import fwupd-1.5.5-3.el8

This commit is contained in:
CentOS Sources 2021-05-18 02:54:07 -04:00 committed by Andrew Lukoshko
parent 0cc62e157a
commit 937960e649
18 changed files with 952 additions and 208 deletions

View File

@ -1,2 +1,8 @@
c152547682cb354b69e4e1a89b53369dd42f3e53 SOURCES/fwupd-1.4.2.tar.xz
6991b6879b438a4672e97c534d10737bc54e6f39 SOURCES/libjcat-0.1.2.tar.xz
b2620c36bd23ca699567fd4e4add039ee4375247 SOURCES/DBXUpdate-20100307-x64.cab
dfdb1d0d42c1563ca63bd45c7e2ddc48cbfc5023 SOURCES/DBXUpdate-20140413-x64.cab
a5f73c606abb93bf61625e4628d27a2cd460f162 SOURCES/DBXUpdate-20160809-x64.cab
b5b2dc87daca1d3f8081a323290432c141aa405d SOURCES/DBXUpdate-20200729-aa64.cab
3fb407561768a3a2f5fb49d7738b5e0650e70810 SOURCES/DBXUpdate-20200729-ia32.cab
89db93c9d9d20f81791a262e817b99d8882c8bb0 SOURCES/DBXUpdate-20200729-x64.cab
acaf6614e6a7af7014c1697b7c440ef0c394a2f6 SOURCES/fwupd-1.5.5.tar.xz
e01a97b6d16a188a43cb25caa42cdf9771803531 SOURCES/libjcat-0.1.5.tar.xz

10
.gitignore vendored
View File

@ -1,2 +1,8 @@
SOURCES/fwupd-1.4.2.tar.xz
SOURCES/libjcat-0.1.2.tar.xz
SOURCES/DBXUpdate-20100307-x64.cab
SOURCES/DBXUpdate-20140413-x64.cab
SOURCES/DBXUpdate-20160809-x64.cab
SOURCES/DBXUpdate-20200729-aa64.cab
SOURCES/DBXUpdate-20200729-ia32.cab
SOURCES/DBXUpdate-20200729-x64.cab
SOURCES/fwupd-1.5.5.tar.xz
SOURCES/libjcat-0.1.5.tar.xz

View File

@ -1,114 +0,0 @@
From 839b89f45a38b2373bf5836337a33f450aaab72e Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Thu, 28 May 2020 10:41:23 +0100
Subject: [PATCH] Validate that gpgme_op_verify_result() returned at least one
signature
If a detached signature is actually a PGP message, gpgme_op_verify() returns
the rather perplexing GPG_ERR_NO_ERROR, and then gpgme_op_verify_result()
builds an empty list.
Explicitly check for no signatures present to avoid returning a JcatResult with
no timestamp and an empty authority.
Many thanks to Justin Steven <justin@justinsteven.com> for the discovery and
coordinated disclosure of this issue. Fixes CVE-2020-10759
---
libjcat/jcat-gpg-engine.c | 7 +++++
libjcat/jcat-self-test.c | 55 +++++++++++++++++++++++++++++++++++++++
2 files changed, 62 insertions(+)
diff --git libjcat/jcat-gpg-engine.c libjcat/jcat-gpg-engine.c
index 0812a62..bd44dba 100644
--- libjcat/jcat-gpg-engine.c
+++ libjcat/jcat-gpg-engine.c
@@ -267,6 +267,13 @@ jcat_gpg_engine_pubkey_verify (JcatEngine *engine,
"no result record from libgpgme");
return NULL;
}
+ if (result->signatures == NULL) {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_FAILED,
+ "no signatures from libgpgme");
+ return NULL;
+ }
/* look at each signature */
for (s = result->signatures; s != NULL ; s = s->next ) {
diff --git libjcat/jcat-self-test.c libjcat/jcat-self-test.c
index d79a3a9..fd4295e 100644
--- libjcat/jcat-self-test.c
+++ libjcat/jcat-self-test.c
@@ -393,6 +393,60 @@ jcat_gpg_engine_func (void)
#endif
}
+static void
+jcat_gpg_engine_msg_func (void)
+{
+#ifdef ENABLE_GPG
+ g_autofree gchar *fn = NULL;
+ g_autofree gchar *pki_dir = NULL;
+ g_autoptr(GBytes) data = NULL;
+ g_autoptr(GBytes) data_sig = NULL;
+ g_autoptr(GError) error = NULL;
+ g_autoptr(JcatContext) context = jcat_context_new ();
+ g_autoptr(JcatEngine) engine = NULL;
+ g_autoptr(JcatResult) result = NULL;
+ const gchar *sig =
+ "-----BEGIN PGP MESSAGE-----\n"
+ "owGbwMvMwMEovmZX76/pfOKMp0WSGOLOX3/ikZqTk6+jUJ5flJOiyNXJaMzCwMjB\n"
+ "ICumyCJmt5VRUil28/1+z1cwbaxMID0MXJwCMJG4RxwMLUYXDkUad34I3vrT8+X2\n"
+ "m+ZyHyMWnTiQYaQb/eLJGqbiAJc5Jr4a/PPqHNi7auwzGsKsljebabjtnJRzpDr0\n"
+ "YvwrnmmWLJUnTzjM3MH5Kn+RzqXkywsYdk9yD2OUdLy736CiemFMdcuF02lOZvPU\n"
+ "HaTKl76wW62QH8Lr8yGMQ1Xgc6nC2ZwUhvctky7NOZtc1T477uBTL81p31ZmaIUJ\n"
+ "paS8uWZl8UzX5sFsqQi37G1TbDc8Cm+oU/yRkFj2pLBzw367ncsa4n7EqEWu1yrN\n"
+ "yD39LUeErePdqfKCG+xhL6WkWt5ZJ/6//XnjouXhl5Z4tWspT49MtNp5d3aDQ43c\n"
+ "mnbresn6A7KMZgdOiwIA\n"
+ "=a9ui\n"
+ "-----END PGP MESSAGE-----\n";
+
+ /* set up context */
+ jcat_context_set_keyring_path (context, "/tmp/libjcat-self-test/var");
+ pki_dir = g_test_build_filename (G_TEST_DIST, "pki", NULL);
+ jcat_context_add_public_keys (context, pki_dir);
+
+ /* get engine */
+ engine = jcat_context_get_engine (context, JCAT_BLOB_KIND_GPG, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (engine);
+ g_assert_cmpint (jcat_engine_get_kind (engine), ==, JCAT_BLOB_KIND_GPG);
+ g_assert_cmpint (jcat_engine_get_verify_kind (engine), ==, JCAT_ENGINE_VERIFY_KIND_SIGNATURE);
+
+ /* verify with GnuPG, which should fail as the signature is not a
+ * detached signature at all, but gnupg stabs us in the back by returning
+ * success from gpgme_op_verify() with an empty list of signatures */
+ fn = g_test_build_filename (G_TEST_DIST, "colorhug", "firmware.bin", NULL);
+ data = jcat_get_contents_bytes (fn, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (data);
+ data_sig = g_bytes_new_static (sig, strlen (sig));
+ result = jcat_engine_pubkey_verify (engine, data, data_sig,
+ JCAT_VERIFY_FLAG_NONE, &error);
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_FAILED);
+ g_assert_null (result);
+#else
+ g_test_skip ("no GnuPG support enabled");
+#endif
+}
+
static void
jcat_pkcs7_engine_func (void)
{
@@ -753,6 +807,7 @@ main (int argc, char **argv)
g_test_add_func ("/jcat/engine{sha1}", jcat_sha1_engine_func);
g_test_add_func ("/jcat/engine{sha256}", jcat_sha256_engine_func);
g_test_add_func ("/jcat/engine{gpg}", jcat_gpg_engine_func);
+ g_test_add_func ("/jcat/engine{gpg-msg}", jcat_gpg_engine_msg_func);
g_test_add_func ("/jcat/engine{pkcs7}", jcat_pkcs7_engine_func);
g_test_add_func ("/jcat/engine{pkcs7-self-signed}", jcat_pkcs7_engine_self_signed_func);
g_test_add_func ("/jcat/context{verify-blob}", jcat_context_verify_blob_func);
--
2.26.2

