import fwupd-1.4.2-4.el8

2020-11-03 06:44:56 -05:00 · 2020-11-03 06:44:56 -05:00 · 0cc62e157a
commit 0cc62e157a
parent 1554303a7f
10 changed files with 332 additions and 395 deletions
--- a/.fwupd.metadata
+++ b/.fwupd.metadata
@ -1 +1,2 @@
-9777016b6b861676e3e88153f7b310e4d985871a SOURCES/fwupd-1.1.4.tar.xz
+c152547682cb354b69e4e1a89b53369dd42f3e53 SOURCES/fwupd-1.4.2.tar.xz
 6991b6879b438a4672e97c534d10737bc54e6f39 SOURCES/libjcat-0.1.2.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-SOURCES/fwupd-1.1.4.tar.xz
+SOURCES/fwupd-1.4.2.tar.xz
 SOURCES/libjcat-0.1.2.tar.xz
--- a/SOURCES/0001-Disable-wacomhid-by-default-as-probing-the-device-st.patch
+++ b/SOURCES/0001-Disable-wacomhid-by-default-as-probing-the-device-st.patch
@ -1,28 +0,0 @@
 From d4a65700c5ed9544b6445213bd5f8a0dbc2cd1e5 Mon Sep 17 00:00:00 2001
 From: Richard Hughes <richard@hughsie.com>
 Date: Fri, 29 Nov 2019 14:00:39 +0000
 Subject: [PATCH] Disable wacomhid by default as probing the device stops the
 tablet working
 This is fixed properly in fwupd >= 1.2.2 but add this workaround here for
 stable distros that cannot rebase to a newer branch.
 ---
 data/daemon.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/data/daemon.conf b/data/daemon.conf
 index 51ab19f4..03965d88 100644
 --- a/data/daemon.conf
 +++ b/data/daemon.conf
@@ -6,7 +6,7 @@ BlacklistDevices=
 # Allow blacklisting specific plugins
 # Uses semicolons as delimiter
 -BlacklistPlugins=test
 +BlacklistPlugins=test;wacomhid
 # Maximum archive size that can be loaded in Mb, with 0 for the default
 ArchiveSizeMax=0
 -- 
 2.23.0
--- a/SOURCES/0001-Do-not-use-the-LVFS.patch
+++ b/SOURCES/0001-Do-not-use-the-LVFS.patch
@ -0,0 +1,26 @@
 diff --git a/data/remotes.d/lvfs.conf b/data/remotes.d/lvfs.conf
 index 1249ef74..f533bf52 100644
 --- a/data/remotes.d/lvfs.conf
 +++ b/data/remotes.d/lvfs.conf
@@ -1,7 +1,7 @@
 [fwupd Remote]
 # this remote provides metadata and firmware marked as 'stable' from the LVFS
 -Enabled=true
 +Enabled=false
 Title=Linux Vendor Firmware Service
 MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz
 ReportURI=https://fwupd.org/lvfs/firmware/report
 diff --git a/libfwupd/fwupd-self-test.c b/libfwupd/fwupd-self-test.c
 index 679360b0..59660360 100644
 --- a/libfwupd/fwupd-self-test.c
 +++ b/libfwupd/fwupd-self-test.c
@@ -182,7 +182,7 @@ fwupd_remote_download_func (void)
 	g_assert_cmpint (fwupd_remote_get_kind (remote), ==, FWUPD_REMOTE_KIND_DOWNLOAD);
 	g_assert_cmpint (fwupd_remote_get_keyring_kind (remote), ==, FWUPD_KEYRING_KIND_JCAT);
 	g_assert_cmpint (fwupd_remote_get_priority (remote), ==, 0);
 -	g_assert (fwupd_remote_get_enabled (remote));
 +//	g_assert (fwupd_remote_get_enabled (remote));
 	g_assert (fwupd_remote_get_metadata_uri (remote) != NULL);
 	g_assert (fwupd_remote_get_metadata_uri_sig (remote) != NULL);
 	g_assert_cmpstr (fwupd_remote_get_title (remote), ==, "Linux Vendor Firmware Service");
--- a/SOURCES/0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
+++ b/SOURCES/0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
@ -1,220 +0,0 @@
 commit 58f79c3d235290c4cecccc1d55cbcc2da8e988a6
 Author: Richard Hughes <richard@hughsie.com>
 Date:   Thu Aug 1 09:45:25 2019 +0100
    Relax the certificate time checks in the self tests for the legacy certificate
    One test verifies a firmware with a signature from the old LVFS which was
    hosted on secure-lvfs.rhcloud.com and used the original PKCS-7 key. This key
    had a two year validity (expiring today, ohh the naivety...) rather than the
    newer fwupd.org key which expires in the year 2058.
    For this specific test only, disable the certificate time checks to fix CI.
