import fwupd-1.5.5-1.el8

This commit is contained in:
CentOS Sources 2021-01-12 06:12:25 +00:00 committed by Andrew Lukoshko
parent a1b92a51da
commit 96e2e21eb5
6 changed files with 167 additions and 208 deletions

View File

@ -1,2 +1,8 @@
c152547682cb354b69e4e1a89b53369dd42f3e53 SOURCES/fwupd-1.4.2.tar.xz b2620c36bd23ca699567fd4e4add039ee4375247 SOURCES/DBXUpdate-20100307-x64.cab
6991b6879b438a4672e97c534d10737bc54e6f39 SOURCES/libjcat-0.1.2.tar.xz dfdb1d0d42c1563ca63bd45c7e2ddc48cbfc5023 SOURCES/DBXUpdate-20140413-x64.cab
a5f73c606abb93bf61625e4628d27a2cd460f162 SOURCES/DBXUpdate-20160809-x64.cab
b5b2dc87daca1d3f8081a323290432c141aa405d SOURCES/DBXUpdate-20200729-aa64.cab
3fb407561768a3a2f5fb49d7738b5e0650e70810 SOURCES/DBXUpdate-20200729-ia32.cab
89db93c9d9d20f81791a262e817b99d8882c8bb0 SOURCES/DBXUpdate-20200729-x64.cab
acaf6614e6a7af7014c1697b7c440ef0c394a2f6 SOURCES/fwupd-1.5.5.tar.xz
e01a97b6d16a188a43cb25caa42cdf9771803531 SOURCES/libjcat-0.1.5.tar.xz

10
.gitignore vendored
View File

@ -1,2 +1,8 @@
SOURCES/fwupd-1.4.2.tar.xz SOURCES/DBXUpdate-20100307-x64.cab
SOURCES/libjcat-0.1.2.tar.xz SOURCES/DBXUpdate-20140413-x64.cab
SOURCES/DBXUpdate-20160809-x64.cab
SOURCES/DBXUpdate-20200729-aa64.cab
SOURCES/DBXUpdate-20200729-ia32.cab
SOURCES/DBXUpdate-20200729-x64.cab
SOURCES/fwupd-1.5.5.tar.xz
SOURCES/libjcat-0.1.5.tar.xz

View File

@ -1,114 +0,0 @@
From 839b89f45a38b2373bf5836337a33f450aaab72e Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Thu, 28 May 2020 10:41:23 +0100
Subject: [PATCH] Validate that gpgme_op_verify_result() returned at least one
signature
If a detached signature is actually a PGP message, gpgme_op_verify() returns
the rather perplexing GPG_ERR_NO_ERROR, and then gpgme_op_verify_result()
builds an empty list.
Explicitly check for no signatures present to avoid returning a JcatResult with
no timestamp and an empty authority.
Many thanks to Justin Steven <justin@justinsteven.com> for the discovery and
coordinated disclosure of this issue. Fixes CVE-2020-10759
---
libjcat/jcat-gpg-engine.c | 7 +++++
libjcat/jcat-self-test.c | 55 +++++++++++++++++++++++++++++++++++++++
2 files changed, 62 insertions(+)
diff --git libjcat/jcat-gpg-engine.c libjcat/jcat-gpg-engine.c
index 0812a62..bd44dba 100644
--- libjcat/jcat-gpg-engine.c
+++ libjcat/jcat-gpg-engine.c
@@ -267,6 +267,13 @@ jcat_gpg_engine_pubkey_verify (JcatEngine *engine,
"no result record from libgpgme");
return NULL;
}
+ if (result->signatures == NULL) {
+ g_set_error_literal (error,
+ G_IO_ERROR,
+ G_IO_ERROR_FAILED,
+ "no signatures from libgpgme");
+ return NULL;
+ }
/* look at each signature */
for (s = result->signatures; s != NULL ; s = s->next ) {
diff --git libjcat/jcat-self-test.c libjcat/jcat-self-test.c
index d79a3a9..fd4295e 100644
--- libjcat/jcat-self-test.c
+++ libjcat/jcat-self-test.c
@@ -393,6 +393,60 @@ jcat_gpg_engine_func (void)
#endif
}
+static void
+jcat_gpg_engine_msg_func (void)
+{
+#ifdef ENABLE_GPG
+ g_autofree gchar *fn = NULL;
+ g_autofree gchar *pki_dir = NULL;
