--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-e61a85c2bb
2019-08-13 01:58:20.879496
--------------------------------------------------------------------------------
Name : calamares
Product : Fedora 29
Version : 3.2.11
Release : 1.fc29
URL :
https://calamares.io/
Summary : Installer from a live CD/DVD/USB to disk
Description :
Calamares is a distribution-independent installer framework, designed to install
from a live CD/DVD/USB environment to a hard disk. It includes a graphical
installation program based on Qt 5. This package includes the Calamares
framework and the required configuration files to produce a working replacement
for Anaconda's liveinst.
--------------------------------------------------------------------------------
Update Information:
An update of Calamares to release 3.2.11, which fixes CVE-2019-13178, a race
condition when LUKS full disk encryption is enabled, between the time when the
LUKS encryption keyfile is created and when secure permissions are set. (The
Calamares 3.2.11 release also fixes the related CVE-2019-13179, but that
security issue does not affect Fedora.) In addition, since the previously
packaged version was Calamares 3.2.8, this update includes all changes from
Calamares 3.2.9: * *branding* now supports `os-release` variables in the
*strings* section, which allows re-using (at runtime) information set in
`/etc/os-release`. This requires KDE Frameworks 5.58. upstream issue #1150 (This
feature is now used in the version of `default` branding packaged here. However,
the packages still default to the `auto` branding, which recovers more
information from `/etc/os-release` at RPM installation time.) * *branding*
allows the use of
FreeDesktop.org icon names for the *productLogo* and
*productIcon* keys. If a file is named there, then the file is used, and
otherwise the icon is looked up in the current theme. upstream issue #1160 *
*welcome* allows a custom image path or icon name to be set for the language-
selection drop-down (instead of the international standard one). * bug fixes.
and from Calamares 3.2.10: * A crash when no *finished* page (or rather, no
page at all) is configured after the last *exec* section of the sequence has
been solved. The *finished* page can be left out (but then you don���t get the
restart-now functionality). upstream issue #1168 * The *slideshow* which is run
during installation now has API versions. API version 1 (the default) runs as
before, where the slideshow is loaded when the installation starts. API version
2 loads the slideshow on Calamares startup, thus improving responsiveness.
Documentation in `src/branding/README.md`. upstream issue #1152 * The example
slideshow now uses API version 2. (The packaged one currently still uses API
version 1 though.) * *partition* Now has its own setting for *requiredStorage*,
duplicating the same setting in the *welcome* module. This is useful for
configurations where no *welcome* module is used, but a minimum size must be
checked anyway. upstream issue #1169
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 8 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.11-1
- Update to 3.2.11 (fixes CVE-2019-13178)
- Rebase default-settings and kdesu patches
- default-settings patch: improve default branding (but auto is still better)
- Drop upstreamed shim-grub-cfg patch
* Sun May 12 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.8-3
- bootloader: shim-grub-cfg patch: fix destination path for grub.cfg
- default-settings patch: fix warnings due to missing or unimplemented settings
* Sun May 12 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.8-2
- bootloader: fix sb-shim mode to write grub.cfg into the EFI System Partition
* Fri May 10 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.8-1
- Update to 3.2.8
- Rebase default-settings patch, disable GeoIP that is now enabled by default
- Drop upstreamed boost-python3, unpackfs-dev,
dont-unmount-dev-mapper-live-base, and mount-selinux patches
* Wed May 8 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-10
- mount: copy the SELinux context of the host directory to the mountpoint
* Wed May 8 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-9
- Revert the change from "-8", this cannot be done with shellprocess
* Wed May 8 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-8
- default-settings patch: enable the shellprocess module to create the mount
point directories on the / partition with the correct SELinux contexts
* Mon May 6 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-7
- default-settings patch: update the log path in umount.conf
* Mon May 6 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-6
- Fix branding logos to use the correct form factor for each variant
- partition: do not unmount /dev/mapper/live-* (live-base needed in unpackfs)
* Sun May 5 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-5
- Drop the grub2-efi*-modules dependencies, not needed with sb-shim support
- Add Requires: efibootmgr instead, used by the sb-shim support
- default-settings patch: disable the new libpwquality check by default
* Sun May 5 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-4
- unpackfs: do not use -o loop if the source is a device (fails on F29+)
* Sun May 5 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-3
- Add BuildRequires: parted-devel (used in welcome to check storage requirement)
* Sun May 5 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-2
- Fix finding Boost::Python3 on F30+
- Only BuildRequire libatasmart-devel and libblkid-devel on F29-
* Sun May 5 2019 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 3.2.7-1
- Update to 3.2.7 and update BuildRequires and Requires
- Add plasmalnf subpackage for the new plasmalnf module requiring plasma-desktop
- Switch webview from QtWebEngine to QtWebKit to work around upstream issue 1051
- Rebase default-settings patch and update some settings:
- enable INSTALL_CONFIG by default (we patch it in place, so install it)
- disable plymouthcfg by default (now only needed to change the default theme)
- bootloader.conf: enable sb-shim (UEFI "Secure Boot" support)
- plasmalnf.conf (note: module disabled by default): fix default liveuser
- plasmalnf.conf (note: module disabled by default): default: show all themes
- tracking.conf (note: module disabled by default): default tracking to none
- users.conf: default to honoring the default shell from /etc/default/useradd
- welcome.conf: use https for internetCheckUrl (catches more captive portals)
- Rebase kdesu patch
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.8-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 24 2019 Jonathan Wakely <jwakely(a)redhat.com> - 3.1.8-12
- Rebuilt for Boost 1.69
* Mon Jan 14 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 3.1.8-11
- Rebuilt for libcrypt.so.2 (#1666033)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1726565 - CVE-2019-13178 calamares: race condition in
modules/luksbootkeyfile/main.py
https://bugzilla.redhat.com/show_bug.cgi?id=1726565
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-e61a85c2bb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------