Readme for Firmware Firmware file: 199925213170-47_4.1.0.sqrfw Applies to Siqura models: EVE ONE Version information: Firmware version 4.1.0 Revisions: 4.1.0 (2024-02-08) Added: * FW-1943 Privilege Escalation via the ONVIF Service Fixed: * FW-1900 Change the GUI of "Add User" in v4.0.1 to show the "Add" button also when it is not active. * FW-1079 Webapp: security page is blank after refresh (F5) * FW-1610 Check and fix that Upload to random Folder and deleting files are not possible * FW-1611 Change the default settings for the most secure operation * FW-1612 Logfiles shall not be accessible or can be downloaded without authentication * FW-1615 Remove printing or communicating (encrypted) passwords. * FW-1640 Time in overlay 'corrupt' after enabling and disabling DST * FW-1667 implement initial login wizard * FW-1742 Implement Cross Site Request Forgery protection * FW-1766 Fix the Client-initiated renegotiation vulnerability * FW-1767 Fix the TLS CRIME vulerability (CVE-2012-4929) * FW-1768 fix the SWEET32 vulnerability (CVE-2016-2138, CVE-2016-6329) * FW-2200 Fix that user can't create backup and restore via webapp 3.9.0 (Date 2022-09-21) Added: * [FW-764] [All devices] Webapp ask user to enter a new password twice * [FW-1479] [All devices] Implement support for Profile G Fixed: * [FW-1684] [All devices] Add-user dialog * [FW-1452] [All devices] Fix user management "viewer" on the web app * [FW-1389] [All devices] Fix corrupt params file after power cycle Changed: * [FW-1661] [All devices] Updated serial_data after production tests 3.7.2 (Date 2021-06-22) FIX: Device running out of TCP threads 3.7.0 (Date 2021-03-18) Fixed: FIX: Firmware update fails under load (and reverts to factory image) FIX: S-64 E V2 “Download SDP” button does not work in the Quad-view menu FIX: CPU load parameter get stuck at 100% CHG: S-64 E V2 Remove D1 resolution from Quad view CHG: Buildserver should use FUG_rules from BitBucket CHG: FIX the version number not updating on incremental build 3.6.1 (Date 2021-01-04) FIX: Duplicate transmitter ports on RTP/UDP 3.5.2 (Date 2020-10-13) FIX: Multiple authentication requests after enabling user authentication. FIX: Do not feed the TDL with frames when framerate is unknown (0 fps divide by zero in TDL). ADD: Show an invalid PID configuration is set in OSD. CHG: Version numbers are generated through `git describe` instead of `0.0.0` for better tracability. CHG: Web app shows a loading indicator when loading/authenticating. CHG: Web app correctly logo padding. 3.5.0 (Date 2020-06-03) ADD: Potential vulnerability for ClickJacking CHG: Add possibility to disable SNMP CHG: Add 24-bits support for audio level meter CHG: Add true RMS mode for audio level meter CHG: NTCIP: globalTime setter/getter FIX: VCA: Unusable color palettes in Hotspot Monitor FIX: VCA: Palettes are not shown correctly FIX: Warped image when streaming QCIF or QVGA with 5:4 aspect ratio FIX: Add compass function to TPU/BC840v2/UP30/UP36 FIX: Race in calling GenetecParameterManager::CheckDataBaseContent 3.4.0 (Date 2020-02-06) ADD: Add Genetec discovery protocol ADD: Show out of date message web browser FIX: Sometimes corrupted initial settingsfile for 802.1x cause a lot of logging 3.3.4 (Date 2019-10-02) FIX: SVW picture freezes when second display connects to same camera FIX: Bitrate can be set to extremely high values by setting "Maximum bit rate" to 0 FIX: ONVIF SetVideoEncoderConfiguration gives error message 3.3.1 (Date 2019-08-09) FIX: Camera unreachable when setting empty Admin password FIX: Password field cleared in browser authentication window each 5 seconds after changing Admin password 3.3.0 (Date 2019-08-05) ADD: ONVIF: possibility to set FrameRateLimit to any value between 1..25/30 fps ADD: Webapp: Telnet- and FTP enable/disable on webapp and global warning when Telnet and FTP enabled ADD: new optional queries "?transportmode=unicast" or "?transportmode=multicast" options to the RTSP-URI ADD: Extra logging when firmware upgrade is started ADD: Add current IP as "alternate name" in