!28 Upgrade to 1.5.8

From: @starlet-dx Reviewed-by: @gitee-cmd Signed-off-by: @gitee-cmd
2022-11-01 01:58:55 +00:00 · 2022-11-01 01:58:55 +00:00 · 81b292dc39
commit 81b292dc39
parent 4b15a49dd0 6aa703f40a
7 changed files with 31 additions and 214 deletions
--- a/0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
+++ b/0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
@ -1,86 +0,0 @@
-From b4627629cdaadd1a75d7c650b7c5973fcd18dfb0 Mon Sep 17 00:00:00 2001
-From: Richard Hughes <richard@hughsie.com>
-Date: Thu, 1 Aug 2019 09:45:25 +0100
-Subject: [PATCH] Relax the certificate time checks in the self tests for the
- legacy certificate
-
-One test verifies a firmware with a signature from the old LVFS which was
-hosted on secure-lvfs.rhcloud.com and used the original PKCS-7 key. This key
-had a two year validity (expiring today, ohh the naivety...) rather than the
-newer fwupd.org key which expires in the year 2058.
-
-For this specific test only, disable the certificate time checks to fix CI.
-
-Fixes https://github.com/hughsie/fwupd/issues/1264
---
- src/fu-keyring-pkcs7.c | 10 +++++++++-
- src/fu-keyring.h       |  6 ++++--
- src/fu-self-test.c     |  3 ++-
- 3 files changed, 15 insertions(+), 4 deletions(-)
-
-diff --git a/src/fu-keyring-pkcs7.c b/src/fu-keyring-pkcs7.c
-index 6dc944ed..a42feaa7 100644
--- a/src/fu-keyring-pkcs7.c
-+++ b/src/fu-keyring-pkcs7.c
-@@ -642,6 +642,14 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
- 	for (gint i = 0; i < count; i++) {
- 		gnutls_pkcs7_signature_info_st info;
- 		gint64 signing_time = 0;
-+		gnutls_certificate_verify_flags verify_flags = 0;
-+
-+		/* use with care */
-+		if (flags & FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS) {
-+			g_debug ("WARNING: disabling time checks");
-+			verify_flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
-+			verify_flags |= GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS;
-+		}
- 
- 		/* verify the data against the detached signature */
- 		if (flags & FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT) {
-@@ -652,7 +660,7 @@ fu_keyring_pkcs7_verify_data (FuKeyring *keyring,
- 						  0,    /* vdata_size */
- 						  i,    /* index */
- 						  &datum, /* data */
-						  0);   /* flags */
-+						  verify_flags);
- 		}
- 		if (rc < 0) {
- 			g_set_error (error,
-diff --git a/src/fu-keyring.h b/src/fu-keyring.h
-index 39819ca4..2f20e35e 100644
--- a/src/fu-keyring.h
-+++ b/src/fu-keyring.h
-@@ -20,12 +20,14 @@ G_DECLARE_DERIVABLE_TYPE (FuKeyring, fu_keyring, FU, KEYRING, GObject)
-  * FuKeyringVerifyFlags:
-  * @FU_KEYRING_VERIFY_FLAG_NONE:		No flags set
-  * @FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT:	Use client certificate to verify
-+ * @FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS:	Disable checking of validity periods
-  *
-  * The flags to use when interacting with a keyring
-  **/
- typedef enum {
-	FU_KEYRING_VERIFY_FLAG_NONE		= 0,
-	FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT	= 1 << 1,
-+	FU_KEYRING_VERIFY_FLAG_NONE			= 0,
-+	FU_KEYRING_VERIFY_FLAG_USE_CLIENT_CERT		= 1 << 1,
-+	FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS	= 1 << 2,
- 	/*< private >*/
- 	FU_KEYRING_VERIFY_FLAG_LAST
- } FuKeyringVerifyFlags;
-diff --git a/src/fu-self-test.c b/src/fu-self-test.c
-index 363f644e..24b12110 100644
--- a/src/fu-self-test.c
-+++ b/src/fu-self-test.c
-@@ -2628,7 +2628,8 @@ fu_keyring_pkcs7_func (void)
- 	g_assert_no_error (error);
- 	g_assert_nonnull (blob_sig);
- 	result_pass = fu_keyring_verify_data (keyring, blob_pass, blob_sig,
-					      FU_KEYRING_VERIFY_FLAG_NONE, &error);
-+					      FU_KEYRING_VERIFY_FLAG_DISABLE_TIME_CHECKS,
-+					      &error);
- 	g_assert_no_error (error);
- 	g_assert_nonnull (result_pass);
- 	g_assert_cmpint (fu_keyring_result_get_timestamp (result_pass), >= , 1502871248);
-- 
-2.19.1
-
--- a/0002-Compilation-failure-due-to-assertion-error.patch
+++ b/0002-Compilation-failure-due-to-assertion-error.patch
@ -1,35 +0,0 @@
-diff -Naru fwupd-1.2.9/src/fu-self-test.c fwupd-1.2.9-new/src/fu-self-test.c
--- fwupd-1.2.9/src/fu-self-test.c	2019-05-20 18:18:00.000000000 +0800
-+++ fwupd-1.2.9-new/src/fu-self-test.c	2022-07-25 11:22:05.787729000 +0800
-@@ -2823,23 +2823,6 @@
- 	g_assert_cmpint (lines, ==, 6);
- }
- 
-static void
-fu_common_spawn_timeout_func (void)
-{
-	gboolean ret;
-	guint lines = 0;
-	g_autoptr(GError) error = NULL;
-	g_autofree gchar *fn = NULL;
-	const gchar *argv[3] = { "replace", "test", NULL };
-
-	fn = fu_test_get_filename (TESTDATADIR, "spawn.sh");
-	g_assert (fn != NULL);
-	argv[0] = fn;
-	ret = fu_common_spawn_sync (argv, fu_test_stdout_cb, &lines, 50, NULL, &error);
-	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CANCELLED);
-	g_assert (!ret);
-	g_assert_cmpint (lines, ==, 1);
-}
- 
- static void
- fu_progressbar_func (void)
-@@ -3751,7 +3734,6 @@
- 	g_test_add_func ("/fwupd/common{cab-error-missing-file}", fu_common_store_cab_error_missing_file_func);
- 	g_test_add_func ("/fwupd/common{cab-error-size}", fu_common_store_cab_error_size_func);
- 	g_test_add_func ("/fwupd/common{spawn)", fu_common_spawn_func);
-	g_test_add_func ("/fwupd/common{spawn-timeout)", fu_common_spawn_timeout_func);
- 	g_test_add_func ("/fwupd/common{firmware-builder}", fu_common_firmware_builder_func);
- 	return g_test_run ();
- }
--- a/CVE-2020-10759.patch
+++ b/CVE-2020-10759.patch
@ -1,17 +0,0 @@
-diff -Naru fwupd-1.2.9/src/fu-keyring-gpg.c fwupd-1.2.9-new/src/fu-keyring-gpg.c
--- fwupd-1.2.9/src/fu-keyring-gpg.c	2019-05-20 18:18:00.000000000 +0800
-+++ fwupd-1.2.9-new/src/fu-keyring-gpg.c	2022-07-25 10:51:37.434242000 +0800
-@@ -297,6 +297,13 @@
- 				     "no result record from libgpgme");
- 		return NULL;
- 	}
-+	if (result->signatures == NULL) {
-+		g_set_error_literal (error,
-+				     FWUPD_ERROR,
-+				     FWUPD_ERROR_INTERNAL,
-+				     "no signatures from libgpgme");
-+		return NULL;
-+	}
- 
- 	/* look at each signature */
- 	for (s = result->signatures; s != NULL ; s = s->next ) {
--- a/Set-polling-self-tests-to-slow.patch
+++ b/Set-polling-self-tests-to-slow.patch
@ -1,47 +0,0 @@
-From dd0b437d866878faa4672518b4b732e8ac00aa30 Mon Sep 17 00:00:00 2001
-From: Mario Limonciello <mario.limonciello@dell.com>
-Date: Tue, 22 Oct 2019 09:29:41 -0500
-Subject: [PATCH] trivial: fu-self-test: set polling self tests to slow
-
-Currently the test runs for 100ms and looks to see that at least 8 times
-the poll function callback hit.
-
-This normally works well enough, but during self tests it depends upon
-too much timing and leads to failures sometimes:
-
-```
-** (/<<PKGBUILDDIR>>/obj-s390x-linux-gnu/src/fu-self-test:50432): DEBUG: 15:37:55.189: poll cnt=0
-*# DEBUG: poll cnt=1
-** (/<<PKGBUILDDIR>>/obj-s390x-linux-gnu/src/fu-self-test:50432): DEBUG: 15:37:55.199: poll cnt=1
-*** (/<<PKGBUILDDIR>>/obj-s390x-linux-gnu/src/fu-self-test:50432): DEBUG: 15:37:55.209: poll cnt=2
-** (/<<PKGBUILDDIR>>/obj-s390x-linux-gnu/src/fu-self-test:50432): DEBUG: 15:37:55.227: poll cnt=3
-*# DEBUG: poll cnt=4
-** (/<<PKGBUILDDIR>>/obj-s390x-linux-gnu/src/fu-self-test:50432): DEBUG: 15:37:55.255: poll cnt=4
-*# DEBUG: poll cnt=5
-** (/<<PKGBUILDDIR>>/obj-s390x-linux-gnu/src/fu-self-test:50432): DEBUG: 15:37:55.267: poll cnt=5
-Bail out! ERROR:../src/fu-self-test.c:3489:fu_device_poll_func: assertion failed (cnt >= 8): (6 >= 8)
--- stderr ---
-**
-ERROR:../src/fu-self-test.c:3489:fu_device_poll_func: assertion failed (cnt >= 8): (6 >= 8)
-------
-```
-
-Mark this as a slow test so that it doesn't cause CI failures.
---
- src/fu-self-test.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/fu-self-test.c b/src/fu-self-test.c
-index 869b76fc5..2f4a83aa8 100644
--- a/src/fu-self-test.c
-+++ b/src/fu-self-test.c
-@@ -4149,7 +4149,8 @@ main (int argc, char **argv)
- 	g_test_add_func ("/fwupd/archive{cab}", fu_archive_cab_func);
- 	g_test_add_func ("/fwupd/engine{requirements-other-device}", fu_engine_requirements_other_device_func);
- 	g_test_add_func ("/fwupd/device{incorporate}", fu_device_incorporate_func);
-	g_test_add_func ("/fwupd/device{poll}", fu_device_poll_func);
-+	if (g_test_slow ())
-+		g_test_add_func ("/fwupd/device{poll}", fu_device_poll_func);
- 	g_test_add_func ("/fwupd/device-locker{success}", fu_device_locker_func);
- 	g_test_add_func ("/fwupd/device-locker{fail}", fu_device_locker_fail_func);
- 	g_test_add_func ("/fwupd/device{metadata}", fu_device_metadata_func);
--- a/fwupd-1.2.9.tar.xz
+++ b/fwupd-1.2.9.tar.xz
--- a/fwupd-1.5.8.tar.xz
+++ b/fwupd-1.5.8.tar.xz
--- a/fwupd.spec
+++ b/fwupd.spec
@ -8,23 +8,18 @@
 %endif