+ g_autoptr(GBytes) data = NULL;
+ g_autoptr(GBytes) data_sig = NULL;
+ g_autoptr(GError) error = NULL;
+ g_autoptr(JcatContext) context = jcat_context_new ();
+ g_autoptr(JcatEngine) engine = NULL;
+ g_autoptr(JcatResult) result = NULL;
+ const gchar *sig =
+ "-----BEGIN PGP MESSAGE-----\n"
+ "owGbwMvMwMEovmZX76/pfOKMp0WSGOLOX3/ikZqTk6+jUJ5flJOiyNXJaMzCwMjB\n"
+ "ICumyCJmt5VRUil28/1+z1cwbaxMID0MXJwCMJG4RxwMLUYXDkUad34I3vrT8+X2\n"
+ "m+ZyHyMWnTiQYaQb/eLJGqbiAJc5Jr4a/PPqHNi7auwzGsKsljebabjtnJRzpDr0\n"
+ "YvwrnmmWLJUnTzjM3MH5Kn+RzqXkywsYdk9yD2OUdLy736CiemFMdcuF02lOZvPU\n"
+ "HaTKl76wW62QH8Lr8yGMQ1Xgc6nC2ZwUhvctky7NOZtc1T477uBTL81p31ZmaIUJ\n"
+ "paS8uWZl8UzX5sFsqQi37G1TbDc8Cm+oU/yRkFj2pLBzw367ncsa4n7EqEWu1yrN\n"
+ "yD39LUeErePdqfKCG+xhL6WkWt5ZJ/6//XnjouXhl5Z4tWspT49MtNp5d3aDQ43c\n"
+ "mnbresn6A7KMZgdOiwIA\n"
+ "=a9ui\n"
+ "-----END PGP MESSAGE-----\n";
+
+ /* set up context */
+ jcat_context_set_keyring_path (context, "/tmp/libjcat-self-test/var");
+ pki_dir = g_test_build_filename (G_TEST_DIST, "pki", NULL);
+ jcat_context_add_public_keys (context, pki_dir);
+
+ /* get engine */
+ engine = jcat_context_get_engine (context, JCAT_BLOB_KIND_GPG, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (engine);
+ g_assert_cmpint (jcat_engine_get_kind (engine), ==, JCAT_BLOB_KIND_GPG);
+ g_assert_cmpint (jcat_engine_get_verify_kind (engine), ==, JCAT_ENGINE_VERIFY_KIND_SIGNATURE);
+
+ /* verify with GnuPG, which should fail as the signature is not a
+ * detached signature at all, but gnupg stabs us in the back by returning
+ * success from gpgme_op_verify() with an empty list of signatures */
+ fn = g_test_build_filename (G_TEST_DIST, "colorhug", "firmware.bin", NULL);
+ data = jcat_get_contents_bytes (fn, &error);
+ g_assert_no_error (error);
+ g_assert_nonnull (data);
+ data_sig = g_bytes_new_static (sig, strlen (sig));
+ result = jcat_engine_pubkey_verify (engine, data, data_sig,
+ JCAT_VERIFY_FLAG_NONE, &error);
+ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_FAILED);
+ g_assert_null (result);
+#else
+ g_test_skip ("no GnuPG support enabled");
+#endif
+}
+
static void
jcat_pkcs7_engine_func (void)
{
@@ -753,6 +807,7 @@ main (int argc, char **argv)
g_test_add_func ("/jcat/engine{sha1}", jcat_sha1_engine_func);
g_test_add_func ("/jcat/engine{sha256}", jcat_sha256_engine_func);
g_test_add_func ("/jcat/engine{gpg}", jcat_gpg_engine_func);
+ g_test_add_func ("/jcat/engine{gpg-msg}", jcat_gpg_engine_msg_func);
g_test_add_func ("/jcat/engine{pkcs7}", jcat_pkcs7_engine_func);
g_test_add_func ("/jcat/engine{pkcs7-self-signed}", jcat_pkcs7_engine_self_signed_func);
g_test_add_func ("/jcat/context{verify-blob}", jcat_context_verify_blob_func);
--
2.26.2

View File

@ -1,32 +0,0 @@
From d7a1eb17bef650f13e7f96430f99294c36a40806 Mon Sep 17 00:00:00 2001
From: Vincent Huang <vincent.huang@tw.synaptics.com>
Date: Tue, 19 May 2020 13:09:28 +0800
Subject: [PATCH] synaptics-prometheus: Force the minor version from 0x02 to
0x01 to make sure the devices can be updated back to 0x01.
