Change log for busybox package in Ubuntu
1 → 50 of 138 results | First • Previous • Next • Last |
Published in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
busybox (1:1.36.1-3ubuntu1) mantic; urgency=medium * Refresh d/config/pkg/initramfs for new upstream version. New values based on 'deb' config. * Drop delta to the udeb config * Merge from Debian unstable. Remaining changes: - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - debian/config/pkg/deb debian/config/pkg/static: Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. - Enable the new klibc utility implementations, nuke and run-init in the initramfs package; and also enable reboot. Doesn't yet make klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount - but it moves us much closer and should save a little bit of disk space. - debian/config/pkg/initramfs: Enable the date applet with the same options as the other variants for use in fixrtc and casper scripts. - debian/config/pkg/initramfs debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox: Enable TLS in initramfs flavour of wget applet, requires openssl - Add dirname from coreutils to the initramfs -- Dan Bungert <email address hidden> Wed, 05 Jul 2023 18:03:13 -0600
Available diffs
- diff from 1:1.35.0-4ubuntu1 to 1:1.36.1-3ubuntu1 (104.0 KiB)
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
busybox (1:1.35.0-4ubuntu1) lunar; urgency=low * Merge from Debian unstable. Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - debian/config/pkg/deb debian/config/pkg/static: Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. - Enable the new klibc utility implementations, nuke and run-init in the initramfs package; and also enable reboot. Doesn't yet make klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount - but it moves us much closer and should save a little bit of disk space. - debian/config/pkg/initramfs: Enable the date applet with the same options as the other variants for use in fixrtc and casper scripts. - debian/config/pkg/initramfs debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox: Enable TLS in initramfs flavour of wget applet, requires openssl - Add dirname from coreutils to the initramfs -- William 'jawn-smith' Wilson <email address hidden> Fri, 23 Nov 2022 15:44:44 +0000
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
busybox (1:1.35.0-1ubuntu1) kinetic; urgency=low * Merge from Debian unstable. Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - debian/config/pkg/deb debian/config/pkg/static: Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. - Enable the new klibc utility implementations, nuke and run-init in the initramfs package; and also enable reboot. Doesn't yet make klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount - but it moves us much closer and should save a little bit of disk space. - debian/config/pkg/initramfs: Enable the date applet with the same options as the other variants for use in fixrtc and casper scripts. - debian/config/pkg/initramfs debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox: Enable TLS in initramfs flavour of wget applet, requires openssl - Add dirname from coreutils to the initramfs * Dropped changes, included in Debian: - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in archival/libarchive/decompress_gunzip.c. - debian/patches/CVE-2021-42374.patch: fix a case where we could read before beginning of buffer in archival/libarchive/decompress_unlzma.c, testsuite/unlzma.tests. - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from busybox 1.34.1. - debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch - debian/patches/adjust-testsuite-for-fixed-bunzip2.patch - debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch - debian/patches/CVE-2018-1000500-2.patch -- William 'jawn-smith' Wilson <email address hidden> Thu, 18 Aug 2022 13:27:21 -0500
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
busybox (1:1.30.1-7ubuntu3) jammy; urgency=medium * Add dirname from coreutils to the initramfs (LP: #1960083) -- William 'jawn-smith' Wilson <email address hidden> Fri, 04 Feb 2022 16:10:23 -0600
Available diffs
- diff from 1:1.30.1-7ubuntu2 to 1:1.30.1-7ubuntu3 (518 bytes)
busybox (1:1.27.2-2ubuntu3.4) bionic-security; urgency=medium * SECURITY UPDATE: invalid free or segfault via gzip data - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in archival/libarchive/decompress_gunzip.c. - CVE-2021-28831 * SECURITY UPDATE: OOB read in unlzma - debian/patches/CVE-2021-42374.patch: fix a case where we could read before beginning of buffer in archival/libarchive/decompress_unlzma.c. - CVE-2021-42374 * SECURITY UPDATE: multiple security issues in awk - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from busybox 1.34.1. - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 -- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:05:22 -0500