    Fixes https://github.com/hughsie/fwupd/issues/1264
 diff --git a/src/fu-engine.c b/src/fu-engine.c
 index ac102cfa..1a57b0af 100644
 --- a/src/fu-engine.c
 +++ b/src/fu-engine.c
@@ -1908,7 +1908,8 @@ fu_engine_get_existing_keyring_result (FuEngine *self,
 	blob_sig = fu_common_get_contents_bytes (fwupd_remote_get_filename_cache_sig (remote), error);
 	if (blob_sig == NULL)
 		return NULL;
 -	return fu_keyring_verify_data (kr, blob, blob_sig, error);
 +	return fu_keyring_verify_data (kr, blob, blob_sig,
 +				       FU_KEYRING_VERIFY_FLAG_NONE, error);
 }
 /**
@@ -1991,7 +1992,9 @@ fu_engine_update_metadata (FuEngine *self, const gchar *remote_id,
 		pki_dir = g_build_filename (sysconfdir, "pki", "fwupd-metadata", NULL);
 		if (!fu_keyring_add_public_keys (kr, pki_dir, error))
 			return FALSE;
 -		kr_result = fu_keyring_verify_data (kr, bytes_raw, bytes_sig, error);
 +		kr_result = fu_keyring_verify_data (kr, bytes_raw, bytes_sig,
 +						    FU_KEYRING_VERIFY_FLAG_NONE,
 +						    error);
 		if (kr_result == NULL)
 			return FALSE;
 diff --git a/src/fu-keyring-gpg.c b/src/fu-keyring-gpg.c
 index af0bfbe0..a51ab7a4 100644
 --- a/src/fu-keyring-gpg.c
 +++ b/src/fu-keyring-gpg.c
@@ -231,6 +231,7 @@ static FuKeyringResult *
 fu_keyring_gpg_verify_data (FuKeyring *keyring,
 			    GBytes *blob,
 			    GBytes *blob_signature,
 +			    FuKeyringVerifyFlags flags,
 			    GError **error)
 {
 	FuKeyringGpg *self = FU_KEYRING_GPG (keyring);
 diff --git a/src/fu-keyring-pkcs7.c b/src/fu-keyring-pkcs7.c
 index d48dc5d0..dc310d37 100644
 --- a/src/fu-keyring-pkcs7.c
 +++ b/src/fu-keyring-pkcs7.c
@@ -182,6 +182,7 @@ static FuKeyringResult *
 fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
 			     GBytes *blob,
 			     GBytes *blob_signature,
 +			     FuKeyringVerifyFlags flags,
 			     GError **error)
 {
 	FuKeyringPkcs7 *self = FU_KEYRING_PKCS7 (keyring);
@@ -231,6 +232,14 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
 	for (gint i = 0; i < count; i++) {
 		gnutls_pkcs7_signature_info_st info;
 		gint64 signing_time = 0;
 +		gnutls_certificate_verify_flags verify_flags = 0;
 +
 +		/* use with care */
 +		if (flags & FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS) {
 +			g_debug ("WARNING: disabling time checks");
 +			verify_flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
 +			verify_flags |= GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS;
 +		}
 		/* verify the data against the detached signature */
 		rc = gnutls_pkcs7_verify (pkcs7, self->tl,
@@ -238,7 +247,7 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
 					  0,    /* vdata_size */
 					  i,    /* index */
 					  &datum, /* data */
 -					  0);   /* flags */
 +					  verify_flags);
 		if (rc < 0) {
 			g_set_error (error,
 				     FWUPD_ERROR,
 diff --git a/src/fu-keyring-utils.c b/src/fu-keyring-utils.c
 index 0c5a7f04..465b4a02 100644
 --- a/src/fu-keyring-utils.c
 +++ b/src/fu-keyring-utils.c
@@ -167,7 +167,9 @@ fu_keyring_get_release_trust_flags (AsRelease *release,
 				fu_keyring_get_name (kr));
 		return FALSE;
 	}
 -	kr_result = fu_keyring_verify_data (kr, blob_payload, blob_signature, &error_local);
 +	kr_result = fu_keyring_verify_data (kr, blob_payload, blob_signature,
 +					    FU_KEYRING_VERIFY_FLAG_NONE,
 +					    &error_local);
 	if (kr_result == NULL) {
 		g_warning ("untrusted as failed to verify from %s keyring: %s",
 			   fu_keyring_get_name (kr),
 diff --git a/src/fu-keyring.c b/src/fu-keyring.c
 index d8a88e8c..9b582563 100644
 --- a/src/fu-keyring.c
 +++ b/src/fu-keyring.c
@@ -40,13 +40,14 @@ FuKeyringResult *
 fu_keyring_verify_data (FuKeyring *keyring,
 		       GBytes *blob,
 		       GBytes *blob_signature,
 +		       FuKeyringVerifyFlags flags,
 		       GError **error)
 {
 	FuKeyringClass *klass = FU_KEYRING_GET_CLASS (keyring);
 	g_return_val_if_fail (FU_IS_KEYRING (keyring), NULL);
 	g_return_val_if_fail (blob != NULL, NULL);
 	g_return_val_if_fail (blob_signature != NULL, NULL);
 -	return klass->verify_data (keyring, blob, blob_signature, error);
 +	return klass->verify_data (keyring, blob, blob_signature, flags, error);
 }
 const gchar *
 diff --git a/src/fu-keyring.h b/src/fu-keyring.h
 index 6e03694c..f097305d 100644
 --- a/src/fu-keyring.h
 +++ b/src/fu-keyring.h
@@ -17,6 +17,20 @@ G_BEGIN_DECLS
 #define FU_TYPE_KEYRING (fu_keyring_get_type ())
 G_DECLARE_DERIVABLE_TYPE (FuKeyring, fu_keyring, FU, KEYRING, GObject)
 +/**
 + * FuKeyringVerifyFlags:
 + * @FU_KEYRING_VERIFY_FLAG_NONE:		No flags set
 + * @FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS:	Disable checking of validity periods
 + *
 + * The flags to use when interacting with a keyring
 + **/
 +typedef enum {
 +	FU_KEYRING_VERIFY_FLAG_NONE			= 0,
 +	FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS	= 1 << 2,
 +	/*< private >*/
 +	FU_KEYRING_VERIFY_FLAG_LAST
 +} FuKeyringVerifyFlags;
 +
 struct _FuKeyringClass
 {
 	GObjectClass		 parent_class;
@@ -28,6 +42,7 @@ struct _FuKeyringClass
 	FuKeyringResult		*(*verify_data)		(FuKeyring	*keyring,
 							 GBytes		*payload,
 							 GBytes		*payload_signature,
 +							 FuKeyringVerifyFlags flags,
 							 GError		**error);
 };
@@ -39,6 +54,7 @@ gboolean	 fu_keyring_add_public_keys		(FuKeyring	*keyring,
 FuKeyringResult	*fu_keyring_verify_data			(FuKeyring	*keyring,
 							 GBytes		*blob,
 							 GBytes		*blob_signature,
 +							 FuKeyringVerifyFlags flags,
 							 GError		**error);
 const gchar	*fu_keyring_get_name			(FuKeyring	*self);
 void		 fu_keyring_set_name			(FuKeyring	*self,
 diff --git a/src/fu-self-test.c b/src/fu-self-test.c
 index 4f359614..98fac714 100644
 --- a/src/fu-self-test.c
 +++ b/src/fu-self-test.c
@@ -1947,7 +1947,9 @@ fu_keyring_gpg_func (void)
 	g_assert_no_error (error);
 	g_assert_nonnull (blob_pass);
 	blob_sig = g_bytes_new_static (sig_gpgme, strlen (sig_gpgme));
 -	result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig, &error);
 +	result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
 +					      FU_KEYRING_VERIFY_FLAG_NONE,
 +					      &error);
 	g_assert_no_error (error);
 	g_assert_nonnull (result_pass);
 	g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), == , 1438072952);
@@ -1960,7 +1962,8 @@ fu_keyring_gpg_func (void)
 	blob_fail = fu_common_get_contents_bytes (fw_fail, &error);
 	g_assert_no_error (error);
 	g_assert_nonnull (blob_fail);
 -	result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig, &error);
 +	result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig,
 +					      FU_KEYRING_VERIFY_FLAG_NONE, &error);
 	g_assert_error (error, FWUPD_ERROR, FWUPD_ERROR_SIGNATURE_INVALID);
 	g_assert_null (result_fail);
 	g_clear_error (&error);
@@ -2010,7 +2013,9 @@ fu_keyring_pkcs7_func (void)
 	blob_sig = fu_common_get_contents_bytes (sig_fn, &error);
 	g_assert_no_error (error);
 	g_assert_nonnull (blob_sig);
 -	result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig, &error);
 +	result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
 +					      FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS,
 +					      &error);
 	g_assert_no_error (error);
 	g_assert_nonnull (result_pass);
 	g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), >= , 1502871248);
@@ -2022,7 +2027,8 @@ fu_keyring_pkcs7_func (void)
 	blob_sig2 = fu_common_get_contents_bytes (sig_fn2, &error);
 	g_assert_no_error (error);
 	g_assert_nonnull (blob_sig2);
 -	result_fail = fu_keyring_verify_data (keyring, blob_pass, blob_sig2, &error);
 +	result_fail = fu_keyring_verify_data (keyring, blob_pass, blob_sig2,
 +					      FU_KEYRING_VERIFY_FLAG_NONE, &error);
 	g_assert_error (error, FWUPD_ERROR, FWUPD_ERROR_SIGNATURE_INVALID);
 	g_assert_null (result_fail);
 	g_clear_error (&error);
@@ -2033,7 +2039,8 @@ fu_keyring_pkcs7_func (void)
 	blob_fail = fu_common_get_contents_bytes (fw_fail, &error);
 	g_assert_no_error (error);
 	g_assert_nonnull (blob_fail);
 -	result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig, &error);
 +	result_fail = fu_keyring_verify_data (keyring, blob_fail, blob_sig,
 +					      FU_KEYRING_VERIFY_FLAG_NONE, &error);
 	g_assert_error (error, FWUPD_ERROR, FWUPD_ERROR_SIGNATURE_INVALID);
 	g_assert_null (result_fail);
 	g_clear_error (&error);
--- a/SOURCES/0001-Validate-that-gpgme_op_verify_result-returned-at-lea.patch
+++ b/SOURCES/0001-Validate-that-gpgme_op_verify_result-returned-at-lea.patch
@ -0,0 +1,114 @@
 From 839b89f45a38b2373bf5836337a33f450aaab72e Mon Sep 17 00:00:00 2001
 From: Richard Hughes <richard@hughsie.com>
 Date: Thu, 28 May 2020 10:41:23 +0100
 Subject: [PATCH] Validate that gpgme_op_verify_result() returned at least one
 signature
 If a detached signature is actually a PGP message, gpgme_op_verify() returns
 the rather perplexing GPG_ERR_NO_ERROR, and then gpgme_op_verify_result()
 builds an empty list.
 Explicitly check for no signatures present to avoid returning a JcatResult with
 no timestamp and an empty authority.
