Changelog
busybox (1:1.27.2-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable.
- Fixes problem with linux boot parameters not being copied to
busybox environment, and breaking preseeding. LP: #1736421.
* Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
testsuite/tar.tests.
* Dropped changes, included in Debian:
- readlink-in-slash-bin.patch: move readlink to /bin.
- debian/patches/CVE-2017-15874.patch: add another check to
archival/libarchive/decompress_unlzma.c.
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
busybox (1:1.27.2-2) unstable; urgency=medium
* Trigger an initramfs rebuild on installation. (Closes: #549022)
* Temporarily re-enable invalid variable names in the udeb flavour for
debian-installer.
* Install the readlink binary in /bin. (Closes: #801850)
* Fix integer overflow in bzip2 decompresson [CVE-2017-15874].
(Closes: #879732)
* Fix integer underflow in LZMA decompressor [CVE-2017-15874].
(Closes: #879732)
* Prevent tab completion for strings containing control characters
[CVE-2017-16544].
* Debian packaging changes:
- Update debian/control:
- Update Standards-Version to 4.1.1.
- Change Priority to optional for all packages.
- Remove obsolete debian/gbp.conf.
- Update debian/watch:
- Switch to format=4.
- Use HTTPS URI.
-- Steve Langasek <email address hidden> Wed, 06 Dec 2017 11:35:12 -0800