---
plugins/synaptics-prometheus/fu-synaprom-device.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git plugins/synaptics-prometheus/fu-synaprom-device.c plugins/synaptics-prometheus/fu-synaprom-device.c
index 5a19203c..299ebde2 100644
--- a/plugins/synaptics-prometheus/fu-synaprom-device.c
+++ b/plugins/synaptics-prometheus/fu-synaprom-device.c
@@ -142,6 +142,14 @@ fu_synaprom_device_set_version (FuSynapromDevice *self,
{
g_autofree gchar *str = NULL;
+ /* We decide to skip 10.02.xxxxxx firmware, so we force the minor version from 0x02
+ ** to 0x01 to make the devices with 0x02 minor version firmware allow to be updated
+ ** back to minor version 0x01. */
+ if (vmajor == 0x0a && vminor == 0x02) {
+ g_debug ("quirking vminor from %02x to 01", vminor);
+ vminor = 0x01;
+ }
+
/* set display version */
str = g_strdup_printf ("%02u.%02u.%u", vmajor, vminor, buildnum);
fu_device_set_version (FU_DEVICE (self), str);
--
2.26.2

39
SOURCES/deps.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git meson.build meson.build
index 02a93f57..93f77e62 100644
--- meson.build
+++ meson.build
@@ -206,7 +206,7 @@ else
gudev = dependency('', required : false)
endif
libxmlb = dependency('xmlb', version : '>= 0.1.13', fallback : ['libxmlb', 'libxmlb_dep'])
-gusb = dependency('gusb', version : '>= 0.3.5', fallback : ['gusb', 'gusb_dep'])
+gusb = dependency('gusb', version : '>= 0.3.0', fallback : ['gusb', 'gusb_dep'])
sqlite = dependency('sqlite3')
libarchive = dependency('libarchive')
endif
diff --git plugins/cros-ec/fu-cros-ec-usb-device.c plugins/cros-ec/fu-cros-ec-usb-device.c
index 5bf6f7e1..79a29b2d 100644
--- plugins/cros-ec/fu-cros-ec-usb-device.c
+++ plugins/cros-ec/fu-cros-ec-usb-device.c
@@ -109,6 +109,7 @@ static gboolean
fu_cros_ec_usb_device_find_interface (FuUsbDevice *device,
GError **error)
{
+#if G_USB_CHECK_VERSION(0,3,3)
GUsbDevice *usb_device = fu_usb_device_get_dev (device);
FuCrosEcUsbDevice *self = FU_CROS_EC_USB_DEVICE (device);
g_autoptr(GPtrArray) intfs = NULL;
@@ -142,6 +143,13 @@ fu_cros_ec_usb_device_find_interface (FuUsbDevice *device,
FWUPD_ERROR_NOT_FOUND,
"no update interface found");
return FALSE;
+#else
+ g_set_error_literal (error,
+ FWUPD_ERROR,
+ FWUPD_ERROR_NOT_SUPPORTED,
+ "this version of GUsb is not supported");
+ return FALSE;
+#endif
}
static gboolean

View File

