..000000000 --- a/core/.changelog.d/1656.added.1 +++ /dev/null @@ -1 +0,0 @@ -Support spending from Taproot UTXOs. diff --git a/core/.changelog.d/1656.added.2 b/core/.changelog.d/1656.added.2 deleted file mode 100644 index 61dfc5623..000000000 --- a/core/.changelog.d/1656.added.2 +++ /dev/null @@ -1 +0,0 @@ -Support replacement transactions with Taproot inputs in Bitcoin. diff --git a/core/.changelog.d/1656.added.3 b/core/.changelog.d/1656.added.3 deleted file mode 100644 index defd8e79b..000000000 --- a/core/.changelog.d/1656.added.3 +++ /dev/null @@ -1 +0,0 @@ -Support pre-signed external Taproot inputs in Bitcoin. diff --git a/core/.changelog.d/1656.added.4 b/core/.changelog.d/1656.added.4 deleted file mode 100644 index b54695a7d..000000000 --- a/core/.changelog.d/1656.added.4 +++ /dev/null @@ -1 +0,0 @@ -Support GetAddress for Taproot addresses. diff --git a/core/.changelog.d/1656.added.5 b/core/.changelog.d/1656.added.5 deleted file mode 100644 index e73c934c4..000000000 --- a/core/.changelog.d/1656.added.5 +++ /dev/null @@ -1 +0,0 @@ -Show warning dialog in SignMessage if a non-standard path is used. diff --git a/core/.changelog.d/1656.removed b/core/.changelog.d/1656.removed deleted file mode 100644 index f800dab48..000000000 --- a/core/.changelog.d/1656.removed +++ /dev/null @@ -1 +0,0 @@ -Disable previous transaction streaming in Bitcoin if all internal inputs are Taproot. diff --git a/core/.changelog.d/1678.added b/core/.changelog.d/1678.added deleted file mode 100644 index fb8804f7b..000000000 --- a/core/.changelog.d/1678.added +++ /dev/null @@ -1 +0,0 @@ -Support of BIP-340 Schnorr signatures (using secp256k1-zkp). diff --git a/core/.changelog.d/1678.changed b/core/.changelog.d/1678.changed deleted file mode 100644 index 8ecb09ff3..000000000 --- a/core/.changelog.d/1678.changed +++ /dev/null @@ -1 +0,0 @@ -Faster ECDSA signing and verification (using secp256k1-zkp). diff --git a/core/.changelog.d/1710.added b/core/.changelog.d/1710.added deleted file mode 100644 index ec233c514..000000000 --- a/core/.changelog.d/1710.added +++ /dev/null @@ -1 +0,0 @@ -Support for Taproot descriptors diff --git a/core/.changelog.d/1755.changed b/core/.changelog.d/1755.changed deleted file mode 100644 index b914c7f79..000000000 --- a/core/.changelog.d/1755.changed +++ /dev/null @@ -1 +0,0 @@ -Type-checking enabled for apps.stellar diff --git a/core/.changelog.d/1755.changed.1 b/core/.changelog.d/1755.changed.1 deleted file mode 100644 index 47988bad0..000000000 --- a/core/.changelog.d/1755.changed.1 +++ /dev/null @@ -1 +0,0 @@ -Most Stellar fields are now required on protobuf level diff --git a/core/.changelog.d/1755.incompatible b/core/.changelog.d/1755.incompatible deleted file mode 100644 index 686117f28..000000000 --- a/core/.changelog.d/1755.incompatible +++ /dev/null @@ -1 +0,0 @@ -Timebounds must be set for a Stellar transaction diff --git a/core/.changelog.d/1771.added b/core/.changelog.d/1771.added deleted file mode 100644 index fe5e9ab41..000000000 --- a/core/.changelog.d/1771.added +++ /dev/null @@ -1 +0,0 @@ -Ethereum: support 64-bit chain IDs diff --git a/core/.changelog.d/1772.added b/core/.changelog.d/1772.added deleted file mode 100644 index c0585b093..000000000 --- a/core/.changelog.d/1772.added +++ /dev/null @@ -1 +0,0 @@ -Support for Cardano multi-sig transactions, token minting, script addresses, multi-sig keys, minting keys and native script