SLFO-pool/fwupd
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
pull from: SLFO-pool:1.1
Branches Tags
SLFO-pool:1.1 SLFO-pool:main

1 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
1fd35cf3bf Sync from SUSE:SLFO:1.1 fwupd revision 18ed66e9ed21b34d4cb5aa755ea2b105 2025-04-15 18:57:07 +02:00
12 changed files with 118 additions and 574 deletions
Expand all files Collapse all files

125
8583.patch
View File

@@ -1,125 +0,0 @@
From a6338350485d78121fee4a69742b7de6275880cd Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Thu, 13 Mar 2025 16:38:52 +0100
Subject: [PATCH] Fix build against pygobject 3.52
With the introduction of pygobject 3.52, accessing GIRepository 2.0 is
no longer permitted.
Instead of complicating the test code with conditionalizing between
GIRepository 2.0 and GIRepository 3.0 in override_gi_search_path,
we can drop override_gi_search_path entirely and rely on GIRepository's
own envvar GI_TYPELIB_PATH to help it find our freshly built typelib
Fixes #8569
---
contrib/test-venv.sh | 3 ++-
data/tests/fwupd_test.py | 15 ---------------
data/tests/meson.build | 7 ++++---
plugins/meson.build | 7 ++++---
plugins/pci-psp/pci_psp_test.py | 3 +--
5 files changed, 11 insertions(+), 24 deletions(-)
diff --git a/contrib/test-venv.sh b/contrib/test-venv.sh
index 1a061d3d7cf0..5e622b95b491 100755
--- a/contrib/test-venv.sh
+++ b/contrib/test-venv.sh
@@ -5,7 +5,8 @@ BUILD=${VENV}/build
INSTALLED_TESTS=${VENV}/dist/share/installed-tests/fwupd
export G_TEST_BUILDDIR=${INSTALLED_TESTS}
export G_TEST_SRCDIR=${INSTALLED_TESTS}
-export LIBFWUPD_BUILD_DIR=${BUILD}/libfwupd
+export GI_TYPELIB_PATH=${BUILD}/libfwupd
+export LD_LIBRARY_PATH=${BUILD}/libfwupd
export DAEMON_BUILDDIR=${BUILD}/src
export PATH=${VENV}/bin:$PATH
diff --git a/data/tests/fwupd_test.py b/data/tests/fwupd_test.py
index 4840fc52eeb5..e4b684fb428a 100755
--- a/data/tests/fwupd_test.py
+++ b/data/tests/fwupd_test.py
@@ -22,19 +22,6 @@
from gi.repository import UMockdev
-def override_gi_search_path():
- if "LIBFWUPD_BUILD_DIR" in os.environ:
- gi.require_version("GIRepository", "2.0")
- from gi.repository import GIRepository
-
- GIRepository.Repository.prepend_search_path(
- os.path.join(os.environ["LIBFWUPD_BUILD_DIR"])
- )
- GIRepository.Repository.prepend_library_path(
- os.path.join(os.environ["LIBFWUPD_BUILD_DIR"])
- )
-
-
class FwupdTest(dbusmock.DBusTestCase):
DBUS_NAME = "org.freedesktop.fwupd"
DBUS_PATH = "/"
@@ -60,8 +47,6 @@ def setUpClass(cls):
cls.start_system_bus()
cls.dbus = Gio.bus_get_sync(Gio.BusType.SYSTEM, None)
- override_gi_search_path()
-
def setUp(self):
self.testbed = UMockdev.Testbed.new()
self.polkitd, self.obj_polkit = self.spawn_server_template(
diff --git a/data/tests/meson.build b/data/tests/meson.build
index 517ce034b3cc..74073f54194b 100644
--- a/data/tests/meson.build
+++ b/data/tests/meson.build
@@ -140,10 +140,11 @@ if umockdev_integration_tests.allowed()
foreach ut: unit_tests
test(ut, python3, args: [fwupd_mockdev_tests, ut], is_parallel: false,
env: {
- 'DAEMON_BUILDDIR': join_paths(meson.project_build_root(), 'src'),
- 'LIBFWUPD_BUILD_DIR': join_paths(meson.project_build_root(), 'libfwupd'),
- 'STATE_DIRECTORY': join_paths(meson.project_build_root(), 'state'),
'CACHE_DIRECTORY': join_paths(meson.project_build_root(), 'cache'),
+ 'DAEMON_BUILDDIR': join_paths(meson.project_build_root(), 'src'),
+ 'GI_TYPELIB_PATH': join_paths(meson.project_build_root(), 'libfwupd'),
+ 'LD_LIBRARY_PATH': join_paths(meson.project_build_root(), 'libfwupd'),
+ 'STATE_DIRECTORY': join_paths(meson.project_build_root(), 'state')
},
)
endforeach
diff --git a/plugins/meson.build b/plugins/meson.build
index 22397c65b4f6..38bb648492e1 100644
--- a/plugins/meson.build
+++ b/plugins/meson.build
@@ -153,12 +153,13 @@ endforeach
if umockdev_integration_tests.allowed()
envs = environment()
+ envs.set('CACHE_DIRECTORY', join_paths(meson.project_build_root(), 'cache'))
envs.set('DAEMON_BUILDDIR', join_paths(meson.project_build_root(), 'src'))
- envs.set('LIBFWUPD_BUILD_DIR', join_paths(meson.project_build_root(), 'libfwupd'))
- envs.set('PYTHONPATH', join_paths(meson.project_source_root(), 'data', 'tests'))
envs.set('FWUPD_DATADIR_QUIRKS', join_paths(meson.project_build_root()))
+ envs.set('GI_TYPELIB_PATH', join_paths(meson.project_build_root(), 'libfwupd'))
+ envs.set('LD_LIBRARY_PATH', join_paths(meson.project_build_root(), 'libfwupd'))
+ envs.set('PYTHONPATH', join_paths(meson.project_source_root(), 'data', 'tests'))
envs.set('STATE_DIRECTORY', join_paths(meson.project_build_root(), 'state'))
- envs.set('CACHE_DIRECTORY', join_paths(meson.project_build_root(), 'cache'))
foreach suite: umockdev_tests
r = run_command(unittest_inspector, suite,
diff --git a/plugins/pci-psp/pci_psp_test.py b/plugins/pci-psp/pci_psp_test.py
index b3f4f3d924c8..059bf272c1ce 100755
--- a/plugins/pci-psp/pci_psp_test.py
+++ b/plugins/pci-psp/pci_psp_test.py
@@ -8,10 +8,9 @@
import os
import sys
import unittest
-from fwupd_test import FwupdTest, override_gi_search_path
+from fwupd_test import FwupdTest
try:
- override_gi_search_path()
gi.require_version("Fwupd", "2.0")
from gi.repository import Fwupd # pylint: disable=wrong-import-position
except ValueError:

33
8588.patch
View File

@@ -1,33 +0,0 @@
From 5e095c944557cbebc47cbf42c3738358fa4e45d4 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Fri, 14 Mar 2025 19:13:42 +0000
Subject: [PATCH] trivial: Fix compile when using Pango >= 1.56.2
Fixes https://github.com/fwupd/fwupd/issues/8587
---
plugins/uefi-capsule/make-images.py | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/plugins/uefi-capsule/make-images.py b/plugins/uefi-capsule/make-images.py
index d4c2242de5f0..a8641d61282a 100755
--- a/plugins/uefi-capsule/make-images.py
+++ b/plugins/uefi-capsule/make-images.py
@@ -141,8 +141,16 @@ def main(args) -> int:
items = Pango.itemize(pctx, label_translated, 0, length, attrs, None)
if not items:
continue
- gs = Pango.GlyphString()
- Pango.shape(label_translated, length, items[0].analysis, gs)
+ try:
+ # urgh, https://gitlab.gnome.org/GNOME/pango/-/merge_requests/829
+ # -- if we depend on Pango >= 1.56.2 we can drop the fallback
+ #
+ # ...or if we depend on python3-gobject >= 3.51.0 we can use the nicer:
+ # len(inspect.signature(Pango.shape).parameters)
+ gs = Pango.shape(label_translated, length, items[0].analysis)
+ except TypeError:
+ gs = Pango.GlyphString()
+ Pango.shape(label_translated, length, items[0].analysis, gs)
del img, cctx, pctx, layout
def find_size(fs, f, data):

2
_service
View File

@@ -4,7 +4,7 @@
<param name="url">https://github.com/fwupd/fwupd.git</param>
<param name="scm">git</param>
<param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
<param name="revision">2.0.6</param>
<param name="revision">1.9.16</param>
<param name="versionrewrite-pattern">(.*)\+0</param>
<param name="versionrewrite-replacement">\1</param>
</service>

BIN
fwupd-1.9.16.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
fwupd-2.0.6.obscpio (Stored with Git LFS)
View File

Binary file not shown.