Available diffs
busybox (1:1.30.1-4ubuntu6.4) focal-security; urgency=medium * SECURITY UPDATE: invalid free or segfault via gzip data - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in archival/libarchive/decompress_gunzip.c. - CVE-2021-28831 * SECURITY UPDATE: OOB read in unlzma - debian/patches/CVE-2021-42374.patch: fix a case where we could read before beginning of buffer in archival/libarchive/decompress_unlzma.c, testsuite/unlzma.tests. - CVE-2021-42374 * SECURITY UPDATE: multiple security issues in awk - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from busybox 1.34.1. - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 -- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:02:55 -0500
Available diffs
busybox (1:1.30.1-6ubuntu2.1) hirsute-security; urgency=medium * SECURITY UPDATE: invalid free or segfault via gzip data - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in archival/libarchive/decompress_gunzip.c. - CVE-2021-28831 * SECURITY UPDATE: OOB read in unlzma - debian/patches/CVE-2021-42374.patch: fix a case where we could read before beginning of buffer in archival/libarchive/decompress_unlzma.c, testsuite/unlzma.tests. - CVE-2021-42374 * SECURITY UPDATE: multiple security issues in awk - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from busybox 1.34.1. - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 -- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:02:16 -0500
Available diffs
busybox (1:1.30.1-6ubuntu3.1) impish-security; urgency=medium * SECURITY UPDATE: invalid free or segfault via gzip data - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in archival/libarchive/decompress_gunzip.c. - CVE-2021-28831 * SECURITY UPDATE: OOB read in unlzma - debian/patches/CVE-2021-42374.patch: fix a case where we could read before beginning of buffer in archival/libarchive/decompress_unlzma.c, testsuite/unlzma.tests. - CVE-2021-42374 * SECURITY UPDATE: multiple security issues in awk - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from busybox 1.34.1. - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 -- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:01:36 -0500
Available diffs
busybox (1:1.30.1-7ubuntu2) jammy; urgency=medium * SECURITY UPDATE: invalid free or segfault via gzip data - debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in archival/libarchive/decompress_gunzip.c. - CVE-2021-28831 * SECURITY UPDATE: OOB read in unlzma - debian/patches/CVE-2021-42374.patch: fix a case where we could read before beginning of buffer in archival/libarchive/decompress_unlzma.c, testsuite/unlzma.tests. - CVE-2021-42374 * SECURITY UPDATE: multiple security issues in awk - debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from busybox 1.34.1. - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 -- Marc Deslauriers <email address hidden> Wed, 24 Nov 2021 14:52:59 -0500
Available diffs
busybox (1:1.30.1-7ubuntu1) jammy; urgency=medium * Merge from Debian unstable. Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - debian/config/pkg/deb debian/config/pkg/static: Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. - Enable the new klibc utility implementations, nuke and run-init in the initramfs package; and also enable reboot. Doesn't yet make klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount - but it moves us much closer and should save a little bit of disk space. - debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch debian/patches/adjust-testsuite-for-fixed-bunzip2.patch Cherry-pick upstream fix for the bzip2 test failure Adjust testsuite expectations. - debian/config/pkg/initramfs: Enable the date applet with the same options as the other variants for use in fixrtc and casper scripts. - debian/config/pkg/initramfs debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox: Enable TLS in initramfs flavour of wget applet, requires openssl - debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch: Enable TLS verification with OpenSSL - SECURITY UPDATE: missing ssl cert validation in wget applet debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert verification in networking/wget.c. (CVE-2018-1000500) * Dropped changes, included in Debian: - Fix FTBFS with newer glibc: debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only required for kernels < 2.6.23, and no longer builds with glibc in groovy as the RPC functions are gone.
