Accepting request 1299220 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1299220
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/busybox?expand=0&rev=93

0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch

@@ -0,0 +1,39 @@
+From cd887910c75f1204056173750fcd6ae607b9f215 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fvogt@suse.de>
+Date: Mon, 11 Aug 2025 16:09:10 +0200
+Subject: [PATCH] update_passwd: Avoid selinux_preserve_fcontext if SELinux is
+ disabled
+
+Inside containers, it's possible that files have labels but otherwise
+SELinux is effectively disabled/hidden (no config or /sys/fs/selinux).
+In that setup, fgetfilecon succeeds but setfscreatecon fails.
+Just skip all of that if SELinux is disabled.
+
+This fixes the following error when running adduser inside a container:
+
+adduser: can't set default file creation context to system_u:object_r:container_file_t:s0:c292,c451: Permission denied
+
+Signed-off-by: Fabian Vogt <fvogt@suse.de>
+---
+ libbb/update_passwd.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
+index a228075cc..186ebd122 100644
+--- a/libbb/update_passwd.c
++++ b/libbb/update_passwd.c
+@@ -133,7 +133,10 @@ int FAST_FUNC update_passwd(const char *filename,
+ 	}
+ 	old_fd = fileno(old_fp);
+ 
+-	selinux_preserve_fcontext(old_fd);
++#if ENABLE_SELINUX
++	if (is_selinux_enabled() > 0)
++		selinux_preserve_fcontext(old_fd);
++#endif
+ 
+ 	/* Try to create "/etc/passwd+". Wait if it exists. */
+ 	i = 30;
+-- 
+2.50.1
+

ash-fix-segfault-d417193cf.patch

@@ -1,80 +0,0 @@
-From d417193cf37ca1005830d7e16f5fa7e1d8a44209 Mon Sep 17 00:00:00 2001
-From: Denys Vlasenko <vda.linux@googlemail.com>
-Date: Mon, 12 Jun 2023 17:48:47 +0200
-Subject: [PATCH] shell: avoid segfault on ${0::0/0~09J}. Closes 15216
-
-function                                             old     new   delta
-evaluate_string                                     1011    1053     +42
-
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
----
- shell/math.c | 39 +++++++++++++++++++++++++++++++++++----
- 1 file changed, 35 insertions(+), 4 deletions(-)
-
-diff --git a/shell/math.c b/shell/math.c
-index 76d22c9bd..727c29467 100644
---- a/shell/math.c
-+++ b/shell/math.c
-@@ -577,6 +577,28 @@ static arith_t strto_arith_t(const char *nptr, char **endptr)
- # endif
- #endif
- 
-+//TODO: much better estimation than expr_len/2? Such as:
-+//static unsigned estimate_nums_and_names(const char *expr)
-+//{
-+//	unsigned count = 0;
-+//	while (*(expr = skip_whitespace(expr)) != '\0') {
-+//		const char *p;
-+//		if (isdigit(*expr)) {
-+//			while (isdigit(*++expr))
-+//				continue;
-+//			count++;
-+//			continue;
-+//		}
-+//		p = endofname(expr);
-+//		if (p != expr) {
-+//			expr = p;
-+//			count++;
-+//			continue;
-+//		}
-+//	}
-+//	return count;
-+//}
-+
- static arith_t
- evaluate_string(arith_state_t *math_state, const char *expr)
- {
-@@ -584,10 +606,12 @@ evaluate_string(arith_state_t *math_state, const char *expr)
- 	const char *errmsg;
- 	const char *start_expr = expr = skip_whitespace(expr);
- 	unsigned expr_len = strlen(expr) + 2;
--	/* Stack of integers */
--	/* The proof that there can be no more than strlen(startbuf)/2+1
--	 * integers in any given correct or incorrect expression
--	 * is left as an exercise to the reader. */
-+	/* Stack of integers/names */
-+	/* There can be no more than strlen(startbuf)/2+1
-+	 * integers/names in any given correct or incorrect expression.
-+	 * (modulo "09v09v09v09v09v" case,
-+	 * but we have code to detect that early)
-+	 */
- 	var_or_num_t *const numstack = alloca((expr_len / 2) * sizeof(numstack[0]));
- 	var_or_num_t *numstackptr = numstack;
- 	/* Stack of operator tokens */
-@@ -652,6 +676,13 @@ evaluate_string(arith_state_t *math_state, const char *expr)
- 			numstackptr->var = NULL;
- 			errno = 0;
- 			numstackptr->val = strto_arith_t(expr, (char**) &expr);
-+			/* A number can't be followed by another number, or a variable name.
-+			 * We'd catch this later anyway, but this would require numstack[]
-+			 * to be twice as deep to handle strings where _every_ char is
-+			 * a new number or name. Example: 09v09v09v09v09v09v09v09v09v
-+			 */
-+			if (isalnum(*expr) || *expr == '_')
-+				goto err;
- //bb_error_msg("val:%lld", numstackptr->val);
- 			if (errno)
- 				numstackptr->val = 0; /* bash compat */
--- 
-2.26.2
-

busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch

@@ -0,0 +1,13 @@
+diff -up busybox-1.37.0/libbb/hash_md5_sha.c.shaNI-fix busybox-1.37.0/libbb/hash_md5_sha.c
+--- busybox-1.37.0/libbb/hash_md5_sha.c.shaNI-fix	2024-09-27 09:57:09.601487627 -0400
++++ busybox-1.37.0/libbb/hash_md5_sha.c	2024-09-27 09:57:49.167153221 -0400
+@@ -1313,7 +1313,9 @@ unsigned FAST_FUNC sha1_end(sha1_ctx_t *
+ 	hash_size = 8;
+ 	if (ctx->process_block == sha1_process_block64
+ #if ENABLE_SHA1_HWACCEL
++# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
+ 	 || ctx->process_block == sha1_process_block64_shaNI
++# endif
+ #endif
+ 	) {
+ 		hash_size = 5;

