From 82856845bf6d2a37fab30935ba55aa4109fe19eb6e79ac321ae95d21d0953ebd Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 1 Dec 2021 11:12:43 +0000 Subject: [PATCH] Accepting request 934959 from home:iznogood:branches:Base:System New upstream release, now with new url OBS-URL: https://build.opensuse.org/request/show/934959 OBS-URL: https://build.opensuse.org/package/show/Base:System/fwupd?expand=0&rev=111 --- _service | 4 +- fwupd-1.6.4.obscpio | 3 - fwupd-1.7.2.obscpio | 3 + fwupd-bsc1130056-change-shim-path.patch | 24 +--- ...d-jscSLE-11766-close-efidir-leap-gap.patch | 16 +-- fwupd.changes | 114 ++++++++++++++++++ fwupd.obsinfo | 6 +- fwupd.spec | 20 +-- harden_fwupd-offline-update.service.patch | 6 +- harden_fwupd-refresh.service.patch | 6 +- 10 files changed, 148 insertions(+), 54 deletions(-) delete mode 100644 fwupd-1.6.4.obscpio create mode 100644 fwupd-1.7.2.obscpio diff --git a/_service b/_service index ff835a7..1dc7d43 100644 --- a/_service +++ b/_service @@ -1,9 +1,9 @@ - https://github.com/hughsie/fwupd.git + https://github.com/fwupd/fwupd.git git @PARENT_TAG@ - 1.6.4 + 1.7.2 diff --git a/fwupd-1.6.4.obscpio b/fwupd-1.6.4.obscpio deleted file mode 100644 index d204ec6..0000000 --- a/fwupd-1.6.4.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f145bde886f2a31b2cc593fb0207b2a8c777578d55e397f8810b10ba4875f971 -size 12542989 diff --git a/fwupd-1.7.2.obscpio b/fwupd-1.7.2.obscpio new file mode 100644 index 0000000..9ee4c3b --- /dev/null +++ b/fwupd-1.7.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:45847d80b8f0b684d88d4d395ef0374b04ed1d0b573f72c3fe82d9b47498f6bd +size 13117453 diff --git a/fwupd-bsc1130056-change-shim-path.patch b/fwupd-bsc1130056-change-shim-path.patch index c98f8ca..d428bc2 100644 --- a/fwupd-bsc1130056-change-shim-path.patch +++ b/fwupd-bsc1130056-change-shim-path.patch @@ -1,24 +1,12 @@ -From f8bbcefe3eed253cda0c86a4c2443292beca82ee Mon Sep 17 00:00:00 2001 -From: Gary Lin -Date: Thu, 28 Mar 2019 15:26:28 +0800 -Subject: [PATCH] Change the path to shim.efi - -For openSUSE/SLE, we use shim.efi instead of shimx64.efi. - -Signed-off-by: Gary Lin ---- - plugins/uefi/fu-uefi-bootmgr.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Index: fwupd-1.5.2/plugins/uefi/fu-uefi-bootmgr.c +Index: fwupd-1.7.2/plugins/uefi-capsule/fu-uefi-bootmgr.c =================================================================== ---- fwupd-1.5.2.orig/plugins/uefi-capsule/fu-uefi-bootmgr.c -+++ fwupd-1.5.2/plugins/uefi-capsule/fu-uefi-bootmgr.c -@@ -274,7 +274,8 @@ fu_uefi_bootmgr_bootnext (FuDevice *devi - secure_boot = fu_efivar_secure_boot_enabled (); +--- fwupd-1.7.2.orig/plugins/uefi-capsule/fu-uefi-bootmgr.c ++++ fwupd-1.7.2/plugins/uefi-capsule/fu-uefi-bootmgr.c +@@ -294,7 +294,8 @@ fu_uefi_bootmgr_bootnext(FuDevice *devic + secure_boot = fu_efivar_secure_boot_enabled(); if (secure_boot) { /* test to make sure shim is there if we need it */ -- shim_app = fu_uefi_get_esp_app_path (device, esp_path, "shim", error); +- shim_app = fu_uefi_get_esp_app_path(device, esp_path, "shim", error); + shim_app = g_strdup_printf ("%s/shim.efi", + fu_uefi_get_esp_path_for_os (device, esp_path)); if (shim_app == NULL) diff --git a/fwupd-jscSLE-11766-close-efidir-leap-gap.patch b/fwupd-jscSLE-11766-close-efidir-leap-gap.patch index 5a64b22..9e3f90f 100644 --- a/fwupd-jscSLE-11766-close-efidir-leap-gap.patch +++ b/fwupd-jscSLE-11766-close-efidir-leap-gap.patch @@ -1,18 +1,18 @@ -diff --git a/plugins/uefi-capsule/fu-uefi-common.c b/plugins/uefi-capsule/fu-uefi-common.c -index 