FEDORA-2019-e61a85c2bb created by kkofler 6 months ago for Fedora 29
stable

An update of Calamares to release 3.2.11, which fixes CVE-2019-13178, a race condition when LUKS full disk encryption is enabled, between the time when the LUKS encryption keyfile is created and when secure permissions are set. (The Calamares 3.2.11 release also fixes the related CVE-2019-13179, but that security issue does not affect Fedora.)

In addition, since the previously packaged version was Calamares 3.2.8, this update includes all changes from Calamares 3.2.9:

  • branding now supports os-release variables in the strings section, which allows re-using (at runtime) information set in /etc/os-release. This requires KDE Frameworks 5.58. upstream issue #1150 (This feature is now used in the version of default branding packaged here. However, the packages still default to the auto branding, which recovers more information from /etc/os-release at RPM installation time.)
  • branding allows the use of FreeDesktop.org icon names for the productLogo and productIcon keys. If a file is named there, then the file is used, and otherwise the icon is looked up in the current theme. upstream issue #1160
  • welcome allows a custom image path or icon name to be set for the language-selection drop-down (instead of the international standard one).
  • bug fixes.

and from Calamares 3.2.10:

  • A crash when no finished page (or rather, no page at all) is configured after the last exec section of the sequence has been solved. The finished page can be left out (but then you don’t get the restart-now functionality). upstream issue #1168
  • The slideshow which is run during installation now has API versions. API version 1 (the default) runs as before, where the slideshow is loaded when the installation starts. API version 2 loads the slideshow on Calamares startup, thus improving responsiveness. Documentation in src/branding/README.md. upstream issue #1152
  • The example slideshow now uses API version 2. (The packaged one currently still uses API version 1 though.)
  • partition Now has its own setting for requiredStorage, duplicating the same setting in the welcome module. This is useful for configurations where no welcome module is used, but a minimum size must be checked anyway. upstream issue #1169

How to install

sudo dnf upgrade --advisory=FEDORA-2019-e61a85c2bb

This update has been submitted for testing by kkofler.

6 months ago

This update test gating status has been changed to 'waiting'.

6 months ago

This update test gating status has been changed to 'ignored'.

6 months ago

This update has been pushed to testing.

6 months ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 months ago
User Icon kkofler commented & provided feedback 6 months ago

Unfortunately, it looks like UEFI installations don't work with Calamares 3.2.11. I need to investigate that issue before pushing this update.

This update's test gating status has been changed to 'greenwave_failed'.

5 months ago

This update's test gating status has been changed to 'ignored'.

5 months ago
User Icon kkofler commented & provided feedback 5 months ago

It turns out that the UEFI issue is not caused by the update. UEFI works in the VM with a fresh disk image and not with a reused one. It is unclear whether it works on real hardware. But the update does not make this any better or worse, so let us just push the security update now and look into UEFI later.

This update has been submitted for stable by kkofler.

5 months ago

This update has been pushed to stable.

5 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-10
Dates
submitted
6 months ago
in testing
6 months ago
in stable
5 months ago
BZ#1726565 CVE-2019-13178 calamares: race condition in modules/luksbootkeyfile/main.py
0
0
BZ#1726566 CVE-2019-13178 calamares: race condition in modules/luksbootkeyfile/main.py [fedora-all]
0
0

Automated Test Results