{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "- Fix umask on grub.cfg (CVE-2021-3981)", "type": "security", "status": "unpushed", "request": null, "severity": "low", "suggest": "unspecified", "locked": false, "pushed": false, "critpath": true, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-12-09 16:50:47", "date_modified": null, "date_approved": null, "date_testing": "2021-12-10 01:57:51", "date_stable": null, "alias": "FEDORA-2021-a6aeb362d0", "test_gating_status": "failed", "from_tag": null, "date_pushed": "2021-12-10 01:57:51", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2021-a6aeb362d0", "title": "grub2-2.06-8.fc34", "version_hash": "4a77eab506377abd2c6f422ff4bef9ca2234e35d", "release": {"name": "F34", "long_name": "Fedora 34", "version": "34", "id_prefix": "FEDORA", "branch": "f34", "dist_tag": "f34", "stable_tag": "f34-updates", "testing_tag": "f34-updates-testing", "candidate_tag": "f34-updates-candidate", "pending_signing_tag": "f34-signing-pending", "pending_testing_tag": "f34-updates-testing-pending", "pending_stable_tag": "f34-updates-pending", "override_tag": "f34-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "rharwood", "email": "rharwood@pm.me", "id": 2033, "avatar": "https://seccdn.libravatar.org/avatar/e008d9337bf61e7a906d7f8daa8041f138643e8e58af55fdf030a70e7a2cb560?s=24&d=retro", "openid": "rharwood.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by rharwood. ", "timestamp": "2021-12-09 16:50:47", "update_id": 359273, "user_id": 91, "id": 2307202, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-12-09 16:50:49", "update_id": 359273, "user_id": 91, "id": 2307203, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2021-12-09 18:22:54", "update_id": 359273, "user_id": 91, "id": 2307348, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-12-10 01:58:33", "update_id": 359273, "user_id": 91, "id": 2307885, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been unpushed.", "timestamp": "2021-12-10 16:03:12", "update_id": 359273, "user_id": 2033, "id": 2308550, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "rharwood", "email": "rharwood@pm.me", "id": 2033, "avatar": "https://seccdn.libravatar.org/avatar/e008d9337bf61e7a906d7f8daa8041f138643e8e58af55fdf030a70e7a2cb560?s=24&d=retro", "openid": "rharwood.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}], "builds": [{"nvr": "grub2-2.06-8.fc34", "signed": true, "release_id": 47, "type": "rpm", "epoch": 1}], "bugs": [{"bug_id": 2030358, "title": "CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2308206, "bug_id": 2030358, "comment": {"karma": -1, "karma_critpath": 0, "text": "MOK versification failed with secure boot enabled.", "timestamp": "2021-12-10 08:48:03", "update_id": 359272, "user_id": 638, "id": 2308206, "testcase_feedback": [], "user": {"name": "fidencio", "email": "fabiano@fidencio.org", "id": 638, "avatar": "https://seccdn.libravatar.org/avatar/03ccd12ac6c4b4326ed488d28ad99e068bd95f7fff3e6f6c714385460079aecf?s=24&d=retro", "openid": "fidencio.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "virtmaint-sig"}]}}}, {"karma": 0, "comment_id": 2308492, "bug_id": 2030358, "comment": {"karma": -1, "karma_critpath": 0, "text": "", "timestamp": "2021-12-10 15:11:03", "update_id": 359272, "user_id": 5881, "id": 2308492, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 1, "comment_id": 2309274, "bug_id": 2030358, "comment": {"karma": 1, "karma_critpath": 0, "text": "secure boot working, permissions for grub.cfg looking fine.\n```\nsignature 1\nimage signature issuers:\n - /CN=Fedora Secure Boot CA\nsignature 2\nimage signature issuers:\n - /C=US/ST=Massachusetts/L=Cambridge/O=Red Hat, Inc./OU=Fedora Secure Boot CA 20200709/CN=fedoraca\n```\n\nIs there a way to add a test for the secure boot issue? If not booting a VM with secure boot enabled, maybe just extracting the signatures from shim and validating the certificates of grub efi, it would be a big relief :D", "timestamp": "2021-12-11 07:49:06", "update_id": 359589, "user_id": 6770, "id": 2309274, "testcase_feedback": [], "user": {"name": "frigo", "email": "rigault.francois@gmail.com", "id": 6770, "avatar": "https://seccdn.libravatar.org/avatar/26eb0baa1336653f4d281bf079a0efe15cb7c73cfd5893c148f8929d64a7742b?s=24&d=retro", "openid": "frigo.