View File

@ -0,0 +1,25 @@
From 8d550213da363af1ca95252b4699bdf30efab5cb Mon Sep 17 00:00:00 2001
From: Ilya Guterman <amfernusus@gmail.com>
Date: Mon, 11 Jan 2021 18:10:09 +0200
Subject: [PATCH 01/11] stm-dfu: fix dnload wBlockNum wraparound
---
plugins/dfu/dfu-target-stm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git plugins/dfu/dfu-target-stm.c plugins/dfu/dfu-target-stm.c
index faf027d1..b9adb725 100644
--- plugins/dfu/dfu-target-stm.c
+++ plugins/dfu/dfu-target-stm.c
@@ -364,7 +364,7 @@ dfu_target_stm_download_element (DfuTarget *target,
g_bytes_get_size (bytes_tmp));
/* ST uses wBlockNum=0 for DfuSe commands and wBlockNum=1 is reserved */
if (!dfu_target_download_chunk (target,
- (guint8) (i + 2),
+ (i + 2),
bytes_tmp,
error))
return FALSE;
--
2.29.2

View File

@ -1,32 +0,0 @@
From d7a1eb17bef650f13e7f96430f99294c36a40806 Mon Sep 17 00:00:00 2001
From: Vincent Huang <vincent.huang@tw.synaptics.com>
Date: Tue, 19 May 2020 13:09:28 +0800
Subject: [PATCH] synaptics-prometheus: Force the minor version from 0x02 to
0x01 to make sure the devices can be updated back to 0x01.
---
plugins/synaptics-prometheus/fu-synaprom-device.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git plugins/synaptics-prometheus/fu-synaprom-device.c plugins/synaptics-prometheus/fu-synaprom-device.c
index 5a19203c..299ebde2 100644
--- a/plugins/synaptics-prometheus/fu-synaprom-device.c
+++ b/plugins/synaptics-prometheus/fu-synaprom-device.c
@@ -142,6 +142,14 @@ fu_synaprom_device_set_version (FuSynapromDevice *self,
{
g_autofree gchar *str = NULL;
+ /* We decide to skip 10.02.xxxxxx firmware, so we force the minor version from 0x02
+ ** to 0x01 to make the devices with 0x02 minor version firmware allow to be updated
+ ** back to minor version 0x01. */
+ if (vmajor == 0x0a && vminor == 0x02) {
+ g_debug ("quirking vminor from %02x to 01", vminor);
+ vminor = 0x01;
+ }
+
/* set display version */
str = g_strdup_printf ("%02u.%02u.%u", vmajor, vminor, buildnum);
fu_device_set_version (FU_DEVICE (self), str);
--
2.26.2

View File

@ -0,0 +1,30 @@
From f7e99feb9bd49b4f7b05ba4c07398e1421b62164 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=98=D0=B0=D0=BD=20=D0=93=D0=B5=D0=BE?=
=?UTF-8?q?=D1=80=D0=B3=D0=B8=D0=B5=D0=B2=D1=81=D0=BA=D0=B8?=
<gdamjan@gmail.com>
Date: Tue, 12 Jan 2021 18:36:40 +0100
Subject: [PATCH 02/11] rename config section in uefi_capsule.conf to plugin
name
in ee2e2c36749298e58b34dca163ea48a7fc925da6 the plugin name was changed
from uefi to uefi_capsule. while the config file name was changed, the
section name should also be changed.
fixes #2748
---
plugins/uefi-capsule/uefi_capsule.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git plugins/uefi-capsule/uefi_capsule.conf plugins/uefi-capsule/uefi_capsule.conf
index d9775263..c543a7f2 100644
--- plugins/uefi-capsule/uefi_capsule.conf
+++ plugins/uefi-capsule/uefi_capsule.conf
@@ -1,4 +1,4 @@
-[uefi]
+[uefi_capsule]
# the shim loader is required to chainload the fwupd EFI binary unless
# the fwupd.efi file has been self-signed manually
--
2.29.2

View File

@ -0,0 +1,32 @@
From 4952d5f8bdf8ed801d2a449f589592d0d6356833 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 13 Jan 2021 09:58:16 +0000
Subject: [PATCH 03/11] Ask the user to reboot when required if downgrading
This matches the behaviour of install and reinstall.
---
src/fu-util.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git src/fu-util.c src/fu-util.c
index 05f429bf..d5936e65 100644
--- src/fu-util.c
+++ src/fu-util.c
@@ -1835,7 +1835,13 @@ fu_util_downgrade (FuUtilPrivate *priv, gchar **values, GError **error)
if (!fu_util_maybe_send_reports (priv, remote_id, error))
return FALSE;
- return TRUE;
+ /* we don't want to ask anything */
+ if (priv->no_reboot_check) {
+ g_debug ("skipping reboot check");
+ return TRUE;
+ }
+
+ return fu_util_prompt_complete (priv->completion_flags, TRUE, error);
}
static gboolean
--
2.29.2

View File

@ -0,0 +1,33 @@
From 002863121ed42f33507ce5663a3b22fabdfa5c36 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Thu, 14 Jan 2021 10:03:51 +0000
Subject: [PATCH 04/11] Do not show Unknown [***] for every client connection
Ignore the initial client state change from UNKNOWN to IDLE which was being set
as part of the fix in fb36f22.
Fixes https://github.com/fwupd/fwupd/issues/2766
---
src/fu-progressbar.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git src/fu-progressbar.c src/fu-progressbar.c
index 9a7378c5..5dd9ff39 100644
--- src/fu-progressbar.c
+++ src/fu-progressbar.c
@@ -297,6 +297,12 @@ fu_progressbar_update (FuProgressbar *self, FwupdStatus status, guint percentage
{
g_return_if_fail (FU_IS_PROGRESSBAR (self));
+ /* ignore initial client connection */
+ if (self->status == FWUPD_STATUS_UNKNOWN && status == FWUPD_STATUS_IDLE) {
+ self->status = status;
+ return;
+ }
+
/* use cached value */
if (status == FWUPD_STATUS_UNKNOWN)
status = self->status;
--
2.29.2