busybox-1.37.0-fix-regression-n2.patch

@@ -0,0 +1,50 @@
+commit 87e60dcf0f7ef917b73353d8605188a420bd91f9
+Author: Natanael Copa <ncopa@alpinelinux.org>
+Date:   Mon Oct 28 15:26:21 2024 +0100
+
+    hexdump: fix regression with -n4 -e '"%u"'
+    
+    Fix bug introduced in busybox 1.37.0 that broke kernel builds.
+    
+    Fixes commit e2287f99fe6f (od: for !DESKTOP, match output more closely
+    to GNU coreutils 9.1, implement -s)
+    
+    function                                             old     new   delta
+    rewrite                                              967     976      +9
+    
+    Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+    Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+diff --git a/libbb/dump.c b/libbb/dump.c
+index b406a2428..2ca9919da 100644
+--- a/libbb/dump.c
++++ b/libbb/dump.c
+@@ -198,9 +198,11 @@ static NOINLINE void rewrite(priv_dumper_t *dumper, FS *fs)
+ 				if (!e)
+ 					goto DO_BAD_CONV_CHAR;
+ 				pr->flags = F_INT;
+-				if (e > int_convs + 1) /* not d or i? */
+-					pr->flags = F_UINT;
+ 				byte_count_str = "\010\004\002\001";
++				if (e > int_convs + 1) { /* not d or i? */
++					pr->flags = F_UINT;
++					byte_count_str++;
++				}
+ 				goto DO_BYTE_COUNT;
+ 			} else
+ 			if (strchr(int_convs, *p1)) { /* %d etc */
+diff --git a/testsuite/hexdump.tests b/testsuite/hexdump.tests
+index be0379cfc..517ec508b 100755
+--- a/testsuite/hexdump.tests
++++ b/testsuite/hexdump.tests
+@@ -82,4 +82,10 @@ testing "hexdump -e /2 %d" \
+ "\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"\
+ "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"\
+ 
++testing "hexdump -n4 -e '\"%u\"'" \
++	"hexdump -n4 -e '\"%u\"'" \
++	"12345678" \
++	"" \
++	"\x4e\x61\xbc\x00AAAA"
++
+ exit $FAILCOUNT

busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch

@@ -0,0 +1,141 @@
+From 49cd4bfb4046db783074b08bcfac22fed2a0bbe3 Mon Sep 17 00:00:00 2001
+From: Radoslav Kolev <radoslav.kolev@suse.com>
+Date: Wed, 23 Apr 2025 22:30:56 +0300
+Subject: [PATCH 3/3] hexdump: add tests for %x, handle little/big endian
+ properly
+
+Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
+---
+ testsuite/hexdump.tests | 91 +++++++++++++++++++++++++++++++----------
+ 1 file changed, 69 insertions(+), 22 deletions(-)
+
+diff --git a/testsuite/hexdump.tests b/testsuite/hexdump.tests
+index 517ec508b..b2f6a2201 100755
+--- a/testsuite/hexdump.tests
++++ b/testsuite/hexdump.tests
+@@ -5,6 +5,17 @@
+ 
+ . ./testing.sh
+ 
++input=\
++"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"\
++"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"\
++"\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"\
++"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"\
++"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
++
++little_endian=false
++{ printf '\0\1' | hexdump -d | grep -q 256; } && little_endian=true
++readonly little_endian
++
+ # testing "description" "command" "result" "infile" "stdin"
+ testing 'hexdump -C with four NULs' \
+ 	'hexdump -C' \
+@@ -43,12 +54,7 @@ testing "hexdump -e %3_u" \
+   80  81  82  83  84  85  86  87  88  89  8a  8b  8c  8d  8e  8f
+   f0  f1  f2  f3  f4  f5  f6  f7  f8  f9  fa  fb  fc  fd  fe  ff
+ " \
+-	"" \
+-"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"\
+-"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"\
+-"\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"\
+-"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"\
+-"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"\
++        "" "$input"
+ 
+ testing "hexdump -e /1 %d" \
+ 	"hexdump -e '16/1 \" %4d\" \"\n\"'" \
+@@ -59,33 +65,74 @@ testing "hexdump -e /1 %d" \
+  -128 -127 -126 -125 -124 -123 -122 -121 -120 -119 -118 -117 -116 -115 -114 -113
+   -16  -15  -14  -13  -12  -11  -10   -9   -8   -7   -6   -5   -4   -3   -2   -1
+ " \
+-	"" \
+-"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"\
+-"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"\
+-"\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"\
+-"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"\
+-"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"\
++        "" "$input"
+ 
+-testing "hexdump -e /2 %d" \
+-	"hexdump -e '8/2 \" %6d\" \"\n\"'" \
+-	"\
++$little_endian || SKIP=1
++testing "hexdump -e /2 %d (little endian)" \
++        "hexdump -e '8/2 \" %6d\" \"\n\"'" \
++        "\
+     256    770   1284   1798   2312   2826   3340   3854
+    4368   4882   5396   5910   6424   6938   7452   7966
+   29040  29554  30068  30582  31096  31610  32124  32638
+  -32384 -31870 -31356 -30842 -30328 -29814 -29300 -28786
+   -3600  -3086  -2572  -2058  -1544  -1030   -516     -2
+ " \
+-	"" \
+-"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"\
+-"\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"\
+-"\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"\
+-"\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"\
+-"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"\
++        "" "$input"
++SKIP=
++
++$little_endian && SKIP=1
++testing "hexdump -e /2 %d (big endian)" \
++        "hexdump -e '8/2 \" %6d\" \"\n\"'" \
++        "\
++      1    515   1029   1543   2057   2571   3085   3599
++   4113   4627   5141   5655   6169   6683   7197   7711
++  28785  29299  29813  30327  30841  31355  31869  32383
++ -32639 -32125 -31611 -31097 -30583 -30069 -29555 -29041
++  -3855  -3341  -2827  -2313  -1799  -1285   -771   -257
++" \
++        "" "$input"
++SKIP=
+ 
+-testing "hexdump -n4 -e '\"%u\"'" \
++$little_endian || SKIP=1
++testing "hexdump -e /2 %x (little endian)" \
++        "hexdump -e '8/2 \" %6x\" \"\n\"'" \
++        "\
++    100    302    504    706    908    b0a    d0c    f0e
++   1110   1312   1514   1716   1918   1b1a   1d1c   1f1e
++   7170   7372   7574   7776   7978   7b7a   7d7c   7f7e
++   8180   8382   8584   8786   8988   8b8a   8d8c   8f8e
++   f1f0   f3f2   f5f4   f7f6   f9f8   fbfa   fdfc   fffe
++" \
++        "" "$input"
++SKIP=
++
++$little_endian && SKIP=1
++testing "hexdump -e /2 %x (big endian)" \
++        "hexdump -e '8/2 \" %6x\" \"\n\"'" \
++        "\
++      1    203    405    607    809    a0b    c0d    e0f
++   1011   1213   1415   1617   1819   1a1b   1c1d   1e1f
++   7071   7273   7475   7677   7879   7a7b   7c7d   7e7f
++   8081   8283   8485   8687   8889   8a8b   8c8d   8e8f
++   f0f1   f2f3   f4f5   f6f7   f8f9   fafb   fcfd   feff
++" \
++        "" "$input"
++SKIP=
++
++$little_endian || SKIP=1
++testing "hexdump -n4 -e '\"%u\"' (little endian)" \
+ 	"hexdump -n4 -e '\"%u\"'" \
+ 	"12345678" \
+ 	"" \
+ 	"\x4e\x61\xbc\x00AAAA"
++SKIP=
++
++$little_endian && SKIP=1
++testing "hexdump -n4 -e '\"%u\"' (big endian)" \
++	"hexdump -n4 -e '\"%u\"'" \
++	"1315027968" \
++	"" \
++	"\x4e\x61\xbc\x00AAAA"
++SKIP=
+ 
+ exit $FAILCOUNT
+-- 
+2.47.1
+

busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch

@@ -0,0 +1,45 @@
+From ede2cd43610fbf99678c9989f88013652225da5d Mon Sep 17 00:00:00 2001
+From: Radoslav Kolev <radoslav.kolev@suse.com>
+Date: Wed, 23 Apr 2025 20:42:01 +0300
+Subject: [PATCH 1/3] hexdump: fix regression for uint16 on big endian systems
+
+Commit 34751d8bf introduced a bug in the handling of uint16
+values on big endian systems not considered safe for unaligned
+access when falling back to memcpy.
+
+Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
+---
+ libbb/dump.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/libbb/dump.c b/libbb/dump.c
+index 2ca9919da..b8e8f4f0a 100644
+--- a/libbb/dump.c
++++ b/libbb/dump.c
+@@ -667,15 +667,21 @@ static NOINLINE void display(priv_dumper_t* dumper)
+ 							conv_u(pr, bp);
+ 							break;
+ 						case F_UINT: {
++							union {
++								uint16_t uval16;
++								uint32_t uval32;
++							} u;
+ 							unsigned value = (unsigned char)*bp;
+ 							switch (pr->bcnt) {
+ 							case 1:
+ 								break;
+ 							case 2:
+-								move_from_unaligned16(value, bp);
++								move_from_unaligned16(u.uval16, bp);
++								value=u.uval16;
+ 								break;
+ 							case 4:
+-								move_from_unaligned32(value, bp);
++								move_from_unaligned32(u.uval32, bp);
++								value=u.uval32;
+ 								break;
+ 							/* case 8: no users yet */
+ 							}
+-- 
+2.47.1
+

