From 003958e7796ba286487cd4e4c7a0c7641414a7bb Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 12 2021 08:17:59 +0000 Subject: import fwupd-1.5.5-3.el8 --- diff --git a/SOURCES/0001-stm-dfu-fix-dnload-wBlockNum-wraparound.patch b/SOURCES/0001-stm-dfu-fix-dnload-wBlockNum-wraparound.patch new file mode 100644 index 0000000..658e61b --- /dev/null +++ b/SOURCES/0001-stm-dfu-fix-dnload-wBlockNum-wraparound.patch @@ -0,0 +1,25 @@ +From 8d550213da363af1ca95252b4699bdf30efab5cb Mon Sep 17 00:00:00 2001 +From: Ilya Guterman +Date: Mon, 11 Jan 2021 18:10:09 +0200 +Subject: [PATCH 01/11] stm-dfu: fix dnload wBlockNum wraparound + +--- + plugins/dfu/dfu-target-stm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git plugins/dfu/dfu-target-stm.c plugins/dfu/dfu-target-stm.c +index faf027d1..b9adb725 100644 +--- plugins/dfu/dfu-target-stm.c ++++ plugins/dfu/dfu-target-stm.c +@@ -364,7 +364,7 @@ dfu_target_stm_download_element (DfuTarget *target, + g_bytes_get_size (bytes_tmp)); + /* ST uses wBlockNum=0 for DfuSe commands and wBlockNum=1 is reserved */ + if (!dfu_target_download_chunk (target, +- (guint8) (i + 2), ++ (i + 2), + bytes_tmp, + error)) + return FALSE; +-- +2.29.2 + diff --git a/SOURCES/0002-rename-config-section-in-uefi_capsule.conf-to-plugin.patch b/SOURCES/0002-rename-config-section-in-uefi_capsule.conf-to-plugin.patch new file mode 100644 index 0000000..4220362 --- /dev/null +++ b/SOURCES/0002-rename-config-section-in-uefi_capsule.conf-to-plugin.patch @@ -0,0 +1,30 @@ +From f7e99feb9bd49b4f7b05ba4c07398e1421b62164 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=98=D0=B0=D0=BD=20=D0=93=D0=B5=D0=BE?= + =?UTF-8?q?=D1=80=D0=B3=D0=B8=D0=B5=D0=B2=D1=81=D0=BA=D0=B8?= + +Date: Tue, 12 Jan 2021 18:36:40 +0100 +Subject: [PATCH 02/11] rename config section in uefi_capsule.conf to plugin + name + +in ee2e2c36749298e58b34dca163ea48a7fc925da6 the plugin name was changed +from uefi to uefi_capsule. while the config file name was changed, the +section name should also be changed. + +fixes #2748 +--- + plugins/uefi-capsule/uefi_capsule.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git plugins/uefi-capsule/uefi_capsule.conf plugins/uefi-capsule/uefi_capsule.conf +index d9775263..c543a7f2 100644 +--- plugins/uefi-capsule/uefi_capsule.conf ++++ plugins/uefi-capsule/uefi_capsule.conf +@@ -1,4 +1,4 @@ +-[uefi] ++[uefi_capsule] + + # the shim loader is required to chainload the fwupd EFI binary unless + # the fwupd.efi file has been self-signed manually +-- +2.29.2 + diff --git a/SOURCES/0003-Ask-the-user-to-reboot-when-required-if-downgrading.patch b/SOURCES/0003-Ask-the-user-to-reboot-when-required-if-downgrading.patch new file mode 100644 index 0000000..4800ff5 --- /dev/null +++ b/SOURCES/0003-Ask-the-user-to-reboot-when-required-if-downgrading.patch @@ -0,0 +1,32 @@ +From 4952d5f8bdf8ed801d2a449f589592d0d6356833 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Wed, 13 Jan 2021 09:58:16 +0000 +Subject: [PATCH 03/11] Ask the user to reboot when required if downgrading + +This matches the behaviour of install and reinstall. +--- + src/fu-util.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git src/fu-util.c src/fu-util.c +index 05f429bf..d5936e65 100644 +--- src/fu-util.c ++++ src/fu-util.c +@@ -1835,7 +1835,13 @@ fu_util_downgrade (FuUtilPrivate *priv, gchar **values, GError **error) + if (!fu_util_maybe_send_reports (priv, remote_id, error)) + return FALSE; + +- return TRUE; ++ /* we don't want to ask anything */ ++ if (priv->no_reboot_check) { ++ g_debug ("skipping reboot check"); ++ return TRUE; ++ } ++ ++ return fu_util_prompt_complete (priv->completion_flags, TRUE, error); + } + + static gboolean +-- +2.29.2 + diff --git a/SOURCES/0004-Do-not-show-Unknown-for-every-client-connection.patch b/SOURCES/0004-Do-not-show-Unknown-for-every-client-connection.patch new file mode 100644 index 0000000..d7de98f --- /dev/null +++ b/SOURCES/0004-Do-not-show-Unknown-for-every-client-connection.patch @@ -0,0 +1,33 @@ +From 002863121ed42f33507ce5663a3b22fabdfa5c36 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Thu, 14 Jan 2021 10:03:51 +0000 +Subject: [PATCH 04/11] Do not show Unknown [***] for every client connection + +Ignore the initial client state change from UNKNOWN to IDLE which was being set +as part of the fix in fb36f22. + +Fixes https://github.com/fwupd/fwupd/issues/2766 +--- + src/fu-progressbar.