@ -1,12 +1,20 @@
%global glib2_version 2.45.8 %global glib2_version 2.45.8
%global libxmlb_version 0.1.3 %global libxmlb_version 0.1.3
%global libgusb_version 0.2.11 %global libgusb_version 0.2.11
%global libsoup_version 2.51.92 %global libcurl_version 7.61.0
%global systemd_version 231 %global systemd_version 231
%global json_glib_version 1.1.1 %global json_glib_version 1.1.1
%global __meson_wrap_mode default %global __meson_wrap_mode default
# although we ship a few tiny python files these are utilities that 99.99%
# of users do not need -- use this to avoid dragging python onto CoreOS
%global __requires_exclude ^%{python3}$
# PPC64 is too slow to complete the tests under 3 minutes...
%ifnarch ppc64le
%global enable_tests 1 %global enable_tests 1
%endif
%global enable_dummy 1 %global enable_dummy 1
# fwupd.efi is only available on these arches # fwupd.efi is only available on these arches
@ -14,9 +22,8 @@
%global have_uefi 1 %global have_uefi 1
%endif %endif
# redfish is only available on this arch %ifarch i686 x86_64
%ifarch x86_64 %global have_msr 1
%global have_redfish 1
%endif %endif
# libsmbios is only available on x86 # libsmbios is only available on x86
@ -31,12 +38,19 @@
Summary: Firmware update daemon Summary: Firmware update daemon
Name: fwupd Name: fwupd
Version: 1.4.2 Version: 1.5.5
Release: 4%{?dist} Release: 1%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/fwupd/fwupd URL: https://github.com/fwupd/fwupd
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
Source1: http://people.freedesktop.org/~hughsient/releases/libjcat-0.1.2.tar.xz Source1: http://people.freedesktop.org/~hughsient/releases/libjcat-0.1.5.tar.xz
Source10: http://people.redhat.com/rhughes/dbx/DBXUpdate-20100307-x64.cab
Source11: http://people.redhat.com/rhughes/dbx/DBXUpdate-20140413-x64.cab
Source12: http://people.redhat.com/rhughes/dbx/DBXUpdate-20160809-x64.cab
Source13: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab
Source14: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab
Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab
# these are numbered high just to keep them wildly away from colliding with # these are numbered high just to keep them wildly away from colliding with
# the real package sources, in order to reduce churn. # the real package sources, in order to reduce churn.
@ -45,9 +59,8 @@ Source301: redhatsecureboot301.cer
Source500: redhatsecurebootca5.cer Source500: redhatsecurebootca5.cer
Source503: redhatsecureboot503.cer Source503: redhatsecureboot503.cer
Patch1: 0001-synaptics-prometheus-Force-the-minor-version-from-0x.patch
Patch2: 0001-Do-not-use-the-LVFS.patch Patch2: 0001-Do-not-use-the-LVFS.patch
Patch3: 0001-Validate-that-gpgme_op_verify_result-returned-at-lea.patch Patch4: deps.patch
BuildRequires: efi-srpm-macros BuildRequires: efi-srpm-macros
BuildRequires: gettext BuildRequires: gettext
@ -56,11 +69,12 @@ BuildRequires: libxmlb-devel >= %{libxmlb_version}
BuildRequires: libgcab1-devel BuildRequires: libgcab1-devel
BuildRequires: libgudev1-devel BuildRequires: libgudev1-devel
BuildRequires: libgusb-devel >= %{libgusb_version} BuildRequires: libgusb-devel >= %{libgusb_version}
BuildRequires: libsoup-devel >= %{libsoup_version} BuildRequires: libcurl-devel >= %{libcurl_version}
BuildRequires: polkit-devel >= 0.103 BuildRequires: polkit-devel >= 0.103
BuildRequires: sqlite-devel BuildRequires: sqlite-devel
BuildRequires: gpgme-devel BuildRequires: gpgme-devel
BuildRequires: systemd >= %{systemd_version} BuildRequires: systemd >= %{systemd_version}
BuildRequires: systemd-devel
BuildRequires: libarchive-devel BuildRequires: libarchive-devel
BuildRequires: gobject-introspection-devel BuildRequires: gobject-introspection-devel
BuildRequires: gcab BuildRequires: gcab