certificate CHG: HTTPS: change self-signed certificate to infinite (100 years) FIX: NTP client rejects stratum level 16 servers FIX: HTTPS: new certificate each time the camera is rebooted FIX: Webapp: privacy masks can not properly be edited anymore FIX: Settings file lost on brief power interruptions FIX: ONVIF: reboot when trying to go to, delete or update an existing PTZ-preset FIX: MulticastTransmitterAlwaysOn does not always work FIX: SPI API: PTZ GotoAbsoluteZoomPosition does not accept negative pan values 3.2.0 (Date 2019-04-18) ADD: Cyber Security Enhancements CHG: Security: block access on X wrong credentials ADD: Notification when NTP server is offline ADD: Logging when ethernet network link disconnects CHG: addition of the Genetec SET_PARAMETER-KeyFrameRequestMethod CHG: Confusing SD-card log message after firmware upgrade FIX: ONVIF sets same multicast address+port for Direct streaming and RTSP FIX: NTCIP: Iris/Focus control not correctly implemented 3.1.1 (Date 2019-02-12) FIX: FLIR/DVTel Latitude ONVIF event integration (wsa/wsa5) 3.1.0 (Date 2019-01-08) FIX: SPI: SDCardStatus custom event is not triggered FIX: NAS traffic shaping affects RTSP-stream FIX: ONVIF: Pass the conformance test on Testtool v18.06 SR1 FIX: Aux1..Aux8 control via ONVIF FIX: ONVIF: GetVideoEncoderConfigurationOptions returns corrupt ResolutionsAvailable-list FIX: Card insertions/removals are not logged FIX: Umlauts in camera name not displayed in OSD FIX: Crash upon startup when SNMP Authentication trap is enabled ADD: Warning when user sets authentication for viewing when no users are defined 3.0.0 (Date 2018-11-15) FIX issue: firmware upgrade can brick device IMPORTANT NOTICE: Due to the nature of this fix, you CANNOT DOWNGRADE back to v2.x. If, for some reason, a downgrade to a specific version is needed, please contact your Siqura support team. The major version number is increased to indicate this downgrade limitation. This v3.0.0 release is based on the last v2.x release (v2.21.0). Beside this important single fix, there are no changes as compared to the last v2.x release. 2.21.0 (Date 2018-10-18) (Unreleased, contains dedicated changes for AID-products only) 2.20.0 (Date 2018-10-01) FIX: Activating usermanagement gives an incomplete webgui until refreshed FIX: Webapp is more or less useless when user management is activated FIX: PTZ-camera in manual focus mode does not always jump back to auto-focus when panning/tilting on the webapp FIX: VCA: blob timestamps are incorrect FIX: PID: Blob trigger point bottom-center has unexpected behavior FIX: Reset Password doesn´t work FIX: Webapp browser autocomplete adding new user making it unusable. FIX: NAS: ClipManager-instances are not cleaned up after changing storage configuration FIX: NAS: support for large NAS-devices (> 4 TB) FIX: RTSP: Missing CSeq in 401 Unauthorized response CHG: Added many features to ONVIF recording control, search and replay 2.18.0 (Date 2018-08-09) FIX: Bug in image.cgi: crash when only width is specified ADD: NAS-recording ADD: EVE-line: SNMP just like it is on the S-64 E v2 CHG: 24-bit audio: Make 24-bit audio profile the default profile when 24-bit is enabled (TTP #1997) CHG: Logging improvement to be able to see which 'TcpConSrvCon'-task is 'hanging' 2.16.1 (Date 2018-06-08) FIX: long term bitrate can be enabled after upgrade while not visible on webpage anymore FIX: Recorded video clips too short FIX: Backup and restore: Keep network settings option does not work FIX: Settings local/UTC time results in one hour offset FIX: Wrong productdata causes boot failure 2.11.0 (Date 2018-01-12) FIX: SPI always reported support for PTZ-patterns (also when not supported) ADD: 24-bit audio possibility (on selected product) ADD: PTZ-drivers for COHU (codecs only) ADD: Dedicated RTSP URI for video without audio (e.g. rtsp:///VideoOnly-1.Encoder-1) 2.6.0 (Date 2017-07-21) CHG: Increased the TCP-streaming buffer size CHG: OpenSSL upgraded to 1.0.2l FIX: Recording fails at some moment in webapp FIX: Fixed 2CIF resolution from 720x288 and 