The EXTRACT_UNSAFE_SYMLINKS variable was backed out in busybox 1.28.2 by the following commit:
https://git.busybox.net/busybox/commit/?h=1_28_stable&id=37277a23fe48b13313f5d96084d890ed21d5fd8b Two new commits were added to later 1.28 releases to fix more symlink issues: https://git.busybox.net/busybox/commit/?id=d9503224c8a93a30b0c8627084b2744d3ee6f403 https://git.busybox.net/busybox/commit/?id=dd56921e2d404c8fc9484290a36411a13d14df1a -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1753572 Title: cpio in Busybox 1.27 ingnores "unsafe links" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/1753572/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs