Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package busybox for openSUSE:Factory checked in at 2026-07-12 16:20:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/busybox (Old) and /work/SRC/openSUSE:Factory/.busybox.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "busybox" Sun Jul 12 16:20:07 2026 rev:98 rq:1364920 version:1.38.0 Changes: -------- --- /work/SRC/openSUSE:Factory/busybox/busybox.changes 2026-05-10 16:47:13.306071989 +0200 +++ /work/SRC/openSUSE:Factory/.busybox.new.1991/busybox.changes 2026-07-12 16:20:16.250183604 +0200 @@ -1,0 +2,32 @@ +Fri Jun 19 07:56:28 UTC 2026 - Radoslav Kolev <[email protected]> + +- Update to version 1.38.0: + * New applets: sha384sum, vmstat, ssl_server, lsblk, uuidgen + * Security: Disallow path traversals in archival (CVE-2023-39810) + * archival: Sanitize filenames on output to prevent control sequence attacks + * ash/hush: Implement <<< here_string syntax and improve bash compatibility + * libbb: Add yescrypt password hashing support + * tls: Implement server-side code and support ECDHE_RSA + * httpd: Add connection limits (-M), POSTDATA read timeouts, and CGI logging + * telnet/telnetd: Rewrite to use generic fd polling and I/O loop + * cut: Major fixes for empty delimiters, ranges, and output-delimiter support + * cp: Fix 'cp -aT' overwriting symlink to directories + * fdisk: Fix GPT disk size overflow and add 4K sector size support + * top: Reduce flicker and show RSS instead of VIRT by default + * udhcpc6: Fix potential buffer overflow + * many other small fixes and optimizations + +- Remove patches included in the new version: + * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch + * busybox-1.37.0-fix-regression-n2.patch + * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch + * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch + * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch + * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch + * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch + * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch + * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch + * 0001-udhcpc6-fix-buffer-overflow.patch + * 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch + +------------------------------------------------------------------- Old: ---- 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch 0001-udhcpc6-fix-buffer-overflow.patch 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch busybox-1.37.0-fix-regression-n2.patch busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch busybox-1.37.0.tar.bz2 busybox-1.37.0.tar.bz2.sig New: ---- busybox-1.38.0.tar.bz2 busybox-1.38.0.tar.bz2.sig ----------(Old B)---------- Old: * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch Old: * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch Old: * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch Old: * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch * 0001-udhcpc6-fix-buffer-overflow.patch * 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch Old: * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch * 0001-udhcpc6-fix-buffer-overflow.patch Old: * 0001-udhcpc6-fix-buffer-overflow.patch * 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch Old:- Remove patches included in the new version: * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch * busybox-1.37.0-fix-regression-n2.patch Old: * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch * busybox-1.37.0-fix-regression-n2.patch * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch Old: * busybox-1.37.0-fix-regression-n2.patch * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch Old: * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch Old: * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ busybox.spec ++++++ --- /var/tmp/diff_new_pack.m79N02/_old 2026-07-12 16:20:17.582229165 +0200 +++ /var/tmp/diff_new_pack.m79N02/_new 2026-07-12 16:20:17.582229165 +0200 @@ -24,7 +24,7 @@ %bcond_without static Name: busybox -Version: 1.37.0 +Version: 1.38.0 Release: 0 Summary: Minimalist variant of UNIX utilities linked in a single executable License: GPL-2.0-or-later @@ -41,35 +41,14 @@ Patch0: cpio-long-opt.patch Patch1: sendmail-ignore-F-option.patch Patch2: testsuite-gnu-echo.patch -# # PATCH-FIX-UPSTREAM shell: avoid segfault on ${0::0/0~09J} (CVE-2022-48174) https://git.busybox.net/busybox/commit/?id=d417193cf -# Patch3: ash-fix-segfault-d417193cf.patch -Patch4: udhcp6-install-path.patch -Patch5: tc-no-TCA_CBQ.patch -# PATCH-FIX-UPSTREAM - Borrowed from Fedora - https://src.fedoraproject.org/rpms/busybox/blob/rawhide/f/busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch -Patch6: busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch +Patch3: udhcp6-install-path.patch +Patch4: tc-no-TCA_CBQ.patch # https://gitlab.alpinelinux.org/alpine/aports/-/raw/3.21-stable/main/busybox/0015-ping-make-ping-work-without-root-privileges.patch?ref_type=heads -Patch7: busybox-1.37.0-make-ping-work-without-root-privileges.patch -#PATCH-FIX-UPSTREAM - hexdump: fix regression with -n4 -e '"%u"' bug introduced in busybox 1.37.0 that broke kernel builds. -Patch8: busybox-1.37.0-fix-regression-n2.patch -#PATCH-FIX-UPSTREAM - Fixes for hexdump and tests on big endian (S390) systems -Patch9: busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch -Patch10: busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch -Patch11: busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch +Patch5: busybox-1.37.0-make-ping-work-without-root-privileges.patch # PATCH-FIX-UPSTREAM - Fix adduser inside containers (boo#1247779) -Patch12: 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch -# PATCH-FIX-UPSTREAM - Fix bsc#1241661 (CVE-2025-46394), from upstream commit f5e1bf966 -Patch13: 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch +Patch6: 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch # PATCH-FIX-UPSTREAM - Fix bsc#1253245 (CVE-2025-60876), submitted to mailing list -Patch14: wget-don-t-allow-control-characters-in-url.patch -# PATCH-FIX-UPSTREAM - Fix bsc#1249237, from upstream commit 362159593 -Patch15: 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch -# PATCH-FIX-UPSTREAM - Fix bsc#1258163 (CVE-2026-26157), bsc#1258167 (CVE-2026-26157) from upstream commit 3fb6b31c7 -Patch16: 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch -# PATCH-FIX-UPSTREAM - The fix above introducesa problem rewriting symlink targets too -Patch17: 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch -# PATCH-FIX-UPSTREAM - Fix bsc#1263989, (CVE-2026-29004) from upsrteam commits 42202bf, d368f3f -Patch18: 0001-udhcpc6-fix-buffer-overflow.patch -Patch19: 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch +Patch7: wget-don-t-allow-control-characters-in-url.patch # other patches Patch100: busybox.install.patch ++++++ busybox-1.37.0.tar.bz2 -> busybox-1.38.0.tar.bz2 ++++++ ++++ 39123 lines of diff (skipped) ++++++ busybox.config ++++++ --- /var/tmp/diff_new_pack.m79N02/_old 2026-07-12 16:20:20.046313447 +0200 +++ /var/tmp/diff_new_pack.m79N02/_new 2026-07-12 16:20:20.050313584 +0200 @@ -1,6 +1,6 @@ # # Automatically generated make config: don't edit -# Busybox version: 1.37.0 +# Busybox version: 1.38.0 # CONFIG_HAVE_DOT_CONFIG=y @@ -26,6 +26,7 @@ CONFIG_BUSYBOX=y # CONFIG_FEATURE_SHOW_SCRIPT is not set # CONFIG_FEATURE_INSTALLER is not set +CONFIG_FEATURE_VERSION=y # CONFIG_INSTALL_NO_USR is not set CONFIG_FEATURE_SUID=y # CONFIG_FEATURE_SUID_CONFIG is not set @@ -196,6 +197,7 @@ CONFIG_FEATURE_UNZIP_LZMA=y CONFIG_FEATURE_UNZIP_XZ=y # CONFIG_FEATURE_LZMA_FAST is not set +# CONFIG_FEATURE_PATH_TRAVERSAL_PROTECTION is not set # # Coreutils @@ -283,11 +285,12 @@ CONFIG_MD5SUM=y CONFIG_SHA1SUM=y CONFIG_SHA256SUM=y +CONFIG_SHA384SUM=y CONFIG_SHA512SUM=y CONFIG_SHA3SUM=y # -# Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum +# Common options for md5sum, sha1sum, sha256sum, ..., sha3sum # CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y CONFIG_MKDIR=y @@ -529,6 +532,7 @@ # CONFIG_USE_BB_SHADOW is not set # CONFIG_USE_BB_CRYPT is not set # CONFIG_USE_BB_CRYPT_SHA is not set +# CONFIG_USE_BB_CRYPT_YES is not set # CONFIG_ADD_SHELL is not set # CONFIG_REMOVE_SHELL is not set CONFIG_ADDGROUP=y @@ -622,6 +626,7 @@ # CONFIG_FDFORMAT is not set CONFIG_FDISK=y # CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set +CONFIG_FEATURE_FDISK_BLKSIZE=y CONFIG_FEATURE_FDISK_WRITABLE=y # CONFIG_FEATURE_AIX_LABEL is not set # CONFIG_FEATURE_SGI_LABEL is not set @@ -649,6 +654,7 @@ CONFIG_LAST=y CONFIG_FEATURE_LAST_FANCY=y CONFIG_LOSETUP=y +CONFIG_LSBLK=y CONFIG_LSPCI=y CONFIG_LSUSB=y CONFIG_MDEV=y @@ -714,6 +720,7 @@ CONFIG_UMOUNT=y CONFIG_FEATURE_UMOUNT_ALL=y CONFIG_UNSHARE=y +CONFIG_UUIDGEN=y CONFIG_WALL=y # @@ -971,6 +978,7 @@ CONFIG_ROUTE=y CONFIG_SLATTACH=y CONFIG_SSL_CLIENT=y +CONFIG_SSL_SERVER=y CONFIG_TC=y CONFIG_FEATURE_TC_INGRESS=y # CONFIG_TCPSVD is not set @@ -980,6 +988,7 @@ CONFIG_FEATURE_TELNET_AUTOLOGIN=y CONFIG_FEATURE_TELNET_WIDTH=y # CONFIG_TELNETD is not set +# CONFIG_FEATURE_TELNETD_SELFTEST_DEBUG is not set # CONFIG_FEATURE_TELNETD_STANDALONE is not set CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set @@ -1098,6 +1107,7 @@ CONFIG_FEATURE_TOPMEM=y CONFIG_UPTIME=y CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y +CONFIG_VMSTAT=y CONFIG_WATCH=y # @@ -1165,6 +1175,7 @@ # CONFIG_CTTYHACK is not set CONFIG_HUSH=y CONFIG_SHELL_HUSH=y +CONFIG_HUSH_NEED_FOR_SPEED=y CONFIG_HUSH_BASH_COMPAT=y CONFIG_HUSH_BRACE_EXPANSION=y # CONFIG_HUSH_BASH_SOURCE_CURDIR is not set @@ -1176,7 +1187,9 @@ CONFIG_HUSH_IF=y CONFIG_HUSH_LOOPS=y CONFIG_HUSH_CASE=y +CONFIG_HUSH_ALIAS=y CONFIG_HUSH_FUNCTIONS=y +CONFIG_HUSH_FUNCTION_KEYWORD=y CONFIG_HUSH_LOCAL=y CONFIG_HUSH_RANDOM_SUPPORT=y CONFIG_HUSH_MODE_X=y