720x240 to 704x288 and 704x240 FIX: The Hue cannot be set using the SPI FIX: I/O outputpin does not stay closed when closed via SPI FIX: Fixed gsoap vulnerability with buffer overflow bug @ 2GB. FIX: Improved TCP-streaming behaviour in case of network connection problems FIX: Fixed Color Saturation setting on the webapp FIX: Fixed French translations 2.1.1 (Date 2017-03-06) CHG: Embedded help is updated to latest version. CHG: Pressing enter in direct streaming page no longer resuls in SDP download. FIX: disabling auto image enhancement resulted in very dark image. FIX: no longer an igmp join is send when onvif discovery is disabled. FIX: german translations are updated. FIX: favicon.ico is updated to rebrand. FIX: translation error when no privacy mask was created. FIX: RTSP multicast address could not be changed in IE11. FIX: french translations are updated. FIX: privacy masks could not be edited. FIX: ConnectionLoss event on SPI not fired for Connection monitor. FIX: Audio and Data direct streaming settings visible on EVE webapp 1.6.4 (Date 2016-11-15) CHG: Added support for H.264 BP on Ionodes ION-R100 decoder FIX: Actual bit rate slightly higher than set bit rate FIX: Updated lib UPnP to 1.6.20. This resolves Portable SDK for UPnP Devices (libupnp) < 1.6.18. Multiple Stack-based Buffer Overflows RCE (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965) 1.6.3 (Date 2016-09-21) FIX: Instability issue with H.264 and MJPEG encoders (M3-platform) 1.6.2 (Date 2016-07-28) Fixed: FIX: Revert of fix Typo in ONVIF response: DefaultAbsolutePantTiltPositionSpace (this typo was actually made in the ONVIF WSDL specification so should not be corrected) 1.6.1 (Date 2016-03-10) CHG: Added 'S-60 D-MC' encoder factory profile FIX: H.264 BP and MP did not work anymore since 1.5.2 1.6.0 (Date 2016-02-29) CHG: OpenSsl upgraded to 1.0.2f, fixing many security issues CHG: Fixed a number of translations FIX: Sometimes usr/local is not mounted due to delayed node creation by mdev. FIX: PelcoD - wrong aux number in auxiliary command, wrong checksum FIX: Typo in ONVIF response: DefaultAbsolutePantTiltPositionSpace FIX: Wrong actual gateway address reported on SPI, MAPI, etc (gateway address ending on x.x.x.128 or higher) 1.5.2 (Date 2016-01-27) CHG: New HTTP parameters for fine adjustment of trafficshaping and H.264 I/P Q ratio CHG: Traffic shaping factors changed to x1.5, x3 and x6 (was x2, x4, and x6) CHG: Frame based bit rate control (was GOP-based) 1.5.2.int.20151118 (2015-11-18) CHG: Traffic shaping default "medium" for all profiles (was "low" for some) FIX: Packet loss with traffic shaping on "high" 1.5.1 (Date 2015-11-03) CHG: Updated embedded help for version 1.5.x 1.5.0 (Date 2015-10-30) CHG: Different defaults for second encoder (Mobile profile) CHG: FTP enable/disable (MAPI only), default disabled CHG: Telnet enable/disable (MAPI only), default disabled CHG: Diagnostics enable/disable (MAPI only), default disabled CHG: ROM code validator always enabled CHG: Various improvements web app FIX: Webapp: live view suffers from fletsness compared to streams played with VLC FIX: Webapp: menus don't collapse anymore FIX: Webapp: Keywords are not added to the translations FIX: No delete button for region of interest in tampering FIX: UTH: Error setting parameter when changing ptz settings FIX: Webapp: Incorrect question shown when creating PTZ preset. FIX: Webapp: Changing data settings for PTZ writes non existing variable ActualWireMode 1.3.1 (Date 2015-08-12) CHG: Reworked proddata labeling FIX: UTH: All encoders can now encode SXGA 1.3.0 (Date 2015-07-31) CHG: Added single-click recording feature on live view page CHG: Added start/stop functionality for recording to Siqura Programming Interface CHG: Updated Angular Framework to 1.3.14 (web app) CHG: ONVIF Wiper/washer support added CHG: ONVIF Aux 1..4 support added (only 'aux on') CHG: ONVIF Focus support added FIX: Genetec-based resolutions for 960H, HD720, HD1080 and SXGA (for Genetec Omnicast support) FIX: Only show resolutions below or equal to