@ -79,19 +93,12 @@ BuildRequires: vala
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: git-core BuildRequires: git-core
%if 0%{?have_flashrom}
BuildRequires: flashrom-devel >= 1.2-2
%endif
%if 0%{?have_modem_manager} %if 0%{?have_modem_manager}
BuildRequires: ModemManager-glib-devel >= 1.10.0 BuildRequires: ModemManager-glib-devel >= 1.10.0
BuildRequires: libqmi-devel >= 1.22.0 BuildRequires: libqmi-devel >= 1.22.0
%endif %endif
%if 0%{?have_redfish}
BuildRequires: efivar-devel >= 33
%endif
%if 0%{?have_uefi} %if 0%{?have_uefi}
BuildRequires: efivar-devel >= 33 BuildRequires: efivar-devel >= 33
BuildRequires: python3 python3-cairo python3-gobject python3-pillow BuildRequires: python3 python3-cairo python3-gobject python3-pillow
@ -116,7 +123,6 @@ Requires(postun): systemd
Requires: glib2%{?_isa} >= %{glib2_version} Requires: glib2%{?_isa} >= %{glib2_version}
Requires: libxmlb%{?_isa} >= %{libxmlb_version} Requires: libxmlb%{?_isa} >= %{libxmlb_version}
Requires: libgusb%{?_isa} >= %{libgusb_version} Requires: libgusb%{?_isa} >= %{libgusb_version}
Requires: libsoup%{?_isa} >= %{libsoup_version}
Requires: bubblewrap Requires: bubblewrap
Requires: shared-mime-info Requires: shared-mime-info
@ -124,7 +130,13 @@ Obsoletes: fwupd-sign < 0.1.6
Obsoletes: libebitdo < 0.7.5-3 Obsoletes: libebitdo < 0.7.5-3
Obsoletes: libdfu < 1.0.0 Obsoletes: libdfu < 1.0.0
Obsoletes: fwupd-labels < 1.1.0-1 Obsoletes: fwupd-labels < 1.1.0-1
Obsoletes: fwupdate Obsoletes: fwupdate < 13
Obsoletes: dbxtool < 9
Provides: dbxtool
# optional, but a really good idea
Recommends: udisks2
%description %description
fwupd is a daemon to allow session software to update device firmware. fwupd is a daemon to allow session software to update device firmware.
@ -147,15 +159,11 @@ Data files for installed tests.
%prep %prep
%setup -q %setup -q
%patch2 -p1 -b .lvfs-disabled %patch2 -p1 -b .lvfs-disabled
%patch4 -p0 -b .deps
mkdir -p subprojects/libjcat mkdir -p subprojects/libjcat
tar xfvs %{SOURCE1} -C subprojects/libjcat --strip-components=1 tar xfvs %{SOURCE1} -C subprojects/libjcat --strip-components=1
# apply patch to subproject
cd subprojects/libjcat
%patch3 -p0 -b .gpgme-parsing
cd -
sed -ri '1s=^#!/usr/bin/(env )?python3=#!%{__python3}=' \ sed -ri '1s=^#!/usr/bin/(env )?python3=#!%{__python3}=' \
contrib/ci/*.py \ contrib/ci/*.py \
contrib/firmware_packager/*.py \ contrib/firmware_packager/*.py \
@ -176,7 +184,7 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%meson \ %meson \
-Dgtkdoc=true \ -Dgtkdoc=true \
-Defi_os_dir=%{efi_vendor} \ -Defi_os_dir=%{efi_vendor} \
-Dplugin_tpm=false \ -Dsupported_build=true \
-Dlibjcat:gtkdoc=false \ -Dlibjcat:gtkdoc=false \
-Dlibjcat:introspection=false \ -Dlibjcat:introspection=false \
-Dlibjcat:tests=false \ -Dlibjcat:tests=false \
@ -190,23 +198,21 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%else %else
-Dplugin_dummy=false \ -Dplugin_dummy=false \
%endif %endif
%if 0%{?have_flashrom}
-Dplugin_flashrom=true \
%else
-Dplugin_flashrom=false \ -Dplugin_flashrom=false \
%if 0%{?have_msr}
-Dplugin_msr=true \
%else
-Dplugin_msr=false \
%endif %endif
-Dplugin_thunderbolt=true \ -Dplugin_thunderbolt=true \
%if 0%{?have_redfish}
-Dplugin_redfish=true \
%else
-Dplugin_redfish=false \
%endif
%if 0%{?have_uefi} %if 0%{?have_uefi}
-Dplugin_uefi=true \ -Dplugin_uefi_capsule=true \
-Dplugin_nvme=true \ -Dplugin_uefi_pk=false \
-Dtpm=false \
%else %else
-Dplugin_uefi=false \ -Dplugin_uefi_capsule=false \
-Dplugin_nvme=false \ -Dplugin_uefi_pk=false \
-Dtpm=false \
%endif %endif
%if 0%{?have_dell} %if 0%{?have_dell}
-Dplugin_dell=true \ -Dplugin_dell=true \
@ -232,6 +238,10 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%install %install
%meson_install %meson_install
# on RHEL the LVFS is disabled by default
mkdir -p %{buildroot}/%{_datadir}/dbxtool
