An update of Calamares to release 3.2.11, which fixes CVE-2019-13178, a race condition when LUKS full disk encryption is enabled, between the time when the LUKS encryption keyfile is created and when secure permissions are set. (The Calamares 3.2.11 release also fixes the related CVE-2019-13179, but that security issue does not affect Fedora.)
In addition, since the previously packaged version was Calamares 3.2.8, this update includes all changes from Calamares 3.2.9:
os-release
variables in the strings section, which allows re-using (at runtime) information set in /etc/os-release
. This requires KDE Frameworks 5.58. upstream issue #1150 (This feature is now used in the version of default
branding packaged here. However, the packages still default to the auto
branding, which recovers more information from /etc/os-release
at RPM installation time.)and from Calamares 3.2.10:
src/branding/README.md
. upstream issue #1152Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2019-e61a85c2bb
Please login to add feedback.
This update has been submitted for testing by kkofler.
This update test gating status has been changed to 'waiting'.
This update test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
Unfortunately, it looks like UEFI installations don't work with Calamares 3.2.11. I need to investigate that issue before pushing this update.
This update's test gating status has been changed to 'greenwave_failed'.
This update's test gating status has been changed to 'ignored'.
It turns out that the UEFI issue is not caused by the update. UEFI works in the VM with a fresh disk image and not with a reused one. It is unclear whether it works on real hardware. But the update does not make this any better or worse, so let us just push the security update now and look into UEFI later.
This update has been submitted for stable by kkofler.
This update has been pushed to stable.