SUSE-SU-2025:03205-1

Описание

This update for busybox, busybox-links fixes the following issues:

Updated to version 1.37.0 (jsc#PED-13039):

• CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580)
• CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584)
• CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585)

Other fixes:

• fix generation of file lists via Dockerfile
• add copy of busybox.links from the container to catch changes to busybox config
• Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201)
• Add getfattr applet to attr filelist
• busybox-udhcpc conflicts with udhcp.
• Add new sub-package for udhcpc
• zgrep: don't set the label option as only the real grep supports it (bsc#1215943)
• Add conflict for coreutils-systemd, package got splitted
• Check in filelists instead of buildrequiring all non-busybox utils
• Replace transitional %usrmerged macro with regular version check (bsc#1206798)
• Create sub-package 'hexedit' [bsc#1203399]
• Create sub-package 'sha3sum' [bsc#1203397]
• Drop update-alternatives support
• Add provides smtp_daemon to busybox-sendmail
• Add conflicts: mawk to busybox-gawk
• fix mkdir path to point to /usr/bin instead of /bin
• add placeholder variable and ignore applet logic to busybox.install
• enable halt, poweroff, reboot commands (bsc#1243201)
• Fully enable udhcpc and document that this tool needs special configuration and does not work out of the box [bsc#1217883]
• Replace transitional %usrmerged macro with regular version check (bsc#1206798)