July 2022 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1146427] VUL-1: CVE-2019-14751: python-nltk: Natural Language Toolkit (NLTK) prior to version 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash)
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1146427 https://bugzilla.suse.com/show_bug.cgi?id=1146427#c7 --- Comment #7 from Swamp Workflow Management <swamp(a)suse.de> --- openSUSE-SU-2022:10040-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1146427,1191030 CVE References: CVE-2019-14751,CVE-2021-3828 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): python-nltk-3.7-bp152.3.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1200682] New: rsyslog hangs during shutdown
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1200682 Bug ID: 1200682 Summary: rsyslog hangs during shutdown Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: oliver(a)schwabedissen.name QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Since one of the last snapshots my system takes very log to shutdown. I found that there is a 90 second timeout when trying to stop system logging services. The message I see is "A stop job is running for system logging service (1 min 30 sec)" After 90 seconds rsyslog is killed and shutdown continues. I also see this when trying to stop rsyslog on a running system (systemctl stop rsyslog.service): Jun 19 09:03:14 frodo systemd[1]: Stopping System Logging Service... Jun 19 09:04:44 frodo systemd[1]: rsyslog.service: State 'stop-sigterm' timed out. Killing. Jun 19 09:04:44 frodo systemd[1]: rsyslog.service: Killing process 1783 (rsyslogd) with signal SIGKILL. Jun 19 09:04:44 frodo systemd[1]: rsyslog.service: Killing process 1787 (in:imklog) with signal SIGKILL. Jun 19 09:04:44 frodo systemd[1]: rsyslog.service: Killing process 1788 (rs:main Q:Reg) with signal SIGKILL. Jun 19 09:04:44 frodo systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL Jun 19 09:04:44 frodo systemd[1]: rsyslog.service: Failed with result 'timeout'. Jun 19 09:04:44 frodo systemd[1]: Stopped System Logging Service. I found a thread about this in the openSUSE forums: https://forums.opensuse.org/showthread.php/571409-Ninety-second-shutdown-de… Some tried to replace rsyslog with syslog-ng which solved the problem. But this is a workaround and I think a fix should be found. -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1084811] New: E-sata hotplugging stopped working since kernel 4.15
by bugzilla_noreply＠novell.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1084811 Bug ID: 1084811 Summary: E-sata hotplugging stopped working since kernel 4.15 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Factory Status: NEW Severity: Major Priority: P5 - None Component: Kernel Assignee: kernel-maintainers(a)forge.provo.novell.com Reporter: attila.schler(a)atskler.net QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- I have noticed that on my Dell E6520 notebook the e-sata hotplugging stopped working since kernel 4.15. Currently I can observe this problem with kernel: 4.15.7-1.6-x86_64 4.16.0-rc4-4.g7a5941a-x86-64 The e-sata cable is OK, and an e-sata device can be used with kernel 4.15 if it is turned on and plugged in before powering on my notebook. (The e-sata hotplugging works well with the Leap kernel 4.12.14-lp150.5.3-x86_64.) ___ (I’m not an advanced user, but I’m ready to follow detailed instructions.) -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1201006] Krusader will not open .zip file
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

https://bugzilla.suse.com/show_bug.cgi?id=1201006 https://bugzilla.suse.com/show_bug.cgi?id=1201006#c2 John Bennett <hornetster(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|DUPLICATE |--- --- Comment #2 from John Bennett <hornetster(a)gmail.com> --- Apparently with the fix for https://bugzilla.suse.com/show_bug.cgi?id=1198725, still has not resolved the locking up while trying to open zip files. Have tested by updating to latest version (Wed Jun 29 22:00:00 2022 Christophe Giboudeaux <christophe(a)krop.fr> - Add patch to fix the 'Compress' menu (boo#1198725) * 0001-Fixed-non-working-actions-for-create-extract-archive.patch) and continue to have issues opening zip files. Asked to re-open. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1177288] New: Raspberry pi3 (model b) crashes with network gadget
