dropbear (2024.86-1) unstable; urgency=medium * New upstream bugfix release. * d/README.initramfs: Account for compressed kernel modules in module listing command. * Remove d/*.patch applied upstream. * d/t/control: Add "Depends: python3-asyncssh" to upstream-tests. * d/t/upstream-tests: convert ECDSA key to openssh format so that asyncssh can find it. -- Guilhem Moulin Wed, 23 Oct 2024 17:29:07 +0200 dropbear (2024.85-3) unstable; urgency=medium * DEP-8: Mark remote-unlocking as flaky. To be re-evaluated if/when the test runs on environment where KVM is available. (Closes: #1072947) * d/t/remote-unlocking: Also install systemd-cryptsetup in the guest. This is needed to unlock the swap device at boot time (not at initramfs stage). -- Guilhem Moulin Tue, 09 Jul 2024 12:07:08 +0200 dropbear (2024.85-2) unstable; urgency=medium * DEP-8: Mark upstream-tests as flaky. (Closes: #1072369) -- Guilhem Moulin Mon, 03 Jun 2024 00:24:16 +0200 dropbear (2024.85-1) unstable; urgency=medium * New upstream bugfix release. * Update Standards-Version to 4.7.0 (no changes necessary). -- Guilhem Moulin Fri, 26 Apr 2024 12:04:25 +0200 dropbear (2024.84-1) unstable; urgency=medium * New upstream bugfix release. * Remove legacy maintscripts. * Refresh d/patches and remove those applied upstream. * Update d/copyright, d/*.docs and d/s/lintian-overrides to reflect the new upstream layout. * d/control: Demote Depends: sysvinit-utils to Suggests and drop lsb-base alternative. * d/t/upstream-tests: Create ~/.ssh/authorized_keys with mode 0600 as dropbear now checks its permissions. -- Guilhem Moulin Thu, 04 Apr 2024 17:18:48 +0200 dropbear (2022.83-4) unstable; urgency=medium * Fix CVE-2023-48795: (terrapin attack): The SSH transport protocol with certain OpenSSH extensions allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. (Closes: #1059001) -- Guilhem Moulin Thu, 25 Jan 2024 02:08:38 +0100 dropbear (2022.83-3) unstable; urgency=medium * d/control: Drop dropbear-run binary package. (Closes: #1038256) * initramfs hook: Reuse ~root if set up in $DESTDIR. (Closes: #1056274) * Refresh d/patches. * Cherry-pick upstream commit to remove more files in distclean. (Closes: #1044936) -- Guilhem Moulin Tue, 21 Nov 2023 12:24:46 +0100 dropbear (2022.83-2) unstable; urgency=medium * d/.gitattribute: New file for proper merging of d/changelog. * Update standards version to 4.6.2, no changes needed. * d/u/metadata: Replace hg.ucc.asn.au repo with GitHub. https://hg.ucc.asn.au/dropbear has not been updated since 2022.82 and the homepage doesn't advertize it anymore. * d/control: dropbear: Replace ‘Depends: lsb-base (>= 3.0-6)’ with ‘sysvinit-utils (>= 3.05-4~) | lsb-base (>= 3.0-6)’. -- Guilhem Moulin Sat, 10 Jun 2023 22:56:47 +0200 dropbear (2022.83-1) unstable; urgency=medium * New upstream release 2022.83. Support for ssh-dss (DSA) host and user keys is disabled by default at compile-time. Such keys are considered insecure as they are only 1024 bits long and use the SHA-1 digest algorithm. Note that OpenSSH disables support for such keys at run-time since 7.0/7.0p1. * Reflect ssh-dss deprecation in maintscripts and NEWS file. * d/t/remote-unlocking: Use 2 vCPUs. -- Guilhem Moulin Mon, 14 Nov 2022 22:16:35 +0100 dropbear (2022.82-4.1) unstable; urgency=medium * Non-maintainer upload. * No source change upload to rebuild with debhelper 13.10. -- Michael Biebl Sat, 15 Oct 2022 12:01:59 +0200 dropbear (2022.82-4) unstable; urgency=medium [ Guilhem Moulin ] * d/rules: Inspect DEB_BUILD_* with $(filter ,) not $(findstring ,). * Salsa CI: Remove default configuration file. * Update standards version to 4.6.1, no changes needed. * d/t/remote-unlocking: Mask systemd-firstboot.service to fix debci with systemd 251.5-1. * d/copyright: typofix. * Refresh lintian overrides to accommodate lintian v2.115. [ Steve Langasek ] * DEP-8: Call mkdir with -p to fix autopkgtest on Ubuntu. (Closes: #1017876) -- Guilhem Moulin Wed, 05 Oct 2022 20:20:13 +0200 dropbear (2022.82-3) unstable; urgency=low * d/t/upstream-tests: Set DBTEST_IN_ACTION=true so we don't skip test_svrauth.py. * d/t/upstream-tests: Guard against direct use. * d/dropbear.preinst: Also migrate *unmodified* /etc/default/dropbear from Jessie, Stretch, and Buster to conffile. Existing files were never touched by postinst, so it makes sense to migrate known stock versions older than Bullseye. * d/t/remote-unlocking: Don't look for swap in the validation phase as doing so is racy. * d/patches: Fix FTBFS on hurd-i386. * Add d/u/metadata. * d/dropbear.postrm: Minor quoting improvements * d/t/control: Improve comment in remote-unlocking test. -- Guilhem Moulin Mon, 04 Apr 2022 23:32:24 +0200 dropbear (2022.82-2) unstable; urgency=medium * d/dropbear.postrm: Remove redundant `rm` call. * d/t/upstream-tests: Run pytest in ./test. * d/p: Raise connection delay in test/test_channels.py to make it pass on slower machines (such as the armhf debci runners). -- Guilhem Moulin Sun, 03 Apr 2022 10:00:11 +0200 