Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package busybox for openSUSE:Factory checked in at 2026-02-26 18:36:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/busybox (Old) and /work/SRC/openSUSE:Factory/.busybox.new.29461 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "busybox" Thu Feb 26 18:36:26 2026 rev:96 rq:1335136 version:1.37.0 Changes: -------- --- /work/SRC/openSUSE:Factory/busybox/busybox.changes 2026-02-20 17:40:16.961531720 +0100 +++ /work/SRC/openSUSE:Factory/.busybox.new.29461/busybox.changes 2026-02-26 18:36:49.380040120 +0100 @@ -4 +4,3 @@ -- Fix arbitrary file modification and privilege escalation via +- Fix arbitrary file overwrite and potential code execution via + incomplete path sanitization (CVE-2026-26157, bsc#1258163), + fix arbitrary file modification and privilege escalation via @@ -81 +83 @@ -- Update to 1.37.0 +- Update to 1.37.0 (jsc#PED-13039) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ busybox.spec ++++++ --- /var/tmp/diff_new_pack.cINOfP/_old 2026-02-26 18:36:50.988106676 +0100 +++ /var/tmp/diff_new_pack.cINOfP/_new 2026-02-26 18:36:50.988106676 +0100 @@ -63,7 +63,7 @@ Patch14: wget-don-t-allow-control-characters-in-url.patch # PATCH-FIX-UPSTREAM - Fix bsc#1249237, from upstream commit 362159593 Patch15: 0001-nsenter-unshare-don-t-use-xvfork_parent_waits_and_ex.patch -# PATCH-FIX-UPSTREAM - Fix bsc#1258163 from upstream commit 3fb6b31c716669e12f75a2accd31bb7685b1a1cb +# PATCH-FIX-UPSTREAM - Fix bsc#1258163 (CVE-2026-26157), bsc#1258167 (CVE-2026-26157) from upstream commit 3fb6b31c7 Patch16: 0001-tar-strip-unsafe-hardlink-components-GNU-tar-does-th.patch # PATCH-FIX-UPSTREAM - The fix above introducesa problem rewriting symlink targets too Patch17: 0002-tar-only-strip-unsafe-components-from-hardlinks-not-.patch
