rpm/fwupd
SHA256
1
0
Fork 0
forked from pool/fwupd
Code Pull Requests Activity
3cc647dd79
fwupd/harden_fwupd-refresh.service.patch
Dominique Leuenberger 3ca492e39f Accepting request 1190156 from home:dimstar:Factory 
- Update to version 1.9.22:
  + This release fixes the following bugs:
    - Add a PCB tag in the usi-dock GUID to distinguish different
      revisions.
    - Add explicit hidraw permission to fwupd.service to fix
      several devices.
    - Always load the flashrom plugin when using coreboot.
    - Be explicit with the rts54hub detach retry delay to fix the
      Acer D501.
    - Be more careful when setting thelio-io version strings.
    - Fix a critical warning if a device returns unexpected data
      from DFU upload.
    - Fix a critical warning if the DMI manufacturer is an empty
      string.
    - Fix several reported integer overflows from Coverity.
    - Fix the Blackbird and Talos II baseboard details.
    - Fix transient version number issue after flashing wacom-usb
      devices.
    - Increase the cros_ec acquiesce delay to manage additional
      reboots.
    - Only accept valid ASCII cabinet filenames.
    - Only require udevdir when gudev support is enabled.
    - Only show one PixArt receiver device per physical device.
    - Set the rts54hub version in more cases.
    - Speed up the daemon self tests by ~60%.
    - Use the bootloader build-timestamp as the fallback HWID BIOS
      version.
  + This release adds support for the following hardware:
    - Framework SD
    - Raspberry Pi 5 (unofficial)

OBS-URL: https://build.opensuse.org/request/show/1190156
OBS-URL: https://build.opensuse.org/package/show/Base:System/fwupd?expand=0&rev=187
2024-07-29 06:26:29 +00:00

19 lines
677 B
Diff
Raw Blame History

Index: fwupd-1.9.10/data/motd/fwupd-refresh.service.in
===================================================================
--- fwupd-1.9.10.orig/data/motd/fwupd-refresh.service.in
+++ fwupd-1.9.10/data/motd/fwupd-refresh.service.in
@@ -14,5 +14,13 @@ SystemCallFilter=~@mount
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictRealtime=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+# end of automatic additions
SuccessExitStatus=2
ExecStart=@bindir@/fwupdmgr refresh
View Git Blame Copy Permalink