busybox-1.37.0-make-ping-work-without-root-privileges.patch

@@ -0,0 +1,209 @@
+From c682e9410adfdfeb33d507fe0daeda581a07becf Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 29 Mar 2016 09:23:08 +0200
+Subject: [PATCH] ping: make ping work without root privileges
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ networking/ping.c | 115 +++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 94 insertions(+), 21 deletions(-)
+
+diff --git a/networking/ping.c b/networking/ping.c
+index b7e6955a9..dab5101c7 100644
+--- a/networking/ping.c
++++ b/networking/ping.c
+@@ -208,6 +208,7 @@ enum {
+ 	pingsock = 0,
+ };
+ 
++static int using_dgram;
+ static void
+ #if ENABLE_PING6
+ create_icmp_socket(len_and_sockaddr *lsa)
+@@ -224,9 +225,23 @@ create_icmp_socket(void)
+ #endif
+ 		sock = socket(AF_INET, SOCK_RAW, 1); /* 1 == ICMP */
+ 	if (sock < 0) {
+-		if (errno == EPERM)
+-			bb_simple_error_msg_and_die(bb_msg_perm_denied_are_you_root);
+-		bb_simple_perror_msg_and_die(bb_msg_can_not_create_raw_socket);
++		if (errno != EPERM)
++			bb_simple_perror_msg_and_die(bb_msg_can_not_create_raw_socket);
++#if defined(__linux__) || defined(__APPLE__)
++		/* We don't have root privileges.  Try SOCK_DGRAM instead.
++		 * Linux needs net.ipv4.ping_group_range for this to work.
++		 * MacOSX allows ICMP_ECHO, ICMP_TSTAMP or ICMP_MASKREQ
++		 */
++#if ENABLE_PING6
++		if (lsa->u.sa.sa_family == AF_INET6)
++			sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6);
++		else
++#endif
++			sock = socket(AF_INET, SOCK_DGRAM, 1); /* 1 == ICMP */
++		if (sock < 0)
++#endif
++		bb_simple_error_msg_and_die(bb_msg_perm_denied_are_you_root);
++		using_dgram = 1;
+ 	}
+ 
+ 	xmove_fd(sock, pingsock);
+@@ -279,10 +294,12 @@ static void ping4(len_and_sockaddr *lsa)
+ 				bb_simple_perror_msg("recvfrom");
+ 			continue;
+ 		}
+-		if (c >= 76) {			/* ip + icmp */
+-			struct iphdr *iphdr = (struct iphdr *) G.packet;
++		if (c >= 76 || using_dgram && (c == 64)) {			/* ip + icmp */
++			if(!using_dgram) {
++				struct iphdr *iphdr = (struct iphdr *) G.packet;
+ 
+-			pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2));	/* skip ip hdr */
++				pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2));	/* skip ip hdr */
++			} else pkt = (struct icmp *) G.packet;
+ 			if (pkt->icmp_id != G.myid)
+ 				continue; /* not our ping */
+ 			if (pkt->icmp_type == ICMP_ECHOREPLY)
+@@ -691,19 +708,21 @@ static void unpack_tail(int sz, uint32_t *tp,
+ }
+ static int unpack4(char *buf, int sz, struct sockaddr_in *from)
+ {
+-	struct icmp *icmppkt;
+ 	struct iphdr *iphdr;
++	struct icmp *icmppkt;
+ 	int hlen;
+ 
+ 	/* discard if too short */
+ 	if (sz < (datalen + ICMP_MINLEN))
+ 		return 0;
++	if(!using_dgram) {
++		/* check IP header */
++		iphdr = (struct iphdr *) buf;
++		hlen = iphdr->ihl << 2;
++		sz -= hlen;
++		icmppkt = (struct icmp *) (buf + hlen);
++	} else icmppkt = (struct icmp *) buf;
+ 
+-	/* check IP header */
+-	iphdr = (struct iphdr *) buf;
+-	hlen = iphdr->ihl << 2;
+-	sz -= hlen;
+-	icmppkt = (struct icmp *) (buf + hlen);
+ 	if (icmppkt->icmp_id != myid)
+ 		return 0;				/* not our ping */
+ 
+@@ -715,7 +734,7 @@ static int unpack4(char *buf, int sz, struct sockaddr_in *from)
+ 			tp = (uint32_t *) icmppkt->icmp_data;
+ 		unpack_tail(sz, tp,
+ 			inet_ntoa(*(struct in_addr *) &from->sin_addr.s_addr),
+-			recv_seq, iphdr->ttl);
++			recv_seq, using_dgram ? 42 : iphdr->ttl);
+ 		return 1;
+ 	}
+ 	if (icmppkt->icmp_type != ICMP_ECHO) {
+@@ -765,11 +784,31 @@ static void ping4(len_and_sockaddr *lsa)
+ 	int sockopt;
+ 
+ 	pingaddr.sin = lsa->u.sin;
+-	if (source_lsa) {
++	if (source_lsa && !using_dgram) {
+ 		if (setsockopt(pingsock, IPPROTO_IP, IP_MULTICAST_IF,
+ 				&source_lsa->u.sa, source_lsa->len))
+ 			bb_simple_error_msg_and_die("can't set multicast source interface");
+ 		xbind(pingsock, &source_lsa->u.sa, source_lsa->len);
++	} else if(using_dgram) {
++		struct sockaddr_in sa;
++		socklen_t sl;
++
++		sa.sin_family = AF_INET;
++		sa.sin_port = 0;
++		sa.sin_addr.s_addr = source_lsa ?
++			source_lsa->u.sin.sin_addr.s_addr : 0;
++		sl = sizeof(sa);
++
++		if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) {
++			perror("bind");
++			exit(2);
++		}
++
++		if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) {
++			perror("getsockname");
++			exit(2);
++		}
++		myid = sa.sin_port;
+ 	}
+ 
+ 	/* enable broadcast pings */
+@@ -786,6 +825,15 @@ static void ping4(len_and_sockaddr *lsa)
+ 		setsockopt_int(pingsock, IPPROTO_IP, IP_MULTICAST_TTL, opt_ttl);
+ 	}
+ 
++	if(using_dgram) {
++		int hold = 65536;
++		if (setsockopt(pingsock, SOL_IP, IP_RECVTTL, (char *)&hold, sizeof(hold)))
++			perror("WARNING: setsockopt(IP_RECVTTL)");
++		if (setsockopt(pingsock, SOL_IP, IP_RETOPTS, (char *)&hold, sizeof(hold)))
++			perror("WARNING: setsockopt(IP_RETOPTS)");
++
++	}
++
+ 	signal(SIGINT, print_stats_and_exit);
+ 
+ 	/* start the ping's going ... */
+@@ -823,10 +871,33 @@ static void ping6(len_and_sockaddr *lsa)
+ 	char control_buf[CMSG_SPACE(36)];
+ 
+ 	pingaddr.sin6 = lsa->u.sin6;
+-	if (source_lsa)
++	if (source_lsa && !using_dgram)
+ 		xbind(pingsock, &source_lsa->u.sa, source_lsa->len);
++	else if(using_dgram) {
++		struct sockaddr_in6 sa = {0};
++		socklen_t sl;
++
++		sa.sin6_family = AF_INET6;
++		sa.sin6_port = 0;
++		if(source_lsa) {
++			memcpy(&sa.sin6_addr, &source_lsa->u.sin6.sin6_addr, sizeof(struct in6_addr));
++		}
++		sl = sizeof(sa);
++
++		if (bind(pingsock, (struct sockaddr *) &sa, sl) == -1) {
++			perror("bind");
++			exit(2);
++		}
++
++		if (getsockname(pingsock, (struct sockaddr *) &sa, &sl) == -1) {
++			perror("getsockname");
++			exit(2);
++		}
++		myid = sa.sin6_port;
++	}
+ 
+ #ifdef ICMP6_FILTER
++	if(!using_dgram)
+ 	{
+ 		struct icmp6_filter filt;
+ 		if (!(option_mask32 & OPT_VERBOSE)) {
+@@ -972,12 +1043,14 @@ static int common_ping_main(int opt, char **argv)
+ 		interval = INT_MAX/1000000;
+ 	G.interval_us = interval * 1000000;
+ 
+-	myid = (uint16_t) getpid();
+-	/* we can use native-endian ident, but other Unix ping/traceroute
+-	 * utils use *big-endian pid*, and e.g. traceroute on our machine may be
+-	 * *not* from busybox, idents may collide. Follow the convention:
+-	 */
+-	myid = htons(myid);
++	if (!using_dgram) {
++		myid = (uint16_t) getpid();
++		/* we can use native-endian ident, but other Unix ping/traceroute
++		 * utils use *big-endian pid*, and e.g. traceroute on our machine may be
++		 * *not* from busybox, idents may collide. Follow the convention:
++		 */
++		myid = htons(myid);
++	}
+ 	hostname = argv[optind];
+ #if ENABLE_PING6
+ 	{

busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch

@@ -0,0 +1,45 @@
+From 6bd928b9952abb2141122080757337e2fe47e96a Mon Sep 17 00:00:00 2001
+From: Radoslav Kolev <radoslav.kolev@suse.com>
+Date: Wed, 23 Apr 2025 21:06:09 +0300
+Subject: [PATCH 2/3] od: make -B test little endian only, add variant for big
+ endian
+
+Signed-off-by: Radoslav Kolev <radoslav.kolev@suse.com>
+---
+ testsuite/od.tests | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/testsuite/od.tests b/testsuite/od.tests
+index 4f245a7e8..c863bf2e8 100755
+--- a/testsuite/od.tests
++++ b/testsuite/od.tests
+@@ -61,7 +61,8 @@ testing "od -a (DESKTOP)" \
+ "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
+ SKIP=
+ 
+-testing "od -B" \
++$little_endian || SKIP=1
++testing "od -B (little-endian)" \
+         "od -B" \
+ "\
+ 0000000 001001 005003 041101 177103
+@@ -70,6 +71,16 @@ testing "od -B" \
+ 	"" "$input"
+ SKIP=
+ 
++$little_endian && SKIP=1
++testing "od -B (big-endian)" \
++        "od -B" \
++"\
++0000000 000402 001412 040502 041776
++0000010
++" \
++       "" "$input"
++SKIP=
++
+ $little_endian || SKIP=1
+ testing "od -o (little-endian)" \
+         "od -o" \
+-- 
+2.47.1
+