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1177288 Bug ID: 1177288 Summary: Raspberry pi3 (model b) crashes with network gadget Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: coolo(a)suse.com QA Contact: qa-bugs(a)suse.de CC: guillaume.gardet(a)arm.com, nsaenzjulienne(a)suse.com Found By: --- Blocker: --- I use the official Leap 15.2 Jeos image on a pi3b and have a USB network device attached to it (a very special one, https://www.fibrecode.com/fc602-usb-oabr-broadr-reach-100base-t1-stick.html) and it crashes the kernel pretty reliably with the following crash dump. [ 86.184109] usb 1-1.3: USB disconnect, device number 5 [ 86.184427] cdc_ether 1-1.3:1.0 eth2: unregister 'cdc_ether' usb-3f980000.usb-1.3, CDC Ethernet Device [ 99.795717] usb 1-1.3: new high-speed USB device number 7 using dwc2 [ 99.926758] usb 1-1.3: New USB device found, idVendor=152a, idProduct=857b, bcdDevice= 2.24 [ 99.926780] usb 1-1.3: New USB device strings: Mfr=2, Product=1, SerialNumber=3 [ 99.926788] usb 1-1.3: Product: FibreCode FC602 Stick [ 99.926796] usb 1-1.3: Manufacturer: FibreCode [ 99.926804] usb 1-1.3: SerialNumber: FC01330000018a69 [ 99.930380] cdc_ether 1-1.3:1.0 eth1: register 'cdc_ether' at usb-3f980000.usb-1.3, CDC Ethernet Device, fc:c2:3d:1f:7f:ad [ 99.949857] cdc_ether 1-1.3:1.0 eth2: renamed from eth1 [ 740.880346] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 7 - ChHltd set, but reason is unknown [ 740.880360] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04400001 [ 741.461843] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 1 - ChHltd set, but reason is unknown [ 741.461858] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x06400001 [ 741.880374] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 5 - ChHltd set, but reason is unknown [ 741.880386] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04400001 [ 741.880395] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 741.880573] WARNING: CPU: 0 PID: 0 at ../drivers/usb/dwc2/hcd.c:2683 dwc2_assign_and_init_hc+0x664/0xa10 [dwc2] [ 741.880578] Modules linked in: af_packet iscsi_ibft iscsi_boot_sysfs vc4 drm_kms_helper drm btsdio snd_soc_core bluetooth snd_compress snd_bcm2835(C) nls_iso8859_1 ac97_bus nls_cp437 snd_pcm_dmaengine ecdh_generic snd_pcm bcm2835_v4l2(C) ecc vfat v4l2_common snd_timer fat videobuf2_vmalloc brcmfmac videobuf2_memops videobuf2_v4l2 snd videobuf2_common videodev mc brcmutil cpufreq_dt soundcore fb_sys_fops cfg80211 syscopyarea sysfillrect microchip sysimgblt rfkill ftdi_sio cdc_ether usbnet lan78xx usbserial mii raspberrypi_hwmon bcm2835_thermal raspberrypi_cpufreq vchiq(C) bcm2835_rng bcm2835_wdt crct10dif_ce uio_pdrv_genirq uio leds_gpio ext4 mbcache jbd2 mmc_block dwc2 udc_core usbcore sdhci_iproc sdhci_pltfm sdhci bcm2835 gpio_raspberrypi_exp mmc_core clk_raspberrypi i2c_bcm2835 bcm2835_dma fixed phy_generic dm_mirror dm_region_hash dm_log sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod efivarfs [ 741.880754] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G C 5.3.18-lp152.36-default #1 openSUSE Leap 15.2 (unreleased) [ 741.880759] Hardware name: raspberrypi rpi/rpi, BIOS 2020.01 06/02/2020 [ 741.880765] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 741.880799] pc : dwc2_assign_and_init_hc+0x664/0xa10 [dwc2] [ 741.880834] lr : dwc2_hcd_select_transactions+0x104/0x1a0 [dwc2] [ 741.880838] sp : ffff000010003c60 [ 741.880842] x29: ffff000010003c60 x28: ffff3bd997683dc0 [ 741.880849] x27: ffffa6ec7c4c4000 x26: ffff3bd997679000 [ 741.880857] x25: 0000000000000008 x24: ffffa6ec7c6a55e0 [ 741.880864] x23: ffffa6ec6bbc5080 x22: ffffa6ec77d12830 [ 741.880871] x21: ffffa6ec79871600 x20: ffffa6ec7c6a5080 [ 741.880878] x19: ffffa6ec6bbc50c8 x18: ffffffffffffffff [ 741.880885] x17: 0000000000000001 x16: 0000000000000007 [ 741.880891] x15: ffff3bd997679708 x14: ffff3bd9978cfa28 [ 741.880898] x13: ffff3bd9978cf67e x12: ffff3bd9976a2000 [ 741.880905] x11: 0000000000000000 x10: ffff3bd9978ce000 [ 741.880912] x9 : 0000000000000000 x8 : 0000000000000003 [ 741.880919] x7 : 0000000000000176 x6 : ffff3bd9978cec90 [ 741.880925] x5 : 0000000000000001 x4 : ffffa6ec79871698 [ 741.880932] x3 : 0000000000000000 x2 : 00000000000005ee [ 741.880939] x1 : 0000000000000000 x0 : 0000000000000002 [ 741.880946] Call trace: [ 741.880984] dwc2_assign_and_init_hc+0x664/0xa10 [dwc2] [ 741.881018] dwc2_hcd_select_transactions+0x104/0x1a0 [dwc2] [ 741.881052] dwc2_release_channel+0xfc/0x280 [dwc2] [ 741.881087] dwc2_halt_channel+0xac/0x158 [dwc2] [ 741.881121] dwc2_hc_n_intr+0x860/0x8c0 [dwc2] [ 741.881155] dwc2_handle_hcd_intr+0x38c/0x450 [dwc2] [ 741.881188] _dwc2_hcd_irq+0x20/0x30 [dwc2] [ 741.881278] usb_hcd_irq+0x3c/0x60 [usbcore] [ 741.881291] __handle_irq_event_percpu+0x74/0x268 [ 741.881299] handle_irq_event_percpu+0x40/0x98 [ 741.881307] handle_irq_event+0x50/0xa8 [ 741.881314] handle_level_irq+0xd4/0x178 [ 741.881321] generic_handle_irq+0x34/0x50 [ 741.881332] bcm2836_chained_handle_irq+0x4c/0x70 [ 741.881339] generic_handle_irq+0x34/0x50 [ 741.881346] __handle_domain_irq+0x68/0xc0 [ 741.881354] bcm2836_arm_irqchip_handle_irq+0x78/0xe0 [ 741.881360] el1_irq+0xcc/0x180 [ 741.881369] arch_cpu_idle+0x40/0x1c0 [ 741.881377] default_idle_call+0x24/0x44 [ 741.881385] do_idle+0x1dc/0x2c0 [ 741.881392] cpu_startup_entry+0x28/0x30 [ 741.881400] rest_init+0xc4/0xd0 [ 741.881409] arch_call_rest_init+0x14/0x1c [ 741.881414] start_kernel+0x4e8/0x51c [ 741.881419] ---[ end trace 29007ab7897c5716 ]--- [ 742.880425] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 7 - ChHltd set, but reason is unknown [ 742.880437] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600001 [ 742.880445] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 743.880453] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 3 - ChHltd set, but reason is unknown [ 743.880465] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600001 [ 743.880474] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 744.880491] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 4 - ChHltd set, but reason is unknown [ 744.880505] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600001 [ 744.880514] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 745.880537] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 6 - ChHltd set, but reason is unknown [ 745.880549] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600001 [ 745.880557] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 746.880564] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 5 - ChHltd set, but reason is unknown [ 746.880576] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600001 [ 746.880585] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 747.880601] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 1 - ChHltd set, but reason is unknown [ 747.880612] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600001 [ 747.880621] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 748.880641] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 6 - ChHltd set, but reason is unknown [ 748.880654] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600009 [ 748.880664] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 749.880675] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 1 - ChHltd set, but reason is unknown [ 749.880686] dwc2 3f980000.usb: hcint 0x00000002, intsts 0x04600001 [ 749.880695] dwc2 3f980000.usb: dwc2_update_urb_state_abn(): trimming xfer length [ 750.880718] dwc2 3f980000.usb: dwc2_hc_chhltd_intr_dma: Channel 4 - ChHltd set, but reason is unknown -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1201012] Raspberry Pi 4: sound via HDMI not working
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1201012 http://bugzilla.opensuse.org/show_bug.cgi?id=1201012#c1 Stefan Wahren <stefan.wahren(a)i2se.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hare(a)suse.com, | |stefan.wahren(a)i2se.com Flags| |needinfo?(hare(a)suse.com) --- Comment #1 from Stefan Wahren <stefan.wahren(a)i2se.com> --- I think it's very unlikely that this patch fixes the issue. Can you please provide the full dmesg? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1200943] End of Life (EOL) of Leap 15.4 is wrong
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1200943 http://bugzilla.opensuse.org/show_bug.cgi?id=1200943#c5 Andreas Stieger <Andreas.Stieger(a)gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED CC| |lubos.kocman(a)suse.com Assignee|lubos.kocman(a)suse.com |meissner(a)suse.com --- Comment #5 from Andreas Stieger <Andreas.Stieger(a)gmx.de> --- (In reply to Swamp Workflow Management from comment #3) > openSUSE-RU-2022:10038-1: An update that has one recommended fix can now be > installed. This update seems to be nonfunctional (see log in bug 1201116) S | Name | Type | Version | Arch | Repository ---+------------------+------------+------------------+--------+----------------------- i+ | openSUSE-release | package | 15.4-lp154.153.1 | x86_64 | Main Repository v | openSUSE-release | package | 15.4-lp154.2.1 | x86_64 | Main Update Repository $ zypper vcmp 15.4-lp154.153.1 15.4-lp154.2.1 15.4-lp154.153.1 is newer than 15.4-lp154.2.1 This was reported clearly in OpenQA: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.4&bui… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1201116] New: patch openSUSE-2022-10038 is ignored