 Name:           fwupd
-Version:        1.2.9
-Release:        4
+Version:        1.5.8
+Release:        1
 Summary:        Make updating firmware on Linux automatic, safe and reliable
 License:        LGPLv2+
 URL:            https://github.com/fwupd/fwupd/releases
 Source0:        http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz

-#Self-tests are failing due to an expired cert #1264
-Patch0000:         0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
-Patch6000:         Set-polling-self-tests-to-slow.patch
-Patch0002:         0002-Compilation-failure-due-to-assertion-error.patch
-Patch0003:         CVE-2020-10759.patch
-
 BuildRequires:	gettext glib2-devel libxmlb-devel valgrind valgrind-devel libgcab1-devel
 BuildRequires:  gpgme-devel libgudev1-devel libgusb-devel libsoup-devel polkit-devel sqlite-devel libxslt
 BuildRequires:  gobject-introspection-devel libarchive-devel systemd gcab elfutils-libelf-devel
 BuildRequires:  bash-completion json-glib-devel help2man vala meson gnutls-utils gnutls-devel gtk-doc
+BuildRequires:  libjcat-devel tpm2-tss-devel

 %if %{with uefi}
 BuildRequires: python3 python3-cairo python3-gobject python3-pillow
@ -40,11 +35,14 @@ BuildRequires: efivar-devel
 BuildRequires: efivar-devel libsmbios-devel
 %endif

-Requires:      glib2 bubblewrap libsoup libgusb libxmlb shared-mime-info
+Requires:      glib2 bubblewrap libsoup libgusb libxmlb shared-mime-info libjcat tpm2-tss
 Requires(post):systemd
 Requires(preun):systemd
 Requires(postun):systemd

+Obsoletes: dbxtool < 9 dbxtool-help < 9
+Provides: dbxtool
+
 Recommends:    python3

 %description
@ -52,7 +50,7 @@ Recommends:    python3

 %package devel
 Summary:       Development and installed test files for %{name}
-Requires:      %{name} = %{version}-%{release}
+Requires:      %{name} = %{version}-%{release} libjcat-devel
 Provides:      %{name}-tests = %{version}-%{release}
 Obsoletes:     %{name}-tests < %{version}-%{release}

@ -67,9 +65,9 @@ This package contains the development and installed test files for %{name}.
 %build
 %meson -Dtests=true -Dgtkdoc=true -Dplugin_dummy=true \
 %if %{with uefi}
-       -Dplugin_uefi=true -Dplugin_nvme=true \
+       -Dplugin_nvme=true \
 %else
-       -Dplugin_uefi=false -Dplugin_nvme=false \
+       -Dplugin_nvme=false \
 %endif
 %if %{with redfish}
       -Dplugin_redfish=true \
@ -77,10 +75,11 @@ This package contains the development and installed test files for %{name}.
       -Dplugin_redfish=false \
 %endif
 %if %{with libsmbios}
-       -Dplugin_dell=true -Dplugin_synaptics=true \
+       -Dplugin_dell=true \
 %else
-       -Dplugin_dell=false -Dplugin_synaptics=false \
+       -Dplugin_dell=false \
 %endif
+       -Dplugin_msr=false \
       -Dman=true