busybox.changes

@@ -1,7 +1,75 @@
+-------------------------------------------------------------------
+Mon Aug 11 14:37:07 UTC 2025 - Fabian Vogt <fvogt@suse.com>
+
+- Add patch to fix adduser inside containers on an SELinux host
+  (boo#1247779):
+  * 0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
+
+-------------------------------------------------------------------
+Mon Aug 11 13:15:36 UTC 2025 - Fabian Vogt <fvogt@suse.com>
+
+- Don't throw debug info away during build, let RPM separate it
+  afterwards
+
+-------------------------------------------------------------------
+Fri Aug  1 07:36:48 UTC 2025 - Radoslav Kolev <radoslav.kolev@suse.com>
+
+- revert the change to busybox.install.patch below. The logic will be
+  needed only in busybox-links package when generating file lists.
+- fix mkdir path to point to /usr/bin instead of /bin
+
+-------------------------------------------------------------------
+Thu Jul 17 04:47:22 UTC 2025 - Radoslav Kolev <radoslav.kolev@suse.com>
+
+- add placeholder variable and ignore applet logic to busybox.install 
+
+-------------------------------------------------------------------
+Mon Jun 23 12:48:28 UTC 2025 - Radoslav Kolev <radoslav.kolev@suse.com>
+
+- enable halt, poweroff, reboot commands (bsc#1243201) 
+
+-------------------------------------------------------------------
+Tue Apr 29 07:57:10 UTC 2025 - Radoslav Kolev <radoslav.kolev@suse.com>
+
+- fix regression in hexdump that broke kernel build:
+  * busybox-1.37.0-fix-regression-n2.patch
+- fix build/tests and hexdump on big endian systems (S390):
+  * busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch 
+  * busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
+  * busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
+
+-------------------------------------------------------------------
+Mon Mar 10 16:45:08 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- add busybox-1.37.0-make-ping-work-without-root-privileges.patch
+  (bsc#1239176)
+
+-------------------------------------------------------------------
+Mon Oct  7 07:59:23 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add patch to fix build on non-x86* architectures:
+  * busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
+
+-------------------------------------------------------------------
+Fri Oct  4 11:55:30 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Fix busybox.config again (got broken with 1.37.0 update)
+- Cleanup spec file
+
+-------------------------------------------------------------------
+Sat Sep 28 20:48:01 UTC 2024 - Matthias G. Eckermann <mge@suse.com>
+
+- Update to 1.37.0
+- remove unnecessary patch ash-fix-segfault-d417193cf.patch
+- Update default config to match 1.37.0 expectations
+- fix use-after-free in xasprintf (CVE-2023-42363, bsc#1217580)
+- fix use-after-free in awk evaluate (CVE-2023-42364, bsc#1217584)
+- fix use-after-free in awk copyvar (CVE-2023-42365, bsc#1217585)
+
 -------------------------------------------------------------------
 Thu Mar 14 09:15:13 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
 
-- tc-no-TCA_CBQ.patch: Disable TCA_CBQ code if kernel headers don't 
+- tc-no-TCA_CBQ.patch: Disable TCA_CBQ code if kernel headers don't
   support them.
 
 -------------------------------------------------------------------
@@ -15,7 +83,7 @@ Fri Dec  8 10:47:35 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 -------------------------------------------------------------------
 Tue Aug 29 09:55:24 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
 
--  Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability 
+-  Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability
    in ash (CVE-2022-48174, bsc#1214538)
 
 -------------------------------------------------------------------
@@ -26,12 +94,12 @@ Fri Jun  2 21:08:22 UTC 2023 - Dirk Müller <dmueller@suse.com>
     support, unzip
    (do not create suid/sgid files unless -K),
     shell (printf and sleep with no args, handing of SIGINT
-    in sleep), ed. 
+    in sleep), ed.
 
 -------------------------------------------------------------------
 Fri Jan  6 08:01:46 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
 
-- Update to version 1.36.0 
+- Update to version 1.36.0
   - awk: fix use after free (CVE-2022-30065)
   - various fixes for ash, bc, cut, fbset, kbuild, libbb, mkfs.vfat,
     mv, powertop, sed, sort, taskset, top, udhcpc6, unzip, vi, xxd
@@ -41,7 +109,7 @@ Fri Jan  6 08:01:46 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
   - ash: enable sleep built-in
   - enable new applets: seedrng, tree, tsort
   - enable SHA hardware acceleration
-  - try LOOP_CONFIGURE for losetup/loop mounts, but fall back to 
+  - try LOOP_CONFIGURE for losetup/loop mounts, but fall back to
     LOOP_SET_FD + LOOP_SET_STATUS if not supported
 - drop e63d7cdf.patch (fix for CVE-2022-30065), included upstream
 
@@ -59,13 +127,13 @@ Wed Nov 23 13:24:55 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
 -------------------------------------------------------------------
 Mon Nov 14 08:52:35 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
 
-- Fix build under SLE-12 
+- Fix build under SLE-12
 
 -------------------------------------------------------------------
 Mon Oct 17 17:26:27 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
 
 - Annotate CVEs already fixed in upstream, but not mentioned in .changes:
-  * CVE-2014-9645 (bsc#914660):  strips of / in module names that can lead to loading unwanted modules 
+  * CVE-2014-9645 (bsc#914660):  strips of / in module names that can lead to loading unwanted modules
 
 -------------------------------------------------------------------
 Thu Jun 30 08:30:05 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
@@ -104,9 +172,9 @@ Wed Jan 12 15:40:40 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
   - tar: prevent malicious archives with long name sizes causing OOM
   - udhcpc6: fix udhcp_find_option to actually find DHCP6 options
   - xxd: fix -p -r
-  - support for new optoins added to basename, cpio, date, find, 
+  - support for new optoins added to basename, cpio, date, find,
     mktemp, wget and others
-- Adjust busybox.config for new features in find, date and cpio 
+- Adjust busybox.config for new features in find, date and cpio
 
 -------------------------------------------------------------------
 Thu Jan  6 06:37:24 UTC 2022 - Radoslav Kolev <radoslav.kolev@suse.com>
@@ -146,7 +214,7 @@ Wed Oct 27 17:22:38 UTC 2021 - Egbert Eich <eich@suse.com>
 Fri Oct 22 12:10:55 UTC 2021 - Lukas Lansky <lukas.lansky@suse.com>
 
 - Enable fdisk (jsc#CAR-16)
-- Add testsuite-gnu-echo.patch: testing.sh to use GNU echo 
+- Add testsuite-gnu-echo.patch: testing.sh to use GNU echo
 
 -------------------------------------------------------------------
 Thu Oct 21 17:43:22 UTC 2021 - Stephan Kulow <coolo@suse.com>
@@ -171,7 +239,7 @@ Sat Oct  9 13:16:11 UTC 2021 - Egbert Eich <eich@suse.com>
   additional setting:
   CONFIG_REBOOT=y
   CONFIG_SWITCH_ROOT=y
-  CONFIG_CTTYHACK=y 
+  CONFIG_CTTYHACK=y
   (bsc#1191514).
 
