Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package busybox for openSUSE:Factory checked 
in at 2026-07-12 16:20:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/busybox (Old)
 and      /work/SRC/openSUSE:Factory/.busybox.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "busybox"

Sun Jul 12 16:20:07 2026 rev:98 rq:1364920 version:1.38.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/busybox/busybox.changes  2026-05-10 
16:47:13.306071989 +0200
+++ /work/SRC/openSUSE:Factory/.busybox.new.1991/busybox.changes        
2026-07-12 16:20:16.250183604 +0200
@@ -1,0 +2,32 @@
+Fri Jun 19 07:56:28 UTC 2026 - Radoslav Kolev <[email protected]>
+
+- Update to version 1.38.0:
+  * New applets: sha384sum, vmstat, ssl_server, lsblk, uuidgen
+  * Security: Disallow path traversals in archival (CVE-2023-39810)
+  * archival: Sanitize filenames on output to prevent control sequence attacks
+  * ash/hush: Implement <<< here_string syntax and improve bash compatibility
+  * libbb: Add yescrypt password hashing support
+  * tls: Implement server-side code and support ECDHE_RSA
+  * httpd: Add connection limits (-M), POSTDATA read timeouts, and CGI logging
+  * telnet/telnetd: Rewrite to use generic fd polling and I/O loop
+  * cut: Major fixes for empty delimiters, ranges, and output-delimiter support
+  * cp: Fix 'cp -aT' overwriting symlink to directories
+  * fdisk: Fix GPT disk size overflow and add 4K sector size support
+  * top: Reduce flicker and show RSS instead of VIRT by default
+  * udhcpc6: Fix potential buffer overflow
+  * many other small fixes and optimizations
+
+- Remove patches included in the new version:
+  * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
+  * busybox-1.37.0-fix-regression-n2.patch
+  * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
+  * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
+  * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
+  * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch
+  * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch
+  * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch
+  * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
+  * 0001-udhcpc6-fix-buffer-overflow.patch
+  * 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch
+
+-------------------------------------------------------------------

Old:
----
  0001-archival-libarchive-sanitize-filenames-on-output-pre.patch
  0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch
  0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch
  0001-udhcpc6-fix-buffer-overflow.patch
  0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
  0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch
  busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
  busybox-1.37.0-fix-regression-n2.patch
  busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
  busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
  busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
  busybox-1.37.0.tar.bz2
  busybox-1.37.0.tar.bz2.sig

New:
----
  busybox-1.38.0.tar.bz2
  busybox-1.38.0.tar.bz2.sig

----------(Old B)----------
  Old:  * 
busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
  * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch
  * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch
  Old:  * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch
  * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch
  * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch
  Old:  * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch
  * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch
  * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
  Old:  * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
  * 0001-udhcpc6-fix-buffer-overflow.patch
  * 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch
  Old:  * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch
  * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
  * 0001-udhcpc6-fix-buffer-overflow.patch
  Old:  * 0001-udhcpc6-fix-buffer-overflow.patch
  * 0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch
  Old:- Remove patches included in the new version:
  * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
  * busybox-1.37.0-fix-regression-n2.patch
  Old:  * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
  * busybox-1.37.0-fix-regression-n2.patch
  * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
  Old:  * busybox-1.37.0-fix-regression-n2.patch
  * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
  * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
  Old:  * 
busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
  * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
  * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
  Old:  * 
busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
  * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
  * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch
----------(Old E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ busybox.spec ++++++
--- /var/tmp/diff_new_pack.m79N02/_old  2026-07-12 16:20:17.582229165 +0200
+++ /var/tmp/diff_new_pack.m79N02/_new  2026-07-12 16:20:17.582229165 +0200
@@ -24,7 +24,7 @@
 %bcond_without  static
 