15
fwupd-bsc1130056-change-shim-path.patch
View File

@@ -1,13 +1,14 @@
diff --git a/plugins/uefi-capsule/fu-uefi-bootmgr.c b/plugins/uefi-capsule/fu-uefi-bootmgr.c
index e7761b52..0a425455 100644
index 9d9e30f..daa9b2c 100644
--- a/plugins/uefi-capsule/fu-uefi-bootmgr.c
+++ b/plugins/uefi-capsule/fu-uefi-bootmgr.c
@@ -368,7 +368,7 @@ fu_uefi_bootmgr_bootnext(FuEfivars *efivars,
if (!fu_efivars_get_secure_boot(efivars, &secureboot_enabled, error))
return FALSE;
if (secureboot_enabled) {
- shim_app = fu_uefi_get_esp_app_path(esp_path, "shim", error);
+ shim_app = g_strdup_printf ("%s/shim.efi", fu_uefi_get_esp_path_for_os(esp_path));
@@ -408,7 +408,8 @@ fu_uefi_bootmgr_bootnext(FuVolume *esp,
/* test if we should use shim */
secure_boot = fu_efivar_secure_boot_enabled(NULL);
if (secure_boot) {
- shim_app = fu_uefi_get_esp_app_path("shim", error);
+ shim_app = g_strdup_printf ("%s/shim.efi",
+ fu_uefi_get_esp_path_for_os());
if (shim_app == NULL)
return FALSE;

18
fwupd-jscSLE-11766-close-efidir-leap-gap.patch Normal file
View File

@@ -0,0 +1,18 @@
Index: fwupd-1.9.14/plugins/uefi-capsule/fu-uefi-common.c
===================================================================
--- fwupd-1.9.14.orig/plugins/uefi-capsule/fu-uefi-common.c
+++ fwupd-1.9.14/plugins/uefi-capsule/fu-uefi-common.c
@@ -235,9 +235,13 @@ fu_uefi_get_esp_path_for_os(void)
g_autofree gchar *esp_path = NULL;
g_autoptr(GError) error_local = NULL;
g_autoptr(GHashTable) os_release = fwupd_get_os_release(&error_local);
+ g_auto(GStrv) split = NULL;
/* try to lookup /etc/os-release ID key */
if (os_release != NULL) {
os_release_id = g_hash_table_lookup(os_release, "ID");
+ /* Overide os_release_id for SLE and openSUSE */
+ split = g_strsplit (g_hash_table_lookup (os_release, "NAME"), " ", 2);
+ os_release_id = g_ascii_strdown (split[0], -1);
} else {
g_debug("failed to get ID: %s", error_local->message);
}

