Google Git
Sign in
chromium / external / github.com / fwupd / fwupd / refs/heads/1_0_X
commit35870b04d10ef54116d29eefa8854cb95e421239[log] [tgz]
authorRichard Hughes <richard@hughsie.com>Thu May 28 15:42:18 2020
committerRichard Hughes <richard@hughsie.com>Fri Jun 05 10:05:57 2020
tree83298e5b8a3215feecee856b52dbaa62b05abb75
parent7cc006b33e73256029e29560a3b6699e1a3abed9 [diff]
Validate that gpgme_op_verify_result() returned at least one signature

If a detached signature is actually a PGP message, gpgme_op_verify() returns
the rather perplexing GPG_ERR_NO_ERROR, and then gpgme_op_verify_result()
builds an empty list.

Explicitly check for no signatures present to avoid returning a FuKeyringResult
with no timestamp and an empty authority.

Many thanks to Justin Steven <justin@justinsteven.com> for the discovery and
coordinated disclosure of this issue. Fixes CVE-2020-10759
1 file changed
tree: 83298e5b8a3215feecee856b52dbaa62b05abb75
  1. .github/
  2. .tx/
  3. contrib/
  4. data/
  5. docs/
  6. libfwupd/
  7. plugins/
  8. po/
  9. policy/
  10. snap/
  11. src/
  12. .gitignore
  13. .travis.yml
  14. AUTHORS
  15. CODE_OF_CONDUCT.md
  16. CONTRIBUTING.md
  17. COPYING
  18. MAINTAINERS
  19. meson.build
  20. meson_options.txt
  21. meson_post_install.sh
  22. NEWS
  23. README.md
  24. RELEASE
README.md

fwupd

Build Status Coverity Scan Build Status

This project aims to make updating firmware on Linux automatic, safe and reliable.

Additional information is available at the website: https://fwupd.org

Compiling

The most up to date compilation instructions are available in the Wiki

LVFS

This project is configured by default to download firmware from the Linux Vendor Firmware Service (LVFS).

This service is available to all OEMs and firmware creators who would like to make their firmware available to Linux users.

You can find more information about the technical details of creating a firmware capsule in the hardware vendors section of the fwupd website.

Basic usage flow (command line)

If you have a device with firmware supported by fwupd, this is how you will check for updates and apply them using fwupd's command line tools.

# fwupdmgr get-devices

This will display all devices detected by fwupd.

# fwupdmgr refresh

This will download the latest metadata from LVFS.

# fwupdmgr get-updates

If updates are available for any devices on the system, they'll be displayed.

# fwupdmgr update

This will download and apply all updates for your system.

  • Updates that can be applied live will be done immediately.
  • Updates that run at bootup will be staged for the next reboot.

You can find more information about the update workflow in the end users section of the fwupd website.

Reporting status

fwupd will encourage users to report both successful and failed updates back to LVFS. This is an optional feature, but encouraged as it provides valuable feedback to LVFS administrators and OEM developers regarding firmware update process efficacy.

The privacy policy regarding this data can be viewed on the fwupd website.

To report the status of an update run:

# fwupdmgr report-history

To clear the local history of updates:

# fwupdmgr clear-history

Only updates that were distributed from the LVFS will be reported to the LVFS.

Other frontends

Currently GNOME Software is the only graphical frontend available. When compiled with firmware support, it will check for updates periodically and automatically download firmware in the background.

After the firmware has been downloaded a popup will be displayed in Gnome Software to perform the update.

On Dell IoT gateways, Wyse Cloud Client Manager (CCM) has been built with fwupd support. The remote administration interface can be used to download and deploy firmware updates.