From 70ada173afc5b6417413414ba1b49904c0fbbbf1 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Aug 17 2016 13:54:07 +0000 Subject: Update to fwupdate 6 - lots of build fixes for newer compilers and such - Use libsmbios on some systems to enable firmware updates (Mario Limonciello) - Use the correct reset type from the QueryCapsuleInfo data - Lots of fixes from auditing - Use efivar's error reporting infrastructure Signed-off-by: Peter Jones --- diff --git a/0019-libfwup-better-bounds-checking-with-efivar-0.24-APIs.patch b/0019-libfwup-better-bounds-checking-with-efivar-0.24-APIs.patch deleted file mode 100644 index f640d9f..0000000 --- a/0019-libfwup-better-bounds-checking-with-efivar-0.24-APIs.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 9b0258e62c3d5272bb8431f1067042945197b2c8 Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Thu, 25 Feb 2016 14:59:28 -0500 -Subject: [PATCH 19/49] libfwup: better bounds checking with efivar 0.24 APIs - -Signed-off-by: Peter Jones ---- - linux/libfwup.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/linux/libfwup.c b/linux/libfwup.c -index 5de9d4c..4154480 100644 ---- a/linux/libfwup.c -+++ b/linux/libfwup.c -@@ -695,11 +695,11 @@ do_next: - continue; - } - -- sz = efi_loadopt_pathlen(loadopt); -+ sz = efi_loadopt_pathlen(loadopt, var_data_size); - if (sz != efidp_size((efidp)dp_buf)) - goto do_next; - -- efidp found_dp = efi_loadopt_path(loadopt); -+ efidp found_dp = efi_loadopt_path(loadopt, var_data_size); - if (memcmp(found_dp, dp_buf, sz)) - goto do_next; - --- -2.9.2 - diff --git a/0028-Always-set-a-mode-with-efi_set_variable.patch b/0028-Always-set-a-mode-with-efi_set_variable.patch deleted file mode 100644 index 85eb680..0000000 --- a/0028-Always-set-a-mode-with-efi_set_variable.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 84f2ea96f88751fe01228dcd9fc130cfa0893dfc Mon Sep 17 00:00:00 2001 -From: Peter Jones -Date: Wed, 2 Mar 2016 10:05:19 -0500 -Subject: [PATCH 28/49] Always set a mode with efi_set_variable() - -Apparently the code in efivar to handle whether mode is there or not -does not always work, so it's going to go away soon. - -Signed-off-by: Peter Jones ---- - linux/libfwup.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/linux/libfwup.c b/linux/libfwup.c -index 6f2f896..d50e4d5 100644 ---- a/linux/libfwup.c -+++ b/linux/libfwup.c -@@ -331,7 +331,7 @@ err: - | EFI_VARIABLE_BOOTSERVICE_ACCESS - | EFI_VARIABLE_RUNTIME_ACCESS; - rc = efi_set_variable(varguid, varname, (uint8_t *)info2, -- is, attributes, 0644); -+ is, attributes, 0600); - error = errno; - free(info2); - errno = error; -@@ -797,7 +797,7 @@ do_next: - if (found) { - efi_loadopt_attr_set(loadopt, LOAD_OPTION_ACTIVE); - rc = efi_set_variable(*guid, name, var_data, -- var_data_size, attr); -+ var_data_size, attr, 0600); - free(var_data); - if (rc < 0) - goto out; -@@ -822,7 +822,8 @@ do_next: - opt_size, - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | -- EFI_VARIABLE_RUNTIME_ACCESS); -+ EFI_VARIABLE_RUNTIME_ACCESS, -+ 0600); - if (rc < 0) - goto out; - -@@ -833,7 +834,8 @@ do_next: - (uint8_t *)&real_boot_next, 2, - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | -- EFI_VARIABLE_RUNTIME_ACCESS); -+ EFI_VARIABLE_RUNTIME_ACCESS, -+ 0600); - ret = rc; - - out: --- -2.9.2 - diff --git a/fwupdate.spec b/fwupdate.spec index 078a7e7..21ec9a6 100644 --- a/fwupdate.spec +++ b/fwupdate.spec @@ -1,9 +1,9 @@ -%global efivar_version 0.21-1 -%global efibootmgr_version 0.12-1 +%global efivar_version 26-1 +%global efibootmgr_version 13-0.1 Name: fwupdate -Version: 0.5 -Release: 5%{?dist} +Version: 6 +Release: 1%{?dist} Summary: Tools to manage UEFI firmware updates License: GPLv2+ URL: https://github.com/rhinstaller/fwupdate @@ -15,11 +15,6 @@ BuildRequires: elfutils popt-devel git gettext pkgconfig BuildRequires: systemd ExclusiveArch: x86_64 %{ix86} aarch64 Source0: https://github.com/rhinstaller/fwupdate/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2 -# These are two patches plucked from the series between 0.5 and master -# that make build against efivar 26 succeed. A build with the full -# patch series fails due to https://github.com/rhinstaller/fwupdate/issues/54 -Patch0019: 0019-libfwup-better-bounds-checking-with-efivar-0.24-APIs.patch -Patch0028: 0028-Always-set-a-mode-with-efi_set_variable.patch %ifarch x86_64 %global efiarch x64 @@ -76,6 +71,8 @@ git config --unset user.name %build make OPT_FLAGS="$RPM_OPT_FLAGS" libdir=%{_libdir} bindir=%{_bindir} \ EFIDIR=%{efidir} %{?_smp_mflags} +mv -v efi/fwup%{efiarch}.efi efi/fwup%{efiarch}.unsigned.efi +%pesign -s -i efi/fwup%{efiarch}.unsigned.efi -o efi/fwup%{efiarch}.efi %install rm -rf $RPM_BUILD_ROOT @@ -131,6 +128,14 @@ rm -rf $RPM_BUILD_ROOT /boot/efi/EFI/%{efidir}/fwup%{efiarch}.efi %changelog +* Tue Aug 16 2016 Peter Jones - 6-1 +- Update to fwupdate 6 +- lots of build fixes for newer compilers and such +- Use libsmbios on some systems to enable firmware updates (Mario Limonciello) +- Use the correct reset type from the QueryCapsuleInfo data +- Lots of fixes from auditing +- Use efivar's error reporting infrastructure + * Fri Aug 12 2016 Adam Williamson - 0.5-5 - backport a couple of commits to fix build against efivar 26 diff --git a/sources b/sources index 9bb9ee1..3fd1a9c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -91d20672928ec9349635c24581f5d823 fwupdate-0.5.tar.bz2 +242ff7e02ac2dd01a8620c51cb009eeb fwupdate-6.tar.bz2