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
busybox (1:1.30.1-6ubuntu3) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:09:51 +0200
Available diffs
- diff from 1:1.30.1-6ubuntu2 to 1:1.30.1-6ubuntu3 (335 bytes)
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
busybox (1:1.30.1-6ubuntu2) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:30:15 +0100
Available diffs
- diff from 1:1.30.1-6ubuntu1 to 1:1.30.1-6ubuntu2 (341 bytes)
busybox (1:1.30.1-4ubuntu6.3) focal; urgency=medium * cherry-pick settimeofday for glibc v2.31+ compatibility fix for upstream (LP: #1888543) -- Balint Reczey <email address hidden> Wed, 11 Nov 2020 13:15:02 +0100
Available diffs
busybox (1:1.30.1-4ubuntu9.1) groovy; urgency=medium * cherry-pick settimeofday for glibc v2.31+ compatibility fix for upstream (LP: #1888543) -- Balint Reczey <email address hidden> Mon, 09 Nov 2020 15:55:05 +0100
Available diffs
busybox (1:1.30.1-6ubuntu1) hirsute; urgency=medium * Merge from Debian unstable. Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - debian/config/pkg/deb debian/config/pkg/static: Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. - Enable the new klibc utility implementations, nuke and run-init in the initramfs package; and also enable reboot. Doesn't yet make klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount - but it moves us much closer and should save a little bit of disk space. - debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch debian/patches/adjust-testsuite-for-fixed-bunzip2.patch Cherry-pick upstream fix for the bzip2 test failure Adjust testsuite expectations. - debian/config/pkg/initramfs: Enable the date applet with the same options as the other variants for use in fixrtc and casper scripts. - debian/config/pkg/initramfs debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox: Enable TLS in initramfs flavour of wget applet, requires openssl - debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch: Enable TLS verification with OpenSSL - SECURITY UPDATE: missing ssl cert validation in wget applet debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert verification in networking/wget.c. (CVE-2018-1000500) - Fix FTBFS with newer glibc: debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only required for kernels < 2.6.23, and no longer builds with glibc in groovy as the RPC functions are gone. * Dropped changes, included in Debian: debian/patches/stime-is-clock_settime.patch: stime is obsolete, use clock_settime instead.
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
busybox (1:1.30.1-4ubuntu9) groovy; urgency=medium * SECURITY UPDATE: missing ssl cert validation in wget applet - debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert verification in networking/wget.c. - CVE-2018-1000500 * Fix FTBFS with newer glibc: - debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only required for kernels < 2.6.23, and no longer builds with glibc in groovy as the RPC functions are gone. -- Marc Deslauriers <email address hidden> Tue, 22 Sep 2020 08:22:17 -0400
Available diffs
busybox (1:1.27.2-2ubuntu3.3) bionic-security; urgency=medium * SECURITY UPDATE: missing ssl cert validation in wget applet - debian/patches/CVE-2018-1000500-pre1.patch: emit a message that certificate verification is not implemented in networking/wget.c. - debian/patches/CVE-2018-1000500-pre2.patch: print warning only once in networking/wget.c. - debian/patches/CVE-2018-1000500-1.patch: implement TLS verification with ENABLE_FEATURE_WGET_OPENSSL in networking/wget.c. - debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert verification in networking/wget.c. - CVE-2018-1000500 -- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 10:26:16 -0400
Available diffs
busybox (1:1.30.1-4ubuntu6.2) focal-security; urgency=medium * SECURITY UPDATE: missing ssl cert validation in wget applet - debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert verification in networking/wget.c. - CVE-2018-1000500 -- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 09:47:43 -0400
Available diffs
busybox (1:1.30.1-4ubuntu8) groovy; urgency=medium * Enable TLS verification with OpenSSL. LP: #1879533
Available diffs
Superseded in groovy-proposed |
