April 2022 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1198130] security/parsec-tool: Bug rust-packaging will be removed. Please update to cargo-packaging
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

https://bugzilla.suse.com/show_bug.cgi?id=1198130 https://bugzilla.suse.com/show_bug.cgi?id=1198130#c8 --- Comment #8 from Marcus Meissner <meissner(a)suse.com> --- i added the 15.3:Update repository also to the "security" project fwiw. and yes, 15.4 will have the cargo-packaging tool with GA. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1198130] New: security/parsec-tool: Bug rust-packaging will be removed. Please update to cargo-packaging
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1198130 Bug ID: 1198130 Summary: security/parsec-tool: Bug rust-packaging will be removed. Please update to cargo-packaging Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: meissner(a)suse.com Reporter: william.brown(a)suse.com QA Contact: screening-team-bugs(a)suse.de Found By: --- Blocker: --- We plan to remove the unmaintained rust-packaging package. Please update to use cargo-packaging instead. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1198186] New: VUL-1: CVE-2022-1238: radare2: Heap-based Buffer Overflow in libr/bin/format/ne/ne.c
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1198186 Bug ID: 1198186 Summary: VUL-1: CVE-2022-1238: radare2: Heap-based Buffer Overflow in libr/bin/format/ne/ne.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/328287/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: cathy.hu(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2022-1238 Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1238 https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805… https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200 -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1198185] New: VUL-1: CVE-2022-1237: radare2: Improper Validation of Array Index can lead to heap overflow
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1198185 Bug ID: 1198185 Summary: VUL-1: CVE-2022-1237: radare2: Improper Validation of Array Index can lead to heap overflow Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/328288/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: cathy.hu(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2022-1237 Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1237 https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b… https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40 -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1198186] VUL-1: CVE-2022-1238: radare2: Heap-based Buffer Overflow in libr/bin/format/ne/ne.c
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

https://bugzilla.suse.com/show_bug.cgi?id=1198186 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1198185] VUL-1: CVE-2022-1237: radare2: Improper Validation of Array Index can lead to heap overflow
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

https://bugzilla.suse.com/show_bug.cgi?id=1198185 Maintenance Robot <maint-coord+maintenance_robot(a)suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1198061] PI3 - Black screen via HDMI - vc4 issue
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

https://bugzilla.suse.com/show_bug.cgi?id=1198061 https://bugzilla.suse.com/show_bug.cgi?id=1198061#c3 --- Comment #3 from Ivan Ivanov <ivan.ivanov(a)suse.com> --- (In reply to Robert Herb from comment #0) > [ 15.627902] [drm:vc4_vec_bind [vc4]] *ERROR* Failed to get clock: -2 > [ 15.627991] vc4-drm soc:gpu: failed to bind 3f806000.vec (ops vc4_vec_ops > [vc4]): -2 > [ 15.832274] vc4-drm soc:gpu: master bind failed: -2 > [ 15.832343] vc4-drm: probe of soc:gpu failed with error -2 Indeed this is bsc#1196632 I have copied latest openSUSE-Leap-15.4-ARM-XFCE on my RPi 3B+ Rev 1.3 uSD card, I plugged HDMI cable and powered up the board. After a minute I was welcomed with login dialog. But I don't see above vc4-drm errors, hm... kernel-default 5.14.21-150400.11.2 raspberrypi-firmware-dt 2021.11.19-150400.1.1 Which is the version of raspberrypi-firmware-dt that you have? > Expected Results: > After boot graphics (in my case kodi) should appear Maybe I don't look at the right place, but I don't see Kodi supported in 15.4 https://software.opensuse.org/package/kodi -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1193852] armv7 kernel crashes on lzo1x_1_do_compress+0xe8/0x600
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

https://bugzilla.suse.com/show_bug.cgi?id=1193852 https://bugzilla.suse.com/show_bug.cgi?id=1193852#c21 --- Comment #21 from Dirk Mueller <dmueller(a)suse.com> --- I'm not david, but my understanding is that those patches are noops for 64 bit platforms as the kmap/unmap are empty functions there. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1197780] New: rpm varies from parallelism
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1197780 Bug ID: 1197780 Summary: rpm varies from parallelism Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Development Assignee: mls(a)suse.com Reporter: bwiedemann(a)suse.com QA Contact: qa-bugs(a)suse.de CC: dmueller(a)suse.com Found By: --- Blocker: --- Today I observed a new class of issues that affects at least adinatha-fonts arabic-fonts gdouros-akkadian-fonts icingaweb2 solaar xsane I did not re-test all packages. There are unaffected packages. Affected package sizes range from 1MB to 5MB. I made a minimal reproducer in https://build.opensuse.org/package/show/home:bmwiedemann:reproducible:test/… Building it with for N in 1 2 ; do osc build --noservice --clean --vm-type=kvm -j$N \ --keep-pkgs=pkgs.$N openSUSE_Tumbleweed x86_64 ; done causes it to vary It probably has to do with filterdiff printrpmtags pkgs.[12]/adinatha-fonts-1.0-0.noarch.rpm LONGARCHIVESIZE=2146852 LONGFILESIZES=0 -LONGSIGSIZE=1897928 +LONGSIGSIZE=1897768 LONGSIZE=2146214 What recent change could cause this? Does it have to do with compression? There have been previous cases where single-threaded compression gave different results, but afaik zstd avoided these by always using the multi-threaded code, even on single-core. -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1198147] cockpit: cockpit contains leap branding
by bugzilla_noreply＠suse.com 07 Apr '22

07 Apr '22

https://bugzilla.suse.com/show_bug.cgi?id=1198147 Chenzi Cao <chcao(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs(a)suse.de |microos-bugs(a)suse.de -- You are receiving this mail because: You are on the CC list for the bug.

1 0