 %meson_build
@ -123,53 +122,53 @@ mkdir -pm 0700 %{buildroot}%{_localstatedir}/lib/%{name}/gnupg
 %config(noreplace)%{_sysconfdir}/%{name}/remotes.d/*.conf
 %config(noreplace)%{_sysconfdir}/pki/%{name}
 %config(noreplace)%{_sysconfdir}/%{name}/daemon.conf
+%config(noreplace)%{_sysconfdir}/%{name}/thunderbolt.conf
+%config(noreplace)%{_sysconfdir}/%{name}/uefi_capsule.conf
+%config(noreplace)%{_sysconfdir}/%{name}/upower.conf
 %{_sysconfdir}/pki/fwupd-metadata
-%{_sysconfdir}/dbus-1/system.d/*.%{name}.conf
+%{_datadir}/dbus-1/system.d/*.%{name}.conf
 %{_libexecdir}/%{name}/%{name}
-%{_libexecdir}/%{name}/%{name}tool
-%{_libexecdir}/%{name}/%{name}agent
 %{_libexecdir}/%{name}/%{name}offline
 %{_datadir}/bash-*/completions/*
-%{_datadir}/%{name}/metainfo/*.metainfo.xml
-%{_datadir}/%{name}/remotes.d/*/*/*.md
 %{_datadir}/metainfo/*.metainfo.xml
-%{_datadir}/%{name}/firmware-packager
 %{_datadir}/dbus-1/interfaces/*.fwupd.xml
 %{_datadir}/dbus-1/system-services/*.service
 %{_datadir}/polkit-1/*/org.freedesktop*
-%{_datadir}/%{name}/quirks.d/
+%{_datadir}/%{name}/
 %{_datadir}/icons/hicolor/scalable/apps/*.%{name}.svg
 %{_localstatedir}/lib/%{name}/*/*.md
 %{_libdir}/lib%{name}*.so.*
 %{_libdir}/girepository-1.0/*.typelib
-%{_prefix}/lib/udev/rules.d/*.rules
-%{_prefix}/lib/systemd/system*/%{name}.shutdown
 %{_unitdir}/*.service
 %{_unitdir}/*.wants/
 %{_libdir}/fwupd-plugins-3/*.so
 %ghost %{_localstatedir}/lib/fwupd/gnupg
 %if %{with uefi}
-%config(noreplace)%{_sysconfdir}/%{name}/uefi.conf
 %{_libexecdir}/%{name}/efi/*.efi
 %{_libexecdir}/%{name}/efi/*.efi.signed
-%{_libexecdir}/%{name}/fwupdate
-%{_datadir}/*/*/LC_IMAGES/%{name}*
 %endif
 %if %{with redfish}
 %config(noreplace)%{_sysconfdir}/%{name}/redfish.conf
 %endif
-%if %{with libsmbios}
-%{_datadir}/%{name}/remotes.d/dell*/*
+%{_presetdir}/fwupd-refresh.preset
+/usr/lib/udev/rules.d/*.rules
+/usr/lib/systemd/system-shutdown/fwupd.shutdown
+%{_unitdir}/fwupd-refresh.timer
+%ifarch x86_64
+%{_libexecdir}/fwupd/fwupd-detect-cet
 %endif
+%{_datadir}/fish/vendor_completions.d/fwupdmgr.fish

 %files devel
 %{_libdir}/*.so
 %{_libdir}/*/*.pc
 %{_includedir}/*
 %{_datadir}/vala/*
-%{_datadir}/gtk-doc/*/lib%{name}
+%{_datadir}/gtk-doc/*/%{name}
+%{_datadir}/doc/%{name}
 %{_datadir}/*/*.gir
 %{_datadir}/installed-tests/%{name}
+%{_libexecdir}/installed-tests/%{name}
 %dir %{_sysconfdir}/%{name}/remotes.d
 %config(noreplace)%{_sysconfdir}/%{name}/remotes.d/%{name}-tests.conf

@ -177,6 +176,9 @@ mkdir -pm 0700 %{buildroot}%{_localstatedir}/lib/%{name}/gnupg
 %{_datadir}/man/man1/*

 %changelog
+* Mon Oct 31 2022 yaoxin <yaoxin30@h-partners.com> - 1.5.8-1
+- Upgrade to 1.5.8
+
 * Thu Jul 14 2022 yangweidong <yangweidong9@huawei.com> - 1.2.9-4
 - Solve 0002-Compilation-failure-due-to-assertion-error
 - Fix CVE-2020-10759.patch