{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "A security update that fixes Calamares bug CAL-405:\nhttps://calamares.io/bugs/browse/CAL-405\n\nWhen installing with a LUKS-encrypted `/` partition, Calamares was always creating a keyfile to decode `/` and storing it in the initramfs. It did that even with an unencrypted separate `/boot` partition. As a result, the keyfile would be stored in cleartext on the `/boot` partition, and it was possible to unlock the `/` partition without ever entering a passphrase. This completely defeated the security of LUKS.\n\nPlease note that this only affects manual partitioning. The automatic partitioning never leaves `/boot` unencrypted (and it is, in fact, recommended to also always encrypt `/boot` when doing manual partitioning).\n\nThis update fixes the `dracutlukscfg` module to not add the keyfile to `install_items` in the `dracut` configuration (so that `dracut` will not include it onto the initramfs) if `/boot` is separate and unencrypted.\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": false, "date_submitted": "2016-11-19 22:43:37", "date_modified": "2016-11-19 22:44:51", "date_approved": null, "date_testing": "2016-11-20 18:57:55", "date_stable": "2016-12-01 14:01:53", "alias": "FEDORA-2016-5c7e9b8778", "test_gating_status": null, "from_tag": null, "date_pushed": "2016-12-01 14:01:53", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2016-5c7e9b8778", "title": "calamares-2.4.4-5.fc24", "version_hash": "f778dd8e6c38b27c3b53a6658114006237d15e73", "release": {"name": "F24", "long_name": "Fedora 24", "version": "24", "id_prefix": "FEDORA", "branch": "f24", "dist_tag": "f24", "stable_tag": "f24-updates", "testing_tag": "f24-updates-testing", "candidate_tag": "f24-updates-candidate", "pending_signing_tag": "f24-signing-pending", "pending_testing_tag": "f24-updates-testing-pending", "pending_stable_tag": "f24-updates-pending", "override_tag": "f24-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "kkofler", "email": "kevin@tigcc.ticalc.org", "id": 886, "avatar": "https://seccdn.libravatar.org/avatar/8cd5027da3b6de8f3563cfd2fbb00330466a933ccda53eb004f13303a8c6dea9?s=24&d=retro", "openid": "kkofler.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitspin-kickstarts"}, {"name": "svnkde-settings"}, {"name": "svnfedora-kde-artwork"}, {"name": "gitthemes"}, {"name": "art"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by kkofler. ", "timestamp": "2016-11-19 22:43:37", "update_id": 73308, "user_id": 91, "id": 524035, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "kkofler edited this update.", "timestamp": "2016-11-19 22:44:51", "update_id": 73308, "user_id": 91, "id": 524038, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2016-11-20 19:53:23", "update_id": 73308, "user_id": 91, "id": 524251, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2016-11-22 00:23:44", "update_id": 73308, "user_id": 534, "id": 524731, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "ngompa", "email": "ngompa13@gmail.com", "id": 534, "avatar": "https://seccdn.libravatar.org/avatar/78eb5545c77d95a891c05cb362dfc4525c92e5398a7645c5bd23e126784d44a9?s=24&d=retro", "openid": "ngompa.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "provenpackager"}, {"name": "kde-sig"}, {"name": "communishift"}, {"name": "kaizen"}, {"name": "respins-sig"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "sig-hyperscale"}, {"name": "epel-packagers-sig"}, {"name": "fedora-contributor"}, {"name": "python-packagers-sig"}, {"name": "signed_fpca"}, {"name": "centosproject-email-aliases"}, {"name": "caddy"}, {"name": "fesco"}, {"name": "sig-extras"}, {"name": "go-sig"}, {"name": "rust-sig"}, {"name": "gitlab-centos-sig-hyperscale"}, {"name": "sig-altimages"}, {"name": "ocp-cico-hyperscale"}, {"name": "asahi-sig"}, {"name": "lxqt-sig"}, {"name": "sig-docs"}, {"name": "discourse-experiments"}, {"name": "multimedia-sig"}, {"name": "discussion-mods-asahi"}, {"name": "asahi-sig-admin"}, {"name": "cloud-sig"}, {"name": "pantheon-sig"}, {"name": "gitlab-centos-sig-altimages"}, {"name": "btrfs-sig"}, {"name": "budgie-sig"}, {"name": "miracle-sig"}, {"name": "mkdocs-sig"}, {"name": "metrics-sig"}, {"name": "cosmic-sig"}, {"name": "ocp-cico-pagure"}, {"name": "xr-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by kkofler. ", "timestamp": "2016-11-29 18:16:15", "update_id": 73308, "user_id": 91, "id": 528143, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2016-12-01 18:51:43", "update_id": 73308, "user_id": 91, "id": 529119, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "calamares-2.4.4-5.fc24", "signed": true, "release_id": 14, "type": "rpm", "epoch": 0}], "bugs": [], "updateid": "FEDORA-2016-5c7e9b8778", "karma": 1, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}