dropbear (2022.82-1) unstable; urgency=medium [ Matt Johnston ] * New upstream release 2022.82. Highlights include: - dropbearconvert(1): Support converting from OpenSSH (>=7.8) private key format (closes: #955384), and convert to that format rather than PEM - Reworked -v verbose printing, specifying multiple times will increase verbosity. - Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in authorized_keys(5). - Use a separate $PATH when logging in as root (closes: #903403). - Disable dh-group1 key exchange by default. It has been disabled server side by default since 2018.76-1. - Removed Twofish cipher. [ Lee Garrett ] * initramfs script configuration: Add quotes to indicate they're required. (Closes: #1003951) [ Guilhem Moulin ] * Add missing build dependency on dh addon. * initramfs script configuration: Clarify that assignment follow shell semantics. * d/gbp.conf: Add upstream VCS tag as additional parent to upstream/$VERSION. * Run wrap-and-sort(1). * Fix autopkgtest for non-sid suites. * Create localoptions.h in d/rules not from d/patches. * d/localoptions.h: Hardcode PATH environment variable when a regular user resp. the superuser logs in to the login.defs(5) default values, namely "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" resp. "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin". * d/tests: Run the upstream test suite as a DEP-8 test. We skip it at build time since it needs access to ~/.ssh which is forbidden in the build environment. * Update d/copyright. * d/rules: Remove useless override_dh_installinit target and rename d/dropbear.dropbear.init to d/dropbear.init. * d/dropbear.init: Put PID file in /run not /var/run. * d/dropbear.init: Minor refactoring. * d/dropbear.postinst: Replace deprecated which(1) calls with `command -v`. * d/dropbear.postinst: Also convert OpenSSH keys in new format since dropbearconvert(1) can now convert those. * Remove d/README.Debian.diet from 'dropbear-bin' documentation. * Install README.Debian in 'dropbear' package not 'dropbear-bin'. * Minor d/dropbear.README.Debian improvement. * d/control: Improve package description. * Add systemd.service(5) file. * /etc/default/dropbear: Breaking changes to accommodate the systemd.service(5) logic: + Drop support for NO_START=1 (one needs to manually disable the service or remove the package instead); and + Drop support for DROPBEAR_*KEY and DROPBEAR_BANNER (one needs to use DROPBEAR_EXTRA_ARGS with the adequate dropbear(8) instead instead). * Handle /etc/default/dropbear as a conffile instead of letting postinst create it. -- Guilhem Moulin Sat, 02 Apr 2022 15:51:17 +0200 dropbear (2020.81-5) unstable; urgency=medium * d/t/remote-unlocking: Replace QEMU's deprecated short-form boolean options. * d/t/remote-unlocking: Set cache=unsafe on the target drive. * d/t/remote-unlocking: Use apt-get indextargets's Repo-URI not its URI. * d/t/remote-unlocking: Ensure the current version of the package is available. * d/t/remote-unlocking: Replace linux-image-amd64 with linux-image-generic. * d/t/remote-unlocking: Set 'size=256' in crypttab(5). * d/t/remote-unlocking: Fix APT Repo-URI scheme. * d/rules: Replace manual call to dh_link with a new d/dropbear.links file. * d/copyright: Set field Upstream-Name. * Refresh lintian overrides to accommodate lintian v2.114. -- Guilhem Moulin Wed, 08 Dec 2021 12:37:31 +0100 dropbear (2020.81-4) unstable; urgency=low * d/control: Remove from Uploaders. Thanks to gerrit for their work on the dropbear package! (Closes: #907082) * d/control: dropbear: Demote 'dropbear-initramfs' to Suggests. (Closes: #962132) * d/control: Bump Standards-Version to 4.6.0 (no changes necessary). * initramfs boot script: Don't exit when IP={none,off}. (Closes: #958526) * Rename /etc/dropbear-initramfs to /etc/dropbear/initramfs, and /etc/dropbear-initramfs/config to /etc/dropbear/initramfs/dropbear.conf. * d/t/on-lvm-and-luks: Near-complete rewrite: - Adjust partition sizes to account for the current needs of the distro. - Set 'Architecture: amd64' to properly skip the test on other architectures. - Run mmdebstrap(1) with --mode=auto instead of --mode=root. This uses --mode=unshare when kernel.unprivileged_userns_clone is set to 1, otherwise --mode=fakeroot (#944929 is now fixed) - Consolidate style. - Ensure we're testing the current dropbear-initramfs version. - Use KVM acceleration when possible. Also, try to create /dev/kvm if missing (for instance in a chroot where /dev is not managed by udev). - Raise timeout values so the test has a chance to complete when KVM is not supported/used. - Adjust copyright. - Replace 'Depends: libguestfs-tools, sleepenh, time' with 'Depends: cryptsetup-initramfs, fdisk, initramfs-tools-core, lvm2'. Instead of using guestfish(1) to set up a first system which is in turn used to set up the target system, we build a custom initramfs image containing the required dependencies, boot into it and entirely set up the target system from there. - Unconditionally dump (in