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git src/fu-progressbar.c src/fu-progressbar.c +index 9a7378c5..5dd9ff39 100644 +--- src/fu-progressbar.c ++++ src/fu-progressbar.c +@@ -297,6 +297,12 @@ fu_progressbar_update (FuProgressbar *self, FwupdStatus status, guint percentage + { + g_return_if_fail (FU_IS_PROGRESSBAR (self)); + ++ /* ignore initial client connection */ ++ if (self->status == FWUPD_STATUS_UNKNOWN && status == FWUPD_STATUS_IDLE) { ++ self->status = status; ++ return; ++ } ++ + /* use cached value */ + if (status == FWUPD_STATUS_UNKNOWN) + status = self->status; +-- +2.29.2 + diff --git a/SOURCES/0005-esp-list-allow-external-ESP-again.patch b/SOURCES/0005-esp-list-allow-external-ESP-again.patch new file mode 100644 index 0000000..eae1afa --- /dev/null +++ b/SOURCES/0005-esp-list-allow-external-ESP-again.patch @@ -0,0 +1,58 @@ +From d179875e1025cbf0df3987a9c3b42a996eae5354 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= + +Date: Sat, 23 Jan 2021 11:36:26 +0700 +Subject: [PATCH 05/11] esp-list: allow external ESP again + +In fwupd 1.5.1 and before, we allowed ESP on external device. +From 56d816a5, (Fall back to FAT32 internal partitions for detecting +ESP, 2020-11-11), we started to only consider internal devices only. + +While it would be desirable to only consider internal devices for +fallback esp partition, there're some setup that put ESP on external +device, e.g. full disk encryption with /boot on a USB. + +Let's allow external ESP again. +--- + src/fu-tool.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git src/fu-tool.c src/fu-tool.c +index 8624dfed..7c913f29 100644 +--- src/fu-tool.c ++++ src/fu-tool.c +@@ -2431,6 +2431,7 @@ fu_util_prompt_for_volume (GError **error) + { + FuVolume *volume; + guint idx; ++ gboolean is_fallback = FALSE; + g_autoptr(GPtrArray) volumes = NULL; + g_autoptr(GPtrArray) volumes_vfat = g_ptr_array_new (); + g_autoptr(GError) error_local = NULL; +@@ -2438,6 +2439,7 @@ fu_util_prompt_for_volume (GError **error) + /* exactly one */ + volumes = fu_common_get_volumes_by_kind (FU_VOLUME_KIND_ESP, &error_local); + if (volumes == NULL) { ++ is_fallback = TRUE; + g_debug ("%s, falling back to %s", error_local->message, FU_VOLUME_KIND_BDP); + volumes = fu_common_get_volumes_by_kind (FU_VOLUME_KIND_BDP, error); + if (volumes == NULL) { +@@ -2445,13 +2447,13 @@ fu_util_prompt_for_volume (GError **error) + return NULL; + } + } +- /* only add internal vfat partitions */ ++ /* on fallback: only add internal vfat partitions */ + for (guint i = 0; i < volumes->len; i++) { + FuVolume *vol = g_ptr_array_index (volumes, i); + g_autofree gchar *type = fu_volume_get_id_type (vol); + if (type == NULL) + continue; +- if (!fu_volume_is_internal (vol)) ++ if (is_fallback && !fu_volume_is_internal (vol)) + continue; + if (g_strcmp0 (type, "vfat") == 0) + g_ptr_array_add (volumes_vfat, vol); +-- +2.29.2 + diff --git a/SOURCES/0006-Fix-a-crash-when-using-fwupdtool.patch b/SOURCES/0006-Fix-a-crash-when-using-fwupdtool.patch new file mode 100644 index 0000000..0f039be --- /dev/null +++ b/SOURCES/0006-Fix-a-crash-when-using-fwupdtool.patch @@ -0,0 +1,41 @@ +From 9b48540a255bc91679de93a388600a61d9ca02c6 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Wed, 27 Jan 2021 10:45:21 +0000 +Subject: [PATCH 06/11] Fix a crash when using fwupdtool + +The docs for `fwupd_device_get_children()` make it very clear that only the +parent should be assigned. Also add a warning to `fwupd_device_add_child()` +explaining it is for internal daemon use only. +--- + libfwupd/fwupd-device.