A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * alsa-ucm-conf: 1.2.2-1ubuntu0.11 => 1.2.2-1ubuntu0.12 * bind9: 1:9.16.1-0ubuntu2.9 => 1:9.16.1-0ubuntu2.10 * command-not-found: 20.04.5 => 20.04.6 * expat: 2.2.9-1ubuntu0.2 => 2.2.9-1ubuntu0.4 * fwupd-signed: 1.27.1ubuntu5+1.5.11-0ubuntu1~20.04.2 => 1.27.1ubuntu7+1.2-2~20.04.1 * fwupd: 1.5.11-0ubuntu1~20.04.2 => 1.7.5-3~20.04.1 * libdrm: 2.4.107-8ubuntu1~20.04.1 => 2.4.107-8ubuntu1~20.04.2 * libjcat: 0.1.3-2~ubuntu20.04.1 => 0.1.4-0ubuntu0.20.04.1 * libxml2: 2.9.10+dfsg-5ubuntu0.20.04.1 => 2.9.10+dfsg-5ubuntu0.20.04.2 * linux-meta: 5.4.0.104.108 => 5.4.0.105.109 * linux-signed: 5.4.0-104.118 => 5.4.0-105.119 * netplan.io: 0.103-0ubuntu5~20.04.5 => 0.103-0ubuntu5~20.04.6 * openssl: 1.1.1f-1ubuntu2.11 => 1.1.1f-1ubuntu2.12 * sosreport: 4.2-1ubuntu0.20.04.1 => 4.3-1ubuntu0.20.04.1 * tar: 1.30+dfsg-7ubuntu0.20.04.1 => 1.30+dfsg-7ubuntu0.20.04.2 The following is a complete changelog for this image. new: {'libmbim-proxy': '1.24.8-1~20.04', 'modemmanager': '1.16.6-2~20.04.1', 'linux-headers-5.4.0-105': '5.4.0-105.119', 'libqmi-glib5:amd64': '1.28.6-1~20.04.1', 'libmm-glib0:amd64': '1.16.6-2~20.04.1', 'linux-headers-5.4.0-105-generic': '5.4.0-105.119', 'usb-modeswitch-data': '20191128-3', 'linux-modules-5.4.0-105-generic': '5.4.0-105.119', 'libmbim-glib4:amd64': '1.24.8-1~20.04', 'libfwupdplugin5:amd64': '1.7.5-3~20.04.1', 'libqmi-proxy': '1.28.6-1~20.04.1', 'usb-modeswitch': '2.5.2+repack0-2ubuntu3'} removed: {'linux-headers-5.4.0-104': '5.4.0-104.118', 'linux-headers-5.4.0-104-generic': '5.4.0-104.118', 'linux-modules-5.4.0-104-generic': '5.4.0-104.118'} changed: ['alsa-ucm-conf', 'bind9-dnsutils', 'bind9-host', 'bind9-libs:amd64', 'command-not-found', 'fwupd', 'fwupd-signed', 'libdrm-common', 'libdrm2:amd64', 'libexpat1:amd64', 'libfwupd2:amd64', 'libjcat1:amd64', 'libnetplan0:amd64', 'libssl1.1:amd64', 'libxml2:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-105-generic', 'linux-image-virtual', 'linux-virtual', 'netplan.io', 'openssl', 'python3-commandnotfound', 'sosreport', 'tar'] new snaps: {} removed snaps: {} changed snaps: ['core20', 'snapd'] ==== alsa-ucm-conf: 1.2.2-1ubuntu0.11 => 1.2.2-1ubuntu0.12 ==== ==== alsa-ucm-conf * d/p/0034-ucm2-Add-UCM-support-for-Dell-Desktop.patch Add Realtek 4050 USB Codec front and rear profiles for a Dell machine. (LP: #1956855) ==== bind9: 1:9.16.1-0ubuntu2.9 => 1:9.16.1-0ubuntu2.10 ==== ==== bind9-dnsutils bind9-host bind9-libs:amd64 * SECURITY UPDATE: cache poisoning via bogus NS records - debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of records into the cache in lib/dns/resolver.c. - CVE-2021-25220 ==== command-not-found: 20.04.5 => 20.04.6 ==== ==== command-not-found python3-commandnotfound [ Arnaud Rebillout ] * cnf: Bail out early if the database is not readable * cnf-update-db: Creates a world-readable database (Closes: #986461) * Add test to make sure that the database is world-readable [ Kellen Renshaw ] * Cherry-pick cnf-update-db umask fixes from 22.04 (LP: #1953610) ==== expat: 2.2.9-1ubuntu0.2 => 2.2.9-1ubuntu0.4 ==== ==== libexpat1:amd64 * SECURITY UPDATE: Stack exhaustion - debian/patches/CVE-2022-25313.patch: prevent stack exhaustion in build_model in expat/lib/xmlparse.c. - debian/patches/fix-build_model-regression.patch: fix build_model regression in expat/lib/xmlparse.c. - debian/patches/protect-against-nested-element*: in expat/lib/xmlparse. - CVE-2022-25313 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25314.patch: prevent integer overflow in copyString in expat/lib/xmlparse.c. - CVE-2022-25314 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-25315.patch: prevent integer overflow in storeRawNames in expat/lib/xmlparse.c. - CVE-2022-25315 * SECURITY UPDATE: relax fix to CVE-2022-25236 with regard to RFC 3986 URI characters and possibly regressions - debian/patches/CVE-2022-25236-3.patch: add a note on namespace URI validation in expat/doc/reference.html, expat/lib/expat.h. - debian/patches/CVE-2022-25236-4.patch: document namespace separator effect right in header expat/lib/expat.h. - debian/patches/CVE-2022-25236-5.patch: cover relaxed fix in tests. - debian/patches/CVE-2022-25236-6.patch: relax fix with regard to RFC 3986 URI characters in expat/lib/xmlparse.c. (LP: #1963903) * removing duplicated tests - debian/patches/fix_test_dup.patch: removing tests were duplicated in expat/tests/runtests.c. ==== fwupd: 1.5.11-0ubuntu1~20.04.2 => 1.7.5-3~20.04.1 ==== ==== fwupd libfwupd2:amd64 * Backport 1.7.5-3 from jammy to focal. * Support several new devices (LP: #1949412, LP: #1954965, LP: #1953573) * fwupd / fwupd-efi source package split (LP: #1955386) * Don't install new fwupd-unsiged by default. (LP: #1960783) * Disable flashrom in focal as it was not enabled in focal. * Downgrade libgusb from 0.3.5 to 0.3.4 which used in focal after checking through all commits between. Just what we did on previous focal version 1.5.11. * debian/tests: - Disable blocking container virtualization only for autopkgtest * Backport a series of patches that fix autopkgtest failures in Debian and Ubuntu. * Backport a patch to avoid running fwupd-refresh in containers. * New upstream version (1.7.5) - Enable modem manager plugin by default * Drop efivar compatibility patch, upstream * backport a patch to fix dell wd19 TBT updates * backport a patch for community messaging issue * Backport a patch to allow falling back to signed binary if unsigned binary not present * Drop fwupd-unsigned from Recommends * Add hard dependencies on libfwupd2 and libfwupdplugin5 built with us. Symbols suggest things should work, but maybe not. :-( Closes: #1003664 * New upstream version (1.7.4) * Drop manpages section patch, upstream * Add a patch that fixes compilation with newer efivar * New upstream version (1.7.3) * ignore subprojects and build directory from upstream builds in same folder * Update symbols and shared library name * drop lintian overrides for EFI binary, gone from the split * use wildcards in lintian override for library-not-linked-against-libc * drop unused debian/source/include-binaries * Add Rules-Requires-Root clause * Fix man page location * disable logitech bulk controller on ubuntu by default * disable logitech bulk controller on ubuntu by default * add dual license nature of dell-dock plugin to debian/copyright [ Mario Limonciello ] * New upstream version (1.7.1) * Update debian/control and debian/copyright for changes upstream * Drop all patches, upstream * Packaging changes for the split into fwupd/fwupd-efi. [ Steve McIntyre ] * Update Mario's email address in debian/control * Move manpages into section 8, fix lintian warnings. * Change dependency versioning strategy for the signed fwupd packages to make them binNMU friendly. Closes: #973715 * Similarly change versioning used for Built-Using. Closes: #992910 * Multiple fixes for working with UEFI SBAT * Backport a patch to fix regression in fwupdtool activate * Backport a patch to fix activatable devices getting stuck in an update loop * Rebuild to pick up new signing keys. * Backport a patch to fix FTBFS on armhf for SBAT * New upstream version (1.5.7) - Fixes issues with SBAT on UEFI. * Fixes dependencies for -dev packages: Closes: #980691, #980684 [ Steve McIntyre ] * Fix up Uploaders for the -signed packages - remove Jared, add Matthias [ Mario Limonciello ] * New upstream version (1.5.6) * drop all upstream patches * fwupd.postinst: Adjust to read /etc/os-release instead of `/etc/lsb-release` * New upstream version (1.5.5) * trivial: debian: migrate uefi->uefi_capsule in uefi.conf * trivial: debian: fix modules-load.d directory * trivial: debian: add dbus to recommends (Closes: #980049) * Backport 2 patches for continual "Unknown" message on new connections * trivial: debian: read /etc/lsb-release instead of dpkg-dev (Closes: #977860, #977861, #970783) * trivial: debian: only install fwupd-msr.conf if needed * New upstream version (1.5.3) * Drop all patches (upstream) * Follow defaults for nvme and redfish plugins (don't need efivar now) * debian/control: - Drop libsoup build dependency - Add libcurl build dependency - Add systemd build dependency * Migrate debian/fwupd.preinst content to debian/fwupd.maintscript * Backport patch to fix ppc64el autopkgtest failure * trivial: debian: disable downloading from LVFS in autopkgtest * Add breaks for fwupdate 12-7 (Closes: #960688) * trivial: debian: add git to fwupdate-tests dependencies [ Mario Limonciello ] * Backport a patch to indicate if packages are supported or not * backport a patch to fix autopkgtests on ppc64el * trivial: debian: don't hardcode paths in libexec * trivial: debian: disable msr plugin on all !x86 [ Jessica Clarke ] * debian: Check DEB_HOST_ARCH_CPU not DEB_HOST_ARCH for MSR plugin * debian: Prefer Makefile substitution over shell substitution * debian: Use if/else rather than overriding default values * debian: Drop pointless dh_shlibdeps override * debian: Check for valgrind in Makefile not shell and don't hard-code path * debian: Fix dangerous lack of set -e * debian: Fix another instance of unusual ifeq syntax * debian: Build up CONFARGS