View File

@ -0,0 +1,58 @@
From d179875e1025cbf0df3987a9c3b42a996eae5354 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Sat, 23 Jan 2021 11:36:26 +0700
Subject: [PATCH 05/11] esp-list: allow external ESP again
In fwupd 1.5.1 and before, we allowed ESP on external device.
From 56d816a5, (Fall back to FAT32 internal partitions for detecting
ESP, 2020-11-11), we started to only consider internal devices only.
While it would be desirable to only consider internal devices for
fallback esp partition, there're some setup that put ESP on external
device, e.g. full disk encryption with /boot on a USB.
Let's allow external ESP again.
---
src/fu-tool.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git src/fu-tool.c src/fu-tool.c
index 8624dfed..7c913f29 100644
--- src/fu-tool.c
+++ src/fu-tool.c
@@ -2431,6 +2431,7 @@ fu_util_prompt_for_volume (GError **error)
{
FuVolume *volume;
guint idx;
+ gboolean is_fallback = FALSE;
g_autoptr(GPtrArray) volumes = NULL;
g_autoptr(GPtrArray) volumes_vfat = g_ptr_array_new ();
g_autoptr(GError) error_local = NULL;
@@ -2438,6 +2439,7 @@ fu_util_prompt_for_volume (GError **error)
/* exactly one */
volumes = fu_common_get_volumes_by_kind (FU_VOLUME_KIND_ESP, &error_local);
if (volumes == NULL) {
+ is_fallback = TRUE;
g_debug ("%s, falling back to %s", error_local->message, FU_VOLUME_KIND_BDP);
volumes = fu_common_get_volumes_by_kind (FU_VOLUME_KIND_BDP, error);
if (volumes == NULL) {
@@ -2445,13 +2447,13 @@ fu_util_prompt_for_volume (GError **error)
return NULL;
}
}
- /* only add internal vfat partitions */
+ /* on fallback: only add internal vfat partitions */
for (guint i = 0; i < volumes->len; i++) {
FuVolume *vol = g_ptr_array_index (volumes, i);
g_autofree gchar *type = fu_volume_get_id_type (vol);
if (type == NULL)
continue;
- if (!fu_volume_is_internal (vol))
+ if (is_fallback && !fu_volume_is_internal (vol))
continue;
if (g_strcmp0 (type, "vfat") == 0)
g_ptr_array_add (volumes_vfat, vol);
--
2.29.2

View File

@ -0,0 +1,41 @@
From 9b48540a255bc91679de93a388600a61d9ca02c6 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 27 Jan 2021 10:45:21 +0000
Subject: [PATCH 06/11] Fix a crash when using fwupdtool
The docs for `fwupd_device_get_children()` make it very clear that only the
parent should be assigned. Also add a warning to `fwupd_device_add_child()`
explaining it is for internal daemon use only.
---
libfwupd/fwupd-device.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git libfwupd/fwupd-device.c libfwupd/fwupd-device.c
index 7e3ceca9..2f3f4ddb 100644
--- libfwupd/fwupd-device.c
+++ libfwupd/fwupd-device.c
@@ -370,6 +370,9 @@ fwupd_device_set_parent (FwupdDevice *device, FwupdDevice *parent)
* Adds a child device. An child device is logically linked to the primary
* device in some way.
*
+ * NOTE: You should never call this function from user code, it is for daemon
+ * use only. Only use fwupd_device_set_parent() to set up a logical tree.
+ *
* Since: 1.5.1
**/
void
@@ -2646,10 +2649,8 @@ fwupd_device_array_ensure_parents (GPtrArray *devices)
if (parent_id != NULL) {
FwupdDevice *dev_tmp;
dev_tmp = g_hash_table_lookup (devices_by_id, parent_id);
- if (dev_tmp != NULL) {
- fwupd_device_add_child (dev_tmp, dev);
+ if (dev_tmp != NULL)
fwupd_device_set_parent (dev, dev_tmp);
- }
}
}
}
--
2.29.2

View File

@ -0,0 +1,25 @@
From b04116d4defad3b243a109d9d79ad11eceecd6cc Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Mon, 1 Feb 2021 09:32:11 +0000
Subject: [PATCH 07/11] jabra: Ensure the protocol is set to avoid a daemon
warning
---
plugins/jabra/fu-jabra-device.c | 1 +
1 file changed, 1 insertion(+)
diff --git plugins/jabra/fu-jabra-device.c plugins/jabra/fu-jabra-device.c
index 7a6aff9a..055a3b30 100644
--- plugins/jabra/fu-jabra-device.c
+++ plugins/jabra/fu-jabra-device.c
@@ -146,6 +146,7 @@ fu_jabra_device_init (FuJabraDevice *self)
fu_device_add_flag (FU_DEVICE (self), FWUPD_DEVICE_FLAG_UPDATABLE);
fu_device_add_flag (FU_DEVICE (self), FWUPD_DEVICE_FLAG_ADD_COUNTERPART_GUIDS);
fu_device_set_remove_delay (FU_DEVICE (self), 20000); /* 10+10s! */
+ fu_device_set_protocol (FU_DEVICE (self), "org.usb.dfu");
}
static void
--
2.29.2

View File

@ -0,0 +1,25 @@
From b943adc496451975a9b959d78c0859a7fea5e483 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Sun, 7 Feb 2021 16:55:02 +0000
Subject: [PATCH 08/11] wacom-usb: Fix a crash detected by AddressSanitizer
---
plugins/wacom-usb/fu-wac-firmware.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git plugins/wacom-usb/fu-wac-firmware.c plugins/wacom-usb/fu-wac-firmware.c
index fc54cf10..d3a41682 100644
--- plugins/wacom-usb/fu-wac-firmware.c
+++ plugins/wacom-usb/fu-wac-firmware.c
@@ -44,7 +44,7 @@ fu_wac_firmware_parse (FuFirmware *firmware,
/* check the prefix (BE) */
data = (guint8 *) g_bytes_get_data (fw, &len);
- if (memcmp (data, "WACOM", 5) != 0) {
+ if (len < 5 || memcmp (data, "WACOM", 5) != 0) {
g_set_error_literal (error,
FWUPD_ERROR,
FWUPD_ERROR_INTERNAL,
--
2.29.2

View File

@ -0,0 +1,34 @@
From b743836b16c64e2d726f85113cd4ab6f18ed4df0 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Mon, 8 Feb 2021 16:47:05 +0000
Subject: [PATCH 09/11] trivial: Fix a buffer-overread spotted by
AddressSanitizer
---
libfwupdplugin/fu-common.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git libfwupdplugin/fu-common.c libfwupdplugin/fu-common.c
index d4dd4aef..094f2d23 100644
--- libfwupdplugin/fu-common.c
+++ libfwupdplugin/fu-common.c
@@ -1856,14 +1856,12 @@ fu_common_strsafe (const gchar *str, gsize maxsz)
gboolean valid = FALSE;
g_autoptr(GString) tmp = NULL;
- g_return_val_if_fail (maxsz > 0, NULL);
-
/* sanity check */
- if (str == NULL)
+ if (str == NULL || maxsz == 0)
return NULL;
/* replace non-printable chars with '.' */
- tmp = g_string_sized_new (strlen (str));
+ tmp = g_string_sized_new (maxsz);
for (gsize i = 0; str[i] != '\0' && i < maxsz; i++) {
if (!g_ascii_isprint (str[i])) {
g_string_append_c (tmp, '.');
--
2.29.2

