Change log for busybox package in Ubuntu
| 1 → 50 of 138 results | First • Previous • Next • Last |
| Published in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
busybox (1:1.36.1-3ubuntu1) mantic; urgency=medium
* Refresh d/config/pkg/initramfs for new upstream version. New values based
on 'deb' config.
* Drop delta to the udeb config
* Merge from Debian unstable. Remaining changes:
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- debian/config/pkg/deb
debian/config/pkg/static:
Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- debian/config/pkg/initramfs
debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Enable TLS in initramfs flavour of wget applet, requires openssl
- Add dirname from coreutils to the initramfs
-- Dan Bungert <email address hidden> Wed, 05 Jul 2023 18:03:13 -0600
Available diffs
- diff from 1:1.35.0-4ubuntu1 to 1:1.36.1-3ubuntu1 (104.0 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
busybox (1:1.35.0-4ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- debian/config/pkg/deb
debian/config/pkg/static:
Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- debian/config/pkg/initramfs
debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Enable TLS in initramfs flavour of wget applet, requires openssl
- Add dirname from coreutils to the initramfs
-- William 'jawn-smith' Wilson <email address hidden> Fri, 23 Nov 2022 15:44:44 +0000
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
busybox (1:1.35.0-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- debian/config/pkg/deb
debian/config/pkg/static:
Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- debian/config/pkg/initramfs
debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Enable TLS in initramfs flavour of wget applet, requires openssl
- Add dirname from coreutils to the initramfs
* Dropped changes, included in Debian:
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch
- debian/patches/adjust-testsuite-for-fixed-bunzip2.patch
- debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch
- debian/patches/CVE-2018-1000500-2.patch
-- William 'jawn-smith' Wilson <email address hidden> Thu, 18 Aug 2022 13:27:21 -0500
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
busybox (1:1.30.1-7ubuntu3) jammy; urgency=medium * Add dirname from coreutils to the initramfs (LP: #1960083) -- William 'jawn-smith' Wilson <email address hidden> Fri, 04 Feb 2022 16:10:23 -0600
Available diffs
- diff from 1:1.30.1-7ubuntu2 to 1:1.30.1-7ubuntu3 (518 bytes)
busybox (1:1.27.2-2ubuntu3.4) bionic-security; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
-- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:05:22 -0500
Available diffs
busybox (1:1.30.1-4ubuntu6.4) focal-security; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
-- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:02:55 -0500
Available diffs
busybox (1:1.30.1-6ubuntu2.1) hirsute-security; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
-- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:02:16 -0500
Available diffs
busybox (1:1.30.1-6ubuntu3.1) impish-security; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
-- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:01:36 -0500
Available diffs
busybox (1:1.30.1-7ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
-- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:52:59 -0500
Available diffs
busybox (1:1.30.1-7ubuntu1) jammy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- debian/config/pkg/deb
debian/config/pkg/static:
Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch
debian/patches/adjust-testsuite-for-fixed-bunzip2.patch
Cherry-pick upstream fix for the bzip2 test failure
Adjust testsuite expectations.
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- debian/config/pkg/initramfs
debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Enable TLS in initramfs flavour of wget applet, requires openssl
- debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch:
Enable TLS verification with OpenSSL
- SECURITY UPDATE: missing ssl cert validation in wget applet
debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c. (CVE-2018-1000500)
* Dropped changes, included in Debian:
- Fix FTBFS with newer glibc:
debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only
required for kernels < 2.6.23, and no longer builds with glibc in
groovy as the RPC functions are gone.
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
busybox (1:1.30.1-6ubuntu3) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:09:51 +0200
Available diffs
- diff from 1:1.30.1-6ubuntu2 to 1:1.30.1-6ubuntu3 (335 bytes)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
busybox (1:1.30.1-6ubuntu2) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:30:15 +0100
Available diffs
- diff from 1:1.30.1-6ubuntu1 to 1:1.30.1-6ubuntu2 (341 bytes)
busybox (1:1.30.1-4ubuntu6.3) focal; urgency=medium
* cherry-pick settimeofday for glibc v2.31+ compatibility fix for upstream
(LP: #1888543)
-- Balint Reczey <email address hidden> Wed, 11 Nov 2020 13:15:02 +0100
Available diffs
busybox (1:1.30.1-4ubuntu9.1) groovy; urgency=medium
* cherry-pick settimeofday for glibc v2.31+ compatibility fix for upstream
(LP: #1888543)
-- Balint Reczey <email address hidden> Mon, 09 Nov 2020 15:55:05 +0100
Available diffs
busybox (1:1.30.1-6ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- debian/config/pkg/deb
debian/config/pkg/static:
Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch
debian/patches/adjust-testsuite-for-fixed-bunzip2.patch
Cherry-pick upstream fix for the bzip2 test failure
Adjust testsuite expectations.