list rather than individual variables * debian: Fix another dangerous missing set -e * debian: Use uniform spacing around semicolons * debian: Avoid looking like a set -e is missing * debian: Remove unnecessary ./ use * debian: Add quotes around glob * New upstream version (1.5.1) * Drop backported patches * Add udisks2 to recommends * Backport a patch to fix a crash when udisks2 is missing (Closes: #970054) * Disable flashrom for ia64 * New upstream version (1.4.6) * New upstream version (1.4.5) * Drop flashrom patch, now upstream * Regenerate control file - Refresh dependencies for 1.4.x - Drop Jared as uploader * Stop generating debian/control automatically at build time * Add build-dep on libflashrom-dev * New upstream stable release: - Add more module types for the Dell dock - Fix the TPM PCR0 calculation - Check for free space after cleaning up ESP * New upstream stable release: - Actually reload the DFU device after upgrade has completed - Capture the dock SKU in report metadata - Correctly set the Logitech device protocol - Do not use shim for non-secure boot configurations - Ensure that the DeviceID is set for child devices - Fix an error when detaching MSP430 - Fix the DeviceID set by GetDetails - Force the prometheus minor version from 0x02 to 0x01 to fix updates - Parse the CSR firmware as a DFU file - Prevent dell-dock updates to occur via synaptics-mst plugin - Rather than hardcoding thunderbolt to PCI slot numbers, use domain in GUID - Remove a dock device from the whitelist that is never going to be updated - Validate that gpgme_op_verify_result() returned at least one signature - Wait for the cxaudio device to reboot after writing firmware * Drop following patches, now incorporated upstream: - Thunderbolt: create correct GUID for dual controller devices - CSR: Fix parsing - Motd: Fix refresh target to be network.target - Logitech: Fix error in logs on unsigned devices and set protocol for signed devices properly. - Fix a FTBFS on empty /etc/machine-id in some buildd environments. * Backport a handful of patches from 1_3_X branch: - Thunderbolt: create correct GUID for dual controller devices - CSR: Fix parsing - Motd: Fix refresh target to be network.target - Logitech: Fix error in logs on unsigned devices and set protocol for signed devices properly. - Fix a FTBFS on empty /etc/machine-id in some buildd environments. (LP: #1870051) * Backport a patch from upstream to not use shim on non-secure boot installs. - Helps avoid hitting a shim regression. * Backport a patch to correct an error with shutdown script. * Enable flashrom plugin for Debian. - This is turned off for Ubuntu for now since flashrom is in universe. [ Mario Limonciello ] * New upstream stable release (1.3.9) - Moves some binaries from usr/libexec into usr/bin - Adds fish completion script. - Inhibit all power management actions using logind when updating * Bug fixes: - Always check for PLAIN when doing vercmp() operations - Always return AppStream markup for remote agreements - Apply UEFI capsule update even with single valid capsule - Check the device protocol before de-duping devices - Copy the version and format from donor device in get-details - Correctly append the release to devices in `fwupdtool get-details` - Decrease minimum battery requirement to 10% - Discard the reason upgrades aren't available - Do not fail loading in /etc/machine-id is not available - Fix a critical warning when installing some firmware - For the `get-details` command make sure to always show devices - Set the MSP430 version format to pair - Switch off the ATA verbose logging by default - Use unknown for version format by default on get-details * Drop all existing patches. [ Laurent Bigonville ] * debian/control.in: Add libglib2.0-doc to Build-Depends-Indep * Move the daemons from /usr/lib/fwupd to /usr/libexec/fwupd * debian/*.symbols: Add the Build-Depends-Package field * New upstream version (1.3.8) * Drop all existing patches * Backport patches for: - battery level threshold adjustment (30%->10%) - A logic error with report uploading * Update standards version * Backport some patches from upstream. - Revert a commit to fix UEFI updates hanging on many Dell systems. - Adjust motd output to contain more whitespace * Backport a patch to fix fwupd-refresh.service (Fixes: #950407, Fixes: #950408) * New upstream version (1.3.7) * New upstream version (1.3.6) - Fixes shutdown failed with exit 2 (Fixes: #947205) - Fixes motd issue, requires newer systemd though as well (Fixes: #943343) * Drop all patches from previous upload, now