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git libfwupd/fwupd-device.c libfwupd/fwupd-device.c +index 7e3ceca9..2f3f4ddb 100644 +--- libfwupd/fwupd-device.c ++++ libfwupd/fwupd-device.c +@@ -370,6 +370,9 @@ fwupd_device_set_parent (FwupdDevice *device, FwupdDevice *parent) + * Adds a child device. An child device is logically linked to the primary + * device in some way. + * ++ * NOTE: You should never call this function from user code, it is for daemon ++ * use only. Only use fwupd_device_set_parent() to set up a logical tree. ++ * + * Since: 1.5.1 + **/ + void +@@ -2646,10 +2649,8 @@ fwupd_device_array_ensure_parents (GPtrArray *devices) + if (parent_id != NULL) { + FwupdDevice *dev_tmp; + dev_tmp = g_hash_table_lookup (devices_by_id, parent_id); +- if (dev_tmp != NULL) { +- fwupd_device_add_child (dev_tmp, dev); ++ if (dev_tmp != NULL) + fwupd_device_set_parent (dev, dev_tmp); +- } + } + } + } +-- +2.29.2 + diff --git a/SOURCES/0007-jabra-Ensure-the-protocol-is-set-to-avoid-a-daemon-w.patch b/SOURCES/0007-jabra-Ensure-the-protocol-is-set-to-avoid-a-daemon-w.patch new file mode 100644 index 0000000..de2c199 --- /dev/null +++ b/SOURCES/0007-jabra-Ensure-the-protocol-is-set-to-avoid-a-daemon-w.patch @@ -0,0 +1,25 @@ +From b04116d4defad3b243a109d9d79ad11eceecd6cc Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Mon, 1 Feb 2021 09:32:11 +0000 +Subject: [PATCH 07/11] jabra: Ensure the protocol is set to avoid a daemon + warning + +--- + plugins/jabra/fu-jabra-device.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git plugins/jabra/fu-jabra-device.c plugins/jabra/fu-jabra-device.c +index 7a6aff9a..055a3b30 100644 +--- plugins/jabra/fu-jabra-device.c ++++ plugins/jabra/fu-jabra-device.c +@@ -146,6 +146,7 @@ fu_jabra_device_init (FuJabraDevice *self) + fu_device_add_flag (FU_DEVICE (self), FWUPD_DEVICE_FLAG_UPDATABLE); + fu_device_add_flag (FU_DEVICE (self), FWUPD_DEVICE_FLAG_ADD_COUNTERPART_GUIDS); + fu_device_set_remove_delay (FU_DEVICE (self), 20000); /* 10+10s! */ ++ fu_device_set_protocol (FU_DEVICE (self), "org.usb.dfu"); + } + + static void +-- +2.29.2 + diff --git a/SOURCES/0008-wacom-usb-Fix-a-crash-detected-by-AddressSanitizer.patch b/SOURCES/0008-wacom-usb-Fix-a-crash-detected-by-AddressSanitizer.patch new file mode 100644 index 0000000..2d799d1 --- /dev/null +++ b/SOURCES/0008-wacom-usb-Fix-a-crash-detected-by-AddressSanitizer.patch @@ -0,0 +1,25 @@ +From b943adc496451975a9b959d78c0859a7fea5e483 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Sun, 7 Feb 2021 16:55:02 +0000 +Subject: [PATCH 08/11] wacom-usb: Fix a crash detected by AddressSanitizer + +--- + plugins/wacom-usb/fu-wac-firmware.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git plugins/wacom-usb/fu-wac-firmware.c plugins/wacom-usb/fu-wac-firmware.c +index fc54cf10..d3a41682 100644 +--- plugins/wacom-usb/fu-wac-firmware.c ++++ plugins/wacom-usb/fu-wac-firmware.c +@@ -44,7 +44,7 @@ fu_wac_firmware_parse (FuFirmware *firmware, + + /* check the prefix (BE) */ + data = (guint8 *) g_bytes_get_data (fw, &len); +- if (memcmp (data, "WACOM", 5) != 0) { ++ if (len < 5 || memcmp (data, "WACOM", 5) != 0) { + g_set_error_literal (error, + FWUPD_ERROR, + FWUPD_ERROR_INTERNAL, +-- +2.29.2 + diff --git a/SOURCES/0009-trivial-Fix-a-buffer-overread-spotted-by-AddressSani.patch b/SOURCES/0009-trivial-Fix-a-buffer-overread-spotted-by-AddressSani.patch new file mode 100644 index 0000000..96bada3 --- /dev/null +++ b/SOURCES/0009-trivial-Fix-a-buffer-overread-spotted-by-AddressSani.patch @@ -0,0 +1,34 @@ +From b743836b16c64e2d726f85113cd4ab6f18ed4df0 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Mon, 8 Feb 2021 16:47:05 +0000 +Subject: [PATCH 09/11] trivial: Fix a buffer-overread spotted by + AddressSanitizer + +--- + libfwupdplugin/fu-common.