6cd55672..6a710cdb 100644 ---- a/plugins/uefi-capsule/fu-uefi-common.c -+++ b/plugins/uefi-capsule/fu-uefi-common.c -@@ -227,9 +227,13 @@ fu_uefi_get_esp_path_for_os (const gchar *base) +Index: fwupd-1.7.2/plugins/uefi-capsule/fu-uefi-common.c +=================================================================== +--- fwupd-1.7.2.orig/plugins/uefi-capsule/fu-uefi-common.c ++++ fwupd-1.7.2/plugins/uefi-capsule/fu-uefi-common.c +@@ -196,9 +196,13 @@ fu_uefi_get_esp_path_for_os(FuDevice *de g_autofree gchar *esp_path = NULL; g_autoptr(GError) error_local = NULL; - g_autoptr(GHashTable) os_release = fwupd_get_os_release (&error_local); + g_autoptr(GHashTable) os_release = fwupd_get_os_release(&error_local); + g_auto(GStrv) split = NULL; /* try to lookup /etc/os-release ID key */ if (os_release != NULL) { - os_release_id = g_hash_table_lookup (os_release, "ID"); + os_release_id = g_hash_table_lookup(os_release, "ID"); + /* Overide os_release_id for SLE and openSUSE */ + split = g_strsplit (g_hash_table_lookup (os_release, "NAME"), " ", 2); + os_release_id = g_ascii_strdown (split[0], -1); } else { - g_debug ("failed to get ID: %s", error_local->message); + g_debug("failed to get ID: %s", error_local->message); } diff --git a/fwupd.changes b/fwupd.changes index 1bba779..7688e5c 100644 --- a/fwupd.changes +++ b/fwupd.changes @@ -1,3 +1,117 @@ +------------------------------------------------------------------- +Fri Nov 19 16:24:28 UTC 2021 - Bjørn Lie + +- Update to version 1.7.2: + * This release adds the following features: + + Add a new HSI check that PCR registers 0-7 are not empty + + Add several compile flags to reduce the install size by over + 300Kb + + Allow overriding HwId data from the daemon.conf config file + + Allow overriding the firmware GType from a quirk file + + Export the component release ID over DBus + + Remove support for the SoloKey and ChaosKey devices + + Show a daemon warning if quirk flags are malformed + + Speed up the daemon startup by ~40% by doing less at startup + * This release fixes the following bugs: + + Be case insensitive when fixing the device model + + Fix a critial warning in ccgx found by the fuzzer + + Fix a DFU crash if the attach failed due to a hardware fault + + Fix a Redfish crash when specifying a URL without a port + + Fix CLI downloads when using fwupdmgr --ipfs + + Fix critical warning when /etc/machine-id does not exist + + Inhibit thunderbolt devices to correctly use UPDATABLE_HIDDEN + + Set SSL_VERIFYHOST=0 when using Redfish to fix OpenBMC auth + + Skip UEFI devices that fail coldplug + * This release adds support for the following hardware: All + exported MTD block devices +- Changes from version 1.7.1: + * This release adds the following features: + + Allow specifying 'fwupdmgr device-test foo --json' for + unattended testing + + Allow using a filename when using set-approved-firmware + + Inhibit ModemManager device in mbim-qdu + + Share the Common Flash Memory Interface quirks between + plugins + + Show changes in HSI attributes when using 'fwupdmgr security' + + Show the user a warning if updating may affect + full-disk-encryption + + Show translated firmware release notes when provided + + Support loading remotes from /var/lib/fwupd/remotes.d + * This release fixes the following bugs: + + Fix a CCGX regression when loading firmware + + Fix a potential crash when dumping Parade devices + + Fix build error when sys/io.h is not available + + Fix building the Synaptics RMI self tests on s390x + + Fix the CSME CVE detection for