372
fwupd.changes
View File

@@ -1,375 +1,3 @@
-------------------------------------------------------------------
Mon Mar 17 15:11:43 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Add 8588.patch: Fix compile when using Pango >= 1.56.2.
-------------------------------------------------------------------
Tue Mar 11 14:41:20 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Add explicit pkgconfig(pango) BuildRequires: used to be pulled in
by python-gobject, but that's no longer the case with 3.52.
- Add 8583.patch: Fix build againts pygobject 3.52.
-------------------------------------------------------------------
Fri Feb 14 13:22:21 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 2.0.6:
+ This release adds the following features:
- Add 'fwupdtool efiboot-hive' to allow setting the nmbl cmdline
- Allow setting the inhibit reason from fwupdmgr
- Allow USB-provided hidraw devices to use DS-20 descriptors
+ This release fixes the following bugs:
- Correctly deploy the dbx on MSI hardware
- Correctly extract the milestone from Lenovo version numbers
- Do not add invalid CoSWID entities to fix a fuzzing hang
- Fix Logitech HID++ child device detection
- Get the correct internal network VID and PID from Redfish
- Include the payload length in the Wacom scaler update start command
- Only use emulated devices when using device-emulate
- Reload the thunderbolt retimer version after the payload is deployed
- Speed up startup by ~1% by limiting the precision of percentage updates
- Support new version formats for future Huddly devices
- Updating the Logitech Rallybar in a more reliable way
+ This release adds support for the following hardware:
- HPE Gen10/Gen10+ devices using Redfish
-------------------------------------------------------------------
Mon Feb 3 14:12:39 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 2.0.5:
+ This release adds the following features:
- Allow emulating devices reading EFI keys
- Allow skipping device tests by CPU architecture
+ This release fixes the following bugs:
- Cleanup Dell kestrel devices when disconnected
- Correctly build binary EFI_SIGNATURE_LIST objects
- Do not allow dbx updates when no ESP was found
- Ignore BootXXXX entries that do not exist when checking the dbx
- Ignore EFI binaries that are zero-sized, or not well formed
- Inhibit dbx updates if snapd is not available when using Ubuntu-style FDE
- Only match the device checksum if the protocol matches
- Raise authentication requirements for emulation-load
- Request to upload failed reports for install/downgrade too
- Use the kernel architecture when building the dbx instance ID
- Write sbatlevel to PE/COFF files correctly
+ This release adds support for the following hardware:
- More ELAN Fingerprint readers
- Star Labs StarLite Magnetic Keyboard
-------------------------------------------------------------------
Mon Jan 20 16:02:53 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 2.0.4+4:
+ dell-kestrel: cleanup the devices when disconnected
+ Raise authentication requirements for emulation-load
+ uefi-dbx: Only list the version in the quirk file key
- Update to version 2.0.4:
+ This release adds the following features:
- Record the entire USB descriptor in the emulation data
- Return defined return code when network metadata refresh
fails
+ This release fixes the following bugs:
- Add a new private flag of 'delayed-removal' to remove a
footgun
- Added a more specific instance ID for qc-s5gen2 USB devices
- Add fadvise64 to the systemd syscall allowlist
- Add the Unifying bootloader VID/PID as a full instance ID
- Allow disabling zero-length packet for modem-manager devices
- Allow recovering Logitech Bolt receiver in bootloader mode
- Correctly parse CSV streams without trailing NULs
- Detect if network is reachable before downloading metadata
- Disabling reading the OptionROM device after dumping
- Do not claim kernel interface to avoid Parade downstream port
resets
- Do not save BootOrder when measuring system integrity
- Enumerate child nordic-hid devices correctly
- Fix a possible critical warning for Mediatek scaler devices
- Fix Firehose padding for some modem-manager devices
- Fix UEFI capsule updates when using 4096 byte NVME blocksize
- Get the Dell dock update package version correctly
- Never read more of the composite stream from a partial stream
- Notify snapd about DBX updates
- Probe sd_mod before starting
- Properly handle FU_DEVICE_PRIVATE_FLAG_NO_GENERIC_GUIDS
- Remove the test for CSME 18 manufacturing lock
- Restore the Logitech compatibility UFY instance IDs
- Show the correct version when installing a same-device
composite update
- Show updates with problems when using 'fwupdmgr get-releases'
- Split up the AMD GPU VBIOS P/N for the version
- Use attr USB4_TYPE rather than guessing from
thunderbolt_domain
- Use the ISO date as a dbx version number for the Microsoft
KEK
- Use the KEK to set the dbx vendor ID
-------------------------------------------------------------------
Thu Jan 9 14:51:34 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 2.0.3:
+ This release adds the following features:
- Add a power quirk for Framework systems
- Speed up writing firmware to the new Dell dock
