Accepting request 1240507 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1240507 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fwupd?expand=0&rev=89
2025-01-28 13:58:32 +00:00 · 2025-01-28 13:58:32 +00:00 · 02eb7c6168
commit 02eb7c6168
parent 361d7b24bc b969c6afc1
10 changed files with 123 additions and 106 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="url">https://github.com/fwupd/fwupd.git</param>
    <param name="scm">git</param>
    <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
-    <param name="revision">1.9.27</param>
+    <param name="revision">95017c2</param>
    <param name="versionrewrite-pattern">(.*)\+0</param>
    <param name="versionrewrite-replacement">\1</param>
  </service>
--- a/fwupd-1.9.27.obscpio
+++ b/fwupd-1.9.27.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8e769a81823bf3abaaa8cf75f2e45b4e1a4e775b4b0c1a9718fda7e9a4646f22
-size 18645517
--- a/fwupd-2.0.4+4.obscpio
+++ b/fwupd-2.0.4+4.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e267e10a6d0c9ed93333f77cc7faee577580a46951c85007f68928db722d00f9
+size 20710925
--- a/fwupd-bsc1130056-change-shim-path.patch
+++ b/fwupd-bsc1130056-change-shim-path.patch
@ -1,11 +1,11 @@
-Index: fwupd-1.9.27/plugins/uefi-capsule/fu-uefi-bootmgr.c
-===================================================================
--- fwupd-1.9.27.orig/plugins/uefi-capsule/fu-uefi-bootmgr.c
-+++ fwupd-1.9.27/plugins/uefi-capsule/fu-uefi-bootmgr.c
-@@ -409,7 +409,7 @@ fu_uefi_bootmgr_bootnext(FuVolume *esp,
- 	/* test if we should use shim */
- 	secure_boot = fu_efivar_secure_boot_enabled(NULL);
- 	if (secure_boot) {
+diff --git a/plugins/uefi-capsule/fu-uefi-bootmgr.c b/plugins/uefi-capsule/fu-uefi-bootmgr.c
+index e7761b52..0a425455 100644
+--- a/plugins/uefi-capsule/fu-uefi-bootmgr.c
+++ b/plugins/uefi-capsule/fu-uefi-bootmgr.c
+@@ -368,7 +368,7 @@ fu_uefi_bootmgr_bootnext(FuEfivars *efivars,
+ 	if (!fu_efivars_get_secure_boot(efivars, &secureboot_enabled, error))
+ 		return FALSE;
+ 	if (secureboot_enabled) {
 -		shim_app = fu_uefi_get_esp_app_path(esp_path, "shim", error);
 +		shim_app = g_strdup_printf ("%s/shim.efi", fu_uefi_get_esp_path_for_os(esp_path));
 		if (shim_app == NULL)
--- a/fwupd-jscSLE-11766-close-efidir-leap-gap.patch
+++ b/fwupd-jscSLE-11766-close-efidir-leap-gap.patch
@ -1,22 +0,0 @@
-Index: fwupd-1.9.14/plugins/uefi-capsule/fu-uefi-common.c
-===================================================================
--- fwupd-1.9.14.orig/plugins/uefi-capsule/fu-uefi-common.c
-+++ fwupd-1.9.14/plugins/uefi-capsule/fu-uefi-common.c
-@@ -251,6 +251,7 @@
- 	g_autofree gchar *full_systemd_path = NULL;
- 	g_autoptr(GError) error_local = NULL;
- 	g_autoptr(GHashTable) os_release = NULL;
-+	g_auto(GStrv) split = NULL;
- 
- 	/* distro (or user) is using systemd-boot */
- 	systemd_path = g_build_filename("EFI", "systemd", NULL);
-@@ -262,6 +263,9 @@
- 	os_release = fwupd_get_os_release(&error_local);
- 	if (os_release != NULL) {
- 		os_release_id = g_hash_table_lookup(os_release, "ID");
-+		/* Overide os_release_id for SLE and openSUSE */
-+		split = g_strsplit (g_hash_table_lookup (os_release, "NAME"), " ", 2);
-+		os_release_id = g_ascii_strdown (split[0], -1);
- 	} else {
- 		g_debug("failed to get ID: %s", error_local->message);
- 	}
--- a/fwupd.changes
+++ b/fwupd.changes
@ -1,3 +1,101 @@
+-------------------------------------------------------------------
+Mon Jan 20 16:02:53 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 2.0.4+4:
+  + dell-kestrel: cleanup the devices when disconnected
+  + Raise authentication requirements for emulation-load
+  + uefi-dbx: Only list the version in the quirk file key
+- Update to version 2.0.4:
+  + This release adds the following features:
+    - Record the entire USB descriptor in the emulation data
+    - Return defined return code when network metadata refresh
+      fails
+  + This release fixes the following bugs:
+    - Add a new private flag of 'delayed-removal' to remove a
+      footgun
+    - Added a more specific instance ID for qc-s5gen2 USB devices
