Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package busybox for openSUSE:Factory checked 
in at 2022-01-14 23:13:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/busybox (Old)
 and      /work/SRC/openSUSE:Factory/.busybox.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "busybox"

Fri Jan 14 23:13:01 2022 rev:72 rq:946465 version:1.35.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/busybox/busybox.changes  2021-11-03 
17:25:56.341326496 +0100
+++ /work/SRC/openSUSE:Factory/.busybox.new.1892/busybox.changes        
2022-01-14 23:14:02.274662628 +0100
@@ -1,0 +2,28 @@
+Wed Jan 12 15:40:40 UTC 2022 - Thorsten Kukuk <ku...@suse.com>
+
+- Update to 1.35.0
+  - Adjust busybox.config for new features in find, date and cpio 
+
+-------------------------------------------------------------------
+Thu Jan  6 06:37:24 UTC 2022 - Radoslav Kolev <radoslav.ko...@suse.com>
+
+- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
+  * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when 
autocompleting
+  * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing 
segfaults
+  * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer 
underflow in udhcpc
+  * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD 
parsing
+  * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
+  * CVE-2017-15873 (bsc#1064976): The get_next_block function in 
archival/libarchive/decompress_bunzip2.c has an Integer Overflow
+  * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has 
an Integer Underflow
+  * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
+  * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
+    CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
+    CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
+    CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
+  - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via 
malformed gzip data
+  - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
+  - CVE-2018-1000517 (bsc#1099260):  Heap-based buffer overflow in the 
retrieve_file_data()
+  - CVE-2011-5325 (bsc#951562): tar directory traversal
+  - CVE-2018-1000500 (bsc#1099263):  wget: Missing SSL certificate validation
+
+-------------------------------------------------------------------

Old:
----
  busybox-1.34.1.tar.bz2
  busybox-1.34.1.tar.bz2.sig

New:
----
  busybox-1.35.0.tar.bz2
  busybox-1.35.0.tar.bz2.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ busybox.spec ++++++
--- /var/tmp/diff_new_pack.vG8yli/_old  2022-01-14 23:14:02.898663031 +0100
+++ /var/tmp/diff_new_pack.vG8yli/_new  2022-01-14 23:14:02.902663033 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package busybox
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           busybox
-Version:        1.34.1
+Version:        1.35.0
 Release:        0
 Summary:        Minimalist variant of UNIX utilities linked in a single 
executable
 License:        GPL-2.0-or-later

++++++ busybox-1.34.1.tar.bz2 -> busybox-1.35.0.tar.bz2 ++++++
++++ 11390 lines of diff (skipped)

++++++ busybox.config ++++++
--- /var/tmp/diff_new_pack.vG8yli/_old  2022-01-14 23:14:04.110663812 +0100
+++ /var/tmp/diff_new_pack.vG8yli/_new  2022-01-14 23:14:04.114663815 +0100
@@ -1,7 +1,6 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.34.1
-# Sat Oct 30 11:02:54 2021
+# Busybox version: 1.35.0
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -162,6 +161,8 @@
 CONFIG_CPIO=y
 CONFIG_FEATURE_CPIO_O=y
 CONFIG_FEATURE_CPIO_P=y
+CONFIG_FEATURE_CPIO_IGNORE_DEVNO=y
+CONFIG_FEATURE_CPIO_RENUMBER_INODES=y
 # CONFIG_DPKG is not set
 # CONFIG_DPKG_DEB is not set
 CONFIG_GZIP=y
@@ -197,6 +198,12 @@
 #
 # Coreutils
 #
+
+#
+# Common options for date and touch
+#
+CONFIG_FEATURE_TIMEZONE=y
+
 CONFIG_BASENAME=y
 CONFIG_CAT=y
 CONFIG_FEATURE_CATN=y
@@ -448,7 +455,11 @@
 CONFIG_FIND=y
 CONFIG_FEATURE_FIND_PRINT0=y
 CONFIG_FEATURE_FIND_MTIME=y
+CONFIG_FEATURE_FIND_ATIME=y
+CONFIG_FEATURE_FIND_CTIME=y
 CONFIG_FEATURE_FIND_MMIN=y
+CONFIG_FEATURE_FIND_AMIN=y
+CONFIG_FEATURE_FIND_CMIN=y
 CONFIG_FEATURE_FIND_PERM=y
 CONFIG_FEATURE_FIND_TYPE=y
 CONFIG_FEATURE_FIND_EXECUTABLE=y
@@ -472,6 +483,7 @@
 CONFIG_FEATURE_FIND_REGEX=y
 # CONFIG_FEATURE_FIND_CONTEXT is not set
 CONFIG_FEATURE_FIND_LINKS=y
+CONFIG_FEATURE_FIND_SAMEFILE=y
 CONFIG_GREP=y
 CONFIG_EGREP=y
 CONFIG_FGREP=y

Reply via email to