+ This release fixes the following bugs:
- Deinitialize DRM after getting GPU marketing name to fix Xorg
startup
- Do not show 'Device has been removed' as a dock device error
- Fix a warning about legion-hid2 progress going backwards
- Fix some small memory leaks in realtek-mst and dell-kestrel
- Only mark supported Logitech devices as updatable
- Parse FDTs with missing END tokens to work on more
ChromeBooks
- Reduce the device emulation RSS requirement by ~40%
- Skip checking BootXXXX entries when the partition does not
exist
+ This release adds support for the following hardware:
- Primax Ryder Mouse
- Changes from version 2.0.2:
+ Add fwupdtool 'get-version-formats' and 'vercmp' commands
+ Add support for checking AMD HW configuration MSR
+ Add support for enumerate-only device emulation to increase
test coverage
+ Add support for passing a JSON file for emulation instead of
ZIP
+ Remove support for now-obsolete CSR DFU and Nitrokey devices
- Changes from version 2.0.1:
+ Add API so that gnome-firmware can record devices for emulation
+ Save the emulation-tag devices to the database rather than the
config file
- Changes from version 2.0.0:
+ Drop legacy signing formats for verification of metadata and
firmware
+ Reduce the runtime memory usage and CPU startup cost
significantly
+ Remove all the long-deprecated legacy CLI tools
+ Remove libgusb and GUdev from plugins and use libusb and sysfs
instead
+ Stream firmware binaries over a file descriptor rather than
into memory
- Drop harden_fwupd-offline-update.service.patch: offline service
no longer exists.
- Drop harden_fwupd-refresh.service.patch: merged upstream.
- Drop fwupd-jscSLE-11766-close-efidir-leap-gap.patch: fwupd now
falls back to ID_LIKE.
- Bump shlib_sover to 3, following upstream.
- Add python3-dbusmock BuildRequires: new dependency.
-------------------------------------------------------------------
Thu Jan 9 06:38:36 UTC 2025 - Gary Ching-Pang Lin <glin@suse.com>
- Update fwupd-bsc1130056-change-shim-path.patch to correct the
path for shim.efi
-------------------------------------------------------------------
Mon Dec 23 11:53:48 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
- Correct efi_fw_update arch list:
* Remove ppc64le and s390x - these aren't supported
* Add armv6hl/armv7hl and riscv64 - support recently added
-------------------------------------------------------------------
Sat Dec 21 11:01:39 UTC 2024 - tobi.goergens@gmail.com
- Update to version 1.9.27:
+ This release fixes the following bugs:
- Add a power quirk for Framework systems
- Allow cros-ec repair the device after flush failure
- Check the VLI USB3 firmware size before erasing
- Disallow DBX updates on the Samsung Galaxy Book2 360
- Do not show 'Device has been removed' as a dock error
- Do not use a CMSE11 function when using CSME18
- Fix an unlikely memory leak when using ModemManger Sahara devices
- Fix a tiny memory leak in algoltek-usb when checking status
- Mark UEFI dbx updates as affecting full disk encryption
- Parse FDTs with missing END tokens
- Rename the dell-k2 plugin to dell-kestrel and rework the update flow
+ This release adds support for the following hardware:
- Google GID8 Headset
- Parade PS188
- Primax Ryder Mouse
- Update to version 1.9.26:
+ This release fixes the following bugs:
- Add HSI tests for Arrow and Meteor Lake CSME
- Allow UEFI capsule config values to be set with fwupdmgr modify-config
- Check for the logitech-bulkcontroller response packet length correctly
- Fix using ID_LIKE for fallback when ESP isn't mounted
- Fix various Coverity-reported overflowed constants
- Only compare the first 10 characters of the AMD GPU part number
+ This release adds support for the following hardware:
- Jabra PanaCast
- Some Lenovo Legion HID devices
-------------------------------------------------------------------
Tue Oct 15 14:47:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop rcFOO symlinks (PED-266).
-------------------------------------------------------------------
Mon Oct 14 18:40:47 UTC 2024 - Matwey Kornilov <matwey.kornilov@gmail.com>
- Enable plugin_amdgpu: the plugin built succesfully
-------------------------------------------------------------------
Wed Sep 25 08:47:28 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.25:
+ This release fixes the following bugs:
- Fix checking new Synaptics MST firmware size
- Make another ModemManager instance ID visible for firmware
matching
- Never set a zero-length device name when matching the vendor
name
- Recalculate the device supported flag when reparenting
devices
- Reduce idle power consumption of paired logitech-hidpp
devices
- Retry the open action to fix BC901 NVMe reload
+ This release adds support for the following hardware:
- Algoltek devices supporting sector erase
- Dell K2 dock
- Intel USB4 hub 5787
- More MediaTek scaler devices
- Nordic HID devices supporting DFUv1
-------------------------------------------------------------------
Thu Aug 22 06:07:43 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.24:
+ This release fixes the following bugs:
- Add support for capsule on disk for Dell systems
- Do not re-use the connection cache to fix Redfish BMC restart