 Many thanks to Justin Steven <justin@justinsteven.com> for the discovery and
 coordinated disclosure of this issue. Fixes CVE-2020-10759
 ---
 libjcat/jcat-gpg-engine.c |  7 +++++
 libjcat/jcat-self-test.c  | 55 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 diff --git libjcat/jcat-gpg-engine.c libjcat/jcat-gpg-engine.c
 index 0812a62..bd44dba 100644
 --- libjcat/jcat-gpg-engine.c
 +++ libjcat/jcat-gpg-engine.c
@@ -267,6 +267,13 @@ jcat_gpg_engine_pubkey_verify (JcatEngine *engine,
 				     "no result record from libgpgme");
 		return NULL;
 	}
 +	if (result->signatures == NULL) {
 +		g_set_error_literal (error,
 +				     G_IO_ERROR,
 +				     G_IO_ERROR_FAILED,
 +				     "no signatures from libgpgme");
 +		return NULL;
 +	}
 	/* look at each signature */
 	for (s = result->signatures; s != NULL ; s = s->next ) {
 diff --git libjcat/jcat-self-test.c libjcat/jcat-self-test.c
 index d79a3a9..fd4295e 100644
 --- libjcat/jcat-self-test.c
 +++ libjcat/jcat-self-test.c
@@ -393,6 +393,60 @@ jcat_gpg_engine_func (void)
 #endif
 }
 +static void
 +jcat_gpg_engine_msg_func (void)
 +{
 +#ifdef ENABLE_GPG
 +	g_autofree gchar *fn = NULL;
 +	g_autofree gchar *pki_dir = NULL;
 +	g_autoptr(GBytes) data = NULL;
 +	g_autoptr(GBytes) data_sig = NULL;
 +	g_autoptr(GError) error = NULL;
 +	g_autoptr(JcatContext) context = jcat_context_new ();
 +	g_autoptr(JcatEngine) engine = NULL;
 +	g_autoptr(JcatResult) result = NULL;
 +	const gchar *sig =
 +	"-----BEGIN PGP MESSAGE-----\n"
 +	"owGbwMvMwMEovmZX76/pfOKMp0WSGOLOX3/ikZqTk6+jUJ5flJOiyNXJaMzCwMjB\n"
 +	"ICumyCJmt5VRUil28/1+z1cwbaxMID0MXJwCMJG4RxwMLUYXDkUad34I3vrT8+X2\n"
 +	"m+ZyHyMWnTiQYaQb/eLJGqbiAJc5Jr4a/PPqHNi7auwzGsKsljebabjtnJRzpDr0\n"
 +	"YvwrnmmWLJUnTzjM3MH5Kn+RzqXkywsYdk9yD2OUdLy736CiemFMdcuF02lOZvPU\n"
 +	"HaTKl76wW62QH8Lr8yGMQ1Xgc6nC2ZwUhvctky7NOZtc1T477uBTL81p31ZmaIUJ\n"
 +	"paS8uWZl8UzX5sFsqQi37G1TbDc8Cm+oU/yRkFj2pLBzw367ncsa4n7EqEWu1yrN\n"
 +	"yD39LUeErePdqfKCG+xhL6WkWt5ZJ/6//XnjouXhl5Z4tWspT49MtNp5d3aDQ43c\n"
 +	"mnbresn6A7KMZgdOiwIA\n"
 +	"=a9ui\n"
 +	"-----END PGP MESSAGE-----\n";
 +
 +	/* set up context */
 +	jcat_context_set_keyring_path (context, "/tmp/libjcat-self-test/var");
 +	pki_dir = g_test_build_filename (G_TEST_DIST, "pki", NULL);
 +	jcat_context_add_public_keys (context, pki_dir);
 +
 +	/* get engine */
 +	engine = jcat_context_get_engine (context, JCAT_BLOB_KIND_GPG, &error);
 +	g_assert_no_error (error);
 +	g_assert_nonnull (engine);
 +	g_assert_cmpint (jcat_engine_get_kind (engine), ==, JCAT_BLOB_KIND_GPG);
 +	g_assert_cmpint (jcat_engine_get_verify_kind (engine), ==, JCAT_ENGINE_VERIFY_KIND_SIGNATURE);
 +
 +	/* verify with GnuPG, which should fail as the signature is not a
 +	 * detached signature at all, but gnupg stabs us in the back by returning
 +	 * success from gpgme_op_verify() with an empty list of signatures */
 +	fn = g_test_build_filename (G_TEST_DIST, "colorhug", "firmware.bin", NULL);
 +	data = jcat_get_contents_bytes (fn, &error);
 +	g_assert_no_error (error);
 +	g_assert_nonnull (data);
 +	data_sig = g_bytes_new_static (sig, strlen (sig));
 +	result = jcat_engine_pubkey_verify (engine, data, data_sig,
 +					    JCAT_VERIFY_FLAG_NONE, &error);
 +	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_FAILED);
 +	g_assert_null (result);
 +#else
 +	g_test_skip ("no GnuPG support enabled");
 +#endif
 +}
 +
 static void
 jcat_pkcs7_engine_func (void)
 {
@@ -753,6 +807,7 @@ main (int argc, char **argv)
 	g_test_add_func ("/jcat/engine{sha1}", jcat_sha1_engine_func);
 	g_test_add_func ("/jcat/engine{sha256}", jcat_sha256_engine_func);
 	g_test_add_func ("/jcat/engine{gpg}", jcat_gpg_engine_func);
 +	g_test_add_func ("/jcat/engine{gpg-msg}", jcat_gpg_engine_msg_func);
 	g_test_add_func ("/jcat/engine{pkcs7}", jcat_pkcs7_engine_func);
 	g_test_add_func ("/jcat/engine{pkcs7-self-signed}", jcat_pkcs7_engine_self_signed_func);
 	g_test_add_func ("/jcat/context{verify-blob}", jcat_context_verify_blob_func);
 -- 
 2.26.2
--- a/SOURCES/0001-synaptics-prometheus-Force-the-minor-version-from-0x.patch
+++ b/SOURCES/0001-synaptics-prometheus-Force-the-minor-version-from-0x.patch
@ -0,0 +1,32 @@
 From d7a1eb17bef650f13e7f96430f99294c36a40806 Mon Sep 17 00:00:00 2001
 From: Vincent Huang <vincent.huang@tw.synaptics.com>
 Date: Tue, 19 May 2020 13:09:28 +0800
 Subject: [PATCH] synaptics-prometheus: Force the minor version from 0x02 to
 0x01 to make sure the devices can be updated back to 0x01.
 ---
 plugins/synaptics-prometheus/fu-synaprom-device.c | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git plugins/synaptics-prometheus/fu-synaprom-device.c plugins/synaptics-prometheus/fu-synaprom-device.c
 index 5a19203c..299ebde2 100644
 --- a/plugins/synaptics-prometheus/fu-synaprom-device.c
 +++ b/plugins/synaptics-prometheus/fu-synaprom-device.c
@@ -142,6 +142,14 @@ fu_synaprom_device_set_version (FuSynapromDevice *self,
 {
 	g_autofree gchar *str = NULL;
 +	/* We decide to skip 10.02.xxxxxx firmware, so we force the minor version from 0x02 
 +	** to 0x01 to make the devices with 0x02 minor version firmware allow to be updated
 +	** back to minor version 0x01. */
 +	if (vmajor == 0x0a && vminor == 0x02) {
 +		g_debug ("quirking vminor from %02x to 01", vminor);
 +		vminor = 0x01;
 +	}
 +
 	/* set display version */
 	str = g_strdup_printf ("%02u.%02u.%u", vmajor, vminor, buildnum);
 	fu_device_set_version (FU_DEVICE (self), str);
 -- 
 2.26.2
--- a/SOURCES/0001-trivial-Relax-the-timing-requirements-on-the-FuDevic.patch
+++ b/SOURCES/0001-trivial-Relax-the-timing-requirements-on-the-FuDevic.patch
@ -1,29 +0,0 @@
 From 48cea11bd5d3d8c7f7423ad9807b1e537bc051c8 Mon Sep 17 00:00:00 2001
 From: Richard Hughes <richard@hughsie.com>
 Date: Thu, 8 Nov 2018 20:05:12 +0000
 Subject: [PATCH] trivial: Relax the timing requirements on the FuDevice poll
 test
 If the poll source is scheduled just at the right time, we might only get 8x
 '10ms ticks' in a 100ms window. This fixes an occasional build failure on
 slower hardware and in CI.