upstream. * New upstream version (1.3.5) * Introduce new binary packages for new library libfwupdplugin, allowing out of tree plugin builds. * trivial: debian: remove obj-* built files to fix back to back builds * trivial: ci: debian: enable verbose daemon logging for failure analysis * Backport some patches to improve autopkgtest debugging * New upstream version (1.3.4) * d/c: Only include TSS dependencies on architectures building EFI plugin. * Backport a patch to allow confined snaps to activate fwupd * backport a patch to fix fastboot plugin on DW5821e * backport a patch to only use mingw-w64-tools in archs with EFI * New upstream version (1.3.3) * Backport patch to skip transient self test failure in polling * Disable fwupd-refresh.service by default (Closes: #942630) * backport patch for fwupd-refresh: don't try to enable LVFS if disabled (Closes: #942568) * fwupd-refresh: backport a series of patches that essentially turns off motd refresh unless running on a very new systemd (v243) due to systemd v242 bug. (Closes: #942567) * cleanup symlink from broken 1.3.2-1 if fwupd-refresh was started * backport path for fwupd-refresh: fix a clash with fwupd.service (Closes: #941360) (Closes: #941661) * debian/control*: Update for fwupdate transition * New upstream version (1.3.2) - Allow not prompting for metadata every time (Closes: #941048) - Avoid resetting display every login with Dell docks (LP: #1793965) - Provides a network service file (Closes: #921820) - Description is clearer (Closes: #911505) - Wacom failures don't occur (Closes: #915794) - Xbox360 controllers keep working (Closes: #920012) * Uses libtss2-dev at build time and switches to TSS for runtime rather than tpm2-tools/tpm2-abrmd. [ Steve McIntyre ] * Add Built-Using for the fwupd-*-signed packages. Closes: #932757 * New upstream version (1.2.10) * New upstream version (1.2.9) * New upstream version (1.2.6) * debian/control: - Add new build depends related to Modem Manager * debian/gen_signing_json: Update the format of the json metadata to match new requirements: + Move all the data under a new top-level "packages" key + Add an empty "trusted_certs" key - our binaries do not do any further verification with an embedded key. * New upstream version (1.2.5) * Drop all patches, upstream * Backport a patch from master that fixes FTBFS with newer glib * debian: explicitly depend on shared-mime-info * New upstream version * refresh build dependencies * Recommends on tpm2 stack to read PCR values * New upstream version * Move location of fwupd-SIGNARCH-signed.install to proper directory to fix generation of signed packages. * New upstream release. * New upstream release - Fixes ESP autodetection for autofs (Closes: #906216) - Adds missing signing bits (Closes: #906599) * debian/rules: - Pass -a into dh_missing (Closes: #906357) * debian/control: - Recommends for bolt for new thunderbolt power API - Build depends on Noto fonts instead of Dejavu fonts * Drop all patches. * New upstream release. - Adds support for more Synaptics and Intel hardware. - Fixes firmware update on some UEFI implementations (Closes: #905570) * debian/ - contrib: debian: regenerate control on clean - refresh debian/{control,copyright} for upstream fixes - drop all patches, upstream. * Correct another syntax error in SB signing template (Closes: #905482) * correct secure boot signing template name (Closes: #905471) * Fix secure boot signing template version string (Closes: #905468) * Refresh debian/copyright (Closes: #904671) * debian/rules: dynamically install EFI binaries * debian/rules: use pkg-config to determine when to turn on redfish and UEFI - Fixes FTBFS due to redfish on other architectures. * Fix the filename of the signed archive used for secure boot on Ubuntu * Only build uefi plugin on supported architectures [ Steve Mcintyre ] * Initial support for UEFI Secure Boot in Debian infrastructure + When building, also generate a fwupdate-$ARCH-signed-template package which contains metadata needed by the Debian signing service. This will end up being turned into a new source package including a signed version of the fwupdate binary. [ Mario Limonciello ] * New upstream version (1.1.0) * Drop patches merged upstream. * debian/control: - Add a patch from upstream that will add gnu-efi to dependencies - No longer recommends for fwupdate as it has been merged into fwupd. * Adjust infrastructure for fwupdate signed package to be used by fwupd signed package * New upstream version (1.0.8) - Adds new fwupdtool - License is now LGPL 2.1 - Drops colorhug dependency (built in now) - refresh symbols * New upstream version (1.0.7) * /debian changes: - ignore library-not-linked-against-libc - Remove unused override in debian/lintian/fwupd - rename tag for debian/source/lintian-overrides - Adjust to use https in debian/copyright - Bump debian/compat to 10 - Update control version - update standards version [ Mario Limonciello ] * New upstream version (1.0.6) * Move git repo from alioth to salsa.d.o * contrib/ci: Detect machine type when generating debian/control * New upstream version. * Build depend on fwupdate 10-3 for efivar 34 transition. * Drop previous patch, now upstream. * Revert previous patch (still didn't help with autopkgtest). * Introduce a different patch for helping autopkgtest failures. * Backport a patch that should fix autopkgtest failures. * New upstream version. * New build dependency: libjson-glib-dev (>= 1.1.1) * Update symbols * New upstream version. * Drop patch for appstream glib 0.7.4 dependency * New upstream version * Drop patch for doing libsmbios on only supported architectures, now upstream. * Only do libsmbios-dev build-depend on supported architectures * debci: remove unnecessary dbus start command * New upstream version (1.0.1) * Generate debian/control dynamically based on XML build dependencies declared from upstream CI builder. * Drop all patches, upstream. * debian: re-generate debian/control in clean rule * Build depend on appstream-glib 0.7.4. * debian/debci: shuffle dependency location * debian/debci: add explicit dependency on policykit-1 for the test * minor correction to changelog * debci: use the needs-root restriction * debian: update standards version * Backport a patch from upstream which fixes FTBFS on alpha and hppa (Closes: #879022) * Don't use dpkg-reconfigure in CI script. [ Mario Limonciello ] * new upstream version (1.0.0) * remove /etc/fwupd.conf on upgrade * fix missing-call-to-dpkg-maintscript-helper * update debci configuration * drop libebitdo transitional packages * try to fix debci * update standards version * explicitly set section for libfwupd2 * run systemd in postinst (Closes: #877991) * Drop patches. [ Richard Hughes ] * Do not install the libdfu helper library * Backport a patch to fix FTBFS on big endian architectures. [ Mario Limonciello ] * New upstream version (0.9.7) [ Mario Limonciello ] * trivial: debian: clarify why installed tests get installed in a generic directory (Closes: #872458) * trivial: fix some insignificant debian linitan warnings * trivial: debian: add autopkgtest tests to run the CI suite [ Max Ehrlich ] * Add a python script to create fwupd compatible cab files from Microsoft .exe files [ Christian Kellner ] * tbtfwu: remove references to legacy thunderbolt plugin [ Mario Limonciello ] * trivial: debian: update for --enable-synaptics * trivial: debian: only modify /etc/fwupd.conf in CI context [ Richard Hughes ] * trivial: post release version bump * trivial: Fix the colord version check in the example spec file * Add --version option to fwupdmgr * uefi: Fix crash when the product name is NULL * trivial: Never compare a string against zero to avoid warnings * unifying: Don't log a warning when an unknown report is parsed * trivial: Include all the GTypes in the generated docs * Check all the device GUIDs against the blacklist when added * Fix a hang on 32 bit computers * trivial: Fix a -Wsign-compare warning on 32 bit * trivial: Fix spelling of delimiter * trivial: Make fu_dell_detect_dock() slightly more NULL-deref safe * libdfu: Fix a crash if elf32_newehdr() fails * trivial: Remove or downgrade some superfluous warnings * trivial: Fix self tests after downgrading warnings commit * Run the plugin coldplug methods in a predictable order * trivial: Fix a tiny leak in the Dell plugin * dell: Fix the last of the memory leaks in the self tests * Use new GUsb functionality to fix flashing Unifying devices * unifying: Fix trivial error handler warning * trivial: Allow setting the unifying bootloader address for self tests * unifying: Make sure the percentage completion goes from 0% to 100% * trivial: Fix two tiny leaks in fwupdmgr * Support embedded devices with local firmware metadata * Rename the thunderbolt plugin to tbtfwu * trivial: Use warning_level in the top level meson file * libdfu: Add DfuPatch * Release fwupd 0.9.6 [ Mario Limonciello ] * trivial: debian: Add libcairo-dev to build-dependencies * Display UEFI firmware type * trivial: Adjust get-devices output order * Include optional git checkout information in --version * trivial: set FWUPD_GIT_DESCRIBE even if