real time) the guest's serial console into the standard output. Before it was only done upon error. - Use a random key file instead of a hardcoded/pre-chosen passphrase. - Restrict the guest's ability to reach external hosts. - Assign static addresses under 10.0.2.128/25 instead of using DHCP. That way we don't have to include 'isc-dhcp-client' in the debootstrap chroot. - Use dropbear instead of OpenSSH in the main system as well, not just in the initramfs. After all we're testing dropbear here :-) - Instead of having the root and swap (resume) devices each in its own LV held by a LUKS device, we put the root FS directly on the root device, and add a new plain dm-crypt partition for a transient swap device. This removes 'Depends: lvm2'. Consequently, the test is renamed to 'remote-unlocking'. -- Guilhem Moulin Thu, 19 Aug 2021 13:08:39 +0200 dropbear (2020.81-3) unstable; urgency=medium * Initramfs: Use 10 placeholders in ~root template. * Initramfs: Explicitly pass --tmpdir flag to mktemp(1). * Initramfs hook: Better guard against unsafe $DESTDIR. * Postinst: Show hostkey filename in showpubkey(). * Postinst: No longer generate DSS (DSA) host keys. -- Guilhem Moulin Thu, 14 Jan 2021 21:14:26 +0100 dropbear (2020.81-2) unstable; urgency=medium * Initramfs hook: Use ldconfig to find the path of the dlopen()'ed sonames to copy over. * Rename Debian branch to debian/latest for DEP-14 compliance. * Remove compression=bzip2 from d/gbp.conf. * Initramfs init-bottom script: Make wait_for_dropbear() 60s timeout configurable with new option $DROPBEAR_SHUTDOWN_TIMEOUT. (Closes: #964187) * Update watch file format version to 4. * Bump Standards-Version to 4.5.1 (no changes necessary). * d/patches/local-options.patch: Mark "Forwarded: not-needed". * d/debian/dropbear.postinst: Use dropbearconvert(1) from $PATH not from deprecated /usr/lib/dropbear. * dropbear-bin: Override "breakout-link usr/lib/dropbear/dropbearconvert -> usr/bin/dropbearconvert" lintian warning. This is a compatibility symlink since 2020.79-1. -- Guilhem Moulin Fri, 01 Jan 2021 20:41:58 +0100 dropbear (2020.81-1) unstable; urgency=medium * New upstream bugfix release. -- Guilhem Moulin Thu, 29 Oct 2020 23:16:17 +0100 dropbear (2020.80-1) unstable; urgency=medium * New upstream bugfix release. * debian/patches/authorized_keys-options-parsing.patch: Remove patch, now applied upstream. * debian/tests/on-lvm-and-luks: Replace dpkg-architecture(1) call with `dpkg --print-architecture`. The CI runners aren't build machines. -- Guilhem Moulin Fri, 26 Jun 2020 17:38:44 +0200 dropbear (2020.79-2) unstable; urgency=medium * debian/tests/on-lvm-and-luks: skip test on non-amd64 hosts. * Remove build dependency on dh-exec(1). * debian/control: Bump debhelper compatibility level to 13. * debian/service/run: (runit script) to drop deprecated option '-d' and add support for ECDSA and ED25519 host keys. -- Guilhem Moulin Tue, 16 Jun 2020 16:09:57 +0200 dropbear (2020.79-1) unstable; urgency=low [ Guilhem Moulin ] * New upstream release. Highlights and potentially breaking changes include + Add ed25519 host and client keys support. + Add ChaCha20/Poly1305 authenticated cipher support. + X11 forwarding is disabled at compile time. + AES-CBC and 3DES ciphers are disabled at compile time. + Use getrandom() call for entropy collection. * debian/README.initramfs: fix path to cryptsetup's README.Debian.gz. (Closes: #934146) * debian/initramfs/dropbear-hook: Don't mention cryptroot in warning messages, only SSH login. * debian/initramfs/bottom-dropbear: Wait for drobear to start before bringing the network down. This avoids a race where the network stack were fully not configured yet by the time the execution is handed over to the main system. (Closes: #943459) * debian/dropbear.postinst: Remove comparison with ancient version 0.50-4 (released in 2008). * debian/control: dropbear: Add Pre-Depends: ${misc:Pre-Depends}. * debian/control: Bump Standards-Version to 4.5.0 (no changes necessary). * debian/control: Set 'Rules-Requires-Root: no'. * debian/control: Remove duplicate Depends: lsb-base. * debian/control: Bump minimum version for libtomcrypt and libtommath. * Install dropbearconvert(1) to /usr/bin, and add a compatibility symlink in its previous location /usr/lib/dropbear. [Johannes 'josch' Schauer] * Add autopkgtest to test dropbear-initramfs. (Closes: #934753) * Enable Salsa CI tests. [ Debian Janitor ] * Trim trailing whitespace. * Add missing dependency on lsb-base. * Bump debhelper from old 9 to 12. * Drop unnecessary dependency on dh-autoconf. * Rely on pre-initialized dpkg-architecture variables. * Fix day-of-week for changelog entries 0.32cvs-1, 0.32cvs-1. * Wrap long lines in changelog entries: 2014.64-1. -- Guilhem Moulin Tue, 16 Jun 2020 02:50:00 +0200 dropbear (2019.78-2) unstable; urgency=medium * Improve upgrade path via Recommends and NEWS entry. * d/control: + Change dropbear's Recommends to 'cryptsetup-initramfs' from 'cryptsetup'. That's the package shipping cryptsetup's initramfs integration. + Bump Standards-Version to 4.4.0 (no changes necessary). -- Guilhem Moulin Sat, 27 Jul 2019 18:20:59 -0300 dropbear (2019.78-1) unstable; urgency=medium * New upstream release. * Rename 'dropbear-run' to 'dropbear'. 