- Exclude known recovery partitions when choosing an ESP volume
- Fix the VLI usb3 private flag registration
+ This release adds support for the following hardware:
- More Mediatek scaler devices
- Parade USB hubs
-------------------------------------------------------------------
Tue Aug 6 05:36:59 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.23:
+ Fix a regression in 1.9.22 that caused some devices not to
probe correctly.
+ Try harder to get a valid response when flashing usi-dock
devices.
-------------------------------------------------------------------
Mon Jul 29 06:17:20 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.22:
+ This release fixes the following bugs:
- Add a PCB tag in the usi-dock GUID to distinguish different
revisions.
- Add explicit hidraw permission to fwupd.service to fix
several devices.
- Always load the flashrom plugin when using coreboot.
- Be explicit with the rts54hub detach retry delay to fix the
Acer D501.
- Be more careful when setting thelio-io version strings.
- Fix a critical warning if a device returns unexpected data
from DFU upload.
- Fix a critical warning if the DMI manufacturer is an empty
string.
- Fix several reported integer overflows from Coverity.
- Fix the Blackbird and Talos II baseboard details.
- Fix transient version number issue after flashing wacom-usb
devices.
- Increase the cros_ec acquiesce delay to manage additional
reboots.
- Only accept valid ASCII cabinet filenames.
- Only require udevdir when gudev support is enabled.
- Only show one PixArt receiver device per physical device.
- Set the rts54hub version in more cases.
- Speed up the daemon self tests by ~60%.
- Use the bootloader build-timestamp as the fallback HWID BIOS
version.
+ This release adds support for the following hardware:
- Framework SD
- Raspberry Pi 5 (unofficial)
-------------------------------------------------------------------
Fri Jun 14 12:47:11 UTC 2024 - pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro, [bsc#1212476]
-------------------------------------------------------------------
Fri Jun 14 07:23:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.21:
+ This release adds the following features:
- Add a fwupd.conf option to ignore CHID requirements for
development.
+ This release fixes the following bugs:
- Allow loading Wacom device flags from metadata.
- Check for needs-shutdown like we do needs-reboot.
- Fix updating the Aerox 3 Wireless Mouse.
+ This release adds support for the following hardware:
- Synaptics Carrera devices.
- Wacom Movink devices.
-------------------------------------------------------------------
Tue May 21 07:51:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.20:
+ This release adds the following features:
- Add some API to allow uploading reports for use in
gnome-firmware
- Allow the user to upload the entire devicelist to the LVFS
+ This release fixes the following bugs:
- Correctly detect Synaptics Cayenne and Spyder firmware
- Do not offer the UEFI DBX update on Lenovo ideacentre
300-20ISH
- Explicitly enable shadow stack support in fwupd.service
- Fix a potential buffer overread when reading the algoltek-usb
version number
- Fix the CET HSI test by rewriting it in assembly
- Fix using --verbose in fwupdmgr
- Ignore --p2p when downloading the metadata signature
+ This release adds support for the following hardware:
- FPC FF2 fingerprint devices
-------------------------------------------------------------------
Tue May 7 10:48:06 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.19:
+ This release adds the following features:
- Drop heap as part of a housekeeping action.
- Retry downloads to workaround flaky network connections.
+ This release fixes the following bugs:
- Assume new ME versions are called CSME.
- Fix a buffer-overread when parsing invalid CoSWID entity
data.
- Fix a logic thinko when parsing GUID strings.
- Fix downloading files on Windows with libcurl >= 7.77.0.
- Revert back to a simpler syscall blocklist-based filter.
+ This release adds support for the following hardware:.
- Acer U32 dock.
- Luxshare 7-in-1 dock.
- Pixart models 2404, 4206, 2440, 2418, 2752, 2840 and 2818.
-------------------------------------------------------------------
Mon Apr 29 09:38:53 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.9.18:
+ Fix a small memory leak in fwupdmgr.
+ Use simple allow-listing for the syscall filter.
- Changes from version 1.9.17:
+ This release fixes the following bugs:
- Capture device status changes when in bootloader mode.
- Change the systemd SystemCallFilter to an allowlist.
- Detect when a CCGX dock forbids downgrade.
- Do not add an overly-generic instance ID to CrosEC devices.
- Do not read OptionROM verification data on Apple hardware.
- Emit a signal when a user-request is no longer valid.
- Fix a potential crash when parsing invalid CBOR data.
- Properly show SPDX project licenses with AND as a delimiter.
- Verify that syscalls are being filtered correctly at startup.
+ This release adds support for the following hardware:
- Asus DC201.
- Realtek Gen1 RTS541x.
-------------------------------------------------------------------
Mon Apr 8 06:52:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

6
fwupd.obsinfo
View File

@@ -1,4 +1,4 @@
name: fwupd
version: 2.0.6
mtime: 1739538606
commit: 476e1bf881daa548ad6bba60d713fe5666a9d53e
version: 1.9.16
mtime: 1712312610
commit: 7e82013994fe3e90f236667656bb47d2dc386d84

76
fwupd.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package fwupd
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
%ifarch %{ix86} x86_64 %{arm} aarch64 riscv64
%ifarch %{ix86} x86_64 aarch64 riscv64 s390x ppc64le
%bcond_without efi_fw_update
%else
%bcond_with efi_fw_update
@@ -36,11 +36,11 @@
%bcond_with fish_support
%endif
%define shlib_sover 3
%define shlib_sover 2
%define docs 0
Name: fwupd
Version: 2.0.6
Version: 1.9.16
Release: 0
Summary: Device firmware updater daemon
License: GPL-2.0-or-later AND LGPL-2.1-or-later
@@ -48,12 +48,14 @@ Group: System/Management
URL: https://fwupd.org/
Source: %{name}-%{version}.tar.xz
# PATCH-FIX-UPSTREAM
Patch0: https://patch-diff.githubusercontent.com/raw/fwupd/fwupd/pull/8583.patch
# PATCH-FIx-UPSTREAM
Patch1: https://patch-diff.githubusercontent.com/raw/fwupd/fwupd/pull/8588.patch
# PATCH-FIX-OPENSUSE fwupd-bsc1130056-shim-path.patch bsc#1130056
Patch99: fwupd-bsc1130056-change-shim-path.patch
Patch1: fwupd-bsc1130056-change-shim-path.patch
# PATCH-FIX-OPENSUSE fwupd-jscSLE-11766-close-efidir-leap-gap.patch jsc#SLE-11766 qkzhu@suse.com -- Set SLE and openSUSE esp os dir at runtime
Patch2: fwupd-jscSLE-11766-close-efidir-leap-gap.patch
# PATCH-FEATURE-OPENSUSE harden_fwupd-offline-update.service.patch -- Harden services
Patch3: harden_fwupd-offline-update.service.patch
# PATCH-FEATURE-OPENSUSE harden_fwupd-refresh.service.patch -- Harden services
Patch4: harden_fwupd-refresh.service.patch
BuildRequires: dejavu-fonts
BuildRequires: fdupes
@@ -74,7 +76,6 @@ BuildRequires: pkgconfig
BuildRequires: procps
BuildRequires: python3-Pillow
BuildRequires: python3-cairo
BuildRequires: python3-dbusmock
BuildRequires: python3-gobject-Gdk
BuildRequires: python3-setuptools
BuildRequires: python3-xml
@@ -105,14 +106,12 @@ BuildRequires: pkgconfig(json-glib-1.0) >= 1.1.1
BuildRequires: pkgconfig(libarchive)
BuildRequires: pkgconfig(libcbor)
BuildRequires: pkgconfig(libcurl) >= 7.62.0
BuildRequires: pkgconfig(libdrm_amdgpu)
BuildRequires: pkgconfig(libelf)
BuildRequires: pkgconfig(libgcab-1.0) >= 1.0
BuildRequires: pkgconfig(libprotobuf-c)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(mbim-glib)
BuildRequires: pkgconfig(mm-glib)
BuildRequires: pkgconfig(pango)
BuildRequires: pkgconfig(polkit-gobject-1) >= 0.103
BuildRequires: pkgconfig(protobuf)
BuildRequires: pkgconfig(qmi-glib)
@@ -120,7 +119,7 @@ BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(tss2-esys) >= 2.0
BuildRequires: pkgconfig(udev)
BuildRequires: pkgconfig(umockdev-1.0)
BuildRequires: pkgconfig(xmlb) >= 0.3.19
BuildRequires: pkgconfig(xmlb) >= 0.1.13
%if %{with efi_fw_update}
BuildRequires: pkgconfig(efiboot)
BuildRequires: pkgconfig(efivar) >= 33
@@ -137,9 +136,7 @@ Requires: shim >= 11
Requires: udisks2
%endif
%endif
%if %{with efi_fw_update}
Requires: fwupd-efi
%endif
Requires: (fwupd-efi if shim)
%description
fwupd is a daemon to allows session software to update device firmware on
@@ -230,15 +227,16 @@ export CFLAGS="%{optflags} -D_GNU_SOURCE"
# Synaptics requires Dell support, i.e. x86 only
%meson \
-Dlaunchd=disabled \
-Dplugin_amdgpu=enabled \
-Dplugin_amdgpu=disabled \
-Dpassim=disabled \
%if %{with efi_fw_update}
-Dplugin_uefi_capsule=enabled \
-Dplugin_uefi_pk=enabled \
-Defi_binary=false \
-Dcompat_cli=true \
%else
-Dplugin_uefi_capsule=disabled \
-Dplugin_uefi_pk=disabled \
-Dplugin_uefi_capsule=false \
-Dplugin_uefi_pk=false \
%endif
%if %{with msr_support}
-Dplugin_msr=enabled \
@@ -258,8 +256,6 @@ export CFLAGS="%{optflags} -D_GNU_SOURCE"
-Ddocs=enabled \
-Dsupported_build=enabled \
-Dtests=false \
-Dvalgrind=disabled \
-Dvendor_ids_dir=/usr/share/hwdata \
%ifarch s390x ppc64le