git isn't installed * uefi,dell: make error messages from installing capsules useful * uefi: record boot variables to system log during updates (#152) * trivial: uefi: whitespace * dell, uefi: Display all errors recorded by efi_error tracing, not just the first one * uefi: test for kernel support during coldplug * trivial: back the requirement on appstream-glib to 0.6.9 * trivial: packaging: lower appstream-glib requirements to match meson.build * trivial: correct version comparison for polkit 0.114 in meson.build * policy: fix compilation on a variety of configurations * trivial: debian: back off polkit-1 dependency * trivial: Add a Dockerfile for Ubuntu zesty (17.04) * trivial: move compilation instructions to github wiki * Default to "en" for UEFI capsule graphics * trivial: debian: move DFU introspection to it's own package * trivial: debian: correct some linitian errors about fwupd-tests * trivial: debian: add missing dh-strip-nondeterminism dependency * trivial: debian: update standards version * trivial: debian: remove transient items on purge (Closes: #868464, #868465) * trivial: debian: recursively cleanup on purge * trivial: fix various spelling errors * debian: run lintian as part of CI * Add capability to enable test suite via /etc/fwupd.conf * rpm: enable test suite via /etc/fwupd.conf * debian: enable test suite via /etc/fwupd.conf * trivial: clarify delimitter in use for fwupd.conf is a semicolon * trivial: adjust get-details and get-devices output Display Name output * trivial: set engine back to idle * Correct a memory leak in Dell plugin (Fixes #158) * trivial: fix some more memory leaks in dell plugin (#158) * dell: use plugin hash table instead * Revert "trivial: fix some more memory leaks in dell plugin (#158)" * trivial: debian: correct duplicate descriptions in control file * fix some more memory leaks in dell plugin (#158) * Add information about compile-time dependency versions * Drop all patches in debian/patches [ Patrick Ohly ] * meson: introspection optional [ Chris Lee ] * Make flashing ebitdo devices actually work * Upload to unstable [ Mario Limonciello ] * New upstream version (0.9.5) * deb packaging: cleaner locale fix * fix typo in contrib/debian/rules * Adjust debian dependencies * split out the test suite to it's own package * use dpkg-divert to adjust the launch script for CI testing * Fix long changelog in 0.9.4-1 * move DFU introspection to it's own package * add missing dh-strip-nondeterminism dependency * debian: update standards version * Backport fix to build capsule graphics in right language * Backport patch to allow enabling test suite via conf file. [ Richard Hughes ] * Add an AppStream metainfo file * Add an installed test for verification * New upstream version (0.9.4) * Drop all existging patches (now upstream) * Backport a patch to fix test suite. * Correct a cleanup rule * Drop intltool build dependency * Re-enable PIE for builds * Add additional build dependencies that will be needed for generating capsule graphics * debian/control: sort build-dependencies * Drop packaging from debian/, it will be git mv'ed from contrib/ upstream * Move Debian packaging from contrib/ upstream * Set locale to C.UTF-8 during build to fix unicode file error. [ Iain Lane ] * debian/rules: Use debhelper's built in meson support. (Closes: #863822) [ Mario Limonciello ] * Move the daemon back out of multiarch directory. * Disable DELL plugin on non x86 * Correct permissions on polkit rules * Explicitly depend upon >= debhelper 10.3 to ensure it's pulled from experimental on buildd too. * add explicit dep on policykit-1 0.105-17 to fix FTBFS due ITS rules * use dh_missing as dh_install --fail-missing is deprecated * Explicit dependency upon systemd too. * New upstream version (0.9.2) (Closes: #863250) * drop debian/patches * Add support for meson build system - Specify sysconfdir and libexecdir - call tests with ninja - Add local state directory while building * Require newer gettext for building. * Add 0.6.13 as libappstream-glib minimum version * Bump udev b-d to 231 for systemd confinement changes * Backport patch to fix detection of Dell systems [ Richard Hughes ] * trivial: post release version bump * trivial: Sync example spec file with downstream * Add DFU quirk for SIMtrace * Add DFU quirk for OpenPICC * Create directories in /var/cache as required * trivial: Fix the log domains in two plugins * trivial: No not list the API version indexes * trivial: Don't change the documentation output every time the version changes * trivial: Fix the last -Wpointer-sign