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- debian/config/pkg/initramfs
debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Enable TLS in initramfs flavour of wget applet, requires openssl
- debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch:
Enable TLS verification with OpenSSL
- SECURITY UPDATE: missing ssl cert validation in wget applet
debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c. (CVE-2018-1000500)
- Fix FTBFS with newer glibc:
debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only
required for kernels < 2.6.23, and no longer builds with glibc in
groovy as the RPC functions are gone.
* Dropped changes, included in Debian:
debian/patches/stime-is-clock_settime.patch: stime is obsolete, use
clock_settime instead.
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
busybox (1:1.30.1-4ubuntu9) groovy; urgency=medium
* SECURITY UPDATE: missing ssl cert validation in wget applet
- debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c.
- CVE-2018-1000500
* Fix FTBFS with newer glibc:
- debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only
required for kernels < 2.6.23, and no longer builds with glibc in
groovy as the RPC functions are gone.
-- Marc Deslauriers <email address hidden> Tue, 22 Sep 2020 08:22:17 -0400
Available diffs
busybox (1:1.27.2-2ubuntu3.3) bionic-security; urgency=medium
* SECURITY UPDATE: missing ssl cert validation in wget applet
- debian/patches/CVE-2018-1000500-pre1.patch: emit a message that
certificate verification is not implemented in networking/wget.c.
- debian/patches/CVE-2018-1000500-pre2.patch: print warning only once
in networking/wget.c.
- debian/patches/CVE-2018-1000500-1.patch: implement TLS verification
with ENABLE_FEATURE_WGET_OPENSSL in networking/wget.c.
- debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c.
- CVE-2018-1000500
-- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 10:26:16 -0400
Available diffs
busybox (1:1.30.1-4ubuntu6.2) focal-security; urgency=medium
* SECURITY UPDATE: missing ssl cert validation in wget applet
- debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c.
- CVE-2018-1000500
-- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 09:47:43 -0400
Available diffs
busybox (1:1.30.1-4ubuntu8) groovy; urgency=medium * Enable TLS verification with OpenSSL. LP: #1879533
Available diffs
| Superseded in groovy-proposed |
busybox (1:1.30.1-4ubuntu7) groovy; urgency=medium
* Enable TLS in initramfs flavour of wget applet, requires openssl. LP:
#1879525
-- Dimitri John Ledkov <email address hidden> Tue, 19 May 2020 16:16:23 +0100
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
busybox (1:1.30.1-4ubuntu6) focal; urgency=medium
* debian/patches/stime-is-clock_settime.patch: stime is obsolete, use
clock_settime instead.
-- Steve Langasek <email address hidden> Mon, 30 Mar 2020 15:37:00 +0000
Available diffs
busybox (1:1.30.1-4ubuntu5) focal; urgency=medium
* debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
-- Adam Conrad <email address hidden> Mon, 04 Nov 2019 09:35:27 -0700
Available diffs
- diff from 1:1.30.1-4ubuntu4 to 1:1.30.1-4ubuntu5 (607 bytes)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
busybox (1:1.30.1-4ubuntu4) eoan; urgency=medium
* Revert previous upload, cherrypick upstream fix for the issue. LP:
#1828282
* Adjust testsuite expectations.
-- Dimitri John Ledkov <email address hidden> Thu, 23 May 2019 14:37:05 +0100
Available diffs
busybox (1:1.30.1-4ubuntu3) eoan; urgency=medium
* debian/patches/skip-failing-bzip2-test.patch: Ignore failure of
bz2_issue_11.bz2 test.
-- Steve Langasek <email address hidden> Thu, 02 May 2019 16:22:46 -0700
Available diffs
| Superseded in eoan-proposed |
busybox (1:1.30.1-4ubuntu2) eoan; urgency=medium
* Disable the klibc 'resume' utility, not actually used by
initramfs-tools.
-- Steve Langasek <email address hidden> Thu, 02 May 2019 00:20:30 -0700
Available diffs
- diff from 1:1.30.1-4ubuntu1 to 1:1.30.1-4ubuntu2 (479 bytes)
| Superseded in eoan-proposed |
busybox (1:1.30.1-4ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
* Dropped changes, included in Debian:
- debian/patches/handle-ip-valid_lft.patch: Don't choke on ip addr add
[...] valid_lft [...] preferred_lft.