 -------------------------------------------------------------------
@@ -197,7 +265,7 @@ Thu Jan 28 15:22:02 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
 Tue Jan  5 08:17:09 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
 
 - Update to version 1.32.1
-  - fixes a case where in ash, "wait" never finishes. 
+  - fixes a case where in ash, "wait" never finishes.
 
 -------------------------------------------------------------------
 Tue Jan  5 07:26:20 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
@@ -336,7 +404,7 @@ Thu Mar 28 21:58:41 CET 2019 - kukuk@suse.de
 
 - update to 1.30.1
   * many bugfixes and new features
-- obsolete busybox-1.18.3-libarchive.patch 
+- obsolete busybox-1.18.3-libarchive.patch
 - obsolete busybox-resource.patch
 - Update busybox*.config
 - Merge busybox.spec and busybox-static.spec and build the static
@@ -371,7 +439,7 @@ Tue Nov  1 17:20:51 UTC 2016 - astieger@suse.com
   * many added and expanded implementations of command options
 - includes changes from 1.24.2:
   * fixes for build system (static build with glibc fixed),
-    truncate, gunzip and unzip. 
+    truncate, gunzip and unzip.
 
 -------------------------------------------------------------------
 Thu Mar  3 13:21:03 UTC 2016 - olaf@aepfle.de
@@ -383,7 +451,7 @@ Sun Jan  3 12:00:13 UTC 2016 - p.drouand@gmail.com
 
 - Update to version 1.24.1
   * for a full list of changes see http://www.busybox.net/news.html
-- Refresh busybox.install.patch 
+- Refresh busybox.install.patch
 
 -------------------------------------------------------------------
 Mon Apr 20 16:16:14 UTC 2015 - mpluskal@suse.com
@@ -413,7 +481,7 @@ Thu Dec 12 23:21:11 UTC 2013 - p.drouand@gmail.com
   + fixes for ntfs detection (big-endian fix)
   + xz decompression of concatenated streams
   + mdev acquired a [ENV=regex;] extension instead of undocumented
-    subsystem match hack it used to have prior to 1.21.x. 
+    subsystem match hack it used to have prior to 1.21.x.
 - Changes from 1.21.0
   + udhcpc: gracefully handle packets with CHECKSUM_PARTIAL
   + ifupdown: improve compatibility with Debian
@@ -588,7 +656,7 @@ Tue Apr 10 15:19:52 CEST 2012 - ro@suse.de
 
 - busybox-1.19.4-typedef_umode_t.patch:
   fix compile as umode_t is only defined with KERNEL and is
-  used in header linux/linux/ext2_fs.h 
+  used in header linux/linux/ext2_fs.h
 
 -------------------------------------------------------------------
 Tue Apr 10 14:49:18 CEST 2012 - ro@suse.de
@@ -757,7 +825,7 @@ Wed Aug  9 01:25:09 CEST 2006 - ihno@suse.de
   all setuid and getgid calls are check return values in case
   somebody using per-process resource limits that prevent a user
   from having too many processes
- 
+
 
 -------------------------------------------------------------------
 Wed Jan 25 21:34:46 CET 2006 - mls@suse.de
@@ -777,7 +845,7 @@ Wed Jan 11 15:39:39 CET 2006 - ihno@suse.de
 -------------------------------------------------------------------
 Wed Nov 16 15:44:27 CET 2005 - dmueller@suse.de
 
-- build against dietlibc unconditionally 
+- build against dietlibc unconditionally
 
 -------------------------------------------------------------------
 Thu May 12 18:08:14 CEST 2005 - uli@suse.de
@@ -813,7 +881,7 @@ Wed Jul 21 17:10:34 CEST 2004 - nashif@suse.de
 -------------------------------------------------------------------
 Tue May 11 16:38:33 CEST 2004 - nashif@suse.de
 
-- Bug #39461 - Fixes netlink vulnerability 
+- Bug #39461 - Fixes netlink vulnerability
 
 -------------------------------------------------------------------
 Tue Apr 27 11:17:35 CEST 2004 - mmj@suse.de
@@ -859,7 +927,7 @@ Sat Jan 10 18:25:15 CET 2004 - adrian@suse.de
 -------------------------------------------------------------------
 Wed Dec 10 14:48:43 CET 2003 - uli@suse.de
 
-- build with dietlibc where available 
+- build with dietlibc where available
 
 -------------------------------------------------------------------
 Mon Jun  2 16:05:33 CEST 2003 - nashif@suse.de
@@ -901,9 +969,9 @@ Fri Aug 24 02:59:15 CEST 2001 - nashif@suse.de
 
 - Update to version 0.60.1
 - This is a relatively minor bug fixing release which fixes bugs
-  in the following applets, among others: msh, sed, route, syslogd, 
+  in the following applets, among others: msh, sed, route, syslogd,
   ifconfig, lash
-- Rewrite of tftp 
+- Rewrite of tftp
 
 -------------------------------------------------------------------
 Sat Aug  4 07:21:18 CEST 2001 - nashif@suse.de
@@ -923,7 +991,7 @@ Wed Apr 11 06:16:03 CEST 2001 - nashif@suse.de
 -------------------------------------------------------------------
 Fri Feb  9 17:30:33 MET 2001 - nashif@suse.de
 
-- Fixed sync.c to compile 
+- Fixed sync.c to compile
 
 -------------------------------------------------------------------
 Mon Feb  5 08:06:26 MET 2001 - nashif@suse.de
@@ -933,7 +1001,7 @@ Mon Feb  5 08:06:26 MET 2001 - nashif@suse.de
 -------------------------------------------------------------------
 Wed Dec 20 17:53:40 CET 2000 - uli@suse.de
 
-- disabled insmod for all archs except IA32, ARM and SH 
+- disabled insmod for all archs except IA32, ARM and SH
 
 -------------------------------------------------------------------
 Tue Dec 19 19:10:50 MET 2000 - nashif@suse.de

busybox.config

@@ -1,7 +1,6 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.37.0.git
-# Fri Jan  6 09:43:46 2023
+# Busybox version: 1.37.0
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -17,6 +16,7 @@ CONFIG_SHOW_USAGE=y
 CONFIG_FEATURE_VERBOSE_USAGE=y
 CONFIG_FEATURE_COMPRESS_USAGE=y
 CONFIG_LFS=y
+CONFIG_TIME64=y
 # CONFIG_PAM is not set
 CONFIG_FEATURE_DEVPTS=y
 CONFIG_FEATURE_UTMP=y
@@ -469,6 +469,7 @@ CONFIG_FEATURE_FIND_INUM=y
 CONFIG_FEATURE_FIND_SAMEFILE=y
 CONFIG_FEATURE_FIND_EXEC=y
 CONFIG_FEATURE_FIND_EXEC_PLUS=y
+CONFIG_FEATURE_FIND_EXEC_OK=y
 CONFIG_FEATURE_FIND_USER=y
 CONFIG_FEATURE_FIND_GROUP=y
 CONFIG_FEATURE_FIND_NOT=y
@@ -502,9 +503,9 @@ CONFIG_FEATURE_XARGS_SUPPORT_ARGS_FILE=y
 # CONFIG_BOOTCHARTD is not set
 # CONFIG_FEATURE_BOOTCHARTD_BLOATED_HEADER is not set
 # CONFIG_FEATURE_BOOTCHARTD_CONFIG_FILE is not set
-# CONFIG_HALT is not set
-# CONFIG_POWEROFF is not set
-# CONFIG_REBOOT is not set
+CONFIG_HALT=y
+CONFIG_POWEROFF=y
+CONFIG_REBOOT=y
 # CONFIG_FEATURE_WAIT_FOR_INIT is not set
 # CONFIG_FEATURE_CALL_TELINIT is not set
 CONFIG_TELINIT_PATH=""
@@ -795,6 +796,7 @@ CONFIG_FEATURE_CROND_DIR=""
 # CONFIG_FLASH_LOCK is not set
 # CONFIG_FLASH_UNLOCK is not set
 # CONFIG_FLASHCP is not set
+CONFIG_GETFATTR=y
 # CONFIG_HDPARM is not set
 # CONFIG_FEATURE_HDPARM_GET_IDENTITY is not set
 # CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set
@@ -933,6 +935,7 @@ CONFIG_IPRULE=y
 CONFIG_IPNEIGH=y
 CONFIG_FEATURE_IP_ADDRESS=y
 CONFIG_FEATURE_IP_LINK=y
+CONFIG_FEATURE_IP_LINK_CAN=y
 CONFIG_FEATURE_IP_ROUTE=y
 CONFIG_FEATURE_IP_ROUTE_DIR="/etc/iproute2"
 CONFIG_FEATURE_IP_TUNNEL=y
@@ -1007,6 +1010,7 @@ CONFIG_FEATURE_WGET_OPENSSL=y
 CONFIG_WHOIS=y
 CONFIG_ZCIP=y
 # CONFIG_UDHCPD is not set
+# CONFIG_FEATURE_UDHCPD_BOOTP is not set
 # CONFIG_FEATURE_UDHCPD_BASE_IP_ON_MAC is not set
 # CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY is not set
 CONFIG_DHCPD_LEASES_FILE=""
@@ -1155,7 +1159,6 @@ CONFIG_ASH_MAIL=y
 CONFIG_ASH_ECHO=y
 CONFIG_ASH_PRINTF=y
 CONFIG_ASH_TEST=y
-CONFIG_ASH_SLEEP=y
 CONFIG_ASH_HELP=y
 CONFIG_ASH_GETOPTS=y
 CONFIG_ASH_CMDCMD=y

busybox.install.patch

@@ -1,5 +1,7 @@
+diff --git a/applets/install.sh b/applets/install.sh
+index 415896893..7b51fd8f3 100755
 --- a/applets/install.sh
-+++ b/applets/install.sh	2019/03/29 09:03:34
++++ b/applets/install.sh
 @@ -1,11 +1,11 @@
 -#!/bin/sh
 +#!/usr/bin/busybox sh
@@ -14,7 +16,7 @@
  	echo "  TYPE is one of: --symlinks --hardlinks --binaries --scriptwrapper --none"
  	echo "  OPTS is one or more of: --cleanup --noclobber"
  	exit 1
-@@ -13,9 +13,9 @@
+@@ -13,9 +13,9 @@ fi
  shift # Keep only remaining options
  
  # Source the configuration
@@ -26,11 +28,13 @@
  
  sharedlib_dir="0_lib"
  
-@@ -78,7 +78,7 @@
+@@ -77,8 +77,8 @@ if [ x"$cleanup" = x"1" ] && [ -e "$prefix/bin/busybox" ]; then
+ fi
  
  rm -f "$prefix/bin/busybox" || exit 1
- mkdir -p "$prefix/bin" || exit 1
+-mkdir -p "$prefix/bin" || exit 1
 -install -m 755 busybox "$prefix/bin/busybox" || exit 1
++mkdir -p "$prefix/usr/bin" || exit 1
 +install -m 755 /usr/bin/busybox "$prefix/bin/busybox" || exit 1
  
  for i in $h; do

busybox.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package busybox
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,11 +24,10 @@
 %bcond_without  static
 