+    - Add fadvise64 to the systemd syscall allowlist
+    - Add the Unifying bootloader VID/PID as a full instance ID
+    - Allow disabling zero-length packet for modem-manager devices
+    - Allow recovering Logitech Bolt receiver in bootloader mode
+    - Correctly parse CSV streams without trailing NULs
+    - Detect if network is reachable before downloading metadata
+    - Disabling reading the OptionROM device after dumping
+    - Do not claim kernel interface to avoid Parade downstream port
+      resets
+    - Do not save BootOrder when measuring system integrity
+    - Enumerate child nordic-hid devices correctly
+    - Fix a possible critical warning for Mediatek scaler devices
+    - Fix Firehose padding for some modem-manager devices
+    - Fix UEFI capsule updates when using 4096 byte NVME blocksize
+    - Get the Dell dock update package version correctly
+    - Never read more of the composite stream from a partial stream
+    - Notify snapd about DBX updates
+    - Probe sd_mod before starting
+    - Properly handle FU_DEVICE_PRIVATE_FLAG_NO_GENERIC_GUIDS
+    - Remove the test for CSME 18 manufacturing lock
+    - Restore the Logitech compatibility UFY instance IDs
+    - Show the correct version when installing a same-device
+      composite update
+    - Show updates with problems when using 'fwupdmgr get-releases'
+    - Split up the AMD GPU VBIOS P/N for the version
+    - Use attr USB4_TYPE rather than guessing from
+      thunderbolt_domain
+    - Use the ISO date as a dbx version number for the Microsoft
+      KEK
+    - Use the KEK to set the dbx vendor ID
+
+-------------------------------------------------------------------
+Thu Jan  9 14:51:34 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 2.0.3:
+  + This release adds the following features:
+    - Add a power quirk for Framework systems
+    - Speed up writing firmware to the new Dell dock
+  + This release fixes the following bugs:
+    - Deinitialize DRM after getting GPU marketing name to fix Xorg
+      startup
+    - Do not show 'Device has been removed' as a dock device error
+    - Fix a warning about legion-hid2 progress going backwards
+    - Fix some small memory leaks in realtek-mst and dell-kestrel
+    - Only mark supported Logitech devices as updatable
+    - Parse FDTs with missing END tokens to work on more
+      ChromeBooks
+    - Reduce the device emulation RSS requirement by ~40%
+    - Skip checking BootXXXX entries when the partition does not
+      exist
+  + This release adds support for the following hardware:
+    - Primax Ryder Mouse
+- Changes from version 2.0.2:
+  + Add fwupdtool 'get-version-formats' and 'vercmp' commands
+  + Add support for checking AMD HW configuration MSR
+  + Add support for enumerate-only device emulation to increase
+    test coverage
+  + Add support for passing a JSON file for emulation instead of
+    ZIP
+  + Remove support for now-obsolete CSR DFU and Nitrokey devices
+- Changes from version 2.0.1:
+  + Add API so that gnome-firmware can record devices for emulation
+  + Save the emulation-tag devices to the database rather than the
+    config file
+- Changes from version 2.0.0:
+  + Drop legacy signing formats for verification of metadata and
+    firmware
+  + Reduce the runtime memory usage and CPU startup cost
+    significantly
+  + Remove all the long-deprecated legacy CLI tools
+  + Remove libgusb and GUdev from plugins and use libusb and sysfs
+    instead
+  + Stream firmware binaries over a file descriptor rather than
+    into memory
+- Drop harden_fwupd-offline-update.service.patch: offline service
+  no longer exists.
+- Drop harden_fwupd-refresh.service.patch: merged upstream.
+- Drop fwupd-jscSLE-11766-close-efidir-leap-gap.patch: fwupd now
+  falls back to ID_LIKE.
+- Bump shlib_sover to 3, following upstream.
+- Add python3-dbusmock BuildRequires: new dependency.
+
 -------------------------------------------------------------------
 Thu Jan  9 06:38:36 UTC 2025 - Gary Ching-Pang Lin <glin@suse.com>

