[ubuntu/bionic-proposed] busybox 1:1.27.2-2ubuntu1 (Accepted)

Steve Langasek steve.langasek at ubuntu.com
Wed Dec 6 21:48:13 UTC 2017 

busybox (1:1.27.2-2ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.
    - Fixes problem with linux boot parameters not being copied to
      busybox environment, and breaking preseeding.  LP: #1736421.
  * Remaining changes:
    - [udeb] Enable chvt, killall, losetup, od, and stat.
    - test-bin.patch: Move test and friends to /bin.
    - static-sh-alias.patch: Add static-sh alias name for ash, and install
      /bin/static-sh symlink to busybox in busybox-static.
    - Add busybox-initramfs.
    - Enable chpasswd in standard and static builds (needed by LXC).
    - Move zz-busybox to busybox-initramfs to ensure we get links to all
      the tools we need, stop shipping it anywhere else.
    - Prefer busybox commands over klibc commands where there is duplication.
    - Add Ubuntu configuration for busybox binaries.
    - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
      unless env variable is set in archival/libarchive/Kbuild.src,
      archival/libarchive/data_extract_all.c,
      archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
      coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
      testsuite/tar.tests.
  * Dropped changes, included in Debian:
    - readlink-in-slash-bin.patch: move readlink to /bin.
    - debian/patches/CVE-2017-15874.patch: add another check to
      archival/libarchive/decompress_unlzma.c.
    - debian/patches/CVE-2017-16544.patch: check for control characters in
      libbb/lineedit.c.
    - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
      archival/libarchive/decompress_bunzip2.c.

busybox (1:1.27.2-2) unstable; urgency=medium

  * Trigger an initramfs rebuild on installation. (Closes: #549022)
  * Temporarily re-enable invalid variable names in the udeb flavour for
    debian-installer.
  * Install the readlink binary in /bin. (Closes: #801850)
  * Fix integer overflow in bzip2 decompresson [CVE-2017-15874].
    (Closes: #879732)
  * Fix integer underflow in LZMA decompressor [CVE-2017-15874].
    (Closes: #879732)
  * Prevent tab completion for strings containing control characters
    [CVE-2017-16544].
  * Debian packaging changes:
    - Update debian/control:
      - Update Standards-Version to 4.1.1.
      - Change Priority to optional for all packages.
    - Remove obsolete debian/gbp.conf.
    - Update debian/watch:
      - Switch to format=4.
      - Use HTTPS URI.