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git libfwupdplugin/fu-common.c libfwupdplugin/fu-common.c +index d4dd4aef..094f2d23 100644 +--- libfwupdplugin/fu-common.c ++++ libfwupdplugin/fu-common.c +@@ -1856,14 +1856,12 @@ fu_common_strsafe (const gchar *str, gsize maxsz) + gboolean valid = FALSE; + g_autoptr(GString) tmp = NULL; + +- g_return_val_if_fail (maxsz > 0, NULL); +- + /* sanity check */ +- if (str == NULL) ++ if (str == NULL || maxsz == 0) + return NULL; + + /* replace non-printable chars with '.' */ +- tmp = g_string_sized_new (strlen (str)); ++ tmp = g_string_sized_new (maxsz); + for (gsize i = 0; str[i] != '\0' && i < maxsz; i++) { + if (!g_ascii_isprint (str[i])) { + g_string_append_c (tmp, '.'); +-- +2.29.2 + diff --git a/SOURCES/0010-ihex-Fix-a-buffer-overread-spotted-by-AddressSanitiz.patch b/SOURCES/0010-ihex-Fix-a-buffer-overread-spotted-by-AddressSanitiz.patch new file mode 100644 index 0000000..5f9ff02 --- /dev/null +++ b/SOURCES/0010-ihex-Fix-a-buffer-overread-spotted-by-AddressSanitiz.patch @@ -0,0 +1,38 @@ +From 6077051e173770cf357703a3d776ceac2c53d963 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Mon, 8 Feb 2021 18:10:38 +0000 +Subject: [PATCH 10/11] ihex: Fix a buffer-overread spotted by AddressSanitizer + +--- + libfwupdplugin/fu-ihex-firmware.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git libfwupdplugin/fu-ihex-firmware.c libfwupdplugin/fu-ihex-firmware.c +index 8d4fc6a6..5df8a948 100644 +--- libfwupdplugin/fu-ihex-firmware.c ++++ libfwupdplugin/fu-ihex-firmware.c +@@ -90,11 +90,6 @@ fu_ihex_firmware_record_new (guint ln, const gchar *line, + rcd->ln = ln; + rcd->data = g_byte_array_new (); + rcd->buf = g_string_new (line); +- rcd->byte_cnt = fu_firmware_strparse_uint8 (line + 1); +- rcd->addr = fu_firmware_strparse_uint16 (line + 3); +- rcd->record_type = fu_firmware_strparse_uint8 (line + 7); +- +- /* check there's enough data for the smallest possible record */ + if (rcd->buf->len < 11) { + g_set_error (error, + FWUPD_ERROR, +@@ -103,6 +98,9 @@ fu_ihex_firmware_record_new (guint ln, const gchar *line, + (guint) rcd->buf->len); + return NULL; + } ++ rcd->byte_cnt = fu_firmware_strparse_uint8 (line + 1); ++ rcd->addr = fu_firmware_strparse_uint16 (line + 3); ++ rcd->record_type = fu_firmware_strparse_uint8 (line + 7); + + /* position of checksum */ + line_end = 9 + rcd->byte_cnt * 2; +-- +2.29.2 + diff --git a/SOURCES/0011-wacom-usb-Fix-a-buffer-overread-spotted-by-AddressSa.patch b/SOURCES/0011-wacom-usb-Fix-a-buffer-overread-spotted-by-AddressSa.patch new file mode 100644 index 0000000..ebcba4e --- /dev/null +++ b/SOURCES/0011-wacom-usb-Fix-a-buffer-overread-spotted-by-AddressSa.patch @@ -0,0 +1,26 @@ +From 60b5598032b3c36660984e7d49a5ff929ecd6e26 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Mon, 8 Feb 2021 18:41:45 +0000 +Subject: [PATCH 11/11] wacom-usb: Fix a buffer-overread spotted by + AddressSanitizer + +--- + plugins/wacom-usb/fu-wac-firmware.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git plugins/wacom-usb/fu-wac-firmware.c plugins/wacom-usb/fu-wac-firmware.c +index d3a41682..ae1e7cac 100644 +--- plugins/wacom-usb/fu-wac-firmware.c ++++ plugins/wacom-usb/fu-wac-firmware.c +@@ -65,7 +65,7 @@ fu_wac_firmware_parse (FuFirmware *firmware, + guint cmdlen = strlen (lines[i]); + + /* header info record */ +- if (memcmp (lines[i] + 2, "COM", 3) == 0) { ++ if (cmdlen > 3 && memcmp (lines[i] + 2, "COM", 3) == 0) { + guint8 header_image_cnt = 0; + if (cmdlen != 40) { + g_set_error (error, +-- +2.29.2 + diff --git a/SOURCES/0012-goodix-moc-Fix-several-places-where-the-plugin-code-.patch b/SOURCES/0012-goodix-moc-Fix-several-places-where-the-plugin-code-.patch new file mode 100644 index 0000000..7f19b68 --- /dev/null +++ b/SOURCES/0012-goodix-moc-Fix-several-places-where-the-plugin-code-.patch @@ -0,0 +1,381 @@ +From e80f277f4c268d69c162123bc8cbb1819224cea2 Mon Sep 17 00:00:00 2001 +From: Richard Hughes +Date: Wed, 10 Feb 2021 13:22:59 +0000 +Subject: [PATCH 12/12] goodix-moc: Fix several places where the plugin code + might crash + +Fixes https://github.com/fwupd/fwupd/issues/2850 +--- + plugins/goodix-moc/fu-goodixmoc-common.c | 83 ---------------- + plugins/goodix-moc/fu-goodixmoc-common.h | 19 +--- + plugins/goodix-moc/fu-goodixmoc-device.c | 120 +++++++++++++---------- + plugins/goodix-moc/meson.build | 1 - + 4 files changed, 72 insertions(+), 151 deletions(-) + delete