warning * trivial: Change the name of a generated file * trivial: Remove non-warning flags from the CFLAGS * Use a 60 second timeout on all client downloads * Support proxy servers in fwupdmgr * Set the source origin when saving metadata * Add a config option to allow runtime disabling plugins by name * Fix the Requires lines in the dfu pkg-config file * Release fwupd 0.8.2 [ Mario Limonciello ] * trivial: install /var/lib/fwupd in make install (#94) * trivial: allow configuring ESP location (#94) * trivial: make valgrind an optional build dependency * trivial: make /boot/efi an optional ReadWritePath (#97) * trivial: set synaptics error message in more scenarios * Drop upstream patches. [ Shea Levy ] * Only try to mkdir the localstatedir if we have the right permissions (#96) [ AsciiWolf ] * Update Czech translation * Backport upstream commit to make valgrind optional (Closes: #856344) * Backport upstream commit to make /boot/efi optional to start fwupd.service. * Disable optional thunderbolt support until ITP is done. * New upstream version (0.8.1). - Fixes systemd confinement crashes (Closes: #856145) (LP: #1663548) * loosen dependencies on libefivar-dev and libfwup-dev * Optionally enable thunderbolt * Only build synaptics on supported arch (fixes FTBFS) * New upstream version (0.8.0) * Refresh symbols. * Drop all now upstream patches. * Enable build hardening flags * Drop valgind build dependency from m68k * Fix fwupd process leaking into dbus cgroup (Closes: #845406) * Backport a patch to make sure that appstream metadata validates properly. (Closes: #837765) * Drop armel from libfwup-dev build dependency architecture list. * Drop valgrind build dependency for mipsel, mips64el, armhf, and armel where it is segfaulting. * New upstream version (0.7.4) * Update symbols file. * drop binary patches * Drop existing upstream patches * Add a patch that verifies providers are called with proper mode * debian/control: - Update dell email addresses (_ -> .) - Add an explicit build dependency on new version of efivar - Add build dep on gir1.2-appstreamglib-1.0 * debian/rules: - Adjust architectures that tests are run for missing valgrind - Add autoconf archive to build-depends (Closes: 837826) - Adjust daemon install path to be non multi-arch (Closes: #808831) * Backport patch to make sure test suite runs without sysfs bind mounted. * Mark fwupd-doc package as Multi-Arch: foreign. * New upstream version (0.7.3) * debian/rules: Adjust launch of test suite due to 4eb527 * Drop wheel/sudo patch, and instead make change in debian/rules at build. * Update Vcs-Git URL to secure URL * Update standards version * Add libsmbios-dev to build dependencies for Dell features * Drop gtk-doc documentation into new package fwupd-doc * Add new packages for lib0bitdo support * require building against libfwup 7 * Backport patch to allow building on older appstream-glib * Add a lintian override for fuzzing tests * add gir:depends for libdfu1 * don't install ebitdo-tool helper tool * Backport patches for s390x failures. - include binary patch of example.elf * set libsmbios to i386/amd64 only * Add lintian override for systemd services missing Install. * Add libelf-dev to build-depends. [ Mario Limonciello ] * New upstream version (0.7.2) * Drop unnecessary patches now upstream. * Add gobject-introspection to build dependencies [ Michael Biebl ] * Split GObject introspection files into a separate package named gir1.2-fwupd-1.0. (Fixes: #826743) [ Jurica Stanojkovic ] * Disable test suite on mips to prevent FTBFS. Fixes: #826251) * New upstream version (0.7.0) * Install static app-info file for fwupd * Drop alienware version quirk table patch included upstream * Update headers installed for libdfu-dev * Use correct dpkg-architecture variable to apply -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE * Block builds on test suite failures * update libgusb requirement in debian/control * update symbols * Backport commits from upstream to fix problems on big endian * Backport commit to remove requirement for gnupg 2.1 * Backport UEFI naming to DMI Product Name from master. * Set HOME to current directory for the test suite to run properly on buildd * Stop gpg-agent process that persists after test suite run (Closes: #820669) * New upstream release (0.6.3) * Enable quirked firmware versions on Alienware as well * Conditionally enable colorhug if a new enough version is available. This will allow for easier backporting in the future * update standards version * Only build against libfwup-dev on x86 and arm architectures * add armel to supported architectures too * Explicitly turn off UEFI if libfwup-dev wasn't installed to fix FTBFS on these other architectures. * Fix FTBFS on powerpc related to GPGME * Update build-depends to libasppstream-glib-dev 0.5.10 * Add symbols files for libfwupd and libdfu1 * Adjust build depends to ensure building with at least gnupg 2.1.0 * Add libtool-bin into build-depends * Re-enable test suite (but don't block additional failures) * Include plugins not compiled in as providers in install * Install static app-info file for fwupd * Use dh_install --fail-missing to catch other things added upstream at build time * Backport patches from upstream that fix the test suite as a non-root user * New upstream release (0.6.2) - Fixes for Dell HW versions and UEFI get-results. * Set polkit rules to be effective with proper group (Closes: #808832) * Add rules compatible with polkit 0.105. (Closes: #808833) * New upstream release (0.6.0) - Adds support for DFU based flashing. * Generate libdfu* packages for the newly included libdfu support * Update copyright for current source * Rename fwupd-dev to the more conventionally named libfwupd-dev * update appstream-glib version requirement * add gtk-doc-tools to build depends and cleanup after using them. * New upstream release (0.5.4). - Adds support for compiling against fwupdate 0.5. * Fix FTBFS on armhf by passing -D_FILE_OFFSET_BITS=64 as well. * Add build dependency on udev. (Closes: #804279) * Fix hardening flags. * New upstream release (0.5.3) * Drop all patches, now upstream. * debian/control: Update build dependencies for new upstream version. * Initial release (Closes: #793446) ==== fwupd-signed: 1.27.1ubuntu5+1.5.11-0ubuntu1~20.04.2 => 1.27.1ubuntu7+1.2-2~20.04.1 ==== ==== fwupd-signed ==== libdrm: 2.4.107-8ubuntu1~20.04.1 => 2.4.107-8ubuntu1~20.04.2 ==== ==== libdrm-common libdrm2:amd64 * No-change rebuild in the -security pocket (LP: #1963751) ==== libjcat: 0.1.3-2~ubuntu20.04.1 => 0.1.4-0ubuntu0.20.04.1 ==== ==== libjcat1:amd64 * Don't fail verification if compiled without an engine (LP: #1961864) ==== libxml2: 2.9.10+dfsg-5ubuntu0.20.04.1 => 2.9.10+dfsg-5ubuntu0.20.04.2 ==== ==== libxml2:amd64 * SECURITY UPDATE: use-after-free of ID and IDREF attributes - debian/patches/CVE-2022-23308.patch: normalize ID attributes in valid.c. - CVE-2022-23308 ==== linux-meta: 5.4.0.104.108 => 5.4.0.105.109 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-105 ==== linux-signed: 5.4.0-104.118 => 5.4.0-105.119 ==== ==== linux-image-5.4.0-105-generic * Master version: 5.4.0-105.119 ==== netplan.io: 0.103-0ubuntu5~20.04.5 => 0.103-0ubuntu5~20.04.6 ==== ==== libnetplan0:amd64 netplan.io * Do not write unvalidated YAML, fixing NM ip-tunnel handling (LP: #1962297) d/p/0018-keyfile-do-not-try-to-write-out-unvalidated-YAML-LP-.patch ==== openssl: 1.1.1f-1ubuntu2.11 => 1.1.1f-1ubuntu2.12 ==== ==== libssl1.1:amd64 openssl * SECURITY UPDATE: Infinite loop in BN_mod_sqrt() - debian/patches/CVE-2022-0778-1.patch: fix infinite loop in crypto/bn/bn_sqrt.c. - debian/patches/CVE-2022-0778-2.patch: add documentation of BN_mod_sqrt() in doc/man3/BN_add.pod. - debian/patches/CVE-2022-0778-3.patch: add a negative testcase for BN_mod_sqrt in test/bntest.c, test/recipes/10-test_bn_data/bnmod.txt. - CVE-2022-0778 ==== sosreport: 4.2-1ubuntu0.20.04.1 => 4.3-1ubuntu0.20.04.1 ==== ==== sosreport * New 4.3 upstream. (LP: #1960996) * For more details, full release note is available here: - https://github.com/sosreport/sos/releases/tag/4.3 * New patches: - d/p/0002-fix-setup-py.patch: Add python sos.help module, it was miss in upstream release. - d/p/0003-mention-sos-help-in-sos-manpage.patch: Fix sos-help manpage. * Former patches, now fixed: - d/p/0002-report-implement_estimate-only.patch - d/p/0003-ceph-add-support-for-containerized-ceph-setup.patch - d/p/0004-ceph-split-plugin-by-components.patch - d/p/0005-openvswitch-get-userspace-datapath-implementations.patch - d/p/0006-report-check-for-symlink-before-rmtree.patch * Remaining patches: - d/p/0001-debian-change-tmp-dir-location.patch ==== tar: 1.30+dfsg-7ubuntu0.20.04.1 => 1.30+dfsg-7ubuntu0.20.04.2 ==== ==== tar * SECURITY UPDATE: Denial of service (LP: #1912091) - debian/patches/CVE-2021-20193.patch: in read_header method in src/list.c, change the return value to be the value of status and break the execution, jumping to free next_long_name and next_long_link before returning. - CVE-2021-20193 -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20220321/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20220308/