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1201116 Bug ID: 1201116 Summary: patch openSUSE-2022-10038 is ignored Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: All OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Maintenance Assignee: maintenance(a)opensuse.org Reporter: arvidjaar(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- bor@10:~> zypper info openSUSE-2022-10038 ... Conflicts : [103] srcpackage:openSUSE-release < 15.4-lp154.2.1 openSUSE-release.noarch < 15.4-lp154.2.1 openSUSE-release.x86_64 < 15.4-lp154.2.1 bor@10:~> zypper se -sx openSUSE-release Loading repository data... Reading installed packages... S | Name | Type | Version | Arch | Repository ---+------------------+------------+------------------+--------+----------------------- i+ | openSUSE-release | package | 15.4-lp154.153.1 | x86_64 | Main Repository v | openSUSE-release | package | 15.4-lp154.2.1 | x86_64 | Main Update Repository Well, according to my limited arithmetic skills, "153" is larger than "2" so there is no need to install this patch. One effect is that on Xfce desktop using package-update-indicator no update notification is present. "zypper patch" offers to install this patch and pretends to install it but this results in even more inconsistent state bor@10:~> sudo zypper patch Loading repository data... Reading installed packages... Resolving package dependencies... The following package is going to be upgraded: openSUSE-release-dvd The following NEW patch is going to be installed: openSUSE-2022-10038 1 package to upgrade. Overall download size: 8.1 KiB. Already cached: 0 B. No additional space will be used or freed after the operation. Continue? [y/n/v/...? shows all options] (y): Retrieving package openSUSE-release-dvd-15.4-lp154.2.1.x86_64 (1/1), 8.1 KiB ( 66 B unpacked) Retrieving: openSUSE-release-dvd-15.4-lp154.2.1.x86_64.rpm ...............[done] Checking for file conflicts: .............................................[done] (1/1) Installing: openSUSE-release-dvd-15.4-lp154.2.1.x86_64 .............[done] There are running programs which still use files and libraries deleted or updated by recent upgrades. They should be restarted to benefit from the latest updates. Run 'zypper ps -s' to list these programs. bor@10:~> zypper se -sx openSUSE-release Loading repository data... Reading installed packages... S | Name | Type | Version | Arch | Repository ---+------------------+------------+------------------+--------+----------------------- i+ | openSUSE-release | package | 15.4-lp154.153.1 | x86_64 | Main Repository v | openSUSE-release | package | 15.4-lp154.2.1 | x86_64 | Main Update Repository | openSUSE-release | srcpackage | 15.4-lp154.2.1 | noarch | Main Update Repository bor@10:~> zypper se -sx openSUSE-release-dvd Loading repository data... Reading installed packages... S | Name | Type | Version | Arch | Repository --+----------------------+---------+----------------+--------+----------------------- i | openSUSE-release-dvd | package | 15.4-lp154.2.1 | x86_64 | Main Update Repository -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1200943] End of Life (EOL) of Leap 15.4 is wrong
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1200943 http://bugzilla.opensuse.org/show_bug.cgi?id=1200943#c4 Andreas Stieger <Andreas.Stieger(a)gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arvidjaar(a)gmail.com --- Comment #4 from Andreas Stieger <Andreas.Stieger(a)gmx.de> --- *** Bug 1201116 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1201118] New: polkit.log method is useless after switching to duktape
by bugzilla_noreply＠suse.com 03 Jul '22

03 Jul '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1201118 Bug ID: 1201118 Summary: polkit.log method is useless after switching to duktape Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: arvidjaar(a)gmail.com QA Contact: qa-bugs(a)suse.de CC: fvogt(a)suse.com Found By: --- Blocker: --- From polkit manual page: The log() method writes the given message to the system logger prefixed with the JavaScript filename and line number. Log entries are emitted using the LOG_AUTHPRIV flag meaning that the log entries usually ends up in the file /var/log/secure. The log() method is usually only used when debugging rules. The Action and Subject types has suitable toString() methods defined for easy logging, for example, None of this works with duktape engine which just dumps whatever it got as string, so attempt to print action or subject or anything non-string results in error. And in any case, no file name/line number is added even for string content. -- You are receiving this mail because: You are on the CC list for the bug.

1 0