busybox (1:1.30.1-4ubuntu7) groovy; urgency=medium * Enable TLS in initramfs flavour of wget applet, requires openssl. LP: #1879525 -- Dimitri John Ledkov <email address hidden> Tue, 19 May 2020 16:16:23 +0100
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
busybox (1:1.30.1-4ubuntu6) focal; urgency=medium * debian/patches/stime-is-clock_settime.patch: stime is obsolete, use clock_settime instead. -- Steve Langasek <email address hidden> Mon, 30 Mar 2020 15:37:00 +0000
Available diffs
busybox (1:1.30.1-4ubuntu5) focal; urgency=medium * debian/config/pkg/initramfs: Enable the date applet with the same options as the other variants for use in fixrtc and casper scripts. -- Adam Conrad <email address hidden> Mon, 04 Nov 2019 09:35:27 -0700
Available diffs
- diff from 1:1.30.1-4ubuntu4 to 1:1.30.1-4ubuntu5 (607 bytes)
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
busybox (1:1.30.1-4ubuntu4) eoan; urgency=medium * Revert previous upload, cherrypick upstream fix for the issue. LP: #1828282 * Adjust testsuite expectations. -- Dimitri John Ledkov <email address hidden> Thu, 23 May 2019 14:37:05 +0100
Available diffs
busybox (1:1.30.1-4ubuntu3) eoan; urgency=medium * debian/patches/skip-failing-bzip2-test.patch: Ignore failure of bz2_issue_11.bz2 test. -- Steve Langasek <email address hidden> Thu, 02 May 2019 16:22:46 -0700
Available diffs
Superseded in eoan-proposed |
busybox (1:1.30.1-4ubuntu2) eoan; urgency=medium * Disable the klibc 'resume' utility, not actually used by initramfs-tools. -- Steve Langasek <email address hidden> Thu, 02 May 2019 00:20:30 -0700
Available diffs
- diff from 1:1.30.1-4ubuntu1 to 1:1.30.1-4ubuntu2 (479 bytes)
Superseded in eoan-proposed |
busybox (1:1.30.1-4ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. * Dropped changes, included in Debian: - debian/patches/handle-ip-valid_lft.patch: Don't choke on ip addr add [...] valid_lft [...] preferred_lft. * Dropped changes, included upstream: - debian/patches/CVE-2011-5325-2.patch - debian/patches/CVE-2011-5325-3.patch - debian/patches/CVE-2011-5325-4.patch - debian/patches/CVE-2011-5325-5.patch - debian/patches/CVE-2018-1000517.patch - debian/patches/CVE-2018-20679.patch - debian/patches/CVE-2019-5747.patch * Enable the new klibc utility implementations, nuke, resume, and run-init, in the initramfs package; and also enable reboot. Doesn't yet make klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount - but it moves us much closer and should save a little bit of disk space.
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
busybox (1:1.27.2-2ubuntu7) disco; urgency=medium * Enable fold in busybox-initramfs, as it appears that initrmafs-tools-core now uses that variant of busybox, instead of busybox-static or busybox. Also, potentially cryptsetup dependencies on busybox-static|busybox are now meaningless. LP: #1822730 -- Dimitri John Ledkov <email address hidden> Thu, 04 Apr 2019 12:50:59 +0100
Available diffs
- diff from 1:1.27.2-2ubuntu6 to 1:1.27.2-2ubuntu7 (636 bytes)
busybox (1:1.21.0-1ubuntu1.4) trusty-security; urgency=medium * SECURITY UPDATE: directory traversal via tar symlink extraction - debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks unless env variable is set in archival/libarchive/Kbuild.src, archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests. - debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. - CVE-2011-5325 * SECURITY UPDATE: kernel module loading restrictions bypass - debian/patches/CVE-2014-9645.patch: reject module names with slashes in modutils/modprobe.c. - CVE-2014-9645 * SECURITY UPDATE: integer overflow in the DHCP client - debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed RFC1035-encoded domain name in networking/udhcp/domain_codec.c. - debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in networking/udhcp/domain_codec.c. - CVE-2016-2147 * SECURITY UPDATE: heap-based buffer overflow in the DHCP client - debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in networking/udhcp/common.c, networking/udhcp/dhcpc.c. - CVE-2016-2148 * SECURITY UPDATE: integer overflow in get_next_block - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in archival/libarchive/decompress_bunzip2.c. - CVE-2017-15873 * SECURITY UPDATE: code execution in tab autocomplete feature - debian/patches/CVE-2017-16544.patch: check for control characters in libbb/lineedit.c. - CVE-2017-16544 * SECURITY UPDATE: DoS in unzip operations - debian/patches/CVE-2015-9261-1.patch: test for a bad archive in archival/libarchive/decompress_gunzip.c, added test in testsuite/unzip.tests. - debian/patches/CVE-2015-9261-2.patch: further fix decompression code in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests. - CVE-2015-9261 * SECURITY UPDATE: buffer overflow in wget - debian/patches/CVE-2018-1000517.patch: check chunk length in networking/wget.c. - CVE-2018-1000517 * SECURITY UPDATE: out-of-bounds read in udhcp - debian/patches/CVE-2018-20679.patch: check that 4-byte options are indeed 4-byte in networking/udhcp/common.*, networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c. - CVE-2018-20679 * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure it is 4 bytes long in networking/udhcp/common.*, networking/udhcp/dhcpc.c. - CVE-2019-5747 -- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 12:49:34 -0400
Available diffs
busybox (1:1.27.2-2ubuntu6) disco; urgency=medium * debian/patches/handle-ip-valid_lft.patch: Don't choke on ip addr add [...] valid_lft [...] preferred_lft. Closes LP: #1819747. -- Steve Langasek <email address hidden> Tue, 12 Mar 2019 15:52:41 -0700
Available diffs
busybox (1:1.22.0-15ubuntu1.4) xenial-security; urgency=medium * SECURITY UPDATE: directory traversal via tar symlink extraction - debian/patches/CVE-2011-5325-1.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/tar.c, archival/tar_symlink_attack, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks unless env variable is set in archival/libarchive/Kbuild.src, archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests. - debian/patches/CVE-2011-5325-3.patch: postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. - CVE-2011-5325 * SECURITY UPDATE: integer overflow in the DHCP client - debian/patches/CVE-2016-2147-1.patch: fix a SEGV on malformed RFC1035-encoded domain name in networking/udhcp/domain_codec.c. - debian/patches/CVE-2016-2147-2.patch: fix a warning in debug code in networking/udhcp/domain_codec.c. - CVE-2016-2147 * SECURITY UPDATE: heap-based buffer overflow in the DHCP client - debian/patches/CVE-2016-2148.patch: fix OPTION_6RD parsing in networking/udhcp/common.c, networking/udhcp/dhcpc.c. - CVE-2016-2148 * SECURITY UPDATE: integer overflow in get_next_block - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in archival/libarchive/decompress_bunzip2.c. - CVE-2017-15873 * SECURITY UPDATE: code execution in tab autocomplete feature - debian/patches/CVE-2017-16544.patch: check for control characters in libbb/lineedit.c. - CVE-2017-16544 * SECURITY UPDATE: DoS in unzip operations - debian/patches/CVE-2015-9261-1.patch: test for a bad archive in archival/libarchive/decompress_gunzip.c, added test in testsuite/unzip.tests. - debian/patches/CVE-2015-9261-2.patch: further fix decompression code in archival/libarchive/decompress_gunzip.c, testsuite/unzip.tests. - CVE-2015-9261 * SECURITY UPDATE: buffer overflow in wget - debian/patches/CVE-2018-1000517.patch: check chunk length in networking/wget.c. - CVE-2018-1000517 * SECURITY UPDATE: out-of-bounds read in udhcp - debian/patches/CVE-2018-20679.patch: check that 4-byte options are indeed 4-byte in networking/udhcp/common.*, networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c. - CVE-2018-20679 * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure it is 4 bytes long in networking/udhcp/common.*, networking/udhcp/dhcpc.c. - CVE-2019-5747 * debian/rules: fix nocheck test so test suite gets run during build and set SKIP_INTERNET_TESTS=y. -- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 11:51:19 -0500
Available diffs
- diff from 1:1.22.0-15ubuntu1.3 to 1:1.22.0-15ubuntu1.4 (pending)