-Dplugin_flashrom=disabled \
%endif
@@ -273,6 +269,11 @@ export CFLAGS="%{optflags} -D_GNU_SOURCE"
%install
%meson_install
# Add SUSE specific rcfoo service symlink
mkdir -p %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcfwupd-offline-update
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcfwupd-refresh
%find_lang %{name}
%fdupes -s %{buildroot}%{_datadir}/doc
@@ -286,38 +287,44 @@ rm -fr %{buildroot}%{_datadir}/installed-tests
rm -fr %{buildroot}%{_datadir}/fish
%endif
%if %{suse_version} >= 1600
%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/*
%endif
%check
%meson_test
%ldconfig_scriptlets -n libfwupd%{shlib_sover}
%preun
%service_del_preun %{name}.service fwupd-refresh.service
%service_del_preun %{name}.service fwupd-offline-update.service fwupd-refresh.service
%pre
%service_add_pre %{name}.service fwupd-refresh.service
%service_add_pre %{name}.service fwupd-offline-update.service fwupd-refresh.service
%post
%udev_rules_update
%service_add_post %{name}.service fwupd-refresh.service
%service_add_post %{name}.service fwupd-offline-update.service fwupd-refresh.service
%postun
%service_del_postun %{name}.service fwupd-refresh.service
%service_del_postun %{name}.service fwupd-offline-update.service fwupd-refresh.service
%files
%license COPYING
%doc README.md
%{_unitdir}/fwupd.service
%{_unitdir}/fwupd-offline-update.service
%dir %{_unitdir}/system-update.target.wants/
%{_unitdir}/system-update.target.wants/fwupd-offline-update.service
%{_unitdir}/fwupd-refresh.service
%{_unitdir}/fwupd-refresh.timer
%{_libexecdir}/fwupd
%{_bindir}/fwupdmgr
%{_bindir}/fwupdtool
%if %{with efi_fw_update}
%{_bindir}/fwupdagent
%{_bindir}/fwupdate
%endif
%{_bindir}/dbxtool
%{_sbindir}/rc%{name}
%{_sbindir}/rcfwupd-offline-update
%{_sbindir}/rcfwupd-refresh
%{_datadir}/dbus-1/system.d/org.freedesktop.fwupd.conf
%{_datadir}/dbus-1/interfaces/org.freedesktop.fwupd.xml
%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
@@ -365,6 +372,7 @@ rm -fr %{buildroot}%{_datadir}/fish
%dir %{_sysconfdir}/grub.d
%{_sysconfdir}/grub.d/35_fwupd
%endif
%{_udevrulesdir}/90-fwupd-devices.rules
%dir %{_datadir}/metainfo
%{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml
%{_datadir}/icons/hicolor/*
@@ -380,6 +388,14 @@ rm -fr %{buildroot}%{_datadir}/fish
%{_datadir}/%{name}/quirks.d/builtin.quirk.gz
%_sysusersdir/fwupd.conf
%if %{with efi_fw_update}
%files -n dfu-tool
%{_bindir}/dfu-tool
%if 0%{?docs}
%{_mandir}/man1/dfu-tool.1%{?ext_man}
%endif
%endif
%files -n libfwupd%{shlib_sover}
%{_libdir}/libfwupd.so.*
@@ -390,7 +406,7 @@ rm -fr %{buildroot}%{_datadir}/fish
%{_datadir}/gir-1.0/Fwupd-2.0.gir
%{_datadir}/vala/vapi/fwupd.deps
%{_datadir}/vala/vapi/fwupd.vapi
%{_includedir}/fwupd-3/
%{_includedir}/fwupd-1/
%{_libdir}/pkgconfig/fwupd.pc
%{_libdir}/libfwupd.so

21
harden_fwupd-offline-update.service.patch Normal file
View File

@@ -0,0 +1,21 @@
Index: fwupd-1.7.2/data/fwupd-offline-update.service.in
===================================================================
--- fwupd-1.7.2.orig/data/fwupd-offline-update.service.in
+++ fwupd-1.7.2/data/fwupd-offline-update.service.in
@@ -8,6 +8,16 @@ After=sysinit.target system-update-pre.t
Before=shutdown.target system-update.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
ExecStart=@libexecdir@/fwupd/fwupdoffline
FailureAction=reboot

18
harden_fwupd-refresh.service.patch Normal file
View File

@@ -0,0 +1,18 @@
Index: fwupd-1.9.10/data/motd/fwupd-refresh.service.in
===================================================================
--- fwupd-1.9.10.orig/data/motd/fwupd-refresh.service.in
+++ fwupd-1.9.10/data/motd/fwupd-refresh.service.in
@@ -14,5 +14,13 @@ SystemCallFilter=~@mount
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictRealtime=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+# end of automatic additions
SuccessExitStatus=2
ExecStart=@bindir@/fwupdmgr refresh