Changelog for
busybox-static-1.35.0-150400.3.11.1.x86_64.rpm :
* Tue Aug 29 2023 radoslav.kolevAATTsuse.com- Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability in ash (CVE-2022-48174, bsc#1214538)
* Wed Nov 23 2022 dimstarAATTopensuse.org- Add e63d7cdf.patch: awk: fix use after free (CVE-2022-30065, boo#1199744).
* Mon Nov 14 2022 radoslav.kolevAATTsuse.com- Fix build under SLE-12
* Mon Oct 17 2022 radoslav.kolevAATTsuse.com- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
* CVE-2014-9645 (bsc#914660): strips of / in module names that can lead to loading unwanted modules
* Thu Jun 30 2022 lnusselAATTsuse.de- prepare spec file for rpmbuild --build-in-place --noprep- use bcond for static and ww3 subpackages- fix verbose flag
* Fri Jun 10 2022 mpdesouzaAATTsuse.com- Enable switch_root With this change virtme --force-initramfs works as expected.
* Wed Mar 30 2022 mpdesouzaAATTsuse.com- Enable udhcpc
* Wed Mar 23 2022 dimstarAATTopensuse.org- BuildRequire hostname: the test suite wants to compare the output of \'hostname\' against \'busybox hostname\'. We should not rely hostname to be present in the build environment.
* Wed Jan 12 2022 kukukAATTsuse.com- Update to 1.35.0 - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: \"mount -o rw ....\" should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire \"PID,args\" as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others- Adjust busybox.config for new features in find, date and cpio
* Thu Jan 06 2022 radoslav.kolevAATTsuse.com- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
* CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
* CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
* CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
* CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
* CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
* CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
* CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow
* CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
* CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp - CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() - CVE-2011-5325 (bsc#951562): tar directory traversal - CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation
* Sat Oct 30 2021 cooloAATTsuse.com- Disable crc32 to avoid conflict with perl-Archive-Zip (until some project really requires crc32)
* Wed Oct 27 2021 eichAATTsuse.com- Build busybox-warewulf3 for i586 as well. This allowes to set up i586 nodes.
* Fri Oct 22 2021 lukas.lanskyAATTsuse.com- Enable fdisk (jsc#CAR-16)- Add testsuite-gnu-echo.patch: testing.sh to use GNU echo
* Thu Oct 21 2021 cooloAATTsuse.com- Remove the duplicated config entries and construct the snippets on the fly based on the main config. This way it\'s easier to keep track of what\'s different
* Thu Oct 21 2021 cooloAATTsuse.com- Update to 1.34.1:
* build system: use SOURCE_DATE_EPOCH for timestamp if available
* many bug fixes and new features
* touch: make FEATURE_TOUCH_NODEREF unconditional
* Sat Oct 09 2021 eichAATTsuse.com- Create separate \'Warewulf3\' (https://github.com/warewulf/warewulf3) flavor of busybox with the additional setting: CONFIG_REBOOT=y CONFIG_SWITCH_ROOT=y CONFIG_CTTYHACK=y (bsc#1191514).
* Fri May 07 2021 andreas.stiegerAATTgmx.de- update to 1.33.1:
* httpd: fix sendfile
* ash: fix HISTFILE corruptio
* ash: fix unset variable pattern expansion
* traceroute: fix option parsing
* gunzip: fix for archive corruption- drop update_passwd_selinux_fix.patch, included upstream- add upstream signing key and verify source signature
* Thu Jan 28 2021 kukukAATTsuse.com- Update to version 1.33.0 - many bug fixes and new features- update_passwd_selinux_fix.patch upstream compile fix for SELinux
* Tue Jan 05 2021 kukukAATTsuse.com- Update to version 1.32.1 - fixes a case where in ash, \"wait\" never finishes.
* Tue Jan 05 2021 kukukAATTsuse.com- sendmail-ignore-F-option.patch: ignore -F option as used by cron (workaround for [bbn#13426])
* Wed Dec 09 2020 kukukAATTsuse.com- Don\'t require nogroup for adduser command, as this can lead to a dependency cycle with sysusers-tools.