View File

@ -0,0 +1,38 @@
From 6077051e173770cf357703a3d776ceac2c53d963 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Mon, 8 Feb 2021 18:10:38 +0000
Subject: [PATCH 10/11] ihex: Fix a buffer-overread spotted by AddressSanitizer
---
libfwupdplugin/fu-ihex-firmware.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git libfwupdplugin/fu-ihex-firmware.c libfwupdplugin/fu-ihex-firmware.c
index 8d4fc6a6..5df8a948 100644
--- libfwupdplugin/fu-ihex-firmware.c
+++ libfwupdplugin/fu-ihex-firmware.c
@@ -90,11 +90,6 @@ fu_ihex_firmware_record_new (guint ln, const gchar *line,
rcd->ln = ln;
rcd->data = g_byte_array_new ();
rcd->buf = g_string_new (line);
- rcd->byte_cnt = fu_firmware_strparse_uint8 (line + 1);
- rcd->addr = fu_firmware_strparse_uint16 (line + 3);
- rcd->record_type = fu_firmware_strparse_uint8 (line + 7);
-
- /* check there's enough data for the smallest possible record */
if (rcd->buf->len < 11) {
g_set_error (error,
FWUPD_ERROR,
@@ -103,6 +98,9 @@ fu_ihex_firmware_record_new (guint ln, const gchar *line,
(guint) rcd->buf->len);
return NULL;
}
+ rcd->byte_cnt = fu_firmware_strparse_uint8 (line + 1);
+ rcd->addr = fu_firmware_strparse_uint16 (line + 3);
+ rcd->record_type = fu_firmware_strparse_uint8 (line + 7);
/* position of checksum */
line_end = 9 + rcd->byte_cnt * 2;
--
2.29.2

View File

@ -0,0 +1,26 @@
From 60b5598032b3c36660984e7d49a5ff929ecd6e26 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Mon, 8 Feb 2021 18:41:45 +0000
Subject: [PATCH 11/11] wacom-usb: Fix a buffer-overread spotted by
AddressSanitizer
---
plugins/wacom-usb/fu-wac-firmware.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git plugins/wacom-usb/fu-wac-firmware.c plugins/wacom-usb/fu-wac-firmware.c
index d3a41682..ae1e7cac 100644
--- plugins/wacom-usb/fu-wac-firmware.c
+++ plugins/wacom-usb/fu-wac-firmware.c
@@ -65,7 +65,7 @@ fu_wac_firmware_parse (FuFirmware *firmware,
guint cmdlen = strlen (lines[i]);
/* header info record */
- if (memcmp (lines[i] + 2, "COM", 3) == 0) {
+ if (cmdlen > 3 && memcmp (lines[i] + 2, "COM", 3) == 0) {
guint8 header_image_cnt = 0;
if (cmdlen != 40) {
g_set_error (error,
--
2.29.2