 ---
 src/fu-self-test.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/fu-self-test.c b/src/fu-self-test.c
 index 3c774b55..edc0088d 100644
 --- a/src/fu-self-test.c
 +++ b/src/fu-self-test.c
@@ -2806,7 +2806,7 @@ fu_device_poll_func (void)
 	fu_test_loop_run_with_timeout (100);
 	fu_test_loop_quit ();
 	cnt = fu_device_get_metadata_integer (device, "cnt");
 -	g_assert_cmpint (cnt, >=, 9);
 +	g_assert_cmpint (cnt, >=, 8);
 	/* disable the poll */
 	fu_device_set_poll_interval (device, 0);
 -- 
 2.19.1
--- a/SOURCES/0001-uefi-add-a-new-option-to-specify-the-os-name.patch
+++ b/SOURCES/0001-uefi-add-a-new-option-to-specify-the-os-name.patch
@ -1,74 +0,0 @@
 From 3cd6171c44ef217acef059c871efc726eb9df062 Mon Sep 17 00:00:00 2001
 From: Gary Lin <glin@suse.com>
 Date: Thu, 28 Mar 2019 16:20:22 +0800
 Subject: [PATCH] uefi: add a new option to specify the os name
 fu_uefi_get_esp_path_for_os() generates the path to the OS directory
 based on "ID" in /etc/os-release, and it may not work for some distros.
 Take openSUSE as an example, the "ID" for openSUSE Leap is
 "opensuse-leap" and that for openSUSE Tumbleweed is "opensuse-tumbleweed".
 However, both of them use the same OS directory in the ESP, i.e.
 "/EFI/opensuse".
 This commit adds a new build option, efi_os_dir, to allow the packager to
 specify the name of OS directory at build time instead of the runtime
 detection.
 Signed-off-by: Gary Lin <glin@suse.com>
 ---
 meson_options.txt             | 1 +
 plugins/uefi/fu-uefi-common.c | 4 ++++
 plugins/uefi/meson.build      | 5 +++++
 3 files changed, 10 insertions(+)
 diff --git a/meson_options.txt b/meson_options.txt
 index 23ef8cdb..c1767205 100644
 --- a/meson_options.txt
 +++ b/meson_options.txt
@@ -24,3 +24,4 @@ option('efi-ld', type : 'string', value : 'ld', description : 'the linker to use
 option('efi-libdir', type : 'string', description : 'path to the EFI lib directory')
 option('efi-ldsdir', type : 'string', description : 'path to the EFI lds directory')
 option('efi-includedir', type : 'string', value : '/usr/include/efi', description : 'path to the EFI header directory')
 +option('efi_os_dir', type: 'string', description : 'the name of OS directory in ESP')
 diff --git a/plugins/uefi/fu-uefi-common.c b/plugins/uefi/fu-uefi-common.c
 index 2e3268aa..4d9d03d7 100644
 --- a/plugins/uefi/fu-uefi-common.c
 +++ b/plugins/uefi/fu-uefi-common.c
@@ -246,6 +246,7 @@ gchar *
 fu_uefi_get_esp_path_for_os (const gchar *esp_path)
 {
 	const gchar *os_release_id = NULL;
 +#ifndef EFI_OS_DIR
 	g_autoptr(GError) error_local = NULL;
 	g_autoptr(GHashTable) os_release = fwupd_get_os_release (&error_local);
 	if (os_release != NULL) {
@@ -255,6 +256,9 @@ fu_uefi_get_esp_path_for_os (const gchar *esp_path)
 	}
 	if (os_release_id == NULL)
 		os_release_id = "unknown";
 +#else
 +	os_release_id = EFI_OS_DIR;
 +#endif
 	return g_build_filename (esp_path, "EFI", os_release_id, NULL);
 }
 diff --git a/plugins/uefi/meson.build b/plugins/uefi/meson.build
 index 140418a8..21d4b6c8 100644
 --- a/plugins/uefi/meson.build
 +++ b/plugins/uefi/meson.build
@@ -3,6 +3,11 @@ subdir('efi')
 cargs = ['-DG_LOG_DOMAIN="FuPluginUefi"']
 cargs += '-DEFI_APP_LOCATION_BUILD="' + app.full_path() + '"'
 +efi_os_dir = get_option('efi_os_dir')
 +if efi_os_dir != ''
 +  cargs += '-DEFI_OS_DIR="' + efi_os_dir + '"'
 +endif
 +
 shared_module('fu_plugin_uefi',
   sources : [
     'fu-plugin-uefi.c',
 -- 
 2.24.1
--- a/SPECS/fwupd.spec
+++ b/SPECS/fwupd.spec
@ -1,9 +1,10 @@
 %global glib2_version 2.45.8
-%global libappstream_version 0.7.4
+%global libxmlb_version 0.1.3
 %global libgusb_version 0.2.11
 %global libsoup_version 2.51.92
 %global systemd_version 231
 %global json_glib_version 1.1.1
 %global __meson_wrap_mode default
 %global enable_tests 1
 %global enable_dummy 1
@ -23,13 +24,19 @@
 %global have_dell 1
 %endif
 # only available recently
 %if 0%{?fedora} >= 30 || 0%{?rhel} >= 8
 %global have_modem_manager 1
 %endif
 Summary:   Firmware update daemon
 Name:      fwupd
-Version:   1.1.4
+Version:   1.4.2
-Release:   7%{?dist}
+Release:   4%{?dist}
 License:   LGPLv2+
-URL:       https://github.com/hughsie/fwupd
+URL:       https://github.com/fwupd/fwupd
 Source0:   http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
 Source1:   http://people.freedesktop.org/~hughsient/releases/libjcat-0.1.2.tar.xz