'dropbear-run' is now a transitional dummy package depending on 'dropbear'. This complete the package split started with 2015.68-1. * dropbear-initramfs: Remove backward compatibility checks and warnings that were added for the upgrade path from Jessie to Stretch. (Closes: #926875) -- Guilhem Moulin Mon, 08 Jul 2019 17:06:07 +0200 dropbear (2018.76-5) unstable; urgency=medium * Put custom options, such as SFTPSERVER_PATH, in localoptions.h not in debian/rules. Regression since 2018.76-1, cf. upstream's CHANGES file. (Closes: #915826.) * debian/upstream/signing-key.asc: Minimize upstream's OpenPGP certificate. * debian/control: Bump Standards-Version to 4.3.0 (no changes necessary). -- Guilhem Moulin Tue, 12 Feb 2019 13:06:15 +0100 dropbear (2018.76-4) unstable; urgency=medium * Backport security fix for CVE-2018-15599: The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled. (Closes: #906890.) Cherry-picked from https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 . * debian/control: Bump Standards-Version to 4.2.0 (no changes necessary). -- Guilhem Moulin Fri, 24 Aug 2018 14:36:51 +0200 dropbear (2018.76-3) unstable; urgency=medium * debian/initramfs/bottom-dropbear: + Read and parse /proc/*/stat instead of ps(1)'s output, as ps(1) options differ between Debian and Ubunt's busybox. Thanks to 'eviljoel' for the patch. (LP: #1652091.) + Normalize paths before comparison. This fixes dropbear shutdown on initramfs images with an usrmerge layout, such as images made by mkinitramfs(8) from initramfs-tools-core 0.132. * debian/control: Bump Standards-Version to 4.1.5 (no changes necessary). -- Guilhem Moulin Mon, 30 Jul 2018 17:09:02 +0800 dropbear (2018.76-2) unstable; urgency=low * debian/control: + Bump Standards-Version to 4.1.4 (no changes necessary). + Migrate Vcs-Browser and Vcs-Git from Alioth to Salsa. -- Guilhem Moulin Tue, 05 Jun 2018 18:15:34 +0200 dropbear (2018.76-1) unstable; urgency=low * New upstream release. Configuration/compatibility changes: + "dropbear -r" option for hostkeys no longer attempts to load the default hostkey paths as well. If desired these can be specified manually. + group1-sha1 key exchange is disabled in the server by default since the fixed 1024-bit group may be susceptible to attacks + twofish ciphers are now disabled in the default configuration + Default generated ECDSA key size is now 256 (rather than 521) for better interoperability + Minimum RSA key length has been increased to 1024 bits See https://dropbear.nl/mirror/CHANGES for the full changelog. * debian/control: bump Standards-Version to 4.1.3 (no changes necessary). * debian/dropbear-bin.docs: Remove TODO file. * debian/rules: Explicitly append "-fPIE -pie" to the LDFLAGS. -- Guilhem Moulin Mon, 05 Mar 2018 14:36:19 +0100 dropbear (2017.75-3) unstable; urgency=low * debian/control: + Remove hardcoding of libtomcryptX/libtommathY in dropbear-bin's Depends. (Closes: #879221.) + Bump Standards-Version to 4.1.1. Changes: - Replace dropbear's Priority from extra to optional (inherited from source package paragraph). -- Guilhem Moulin Sun, 22 Oct 2017 14:30:10 +0200 dropbear (2017.75-2) unstable; urgency=low * dropbear-initramfs: + init-bottom script: in the init-bottom script, send a SIGTERM to all process groups the leader of which is a child of the dropbear process, to ensure that all children of all SSH sessions are terminated (before dropear itself is killed). + postinst: don't print the reminder to check "ip=" boot parameter if it's already found in /proc/cmdline. + premount script: log to standard error if the 'debug' environment variable is set. + premount script: boot method (local or NFS) is in environment variable 'BOOT' not 'boot'. + On local mounts, don't bring down the network before dropbear was terminated (at init-bottom stage, not at local-bottom stage). Bringing down the network while an SSH session is still active makes clients hang until the connection times out. + init-bottom script: log which network interfaces are being brought down. + init-bottom script: replace xargs(1) with a while loop as it's apparently not included in Ubuntu's busybox. (LP: #1652091) + Compile with '--disable-bundled-libtom' to use system libtomcrypt / libtommath. (Closes: #870035) * debian/control: bump Standards-Version to 4.0.0 (no changes necessary). * debian/{control,dropbear-bin.install,dropbear-bin.manpages}: apply wrap-and-sort(1). -- Guilhem Moulin Tue, 08 Aug 2017 21:59:06 +0200 dropbear (2017.75-1) unstable; urgency=medium * New upstream release. Remove quilt patches CVE-2017-9078 and CVE-2017-9079, previously backported from 2017.75 to 2016.74-5. -- Guilhem Moulin Sat, 17 Jun 2017 12:36:10 +0200 dropbear (2016.74-5) unstable; urgency=high * Backport security fixes from 2017.75 (closes: #862970): - CVE-2017-9078: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. - CVE-2017-9079: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. -- Guilhem Moulin Fri, 19 May 2017 23:41:21 +0200 dropbear (2016.74-4) unstable; urgency=medium * Also trigger maintainer scripts when upgrading from dropbear 2014.65-1+deb8u1, by changing the upper bound from 2014.65-1 to 2015.68-1~. (Closes: #862544) -- Guilhem Moulin Sun, 14 May 2017 16:56:40 +0200 dropbear (2016.74-3) unstable; urgency=high * debian/copyright: add missing paragraphs to match upstream's LICENSE file. (Closes: #860406.) -- Guilhem Moulin Sun, 16 Apr 2017 12:22:56 +0200 dropbear (2016.74-2) unstable; urgency=low * Tolerate lack of boot script config file /etc/dropbear-initramfs/config. This can happen when dropbear-initramfs is upgraded (from <2016.73-1) along with the kernel, and the kernel is configured before dropbear-initramfs, cf. #841503. * debian/control: Add Depends: lsb-base (>= 3.0-6) for dropbear-run. * debian/README.Debian, debian/copyright: upgrade the homepage URI to https://. -- Guilhem Moulin Tue, 13 Dec 2016 23:44:50 +0100 dropbear (2016.74-1) unstable; urgency=medium [ Matt Johnston ] * New upstream release. [ Guilhem Moulin ] * debian/control: + Bump Standards-Version to 3.9.8 (no changes necessary). * Fix initramfs hostkey path in changelog and NEWS file. Patch from Lukáš Krejza. (Closes: #830826.) -- Guilhem Moulin Fri, 29 Jul 2016 10:29:42 +0200 dropbear (2016.73-1) unstable; urgency=low [ Matt Johnston ] * New upstream release. [ Guilhem Moulin ] * dropbear-initramfs, dropbear-run: + In the postinst script, only generate host keys when all three key types (DSS, RSA, ECDSA) are missing. For instance if an RSA host key is present, a missing DSS host key will not be automatically generated. + Change architecture from 'any' to 'all' and remove --link-doc. This enables dropbear-initramfs to have its own NEWS file. * dropbear-run: + Use dh_installdirs to create /etc/dropbear. * dropbear-initramfs: + Take host keys (resp. authorized_keys) from /etc/dropbear-initramfs instead of /etc/initramfs-tools/etc/dropbear (resp. /etc/initramfs-tools/root/.ssh). These files are automatically moved on upgrade. This is done following the initramfs-tools maintainers' request (see #807527) that hook and boot script configuration files be stored outside the /etc/initramfs-tools directory. + Move hook script initramfs configuration from /etc/initramfs-tools/conf-hooks.d/dropbear to /usr/share/initramfs-tools/conf-hooks.d/dropbear. As a consequence, the file is no longer recognized as a user configuration file; it is only used to set a restrictive umask (to avoid disclosing the host keys) and to force the use of busybox. + Use /etc/dropbear-initramfs/config as initramfs boot script configuration. For backward compatibility setting dropbear options in /etc/initramfs-tools/initramfs.conf is still supported for now (but sourcing this file causes the hook to print a warning). (Closes: #819320.) -- Guilhem Moulin Wed, 13 Apr 2016 19:00:06 +0200 dropbear (2016.72-1) unstable; urgency=high [ Matt Johnston ] * New upstream release, fixing a xauth command injection vulnerability. See also http://www.openwall.com/lists/oss-security/2016/03/10/8 [ Guilhem Moulin ] * debian/control: + Bump Standards-Version to 3.9.7 (no changes necessary). + Change Vcs-Git URI from git:// to https://. -- Guilhem Moulin Thu, 10 Mar 2016 22:14:47 +0100 dropbear (2015.71-1) unstable; urgency=low [ Matt Johnston ] * New upstream release. [ Guilhem Moulin ] * dropbear-initramfs: + init-premount script: on local mounts, fork before 'configure_networking', so a user with access to the keyboard doesn't need to wait for ipconfig to terminate to enter the passphrase. (Closes: #806884.) It doesn't affect our fix to #584780 since 'configure_networking' and 'dropbear' run sequentially in the same process. -- Guilhem Moulin Fri, 18 Dec 2015 13:10:57 +0100 dropbear (2015.70-1) unstable; urgency=low [ Matt Johnston ] * New upstream release. [ Guilhem Moulin ] * dropbear-initramfs: + Take dropbear options from the DROPBEAR_OPTIONS environment variable, for consistency with DROPBEAR_IFDOWN. For backward compatibility the value of $PKGOPTION_dropbear_OPTION is used when DROPBEAR_OPTIONS is unset. + Take ownership of cryptsetup's /usr/share/doc/cryptsetup/README.remote and ship it as /usr/share/doc/dropbear-initramfs/README.initramfs . * debian/patches: + 0001-dbclient.1-dbclient-uses-compression-if-compiled-with.diff: Remove patch applied upstream. + 0002-dropbearkey.8-mention-y-option-add-example.diff: Remove patch applied upstream. -- Guilhem Moulin Thu, 26 Nov 2015 17:06:59 +0100 dropbear (2015.68-1) unstable; urgency=low * New co-maintainer. [ Matt Johnston ] * New upstream release. (Closes: #631858, #775222.) [ Guilhem Moulin ] * debian/source/format: 3.0 (quilt) * debian/compat: 9 * debian/control: + Bump Standards-Version to 3.9.6 (no changes necessary). + Add Homepage, Vcs-Git, and Vcs-Browser fields. * debian/copyright: add machine-readable file. * Split up package in dropbear-bin (binaries), dropbear-run (init scripts) and dropbear-initramfs (initramfs integration). 