View File

@ -0,0 +1,381 @@
From e80f277f4c268d69c162123bc8cbb1819224cea2 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Wed, 10 Feb 2021 13:22:59 +0000
Subject: [PATCH 12/12] goodix-moc: Fix several places where the plugin code
might crash
Fixes https://github.com/fwupd/fwupd/issues/2850
---
plugins/goodix-moc/fu-goodixmoc-common.c | 83 ----------------
plugins/goodix-moc/fu-goodixmoc-common.h | 19 +---
plugins/goodix-moc/fu-goodixmoc-device.c | 120 +++++++++++++----------
plugins/goodix-moc/meson.build | 1 -
4 files changed, 72 insertions(+), 151 deletions(-)
delete mode 100644 plugins/goodix-moc/fu-goodixmoc-common.c
diff --git plugins/goodix-moc/fu-goodixmoc-common.c plugins/goodix-moc/fu-goodixmoc-common.c
deleted file mode 100644
index 7c81434d..00000000
--- plugins/goodix-moc/fu-goodixmoc-common.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) 2016 Richard Hughes <richard@hughsie.com>
- * Copyright (C) 2020 boger wang <boger@goodix.com>
- *
- * SPDX-License-Identifier: LGPL-2.1+
- */
-
-#include "config.h"
-
-#include <fwupd.h>
-#include <string.h>
-
-#include "fu-common.h"
-#include "fu-goodixmoc-common.h"
-
-void
-fu_goodixmoc_build_header (GxfpPkgHeader *pheader,
- guint16 len,
- guint8 cmd0,
- guint8 cmd1,
- GxPkgType type)
-{
- static guint8 dummy_seq = 0;
-
- g_return_if_fail (pheader != NULL);
-
- pheader->cmd0 = (cmd0);
- pheader->cmd1 = (cmd1);
- pheader->pkg_flag = (guint8)type;
- pheader->reserved = dummy_seq++;
- pheader->len = len + GX_SIZE_CRC32;
- pheader->crc8 = fu_common_crc8 ((guint8 *)pheader, 6);
- pheader->rev_crc8 = ~pheader->crc8;
-}
-
-gboolean
-fu_goodixmoc_parse_header (guint8 *buf, guint32 bufsz,
- GxfpPkgHeader *pheader, GError **error)
-{
- g_return_val_if_fail (buf != NULL, FALSE);
- g_return_val_if_fail (pheader != NULL, FALSE);
-
- if (!fu_memcpy_safe ((guint8 *) &pheader, sizeof(*pheader), 0x0, /* dst */
- buf, bufsz, 0x01, /* src */
- sizeof(*pheader), error))
- return FALSE;
- memcpy (pheader, buf, sizeof(*pheader));
- pheader->len = GUINT16_FROM_LE(*(buf + 4));
- pheader->len -= GX_SIZE_CRC32;
- return TRUE;
-}
-
-gboolean
-fu_goodixmoc_parse_body (guint8 cmd, guint8 *buf, guint32 bufsz,
- GxfpCmdResp *presp, GError **error)
-{
- g_return_val_if_fail (buf != NULL, FALSE);
- g_return_val_if_fail (presp != NULL, FALSE);
-
- presp->result = buf[0];
- switch (cmd) {
- case GX_CMD_ACK:
- if (bufsz == 0) {
- g_set_error_literal (error,
- FWUPD_ERROR,
- FWUPD_ERROR_INTERNAL,
- "invalid bufsz");
- return FALSE;
- }
- presp->ack_msg.cmd = buf[1];
- break;
- case GX_CMD_VERSION:
- if (!fu_memcpy_safe ((guint8 *) &presp->version_info,
- sizeof(presp->version_info), 0x0, /* dst */
- buf, bufsz, 0x01, /* src */
- sizeof(GxfpVersiomInfo), error))
- return FALSE;
- break;
- default:
- break;
- }
- return TRUE;
-}
diff --git plugins/goodix-moc/fu-goodixmoc-common.h plugins/goodix-moc/fu-goodixmoc-common.h
index 4bbdc0c8..c4b69954 100644
--- plugins/goodix-moc/fu-goodixmoc-common.h
+++ plugins/goodix-moc/fu-goodixmoc-common.h
@@ -35,7 +35,7 @@ typedef struct {
guint8 protocol[8];
guint8 flashVersion[8];
guint8 reserved[62];
-} GxfpVersiomInfo;
+} GxfpVersionInfo;
typedef struct {
guint8 cmd;
@@ -46,7 +46,7 @@ typedef struct {
guint8 result;
union {
GxfpAckMsg ack_msg;
- GxfpVersiomInfo version_info;
+ GxfpVersionInfo version_info;
};
} GxfpCmdResp;
@@ -64,18 +64,3 @@ typedef struct __attribute__((__packed__)) {
guint8 crc8;
guint8 rev_crc8;
} GxfpPkgHeader;
-
-void fu_goodixmoc_build_header (GxfpPkgHeader *pheader,
- guint16 len,
- guint8 cmd0,
- guint8 cmd1,
- GxPkgType type);
-gboolean fu_goodixmoc_parse_header (guint8 *buf,
- guint32 bufsz,
- GxfpPkgHeader *pheader,
- GError **error);
-gboolean fu_goodixmoc_parse_body (guint8 cmd,
- guint8 *buf,
- guint32 bufsz,
- GxfpCmdResp *presp,
- GError **error);
diff --git plugins/goodix-moc/fu-goodixmoc-device.c plugins/goodix-moc/fu-goodixmoc-device.c
index f216aec7..3d359dab 100644
--- plugins/goodix-moc/fu-goodixmoc-device.c
+++ plugins/goodix-moc/fu-goodixmoc-device.c
@@ -14,6 +14,7 @@
struct _FuGoodixMocDevice {
FuUsbDevice parent_instance;
+ guint8 dummy_seq;
};
G_DEFINE_TYPE (FuGoodixMocDevice, fu_goodixmoc_device, FU_TYPE_USB_DEVICE)
@@ -27,26 +28,34 @@ G_DEFINE_TYPE (FuGoodixMocDevice, fu_goodixmoc_device, FU_TYPE_USB_DEVICE)
#define GX_FLASH_TRANSFER_BLOCK_SIZE 1000 /* 1000 */
static gboolean
-goodixmoc_device_cmd_send (GUsbDevice *usbdevice,
+goodixmoc_device_cmd_send (FuGoodixMocDevice *self,
guint8 cmd0,
guint8 cmd1,
GxPkgType type,
GByteArray *req,
GError **error)
{
- GxfpPkgHeader header = { 0 };
- guint32 crc_actual = 0;
+ GUsbDevice *usb_device = fu_usb_device_get_dev (FU_USB_DEVICE (self));
+ guint32 crc_all = 0;
+ guint32 crc_hdr = 0;
gsize actual_len = 0;
g_autoptr(GByteArray) buf = g_byte_array_new ();
- fu_goodixmoc_build_header (&header, req->len, cmd0, cmd1, type);
- g_byte_array_append (buf, (guint8 *)&header, sizeof(header));
+ /* build header */
+ fu_byte_array_append_uint8 (buf, cmd0);
+ fu_byte_array_append_uint8 (buf, cmd1);
+ fu_byte_array_append_uint8 (buf, type); /* pkg_flag */
+ fu_byte_array_append_uint8 (buf, self->dummy_seq++); /* reserved */
+ fu_byte_array_append_uint16 (buf, req->len + GX_SIZE_CRC32, G_LITTLE_ENDIAN);
+ crc_hdr = fu_common_crc8 (buf->data, buf->len);
+ fu_byte_array_append_uint8 (buf, crc_hdr);
+ fu_byte_array_append_uint8 (buf, ~crc_hdr);
g_byte_array_append (buf, req->data, req->len);
- crc_actual = fu_common_crc32 (buf->data, sizeof(header) + req->len);
- fu_byte_array_append_uint32 (buf, crc_actual, G_LITTLE_ENDIAN);
+ crc_all = fu_common_crc32 (buf->data, buf->len);