 # these are numbered high just to keep them wildly away from colliding with
 # the real package sources, in order to reduce churn.
@ -38,16 +45,14 @@ Source301:   redhatsecureboot301.cer
 Source500:   redhatsecurebootca5.cer
 Source503:   redhatsecureboot503.cer
-# backport from upstream
+Patch1:    0001-synaptics-prometheus-Force-the-minor-version-from-0x.patch
-Patch0:    0001-trivial-Relax-the-timing-requirements-on-the-FuDevic.patch
+Patch2:    0001-Do-not-use-the-LVFS.patch
-Patch1:    0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
+Patch3:    0001-Validate-that-gpgme_op_verify_result-returned-at-lea.patch
 Patch2:    0001-Disable-wacomhid-by-default-as-probing-the-device-st.patch
 Patch3:    0001-uefi-add-a-new-option-to-specify-the-os-name.patch
 BuildRequires: efi-srpm-macros
 BuildRequires: gettext
 BuildRequires: glib2-devel >= %{glib2_version}
-BuildRequires: libappstream-glib-devel >= %{libappstream_version}
+BuildRequires: libxmlb-devel >= %{libxmlb_version}
 BuildRequires: libgcab1-devel
 BuildRequires: libgudev1-devel
 BuildRequires: libgusb-devel >= %{libgusb_version}
@ -65,7 +70,6 @@ BuildRequires: valgrind-devel
 %endif
 BuildRequires: elfutils-libelf-devel
 BuildRequires: gtk-doc
 BuildRequires: libuuid-devel
 BuildRequires: gnutls-devel
 BuildRequires: gnutls-utils
 BuildRequires: meson
@ -74,9 +78,15 @@ BuildRequires: json-glib-devel >= %{json_glib_version}
 BuildRequires: vala
 BuildRequires: python3-devel
 BuildRequires: bash-completion
 BuildRequires: git-core
 %if 0%{?have_flashrom}
 BuildRequires: flashrom-devel >= 1.2-2
 %endif
-# until rh-signing-tools is fixed
+%if 0%{?have_modem_manager}
-BuildRequires: nss-tools
+BuildRequires: ModemManager-glib-devel >= 1.10.0
 BuildRequires: libqmi-devel >= 1.22.0
 %endif
 %if 0%{?have_redfish}
 BuildRequires: efivar-devel >= 33
@ -104,15 +114,17 @@ Requires(preun): systemd
 Requires(postun): systemd
 Requires: glib2%{?_isa} >= %{glib2_version}
-Requires: libappstream-glib%{?_isa} >= %{libappstream_version}
+Requires: libxmlb%{?_isa} >= %{libxmlb_version}
 Requires: libgusb%{?_isa} >= %{libgusb_version}
 Requires: libsoup%{?_isa} >= %{libsoup_version}
 Requires: bubblewrap
 Requires: shared-mime-info
 Obsoletes: fwupd-sign < 0.1.6
 Obsoletes: libebitdo < 0.7.5-3
 Obsoletes: libdfu < 1.0.0
 Obsoletes: fwupd-labels < 1.1.0-1
 Obsoletes: fwupdate
 %description
 fwupd is a daemon to allow session software to update device firmware.
@ -128,24 +140,33 @@ Files for development with %{name}.
 %package tests
 Summary: Data files for installed tests
 BuildArch: noarch
 Recommends: python3
 %description tests
 Data files for installed tests.
