rpm/fwupd
SHA256
1
0
Fork 0
forked from pool/fwupd
Code Pull Requests Activity
17fb6c95d5
fwupd/harden_fwupd-refresh.service.patch
Dominique Leuenberger 2ee9c0c5bf Accepting request 1046691 from home:polslinux:branches:Base:System 
- Update to 1.8.9:
  + This release adds the following features:
    - Add an interactive request for re-inserting the USB cable
    - Add SHA384 support for TPM hashes
    - Add X-FingerprintReader, X-GraphicsTablet, X-Dock and X-UsbDock categories
    - Allow specifying OR parent requirements in metadata
  + This release fixes the following bugs:
    - Add the fwupd version to the HSI result if the chassis is invalid
    - Allow getting the ESP when there is a block device with no filesystem
    - Allow reinstalling on devices with only-version-upgrade set
    - Do not require the TPM event log to have all reconstructions
    - Fix a tiny memory leak when parsing signed reports
    - Ignore failure to mount the ESP if unsupported
    - Never allow using SHA-1 for checksum validation
    - Return a more useful error if USB recovery failed
    - Skip the fwupdx64.efi BootXXXX entry when measuring system integrity
    - Speed up daemon startup using prepared XPath queries
    - Suggest to turn on ThunderboltAccess for Lenovo systems
    - Use better defaults if the config file is missing
  + This release adds support for the following hardware:
    - More Solidigm NVMe devices
    - More Synaptics Cape devices
    - More Synaptics Prometheus devices
    - Most Texas Instruments USB-4 docks
    - Scaler support for Wacom USB devices
    - Several new Wistron USB-C docks

OBS-URL: https://build.opensuse.org/request/show/1046691
OBS-URL: https://build.opensuse.org/package/show/Base:System/fwupd?expand=0&rev=131
2023-01-05 07:58:31 +00:00

19 lines
674 B
Diff
Raw Blame History

Index: fwupd-1.8.9/data/motd/fwupd-refresh.service.in
===================================================================
--- fwupd-1.8.9.orig/data/motd/fwupd-refresh.service.in
+++ fwupd-1.8.9/data/motd/fwupd-refresh.service.in
@@ -13,5 +13,13 @@ SystemCallFilter=~@mount
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictRealtime=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+# end of automatic additions
SuccessExitStatus=2
ExecStart=@bindir@/fwupdmgr refresh
View Git Blame Copy Permalink