* Dropped changes, included upstream:
- debian/patches/CVE-2011-5325-2.patch
- debian/patches/CVE-2011-5325-3.patch
- debian/patches/CVE-2011-5325-4.patch
- debian/patches/CVE-2011-5325-5.patch
- debian/patches/CVE-2018-1000517.patch
- debian/patches/CVE-2018-20679.patch
- debian/patches/CVE-2019-5747.patch
* Enable the new klibc utility implementations, nuke, resume, and run-init,
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
busybox (1:1.27.2-2ubuntu7) disco; urgency=medium
* Enable fold in busybox-initramfs, as it appears that
initrmafs-tools-core now uses that variant of busybox, instead of
busybox-static or busybox. Also, potentially cryptsetup dependencies
on busybox-static|busybox are now meaningless. LP: #1822730
-- Dimitri John Ledkov <email address hidden> Thu, 04 Apr 2019 12:50:59 +0100
Available diffs
- diff from 1:1.27.2-2ubuntu6 to 1:1.27.2-2ubuntu7 (636 bytes)
busybox (1:1.21.0-1ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: directory traversal via tar symlink extraction
- debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h,
testsuite/tar.tests.
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
the same way tar/unzip does in archival/cpio.c.
- debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
archival/libarchive/get_header_ar.c.
- CVE-2011-5325
* SECURITY UPDATE: kernel module loading restrictions bypass
- debian/patches/CVE-2014-9645.patch: reject module names with slashes
in modutils/modprobe.c.
- CVE-2014-9645
* SECURITY UPDATE: integer overflow in the DHCP client
- debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed
RFC1035-encoded domain name in networking/udhcp/domain_codec.c.
- debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in
networking/udhcp/domain_codec.c.
- CVE-2016-2147
* SECURITY UPDATE: heap-based buffer overflow in the DHCP client
- debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in
networking/udhcp/common.c, networking/udhcp/dhcpc.c.
- CVE-2016-2148
* SECURITY UPDATE: integer overflow in get_next_block
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
- CVE-2017-15873
* SECURITY UPDATE: code execution in tab autocomplete feature
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- CVE-2017-16544
* SECURITY UPDATE: DoS in unzip operations
- debian/patches/CVE-2015-9261-1.patch: test for a bad archive in
archival/libarchive/decompress_gunzip.c, added test in
testsuite/unzip.tests.
- debian/patches/CVE-2015-9261-2.patch: further fix decompression code
in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests.
- CVE-2015-9261
* SECURITY UPDATE: buffer overflow in wget
- debian/patches/CVE-2018-1000517.patch: check chunk length in
networking/wget.c.
- CVE-2018-1000517
* SECURITY UPDATE: out-of-bounds read in udhcp
- debian/patches/CVE-2018-20679.patch: check that 4-byte options are
indeed 4-byte in networking/udhcp/common.*,
networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
- CVE-2018-20679
* SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
- debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
it is 4 bytes long in networking/udhcp/common.*,
networking/udhcp/dhcpc.c.
- CVE-2019-5747
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 12:49:34 -0400
Available diffs
busybox (1:1.27.2-2ubuntu6) disco; urgency=medium
* debian/patches/handle-ip-valid_lft.patch: Don't choke on ip addr add
[...] valid_lft [...] preferred_lft. Closes LP: #1819747.
-- Steve Langasek <email address hidden> Tue, 12 Mar 2019 15:52:41 -0700
Available diffs
busybox (1:1.22.0-15ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: directory traversal via tar symlink extraction
- debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h,
testsuite/tar.tests.
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks
with "suspicious" targets in archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
include/bb_archive.h, testsuite/tar.tests.
- debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks
the same way tar/unzip does in archival/cpio.c.
- debian/patches/CVE-2011-5325-5.patch: fix symlink creation in
archival/libarchive/get_header_ar.c.
- CVE-2011-5325
* SECURITY UPDATE: integer overflow in the DHCP client
- debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed
RFC1035-encoded domain name in networking/udhcp/domain_codec.c.
- debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in
networking/udhcp/domain_codec.c.
- CVE-2016-2147
* SECURITY UPDATE: heap-based buffer overflow in the DHCP client
- debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in
networking/udhcp/common.c, networking/udhcp/dhcpc.c.
- CVE-2016-2148
* SECURITY UPDATE: integer overflow in get_next_block
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
- CVE-2017-15873
* SECURITY UPDATE: code execution in tab autocomplete feature
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- CVE-2017-16544
* SECURITY UPDATE: DoS in unzip operations
- debian/patches/CVE-2015-9261-1.patch: test for a bad archive in
archival/libarchive/decompress_gunzip.c, added test in
testsuite/unzip.tests.
- debian/patches/CVE-2015-9261-2.patch: further fix decompression code
in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests.
- CVE-2015-9261
* SECURITY UPDATE: buffer overflow in wget
- debian/patches/CVE-2018-1000517.patch: check chunk length in
networking/wget.c.
- CVE-2018-1000517
* SECURITY UPDATE: out-of-bounds read in udhcp
- debian/patches/CVE-2018-20679.patch: check that 4-byte options are
indeed 4-byte in networking/udhcp/common.*,
networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
- CVE-2018-20679
* SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
- debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
it is 4 bytes long in networking/udhcp/common.*,
networking/udhcp/dhcpc.c.
- CVE-2019-5747
* debian/rules: fix nocheck test so test suite gets run during build and
set SKIP_INTERNET_TESTS=y.
-- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 11:51:19 -0500
Available diffs
- diff from 1:1.22.0-15ubuntu1.3 to 1:1.22.0-15ubuntu1.4 (pending)
busybox (1:1.27.2-2ubuntu3.2) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in wget
- debian/patches/CVE-2018-1000517.patch: check chunk length in
networking/wget.c.
- CVE-2018-1000517
* SECURITY UPDATE: out-of-bounds read in udhcp
- debian/patches/CVE-2018-20679.patch: check that 4-byte options are
indeed 4-byte in networking/udhcp/common.*,
networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
- CVE-2018-20679
* SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
- debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
it is 4 bytes long in networking/udhcp/common.*,
networking/udhcp/dhcpc.c.
- CVE-2019-5747
-- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:51:41 -0500
Available diffs
busybox (1:1.27.2-2ubuntu4.1) cosmic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in wget
- debian/patches/CVE-2018-1000517.patch: check chunk length in
networking/wget.c.
- CVE-2018-1000517
* SECURITY UPDATE: out-of-bounds read in udhcp
- debian/patches/CVE-2018-20679.patch: check that 4-byte options are
indeed 4-byte in networking/udhcp/common.*,
networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
- CVE-2018-20679
* SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
- debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
it is 4 bytes long in networking/udhcp/common.*,
networking/udhcp/dhcpc.c.
- CVE-2019-5747
-- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:11:15 -0500
Available diffs
busybox (1:1.27.2-2ubuntu5) disco; urgency=medium
* SECURITY UPDATE: buffer overflow in wget
- debian/patches/CVE-2018-1000517.patch: check chunk length in
networking/wget.c.
- CVE-2018-1000517
* SECURITY UPDATE: out-of-bounds read in udhcp
- debian/patches/CVE-2018-20679.patch: check that 4-byte options are
indeed 4-byte in networking/udhcp/common.*,
networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c.
- CVE-2018-20679
* SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp
- debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure
it is 4 bytes long in networking/udhcp/common.*,
networking/udhcp/dhcpc.c.
- CVE-2019-5747
-- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:11:15 -0500
Available diffs
busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium * Fix symlink handling (LP: #1753572) - debian/patches/CVE-2011-5325-2.patch: re-enable patch. - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. -- Marc Deslauriers <email address hidden> Thu, 17 Jan 2019 13:16:38 -0500
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
busybox (1:1.27.2-2ubuntu4) cosmic; urgency=medium * Fix symlink handling (LP: #1753572) - debian/patches/CVE-2011-5325-2.patch: re-enable patch. - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. -- Marc Deslauriers <email address hidden> Mon, 09 Jul 2018 10:25:24 -0400
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
busybox (1:1.27.2-2ubuntu3) bionic; urgency=medium
* debian/patches/CVE-2011-5325-2.patch: disable patch for now as the
behaviour is relied upon by debootstrap. (LP: #1737662)
-- Marc Deslauriers <email address hidden> Tue, 12 Dec 2017 12:58:01 -0500
Available diffs
- diff from 1:1.27.2-2ubuntu2 to 1:1.27.2-2ubuntu3 (482 bytes)
busybox (1:1.27.2-2ubuntu2) bionic; urgency=medium * Fix missing new config setting for Ubuntu flavors. -- Steve Langasek <email address hidden> Wed, 06 Dec 2017 22:14:46 +0000
Available diffs
| Superseded in bionic-proposed |
busybox (1:1.27.2-2ubuntu1) bionic; urgency=low
* Merge from Debian unstable.
