forked from pool/fwupd
Dominique Leuenberger
eb179be8a1
- Update to version 1.9.10: + This release adds the following features: - Add support for not_hardware requirements - Add support for loongarch64 - Add support for per-release priority attributes - Make USB claim retry count configurable across devices + This release fixes the following bugs: - Compare the HID report value when checking for duplicates - Consider the component priority when installing composite updates - Deploy the CCGX firmware correctly the first time - Do not export the 'main-system-firmware' and 'cpu' GUIDs - Enforce fwupd version requirements client side - Fix Genesys 'failed to get static tool info from device' error - Fix potential 'dereference before null check' in ccmx-dmc - Fix the 'already registered private FuMmDevice flag with value' warning - Fix the 'assertion backend_id != NULL failed' runtime warning - Fix Wacom USB device emulation by recording the composite phases - Generate generic request message text where possible - Hide HTTP passwords in fwupd debugging logs - Let the client know what interaction is expected - Make all critical warnings into backtraces for non-release builds - Never obsolete the wrong HSI attribute - Never show a HSI index that is impossible - Only apply fastboot plugin to modem devices supporting fastboot - Only send interactive requests when the sender is alive - Remove the now-obsolete Synaptics MST cascade device scanning - Replace the Redfish KCS user if required - Restrict mediatek-scaler devices on specific hardware only - Skip any recovery partitions when detecting ESP OBS-URL: https://build.opensuse.org/request/show/1130755 OBS-URL: https://build.opensuse.org/package/show/Base:System/fwupd?expand=0&rev=156
19 lines
677 B
Diff
19 lines
677 B
Diff
Index: fwupd-1.9.10/data/motd/fwupd-refresh.service.in
|
|
===================================================================
|
|
--- fwupd-1.9.10.orig/data/motd/fwupd-refresh.service.in
|
|
+++ fwupd-1.9.10/data/motd/fwupd-refresh.service.in
|
|
@@ -14,5 +14,13 @@ SystemCallFilter=~@mount
|
|
ProtectKernelModules=yes
|
|
ProtectControlGroups=yes
|
|
RestrictRealtime=yes
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+ProtectHostname=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelLogs=true
|
|
+# end of automatic additions
|
|
SuccessExitStatus=2
|
|
ExecStart=@bindir@/fwupdmgr refresh
|