Date: Wed, 06 Dec 2017 11:35:12 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/busybox/1:1.27.2-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 Dec 2017 11:35:12 -0800
Source: busybox
Binary: busybox busybox-static busybox-initramfs busybox-udeb busybox-syslogd udhcpc udhcpd
Architecture: source
Version: 1:1.27.2-2ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
 busybox    - Tiny utilities for small and embedded systems
 busybox-initramfs - Standalone shell setup for initramfs
 busybox-static - Standalone rescue shell with tons of builtin utilities
 busybox-syslogd - Provides syslogd and klogd using busybox
 busybox-udeb - Tiny utilities for the debian-installer (udeb)
 udhcpc     - Provides the busybox DHCP client implementation
 udhcpd     - Provides the busybox DHCP server implementation
Closes: 549022 801850 879732
Launchpad-Bugs-Fixed: 1736421
Changes:
 busybox (1:1.27.2-2ubuntu1) bionic; urgency=low
 .
   * Merge from Debian unstable.
     - Fixes problem with linux boot parameters not being copied to
       busybox environment, and breaking preseeding.  LP: #1736421.
   * Remaining changes:
     - [udeb] Enable chvt, killall, losetup, od, and stat.
     - test-bin.patch: Move test and friends to /bin.
     - static-sh-alias.patch: Add static-sh alias name for ash, and install
       /bin/static-sh symlink to busybox in busybox-static.
     - Add busybox-initramfs.
     - Enable chpasswd in standard and static builds (needed by LXC).
     - Move zz-busybox to busybox-initramfs to ensure we get links to all
       the tools we need, stop shipping it anywhere else.
     - Prefer busybox commands over klibc commands where there is duplication.
     - Add Ubuntu configuration for busybox binaries.
     - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
       unless env variable is set in archival/libarchive/Kbuild.src,
       archival/libarchive/data_extract_all.c,
       archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
       coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
       testsuite/tar.tests.
   * Dropped changes, included in Debian:
     - readlink-in-slash-bin.patch: move readlink to /bin.
     - debian/patches/CVE-2017-15874.patch: add another check to
       archival/libarchive/decompress_unlzma.c.
     - debian/patches/CVE-2017-16544.patch: check for control characters in
       libbb/lineedit.c.
     - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
       archival/libarchive/decompress_bunzip2.c.
 .
 busybox (1:1.27.2-2) unstable; urgency=medium
 .
   * Trigger an initramfs rebuild on installation. (Closes: #549022)
   * Temporarily re-enable invalid variable names in the udeb flavour for
     debian-installer.
   * Install the readlink binary in /bin. (Closes: #801850)
   * Fix integer overflow in bzip2 decompresson [CVE-2017-15874].
     (Closes: #879732)
   * Fix integer underflow in LZMA decompressor [CVE-2017-15874].
     (Closes: #879732)
   * Prevent tab completion for strings containing control characters
     [CVE-2017-16544].
   * Debian packaging changes:
     - Update debian/control:
       - Update Standards-Version to 4.1.1.
       - Change Priority to optional for all packages.
     - Remove obsolete debian/gbp.conf.
     - Update debian/watch:
       - Switch to format=4.
       - Use HTTPS URI.
Checksums-Sha1:
 5dab6c2615e793d5e5ac40c872f2fd405646bcf7 2413 busybox_1.27.2-2ubuntu1.dsc
 29e55bf83a98db980556b9ec1d038ae270294ce7 63152 busybox_1.27.2-2ubuntu1.debian.tar.xz
 2bab8fcb5a81cfb0635166f3386e2d60c62acaf5 6339 busybox_1.27.2-2ubuntu1_source.buildinfo
Checksums-Sha256:
 2eea7d1cf9228416ae0132d25e63aed36664ae36a210f29cb295ce91646af69a 2413 busybox_1.27.2-2ubuntu1.dsc
 e1c3964225b0261de977b34f00b685cd5b0b640c4084d28bfeef0e7671d92280 63152 busybox_1.27.2-2ubuntu1.debian.tar.xz
 aa5fa2d76cba85475597865fff263d9332ea6d9ac1c4ab7712b334e4217a5423 6339 busybox_1.27.2-2ubuntu1_source.buildinfo
Files:
 1c4a53b121ac0eeb98f141387db6d831 2413 utils optional busybox_1.27.2-2ubuntu1.dsc
 89e1681b8bf05aed8411365ab59fcf80 63152 utils optional busybox_1.27.2-2ubuntu1.debian.tar.xz
 a72c93ce34ee9cc71a6de563908d2d2e 6339 utils optional busybox_1.27.2-2ubuntu1_source.buildinfo
Original-Maintainer: Debian Install System Team <debian-boot at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQI3BAEBCgAhBQJaKGNAGhxzdGV2ZS5sYW5nYXNla0B1YnVudHUuY29tAAoJEFaN
MPMhshM9ONQP/imFPmQrzqylYG0LrMXIXiZgQxbaDsTSNEaA6m9pUs9WLRtXa+xv
Pej6xOiLhy+/SVvtg/CwLpyKEyurtoU8R2WL9pBSWGcuk80iDyfPU0b3np4ataP0
lCHWMIW3PsW/MSGuxrA66RdR6qtBqj6WlHRo1G99/D7DtDn2TVfA4R/JfKKKyZ9v
wOWzaXlhhNqFjl/QenULkbQQT5WQpE0lUtWfjd1r58Zf89LFYubddRU2rnf9dLTr
I9j9e0pCnABAwmN+5qFvWo7kNMOKvmp7b+eUTceO6xzYH40oSBN1iYOVgQGT0WI0
3Wzyf9FIN36FRQXI/gWSrA5VKRlpIXX5OvWuSVIvtFQUfxofd9wJllDgVy+N/yi7
rIlerpCO4kWPOhz/VFViFoaksXGDlOiK69Ka8fI8iiJHJietizATUlyyazgf4wbz
r24BSE3KRk5xcKbYER5dtRrswW5dmZqKWP2m6C84+D21KeJiwHE/zAHwCocsCpMd
SgOd1Odh9rnI0JK4FHAk5/NNYW8p929v20ET4iQWyCYUJDScNYvAK03RqKPP8Z0b
iTx8bKIXqL7LDLYb8BBwsQFgViv2BqYry7SdfJmxSnOjw2SUUHxq7GrI4f3VEpTi
ItL7Dwd4VAVo1t2WKJ9acjcKi8efktwUSMHx2Q8LPckNDhUQY4kYQLbJ
=YJ0c
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list