mode 100644 plugins/goodix-moc/fu-goodixmoc-common.c + +diff --git plugins/goodix-moc/fu-goodixmoc-common.c plugins/goodix-moc/fu-goodixmoc-common.c +deleted file mode 100644 +index 7c81434d..00000000 +--- plugins/goodix-moc/fu-goodixmoc-common.c ++++ /dev/null +@@ -1,83 +0,0 @@ +-/* +- * Copyright (C) 2016 Richard Hughes +- * Copyright (C) 2020 boger wang +- * +- * SPDX-License-Identifier: LGPL-2.1+ +- */ +- +-#include "config.h" +- +-#include +-#include +- +-#include "fu-common.h" +-#include "fu-goodixmoc-common.h" +- +-void +-fu_goodixmoc_build_header (GxfpPkgHeader *pheader, +- guint16 len, +- guint8 cmd0, +- guint8 cmd1, +- GxPkgType type) +-{ +- static guint8 dummy_seq = 0; +- +- g_return_if_fail (pheader != NULL); +- +- pheader->cmd0 = (cmd0); +- pheader->cmd1 = (cmd1); +- pheader->pkg_flag = (guint8)type; +- pheader->reserved = dummy_seq++; +- pheader->len = len + GX_SIZE_CRC32; +- pheader->crc8 = fu_common_crc8 ((guint8 *)pheader, 6); +- pheader->rev_crc8 = ~pheader->crc8; +-} +- +-gboolean +-fu_goodixmoc_parse_header (guint8 *buf, guint32 bufsz, +- GxfpPkgHeader *pheader, GError **error) +-{ +- g_return_val_if_fail (buf != NULL, FALSE); +- g_return_val_if_fail (pheader != NULL, FALSE); +- +- if (!fu_memcpy_safe ((guint8 *) &pheader, sizeof(*pheader), 0x0, /* dst */ +- buf, bufsz, 0x01, /* src */ +- sizeof(*pheader), error)) +- return FALSE; +- memcpy (pheader, buf, sizeof(*pheader)); +- pheader->len = GUINT16_FROM_LE(*(buf + 4)); +- pheader->len -= GX_SIZE_CRC32; +- return TRUE; +-} +- +-gboolean +-fu_goodixmoc_parse_body (guint8 cmd, guint8 *buf, guint32 bufsz, +- GxfpCmdResp *presp, GError **error) +-{ +- g_return_val_if_fail (buf != NULL, FALSE); +- g_return_val_if_fail (presp != NULL, FALSE); +- +- presp->result = buf[0]; +- switch (cmd) { +- case GX_CMD_ACK: +- if (bufsz == 0) { +- g_set_error_literal (error, +- FWUPD_ERROR, +- FWUPD_ERROR_INTERNAL, +- "invalid bufsz"); +- return FALSE; +- } +- presp->ack_msg.cmd = buf[1]; +- break; +- case GX_CMD_VERSION: +- if (!fu_memcpy_safe ((guint8 *) &presp->version_info, +- sizeof(presp->version_info), 0x0, /* dst */ +- buf, bufsz, 0x01, /* src */ +- sizeof(GxfpVersiomInfo), error)) +- return FALSE; +- break; +- default: +- break; +- } +- return TRUE; +-} +diff --git plugins/goodix-moc/fu-goodixmoc-common.h plugins/goodix-moc/fu-goodixmoc-common.h +index 4bbdc0c8..c4b69954 100644 +--- plugins/goodix-moc/fu-goodixmoc-common.h ++++ plugins/goodix-moc/fu-goodixmoc-common.h +@@ -35,7 +35,7 @@ typedef struct { + guint8 protocol[8]; + guint8 flashVersion[8]; + guint8 reserved[62]; +-} GxfpVersiomInfo; ++} GxfpVersionInfo; + + typedef struct { + guint8 cmd; +@@ -46,7 +46,7 @@ typedef struct { + guint8 result; + union { + GxfpAckMsg ack_msg; +- GxfpVersiomInfo version_info; ++ GxfpVersionInfo version_info; + }; + } GxfpCmdResp; + +@@ -64,18 +64,3 @@ typedef struct __attribute__((__packed__)) { + guint8 crc8; + guint8 rev_crc8; + } GxfpPkgHeader; +- +-void fu_goodixmoc_build_header (GxfpPkgHeader *pheader, +- guint16 len, +- guint8 cmd0, +- guint8 cmd1, +- GxPkgType type); +-gboolean fu_goodixmoc_parse_header (guint8 *buf, +- guint32 bufsz, +- GxfpPkgHeader *pheader, +- GError **error); +-gboolean fu_goodixmoc_parse_body (guint8 cmd, +- guint8 *buf, +- guint32 bufsz, +- GxfpCmdResp *presp, +- GError **error); +diff --git plugins/goodix-moc/fu-goodixmoc-device.c plugins/goodix-moc/fu-goodixmoc-device.c +index f216aec7..3d359dab 100644 +--- plugins/goodix-moc/fu-goodixmoc-device.c ++++ plugins/goodix-moc/fu-goodixmoc-device.c +@@ -14,6 +14,7 @@ + + struct _FuGoodixMocDevice { + FuUsbDevice parent_instance; ++ guint8 dummy_seq; + }; + + G_DEFINE_TYPE (FuGoodixMocDevice, fu_goodixmoc_device, FU_TYPE_USB_DEVICE) +@@ -27,26 +28,34 @@ G_DEFINE_TYPE (FuGoodixMocDevice, fu_goodixmoc_device, FU_TYPE_USB_DEVICE) + #define GX_FLASH_TRANSFER_BLOCK_SIZE 1000 /* 1000 */ + + static gboolean +-goodixmoc_device_cmd_send (GUsbDevice *usbdevice, ++goodixmoc_device_cmd_send (FuGoodixMocDevice *self, + guint8 cmd0, + guint8 cmd1, + GxPkgType