There's a new version of usbview that is now released. If you are building/running from source, this isn't that big of a change, but if you are a distro packager, this is a big deal as it fixes an issue with pollkit that could cause bad issues due to some root privileges being needed for the program to run well. This fixes CVE-2022-23220 and many thanks to Matthias Gerstner of the SUSE security team for finding and fixing these issues. The package can be downloaded at: http://www.kroah.com/linux/usb/usbview-2.2.tar.gz and the git tree can be found at: http://github.com/gregkh/usbview Note, the requirement of root access for this tool is a story of how systems evolve over time. When this tool was first written, back in 1999, 'devices' file in usbdevfs (now usbfs), which was readable by anyone. Then that file moved out of usbdevfs and into debugfs, which was mounted at /sys/kernel/debug/ and still readable by anyone. Then, distros started to lock down debugfs and would only allow programs that had root access to read from it, which required usbview to also require such access. This really is silly given that the same information, if not more, is available to anyone who uses 'lsusb' or libusb as usb device information is not restricted. But usbview was never touched, and so it still required such access, which was noticed by SUSE and hence the security audit. I have a hacked up rewrite of the tool in a branch in the git tree that does not require root access, and will be polishing this up and should do a new release with that change in a few days. But for now, the above security fix should be sufficient for distros that currently ship the package and use the polkit configuration file. thanks, greg k-h ------- version 2.2 - security issue fixed with polkit (CVE-2022-23220). - copyright year fixups and updates - tooltip added to explain red devices have no attached drivers