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 2309318, "bug_id": 2030358, "comment": {"karma": 1, "karma_critpath": 0, "text": "Boots fine!", "timestamp": "2021-12-11 11:06:04", "update_id": 359589, "user_id": 331, "id": 2309318, "testcase_feedback": [], "user": {"name": "ankursinha", "email": "sanjay.ankur@gmail.com", "id": 331, "avatar": "https://seccdn.libravatar.org/avatar/ea8a830990779d10661b2bea661307b613ca74c5169a7ba8e83b1748bd6e3495?s=24&d=retro", "openid": "ankursinha.id.fedoraproject.org", "groups": [{"name": "provenpackager"}, {"name": "robotics-sig"}, {"name": "packager"}, {"name": "gitfpaste"}, {"name": "fedora-contributor"}, {"name": "freemedia"}, {"name": "ask-fedora"}, {"name": "scitech_sig"}, {"name": "signed_fpca"}, {"name": "fedora-join"}, {"name": "ipausers"}, {"name": "qa"}, {"name": "gitfedora-tour"}, {"name": "wikiedit"}, {"name": "scitech"}, {"name": "fedorabugs"}, {"name": "neuro-sig"}]}}}, {"karma": 0, "comment_id": 2309500, "bug_id": 2030358, "comment": {"karma": 1, "karma_critpath": 0, "text": "Secure boot works", "timestamp": "2021-12-11 17:45:56", "update_id": 359589, "user_id": 820, "id": 2309500, "testcase_feedback": [], "user": {"name": "thesourcehim", "email": "thesourcehim@gmail.com", "id": 820, "avatar": "https://seccdn.libravatar.org/avatar/365b51e2acf2590c778904c667bec9701bf1d647e31a081645a598849105e2fd?s=24&d=retro", "openid": "thesourcehim.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 2308020, "bug_id": 2030358, "comment": {"karma": -1, "karma_critpath": 0, "text": "Booting with grub2-2.06-9.fc35 and UEFI Secure Boot enabled resulted in Error: Verification Failed: (0x1A) Security Violation. I reported this problem at https://bugzilla.redhat.com/show_bug.cgi?id=2030940", "timestamp": "2021-12-10 02:49:19", "update_id": 359272, "user_id": 4471, "id": 2308020, "testcase_feedback": [], "user": {"name": "mattf", "email": "matt.fagnani@bell.net", "id": 4471, "avatar": "https://seccdn.libravatar.org/avatar/dfd914605b2f5dafb41729697904a39aacfba787012bad999834e94535892c46?s=24&d=retro", "openid": "mattf.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 2308096, "bug_id": 2030358, "comment": {"karma": 1, "karma_critpath": 0, "text": "Legacy BIOS OK", "timestamp": "2021-12-10 06:04:23", "update_id": 359272, "user_id": 4054, "id": 2308096, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 2308191, "bug_id": 2030358, "comment": {"karma": -1, "karma_critpath": 0, "text": "Secure boot is broken.", "timestamp": "2021-12-10 08:33:07", "update_id": 359272, "user_id": 4214, "id": 2308191, "testcase_feedback": [], "user": {"name": "ojab", "email": "ojab@ojab.ru", "id": 4214, "avatar": "https://seccdn.libravatar.org/avatar/2139e49dfae1e0a5f3286f29e45ec93d55da07adf5a9c9507b440bc01dc61734?s=24&d=retro", "openid": "ojab.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 2308196, "bug_id": 2030358, "comment": {"karma": -1, "karma_critpath": 0, "text": "MOK verification failed with secure boot enabled.", "timestamp": "2021-12-10 08:34:58", "update_id": 359272, "user_id": 820, "id": 2308196, "testcase_feedback": [], "user": {"name": "thesourcehim", "email": "thesourcehim@gmail.com", "id": 820, "avatar": "https://seccdn.libravatar.org/avatar/365b51e2acf2590c778904c667bec9701bf1d647e31a081645a598849105e2fd?s=24&d=retro", "openid": "thesourcehim.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 2308307, "bug_id": 2030358, "comment": {"karma": -1, "karma_critpath": 0, "text": "Changing to -1, needing to accept a new key was not intentional, it seems.", "timestamp": "2021-12-10 11:11:36", "update_id": 359272, "user_id": 198, "id": 2308307, "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 2308367, "bug_id": 2030358, "comment": {"karma": -1, "karma_critpath": 0, "text": "", "timestamp": "2021-12-10 12:32:41", "update_id": 359272, "user_id": 331, "id": 2308367, "testcase_feedback": [], "user": {"name": "ankursinha", "email": "sanjay.ankur@gmail.com", "id": 331, "avatar": "https://seccdn.libravatar.org/avatar/ea8a830990779d10661b2bea661307b613ca74c5169a7ba8e83b1748bd6e3495?s=24&d=retro", "openid": "ankursinha.id.fedoraproject.org", "groups": [{"name": "provenpackager"}, {"name": "robotics-sig"}, {"name": "packager"}, {"name": "gitfpaste"}, {"name": "fedora-contributor"}, {"name": "freemedia"}, {"name": "ask-fedora"}, {"name": "scitech_sig"}, {"name": "signed_fpca"}, {"name": "fedora-join"}, {"name": "ipausers"}, {"name": "qa"}, {"name": "gitfedora-tour"}, {"name": "wikiedit"}, {"name": "scitech"}, {"name": "fedorabugs"}, {"name": "neuro-sig"}]}}}, {"karma": 0, "comment_id": 2309364, "bug_id": 2030358, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-12-11 13:51:45", "update_id": 359589, "user_id": 4054, "id": 2309364, "testcase_feedback": [], "user": {"name": "boycottsystemd1", "email": "boycottsystemd@yahoo.com", "id": 4054, "avatar": "https://seccdn.libravatar.org/avatar/72822ae5aa82ed9dc6cb7bb35646270744387f81df9ec50d2903e8d4e0bd8691?s=24&d=retro", "openid": "boycottsystemd1.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 2313106, "bug_id": 2030358, "comment": {"karma": 1, "karma_critpath": 0, "text": "WFM", "timestamp": "2021-12-15 01:51:09", "update_id": 359589, "user_id": 5881, "id": 2313106, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 2317385, "bug_id": 2030358, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-12-18 02:59:35", "update_id": 359590, "user_id": 5881, "id": 2317385, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}]}], "updateid": "FEDORA-2021-a6aeb362d0", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}