May 2020 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1161562] VUL-1: CVE-2019-19274: python-typed-ast: out-of-bounds read may crash Python interpreter
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.suse.com/show_bug.cgi?id=1161562 http://bugzilla.suse.com/show_bug.cgi?id=1161562#c4 --- Comment #4 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2020:0567-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (low) Bug References: 1161562,1161563,1163532 CVE References: CVE-2019-19274,CVE-2019-19275 Sources used: openSUSE Leap 15.1 (src): python-typed-ast-1.3.1-lp151.2.6.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1134805] New: Graphical artifacts in KDE and SDDM, using radeon driver
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1134805 Bug ID: 1134805 Summary: Graphical artifacts in KDE and SDDM, using radeon driver Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: X.Org Assignee: xorg-maintainer-bugs(a)forge.provo.novell.com Reporter: opensuse.lietuviu.kalba(a)gmail.com QA Contact: xorg-maintainer-bugs(a)forge.provo.novell.com Found By: --- Blocker: --- Created attachment 804814 --> http://bugzilla.opensuse.org/attachment.cgi?id=804814&action=edit /var/log/Xorg.0.log I see graphical artifacts during KDE logout and in SDDM. Operating System: openSUSE Tumbleweed 20190509 KDE Plasma Version: 5.15.5 KDE Frameworks Version: 5.57.0 Qt Version: 5.12.3 Kernel Version: 5.0.11-1-default OS Type: 32-bit Processors: 1 × Intel® Celeron® D CPU 3.06GHz Memory: 1,8 GiB /etc/X11/xorg.conf does not exist > zypper se --details --installed-only xf86-video- Loading repository data... Reading installed packages... S | Name | Type | Version | Arch ---+-------------------+---------+------------+----- i+ | xf86-video-amdgpu | package | 19.0.1-1.1 | i586 i+ | xf86-video-ati | package | 19.0.1-1.1 | i586 i | xf86-video-dummy | package | 0.3.8-1.6 | i586 i+ | xf86-video-fbdev | package | 0.5.0-1.4 | i586 i+ | xf86-video-mach64 | package | 6.9.6-1.4 | i586 i+ | xf86-video-r128 | package | 6.11.0-1.2 | i586 i+ | xf86-video-vesa | package | 2.4.0-1.4 | i586 > rpm -q sddm | head -n3 sddm-0.18.0-7.1.i586 > rpm --changelog -q sddm | head -n3 * Mon Feb 18 2019 Fabian Vogt <fabian(a)ritter-vogt.de> - Add patch to fix reading garbage from getpwnam (boo#1125624): * 0001-Use-C-scoping-for-handling-buffer-deletion.patch > rpm --changelog -q Mesa | head -n3 * Fri Apr 26 2019 Stefan Dirsch <sndirsch(a)suse.com> - Update to 19.0.3 * quiet release with just 19 patches (excluding release churn) > rpm --changelog -q xorg-x11-server | head -n3 * Wed Apr 24 2019 Martin Li?ka <mliska(a)suse.cz> - Disable LTO (boo#1133294). > rpm --changelog -q xf86-input-evdev | head -n3 * Wed May 30 2018 sndirsch(a)suse.com - upt to version 2.10.6 * Since evdev is in maintenance mode there aren't a lot of > rpm --changelog -q xf86-video-ati | head -n3 * Fri Mar 22 2019 Stefan Dirsch <sndirsch(a)suse.com> - Update to release 19.0.1 * Fixes for two regressions which crept into the 19.0.0 release. > rpm --changelog -q xf86-video-fbdev | head -n3 * Mon Jun 04 2018 sndirsch(a)suse.com - Update to version 0.5.0 * Compatibility updates for xserver 1.20. > rpm --changelog -q xf86-video-modesetting | head -n3 package xf86-video-modesetting is not installed > rpm --changelog -q xf86-video-vesa | head -n3 * Fri Feb 16 2018 sndirsch(a)suse.com - Update to version 2.4.0 * Nothing terribly exciting, but enough bug fixes to justify a > hwinfo --gfx 14: PCI 105.0: 0300 VGA compatible controller (VGA) [Created at pci.386] Unique ID: ul7N.n3FKoMfWx+7 Parent ID: vSkL.4UFp5fHqms6 SysFS ID: /devices/pci0000:00/0000:00:01.0/0000:01:05.0 SysFS BusID: 0000:01:05.0 Hardware Class: graphics card Model: "ATI Radeon XPRESS 200 5A61 (PCIE)" Vendor: pci 0x1002 "ATI Technologies Inc" Device: pci 0x5a61 "Radeon XPRESS 200 5A61 (PCIE)" SubVendor: pci 0x8086 "Intel Corporation" SubDevice: pci 0xd601 Driver: "radeon" Driver Modules: "radeon" Memory Range: 0x80000000-0x8fffffff (ro,non-prefetchable) I/O Ports: 0x2000-0x2fff (rw) Memory Range: 0xa0100000-0xa010ffff (rw,non-prefetchable) Memory Range: 0x000c0000-0x000dffff (rw,non-prefetchable,disabled) IRQ: 17 (3009 events) I/O Ports: 0x3c0-0x3df (rw) Module Alias: "pci:v00001002d00005A61sv00008086sd0000D601bc03sc00i00" Driver Info #0: XFree86 v4 Server Module: radeon Driver Info #1: XFree86 v4 Server Module: fglrx 3D Support: yes Extensions: dri Config Status: cfg=new, avail=yes, need=no, active=unknown Attached to: #20 (PCI bridge) -- You are receiving this mail because: You are on the CC list for the bug.

