import fwupd-1.1.4-7.el8_2

This commit is contained in:
CentOS Sources 2020-07-29 13:16:11 -04:00 committed by Andrew Lukoshko
parent 5ddd76f6ca
commit 1554303a7f
5 changed files with 17 additions and 5 deletions

Binary file not shown.

Binary file not shown.

View File

@ -26,12 +26,17 @@
Summary: Firmware update daemon Summary: Firmware update daemon
Name: fwupd Name: fwupd
Version: 1.1.4 Version: 1.1.4
Release: 6%{?dist} Release: 7%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/hughsie/fwupd URL: https://github.com/hughsie/fwupd
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
Source1: securebootca.cer
Source2: secureboot.cer # these are numbered high just to keep them wildly away from colliding with
# the real package sources, in order to reduce churn.
Source300: redhatsecurebootca3.cer
Source301: redhatsecureboot301.cer
Source500: redhatsecurebootca5.cer
Source503: redhatsecureboot503.cer
# backport from upstream # backport from upstream
Patch0: 0001-trivial-Relax-the-timing-requirements-on-the-FuDevic.patch Patch0: 0001-trivial-Relax-the-timing-requirements-on-the-FuDevic.patch
@ -39,6 +44,7 @@ Patch1: 0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
Patch2: 0001-Disable-wacomhid-by-default-as-probing-the-device-st.patch Patch2: 0001-Disable-wacomhid-by-default-as-probing-the-device-st.patch
Patch3: 0001-uefi-add-a-new-option-to-specify-the-os-name.patch Patch3: 0001-uefi-add-a-new-option-to-specify-the-os-name.patch
BuildRequires: efi-srpm-macros
BuildRequires: gettext BuildRequires: gettext
BuildRequires: glib2-devel >= %{glib2_version} BuildRequires: glib2-devel >= %{glib2_version}
BuildRequires: libappstream-glib-devel >= %{libappstream_version} BuildRequires: libappstream-glib-devel >= %{libappstream_version}
@ -148,7 +154,7 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%meson \ %meson \
-Dgtkdoc=true \ -Dgtkdoc=true \
-Defi_os_dir=redhat \ -Defi_os_dir=%{efi_vendor} \
%if 0%{?enable_tests} %if 0%{?enable_tests}
-Dtests=true \ -Dtests=true \
%else %else
@ -200,7 +206,9 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%global efiarch aa64 %global efiarch aa64
%endif %endif
%global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE1} -c %{SOURCE2} -n redhatsecureboot301 %pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301
%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503
rm -fv %{fwup_efi_fn}.tmp
%endif %endif
mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
@ -333,6 +341,10 @@ mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
%{_datadir}/installed-tests/fwupd/*.py* %{_datadir}/installed-tests/fwupd/*.py*
%changelog %changelog
* Mon Jul 27 2020 Peter Jones <pjones@redhat.com> - 1.1.4-7
- Add signing with redhatsecureboot503 cert
Related: CVE-2020-10713
* Wed Feb 19 2020 Richard Hughes <richard@hughsie.com> 1.1.4-6 * Wed Feb 19 2020 Richard Hughes <richard@hughsie.com> 1.1.4-6
- Rebuild to get the EFI executable signed with the Red Hat key - Rebuild to get the EFI executable signed with the Red Hat key
- Resolves: #1713033 - Resolves: #1713033