verification diff --git a/core/.changelog.d/1783.added b/core/.changelog.d/1783.added deleted file mode 100644 index 7a0d38d15..000000000 --- a/core/.changelog.d/1783.added +++ /dev/null @@ -1 +0,0 @@ -For compatibility with other Cardano implementations, it is now possible to specify which Cardano derivation type is used. diff --git a/core/.changelog.d/1783.incompatible b/core/.changelog.d/1783.incompatible deleted file mode 100644 index 00a604a66..000000000 --- a/core/.changelog.d/1783.incompatible +++ /dev/null @@ -1 +0,0 @@ -Cardano derivation type must be specified for all Cardano functions. diff --git a/core/.changelog.d/1789.changed b/core/.changelog.d/1789.changed deleted file mode 100644 index 5dc211c4e..000000000 --- a/core/.changelog.d/1789.changed +++ /dev/null @@ -1 +0,0 @@ -Updated micropython to version 1.17. diff --git a/core/.changelog.d/1794.added b/core/.changelog.d/1794.added deleted file mode 100644 index d2a9e8bbc..000000000 --- a/core/.changelog.d/1794.added +++ /dev/null @@ -1 +0,0 @@ -Full type-checking for Ethereum app diff --git a/core/.changelog.d/1794.incompatible b/core/.changelog.d/1794.incompatible deleted file mode 100644 index 5c1e49365..000000000 --- a/core/.changelog.d/1794.incompatible +++ /dev/null @@ -1 +0,0 @@ -Ethereum non-EIP-155 cross-chain signing is no longer supported. diff --git a/core/.changelog.d/1811.changed b/core/.changelog.d/1811.changed deleted file mode 100644 index f561a1173..000000000 --- a/core/.changelog.d/1811.changed +++ /dev/null @@ -1 +0,0 @@ -Errors from protobuf decoding are now more expressive. diff --git a/core/.changelog.d/1819.fixed b/core/.changelog.d/1819.fixed deleted file mode 100644 index 7c0c85777..000000000 --- a/core/.changelog.d/1819.fixed +++ /dev/null @@ -1 +0,0 @@ -Ethereum: make it optional to view the entire data field when signing transaction. diff --git a/core/.changelog.d/1835.added b/core/.changelog.d/1835.added deleted file mode 100644 index e5cc665dd..000000000 --- a/core/.changelog.d/1835.added +++ /dev/null @@ -1 +0,0 @@ -Ethereum - support for EIP712 - signing typed data diff --git a/core/.changelog.d/1838.added b/core/.changelog.d/1838.added deleted file mode 100644 index 43800dd76..000000000 --- a/core/.changelog.d/1838.added +++ /dev/null @@ -1 +0,0 @@ -Stellar: add support for StellarManageBuyOfferOp and StellarPathPaymentStrictSendOp. diff --git a/core/.changelog.d/1838.incompatible b/core/.changelog.d/1838.incompatible deleted file mode 100644 index 3c6f73c6d..000000000 --- a/core/.changelog.d/1838.incompatible +++ /dev/null @@ -1 +0,0 @@ -Stellar: rename StellarManageOfferOp to StellarManageSellOfferOp, StellarPathPaymentOp to StellarPathPaymentStrictReceiveOp and StellarCreatePassiveOfferOp to StellarCreatePassiveSellOfferOp. diff --git a/core/.changelog.d/1857.added b/core/.changelog.d/1857.added deleted file mode 100644 index 4b3f9803b..000000000 --- a/core/.changelog.d/1857.added +++ /dev/null @@ -1 +0,0 @@ -Add script_pubkey field to TxInput message. diff --git a/core/.changelog.d/1872.removed b/core/.changelog.d/1872.removed deleted file mode 100644 index 07c943676..000000000 --- a/core/.changelog.d/1872.removed +++ /dev/null @@ -1 +0,0 @@ -Remove BELL, ZNY support. diff --git a/core/.changelog.d/741.added b/core/.changelog.d/741.added deleted file mode 100644 index 20c3323c3..000000000 --- a/core/.changelog.d/741.added +++ /dev/null @@ -1 +0,0 @@ -Convert timestamps to human-readable dates and times. diff --git a/core/.changelog.d/noissue.security b/core/.changelog.d/noissue.security deleted file mode 100644 index dc6ae541f..000000000 --- a/core/.changelog.d/noissue.security +++ /dev/null @@ -1 +0,0 @@ -Ensure that the user is always warned about non-standard paths. diff --git a/core/CHANGELOG.md b/core/CHANGELOG.md index 611d2d17b..2815328a6 100644 --- a/core/CHANGELOG.md +++ b/core/CHANGELOG.md @@ -4,6 +4,57 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 2.4.3 [8th December 2021] + +### Added +- Convert timestamps to human-readable dates and times. [#741] +- Support no_script_type option in SignMessage. [#1586] +- Show address confirmation in SignMessage. [#1586] +- Support pre-signed external Taproot inputs in Bitcoin. [#1656] +- Show warning dialog in SignMessage if a non-standard path is used. [#1656] +- Support spending from Taproot UTXOs. [#1656] +- Support GetAddress for Taproot addresses. [#1656] +- Support sending to Taproot addresses. [#1656] +- Support replacement transactions with Taproot inputs in Bitcoin. [#1656] +- Support of BIP-340 Schnorr signatures (using secp256k1-zkp). [#1678] +- Support for Taproot descriptors. [#1710] +- Ethereum: support 64-bit chain IDs. [#1771] +- Support for Cardano multi-sig transactions, token minting, script addresses, multi-sig keys, minting keys and native script verification. [#1772] +- For compatibility with other Cardano implementations, it is now possible to specify which Cardano derivation type is used. [#1783] +- Full type-checking for Ethereum app. [#1794] +- Ethereum - support for EIP712 - signing typed data. [#1835] +- Stellar: add support for StellarManageBuyOfferOp and StellarPathPaymentStrictSendOp. [#1838] +- Add script_pubkey field to TxInput message. [#1857] + +### Changed +- Cardano root is derived together with the normal master secret. [#1231] +- Update QR-code-generator library version. [#1639] +- Faster ECDSA signing and verification (using secp256k1-zkp). [#1678] +- Most Stellar fields are now required on protobuf level. [#1755] +- Type-checking enabled for apps.stellar. [#1755] +- Updated micropython to version 1.17. [#1789] +- Errors from protobuf decoding are now more expressive. [#1811] + +### Removed +- Disable previous transaction streaming in Bitcoin if all internal inputs are Taproot. [#1656] +- Remove BELL, ZNY support. [#1872] + +### Fixed +- Remove altcoin message definitions from bitcoin-only build. [#1633] +- Ethereum: make it optional to view the entire data field when signing transaction. [#1819] + +### Security +- Ensure that the user is always warned about non-standard paths. +- Avoid accidental build with broken stack protector. [#1642] + +### Incompatible changes +- Session must be configured with Initialize(derive_cardano=True), otherwise Cardano functions will fail. [#1231] +- Timebounds must be set for a Stellar transaction. [#1755] +- Cardano derivation type must be specified for all Cardano functions. [#1783] +- Ethereum non-EIP-155 cross-chain signing is no longer supported. [#1794] +- Stellar: rename StellarManageOfferOp to StellarManageSellOfferOp, StellarPathPaymentOp to StellarPathPaymentStrictReceiveOp and StellarCreatePassiveOfferOp to StellarCreatePassiveSellOfferOp. [#1838] + + ## 2.4.2 [16th September 2021] ### Added @@ -395,6 +446,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [#24]: https://github.com/trezor/trezor-firmware/issues/24 [#379]: https://github.com/trezor/trezor-firmware/issues/379 +[#741]: https://github.com/trezor/trezor-firmware/issues/741 [#800]: https://github.com/trezor/trezor-firmware/issues/800 [#948]: https://github.com/trezor/trezor-firmware/issues/948 [#958]: https://github.com/trezor/trezor-firmware/issues/958 @@ -427,6 +479,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [#1190]: https://github.com/trezor/trezor-firmware/issues/1190 [#1193]: https://github.com/trezor/trezor-firmware/issues/1193 [#1206]: https://github.com/trezor/trezor-firmware/issues/1206 +[#1231]: https://github.com/trezor/trezor-firmware/issues/1231 [#1246]: https://github.com/trezor/trezor-firmware/issues/1246 [#1249]: https://github.com/trezor/trezor-firmware/issues/1249 [#1271]: https://github.com/trezor/trezor-firmware/issues/1271 @@ -456,20 +509,39 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). [#1557]: https://github.com/trezor/trezor-firmware/issues/1557 [#1565]: https://github.com/trezor/trezor-firmware/issues/1565 [#1581]: https://github.com/trezor/trezor-firmware/issues/1581 +[#1586]: https://github.com/trezor/trezor-firmware/issues/1586 [#1604]: https://github.com/trezor/trezor-firmware/issues/1604 [#1606]: https://github.com/trezor/trezor-firmware/issues/1606 [#1620]: https://github.com/trezor/trezor-firmware/issues/1620 +[#1633]: https://github.com/trezor/trezor-firmware/issues/1633 +[#1639]: https://github.com/trezor/trezor-firmware/issues/1639 +[#1642]: https://github.com/trezor/trezor-firmware/issues/1642 [#1647]: https://github.com/trezor/trezor-firmware/issues/1647 [#1650]: https://github.com/trezor/trezor-firmware/issues/1650 +[#1656]: https://github.com/trezor/trezor-firmware/issues/1656 [#1658]: https://github.com/trezor/trezor-firmware/issues/1658 [#1659]: https://github.com/trezor/trezor-firmware/issues/1659 [#1671]: https://github.com/trezor/trezor-firmware/issues/1671 [#1672]: https://github.com/trezor/trezor-firmware/issues/1672 +[#1678]: https://github.com/trezor/trezor-firmware/issues/1678 [#1683]: https://github.com/trezor/trezor-firmware/issues/1683 [#1704]: https://github.com/trezor/trezor-firmware/issues/1704 [#1705]: https://github.com/trezor/trezor-firmware/issues/1705 [#1707]: https://github.com/trezor/trezor-firmware/issues/1707 [#1708]: https://github.com/trezor/trezor-firmware/issues/1708 +[#1710]: https://github.com/trezor/trezor-firmware/issues/1710 [#1744]: https://github.com/trezor/trezor-firmware/issues/1744 +[#1755]: https://github.com/trezor/trezor-firmware/issues/1755 [#1765]: https://github.com/trezor/trezor-firmware/issues/1765 [#1767]: https://github.com/trezor/trezor-firmware/issues/1767 +[#1771]: https://github.com/trezor/trezor-firmware/issues/1771 +[#1772]: https://github.com/trezor/trezor-firmware/issues/1772 +[#1783]: https://github.com/trezor/trezor-firmware/issues/1783 +[#1789]: https://github.com/trezor/trezor-firmware/issues/1789 +[#1794]: https://github.com/trezor/trezor-firmware/issues/1794 +[#1811]: https://github.com/trezor/trezor-firmware/issues/1811 +[#1819]: https://github.com/trezor/trezor-firmware/issues/1819 +[#1835]: https://github.com/trezor/trezor-firmware/issues/1835 +[#1838]: https://github.com/trezor/trezor-firmware/issues/1838 +[#1857]: https://github.com/trezor/trezor-firmware/issues/1857 +[#1872]: https://github.com/trezor/trezor-firmware/issues/1872