busybox (1:1.27.2-2ubuntu3.2) bionic-security; urgency=medium * SECURITY UPDATE: buffer overflow in wget - debian/patches/CVE-2018-1000517.patch: check chunk length in networking/wget.c. - CVE-2018-1000517 * SECURITY UPDATE: out-of-bounds read in udhcp - debian/patches/CVE-2018-20679.patch: check that 4-byte options are indeed 4-byte in networking/udhcp/common.*, networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c. - CVE-2018-20679 * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure it is 4 bytes long in networking/udhcp/common.*, networking/udhcp/dhcpc.c. - CVE-2019-5747 -- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:51:41 -0500
Available diffs
busybox (1:1.27.2-2ubuntu4.1) cosmic-security; urgency=medium * SECURITY UPDATE: buffer overflow in wget - debian/patches/CVE-2018-1000517.patch: check chunk length in networking/wget.c. - CVE-2018-1000517 * SECURITY UPDATE: out-of-bounds read in udhcp - debian/patches/CVE-2018-20679.patch: check that 4-byte options are indeed 4-byte in networking/udhcp/common.*, networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c. - CVE-2018-20679 * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure it is 4 bytes long in networking/udhcp/common.*, networking/udhcp/dhcpc.c. - CVE-2019-5747 -- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:11:15 -0500
Available diffs
busybox (1:1.27.2-2ubuntu5) disco; urgency=medium * SECURITY UPDATE: buffer overflow in wget - debian/patches/CVE-2018-1000517.patch: check chunk length in networking/wget.c. - CVE-2018-1000517 * SECURITY UPDATE: out-of-bounds read in udhcp - debian/patches/CVE-2018-20679.patch: check that 4-byte options are indeed 4-byte in networking/udhcp/common.*, networking/udhcp/dhcpc.c, networking/udhcp/dhcpd.c. - CVE-2018-20679 * SECURITY UPDATE: incomplete fix for out-of-bounds read in udhcp - debian/patches/CVE-2019-5747.patch: when decoding DHCP_SUBNET, ensure it is 4 bytes long in networking/udhcp/common.*, networking/udhcp/dhcpc.c. - CVE-2019-5747 -- Marc Deslauriers <email address hidden> Wed, 06 Mar 2019 15:11:15 -0500
Available diffs
busybox (1:1.27.2-2ubuntu3.1) bionic; urgency=medium * Fix symlink handling (LP: #1753572) - debian/patches/CVE-2011-5325-2.patch: re-enable patch. - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. -- Marc Deslauriers <email address hidden> Thu, 17 Jan 2019 13:16:38 -0500
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
busybox (1:1.27.2-2ubuntu4) cosmic; urgency=medium * Fix symlink handling (LP: #1753572) - debian/patches/CVE-2011-5325-2.patch: re-enable patch. - debian/patches/CVE-2011-5325-3.patch:postpone creation of symlinks with "suspicious" targets in archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, include/bb_archive.h, testsuite/tar.tests. - debian/patches/CVE-2011-5325-4.patch: extract "unsafe" symlinks the same way tar/unzip does in archival/cpio.c. - debian/patches/CVE-2011-5325-5.patch: fix symlink creation in archival/libarchive/get_header_ar.c. -- Marc Deslauriers <email address hidden> Mon, 09 Jul 2018 10:25:24 -0400
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
busybox (1:1.27.2-2ubuntu3) bionic; urgency=medium * debian/patches/CVE-2011-5325-2.patch: disable patch for now as the behaviour is relied upon by debootstrap. (LP: #1737662) -- Marc Deslauriers <email address hidden> Tue, 12 Dec 2017 12:58:01 -0500
Available diffs
- diff from 1:1.27.2-2ubuntu2 to 1:1.27.2-2ubuntu3 (482 bytes)
busybox (1:1.27.2-2ubuntu2) bionic; urgency=medium * Fix missing new config setting for Ubuntu flavors. -- Steve Langasek <email address hidden> Wed, 06 Dec 2017 22:14:46 +0000
Available diffs
Superseded in bionic-proposed |
busybox (1:1.27.2-2ubuntu1) bionic; urgency=low * Merge from Debian unstable. - Fixes problem with linux boot parameters not being copied to busybox environment, and breaking preseeding. LP: #1736421. * Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks unless env variable is set in archival/libarchive/Kbuild.src, archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, coreutils/link.c, include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests. * Dropped changes, included in Debian: - readlink-in-slash-bin.patch: move readlink to /bin. - debian/patches/CVE-2017-15874.patch: add another check to archival/libarchive/decompress_unlzma.c. - debian/patches/CVE-2017-16544.patch: check for control characters in libbb/lineedit.c. - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in archival/libarchive/decompress_bunzip2.c.