type, + GByteArray *req, + GError **error) + { +- GxfpPkgHeader header = { 0 }; +- guint32 crc_actual = 0; ++ GUsbDevice *usb_device = fu_usb_device_get_dev (FU_USB_DEVICE (self)); ++ guint32 crc_all = 0; ++ guint32 crc_hdr = 0; + gsize actual_len = 0; + g_autoptr(GByteArray) buf = g_byte_array_new (); + +- fu_goodixmoc_build_header (&header, req->len, cmd0, cmd1, type); +- g_byte_array_append (buf, (guint8 *)&header, sizeof(header)); ++ /* build header */ ++ fu_byte_array_append_uint8 (buf, cmd0); ++ fu_byte_array_append_uint8 (buf, cmd1); ++ fu_byte_array_append_uint8 (buf, type); /* pkg_flag */ ++ fu_byte_array_append_uint8 (buf, self->dummy_seq++); /* reserved */ ++ fu_byte_array_append_uint16 (buf, req->len + GX_SIZE_CRC32, G_LITTLE_ENDIAN); ++ crc_hdr = fu_common_crc8 (buf->data, buf->len); ++ fu_byte_array_append_uint8 (buf, crc_hdr); ++ fu_byte_array_append_uint8 (buf, ~crc_hdr); + g_byte_array_append (buf, req->data, req->len); +- crc_actual = fu_common_crc32 (buf->data, sizeof(header) + req->len); +- fu_byte_array_append_uint32 (buf, crc_actual, G_LITTLE_ENDIAN); ++ crc_all = fu_common_crc32 (buf->data, buf->len); ++ fu_byte_array_append_uint32 (buf, crc_all, G_LITTLE_ENDIAN); + + /* send zero length package */ +- if (!g_usb_device_bulk_transfer (usbdevice, ++ if (!g_usb_device_bulk_transfer (usb_device, + GX_USB_BULK_EP_OUT, + NULL, + 0, +@@ -62,7 +71,7 @@ goodixmoc_device_cmd_send (GUsbDevice *usbdevice, + } + + /* send data */ +- if (!g_usb_device_bulk_transfer (usbdevice, ++ if (!g_usb_device_bulk_transfer (usb_device, + GX_USB_BULK_EP_OUT, + buf->data, + buf->len, +@@ -84,12 +93,12 @@ goodixmoc_device_cmd_send (GUsbDevice *usbdevice, + } + + static gboolean +-goodixmoc_device_cmd_recv (GUsbDevice *usbdevice, ++goodixmoc_device_cmd_recv (FuGoodixMocDevice *self, + GxfpCmdResp *presponse, + gboolean data_reply, + GError **error) + { +- GxfpPkgHeader header = { 0 }; ++ GUsbDevice *usb_device = fu_usb_device_get_dev (FU_USB_DEVICE (self)); + guint32 crc_actual = 0; + guint32 crc_calculated = 0; + gsize actual_len = 0; +@@ -102,9 +111,11 @@ goodixmoc_device_cmd_recv (GUsbDevice *usbdevice, + * | zlp | ack | zlp | data | + */ + while (1) { ++ guint16 header_len = 0x0; ++ guint8 header_cmd0 = 0x0; + g_autoptr(GByteArray) reply = g_byte_array_new (); + fu_byte_array_set_size (reply, GX_FLASH_TRANSFER_BLOCK_SIZE); +- if (!g_usb_device_bulk_transfer (usbdevice, ++ if (!g_usb_device_bulk_transfer (usb_device, + GX_USB_BULK_EP_IN, + reply->data, + reply->len, +@@ -125,12 +136,14 @@ goodixmoc_device_cmd_recv (GUsbDevice *usbdevice, + } + + /* parse package header */ +- if (!fu_goodixmoc_parse_header (reply->data, +- actual_len, +- &header, +- error)) ++ if (!fu_common_read_uint8_safe (reply->data, reply->len, 0x0, ++ &header_cmd0, error)) ++ return FALSE; ++ if (!fu_common_read_uint16_safe (reply->data, reply->len, 0x4, ++ &header_len, G_LITTLE_ENDIAN, ++ error)) + return FALSE; +- offset = sizeof(header) + header.len; ++ offset = sizeof(GxfpPkgHeader) + header_len - GX_SIZE_CRC32; + crc_actual = fu_common_crc32 (reply->data, offset); + if (!fu_common_read_uint32_safe (reply->data, + reply->len, +@@ -149,15 +162,33 @@ goodixmoc_device_cmd_recv (GUsbDevice *usbdevice, + } + + /* parse package data */ +- if (!fu_goodixmoc_parse_body (header.cmd0, +- reply->data + sizeof(header), +- header.len, +- presponse, +- error)) ++ if (!fu_common_read_uint8_safe (reply->data, reply->len, ++ sizeof(GxfpPkgHeader) + 0x00, ++ &presponse->result, error)) + return FALSE; ++ if (header_cmd0 == GX_CMD_ACK) { ++ if (header_len == 0) { ++ g_set_error_literal (error, ++ FWUPD_ERROR, ++ FWUPD_ERROR_INTERNAL, ++ "invalid bufsz"); ++ return FALSE; ++ } ++ if (!fu_common_read_uint8_safe (reply->data, reply->len, ++ sizeof(GxfpPkgHeader) + 0x01, ++ &presponse->ack_msg.cmd, error)) ++ return FALSE; ++ } else if (header_cmd0 == GX_CMD_VERSION) { ++ if (!fu_memcpy_safe ((guint8 *) &presponse->version_info, ++ sizeof(presponse->version_info), 0x0, /* dst */ ++ reply->data, reply->len, ++ sizeof(GxfpPkgHeader) + 