* Mon Dec 07 2020 kukukAATTsuse.com- cpio-long-opt.patch: add more long options to cpio for IBS/unrpm
* Fri Nov 20 2020 lnusselAATTsuse.de- prepare usrmerge (boo#1029961)
* Tue Sep 29 2020 kukukAATTsuse.com- Disable RPM builtin, did become pretty useless- Disable popmaildir and mime utilities
* Fri Aug 21 2020 kukukAATTsuse.com- Set CONFIG_FIRST_SYSTEM_ID to 101 as we use 100 already as fixed ID for a system account.- Require group \"nogroup\" (used by adduser)
* Wed Aug 12 2020 kukukAATTsuse.com- Enable SELinux for the dynamic version
* Wed Jul 22 2020 kukukAATTsuse.com- Update to busybox 1.32.0 - many bugfixes and new features - Obsoletes busybox-no-stime.patch
* Wed Jul 22 2020 kukukAATTsuse.com- Disable ftpget/ftpput, non-standard, ftp is outdated- Disable run-init, we don\'t use that- Disable cttyhack, we don\'t provide the calling tools- Disable dnsd
* Sat Jul 11 2020 kukukAATTsuse.com- Enable syslogd for containers
* Wed Jul 08 2020 cooloAATTsuse.com- Enable testsuite and package it for later rerun (for QA, jsc#CAR-15)
* Fri Apr 17 2020 kukukAATTsuse.com- Re-add modutils
* Sat Mar 21 2020 kukukAATTsuse.com- Set last ID to 65533, else nobody cannot be created
* Fri Mar 13 2020 kukukAATTsuse.com- Merge config of default, -container and -static to be able to drop -container variant
* Sat Feb 22 2020 kukukAATTsuse.com- Disable CONFIG_FEATURE_NSLOOKUP_BIG as it leads to incompatible nslookup behavior
* Mon Feb 10 2020 kukukAATTsuse.com- Eanble FEATURE_TFTP_HPA_COMPAT and SH_MATH_BASE
* Sat Feb 08 2020 dimstarAATTopensuse.org- Update to version 1.31.1: + Bug fix release. 1.30.1 has fixes for dc, ash (PS1 expansion fix), hush, dpkg-deb, telnet and wget.- Changes from version 1.31.0: + many bugfixes and new features.- Add busybox-no-stime.patch: stime() has been deprecated in glibc 2.31 and replaced with clock_settime().
* Wed Oct 23 2019 kukukAATTsuse.de- Add man.conf to container variant
* Tue Sep 10 2019 jengelhAATTinai.de- Trim marketing from description.
* Thu Aug 22 2019 kukukAATTsuse.de- Drop busybox-rpm-E.patch, not needed anymore- Create new \"container\" subpackage with special stripped down version for container images (8MB instead of 15MB).
* Thu Jul 25 2019 kukukAATTsuse.de- Provide \"useradd_or_adduser_dep\" for sysuser-shadow
* Fri Mar 29 2019 kukukAATTsuse.de- Implement rpm -E %_dbpath for kiwi (busybox-rpm-E.patch)- Don\'t require /bin/sh, be self contained
* Thu Mar 28 2019 kukukAATTsuse.de- update to 1.30.1
* many bugfixes and new features- obsolete busybox-1.18.3-libarchive.patch- obsolete busybox-resource.patch- Update busybox
*.config- Merge busybox.spec and busybox-static.spec and build the static binary as subpackage
* Wed Aug 22 2018 jjollyAATTsuse.com- Enabled functionality within busybox for warewulf compatibility
* CONFIG_FEATURE_REMOTE_LOG
* CONFIG_DEPMOD
* CONFIG_TAC
* Fri Nov 10 2017 kukukAATTsuse.de- Build against libtirpc in preparation of deprecating sunrpc from glibc
* Sun Jul 02 2017 astiegerAATTsuse.com- update to 1.26.2:
* many updates and fixes to individual tools
* Tue Nov 01 2016 astiegerAATTsuse.com- update to 1.25.1:
* fixes for hush, gunzip, ip route, ntpd- includes changes from 1.25.0:
* many added and expanded implementations of command options- includes changes from 1.24.2:
* fixes for build system (static build with glibc fixed), truncate, gunzip and unzip.
* Thu Mar 03 2016 olafAATTaepfle.de- Disable build timestamp
* Sun Jan 03 2016 p.drouandAATTgmail.com- Update to version 1.24.1
* for a full list of changes see http://www.busybox.net/news.html- Refresh busybox.install.patch
* Mon Apr 20 2015 mpluskalAATTsuse.com- Update to 1.23.2
* for a full list of changes see http://www.busybox.net/news.html- Cleaned up spec file with spec-cleaner- Refreshed patches