Available diffs
busybox (1:1.27.2-1ubuntu4) bionic; urgency=medium * SECURITY UPDATE: directory traversal via tar symlink extraction - debian/patches/CVE-2011-5325-2.patch: do not extract unsafe symlinks unless env variable is set in archival/libarchive/Kbuild.src, archival/libarchive/data_extract_all.c, archival/libarchive/unsafe_symlink_target.c, archival/tar.c, coreutils/link.c, include/bb_archive.h, libbb/copy_file.c, testsuite/tar.tests. - CVE-2011-5325 * SECURITY UPDATE: integer overflow in get_next_block - debian/patches/CVE-2017-15873.patch: fix runCnt overflow in archival/libarchive/decompress_bunzip2.c. - CVE-2017-15873 * SECURITY UPDATE: integer underflow in unlzma - debian/patches/CVE-2017-15874.patch: add another check to archival/libarchive/decompress_unlzma.c. - CVE-2017-15874 * SECURITY UPDATE: code execution in tab autocomplete feature - debian/patches/CVE-2017-16544.patch: check for control characters in libbb/lineedit.c. - CVE-2017-16544 -- Marc Deslauriers <email address hidden> Fri, 24 Nov 2017 12:55:21 -0500
Available diffs
busybox (1:1.27.2-1ubuntu3) bionic; urgency=medium * static-sh-alias.patch: port for 1.27.2 to fix the FTBFS. -- Steve Langasek <email address hidden> Thu, 26 Oct 2017 09:24:22 -0700
Available diffs
Superseded in bionic-proposed |
busybox (1:1.27.2-1ubuntu2) bionic; urgency=medium * Fix up a few missed config reconciliations for busybox-initramfs. -- Steve Langasek <email address hidden> Thu, 26 Oct 2017 14:55:05 +0000
Available diffs
Superseded in bionic-proposed |
busybox (1:1.27.2-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. - Add Ubuntu configuration for busybox binaries. - readlink-in-slash-bin.patch: move readlink to /bin. * Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. - FEATURE_USE_TERMIOS dropped upstream. - FEATURE_STAT_FILESYSTEM enabled. - disable FDFLUSH.
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Obsolete in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
busybox (1:1.22.0-19ubuntu2) yakkety; urgency=medium * debian/patches/readlink-in-slash-bin.patch: put readlink in /bin/ like coreutils. Closes LP: #1615021. -- Steve Langasek <email address hidden> Tue, 23 Aug 2016 12:36:39 -0700
Available diffs
busybox (1:1.22.0-19ubuntu1) yakkety; urgency=low * Merge from Debian unstable (LP: #1599945). Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. (No changes upstream.) - Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication. * Add Ubuntu configuration for busybox binaries.
Available diffs
Superseded in yakkety-release |
Published in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
busybox (1:1.22.0-15ubuntu1) wily; urgency=low * Merge from Debian unstable (LP: #1486231). Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. (No changes upstream.) - Enable chpasswd in standard and static builds (needed by LXC). - Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. - Prefer busybox commands over klibc commands where there is duplication.
Available diffs
busybox (1:1.22.0-9ubuntu2) wily; urgency=medium * Move zz-busybox to busybox-initramfs to ensure we get links to all the tools we need, stop shipping it anywhere else. (LP: #1481733) * Prefer busybox commands over klibc commands where there is duplication. -- Andy Whitcroft <email address hidden> Fri, 07 Aug 2015 13:03:51 +0100
Available diffs
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
busybox (1:1.22.0-9ubuntu1) vivid; urgency=low * Merge from Debian unstable. Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. - Enable chpasswd in standard and static builds (needed by LXC).
Available diffs
Superseded in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
busybox (1:1.22.0-8ubuntu1) utopic; urgency=low * Merge from Debian unstable (LP: #1352413). Remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. - Enable chpasswd in standard and static builds (needed by LXC).
Available diffs
busybox (1:1.22.0-6ubuntu1) utopic; urgency=medium * Merge from Debian unstable, remaining changes: - [udeb] Enable chvt, killall, losetup, od, and stat. - test-bin.patch: Move test and friends to /bin. - static-sh-alias.patch: Add static-sh alias name for ash, and install /bin/static-sh symlink to busybox in busybox-static. - Add busybox-initramfs. - Refresh busybox-initramfs config to keep it in sync with the featureset of the other builds. - Enable chpasswd in standard and static builds (needed by LXC).
Available diffs
- diff from 1:1.22.0-5ubuntu1 to 1:1.22.0-6ubuntu1 (943 bytes)
1 → 50 of 138 results | First • Previous • Next • Last |