- Fixes problem with linux boot parameters not being copied to
busybox environment, and breaking preseeding. LP: #1736421.
* Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
testsuite/tar.tests.
* Dropped changes, included in Debian:
- readlink-in-slash-bin.patch: move readlink to /bin.
- debian/patches/CVE-2017-15874.patch: add another check to
archival/libarchive/decompress_unlzma.c.
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
Available diffs
busybox (1:1.27.2-1ubuntu4) bionic; urgency=medium
* SECURITY UPDATE: directory traversal via tar symlink extraction
- debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks
unless env variable is set in archival/libarchive/Kbuild.src,
archival/libarchive/data_extract_all.c,
archival/libarchive/unsafe_symlink_target.c, archival/tar.c,
coreutils/link.c, include/bb_archive.h, libbb/copy_file.c,
testsuite/tar.tests.
- CVE-2011-5325
* SECURITY UPDATE: integer overflow in get_next_block
- debian/patches/CVE-2017-15873.patch: fix runCnt overflow in
archival/libarchive/decompress_bunzip2.c.
- CVE-2017-15873
* SECURITY UPDATE: integer underflow in unlzma
- debian/patches/CVE-2017-15874.patch: add another check to
archival/libarchive/decompress_unlzma.c.
- CVE-2017-15874
* SECURITY UPDATE: code execution in tab autocomplete feature
- debian/patches/CVE-2017-16544.patch: check for control characters in
libbb/lineedit.c.
- CVE-2017-16544
-- Marc Deslauriers <email address hidden> Fri, 24 Nov 2017 12:55:21 -0500
Available diffs
busybox (1:1.27.2-1ubuntu3) bionic; urgency=medium * static-sh-alias.patch: port for 1.27.2 to fix the FTBFS. -- Steve Langasek <email address hidden> Thu, 26 Oct 2017 09:24:22 -0700
Available diffs
| Superseded in bionic-proposed |
busybox (1:1.27.2-1ubuntu2) bionic; urgency=medium * Fix up a few missed config reconciliations for busybox-initramfs. -- Steve Langasek <email address hidden> Thu, 26 Oct 2017 14:55:05 +0000
Available diffs
| Superseded in bionic-proposed |
busybox (1:1.27.2-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- readlink-in-slash-bin.patch: move readlink to /bin.
* Refresh busybox-initramfs config to keep it in sync with the featureset
of the other builds.
- FEATURE_USE_TERMIOS dropped upstream.
- FEATURE_STAT_FILESYSTEM enabled.
- disable FDFLUSH.
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Obsolete in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
busybox (1:1.22.0-19ubuntu2) yakkety; urgency=medium
* debian/patches/readlink-in-slash-bin.patch: put readlink in /bin/
like coreutils. Closes LP: #1615021.
-- Steve Langasek <email address hidden> Tue, 23 Aug 2016 12:36:39 -0700
Available diffs
busybox (1:1.22.0-19ubuntu1) yakkety; urgency=low * Merge from Debian unstable (LP: #1599945). Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. (No changes upstream.) - Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. * Add Ubuntu configuration for busybox binaries.
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
busybox (1:1.22.0-15ubuntu1) wily; urgency=low * Merge from Debian unstable (LP: #1486231). Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. (No changes upstream.) - Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication.
Available diffs
busybox (1:1.22.0-9ubuntu2) wily; urgency=medium
* Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else. (LP: #1481733)
* Prefer busybox commands over klibc commands where there is duplication.
-- Andy Whitcroft <email address hidden> Fri, 07 Aug 2015 13:03:51 +0100
Available diffs
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
busybox (1:1.22.0-9ubuntu1) vivid; urgency=low
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Refresh busybox-initramfs config to keep it in sync with the featureset
of the other builds.
- Enable chpasswd in standard and static builds (needed by LXC).
Available diffs
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
busybox (1:1.22.0-8ubuntu1) utopic; urgency=low * Merge from Debian unstable (LP: #1352413). Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. - Enable chpasswd in standard and static builds (needed by LXC).
Available diffs
busybox (1:1.22.0-6ubuntu1) utopic; urgency=medium
* Merge from Debian unstable, remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- Refresh busybox-initramfs config to keep it in sync with the featureset
of the other builds.
- Enable chpasswd in standard and static builds (needed by LXC).
Available diffs
- diff from 1:1.22.0-5ubuntu1 to 1:1.22.0-6ubuntu1 (943 bytes)
| 1 → 50 of 138 results | First • Previous • Next • Last |