install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{buildroot}/%{_datadir}/dbxtool
# sign fwupd.efi loader # sign fwupd.efi loader
%if 0%{?have_uefi} %if 0%{?have_uefi}
%ifarch x86_64 %ifarch x86_64
@ -256,6 +266,11 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%post %post
%systemd_post fwupd.service %systemd_post fwupd.service
# change vendor-installed remotes to use the default keyring type
for fn in /etc/fwupd/remotes.d/*.conf;
do sed -i 's/Keyring=gpg/#Keyring=pkcs/g' "$fn";
done
%preun %preun
%systemd_preun fwupd.service %systemd_preun fwupd.service
@ -266,18 +281,18 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%files -f %{name}.lang %files -f %{name}.lang
%doc README.md AUTHORS %doc README.md AUTHORS
%license COPYING %license COPYING
%config(noreplace)%{_sysconfdir}/fwupd/ata.conf
%config(noreplace)%{_sysconfdir}/fwupd/daemon.conf %config(noreplace)%{_sysconfdir}/fwupd/daemon.conf
%config(noreplace)%{_sysconfdir}/fwupd/upower.conf %config(noreplace)%{_sysconfdir}/fwupd/upower.conf
%if 0%{?have_uefi} %if 0%{?have_uefi}
%config(noreplace)%{_sysconfdir}/fwupd/uefi.conf %config(noreplace)%{_sysconfdir}/fwupd/uefi_capsule.conf
%endif %endif
%if 0%{?have_redfish}
%config(noreplace)%{_sysconfdir}/fwupd/redfish.conf %config(noreplace)%{_sysconfdir}/fwupd/redfish.conf
%endif
%config(noreplace)%{_sysconfdir}/fwupd/thunderbolt.conf %config(noreplace)%{_sysconfdir}/fwupd/thunderbolt.conf
%dir %{_libexecdir}/fwupd %dir %{_libexecdir}/fwupd
%{_libexecdir}/fwupd/fwupd %{_libexecdir}/fwupd/fwupd
%ifarch i686 x86_64
%{_libexecdir}/fwupd/fwupd-detect-cet
%endif
%{_libexecdir}/fwupd/fwupdoffline %{_libexecdir}/fwupd/fwupdoffline
%if 0%{?have_uefi} %if 0%{?have_uefi}
%{_libexecdir}/fwupd/efi/*.efi %{_libexecdir}/fwupd/efi/*.efi
@ -285,6 +300,9 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_bindir}/fwupdate %{_bindir}/fwupdate
%endif %endif
%{_bindir}/dfu-tool %{_bindir}/dfu-tool
%if 0%{?have_uefi}
%{_bindir}/dbxtool
%endif
%{_bindir}/fwupdmgr %{_bindir}/fwupdmgr
%{_bindir}/fwupdtool %{_bindir}/fwupdtool
%{_bindir}/fwupdagent %{_bindir}/fwupdagent
@ -300,6 +318,9 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor-directory.conf %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/vendor-directory.conf
%config(noreplace)%{_sysconfdir}/pki/fwupd %config(noreplace)%{_sysconfdir}/pki/fwupd
%{_sysconfdir}/pki/fwupd-metadata %{_sysconfdir}/pki/fwupd-metadata
%if 0%{?have_msr}
/usr/lib/modules-load.d/fwupd-msr.conf
%endif
%{_datadir}/dbus-1/system.d/org.freedesktop.fwupd.conf %{_datadir}/dbus-1/system.d/org.freedesktop.fwupd.conf
%{_datadir}/bash-completion/completions/fwupdmgr %{_datadir}/bash-completion/completions/fwupdmgr
%{_datadir}/bash-completion/completions/fwupdtool %{_datadir}/bash-completion/completions/fwupdtool
@ -314,14 +335,24 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy %{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy
%{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules %{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules
%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service %{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
%{_datadir}/man/man1/fwupdtool.1.gz %dir %{_datadir}/dbxtool
%{_datadir}/man/man1/fwupdagent.1.gz %{_datadir}/dbxtool/DBXUpdate-20100307-x64.cab
%{_datadir}/man/man1/dfu-tool.1.gz %{_datadir}/dbxtool/DBXUpdate-20140413-x64.cab
%{_datadir}/man/man1/fwupdmgr.1.gz %{_datadir}/dbxtool/DBXUpdate-20160809-x64.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-aa64.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-ia32.cab
%{_datadir}/dbxtool/DBXUpdate-20200729-x64.cab
%{_mandir}/man1/fwupdtool.1*
%{_mandir}/man1/fwupdagent.1*
%{_mandir}/man1/dfu-tool.1*
%if 0%{?have_uefi} %if 0%{?have_uefi}