 Name:           busybox
-Version:        1.37.0
+Version:        1.38.0
 Release:        0
 Summary:        Minimalist variant of UNIX utilities linked in a single 
executable
 License:        GPL-2.0-or-later
@@ -41,35 +41,14 @@
 Patch0:         cpio-long-opt.patch
 Patch1:         sendmail-ignore-F-option.patch
 Patch2:         testsuite-gnu-echo.patch
-# # PATCH-FIX-UPSTREAM shell: avoid segfault on ${0::0/0~09J} (CVE-2022-48174) 
https://git.busybox.net/busybox/commit/?id=d417193cf
-# Patch3:         ash-fix-segfault-d417193cf.patch
-Patch4:         udhcp6-install-path.patch
-Patch5:         tc-no-TCA_CBQ.patch
-# PATCH-FIX-UPSTREAM - Borrowed from Fedora - 
https://src.fedoraproject.org/rpms/busybox/blob/rawhide/f/busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
-Patch6:         
busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
+Patch3:         udhcp6-install-path.patch
+Patch4:         tc-no-TCA_CBQ.patch
 # 
https://gitlab.alpinelinux.org/alpine/aports/-/raw/3.21-stable/main/busybox/0015-ping-make-ping-work-without-root-privileges.patch?ref_type=heads
-Patch7:         busybox-1.37.0-make-ping-work-without-root-privileges.patch
-#PATCH-FIX-UPSTREAM -  hexdump: fix regression with -n4 -e '"%u"' bug 
introduced in busybox 1.37.0 that broke kernel builds.
-Patch8:         busybox-1.37.0-fix-regression-n2.patch
-#PATCH-FIX-UPSTREAM - Fixes for hexdump and tests on big endian (S390) systems
-Patch9:         
busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
-Patch10:        
busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
-Patch11:        
busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
+Patch5:         busybox-1.37.0-make-ping-work-without-root-privileges.patch
 # PATCH-FIX-UPSTREAM - Fix adduser inside containers (boo#1247779)
-Patch12:        0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
-# PATCH-FIX-UPSTREAM - Fix bsc#1241661 (CVE-2025-46394), from upstream commit 
f5e1bf966
-Patch13:        0001-archival-libarchive-sanitize-filenames-on-output-pre.patch
+Patch6:         0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
 # PATCH-FIX-UPSTREAM - Fix bsc#1253245 (CVE-2025-60876), submitted to mailing 
list
-Patch14:        wget-don-t-allow-control-characters-in-url.patch
-# PATCH-FIX-UPSTREAM - Fix bsc#1249237, from upstream commit 362159593
-Patch15:        0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch
-# PATCH-FIX-UPSTREAM - Fix bsc#1258163 (CVE-2026-26157), bsc#1258167 
(CVE-2026-26157) from upstream commit 3fb6b31c7
-Patch16:        0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch
-# PATCH-FIX-UPSTREAM - The fix above introducesa problem rewriting symlink 
targets too
-Patch17:        0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
-# PATCH-FIX-UPSTREAM - Fix bsc#1263989, (CVE-2026-29004) from upsrteam commits 
42202bf, d368f3f
-Patch18:        0001-udhcpc6-fix-buffer-overflow.patch
-Patch19:        0002-udhcpc6-check-the-size-of-D6_OPT_IAPREFIX-option.patch
+Patch7:         wget-don-t-allow-control-characters-in-url.patch
 
 # other patches
 Patch100:       busybox.install.patch

++++++ busybox-1.37.0.tar.bz2 -> busybox-1.38.0.tar.bz2 ++++++
++++ 39123 lines of diff (skipped)

++++++ busybox.config ++++++
--- /var/tmp/diff_new_pack.m79N02/_old  2026-07-12 16:20:20.046313447 +0200
+++ /var/tmp/diff_new_pack.m79N02/_new  2026-07-12 16:20:20.050313584 +0200
@@ -1,6 +1,6 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.37.0
+# Busybox version: 1.38.0
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -26,6 +26,7 @@
 CONFIG_BUSYBOX=y
 # CONFIG_FEATURE_SHOW_SCRIPT is not set
 # CONFIG_FEATURE_INSTALLER is not set
+CONFIG_FEATURE_VERSION=y
 # CONFIG_INSTALL_NO_USR is not set
 CONFIG_FEATURE_SUID=y
 # CONFIG_FEATURE_SUID_CONFIG is not set
@@ -196,6 +197,7 @@
 CONFIG_FEATURE_UNZIP_LZMA=y
 CONFIG_FEATURE_UNZIP_XZ=y
 # CONFIG_FEATURE_LZMA_FAST is not set
+# CONFIG_FEATURE_PATH_TRAVERSAL_PROTECTION is not set
 