'dropbear' is now a transitional dummy package depending on on dropbear-run and dropbear-initramfs. (Closes: #692932.) * Refactor the package using dh_* tools, including dh_autoreconf. (Closes: #689618, #777324, #793006, #793917.) * Add 'Multi-Arch: foreign' tags. * dropbear-run: + Add a status option to the /etc/init.d script. + Pass key files with -r not -d in /etc/init.d script. (Closes: #761143.) + Post-installation script: Generate missing ECDSA in addition to RSA and DSS host keys. (Closes: #776976.) * dropbear-initramfs: + No longer mark /usr/share/initramfs-tools/conf-hooks.d/dropbear as a configuration file, since it violates the Debian Policy Manual section 10.7.2. (Regression from 2014.64-1.) Instead, move the file to /etc/initramfs-tools/conf-hooks.d/dropbear and add a symlink under /usr/share/initramfs-tools/conf-hooks.d. + Delete debian/initramfs/premount-devpts, since /dev/pts in mounted by init since initramfs-tools 0.94. (Closes: #632656, #797939.) + Auto-generate host keys in the postinstall script, not when running update-initramfs. Pass the '-R' option (via $PKGOPTION_dropbear_OPTION) for the old behavior. Also, print fingerprint and ASCII art for generated keys (if ssh-keygen is available). + Revert ad2fb1c and remove warning about changing host key. Users shouldn't be encouraged to use the same keys in the encrypted partition and in the initramfs. The proper fix is to use an alternative port or UserKnownHostFile. + Set ~root to `mktemp -d "$DESTDIR/root-XXXXXX"` to avoid collisions with $rootmnt. (Closes: #558115.) + Exit gracefully if $IP is 'none' or 'off'. (Closes: #692932.) + Start dropbear with flag -s to explicitly disable password logins. + Terminate all children before killing dropbear, to avoid stalled SSH connections. (Closes: #735203.) + Run configure_networking in the foreground. (Closes: #584780, #626181, #739519.) + Bring down interfaces and flush IP routes and addresses before exiting the ramdisk, to avoid dirty network configuration in the regular kernel. (Closes: #715048, #720987, #720988.) The interfaces considered are those matching the $DROPBEAR_IFDOWN shell pattern (default: '*'); the special value 'none' keeps all interfaces up and preserves routing tables and addresses. -- Guilhem Moulin Sat, 03 Oct 2015 20:47:33 +0200 dropbear (2014.65-1) unstable; urgency=low [ Matt Johnston ] * New upstream release (closes: #757780). [ Gerrit Pape ] * debian/diff/0003-options.h-use-usr-bin-xauth-instead-of...diff: remove; applied upstream. * debian/control: Standards-Version: 3.9.5.0. -- Gerrit Pape Mon, 11 Aug 2014 20:50:11 +0000 dropbear (2014.64-1) unstable; urgency=low [ Matt Johnston ] * New upstream release (closes: #748826, #756561).. [ Gerrit Pape ] * debian/diff/: update. * debian/initramfs/premount-devpts: apply patch from https://launchpadlibrarian.net/107177971/dropbear_lp933903_precise_1.debdiff: duplicate mount /dev/pts in initramfs (thx Mario 'BitKoenig' Holbe, Guy Roussin, closes: #632656). * debian/dropbear.postinst: apply patch from Karl O. Pinc: dropbear's cryptroot setup does not use the system's host keys (closes: #714899). * debian/initramfs/dropbear-hook: apply patch from Karl O. Pinc: There is no warning when the cryptroot host key differs from the regular host key (closes: #714900). * debian/dropbear.postrm: apply patch from Karl O. Pinc: dropbear does not remove initramfs host keys on package purge (closes: #714945). * debian/initramfs/premount-dropbear: apply half of patch from Robert.Heinzmann: allow option specification for dropbear in /etc/initramfs-tools/initramfs.conf (closes: #614981). * debian/dropbear.conffiles: add /usr/share/initramfs-tools/conf-hooks.d/dropbear (thx Karl O. Pinc, closes: #715047). * debian/rules: apply patch from Matthias Klose: please allow the package to cross build (closes: #729845). -- Gerrit Pape Fri, 01 Aug 2014 12:44:51 +0000 dropbear (2013.60-1) unstable; urgency=low [ Matt Johnston ] * New upstream release. [ Gerrit Pape ] * debian/diff/0004-cve-2013-4421.diff, 0005-user-disclosure.diff: remove; fixed upstream. * debian/dropbear.postinst: don't fail if initramfs-tools it not installed (closes: #692653). -- Gerrit Pape Fri, 25 Oct 2013 15:00:48 +0000 dropbear (2012.55-1.4) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix cve-2013-4421: memory exhaustion issue (closes: #726019). * Fix timing delays that may reveal whether a user account is valid (closes: #726118). -- Michael Gilbert Wed, 16 Oct 2013 03:29:42 +0000 dropbear (2012.55-1.3) unstable; urgency=medium * Non-maintainer upload. * Fix initramfs hook when multiple variant of libc are installed. All credits due to Helmut Grohne for the report and the solution. (Closes: #682964) -- Jérémy Bobbio Thu, 08 Nov 2012 10:45:01 +0100 