%{_datadir}/man/man1/fwupdate.1.gz %{_mandir}/man1/dbxtool.*
%endif %endif
%{_datadir}/man/man1/jcat-tool.1* %{_mandir}/man1/fwupdmgr.1*
%if 0%{?have_uefi}
%{_mandir}/man1/fwupdate.1*
%endif
%{_mandir}/man1/jcat-tool.1*
%{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml %{_datadir}/metainfo/org.freedesktop.fwupd.metainfo.xml
%{_datadir}/icons/hicolor/scalable/apps/org.freedesktop.fwupd.svg %{_datadir}/icons/hicolor/scalable/apps/org.freedesktop.fwupd.svg
%{_datadir}/fwupd/firmware_packager.py %{_datadir}/fwupd/firmware_packager.py
@ -346,12 +377,16 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
/usr/lib/udev/rules.d/*.rules /usr/lib/udev/rules.d/*.rules
/usr/lib/systemd/system-shutdown/fwupd.shutdown /usr/lib/systemd/system-shutdown/fwupd.shutdown
%dir %{_libdir}/fwupd-plugins-3 %dir %{_libdir}/fwupd-plugins-3
%{_libdir}/fwupd-plugins-3/libfu_plugin_acpi_dmar.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_acpi_facp.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_altos.so %{_libdir}/fwupd-plugins-3/libfu_plugin_altos.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_amt.so %{_libdir}/fwupd-plugins-3/libfu_plugin_amt.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ata.so %{_libdir}/fwupd-plugins-3/libfu_plugin_ata.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_bcm57xx.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ccgx.so %{_libdir}/fwupd-plugins-3/libfu_plugin_ccgx.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_colorhug.so %{_libdir}/fwupd-plugins-3/libfu_plugin_colorhug.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_coreboot.so %{_libdir}/fwupd-plugins-3/libfu_plugin_coreboot.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_cros_ec.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_csr.so %{_libdir}/fwupd-plugins-3/libfu_plugin_csr.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_cpu.so %{_libdir}/fwupd-plugins-3/libfu_plugin_cpu.so
%if 0%{?have_dell} %if 0%{?have_dell}
@ -361,25 +396,28 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_libdir}/fwupd-plugins-3/libfu_plugin_dell_dock.so %{_libdir}/fwupd-plugins-3/libfu_plugin_dell_dock.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_dfu.so %{_libdir}/fwupd-plugins-3/libfu_plugin_dfu.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ebitdo.so %{_libdir}/fwupd-plugins-3/libfu_plugin_ebitdo.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_elantp.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_emmc.so %{_libdir}/fwupd-plugins-3/libfu_plugin_emmc.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_ep963x.so %{_libdir}/fwupd-plugins-3/libfu_plugin_ep963x.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_fastboot.so %{_libdir}/fwupd-plugins-3/libfu_plugin_fastboot.so
%if 0%{?have_flashrom}
%{_libdir}/fwupd-plugins-3/libfu_plugin_flashrom.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_fresco_pd.so %{_libdir}/fwupd-plugins-3/libfu_plugin_fresco_pd.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_hailuck.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_iommu.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_jabra.so %{_libdir}/fwupd-plugins-3/libfu_plugin_jabra.so
%if 0%{?have_modem_manager} %{_libdir}/fwupd-plugins-3/libfu_plugin_linux_lockdown.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_modem_manager.so %{_libdir}/fwupd-plugins-3/libfu_plugin_linux_sleep.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_linux_swap.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_linux_tainted.so
%if 0%{?have_msr}
%{_libdir}/fwupd-plugins-3/libfu_plugin_msr.so
%endif %endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_nitrokey.so %{_libdir}/fwupd-plugins-3/libfu_plugin_nitrokey.so
%if 0%{?have_uefi}