 %prep
-%autosetup -p1
+%setup -q
 %patch2 -p1 -b .lvfs-disabled
 mkdir -p subprojects/libjcat
 tar xfvs %{SOURCE1} -C subprojects/libjcat --strip-components=1
 # apply patch to subproject
 cd subprojects/libjcat
 %patch3 -p0 -b .gpgme-parsing
 cd -
 sed -ri '1s=^#!/usr/bin/(env )?python3=#!%{__python3}=' \
-        libfwupd/generate-version-script.py \
+        contrib/ci/*.py \
-        data/installed-tests/hardware.py \
+        contrib/firmware_packager/*.py \
-        po/test-deps \
+        contrib/*.py \
        contrib/standalone-installer/assets/*.py \
        contrib/standalone-installer/*.py \
        data/device-tests/*.py \
        libfwupdplugin/*.py \
        plugins/dfu/contrib/*.py \
        po/make-images \
-        contrib/ci/generate_debian.py \
+        po/test-deps
        contrib/ci/generate_docker.py \
        contrib/firmware-packager/firmware-packager \
        plugins/dfu/contrib/parse-avrdude-conf.py
 %build
@ -155,6 +176,10 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 %meson \
    -Dgtkdoc=true \
    -Defi_os_dir=%{efi_vendor} \
    -Dplugin_tpm=false \
    -Dlibjcat:gtkdoc=false \
    -Dlibjcat:introspection=false \
    -Dlibjcat:tests=false \
 %if 0%{?enable_tests}
    -Dtests=true \
 %else
@ -164,6 +189,11 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
    -Dplugin_dummy=true \
 %else
    -Dplugin_dummy=false \
 %endif
 %if 0%{?have_flashrom}
    -Dplugin_flashrom=true \
 %else
    -Dplugin_flashrom=false \
 %endif
    -Dplugin_thunderbolt=true \
 %if 0%{?have_redfish}
@ -184,6 +214,11 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
 %else
    -Dplugin_dell=false \
    -Dplugin_synaptics=false \
 %endif
 %if 0%{?have_modem_manager}
    -Dplugin_modem_manager=true \
 %else
    -Dplugin_modem_manager=false \
 %endif
    -Dman=true
@ -213,77 +248,112 @@ rm -fv %{fwup_efi_fn}.tmp
 mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
 # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1757948
 mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
 %find_lang %{name}
 %post
 /sbin/ldconfig
 %systemd_post fwupd.service
 %preun
 %systemd_preun fwupd.service
 %postun
 /sbin/ldconfig
 %systemd_postun_with_restart fwupd.service
 %systemd_postun_with_restart pesign.service
 %files -f %{name}.lang
-%doc README.md AUTHORS NEWS
+%doc README.md AUTHORS
 %license COPYING
 %config(noreplace)%{_sysconfdir}/fwupd/ata.conf
 %config(noreplace)%{_sysconfdir}/fwupd/daemon.conf
 %config(noreplace)%{_sysconfdir}/fwupd/upower.conf
 %if 0%{?have_uefi}
 %config(noreplace)%{_sysconfdir}/fwupd/uefi.conf
 %endif
 %if 0%{?have_redfish}
 %config(noreplace)%{_sysconfdir}/fwupd/redfish.conf
 %endif
 %config(noreplace)%{_sysconfdir}/fwupd/thunderbolt.conf
 %dir %{_libexecdir}/fwupd
 %{_libexecdir}/fwupd/fwupd
-%{_libexecdir}/fwupd/fwupdtool
+%{_libexecdir}/fwupd/fwupdoffline
 %if 0%{?have_uefi}
 %{_libexecdir}/fwupd/efi/*.efi
 %{_libexecdir}/fwupd/efi/*.efi.signed
-%{_libexecdir}/fwupd/fwupdate
+%{_bindir}/fwupdate
 %endif
 %{_bindir}/dfu-tool
 %{_bindir}/fwupdmgr
 %{_bindir}/fwupdtool
 %{_bindir}/fwupdagent
 %{_bindir}/jcat-tool
 %dir %{_sysconfdir}/fwupd
 %dir %{_sysconfdir}/fwupd/remotes.d
-%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd.conf
+%if 0%{?have_dell}
 %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/dell-esrt.conf
 %endif
 %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/lvfs.conf
 %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/lvfs-testing.conf
 %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor.conf
 %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor-directory.conf
 %config(noreplace)%{_sysconfdir}/pki/fwupd
 %{_sysconfdir}/pki/fwupd-metadata
-%{_sysconfdir}/dbus-1/system.d/org.freedesktop.fwupd.conf
+%{_datadir}/dbus-1/system.d/org.freedesktop.fwupd.conf
 %{_datadir}/bash-completion/completions/fwupdmgr
 %{_datadir}/bash-completion/completions/fwupdtool
 %{_datadir}/bash-completion/completions/fwupdagent
 %{_datadir}/fish/vendor_completions.d/fwupdmgr.fish
 %{_datadir}/fwupd/metainfo/org.freedesktop.fwupd*.metainfo.xml
-%{_datadir}/fwupd/remotes.d/fwupd/metadata.xml
+%if 0%{?have_dell}
 %{_datadir}/fwupd/remotes.d/dell-esrt/metadata.xml
 %endif
 %{_datadir}/fwupd/remotes.d/vendor/firmware/README.md
 %{_datadir}/dbus-1/interfaces/org.freedesktop.fwupd.xml
 %{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy
 %{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules
 %{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
 %{_datadir}/man/man1/fwupdtool.1.gz
 %{_datadir}/man/man1/fwupdagent.1.gz
 %{_datadir}/man/man1/dfu-tool.1.gz
 %{_datadir}/man/man1/fwupdmgr.1.gz
 %if 0%{?have_uefi}
 %{_datadir}/man/man1/fwupdate.1.gz
 %endif
 %{_datadir}/man/man1/jcat-tool.1*
 %{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml
-%{_datadir}/fwupd/firmware-packager
+%{_datadir}/icons/hicolor/scalable/apps/org.freedesktop.fwupd.svg
 %{_datadir}/fwupd/firmware_packager.py
 %{_datadir}/fwupd/simple_client.py
 %{_datadir}/fwupd/add_capsule_header.py
 %{_datadir}/fwupd/install_dell_bios_exe.py
 %{_unitdir}/fwupd-offline-update.service
 %{_unitdir}/fwupd.service
 %{_unitdir}/fwupd-refresh.service
 %{_unitdir}/fwupd-refresh.timer
 %{_presetdir}/fwupd-refresh.preset
 %{_unitdir}/system-update.target.wants/
 %dir %{_localstatedir}/lib/fwupd
 %dir %{_localstatedir}/cache/fwupd
 %dir %{_datadir}/fwupd/quirks.d
 %{_datadir}/fwupd/quirks.d/*.quirk
 %{_localstatedir}/lib/fwupd/builder/README.md
 %{_libdir}/libfwupd*.so.*
 %{_libdir}/libjcat.so.*
 %{_libdir}/girepository-1.0/Fwupd-2.0.typelib
 %{_libdir}/girepository-1.0/FwupdPlugin-1.0.typelib
