Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

busybox-static-1.37.0-10.2 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: busybox-static Distribution: openSUSE Tumbleweed
Version: 1.37.0 Vendor: openSUSE
Release: 10.2 Build date: Fri Feb 13 14:44:52 2026
Group: Unspecified Build host: reproducible
Size: 2790524 Source RPM: busybox-1.37.0-10.2.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.busybox.net/
Summary: Static linked version of Busybox, a compact UNIX utility collection
BusyBox combines tiny versions of many common UNIX utilities into a
single executable.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Fri Feb 13 2026 Radoslav Kolev <radoslav.kolev@suse.com>
  - Fix arbitrary file overwrite and potential code execution via
    incomplete path sanitization (CVE-2026-26157, bsc#1258163),
    fix arbitrary file modification and privilege escalation via
    unvalidated tar archive entries (CVE-2026-26158, bsc#1258167)
    * 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch
    * 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
* Fri Dec 19 2025 Radoslav Kolev <radoslav.kolev@suse.com>
  - Fix tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661)
    * 0001-archival-libarchive-sanitize-filenames-on-output-pre.patch
  - Fix HTTP request header injection in wget (CVE-2025-60876, bsc#1253245)
    * wget-don-t-allow-control-characters-in-url.patch
  - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670)
  - Fix unshare -mrpf sh core dump on  ppc64le (bsc#1249237)
    * 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch
* Mon Aug 11 2025 Fabian Vogt <fvogt@suse.com>
  - Add patch to fix adduser inside containers on an SELinux host
    (boo#1247779):
    * 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
* Mon Aug 11 2025 Fabian Vogt <fvogt@suse.com>
  - Don't throw debug info away during build, let RPM separate it
    afterwards
* Fri Aug 01 2025 Radoslav Kolev <radoslav.kolev@suse.com>
  - revert the change to busybox.install.patch below. The logic will be
    needed only in busybox-links package when generating file lists.
  - fix mkdir path to point to /usr/bin instead of /bin
* Thu Jul 17 2025 Radoslav Kolev <radoslav.kolev@suse.com>
  - add placeholder variable and ignore applet logic to busybox.install
* Mon Jun 23 2025 Radoslav Kolev <radoslav.kolev@suse.com>
  - enable halt, poweroff, reboot commands (bsc#1243201)
* Tue Apr 29 2025 Radoslav Kolev <radoslav.kolev@suse.com>
  - fix regression in hexdump that broke kernel build:
    * busybox-1.37.0-fix-regression-n2.patch
  - fix build/tests and hexdump on big endian systems (S390):
    * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
    * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
    * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
* Mon Mar 10 2025 Dirk Müller <dmueller@suse.com>
  - add busybox-1.37.0-make-ping-work-without-root-privileges.patch
    (bsc#1239176)
* Mon Oct 07 2024 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Add patch to fix build on non-x86* architectures:
    * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
* Fri Oct 04 2024 Thorsten Kukuk <kukuk@suse.com>
  - Fix busybox.config again (got broken with 1.37.0 update)
  - Cleanup spec file
* Sat Sep 28 2024 Matthias G. Eckermann <mge@suse.com>
  - Update to 1.37.0 (jsc#PED-13039)
  - remove unnecessary patch ash-fix-segfault-d417193cf.patch
  - Update default config to match 1.37.0 expectations
  - fix use-after-free in xasprintf (CVE-2023-42363, bsc#1217580)
  - fix use-after-free in awk evaluate (CVE-2023-42364, bsc#1217584)
  - fix use-after-free in awk copyvar (CVE-2023-42365, bsc#1217585)
* Thu Mar 14 2024 Thorsten Kukuk <kukuk@suse.com>
  - tc-no-TCA_CBQ.patch: Disable TCA_CBQ code if kernel headers don't
    support them.
* Fri Dec 08 2023 Thorsten Kukuk <kukuk@suse.com>
  - Install udhcpc and udhcpc6 into the same directory
    (udhcp6-install-path.patch)
  - Fully enable udhcpc and document that this tool needs special
    configuration and does not work out of the box [bsc#1217883]
* Tue Aug 29 2023 Radoslav Kolev <radoslav.kolev@suse.com>
  -  Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability
    in ash (CVE-2022-48174, bsc#1214538)
* Fri Jun 02 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.36.1:
    * fixes for line editing, detection of hardware sha1/sha256
      support, unzip
    (do not create suid/sgid files unless -K),
      shell (printf and sleep with no args, handing of SIGINT
      in sleep), ed.
* Fri Jan 06 2023 Radoslav Kolev <radoslav.kolev@suse.com>
  - Update to version 1.36.0
    - awk: fix use after free (CVE-2022-30065)
    - various fixes for ash, bc, cut, fbset, kbuild, libbb, mkfs.vfat,
      mv, powertop, sed, sort, taskset, top, udhcpc6, unzip, vi, xxd
    - improvements in ash, cmp, crond, devmem, ed, fbset, fdisk, ls, xargs, pkill
    - new applets added: seedrng, tree, tsort
  - Adjust busybox.config for new features
    - ash: enable sleep built-in
    - enable new applets: seedrng, tree, tsort
    - enable SHA hardware acceleration
    - try LOOP_CONFIGURE for losetup/loop mounts, but fall back to
      LOOP_SET_FD + LOOP_SET_STATUS if not supported
  - drop e63d7cdf.patch (fix for CVE-2022-30065), included upstream

Files

/usr/bin/busybox-static
/usr/share/licenses/busybox-static
/usr/share/licenses/busybox-static/LICENSE


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 21 22:32:08 2026