 #
 # Coreutils
@@ -283,11 +285,12 @@
 CONFIG_MD5SUM=y
 CONFIG_SHA1SUM=y
 CONFIG_SHA256SUM=y
+CONFIG_SHA384SUM=y
 CONFIG_SHA512SUM=y
 CONFIG_SHA3SUM=y
 
 #
-# Common options for md5sum, sha1sum, sha256sum, sha512sum, sha3sum
+# Common options for md5sum, sha1sum, sha256sum, ..., sha3sum
 #
 CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y
 CONFIG_MKDIR=y
@@ -529,6 +532,7 @@
 # CONFIG_USE_BB_SHADOW is not set
 # CONFIG_USE_BB_CRYPT is not set
 # CONFIG_USE_BB_CRYPT_SHA is not set
+# CONFIG_USE_BB_CRYPT_YES is not set
 # CONFIG_ADD_SHELL is not set
 # CONFIG_REMOVE_SHELL is not set
 CONFIG_ADDGROUP=y
@@ -622,6 +626,7 @@
 # CONFIG_FDFORMAT is not set
 CONFIG_FDISK=y
 # CONFIG_FDISK_SUPPORT_LARGE_DISKS is not set
+CONFIG_FEATURE_FDISK_BLKSIZE=y
 CONFIG_FEATURE_FDISK_WRITABLE=y
 # CONFIG_FEATURE_AIX_LABEL is not set
 # CONFIG_FEATURE_SGI_LABEL is not set
@@ -649,6 +654,7 @@
 CONFIG_LAST=y
 CONFIG_FEATURE_LAST_FANCY=y
 CONFIG_LOSETUP=y
+CONFIG_LSBLK=y
 CONFIG_LSPCI=y
 CONFIG_LSUSB=y
 CONFIG_MDEV=y
@@ -714,6 +720,7 @@
 CONFIG_UMOUNT=y
 CONFIG_FEATURE_UMOUNT_ALL=y
 CONFIG_UNSHARE=y
+CONFIG_UUIDGEN=y
 CONFIG_WALL=y
 
 #
@@ -971,6 +978,7 @@
 CONFIG_ROUTE=y
 CONFIG_SLATTACH=y
 CONFIG_SSL_CLIENT=y
+CONFIG_SSL_SERVER=y
 CONFIG_TC=y
 CONFIG_FEATURE_TC_INGRESS=y
 # CONFIG_TCPSVD is not set
@@ -980,6 +988,7 @@
 CONFIG_FEATURE_TELNET_AUTOLOGIN=y
 CONFIG_FEATURE_TELNET_WIDTH=y
 # CONFIG_TELNETD is not set
+# CONFIG_FEATURE_TELNETD_SELFTEST_DEBUG is not set
 # CONFIG_FEATURE_TELNETD_STANDALONE is not set
 CONFIG_FEATURE_TELNETD_PORT_DEFAULT=0
 # CONFIG_FEATURE_TELNETD_INETD_WAIT is not set
@@ -1098,6 +1107,7 @@
 CONFIG_FEATURE_TOPMEM=y
 CONFIG_UPTIME=y
 CONFIG_FEATURE_UPTIME_UTMP_SUPPORT=y
+CONFIG_VMSTAT=y
 CONFIG_WATCH=y
 
 #
@@ -1165,6 +1175,7 @@
 # CONFIG_CTTYHACK is not set
 CONFIG_HUSH=y
 CONFIG_SHELL_HUSH=y
+CONFIG_HUSH_NEED_FOR_SPEED=y
 CONFIG_HUSH_BASH_COMPAT=y
 CONFIG_HUSH_BRACE_EXPANSION=y
 # CONFIG_HUSH_BASH_SOURCE_CURDIR is not set
@@ -1176,7 +1187,9 @@
 CONFIG_HUSH_IF=y
 CONFIG_HUSH_LOOPS=y
 CONFIG_HUSH_CASE=y
+CONFIG_HUSH_ALIAS=y
 CONFIG_HUSH_FUNCTIONS=y
+CONFIG_HUSH_FUNCTION_KEYWORD=y
 CONFIG_HUSH_LOCAL=y
 CONFIG_HUSH_RANDOM_SUPPORT=y
 CONFIG_HUSH_MODE_X=y

Reply via email to