1 34

[Bug 1170027] New: GCC 10: kubernetes1.17 build fails
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1170027 Bug ID: 1170027 Summary: GCC 10: kubernetes1.17 build fails Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Fails here: https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:… with: [ 31s] + make -j16 'WHAT=cmd/kube-apiserver cmd/kube-controller-manager cmd/kube-scheduler cmd/kube-proxy cmd/kubelet cmd/kubectl cmd/kubeadm' GOFLAGS=-buildmode=pie [ 48s] +++ [0421 03:16:50] Building go targets for linux/amd64: [ 48s] ./vendor/k8s.io/code-generator/cmd/deepcopy-gen [ 48s] +++ [0421 03:16:50] Building go targets for linux/amd64: [ 48s] ./vendor/k8s.io/code-generator/cmd/conversion-gen [ 48s] +++ [0421 03:16:50] Building go targets for linux/amd64: [ 48s] ./vendor/k8s.io/kube-openapi/cmd/openapi-gen [ 48s] +++ [0421 03:16:50] Building go targets for linux/amd64: [ 48s] ./vendor/k8s.io/code-generator/cmd/defaulter-gen [ 48s] +++ [0421 03:16:50] Building go targets for linux/amd64: [ 48s] ./vendor/github.com/go-bindata/go-bindata/go-bindata [ 61s] 2020/04/21 03:17:02 OpenAPI code generation error: Failed making a parser: unable to add directory "k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/apis/meta/v1": unable to import "k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/apis/meta/v1": /home/abuild/rpmbuild/BUILD/kubernetes-1.17.4/_output/local/go/src/k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.deepcopy.go:1:1: expected 'package', found 'EOF' [ 61s] make[1]: *** [Makefile.generated_files:502: staging/src/k8s.io/sample-apiserver/pkg/generated/openapi/zz_generated.openapi.go] Error 1 [ 61s] make[1]: *** Waiting for unfinished jobs.... [ 67s] make: *** [Makefile:544: generated_files] Error 2 [ 67s] error: Bad exit status from /var/tmp/rpm-tmp.ClVLla (%build) -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1066021] New: Always getting 'Failed unmounting Runtime Directory' (and /var) during shutdown
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1066021 Bug ID: 1066021 Summary: Always getting 'Failed unmounting Runtime Directory' (and /var) during shutdown Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: x86-64 OS: openSUSE 42.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: studio(a)anchev.net QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Each time I shutdown/reboot I get these red colored messages: ---- Failed unmounting Runtime Directory. ... Failed unmounting /var. ---- This has been happening since I installed Leap 42.1 (currently I use 42.3). Nothing seems to have been broken so far but once during a recent boot there was some more extensive disk check. I have followed the steps given here: https://lists.opensuse.org/opensuse-factory/2016-05/msg00341.html As the guys in the forums asked to look at the beginning of the log here are the first 20 lines of the latest log file: https://susepaste.org/71c124c1 These are the last 40 lines of the log: https://susepaste.org/29aa84b3 The message "Failed to unmount /var" appears during shutdown right before this message (I don't know why it is not in the log though): [ 31.245825] systemd-shutdown[1]: Unmounting /var. /var is sdb3 Another message which always appears in the log is this one: [ 10.165896] FAT-fs (sdd1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. sdd1 is /boot/efi Looking at SMART tests - all disks are fine, i.e. it is not a hardware issue. I am hesitant to share the full shutdown-log.txt as I am cautious about the security of the system (it seems to expose certain data) but if there is any other way to diagnose this and provide necessary data please let me know. You can see the whole forum discussion: https://forums.opensuse.org/showthread.php/527879-Always-getting-Failed-unm… -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1169729] New: VUL-0: CVE-2020-6457: chromium: Update to 81.0.4044.113