 /usr/lib/udev/rules.d/*.rules
 /usr/lib/systemd/system-shutdown/fwupd.shutdown
 %dir %{_libdir}/fwupd-plugins-3
 %{_libdir}/fwupd-plugins-3/libfu_plugin_altos.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_amt.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_ata.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_ccgx.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_colorhug.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_coreboot.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_csr.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_cpu.so
 %if 0%{?have_dell}
 %{_libdir}/fwupd-plugins-3/libfu_plugin_dell.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_dell_esrt.so
@ -291,33 +361,53 @@ mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
 %{_libdir}/fwupd-plugins-3/libfu_plugin_dell_dock.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_dfu.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_ebitdo.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_emmc.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_ep963x.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_fastboot.so
 %if 0%{?have_flashrom}
 %{_libdir}/fwupd-plugins-3/libfu_plugin_flashrom.so
 %endif
 %{_libdir}/fwupd-plugins-3/libfu_plugin_fresco_pd.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_jabra.so
 %if 0%{?have_modem_manager}
 %{_libdir}/fwupd-plugins-3/libfu_plugin_modem_manager.so
 %endif
 %{_libdir}/fwupd-plugins-3/libfu_plugin_nitrokey.so
 %if 0%{?have_uefi}
 %{_libdir}/fwupd-plugins-3/libfu_plugin_nvme.so
 %endif
 %{_libdir}/fwupd-plugins-3/libfu_plugin_optionrom.so
 %if 0%{?have_redfish}
 %{_libdir}/fwupd-plugins-3/libfu_plugin_redfish.so
 %endif
 %{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hid.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hub.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_solokey.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_steelseries.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_superio.so
 %if 0%{?have_dell}
-%{_libdir}/fwupd-plugins-3/libfu_plugin_synapticsmst.so
+%{_libdir}/fwupd-plugins-3/libfu_plugin_synaptics_mst.so
 %endif
 %{_libdir}/fwupd-plugins-3/libfu_plugin_synaptics_cxaudio.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_synaptics_prometheus.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_synaptics_rmi.so
 %if 0%{?enable_dummy}
 %{_libdir}/fwupd-plugins-3/libfu_plugin_test.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_invalid.so
 %endif
 %{_libdir}/fwupd-plugins-3/libfu_plugin_thelio_io.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt_power.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_udev.so
 %if 0%{?have_uefi}
 %{_libdir}/fwupd-plugins-3/libfu_plugin_uefi.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_recovery.so
 %endif
-%{_libdir}/fwupd-plugins-3/libfu_plugin_unifying.so
+%{_libdir}/fwupd-plugins-3/libfu_plugin_logind.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_logitech_hidpp.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_upower.so
-%{_libdir}/fwupd-plugins-3/libfu_plugin_wacomhid.so
+%{_libdir}/fwupd-plugins-3/libfu_plugin_vli.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_raw.so
 %{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_usb.so
 %ghost %{_localstatedir}/lib/fwupd/gnupg
 %if 0%{?have_uefi}
 %{_datadir}/locale/*/LC_IMAGES/fwupd*
@ -325,26 +415,50 @@ mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
 %files devel
 %{_datadir}/gir-1.0/Fwupd-2.0.gir
-%{_datadir}/gtk-doc/html/libfwupd
+%{_datadir}/gir-1.0/FwupdPlugin-1.0.gir
 %{_datadir}/gtk-doc/html/fwupd
 %{_datadir}/vala/vapi
 %{_includedir}/fwupd-1
 %{_includedir}/libjcat-1
 %{_libdir}/libfwupd*.so
 %{_libdir}/libjcat.so
 %{_libdir}/pkgconfig/fwupd.pc
 %{_libdir}/pkgconfig/fwupdplugin.pc
 %{_libdir}/pkgconfig/jcat.pc
 %files tests
 %if 0%{?enable_tests}
 %dir %{_datadir}/installed-tests/fwupd
-%{_datadir}/installed-tests/fwupd/firmware-example.xml.gz
+%{_datadir}/installed-tests/fwupd/fwupd-tests.xml
 %{_datadir}/installed-tests/fwupd/firmware-example.xml.gz.asc
 %{_datadir}/installed-tests/fwupd/*.test
 %{_datadir}/installed-tests/fwupd/*.cab
 %{_datadir}/installed-tests/fwupd/*.sh
-%{_datadir}/installed-tests/fwupd/*.py*
+%dir %{_sysconfdir}/fwupd/remotes.d
 %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd-tests.conf
 %endif
 %changelog
-* Mon Jul 27 2020 Peter Jones <pjones@redhat.com> - 1.1.4-7
+* Fri Jul 24 2020 Peter Jones <pjones@redhat.com> - 1.4.2-4
 - Add signing with redhatsecureboot503 cert
  Related: CVE-2020-10713
 * Thu Jul 23 2020 Richard Hughes <richard@hughsie.com> 1.4.2-3
 - Obsolete the now-dead fwupdate package to prevent file conflicts
 - Resolves: #1859202
 * Fri Jun 05 2020 Richard Hughes <richard@hughsie.com> 1.4.2-2
 - Security fix for CVE-2020-10759
 - Resolves: #1844324
 * Mon May 18 2020 Richard Hughes <richard@hughsie.com> 1.4.2-1
 - New upstream release
 - Backport a patch to fix the synaptics fingerprint reader update.
 - Resolves: #1775277
 * Mon Apr 27 2020 Richard Hughes <richard@hughsie.com> 1.4.1-1
 - New upstream release
 - Resolves: #1775277
 * Wed Feb 19 2020 Richard Hughes <richard@hughsie.com> 1.1.4-6
 - Rebuild to get the EFI executable signed with the Red Hat key
 - Resolves: #1713033
`@ -1 +1,2 @@`
	`9777016b6b861676e3e88153f7b310e4d985871a SOURCES/fwupd-1.1.4.tar.xz`	`c152547682cb354b69e4e1a89b53369dd42f3e53 SOURCES/fwupd-1.4.2.tar.xz`
		`6991b6879b438a4672e97c534d10737bc54e6f39 SOURCES/libjcat-0.1.2.tar.xz`
`@ -1 +1,2 @@`
	`SOURCES/fwupd-1.1.4.tar.xz`	`SOURCES/fwupd-1.4.2.tar.xz`
		`SOURCES/libjcat-0.1.2.tar.xz`