new generations + + Handle EPERM when running the self tests on systems with IPMI + + Mark as SUPPORTED even if on battery power + + Only save the HSI attributes to the database if different + + Raise the client timeout value from 25 seconds to fix Redfish + startup + + Redirect the old HSI links to the correct place + + Relax the ITE SuperIO signature checks for new hardware + support + + Set device time and timezone for logitech bulkcontroller + devices + + Set the verfmt of the returned device when the daemon device + is unset + * This release adds support for the following hardware: + + Dell Atomic Dock + + HP Thunderbolt Dock G4 + + More PixArt devices + + Steelseries Stratus + + Wacom 3rd-gen Intuos BT +- Changes from version 1.7.0: + * This release adds the following features: + + Add FuCfuPayload and FuCfuOffer for future usage + + Add support for an 'unreachable' device flag + + Add support for Logitech devices supporting the Unified + Battery feature + + Allow adding GUIDs to each HSI security attribute + + Allow installing the LVFS remote, but with it disabled by + default + + Convert security attributes to JSON and write then to the + database + + Convert the device test script to a fwupdmgr subcommand + + Create Redfish user accounts automatically using IPMI + + Use an interactive request to restart some Logitech DFU + devices + * This release fixes the following bugs: + + Abort on invalid SREC files early to avoid a fuzzing timeout + + Allow using interrupt transfers for HID devices + + Allow waiting for multiple devices to replug + + Fix a critical warning on a Unifying flash failure + + Fix a regression in flashing the Dell dock + + Fix Thunderbolt host controller probing + + Forcefully set checksums found in cabinet files to lowercase + + Force UX-capsule over full size BGRT + + Make the SuperIO ports and timeouts specific to the DMI model + + Only probe SynapticsMST devices that have opted-in + + Remove support for --ignore-power as it did not work for UEFI + firmware + + Reset the CMOS as required when changing system firmware + branch + + Restart the daemon if any of the the plugin config files are + modified + + Show HSiLevel=0 attributes in JSON security output + + Update the child composite ID if the parent changes + + Use a per-device global percentage completion + + Write the BMP image upside down to avoid using a negative + bitmap height + * This release adds support for the following hardware: + + A huge number of Synaptics CAPE devices + + Elan fingerprint readers + + Logitech Bolt peripherals, receivers and radio hardware + + Logitech devices supporting the bulk controller protocol + + More supported PixArt devices + + More supported StarBook coreboot devices + + Union Point SPI hardware +- Add pkgconfig(libprotobuf-c) and pkgconfig(protobuf) + BuildRequires: New dependencies. +- Refresh patches with quilt. +- Drop sub-package fwupdtpmevlog, no longer built. +- Update URL in _service, new home. + ------------------------------------------------------------------- Fri Nov 19 13:27:33 UTC 2021 - Bjørn Lie diff --git a/fwupd.obsinfo b/fwupd.obsinfo index e4356e8..530ec34 100644 --- a/fwupd.obsinfo +++ b/fwupd.obsinfo @@ -1,5 +1,5 @@ name: fwupd -version: 1.6.4 -mtime: 1632469876 -commit: 8dfa00ae193869c983bc432a4e25e409e1861e5e +version: 1.7.2 +mtime: 1637315697 +commit: a15a50bc5cfdbcc41ae27308b8c5059a1829117b diff --git a/fwupd.spec b/fwupd.spec index d9f26c3..d85cdee 100644 --- a/fwupd.spec +++ b/fwupd.spec @@ -37,14 +37,14 @@ %endif Name: fwupd -Version: 1.6.4 +Version: 1.7.2 Release: 0 Summary: Device firmware updater daemon License: GPL-2.0-or-later AND LGPL-2.1-or-later Group: System/Management URL: https://fwupd.org/ # Do not use upstream tarball, we are using source service! -#Source: https://github.com/hughsie/%%{name}/archive/%%{version}.tar.gz +#Source: https://github.com/%%{name}/%%{name}/archive/%%{version}.tar.gz Source: %{name}-%{version}.tar.xz # PATCH-FIX-OPENSUSE fwupd-bsc1130056-shim-path.patch bsc#1130056 @@ -97,8 +97,10 @@ BuildRequires: pkgconfig(libarchive) BuildRequires: pkgconfig(libcurl) >= 7.62.0 BuildRequires: pkgconfig(libelf) BuildRequires: pkgconfig(libgcab-1.0) >= 1.0 +BuildRequires: pkgconfig(libprotobuf-c) BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(polkit-gobject-1) >= 0.103 +BuildRequires: pkgconfig(protobuf) BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(tss2-esys) >= 2.0 BuildRequires: pkgconfig(udev) @@ -170,13 +172,6 @@ Group: Development/Tools/Other %description -n dfu-tool A generic tool to upload firmware to USB Devices based on Device Firmware Upgrade (DFU). -%package -n fwupdtpmevlog -Summary: Debugging utility for the TPM event log -Group: Development/Tools/Other - -%description -n fwupdtpmevlog -A debugging utility for the TPM event log. - %package devel Summary: Allow session software to update device firmware Group: Development/Languages/C and C++ @@ -229,6 +224,7 @@ done -Ddocs=gtkdoc \ -Dsupported_build=true \ -Dtests=false \ + %{nil} %meson_build %install @@ -343,7 +339,7 @@ rm -fr %{buildroot}%{_datadir}/fish %{_sysconfdir}/grub.d/35_fwupd %endif %{_udevrulesdir}/90-fwupd-devices.rules -%{_libdir}/fwupd-plugins-3/ +%{_libdir}/fwupd-plugins-5/ %dir %{_datadir}/metainfo %{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml %{_datadir}/bash-completion/completions/fwupdmgr @@ -360,10 +356,6 @@ rm -fr %{buildroot}%{_datadir}/fish %{_bindir}/dfu-tool %{_mandir}/man1/dfu-tool.1%{?ext_man} -%files -n fwupdtpmevlog -%{_bindir}/fwupdtpmevlog -%{_mandir}/man1/fwupdtpmevlog.1%{?ext_man} - %files -n libfwupd2 %{_libdir}/libfwupd.so.* diff --git a/harden_fwupd-offline-update.service.patch b/harden_fwupd-offline-update.service.patch index bd480b9..49bb60d 100644 --- a/harden_fwupd-offline-update.service.patch +++ b/harden_fwupd-offline-update.service.patch @@ -1,7 +1,7 @@ -Index: fwupd-1.6.2/data/fwupd-offline-update.service.in +Index: fwupd-1.7.2/data/fwupd-offline-update.service.in =================================================================== ---- fwupd-1.6.2.orig/data/fwupd-offline-update.service.in -+++ fwupd-1.6.2/data/fwupd-offline-update.service.in +--- fwupd-1.7.2.orig/data/fwupd-offline-update.service.in ++++ fwupd-1.7.2/data/fwupd-offline-update.service.in @@ -8,6 +8,16 @@ After=sysinit.target system-update-pre.t Before=shutdown.target system-update.target diff --git a/harden_fwupd-refresh.service.patch b/harden_fwupd-refresh.service.patch index dc8fbaf..92f0f44 100644 --- a/harden_fwupd-refresh.service.patch +++ b/harden_fwupd-refresh.service.patch @@ -1,7 +1,7 @@ -Index: fwupd-1.6.2/data/motd/fwupd-refresh.service.in +Index: fwupd-1.7.2/data/motd/fwupd-refresh.service.in =================================================================== ---- fwupd-1.6.2.orig/data/motd/fwupd-refresh.service.in -+++ fwupd-1.6.2/data/motd/fwupd-refresh.service.in +--- fwupd-1.7.2.orig/data/motd/fwupd-refresh.service.in ++++ fwupd-1.7.2/data/motd/fwupd-refresh.service.in @@ -13,5 +13,13 @@ SystemCallFilter=~@mount ProtectKernelModules=yes ProtectControlGroups=yes