+ fu_byte_array_append_uint32 (buf, crc_all, G_LITTLE_ENDIAN);
/* send zero length package */
- if (!g_usb_device_bulk_transfer (usbdevice,
+ if (!g_usb_device_bulk_transfer (usb_device,
GX_USB_BULK_EP_OUT,
NULL,
0,
@@ -62,7 +71,7 @@ goodixmoc_device_cmd_send (GUsbDevice *usbdevice,
}
/* send data */
- if (!g_usb_device_bulk_transfer (usbdevice,
+ if (!g_usb_device_bulk_transfer (usb_device,
GX_USB_BULK_EP_OUT,
buf->data,
buf->len,
@@ -84,12 +93,12 @@ goodixmoc_device_cmd_send (GUsbDevice *usbdevice,
}
static gboolean
-goodixmoc_device_cmd_recv (GUsbDevice *usbdevice,
+goodixmoc_device_cmd_recv (FuGoodixMocDevice *self,
GxfpCmdResp *presponse,
gboolean data_reply,
GError **error)
{
- GxfpPkgHeader header = { 0 };
+ GUsbDevice *usb_device = fu_usb_device_get_dev (FU_USB_DEVICE (self));
guint32 crc_actual = 0;
guint32 crc_calculated = 0;
gsize actual_len = 0;
@@ -102,9 +111,11 @@ goodixmoc_device_cmd_recv (GUsbDevice *usbdevice,
* | zlp | ack | zlp | data |
*/
while (1) {
+ guint16 header_len = 0x0;
+ guint8 header_cmd0 = 0x0;
g_autoptr(GByteArray) reply = g_byte_array_new ();
fu_byte_array_set_size (reply, GX_FLASH_TRANSFER_BLOCK_SIZE);
- if (!g_usb_device_bulk_transfer (usbdevice,
+ if (!g_usb_device_bulk_transfer (usb_device,
GX_USB_BULK_EP_IN,
reply->data,
reply->len,
@@ -125,12 +136,14 @@ goodixmoc_device_cmd_recv (GUsbDevice *usbdevice,
}
/* parse package header */
- if (!fu_goodixmoc_parse_header (reply->data,
- actual_len,
- &header,
- error))
+ if (!fu_common_read_uint8_safe (reply->data, reply->len, 0x0,
+ &header_cmd0, error))
+ return FALSE;
+ if (!fu_common_read_uint16_safe (reply->data, reply->len, 0x4,
+ &header_len, G_LITTLE_ENDIAN,
+ error))
return FALSE;
- offset = sizeof(header) + header.len;
+ offset = sizeof(GxfpPkgHeader) + header_len - GX_SIZE_CRC32;
crc_actual = fu_common_crc32 (reply->data, offset);
if (!fu_common_read_uint32_safe (reply->data,
reply->len,
@@ -149,15 +162,33 @@ goodixmoc_device_cmd_recv (GUsbDevice *usbdevice,
}
/* parse package data */
- if (!fu_goodixmoc_parse_body (header.cmd0,
- reply->data + sizeof(header),
- header.len,
- presponse,
- error))
+ if (!fu_common_read_uint8_safe (reply->data, reply->len,
+ sizeof(GxfpPkgHeader) + 0x00,
+ &presponse->result, error))
return FALSE;
+ if (header_cmd0 == GX_CMD_ACK) {
+ if (header_len == 0) {
+ g_set_error_literal (error,
+ FWUPD_ERROR,
+ FWUPD_ERROR_INTERNAL,
+ "invalid bufsz");
+ return FALSE;
+ }
+ if (!fu_common_read_uint8_safe (reply->data, reply->len,
+ sizeof(GxfpPkgHeader) + 0x01,
+ &presponse->ack_msg.cmd, error))
+ return FALSE;
+ } else if (header_cmd0 == GX_CMD_VERSION) {
+ if (!fu_memcpy_safe ((guint8 *) &presponse->version_info,
+ sizeof(presponse->version_info), 0x0, /* dst */
+ reply->data, reply->len,
+ sizeof(GxfpPkgHeader) + 0x01, /* src */
+ sizeof(GxfpVersionInfo), error))
+ return FALSE;
+ }
/* continue after ack received */
- if (header.cmd0 == GX_CMD_ACK && data_reply)
+ if (header_cmd0 == GX_CMD_ACK && data_reply)
continue;
break;
}
@@ -176,36 +207,27 @@ fu_goodixmoc_device_cmd_xfer (FuGoodixMocDevice *device,
gboolean data_reply,
GError **error)
{
- GUsbDevice *usb_device = fu_usb_device_get_dev (FU_USB_DEVICE(device));
- if (!goodixmoc_device_cmd_send (usb_device, cmd0, cmd1, type, req, error))
+ FuGoodixMocDevice *self = FU_GOODIXMOC_DEVICE(device);
+ if (!goodixmoc_device_cmd_send (self, cmd0, cmd1, type, req, error))
return FALSE;
- return goodixmoc_device_cmd_recv (usb_device, presponse, data_reply, error);
+ return goodixmoc_device_cmd_recv (self, presponse, data_reply, error);
}
-static gchar *
-fu_goodixmoc_device_get_version (FuGoodixMocDevice *self, GError **error)
+static gboolean
+fu_goodixmoc_device_setup_version (FuGoodixMocDevice *self, GError **error)
{
GxfpCmdResp rsp = { 0 };
- gchar ver[9] = { 0 };
- guint8 dummy = 0;
+ g_autofree gchar *version = NULL;
g_autoptr(GByteArray) req = g_byte_array_new ();
- fu_byte_array_append_uint8 (req, dummy);
+ fu_byte_array_append_uint8 (req, 0); /* dummy */
if (!fu_goodixmoc_device_cmd_xfer (self, GX_CMD_VERSION, GX_CMD1_DEFAULT,
- GX_PKG_TYPE_EOP,
- req,
- &rsp,
- TRUE,
- error))
- return NULL;
- if (!fu_memcpy_safe ((guint8 *) ver, sizeof(ver), 0x0,
- rsp.version_info.fwversion,
- sizeof(rsp.version_info.fwversion),
- 0x0,
- sizeof(rsp.version_info.fwversion),
- error))
- return NULL;
- return g_strndup (ver, sizeof(ver));
+ GX_PKG_TYPE_EOP, req, &rsp, TRUE, error))
+ return FALSE;
+ version = g_strndup ((const gchar *) rsp.version_info.fwversion,
+ sizeof(rsp.version_info.fwversion));
+ fu_device_set_version (FU_DEVICE (self), version);
+ return TRUE;
}
static gboolean
@@ -281,15 +303,13 @@ fu_goodixmoc_device_open (FuUsbDevice *device, GError **error)
static gboolean
fu_goodixmoc_device_setup (FuDevice *device, GError **error)
{
- FuGoodixMocDevice *self = FU_GOODIXMOC_DEVICE(device);
- g_autofree gchar *version = NULL;
+ FuGoodixMocDevice *self = FU_GOODIXMOC_DEVICE (device);
- version = fu_goodixmoc_device_get_version (self, error);
- if (version == NULL) {
+ /* ensure version */
+ if (!fu_goodixmoc_device_setup_version (self, error)) {
g_prefix_error (error, "failed to get firmware version: ");
return FALSE;
}
- fu_device_set_version (device, version);
/* success */
return TRUE;
diff --git plugins/goodix-moc/meson.build plugins/goodix-moc/meson.build
index 4e1287e4..178b35d8 100644
--- plugins/goodix-moc/meson.build
+++ plugins/goodix-moc/meson.build
@@ -9,7 +9,6 @@ install_data([
shared_module('fu_plugin_goodixmoc',
fu_hash,
sources : [
- 'fu-goodixmoc-common.c',
'fu-goodixmoc-device.c',
'fu-plugin-goodixmoc.c',
],
--
2.29.2