 Name:           busybox
-Version:        1.36.1
+Version:        1.37.0
 Release:        0
 Summary:        Minimalist variant of UNIX utilities linked in a single executable
 License:        GPL-2.0-or-later
-Group:          System/Base
 URL:            https://www.busybox.net/
 Source:         https://busybox.net/downloads/%{name}-%{version}.tar.bz2
 Source2:        busybox.config
@@ -42,23 +41,37 @@ Source7:        busybox.config.static.warewulf3
 Patch0:         cpio-long-opt.patch
 Patch1:         sendmail-ignore-F-option.patch
 Patch2:         testsuite-gnu-echo.patch
-# PATCH-FIX-UPSTREAM shell: avoid segfault on ${0::0/0~09J} (CVE-2022-48174) https://git.busybox.net/busybox/commit/?id=d417193cf
-Patch3:         ash-fix-segfault-d417193cf.patch
+# # PATCH-FIX-UPSTREAM shell: avoid segfault on ${0::0/0~09J} (CVE-2022-48174) https://git.busybox.net/busybox/commit/?id=d417193cf
+# Patch3:         ash-fix-segfault-d417193cf.patch
 Patch4:         udhcp6-install-path.patch
 Patch5:         tc-no-TCA_CBQ.patch
+# PATCH-FIX-UPSTREAM - Borrowed from Fedora - https://src.fedoraproject.org/rpms/busybox/blob/rawhide/f/busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
+Patch6:         busybox-1.37.0-fix-conditional-for-sha1_process_block64_shaNI.patch
+# https://gitlab.alpinelinux.org/alpine/aports/-/raw/3.21-stable/main/busybox/0015-ping-make-ping-work-without-root-privileges.patch?ref_type=heads
+Patch7:         busybox-1.37.0-make-ping-work-without-root-privileges.patch
+#PATCH-FIX-UPSTREAM -  hexdump: fix regression with -n4 -e '"%u"' bug introduced in busybox 1.37.0 that broke kernel builds.
+Patch8:         busybox-1.37.0-fix-regression-n2.patch
+#PATCH-FIX-UPSTREAM - Fixes for hexdump and tests on big endian (S390) systems
+Patch9:         busybox-1.37.0-hexdump-fix-regression-for-uint16-on-big-endian-syst.patch
+Patch10:        busybox-1.37.0-od-make-B-test-little-endian-only-add-variant-for-bi.patch
+Patch11:        busybox-1.37.0-hexdump-add-tests-for-x-handle-little-big-endian-pro.patch
+# PATCH-FIX-UPSTREAM - Fix adduser inside containers (boo#1247779)
+Patch12:        0001-update_passwd-Avoid-selinux_preserve_fcontext-if-SEL.patch
+
 # other patches
 Patch100:       busybox.install.patch
-Provides:       useradd_or_adduser_dep
 BuildRequires:  glibc-devel-static
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libselinux)
+# for test suite
+BuildRequires:  zip
+Provides:       useradd_or_adduser_dep
 #in SLE12 hostname is part of the net-tools package
 %if %{?suse_version} && %{?suse_version} <= 1315
 BuildRequires:  net-tools
 %else
 BuildRequires:  hostname
 %endif
-BuildRequires:  pkgconfig(libselinux)
-# for test suite
-BuildRequires:  zip
 
 %description
 BusyBox combines tiny versions of many common UNIX utilities into a
@@ -75,7 +88,6 @@ box but need special configuration, like udhcpc, the dhcp client.
 
 %package static
 Summary:        Static linked version of Busybox, a compact UNIX utility collection
-Group:          System/Base
 
 %description static
 BusyBox combines tiny versions of many common UNIX utilities into a
@@ -83,7 +95,6 @@ single executable.
 
 %package warewulf3
 Summary:        Static version of Busybox - for building Warewulf3
-Group:          System/Base
 
 %description warewulf3
 This version of busybox is only for building Warewulf3
@@ -91,7 +102,6 @@ https://github.com/warewulf/warewulf3
 
 %package testsuite
 Summary:        Testsuite of busybox
-Group:          Development/Testing
 Requires:       %{name} = %{version}
 Requires:       zip
 
@@ -100,8 +110,8 @@ Using this package you can test the busybox build on different kernels and glibc
 It needs to run with permission to the current directory, so either copy it away
 as is or run as root:
 
-cd /usr/share/busybox/testsuite
-PATH=/usr/share/busybox:$PATH SKIP_KNOWN_BUGS=1 ./runtest
+cd %{_datadir}/busybox/testsuite
+PATH=%{_datadir}/busybox:$PATH SKIP_KNOWN_BUGS=1 ./runtest
 
 %prep
 #SLE12 needs an empty line after autosetup for it to expand properly (bsc#1205420)
@@ -116,33 +126,35 @@ export KBUILD_VERBOSE=1
 export CFLAGS="%{optflags} -fPIC -fno-strict-aliasing -I/usr/include/tirpc"
 export CC="gcc"
 export HOSTCC=gcc
+# Keep debug info, we take care of stripping ourselves
+export SKIP_STRIP=y
 %if %{with static}
 cat %{SOURCE3} %{SOURCE2} > .config
-make %{?_smp_mflags} -e oldconfig
-make -e %{?_smp_mflags}
+%make_build -e oldconfig
+%make_build -e
 mv busybox busybox-static
 %endif
 
 %if 0%{with ww3}
-make -e %{?_smp_mflags} clean
+%make_build -e clean
 cat %{SOURCE7} %{SOURCE3} %{SOURCE2} > .config
-make %{?_smp_mflags} -e oldconfig
-make -e %{?_smp_mflags}
+%make_build -e oldconfig
+%make_build -e
 mv busybox busybox-warewulf3
-make -e busybox.links %{?_smp_mflags}
+%make_build -e busybox.links
 mv busybox.links busybox-warewulf3.links
 %endif
 
-make -e %{?_smp_mflags} clean
+%make_build -e clean
 cp -a %{SOURCE2} .config
-make %{?_smp_mflags} -e oldconfig
+%make_build -e oldconfig
 #make -e %{?_smp_mflags}
-make -e
-make -e doc busybox.links %{?_smp_mflags}
+%make_build -e
+%make_build -e doc busybox.links
 
 %if 0%{?suse_version} >= 1550
 for i in busybox.links %{?with_ww3:busybox-warewulf3.links}; do
-    sed -i -e 's,^/\(s\?bin\)/,/usr/\1/,' $i
+    sed -i -e 's,^/\(s\?bin\)/,%{_prefix}/\1/,' $i
 done
 %endif
 
@@ -164,7 +176,7 @@ install -m 0644 busybox-warewulf3.links %{buildroot}%{_datadir}/busybox
 install -m 0755 busybox-warewulf3 %{buildroot}%{_bindir}
 %endif
 cp %{SOURCE2} %{buildroot}%{_datadir}/busybox/.config
-ln -s %_bindir/busybox %{buildroot}%{_datadir}/busybox/busybox
+ln -s %{_bindir}/busybox %{buildroot}%{_datadir}/busybox/busybox
 cp -a testsuite %{buildroot}%{_datadir}/busybox/testsuite
 
 %check
@@ -175,13 +187,13 @@ export CC="gcc"
 export HOSTCC=gcc
 export SKIP_KNOWN_BUGS=1
 export SKIP_INTERNET_TESTS=1
-make -e %{?_smp_mflags} test
+%make_build -e test
 
 %files
 %license LICENSE
 %doc docs/mdev.txt
 %config %{_sysconfdir}/man.conf
-%doc %{_mandir}/man1/busybox.1.gz
+%{_mandir}/man1/busybox.1%{?ext_man}
 %{_bindir}/busybox
 %{_bindir}/busybox.install
 %dir %{_datadir}/busybox