busybox (1:1.30.1-7ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: stack overflow in ash
- debian/patches/CVE-2022-48174.patch: error out on number followed by
another number or variable name in shell/math.c.
- CVE-2022-48174
-- Octavio Galland <octavio.galland@canonical.com> Tue, 13 Aug 2024 10:39:23 -0300
busybox (1:1.30.1-7ubuntu3) jammy; urgency=medium
* Add dirname from coreutils to the initramfs (LP: #1960083)
-- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Fri, 04 Feb 2022 16:10:23 -0600
busybox (1:1.30.1-7ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: invalid free or segfault via gzip data
- debian/patches/CVE-2021-28831.patch: fix DoS if gzip is corrupt in
archival/libarchive/decompress_gunzip.c.
- CVE-2021-28831
* SECURITY UPDATE: OOB read in unlzma
- debian/patches/CVE-2021-42374.patch: fix a case where we could read
before beginning of buffer in archival/libarchive/decompress_unlzma.c,
testsuite/unlzma.tests.
- CVE-2021-42374
* SECURITY UPDATE: multiple security issues in awk
- debian/patches/CVE-2021-423xx-awk.patch: backport awk.c from
busybox 1.34.1.
- CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 24 Nov 2021 14:52:59 -0500
busybox (1:1.30.1-7ubuntu1) jammy; urgency=medium
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- debian/config/pkg/deb
debian/config/pkg/static:
Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch
debian/patches/adjust-testsuite-for-fixed-bunzip2.patch
Cherry-pick upstream fix for the bzip2 test failure
Adjust testsuite expectations.
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- debian/config/pkg/initramfs
debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Enable TLS in initramfs flavour of wget applet, requires openssl
- debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch:
Enable TLS verification with OpenSSL
- SECURITY UPDATE: missing ssl cert validation in wget applet
debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c. (CVE-2018-1000500)
* Dropped changes, included in Debian:
- Fix FTBFS with newer glibc:
debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only
required for kernels < 2.6.23, and no longer builds with glibc in
groovy as the RPC functions are gone.
-- Lukas Märdian <slyon@ubuntu.com> Tue, 16 Nov 2021 12:16:45 +0100
busybox (1:1.30.1-7) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch:
+ busybox: Drop versioned constraint on initramfs-tools in Breaks.
[ Aurelien Jarno ]
* Team upload.
* Disable CONFIG_FEATURE_MOUNT_NFS. This option is to "Support mounting NFS
file systems on Linux < 2.6.23", which are not supported anymore in
Debian. It requires RPC support in glibc, which has just been removed.
-- Aurelien Jarno <aurel32@debian.org> Sun, 22 Aug 2021 16:39:45 +0200
busybox (1:1.30.1-6ubuntu3) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:09:51 +0200
busybox (1:1.30.1-6ubuntu2) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:15 +0100
busybox (1:1.30.1-6ubuntu1) hirsute; urgency=medium
* Merge from Debian unstable. Remaining changes:
- [udeb] Enable chvt, killall, losetup, od, and stat.
- test-bin.patch: Move test and friends to /bin.
- static-sh-alias.patch: Add static-sh alias name for ash, and install
/bin/static-sh symlink to busybox in busybox-static.
- Add busybox-initramfs.
- debian/config/pkg/deb
debian/config/pkg/static:
Enable chpasswd in standard and static builds (needed by LXC).
- Move zz-busybox to busybox-initramfs to ensure we get links to all
the tools we need, stop shipping it anywhere else.
- Prefer busybox commands over klibc commands where there is duplication.
- Add Ubuntu configuration for busybox binaries.
- Enable the new klibc utility implementations, nuke and run-init
in the initramfs package; and also enable reboot. Doesn't yet make
klibc-utils irrelevant - we still use ipconfig, fstype, and nfsmount
- but it moves us much closer and should save a little bit of disk
space.
- debian/patches/58d998d2f927c20f2ba728611df587ac8ec8bda9.patch
debian/patches/adjust-testsuite-for-fixed-bunzip2.patch
Cherry-pick upstream fix for the bzip2 test failure
Adjust testsuite expectations.
- debian/config/pkg/initramfs: Enable the date applet with the same
options as the other variants for use in fixrtc and casper scripts.
- debian/config/pkg/initramfs
debian/tree/busybox/usr/share/initramfs-tools/hooks/zz-busybox:
Enable TLS in initramfs flavour of wget applet, requires openssl
- debian/patches/45fa3f18adf57ef9d743038743d9c90573aeeb91.patch:
Enable TLS verification with OpenSSL
- SECURITY UPDATE: missing ssl cert validation in wget applet
debian/patches/CVE-2018-1000500-2.patch: fix openssl options for cert
verification in networking/wget.c. (CVE-2018-1000500)
- Fix FTBFS with newer glibc:
debian/config/pkg/*: disable CONFIG_FEATURE_MOUNT_NFS. This is only
required for kernels < 2.6.23, and no longer builds with glibc in
groovy as the RPC functions are gone.
* Dropped changes, included in Debian:
debian/patches/stime-is-clock_settime.patch: stime is obsolete, use
clock_settime instead.
-- Balint Reczey <rbalint@ubuntu.com> Mon, 09 Nov 2020 11:59:42 +0100
busybox (1:1.30.1-6) unstable; urgency=medium
[ Aurelien Jarno ]
* Team upload.
* cherry-pick settimeofday for glibc v2.31+ compatibility fix for upstream.
Closes: #966074.
-- Aurelien Jarno <aurel32@debian.org> Sun, 16 Aug 2020 12:17:38 +0200
busybox (1:1.30.1-5) unstable; urgency=medium
[ Aurelien Jarno ]
* Team upload.
* cherry-pick glibc 2.31 compatibility fix from upstream. Closes: #955368.
-- Aurelien Jarno <aurel32@debian.org> Mon, 13 Jul 2020 22:15:51 +0200
# For older changelog entries, run 'apt-get changelog busybox-initramfs'
Generated by dwww version 1.14 on Sun Feb 2 13:39:57 CET 2025.