--- a/fwupd.obsinfo
+++ b/fwupd.obsinfo
@ -1,4 +1,4 @@
 name: fwupd
-version: 1.9.27
-mtime: 1733407200
-commit: 3c5d0fe54f991cf4316eb1b9ee463fb8ef6441c8
+version: 2.0.4+4
+mtime: 1737384376
+commit: 95017c22eeb76561cd2f4fe5d72c2b68a70fff73
--- a/fwupd.spec
+++ b/fwupd.spec
@ -36,11 +36,11 @@
 %bcond_with fish_support
 %endif

-%define shlib_sover  2
+%define shlib_sover  3
 %define docs 0

 Name:           fwupd
-Version:        1.9.27
+Version:        2.0.4+4
 Release:        0
 Summary:        Device firmware updater daemon
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later
@ -50,12 +50,6 @@ Source:         %{name}-%{version}.tar.xz

 # PATCH-FIX-OPENSUSE fwupd-bsc1130056-shim-path.patch bsc#1130056
 Patch1:         fwupd-bsc1130056-change-shim-path.patch
-# PATCH-FIX-OPENSUSE fwupd-jscSLE-11766-close-efidir-leap-gap.patch jsc#SLE-11766 qkzhu@suse.com -- Set SLE and openSUSE esp os dir at runtime
-Patch2:         fwupd-jscSLE-11766-close-efidir-leap-gap.patch
-# PATCH-FEATURE-OPENSUSE harden_fwupd-offline-update.service.patch -- Harden services
-Patch3:         harden_fwupd-offline-update.service.patch
-# PATCH-FEATURE-OPENSUSE harden_fwupd-refresh.service.patch -- Harden services
-Patch4:         harden_fwupd-refresh.service.patch

 BuildRequires:  dejavu-fonts
 BuildRequires:  fdupes
@ -76,6 +70,7 @@ BuildRequires:  pkgconfig
 BuildRequires:  procps
 BuildRequires:  python3-Pillow
 BuildRequires:  python3-cairo
+BuildRequires:  python3-dbusmock
 BuildRequires:  python3-gobject-Gdk
 BuildRequires:  python3-setuptools
 BuildRequires:  python3-xml
@ -236,7 +231,6 @@ export CFLAGS="%{optflags} -D_GNU_SOURCE"
  -Dplugin_uefi_capsule=enabled \
  -Dplugin_uefi_pk=enabled \
  -Defi_binary=false \
-  -Dcompat_cli=true \
 %else
  -Dplugin_uefi_capsule=false \
  -Dplugin_uefi_pk=false \
@ -259,6 +253,8 @@ export CFLAGS="%{optflags} -D_GNU_SOURCE"
  -Ddocs=enabled \
  -Dsupported_build=enabled \
  -Dtests=false \
+  -Dvalgrind=disabled \
+  -Dvendor_ids_dir=/usr/share/hwdata \
 %ifarch s390x ppc64le
  -Dplugin_flashrom=disabled \
 %endif
@ -295,34 +291,27 @@ rm -fr %{buildroot}%{_datadir}/fish
 %ldconfig_scriptlets -n libfwupd%{shlib_sover}

 %preun
-%service_del_preun %{name}.service fwupd-offline-update.service fwupd-refresh.service
+%service_del_preun %{name}.service fwupd-refresh.service

 %pre
-%service_add_pre %{name}.service fwupd-offline-update.service fwupd-refresh.service
+%service_add_pre %{name}.service fwupd-refresh.service

 %post
 %udev_rules_update
-%service_add_post %{name}.service fwupd-offline-update.service fwupd-refresh.service
+%service_add_post %{name}.service fwupd-refresh.service

 %postun
-%service_del_postun %{name}.service fwupd-offline-update.service fwupd-refresh.service
+%service_del_postun %{name}.service fwupd-refresh.service

