-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-e61a85c2bb 2019-08-13 01:58:20.879496 --------------------------------------------------------------------------------
Name : calamares Product : Fedora 29 Version : 3.2.11 Release : 1.fc29 URL : https://calamares.io/ Summary : Installer from a live CD/DVD/USB to disk Description : Calamares is a distribution-independent installer framework, designed to install from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working replacement for Anaconda's liveinst.
-------------------------------------------------------------------------------- Update Information:
An update of Calamares to release 3.2.11, which fixes CVE-2019-13178, a race condition when LUKS full disk encryption is enabled, between the time when the LUKS encryption keyfile is created and when secure permissions are set. (The Calamares 3.2.11 release also fixes the related CVE-2019-13179, but that security issue does not affect Fedora.) In addition, since the previously packaged version was Calamares 3.2.8, this update includes all changes from Calamares 3.2.9: * *branding* now supports `os-release` variables in the *strings* section, which allows re-using (at runtime) information set in `/etc/os-release`. This requires KDE Frameworks 5.58. upstream issue #1150 (This feature is now used in the version of `default` branding packaged here. However, the packages still default to the `auto` branding, which recovers more information from `/etc/os-release` at RPM installation time.) * *branding* allows the use of FreeDesktop.org icon names for the *productLogo* and *productIcon* keys. If a file is named there, then the file is used, and otherwise the icon is looked up in the current theme. upstream issue #1160 * *welcome* allows a custom image path or icon name to be set for the language- selection drop-down (instead of the international standard one). * bug fixes. and from Calamares 3.2.10: * A crash when no *finished* page (or rather, no page at all) is configured after the last *exec* section of the sequence has been solved. The *finished* page can be left out (but then you don���t get the restart-now functionality). upstream issue #1168 * The *slideshow* which is run during installation now has API versions. API version 1 (the default) runs as before, where the slideshow is loaded when the installation starts. API version 2 loads the slideshow on Calamares startup, thus improving responsiveness. Documentation in `src/branding/README.md`. upstream issue #1152 * The example slideshow now uses API version 2. (The packaged one currently still uses API version 1 though.) * *partition* Now has its own setting for *requiredStorage*, duplicating the same setting in the *welcome* module. This is useful for configurations where no *welcome* module is used, but a minimum size must be checked anyway. upstream issue #1169 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jul 8 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.11-1 - Update to 3.2.11 (fixes CVE-2019-13178) - Rebase default-settings and kdesu patches - default-settings patch: improve default branding (but auto is still better) - Drop upstreamed shim-grub-cfg patch * Sun May 12 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.8-3 - bootloader: shim-grub-cfg patch: fix destination path for grub.cfg - default-settings patch: fix warnings due to missing or unimplemented settings * Sun May 12 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.8-2 - bootloader: fix sb-shim mode to write grub.cfg into the EFI System Partition * Fri May 10 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.8-1 - Update to 3.2.8 - Rebase default-settings patch, disable GeoIP that is now enabled by default - Drop upstreamed boost-python3, unpackfs-dev, dont-unmount-dev-mapper-live-base, and mount-selinux patches * Wed May 8 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-10 - mount: copy the SELinux context of the host directory to the mountpoint * Wed May 8 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-9 - Revert the change from "-8", this cannot be done with shellprocess * Wed May 8 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-8 - default-settings patch: enable the shellprocess module to create the mount point directories on the / partition with the correct SELinux contexts * Mon May 6 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-7 - default-settings patch: update the log path in umount.conf * Mon May 6 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-6 - Fix branding logos to use the correct form factor for each variant - partition: do not unmount /dev/mapper/live-* (live-base needed in unpackfs) * Sun May 5 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-5 - Drop the grub2-efi*-modules dependencies, not needed with sb-shim support - Add Requires: efibootmgr instead, used by the sb-shim support - default-settings patch: disable the new libpwquality check by default * Sun May 5 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-4 - unpackfs: do not use -o loop if the source is a device (fails on F29+) * Sun May 5 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-3 - Add BuildRequires: parted-devel (used in welcome to check storage requirement) * Sun May 5 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-2 - Fix finding Boost::Python3 on F30+ - Only BuildRequire libatasmart-devel and libblkid-devel on F29- * Sun May 5 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 3.2.7-1 - Update to 3.2.7 and update BuildRequires and Requires - Add plasmalnf subpackage for the new plasmalnf module requiring plasma-desktop - Switch webview from QtWebEngine to QtWebKit to work around upstream issue 1051 - Rebase default-settings patch and update some settings: - enable INSTALL_CONFIG by default (we patch it in place, so install it) - disable plymouthcfg by default (now only needed to change the default theme) - bootloader.conf: enable sb-shim (UEFI "Secure Boot" support) - plasmalnf.conf (note: module disabled by default): fix default liveuser - plasmalnf.conf (note: module disabled by default): default: show all themes - tracking.conf (note: module disabled by default): default tracking to none - users.conf: default to honoring the default shell from /etc/default/useradd - welcome.conf: use https for internetCheckUrl (catches more captive portals) - Rebase kdesu patch * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 3.1.8-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Jan 24 2019 Jonathan Wakely jwakely@redhat.com - 3.1.8-12 - Rebuilt for Boost 1.69 * Mon Jan 14 2019 Bj��rn Esser besser82@fedoraproject.org - 3.1.8-11 - Rebuilt for libcrypt.so.2 (#1666033) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1726565 - CVE-2019-13178 calamares: race condition in modules/luksbootkeyfile/main.py https://bugzilla.redhat.com/show_bug.cgi?id=1726565 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e61a85c2bb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org