%{_libdir}/fwupd-plugins-3/libfu_plugin_nvme.so %{_libdir}/fwupd-plugins-3/libfu_plugin_nvme.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_optionrom.so %{_libdir}/fwupd-plugins-3/libfu_plugin_optionrom.so
%if 0%{?have_redfish} %{_libdir}/fwupd-plugins-3/libfu_plugin_pci_bcr.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_pci_mei.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_pixart_rf.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_redfish.so %{_libdir}/fwupd-plugins-3/libfu_plugin_redfish.so
%endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hid.so %{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hid.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hub.so %{_libdir}/fwupd-plugins-3/libfu_plugin_rts54hub.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_solokey.so %{_libdir}/fwupd-plugins-3/libfu_plugin_solokey.so
@ -397,9 +435,10 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%endif %endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_thelio_io.so %{_libdir}/fwupd-plugins-3/libfu_plugin_thelio_io.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt.so %{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_thunderbolt_power.so
%if 0%{?have_uefi} %if 0%{?have_uefi}
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi.so %{_libdir}/fwupd-plugins-3/libfu_plugin_bios.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_capsule.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_dbx.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_recovery.so %{_libdir}/fwupd-plugins-3/libfu_plugin_uefi_recovery.so
%endif %endif
%{_libdir}/fwupd-plugins-3/libfu_plugin_logind.so %{_libdir}/fwupd-plugins-3/libfu_plugin_logind.so
@ -408,10 +447,14 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_libdir}/fwupd-plugins-3/libfu_plugin_vli.so %{_libdir}/fwupd-plugins-3/libfu_plugin_vli.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_raw.so %{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_raw.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_usb.so %{_libdir}/fwupd-plugins-3/libfu_plugin_wacom_usb.so
%{_libdir}/fwupd-plugins-3/libfu_plugin_goodixmoc.so
%ghost %{_localstatedir}/lib/fwupd/gnupg %ghost %{_localstatedir}/lib/fwupd/gnupg
%if 0%{?have_uefi} %if 0%{?have_uefi}
%{_datadir}/locale/*/LC_IMAGES/fwupd* %{_datadir}/locale/*/LC_IMAGES/fwupd*
%endif %endif
%if 0%{?have_modem_manager}
%{_libdir}/fwupd-plugins-3/libfu_plugin_modem_manager.so
%endif
%files devel %files devel
%{_datadir}/gir-1.0/Fwupd-2.0.gir %{_datadir}/gir-1.0/Fwupd-2.0.gir
@ -433,11 +476,22 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd
%{_datadir}/installed-tests/fwupd/*.test %{_datadir}/installed-tests/fwupd/*.test
%{_datadir}/installed-tests/fwupd/*.cab %{_datadir}/installed-tests/fwupd/*.cab
%{_datadir}/installed-tests/fwupd/*.sh %{_datadir}/installed-tests/fwupd/*.sh
%{_libexecdir}/installed-tests/fwupd/*
%dir %{_sysconfdir}/fwupd/remotes.d %dir %{_sysconfdir}/fwupd/remotes.d
%config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd-tests.conf %config(noreplace)%{_sysconfdir}/fwupd/remotes.d/fwupd-tests.conf
%endif %endif
%changelog %changelog
* Mon Jan 11 2021 Richard Hughes <richard@hughsie.com> 1.5.5-1
- Rebase package to include support for latest OEM hardware and to
support deploying UEFI SecureBoot dbx updates.
- Resolves: #1870811
* Wed Dec 16 2020 Richard Hughes <richard@hughsie.com> 1.5.4-1
- Rebase package to include support for latest OEM hardware and to
support deploying UEFI SecureBoot dbx updates.
- Resolves: #1870811
* Fri Jul 24 2020 Peter Jones <pjones@redhat.com> - 1.4.2-4 * Fri Jul 24 2020 Peter Jones <pjones@redhat.com> - 1.4.2-4
- Add signing with redhatsecureboot503 cert - Add signing with redhatsecureboot503 cert
Related: CVE-2020-10713 Related: CVE-2020-10713