[Bug 1883568] Re: Update focal fwupd to 1.3.11 point release

Launchpad Bug Tracker 1883568 at bugs.launchpad.net
Thu Jul 16 10:20:28 UTC 2020 

This bug was fixed in the package fwupd - 1.3.11-1~focal1

---------------
fwupd (1.3.11-1~focal1) focal; urgency=medium

  * New upstream stable release: (LP: #1883568)
    - Actually reload the DFU device after upgrade has completed
    - Capture the dock SKU in report metadata
    - Correctly set the Logitech device protocol
    - Do not use shim for non-secure boot configurations
    - Ensure that the DeviceID is set for child devices
    - Fix an error when detaching MSP430
    - Fix the DeviceID set by GetDetails
    - Force the prometheus minor version from 0x02 to 0x01 to fix updates
    - Parse the CSR firmware as a DFU file
    - Prevent dell-dock updates to occur via synaptics-mst plugin
    - Rather than hardcoding thunderbolt to PCI slot numbers, use domain in GUID
    - Remove a dock device from the whitelist that is never going to be updated
    - Validate that gpgme_op_verify_result() returned at least one signature
    - Wait for the cxaudio device to reboot after writing firmware
    - Add more module types for the Dell dock
    - Fix the TPM PCR0 calculation
    - Check for free space after cleaning up ESP
  * Drop following patches, now incorporated upstream:
    - Thunderbolt: create correct GUID for dual controller devices
    - CSR: Fix parsing
    - Motd: Fix refresh target to be network.target
    - Logitech: Fix error in logs on unsigned devices and set protocol for
      signed devices properly.
    - Fix a FTBFS on empty /etc/machine-id in some buildd environments.
    - CVE-2020-10759

 -- Mario Limonciello <mario.limonciello at dell.com>  Thu, 18 Jun 2020
11:04:18 -0500

** Changed in: fwupd (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10759

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1883568

Title:
  Update focal fwupd to 1.3.11 point release

Status in OEM Priority Project:
  Fix Committed
Status in fwupd package in Ubuntu:
  Fix Released
Status in fwupd-signed package in Ubuntu:
  Fix Released
Status in fwupd source package in Focal:
  Fix Released
Status in fwupd-signed source package in Focal:
  Fix Committed

Bug description:
  [Impact]
   * Upstream has issued a 1.3.11 point release with the following fixes:
      - Actually reload the DFU device after upgrade has completed
      - Capture the dock SKU in report metadata
      - Correctly set the Logitech device protocol
      - Do not use shim for non-secure boot configurations
      - Ensure that the DeviceID is set for child devices
      - Fix an error when detaching MSP430
      - Fix the DeviceID set by GetDetails
      - Force the prometheus minor version from 0x02 to 0x01 to fix updates
      - Parse the CSR firmware as a DFU file
      - Prevent dell-dock updates to occur via synaptics-mst plugin
      - Rather than hardcoding thunderbolt to PCI slot numbers, use domain in GUID
      - Remove a dock device from the whitelist that is never going to be updated
      - Validate that gpgme_op_verify_result() returned at least one signature
      - Wait for the cxaudio device to reboot after writing firmware
      - Add more module types for the Dell dock
      - Fix the TPM PCR0 calculation
      - Check for free space after cleaning up ESP
   * All but 1 of the patches carried on top of 1.3.9 in Ubuntu focal are also included in 1.3.11 and can be dropped.

   * Per the firmware update policy described in
  https://wiki.ubuntu.com/StableReleaseUpdates#fwupd_and_fwupdate and
  https://wiki.ubuntu.com/firmware-updates we should jump to point
  release not backport patches

  [Test Case]

   * On a device supporting updates, either install a new firmware
  upgrade (fwupdmgr update) or reinstall (fwupdmgr reinstall)

   * verify the update works properly

  [Regression Potential]

   * Regressions are unlikely as these are all bug fixes that were prompted by users reporting problems.
   * There are no new features.
   * If a regression was to pop up it's likely to be very specific to a user's configuration.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1883568/+subscriptions

More information about the foundations-bugs mailing list