[bionic] fwupd 1.2.x, 1.3.x, 1.4.x: vendor-id requirement on LVFS causes failures
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OEM Priority Project |
Fix Released
|
Critical
|
Yuan-Chen Cheng | ||
fwupd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Mario Limonciello | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned | ||
fwupd-signed (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Mario Limonciello | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
A new requirement was introduced into LVFS to enforce vendor IDs for devices. This caused problems for upgrades on Dell's WD19 dock with fwupd 1.2.x and 1.3.x. and 1.4.x versions.
$ fwupdmgr update
No upgrades for RTS5487 in Dell dock, current is 01.47: 01.47=same, 01.47=same, 01.47=same
No releases found for device: cannot handle firmware requirement 'vendor-id'
No releases found for device: cannot handle firmware requirement 'vendor-id'
No releases found for device: cannot handle firmware requirement 'vendor-id'
No upgrades for RTS5413 in Dell dock, current is 01.21: 01.21=same, 01.21=same, 01.21=same
[Test Case]
Plug in an up to date WD19 and try to issue "fwupdmgr update". Find the results should look like this instead:
$ fwupdmgr update
No upgrades for RTS5487 in Dell dock, current is 01.47: 01.47=same, 01.47=same, 01.47=same
No upgrades for WD19, current is 01.00.00.05: 01.00.00.05=same, 01.00.00.04=older, 01.00.00.00=older
No upgrades for Package level of Dell dock, current is 01.00.15.01: 01.00.15.01=same, 01.00.14.01=older, 01.00.04.01=older
No upgrades for VMM5331 in Dell dock, current is 05.04.06: 05.04.06=same, 05.04.03=older, 05.03.10=older
No upgrades for RTS5413 in Dell dock, current is 01.21: 01.21=same, 01.21=same, 01.21=same
[Regression Potential]
This particular fix is low risk, it only affects vendor ID path.
CVE References
description: | updated |
Changed in fwupd (Ubuntu): | |
status: | New → Fix Released |
Changed in fwupd-signed (Ubuntu): | |
status: | New → Fix Released |
Changed in fwupd (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in fwupd-signed (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in fwupd (Ubuntu Bionic): | |
assignee: | nobody → Mario Limonciello (superm1) |
Changed in fwupd-signed (Ubuntu Bionic): | |
assignee: | nobody → Mario Limonciello (superm1) |
Changed in fwupd-signed (Ubuntu Focal): | |
status: | New → In Progress |
Changed in fwupd (Ubuntu Focal): | |
status: | New → In Progress |
Changed in fwupd (Ubuntu Groovy): | |
status: | New → In Progress |
Changed in fwupd-signed (Ubuntu Groovy): | |
status: | New → In Progress |
Changed in oem-priority: | |
importance: | Undecided → Critical |
status: | New → Confirmed |
tags: | added: oem-priority |
tags: | added: fwupd |
summary: |
- fwupd 1.2.x: vendor-id requirement on LVFS causes failures + fwupd 1.2.x, 1.3.x, 1.4.x: vendor-id requirement on LVFS causes failures |
Changed in oem-priority: | |
assignee: | nobody → Yuan-Chen Cheng (ycheng-twn) |
tags: | removed: verification-needed |
Changed in fwupd (Ubuntu Focal): | |
status: | In Progress → Fix Released |
Changed in fwupd-signed (Ubuntu Focal): | |
status: | In Progress → Fix Released |
tags: | added: bionic |
Changed in oem-priority: | |
assignee: | nobody → Yuan-Chen Cheng (ycheng-twn) |
status: | Confirmed → Fix Released |
When reviewing the SRU of fwupd and fwupd-signed for Ubuntu 20.10 I noticed a few things which need addressing before the SRUs can be accepted.
1) The debian/changelog references bug 1900935 but it is improperly formatted ('LP:#' vs 'LP: #') /wiki.ubuntu. com/firmware- updates) indicates that fwupd "Stay with the same release branch that was launched with that release". The upload for Focal does not do this as it 1.4.7 and Focal released with 1.3.9. Subsequently, I'll reject the Focal upload.
2) That bug is missing SRU information in the bug description
3) "Regression Potential" in some bug descriptions doesn't describe what the SRU team is actually looking for i.e. "what could go wrong". For example in bug 1921539 it sounds like the system could fail to boot if the sbat region isn't looked for in the correct spot so that's what I'd expect in "regression potential".
4) Bug 1909734 is missing SRU information
5) Bug 1886912 is missing SRU information
6) The SRU exception for fwupd (https:/
Once these issues have been addressed feel free to ping me and I'll review the SRU again.