0x01, /* src */ ++ sizeof(GxfpVersionInfo), error)) ++ return FALSE; ++ } + + /* continue after ack received */ +- if (header.cmd0 == GX_CMD_ACK && data_reply) ++ if (header_cmd0 == GX_CMD_ACK && data_reply) + continue; + break; + } +@@ -176,36 +207,27 @@ fu_goodixmoc_device_cmd_xfer (FuGoodixMocDevice *device, + gboolean data_reply, + GError **error) + { +- GUsbDevice *usb_device = fu_usb_device_get_dev (FU_USB_DEVICE(device)); +- if (!goodixmoc_device_cmd_send (usb_device, cmd0, cmd1, type, req, error)) ++ FuGoodixMocDevice *self = FU_GOODIXMOC_DEVICE(device); ++ if (!goodixmoc_device_cmd_send (self, cmd0, cmd1, type, req, error)) + return FALSE; +- return goodixmoc_device_cmd_recv (usb_device, presponse, data_reply, error); ++ return goodixmoc_device_cmd_recv (self, presponse, data_reply, error); + } + +-static gchar * +-fu_goodixmoc_device_get_version (FuGoodixMocDevice *self, GError **error) ++static gboolean ++fu_goodixmoc_device_setup_version (FuGoodixMocDevice *self, GError **error) + { + GxfpCmdResp rsp = { 0 }; +- gchar ver[9] = { 0 }; +- guint8 dummy = 0; ++ g_autofree gchar *version = NULL; + g_autoptr(GByteArray) req = g_byte_array_new (); + +- fu_byte_array_append_uint8 (req, dummy); ++ fu_byte_array_append_uint8 (req, 0); /* dummy */ + if (!fu_goodixmoc_device_cmd_xfer (self, GX_CMD_VERSION, GX_CMD1_DEFAULT, +- GX_PKG_TYPE_EOP, +- req, +- &rsp, +- TRUE, +- error)) +- return NULL; +- if (!fu_memcpy_safe ((guint8 *) ver, sizeof(ver), 0x0, +- rsp.version_info.fwversion, +- sizeof(rsp.version_info.fwversion), +- 0x0, +- sizeof(rsp.version_info.fwversion), +- error)) +- return NULL; +- return g_strndup (ver, sizeof(ver)); ++ GX_PKG_TYPE_EOP, req, &rsp, TRUE, error)) ++ return FALSE; ++ version = g_strndup ((const gchar *) rsp.version_info.fwversion, ++ sizeof(rsp.version_info.fwversion)); ++ fu_device_set_version (FU_DEVICE (self), version); ++ return TRUE; + } + + static gboolean +@@ -281,15 +303,13 @@ fu_goodixmoc_device_open (FuUsbDevice *device, GError **error) + static gboolean + fu_goodixmoc_device_setup (FuDevice *device, GError **error) + { +- FuGoodixMocDevice *self = FU_GOODIXMOC_DEVICE(device); +- g_autofree gchar *version = NULL; ++ FuGoodixMocDevice *self = FU_GOODIXMOC_DEVICE (device); + +- version = fu_goodixmoc_device_get_version (self, error); +- if (version == NULL) { ++ /* ensure version */ ++ if (!fu_goodixmoc_device_setup_version (self, error)) { + g_prefix_error (error, "failed to get firmware version: "); + return FALSE; + } +- fu_device_set_version (device, version); + + /* success */ + return TRUE; +diff --git plugins/goodix-moc/meson.build plugins/goodix-moc/meson.build +index 4e1287e4..178b35d8 100644 +--- plugins/goodix-moc/meson.build ++++ plugins/goodix-moc/meson.build +@@ -9,7 +9,6 @@ install_data([ + shared_module('fu_plugin_goodixmoc', + fu_hash, + sources : [ +- 'fu-goodixmoc-common.c', + 'fu-goodixmoc-device.c', + 'fu-plugin-goodixmoc.c', + ], +-- +2.29.2 + diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der deleted file mode 100644 index 44a2563..0000000 Binary files a/SOURCES/centos-ca-secureboot.der and /dev/null differ diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der deleted file mode 100644 index e8216b1..0000000 Binary files a/SOURCES/centossecureboot001.der and /dev/null differ diff --git a/SOURCES/centossecureboot203.der b/SOURCES/centossecureboot203.der deleted file mode 100644 index 5df41c2..0000000 Binary files a/SOURCES/centossecureboot203.der and /dev/null differ diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der deleted file mode 100644 index 42bdfcf..0000000 Binary files a/SOURCES/centossecurebootca2.der and /dev/null differ diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer new file mode 100644 index 0000000..4ff8b79 Binary files /dev/null and b/SOURCES/redhatsecureboot301.cer differ diff --git a/SOURCES/redhatsecureboot503.cer b/SOURCES/redhatsecureboot503.cer new file mode 100644 index 0000000..50e375c Binary files /dev/null and b/SOURCES/redhatsecureboot503.cer differ diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer new file mode 100644 index 0000000..b235400 Binary files /dev/null and b/SOURCES/redhatsecurebootca3.cer differ diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer new file mode 100644 index 0000000..dfb0284 Binary files /dev/null and b/SOURCES/redhatsecurebootca5.cer differ diff --git a/SPECS/fwupd.spec b/SPECS/fwupd.spec index c7294b1..1bfc10d 100644 --- a/SPECS/fwupd.spec +++ b/SPECS/fwupd.spec @@ -39,7 +39,7 @@ Summary: Firmware update daemon Name: fwupd Version: 1.5.5 -Release: 1%{?dist} +Release: 3%{?dist} License: LGPLv2+ URL: https://github.com/fwupd/fwupd Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz @@ -54,14 +54,28 @@ Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab # these are numbered high just to keep them wildly away from colliding with # the real package sources, in order to reduce churn. -Source300: centos-ca-secureboot.der -Source301: centossecureboot001.der -Source500: centossecurebootca2.der -Source503: centossecureboot203.der +Source300: redhatsecurebootca3.cer +Source301: redhatsecureboot301.cer +Source500: redhatsecurebootca5.cer +Source503: redhatsecureboot503.cer Patch2: 0001-Do-not-use-the-LVFS.patch Patch4: deps.patch +# these are important fixes already upstream +Patch101: 0001-stm-dfu-fix-dnload-wBlockNum-wraparound.patch +Patch102: 0002-rename-config-section-in-uefi_capsule.conf-to-plugin.patch +Patch103: 0003-Ask-the-user-to-reboot-when-required-if-downgrading.patch +Patch104: 0004-Do-not-show-Unknown-for-every-client-connection.patch +Patch105: 0005-esp-list-allow-external-ESP-again.patch +Patch106: 0006-Fix-a-crash-when-using-fwupdtool.patch +Patch107: 0007-jabra-Ensure-the-protocol-is-set-to-avoid-a-daemon-w.patch +Patch108: 0008-wacom-usb-Fix-a-crash-detected-by-AddressSanitizer.patch +Patch109: 0009-trivial-Fix-a-buffer-overread-spotted-by-AddressSani.patch +Patch110: 0010-ihex-Fix-a-buffer-overread-spotted-by-AddressSanitiz.patch +Patch111: 0011-wacom-usb-Fix-a-buffer-overread-spotted-by-AddressSa.patch +Patch112: 0012-goodix-moc-Fix-several-places-where-the-plugin-code-.patch + BuildRequires: efi-srpm-macros BuildRequires: gettext BuildRequires: glib2-devel >= %{glib2_version} @@ -160,6 +174,18 @@ Data files for installed tests. %setup -q %patch2 -p1 -b .lvfs-disabled %patch4 -p0 -b .deps +%patch101 -p0 +%patch102 -p0 +%patch103 -p0 +%patch104 -p0 +%patch105 -p0 +%patch106 -p0 +%patch107 -p0 +%patch108 -p0 +%patch109 -p0 +%patch110 -p0 +%patch111 -p0 +%patch112 -p0 mkdir -p subprojects/libjcat tar xfvs %{SOURCE1} -C subprojects/libjcat --strip-components=1 @@ -251,8 +277,8 @@ install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %global efiarch aa64 %endif %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi -%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n centossecureboot001 -%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n centossecureboot203 +%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 +%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503 rm -fv %{fwup_efi_fn}.tmp %endif @@ -267,8 +293,10 @@ mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/cache/fwupd %systemd_post fwupd.service # change vendor-installed remotes to use the default keyring type -for fn in /etc/fwupd/remotes.d/*.conf; - do sed -i 's/Keyring=gpg/#Keyring=pkcs/g' "$fn"; +for fn in /etc/fwupd/remotes.d/*.conf; do + if grep -q "Keyring=gpg" "$fn"; then + sed -i 's/Keyring=gpg/#Keyring=pkcs/g' "$fn"; + fi done %preun @@ -482,6 +510,15 @@ done %endif %changelog +* Wed Feb 10 2021 Richard Hughes 1.5.5-3 +- Backport a fix from upstream to fix a crash in the Goodix MOC plugin. +- Resolves: #1927091 + +* Tue Feb 09 2021 Richard Hughes 1.5.5-2 +- Do not invalidate all remote timestamps during package install to fix rpm -V. +- Backport some important high priority fixes from upstream. +- Resolves: #1926382 + * Mon Jan 11 2021 Richard Hughes 1.5.5-1 - Rebase package to include support for latest OEM hardware and to support deploying UEFI SecureBoot dbx updates.