[ubuntu/bionic-proposed] busybox 1:1.27.2-2ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Wed Dec 6 21:48:13 UTC 2017
busybox (1:1.27.2-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable.
- Fixes problem with linux boot parameters not being copied to
busybox environment, and breaking preseeding. LP: #1736421.
* Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
testsuite/tar.tests.
* Dropped changes, included in Debian:
- readlink-in-slash-bin.patch: move readlink to /bin.
- debian/patches/CVE-2017-15874.patch: add another check to
archival/libarchive/decompress_unlzma.c.
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
busybox (1:1.27.2-2) unstable; urgency=medium
* Trigger an initramfs rebuild on installation. (Closes: #549022)
* Temporarily re-enable invalid variable names in the udeb flavour for
debian-installer.
* Install the readlink binary in /bin. (Closes: #801850)
* Fix integer overflow in bzip2 decompresson [CVE-2017-15874].
(Closes: #879732)
* Fix integer underflow in LZMA decompressor [CVE-2017-15874].
(Closes: #879732)
* Prevent tab completion for strings containing control characters
[CVE-2017-16544].
* Debian packaging changes:
- Update debian/control:
- Update Standards-Version to 4.1.1.
- Change Priority to optional for all packages.
- Remove obsolete debian/gbp.conf.
- Update debian/watch:
- Switch to format=4.
- Use HTTPS URI.
Date: Wed, 06 Dec 2017 11:35:12 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 06 Dec 2017 11:35:12 -0800
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-2ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
busybox - Tiny utilities for small and embedded systems
busybox-initramfs - Standalone shell setup for initramfs
busybox-static - Standalone rescue shell with tons of builtin utilities
busybox-syslogd - Provides syslogd and klogd using busybox
busybox-udeb - Tiny utilities for the debian-installer (udeb)
udhcpc - Provides the busybox DHCP client implementation
udhcpd - Provides the busybox DHCP server implementation
Closes: 549022 801850 879732
Launchpad-Bugs-Fixed: 1736421
Changes:
busybox (1:1.27.2-2ubuntu1) bionic; urgency=low
.
* Merge from Debian unstable.
- Fixes problem with linux boot parameters not being copied to
busybox environment, and breaking preseeding. LP: #1736421.
* Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
testsuite/tar.tests.
* Dropped changes, included in Debian:
- readlink-in-slash-bin.patch: move readlink to /bin.
- debian/patches/CVE-2017-15874.patch: add another check to
archival/libarchive/decompress_unlzma.c.
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
.
busybox (1:1.27.2-2) unstable; urgency=medium
.
* Trigger an initramfs rebuild on installation. (Closes: #549022)
* Temporarily re-enable invalid variable names in the udeb flavour for
debian-installer.
* Install the readlink binary in /bin. (Closes: #801850)
* Fix integer overflow in bzip2 decompresson [CVE-2017-15874].
(Closes: #879732)
* Fix integer underflow in LZMA decompressor [CVE-2017-15874].
(Closes: #879732)
* Prevent tab completion for strings containing control characters
[CVE-2017-16544].
* Debian packaging changes:
- Update debian/control:
- Update Standards-Version to 4.1.1.
- Change Priority to optional for all packages.
- Remove obsolete debian/gbp.conf.
- Update debian/watch:
- Switch to format=4.
- Use HTTPS URI.
Checksums-Sha1:
5dab6c2615e793d5e5ac40c872f2fd405646bcf7 2413 busybox_1.27.2-2ubuntu1.dsc
29e55bf83a98db980556b9ec1d038ae270294ce7 63152 busybox_1.27.2-2ubuntu1.debian.tar.xz
2bab8fcb5a81cfb0635166f3386e2d60c62acaf5 6339 busybox_1.27.2-2ubuntu1_source.buildinfo
Checksums-Sha256:
2eea7d1cf9228416ae0132d25e63aed36664ae36a210f29cb295ce91646af69a 2413 busybox_1.27.2-2ubuntu1.dsc
e1c3964225b0261de977b34f00b685cd5b0b640c4084d28bfeef0e7671d92280 63152 busybox_1.27.2-2ubuntu1.debian.tar.xz
aa5fa2d76cba85475597865fff263d9332ea6d9ac1c4ab7712b334e4217a5423 6339 busybox_1.27.2-2ubuntu1_source.buildinfo
Files:
1c4a53b121ac0eeb98f141387db6d831 2413 utils optional busybox_1.27.2-2ubuntu1.dsc
89e1681b8bf05aed8411365ab59fcf80 63152 utils optional busybox_1.27.2-2ubuntu1.debian.tar.xz
a72c93ce34ee9cc71a6de563908d2d2e 6339 utils optional busybox_1.27.2-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
iQI3BAEBCgAhBQJaKGNAGhxzdGV2ZS5sYW5nYXNla0B1YnVudHUuY29tAAoJEFaN
MPMhshM9ONQP/imFPmQrzqylYG0LrMXIXiZgQxbaDsTSNEaA6m9pUs9WLRtXa+xv
Pej6xOiLhy+/SVvtg/CwLpyKEyurtoU8R2WL9pBSWGcuk80iDyfPU0b3np4ataP0
lCHWMIW3PsW/MSGuxrA66RdR6qtBqj6WlHRo1G99/D7DtDn2TVfA4R/JfKKKyZ9v
wOWzaXlhhNqFjl/QenULkbQQT5WQpE0lUtWfjd1r58Zf89LFYubddRU2rnf9dLTr
I9j9e0pCnABAwmN+5qFvWo7kNMOKvmp7b+eUTceO6xzYH40oSBN1iYOVgQGT0WI0
3Wzyf9FIN36FRQXI/gWSrA5VKRlpIXX5OvWuSVIvtFQUfxofd9wJllDgVy+N/yi7
rIlerpCO4kWPOhz/VFViFoaksXGDlOiK69Ka8fI8iiJHJietizATUlyyazgf4wbz
r24BSE3KRk5xcKbYER5dtRrswW5dmZqKWP2m6C84+D21KeJiwHE/zAHwCocsCpMd
SgOd1Odh9rnI0JK4FHAk5/NNYW8p929v20ET4iQWyCYUJDScNYvAK03RqKPP8Z0b
iTx8bKIXqL7LDLYb8BBwsQFgViv2BqYry7SdfJmxSnOjw2SUUHxq7GrI4f3VEpTi
ItL7Dwd4VAVo1t2WKJ9acjcKi8efktwUSMHx2Q8LPckNDhUQY4kYQLbJ
=YJ0c
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list