39
SOURCES/deps.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git meson.build meson.build
index 02a93f57..93f77e62 100644
--- meson.build
+++ meson.build
@@ -206,7 +206,7 @@ else
gudev = dependency('', required : false)
endif
libxmlb = dependency('xmlb', version : '>= 0.1.13', fallback : ['libxmlb', 'libxmlb_dep'])
-gusb = dependency('gusb', version : '>= 0.3.5', fallback : ['gusb', 'gusb_dep'])
+gusb = dependency('gusb', version : '>= 0.3.0', fallback : ['gusb', 'gusb_dep'])
sqlite = dependency('sqlite3')
libarchive = dependency('libarchive')
endif
diff --git plugins/cros-ec/fu-cros-ec-usb-device.c plugins/cros-ec/fu-cros-ec-usb-device.c
index 5bf6f7e1..79a29b2d 100644
--- plugins/cros-ec/fu-cros-ec-usb-device.c
+++ plugins/cros-ec/fu-cros-ec-usb-device.c
@@ -109,6 +109,7 @@ static gboolean
fu_cros_ec_usb_device_find_interface (FuUsbDevice *device,
GError **error)
{
+#if G_USB_CHECK_VERSION(0,3,3)
GUsbDevice *usb_device = fu_usb_device_get_dev (device);
FuCrosEcUsbDevice *self = FU_CROS_EC_USB_DEVICE (device);
g_autoptr(GPtrArray) intfs = NULL;
@@ -142,6 +143,13 @@ fu_cros_ec_usb_device_find_interface (FuUsbDevice *device,
FWUPD_ERROR_NOT_FOUND,
"no update interface found");
return FALSE;
+#else
+ g_set_error_literal (error,
+ FWUPD_ERROR,
+ FWUPD_ERROR_NOT_SUPPORTED,
+ "this version of GUsb is not supported");
+ return FALSE;
+#endif
}
static gboolean

