pool/fwupd
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3ca492e39f
fwupd/harden_fwupd-offline-update.service.patch
Dominique Leuenberger 3ca492e39f Accepting request 1190156 from home:dimstar:Factory 
- Update to version 1.9.22:
  + This release fixes the following bugs:
    - Add a PCB tag in the usi-dock GUID to distinguish different
      revisions.
    - Add explicit hidraw permission to fwupd.service to fix
      several devices.
    - Always load the flashrom plugin when using coreboot.
    - Be explicit with the rts54hub detach retry delay to fix the
      Acer D501.
    - Be more careful when setting thelio-io version strings.
    - Fix a critical warning if a device returns unexpected data
      from DFU upload.
    - Fix a critical warning if the DMI manufacturer is an empty
      string.
    - Fix several reported integer overflows from Coverity.
    - Fix the Blackbird and Talos II baseboard details.
    - Fix transient version number issue after flashing wacom-usb
      devices.
    - Increase the cros_ec acquiesce delay to manage additional
      reboots.
    - Only accept valid ASCII cabinet filenames.
    - Only require udevdir when gudev support is enabled.
    - Only show one PixArt receiver device per physical device.
    - Set the rts54hub version in more cases.
    - Speed up the daemon self tests by ~60%.
    - Use the bootloader build-timestamp as the fallback HWID BIOS
      version.
  + This release adds support for the following hardware:
    - Framework SD
    - Raspberry Pi 5 (unofficial)

OBS-URL: https://build.opensuse.org/request/show/1190156
OBS-URL: https://build.opensuse.org/package/show/Base:System/fwupd?expand=0&rev=187
2024-07-29 06:26:29 +00:00

22 lines
749 B
Diff
Raw Blame History

Index: fwupd-1.7.2/data/fwupd-offline-update.service.in
===================================================================
--- fwupd-1.7.2.orig/data/fwupd-offline-update.service.in
+++ fwupd-1.7.2/data/fwupd-offline-update.service.in
@@ -8,6 +8,16 @@ After=sysinit.target system-update-pre.t
Before=shutdown.target system-update.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
ExecStart=@libexecdir@/fwupd/fwupdoffline
FailureAction=reboot
Reference in New Issue View Git Blame Copy Permalink