1. 09 Jan, 2018 1 commit
  2. 08 Jan, 2018 7 commits
  3. 06 Jan, 2018 2 commits
  4. 05 Jan, 2018 1 commit
  5. 04 Jan, 2018 1 commit
  6. 03 Jan, 2018 2 commits
  7. 02 Jan, 2018 2 commits
  8. 22 Dec, 2017 3 commits
  9. 21 Dec, 2017 2 commits
    • Richard Hughes's avatar
      Use the new functionality in libgcab >= 1.0 to avoid writing temp files · deea2da0
      Richard Hughes authored
      Using old versions of gcab we could only do one thing: extract the files in the
      cabinet archive to a new directory in /tmp, and then fwupd would have to read
      them back in to memory to parse them. This was both inelegant and wasteful, and
      probably not an awesome idea from a security or privacy point of view.
      
      Using libgcab >= 1.0 we can decompress to a GBytes blob, and then verify the
      firmware and metainfo file without anything being written to disk.
      
      As this is a security sensitive operation, move the fwupd-specific helper code
      out of libappstream-glib and also add a lot of internal self tests.
      
      The gcab code will have to remain in libappstream-glib for a long time, but we
      don't have to use it. Handling the cab file here also allows us to fix two
      long-standing bugs:
      
       * MetaInfo or firmware files in a subdirectory are handled correctly
      
       * The archive can also be self-signed using PKCS7 instead of using GPG
      deea2da0
    • Richard Hughes's avatar
      8f89cf04
  10. 17 Dec, 2017 1 commit
  11. 14 Dec, 2017 3 commits
  12. 13 Dec, 2017 2 commits
  13. 11 Dec, 2017 11 commits
  14. 10 Dec, 2017 2 commits