View File

@ -1,12 +1,20 @@
%global glib2_version 2.45.8
%global libxmlb_version 0.1.3
%global libgusb_version 0.2.11
%global libsoup_version 2.51.92
%global libcurl_version 7.61.0
%global systemd_version 231
%global json_glib_version 1.1.1
%global __meson_wrap_mode default
# although we ship a few tiny python files these are utilities that 99.99%
# of users do not need -- use this to avoid dragging python onto CoreOS
%global __requires_exclude ^%{python3}$
# PPC64 is too slow to complete the tests under 3 minutes...
%ifnarch ppc64le
%global enable_tests 1
%endif
%global enable_dummy 1
# fwupd.efi is only available on these arches
@ -14,9 +22,8 @@
%global have_uefi 1
%endif
# redfish is only available on this arch
%ifarch x86_64
%global have_redfish 1
%ifarch i686 x86_64
%global have_msr 1
%endif
# libsmbios is only available on x86
@ -31,12 +38,19 @@
Summary: Firmware update daemon
Name: fwupd
Version: 1.4.2
Release: 4%{?dist}
Version: 1.5.5
Release: 3%{?dist}
License: LGPLv2+
URL: https://github.com/fwupd/fwupd
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
Source1: http://people.freedesktop.org/~hughsient/releases/libjcat-0.1.2.tar.xz
Source1: http://people.freedesktop.org/~hughsient/releases/libjcat-0.1.5.tar.xz
Source10: http://people.redhat.com/rhughes/dbx/DBXUpdate-20100307-x64.cab
Source11: http://people.redhat.com/rhughes/dbx/DBXUpdate-20140413-x64.cab
Source12: http://people.redhat.com/rhughes/dbx/DBXUpdate-20160809-x64.cab
Source13: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab
Source14: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab
Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab
# these are numbered high just to keep them wildly away from colliding with
# the real package sources, in order to reduce churn.
@ -45,9 +59,22 @@ Source301: redhatsecureboot301.cer
Source500: redhatsecurebootca5.cer
Source503: redhatsecureboot503.cer
Patch1: 0001-synaptics-prometheus-Force-the-minor-version-from-0x.patch
Patch2: 0001-Do-not-use-the-LVFS.patch
Patch3: 0001-Validate-that-gpgme_op_verify_result-returned-at-lea.patch
Patch4: deps.patch
# these are important fixes already upstream
Patch101: 0001-stm-dfu-fix-dnload-wBlockNum-wraparound.patch
Patch102: 0002-rename-config-section-in-uefi_capsule.conf-to-plugin.patch
Patch103: 0003-Ask-the-user-to-reboot-when-required-if-downgrading.patch
Patch104: 0004-Do-not-show-Unknown-for-every-client-connection.patch
Patch105: 0005-esp-list-allow-external-ESP-again.patch
Patch106: 0006-Fix-a-crash-when-using-fwupdtool.patch
Patch107: 0007-jabra-Ensure-the-protocol-is-set-to-avoid-a-daemon-w.patch
Patch108: 0008-wacom-usb-Fix-a-crash-detected-by-AddressSanitizer.patch
Patch109: 0009-trivial-Fix-a-buffer-overread-spotted-by-AddressSani.patch
Patch110: 0010-ihex-Fix-a-buffer-overread-spotted-by-AddressSanitiz.patch
Patch111: 0011-wacom-usb-Fix-a-buffer-overread-spotted-by-AddressSa.patch
Patch112: 0012-goodix-moc-Fix-several-places-where-the-plugin-code-.patch
BuildRequires: efi-srpm-macros
BuildRequires: gettext
@ -56,11 +83,12 @@ BuildRequires: libxmlb-devel >= %{libxmlb_version}
BuildRequires: libgcab1-devel
BuildRequires: libgudev1-devel
BuildRequires: libgusb-devel >= %{libgusb_version}
BuildRequires: libsoup-devel >= %{libsoup_version}
BuildRequires: libcurl-devel >= %{libcurl_version}
BuildRequires: polkit-devel >= 0.103
BuildRequires: sqlite-devel
BuildRequires: gpgme-devel
BuildRequires: systemd >= %{systemd_version}
BuildRequires: systemd-devel
BuildRequires: libarchive-devel
BuildRequires: gobject-introspection-devel
BuildRequires: gcab
@ -79,19 +107,12 @@ BuildRequires: vala
BuildRequires: python3-devel
BuildRequires: bash-completion
BuildRequires: git-core
%if 0%{?have_flashrom}
BuildRequires: flashrom-devel >= 1.2-2
%endif
%if 0%{?have_modem_manager}
BuildRequires: ModemManager-glib-devel >= 1.10.0
BuildRequires: libqmi-devel >= 1.22.0
%endif
%if 0%{?have_redfish}
BuildRequires: efivar-devel >= 33
%endif
%if 0%{?have_uefi}
BuildRequires: efivar-devel >= 33
BuildRequires: python3 python3-cairo python3-gobject python3-pillow
@ -116,7 +137,6 @@ Requires(postun): systemd
Requires: glib2%{?_isa} >= %{glib2_version}
Requires: libxmlb%{?_isa} >= %{libxmlb_version}
Requires: libgusb%{?_isa} >= %{libgusb_version}
Requires: libsoup%{?_isa} >= %{libsoup_version}
Requires: bubblewrap
Requires: shared-mime-info
@ -124,7 +144,13 @@ Obsoletes: fwupd-sign < 0.1.6
Obsoletes: libebitdo < 0.7.5-3
Obsoletes: libdfu < 1.0.0
Obsoletes: fwupd-labels < 1.1.0-1
Obsoletes: fwupdate
Obsoletes: fwupdate < 13
Obsoletes: dbxtool < 9
Provides: dbxtool
# optional, but a really good idea
Recommends: udisks2
%description
fwupd is a daemon to allow session software to update device firmware.
@ -147,15 +173,23 @@ Data files for installed tests.
%prep
%setup -q
%patch2 -p1 -b .lvfs-disabled
%patch4 -p0 -b .deps
%patch101 -p0
%patch102 -p0
%patch103 -p0
%patch104 -p0
%patch105 -p0
%patch106 -p0
%patch107 -p0
%patch108 -p0
%patch109 -p0
%patch110 -p0
%patch111 -p0
%patch112 -p0
mkdir -p subprojects/libjcat
tar xfvs %{SOURCE1} -C subprojects/libjcat --strip-components=1
# apply patch to subproject
cd subprojects/libjcat
%patch3 -p0 -b .gpgme-parsing
cd -
sed -ri '1s=^#!/usr/bin/(env )?python3=#!%{__python3}=' \
contrib/ci/*.py \
contrib/firmware_packager/*.py \
@ -176,7 +210,7 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%meson \
-Dgtkdoc=true \
-Defi_os_dir=%{efi_vendor} \
-Dplugin_tpm=false \
-Dsupported_build=true \
-Dlibjcat:gtkdoc=false \
-Dlibjcat:introspection=false \
-Dlibjcat:tests=false \
@ -190,23 +224,21 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%else
-Dplugin_dummy=false \
%endif
%if 0%{?have_flashrom}
-Dplugin_flashrom=true \
%else
-Dplugin_flashrom=false \
%if 0%{?have_msr}
-Dplugin_msr=true \
%else
-Dplugin_msr=false \
%endif
-Dplugin_thunderbolt=true \
%if 0%{?have_redfish}
-Dplugin_redfish=true \
%else
-Dplugin_redfish=false \
%endif
%if 0%{?have_uefi}
-Dplugin_uefi=true \
-Dplugin_nvme=true \
-Dplugin_uefi_capsule=true \
-Dplugin_uefi_pk=false \
-Dtpm=false \
%else
-Dplugin_uefi=false \
-Dplugin_nvme=false \
-Dplugin_uefi_capsule=false \
-Dplugin_uefi_pk=false \
-Dtpm=false \
%endif
%if 0%{?have_dell}
-Dplugin_dell=true \
@ -232,6 +264,10 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%install
%meson_install
# on RHEL the LVFS is disabled by default
mkdir -p %{buildroot}/%{_datadir}/dbxtool
install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{buildroot}/%{_datadir}/dbxtool
# sign fwupd.efi loader
%if 0%{?have_uefi}
%ifarch x86_64
@ -256,6 +292,13 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%post
%systemd_post fwupd.service
# change vendor-installed remotes to use the default keyring type
for fn in /etc/fwupd/remotes.d/*.conf; do
if grep -q "Keyring=gpg" "$fn"; then
sed -i 's/Keyring=gpg/#Keyring=pkcs/g' "$fn";
fi
done
%preun
%systemd_preun fwupd.service
@ -266,18 +309,18 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%files -f %{name}.lang
%doc README.md AUTHORS
%license COPYING
%config(noreplace)%{_sysconfdir}/fwupd/ata.conf
%config(noreplace)%{_sysconfdir}/fwupd/daemon.conf
%config(noreplace)%{_sysconfdir}/fwupd/upower.conf
%if 0%{?have_uefi}
%config(noreplace)%{_sysconfdir}/fwupd/uefi.conf
%config(noreplace)%{_sysconfdir}/fwupd/uefi_capsule.conf
%endif
%if 0%{?have_redfish}
%config(noreplace)%{_sysconfdir}/fwupd/redfish.conf
%endif
%config(noreplace)%{_sysconfdir}/fwupd/thunderbolt.conf
%dir %{_libexecdir}/fwupd
%{_libexecdir}/fwupd/fwupd
%ifarch i686 x86_64
%{_libexecdir}/fwupd/fwupd-detect-cet
%endif
%{_libexecdir}/fwupd/fwupdoffline
%if 0%{?have_uefi}
%{_libexecdir}/fwupd/efi/*.efi
@ -285,6 +328,9 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_bindir}/fwupdate
%endif
%{_bindir}/dfu-tool
%if 0%{?have_uefi}
%{_bindir}/dbxtool
%endif
%{_bindir}/fwupdmgr
%{_bindir}/fwupdtool
%{_bindir}/fwupdagent
@ -300,6 +346,9 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor-directory.conf
%config(noreplace)%{_sysconfdir}/pki/fwupd
%{_sysconfdir}/pki/fwupd-metadata
%if 0%{?have_msr}
/usr/lib/modules-load.d/fwupd-msr.conf
%endif
%{_datadir}/dbus-1/system.d/org.freedesktop.fwupd.conf
%{_datadir}/bash-completion/completions/fwupdmgr
%{_datadir}/bash-completion/completions/fwupdtool
@ -314,14 +363,24 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy
%{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules
%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
%{_datadir}/man/man1/fwupdtool.1.gz
%{_datadir}/man/man1/fwupdagent.1.gz
%{_datadir}/man/man1/dfu-tool.1.gz
%{_datadir}/man/man1/fwupdmgr.1.gz
%dir %{_datadir}/dbxtool
%{_datadir}/dbxtool/DBXUpdate-20100307-x64.cab
%{_datadir}/dbxtool/DBXUpdate-20140413-x64.cab
%{_datadir}/dbxtool/DBXUpdate-20160809-x64.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-aa64.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-ia32.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-x64.cab
%{_mandir}/man1/fwupdtool.1*
%{_mandir}/man1/fwupdagent.1*
%{_mandir}/man1/dfu-tool.1*
%if 0%{?have_uefi}
%{_datadir}/man/man1/fwupdate.1.gz
%{_mandir}/man1/dbxtool.*
%endif
%{_datadir}/man/man1/jcat-tool.1*
%{_mandir}/man1/fwupdmgr.1*
%if 0%{?have_uefi}
%{_mandir}/man1/fwupdate.1*
%endif
%{_mandir}/man1/jcat-tool.1*
%{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml
%{_datadir}/icons/hicolor/scalable/apps/org.freedesktop.fwupd.svg
%{_datadir}/fwupd/firmware_packager.py
@ -346,12 +405,16 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
/usr/lib/udev/rules.d/*.rules
/usr/lib/systemd/system-shutdown/fwupd.shutdown
%dir %{_libdir}/fwupd-plugins-3
%{_libdir}/fwupd-plugins-3/libfu_plugin_acpi_dmar.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_acpi_facp.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_altos.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_amt.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ata.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_bcm57xx.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ccgx.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_colorhug.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_coreboot.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_cros_ec.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_csr.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_cpu.so
%if 0%{?have_dell}
@ -361,25 +424,28 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_libdir}/fwupd-plugins-3/libfu_plugin_dell_dock.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_dfu.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ebitdo.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_elantp.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_emmc.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ep963x.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_fastboot.so
%if 0%{?have_flashrom}
%{_libdir}/fwupd-plugins-3/libfu_plugin_flashrom.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_fresco_pd.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_hailuck.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_iommu.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_jabra.so
%if 0%{?have_modem_manager}
%{_libdir}/fwupd-plugins-3/libfu_plugin_modem_manager.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_linux_lockdown.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_linux_sleep.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_linux_swap.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_linux_tainted.so
%if 0%{?have_msr}
%{_libdir}/fwupd-plugins-3/libfu_plugin_msr.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_nitrokey.so
%if 0%{?have_uefi}
%{_libdir}/fwupd-plugins-3/libfu_plugin_nvme.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_optionrom.so
%if 0%{?have_redfish}
%{_libdir}/fwupd-plugins-3/libfu_plugin_pci_bcr.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_pci_mei.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_pixart_rf.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_redfish.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hid.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hub.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_solokey.so
@ -397,9 +463,10 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_thelio_io.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt_power.so
%if 0%{?have_uefi}
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_bios.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_capsule.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_dbx.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_recovery.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_logind.so
@ -408,10 +475,14 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_libdir}/fwupd-plugins-3/libfu_plugin_vli.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_raw.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_usb.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_goodixmoc.so
%ghost %{_localstatedir}/lib/fwupd/gnupg
%if 0%{?have_uefi}
%{_datadir}/locale/*/LC_IMAGES/fwupd*
%endif
%if 0%{?have_modem_manager}
%{_libdir}/fwupd-plugins-3/libfu_plugin_modem_manager.so
%endif
%files devel
%{_datadir}/gir-1.0/Fwupd-2.0.gir
@ -433,11 +504,31 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_datadir}/installed-tests/fwupd/*.test
%{_datadir}/installed-tests/fwupd/*.cab
%{_datadir}/installed-tests/fwupd/*.sh
%{_libexecdir}/installed-tests/fwupd/*
%dir %{_sysconfdir}/fwupd/remotes.d
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd-tests.conf
%endif
%changelog
* Wed Feb 10 2021 Richard Hughes <richard@hughsie.com> 1.5.5-3
- Backport a fix from upstream to fix a crash in the Goodix MOC plugin.
- Resolves: #1927091
* Tue Feb 09 2021 Richard Hughes <richard@hughsie.com> 1.5.5-2
- Do not invalidate all remote timestamps during package install to fix rpm -V.
- Backport some important high priority fixes from upstream.
- Resolves: #1926382
* Mon Jan 11 2021 Richard Hughes <richard@hughsie.com> 1.5.5-1
- Rebase package to include support for latest OEM hardware and to
support deploying UEFI SecureBoot dbx updates.
- Resolves: #1870811
* Wed Dec 16 2020 Richard Hughes <richard@hughsie.com> 1.5.4-1
- Rebase package to include support for latest OEM hardware and to
support deploying UEFI SecureBoot dbx updates.
- Resolves: #1870811
* Fri Jul 24 2020 Peter Jones <pjones@redhat.com> - 1.4.2-4
- Add signing with redhatsecureboot503 cert
Related: CVE-2020-10713