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.suse.com/show_bug.cgi?id=1169729 Bug ID: 1169729 Summary: VUL-0: CVE-2020-6457: chromium: Update to 81.0.4044.113 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security Assignee: tchvatal(a)suse.com Reporter: atoptsoglou(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- This update includes 1 security fix. [$TBD][1067851] Critical CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong of Alpha Lab, Qihoo 360 on 2020-04-04 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Prudhvikumar Bommana Google Chrome Share on Twitter Share on Facebook https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-des… -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1137164] New: GNOME updater does not request EULA confirmation
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.opensuse.org/show_bug.cgi?id=1137164 Bug ID: 1137164 Summary: GNOME updater does not request EULA confirmation Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME Assignee: bnc-team-gnome(a)forge.provo.novell.com Reporter: arvidjaar(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- During last huge update all attempts to use GNOME updater interface to download available updates failed. In pkmon could be seen: 1 /23_edecccde /23_edecccde allow_cancel 1 /23_edecccde percentage -1 /23_edecccde role update-packages /23_edecccde status setup /23_edecccde status dep-resolve /23_edecccde percentage 0 /23_edecccde percentage 100 /23_edecccde status update /23_edecccde percentage 0 /23_edecccde status finished /23_edecccde exit code: eula-required /23_edecccde error code: no-license-agreement, You've to agree/decline a license bor@10:~> rpm -q PackageKit PackageKit-1.1.12-8.1.x86_64 No EULA was displayed and no confirmation request ever appeared. -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1169238] AUDIT-0: enlightenment: changes to binaries requiring suid bits
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.suse.com/show_bug.cgi?id=1169238 http://bugzilla.suse.com/show_bug.cgi?id=1169238#c11 --- Comment #11 from Simon Lees <simonf.lees(a)suse.com> --- (In reply to Matthias Gerstner from comment #10) > I will make a second pass over all the findings in a while when I have dealt > with some other things I'm currently working on. > > There are sign on the upstream mailing list that they're making a new > release. > Will this include the setuid program? In any case I would like to have a look > at the released version of the tool and maybe also follow-up releases until > the program is feature complete. There's a rather high danger that > regressions > are introduced. The libraries were released yesterday they are independent and don't include it. Enlightenment will likely be released within the coming month including the binary. The current plan is Alpha this weekend, then Beta next weekend and release after that if there are no issues. This release will include the new suid binary. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1160947] btrfs balance cancel takes eternity
by bugzilla_noreply＠novell.com 01 May '20

01 May '20

http://bugzilla.suse.com/show_bug.cgi?id=1160947 http://bugzilla.suse.com/show_bug.cgi?id=1160947#c7 --- Comment #7 from Wenruo Qu <wqu(a)suse.com> --- (In reply to Daniel Noga from comment #5) > * install all updates including kernel > * reboot to run latest Leap 15.1 kernel > * run "sudo btrfs balance start /" in first terminal > * run "sudo btrfs balance cancel /" in second terminal terminal > -> terminated immediatelly > > * run "sudo btrfs balance start /" in first terminal again > * try "sudo btrfs balance status /" in second terminal > * now wait around one minute, till it starts showing "sudo btrfs balance > status /" start showing "0 out of about 66 chunks balanced (5 considered), > 100% left" > * run "sudo btrfs balance cancel /" in second terminal terminal > * I am waiting already ten minutes and balance still runs > * try to CTRL + C on first terminal, nothing happens, still runs > > > 4.12.14-lp151.28.48-default Dmesg please. There is a reported but hard to reproduce situation in upstream, where "Found XXX extents" loops and failed to cancel. Need dmesg to make sure that's the case. -- You are receiving this mail because: You are on the CC list for the bug.

1 0