[Bug 1753572] Update Released

[Robie Basak]

The verification of the Stable Release Update for busybox has completed
successfully and the package has now been released to -updates.
Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report.  In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/1753572

Title:
  cpio in Busybox 1.27 ingnores "unsafe links"

Status in busybox package in Ubuntu:
  Fix Released
Status in debirf package in Ubuntu:
  Confirmed
Status in busybox source package in Bionic:
  Fix Released
Status in debirf source package in Bionic:
  Confirmed
Status in busybox source package in Cosmic:
  Fix Released
Status in debirf source package in Cosmic:
  Confirmed

Bug description:
  Description:    Ubuntu Bionic Beaver (development branch)
  Release:        18.04

  busybox:
    Installed: 1:1.27.2-2ubuntu3
    Candidate: 1:1.27.2-2ubuntu3

  3) Expected my CPIO archive to be fully extracted with proper symlinks
  Command: unxz < /rootfs.cxz | cpio -i

  4) 'Unsafe' symlinks were ignored such as:

  sbin/init -> /lib/systemd/systemd

  With the broken 1.27 sbin/init does not get created at all and my
  debirf initrd fails to load/boot properly.

  1.22 from Xenial works.
  GNU Cpio also works.

  It looks like 1.28 adds an env var to override this behavior:

  libarchive: do not extract unsafe symlinks unless
  $EXTRACT_UNSAFE_SYMLINKS=1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1753572/+subscriptions