 %files
 %license COPYING
 %doc README.md
 %{_unitdir}/fwupd.service
-%{_unitdir}/fwupd-offline-update.service
-%dir %{_unitdir}/system-update.target.wants/
-%{_unitdir}/system-update.target.wants/fwupd-offline-update.service
 %{_unitdir}/fwupd-refresh.service
 %{_unitdir}/fwupd-refresh.timer
 %{_libexecdir}/fwupd
 %{_bindir}/fwupdmgr
 %{_bindir}/fwupdtool
-%if %{with efi_fw_update}
-%{_bindir}/fwupdagent
-%{_bindir}/fwupdate
-%endif
 %{_bindir}/dbxtool
 %{_datadir}/dbus-1/system.d/org.freedesktop.fwupd.conf
 %{_datadir}/dbus-1/interfaces/org.freedesktop.fwupd.xml
@ -371,7 +360,6 @@ rm -fr %{buildroot}%{_datadir}/fish
 %dir %{_sysconfdir}/grub.d
 %{_sysconfdir}/grub.d/35_fwupd
 %endif
-%{_udevrulesdir}/90-fwupd-devices.rules
 %dir %{_datadir}/metainfo
 %{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml
 %{_datadir}/icons/hicolor/*
@ -387,14 +375,6 @@ rm -fr %{buildroot}%{_datadir}/fish
 %{_datadir}/%{name}/quirks.d/builtin.quirk.gz
 %_sysusersdir/fwupd.conf

-%if %{with efi_fw_update}
-%files -n dfu-tool
-%{_bindir}/dfu-tool
-%if 0%{?docs}
-%{_mandir}/man1/dfu-tool.1%{?ext_man}
-%endif
-%endif
-
 %files -n libfwupd%{shlib_sover}
 %{_libdir}/libfwupd.so.*

@ -405,7 +385,7 @@ rm -fr %{buildroot}%{_datadir}/fish
 %{_datadir}/gir-1.0/Fwupd-2.0.gir
 %{_datadir}/vala/vapi/fwupd.deps
 %{_datadir}/vala/vapi/fwupd.vapi
-%{_includedir}/fwupd-1/
+%{_includedir}/fwupd-3/
 %{_libdir}/pkgconfig/fwupd.pc
 %{_libdir}/libfwupd.so

--- a/harden_fwupd-offline-update.service.patch
+++ b/harden_fwupd-offline-update.service.patch
@ -1,21 +0,0 @@
-Index: fwupd-1.7.2/data/fwupd-offline-update.service.in
-===================================================================
--- fwupd-1.7.2.orig/data/fwupd-offline-update.service.in
-+++ fwupd-1.7.2/data/fwupd-offline-update.service.in
-@@ -8,6 +8,16 @@ After=sysinit.target system-update-pre.t
- Before=shutdown.target system-update.target
- 
- [Service]
-+# added automatically, for details please see
-+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
-+ProtectSystem=full
-+ProtectHome=true
-+ProtectHostname=true
-+ProtectKernelTunables=true
-+ProtectKernelLogs=true
-+ProtectControlGroups=true
-+RestrictRealtime=true
-+# end of automatic additions 
- Type=oneshot
- ExecStart=@libexecdir@/fwupd/fwupdoffline
- FailureAction=reboot
--- a/harden_fwupd-refresh.service.patch
+++ b/harden_fwupd-refresh.service.patch
@ -1,18 +0,0 @@
-Index: fwupd-1.9.10/data/motd/fwupd-refresh.service.in
-===================================================================
--- fwupd-1.9.10.orig/data/motd/fwupd-refresh.service.in
-+++ fwupd-1.9.10/data/motd/fwupd-refresh.service.in
-@@ -14,5 +14,13 @@ SystemCallFilter=~@mount
- ProtectKernelModules=yes
- ProtectControlGroups=yes
- RestrictRealtime=yes
-+# added automatically, for details please see
-+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
-+ProtectSystem=full
-+ProtectHome=true
-+ProtectHostname=true
-+ProtectKernelTunables=true
-+ProtectKernelLogs=true
-+# end of automatic additions 
- SuccessExitStatus=2
- ExecStart=@bindir@/fwupdmgr refresh