| commit | 02e29048f18c32b0186505a4314648d08cfae769 | [log] [tgz] |
|---|---|---|
| author | Richard Hughes <richard@hughsie.com> | Thu May 28 15:49:27 2020 |
| committer | Richard Hughes <richard@hughsie.com> | Fri Jun 05 09:56:54 2020 |
| tree | de89287066a4418922818b1433afc5c7bb49b5f8 | |
| parent | c79f3821f24e801b50c0b2ccf88bc88edf3fdd70 [diff] |
Validate that gpgme_op_verify_result() returned at least one signature If a detached signature is actually a PGP message, gpgme_op_verify() returns the rather perplexing GPG_ERR_NO_ERROR, and then gpgme_op_verify_result() builds an empty list. Explicitly check for no signatures present to avoid returning success in this case. Many thanks to Justin Steven <justin@justinsteven.com> for the discovery and coordinated disclosure of this issue. Fixes CVE-2020-10759
This project aims to make updating firmware on Linux automatic, safe and reliable.
Additional information is available at the website: http://www.fwupd.org
DFU support is supported directly by this project with the embedded libdfu library.
For colorhug support you need to install colord 1.2.12 or later.
If you don't want or need this functionality you can use the --disable-colorhug option.
For UEFI capsule support, you need to install fwupdate 0.5 or later.
If you don't want or need this functionality you can use the --disable-uefi option.
On some Dell systems it's possible to turn on and off UEFI capsule support from within the BIOS. This functionality can also be adjusted from within the OS by fwupd. This requires using fwupdate 5 or later and compiling it with libsmbios support.
When fwupd and fwupdate have been compiled with this support you will be able to enable UEFI support on the device by using the unlock command.
This allows installing Dell capsules that are not part of the ESRT table. Information on special features enabled by this provider are available here: https://github.com/hughsie/fwupd/blob/master/docs/dell-provider.md
For Dell support you will need libsmbios_c version 2.3.0 or later and efivar.
If you don't want or need this functionality you can use the --disable-dell option.
A provider is available that can flash the boot firmware on the Raspberry Pi.
An extensible architecture allows for providing new Provider types (for reading and writing different firmware) as well as for plugins that can extend existing firmware providers to quirk their behavior.
If you have a firmware specification and would like to see support in this project, please file an issue and share the spec. Patches are also welcome.
This project is configured by default to download firmware from the [Linux Vendor Firmware Service (LVFS)] (https://secure-lvfs.rhcloud.com/lvfs/).
This service is available to all OEMs and firmware creators who would like to make their firmware available to Linux users.
If you have a device with firmware supported by fwupd, this is how you will check for updates and apply them using fwupd's command line tools.
fwupdmgr get-devices
This will display all devices detected by fwupd.
fwupdmgr refresh
This will download the latest metadata from LVFS.
fwupdmgr get-updates
If updates are available for any devices on the system, they'll be displayed.
fwupdmgr update
This will download and apply all updates for your system.
Currently [GNOME Software] (https://wiki.gnome.org/Apps/Software) is the only graphical frontend available. When compiled with firmware support, it will check for updates periodically and automatically download firmware in the background.
After the firmware has been downloaded a popup will be displayed in Gnome Software to perform the update.
On Dell IoT gateways, [Wyse Cloud Client Manager (CCM)] (http://www.dell.com/us/business/p/wyse-cloud-client-manager/pd) has been built with fwupd support. The remote administration interface can be used to download and deploy firmware updates.