video input resolution (no upscaling) FIX: Fix for failing ONVIF test (IMAGING-2-1-8) FIX: Sometimes crash when recording is started just after reboot FIX: Products sometimes (rarely) does not boot FIX: NAND-flash errors were not always corrected FIX: Revert button sticks on date & time settings page 1.2.1 (Date 2015-03-16) CHG: TTP 1671: added possibility to add reserved PTZ predefined presets CHG: Added snapshot-button on live view page CHG: More user-friendly way to edit OSD texts on the web-interface CHG: Added possibility to use custom font for OSD texts CHG: FTP push settings moved to a more user-friendly location on the web-interface (menu alignment with other products) CHG: Added FTP push continuous posting option CHG: Added embedded help function on the web-interface CHG: Made PTZ control more transparent on web-interface CHG: Added H.264 Base Profile and Main Profile settings CHG: Improved PTZ control responsiveness Fixed: FIX: UTH: PTZ combined use Pelco D driver and Tunneling (TCP/IP) strange reply FIX: OSD update too slow (1-2 sec) FIX: UTH: Slot positie niet meer uitleesbaar voor SA modules FIX: UTH: Event information differ between platforms FIX: Tamper alarm op UNIT ipv VIDEO input Genetec Interface FIX: Video quality: corrected alignment of luma/chroma 1.0.9 (Date 2014-12-02) FIX: support for the TMS320DM8127SCYE0 (silicon revision 3.0) SoC 1.0.8 (Date 2014-10-23) FIX: Webapp: restore with "keep network settings" and "keep certificates" not working FIX: Backup/restore does not work between 2 devices FIX: bsptool did not handle bad blocks properly (used for production only) FIX: power consumption reduction (400~500 mW) by switching off DSP FIX: ONVIF encoding interval was always maximum 25 (regardless of videostandard) 1.0.7 (Date 2014-08-29) CHG: Siqura Programming Interface (SPI) supports TextOverlay (OSD) CHG: Separate OSD TextTransparency and BorderOutlineTransparency control (only available in MAPI and SPI) FIX: unexpected 200 ms response delay with certain HTTP API requests FIX: OSD text not updating anymore after setting an empty string in "Border" render mode 1.0.6 (Date 2014-05-05) FIX: Crash under heavy load (data, cc, video, audio simultaneous) 1.0.5 (Date 2014-04-09) ADD: Possibility to enter NTP time servers by hostname ADD: Camera name now displayed by default on OSD ADD: New SPI parameters videoinput.X.h264.Y.quality and videoinput.X.mjpeg.bitrate FIX: Updated various translations on web interface FIX: Device is not forced to NTSC anymore upon first use with Genetec Omnicast VMS system FIX: Image quality monitor web page did not work without authentication FIX: Some events not properly reported on SPI FIX: Slow PTZ behavior (200ms delay in http answer) FIX: Restart device message shown in Device->Network page while nothing was changed FIX: No feedback on wrong (odd) port number FIX: EVE does not work with DHCP in combination with STP (Spanning Tree Protocol) FIX: Layout change of direct streaming web page FIX: Camera preset rename with a space did not work correctly FIX: User management gui changed the password into ***** 1.0.4 (Date 2014-02-12) ADD: VMD ROI cursor changed to a crosshair FIX: Route contains default gw set to * before correct entry, resulting in non-operation default gateway FIX: Milestone cannot distinguish between digital inputs (ONVIF) 1.0.3 (Date 2014-01-27) ADD: Siqura product logo on web app according to corporate identity FIX: Live view PTZ left/right causes live view to go to next input 1.0.2 (Date 2014-01-17) ADD: Maximum Quality setting for Streaming Profiles FIX: Fullscreen control when already in fullscreen mode FIX: Aspect ratio not correct in full screen mode in webapp FIX: Images with 16:9 aspect ratio displayed as 4:3 in webapp FIX: Place Admin on top in list for Users FIX: IQM is not finished yet. FIX: "Sw3ipe" functie in LiveView is weg FIX: ONVIF AbsoluteMove crashes encoder FIX: ONVIF profile names are not descriptive FIX: Fullscreen control when already in fullscreen mode 1.0.1 (Date 2014-01-06) First customer release