dropbear (2012.55-1.2) unstable; urgency=low * Non-maintainer upload. * Unbreak initramfs hook when upgrading from Squeeze. -- Jérémy Bobbio Tue, 25 Sep 2012 16:53:18 +0200 dropbear (2012.55-1.1) unstable; urgency=low * Non-maintainer upload. * Adjust initramfs hook to work with multi-arch. Initial patch by Michael Stapelberg. (Closes: #630581) -- Jérémy Bobbio Tue, 25 Sep 2012 09:17:06 +0200 dropbear (2012.55-1) unstable; urgency=high * New upstream release. * Fix use-after-free bug that could be triggered if command="..." authorized_keys restrictions are used. Could allow arbitrary code execution or bypass of the command="..." restriction to an authenticated user. This bug affects releases 0.52 onwards. Ref CVE-2012-0920 (closes: #661150). Thanks to Danny Fullerton of Mantor Organization for reporting the bug. -- Gerrit Pape Mon, 27 Feb 2012 14:18:53 +0000 dropbear (2011.54-1) unstable; urgency=low [ Matt Johnston ] * new upstream release. * Added ALLOW_BLANK_PASSWORD option. Dropbear also now allows public key logins to accounts with a blank password. Thanks to Rob Landley (closes: #555889). * Bind to sockets with IPV6_V6ONLY so that it works properly on systems regardless of the system-wide setting (closes: #636696). [ Gerrit Pape ] * debian/control: Standards-Version: 3.9.2.0. -- Gerrit Pape Wed, 16 Nov 2011 12:36:03 +0000 dropbear (0.53.1-1) unstable; urgency=low [ Matt Johnston ] * New upstream release. * SSH_ORIGINAL_COMMAND environment variable is set by the server when an authorized_keys command is specified (closes: #604524). [ Gerrit Pape ] * debian/rules: add --enable-bundled-libtom option to ./configure. * debian/rules: remove -DXAUTH_COMMAND="/usr/bin/X11/xauth -q from CFLAGS (workaround ./configure stupidity; closes: #625192). * debian/diff/0003-options.h-use-usr-bin-xauth-instead-of...diff: new; use /usr/bin/xauth instead of /usr/bin/X11/xauth for XAUTH_COMMAND (closes: #614355). -- Gerrit Pape Mon, 02 May 2011 16:35:14 +0000 dropbear (0.52-5) unstable; urgency=low [ debian@x.ray.net ] * debian/dropbear.postinst: initramfs-tools uses a conf-hooks.d/ directory for mkinitramfs ('compiletime') configuration, so to be sure to read the whole/correct config we need to source the files in there too, additionally to initramfs.conf (closes: #575504). * debian/initramfs/dropbear-conf: set UMASK=0077 (closes: #578117). [ Gerrit Pape ] * debian/control: Standards-Version: 3.8.4.0. -- Gerrit Pape Sun, 18 Apr 2010 23:04:36 +0000 dropbear (0.52-4) unstable; urgency=low * debian/initramfs/dropbear-hook: allow more than one public key in initramfs (thx Chris for the patch; closes: #548309). -- Gerrit Pape Tue, 06 Oct 2009 01:51:42 +0000 dropbear (0.52-3) unstable; urgency=low * debian/rules: configure: add XAUTH_COMMAND="/usr/bin/X11/xauth -q" to CFLAGS (thx Axel Beckert, Colin Watson; closes: #532900). * debian/dropbear.init: Improve abort messages due to /etc/default/dropbear::NO_START (thx Jari Aalto for the patch; closes: #541432). * debian/control: Provides: ssh-server (thx Steffen Moeller; closes: #543174) * debian/control: Suggests: xauth (thx Francis Russell; closes: #508233). -- Gerrit Pape Thu, 24 Sep 2009 14:37:17 +0000 dropbear (0.52-2) unstable; urgency=medium * debian/initramfs/premount-dropbear: run configure_networking in the background (thx debian@x.ray.net, closes: #514213, #524728). * debian/control: Standards-Version: 3.8.2.0. -- Gerrit Pape Sun, 28 Jun 2009 23:22:39 +0000 dropbear (0.52-1) unstable; urgency=low [ Matt Johnston ] * New upstream release. * dbclient.1: mention optional 'command' argument (closes: #495823). [ Gerrit Pape ] * debian/diff/0001-dbclient.1-dbclient-uses-compression-if...diff: new; dbclient.1: dbclient uses compression if compiled with zlib support (thx Luca Capello, closes: #495825). * debian/initramfs/*: new; cryptroot remote unlocking on boot feature (thx debian@x.ray.net). * debian/rules: install debian/initramfs/* (thx debian@x.ray.net). * debian/control: Suggests: udev (for cryptroot support, thx debian@x.ray.net). * debian/dropbear.postinst: conditionally run update-initramfs -u (for cryptroot support, thx debian@x.ray.net. closes: #465903). * debian/diff/0002-dropbearkey.8-mention-y-option-add-example.diff: new; mention -y option, add example (thx debian@x.ray.net). -- Gerrit Pape Wed, 19 Nov 2008 20:58:59 +0000 dropbear (0.51-1) unstable; urgency=low [ Matt Johnston ] * New upstream release. - Wait until a process exits before the server closes a connection, so that an exit code can be sent. This fixes problems with exit codes not being returned, which could cause scp to fail (closes: #448397, #472483). [ Gerrit Pape ] * debian/dropbear.postinst: don't print an error message if the update-service program is not installed (thx Matt). -- Gerrit Pape Thu, 27 Mar 2008 20:08:06 +0000 dropbear (0.50-4) unstable; urgency=low * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB formatted dependency info in init.d script (closes: #466257). * debian/rules: no longer include symlinks for ./supervise/ subdirectories. * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed by runit, remove service, and re-add using update-service(8). * debian/control: Standards-Version: 3.7.3.0. * debian/rules: target clean: don't ignore errors but check for readable ./Makefile. -- Gerrit Pape Thu, 06 Mar 2008 19:06:58 +0000 dropbear (0.50-3) unstable; urgency=low * debian/dropbear.init: use the update-service(8) program from the runit package instead of directly checking for the symlink in /var/service/. * debian/README.runit: talk about update-service(8) instead of symlinks in /var/service/. -- Gerrit Pape Fri, 15 Feb 2008 00:32:37 +0000 dropbear (0.50-2) unstable; urgency=low * debian/dropbear.README.Debian: no longer talk about entropy from /dev/random, /dev/urandom is now used by default (thx Joey Hess, closes: #441515). -- Gerrit Pape Mon, 24 Sep 2007 16:49:17 +0000 dropbear (0.50-1) unstable; urgency=low * debian/README.runit: minor. * new upstream version. * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: remove; fixed upstream. -- Gerrit Pape Thu, 09 Aug 2007 23:01:01 +0000 dropbear (0.49-2) unstable; urgency=low * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of -p0. * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: new; options.h: use /dev/urandom instead of /dev/random as DROPBEAR_RANDOM_DEV (closes: #386976). * debian/rules: target clean: remove libtomcrypt/Makefile, libtommath/Makefile. -- Gerrit Pape Sat, 09 Jun 2007 08:59:59 +0000 dropbear (0.49-1) unstable; urgency=high * new upstream release, fixes * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey mismatch (closes: #412899). * dbclient uses static "Password:" prompt instead of using the server's prompt (closes: #394996). * debian/control: Suggests: openssh-client, not ssh (closes: #405686); Standards-Version: 3.7.2.2. * debian/README.Debian: ssh -> openssh-server, openssh-client; remove 'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not installing the openssh-server package. * debian/README.runit: runsvstat -> sv status. -- Gerrit Pape Fri, 2 Mar 2007 20:48:18 +0000 dropbear (0.48.1-1) unstable; urgency=medium * new upstream point release. * Compile fix for scp * debian/diff/dbclient.1.diff: new: document -R option to dbclient accurately (thx Markus Schaber; closes: #351882). * debian/dropbear.README.Debian: document a workaround for systems with possibly blocking /dev/random device (closes: #355414).. -- Gerrit Pape Sun, 16 Apr 2006 16:16:40 +0000 dropbear (0.48-1) unstable; urgency=medium * New upstream release. * SECURITY: Improve handling of denial of service attempts from a single IP. * debian/implicit: update to revision 1.11. * new upstream release updates to scp from OpenSSH 4.3p2 - fixes a security issue where use of system() could cause users to execute arbitrary code through malformed filenames; CVE-2006-0225 (see also #349645); the scp binary is not provided by this package though. -- Gerrit Pape Fri, 10 Mar 2006 22:00:32 +0000 dropbear (0.47-1) unstable; urgency=high * New upstream release. * SECURITY: Fix incorrect buffer sizing; CVE-2005-4178. -- Matt Johnston Thu, 8 Dec 2005 19:20:21 +0800 dropbear (0.46-2) unstable; urgency=low * debian/control: Standards-Version: 3.6.2.1; update descriptions to mention included server and client (thx Tino Keitel). * debian/dropbear.init: allow '/etc/init.d/dropbear stop' even though 'NO_START is not set to zero.' (closes: #336723). -- Gerrit Pape Tue, 6 Dec 2005 13:30:49 +0000 dropbear (0.46-1) unstable; urgency=medium * New upstream release, various fixes. * debian/diff/dbclient-usage-typo.diff, debian/diff/manpages.diff: remove; obsolete. * debian/dbclient.1: move to ./dbclient.1. -- Matt Johnston Fri, 8 July 2005 21:32:55 +0800 dropbear (0.45-3) unstable; urgency=low * debian/dropbear.init: init script prints human readable message in case it's disabled (closes: #309099). * debian/dropbear.postinst: configure: restart service through init script instead of start. * debian/dropbear.prerm: set -u -> set -e. -- Gerrit Pape Wed, 25 May 2005 22:38:17 +0000 dropbear (0.45-2) unstable; urgency=low * Matt Johnston: * New upstream release, various fixes. -- Gerrit Pape Sat, 12 Mar 2005 15:17:55 +0000 dropbear (0.44-1) unstable; urgency=low * New upstream release. * debian/rules: install /usr/bin/dbclient; handle possible patches more gracefully; install debian/dbclient.1 man page; enable target patch; minor. * debian/implicit: update to revision 1.10. * debian/dbclient.1: new; man page. * debian/diff/dbclient-usage-typo.diff: new; fix typo. * debian/diff/manpages.diff: new; add references to dbclient man page. -- Gerrit Pape Sat, 8 Jan 2005 22:50:43 +0000 dropbear (0.43-2) unstable; urgency=high * Matt Johnston: * New upstream release 0.43 * SECURITY: Don't attempt to free uninitialised buffers in DSS verification code * Handle portforwarding to servers which don't send any initial data (Closes: #258426) * debian/dropbear.postinst: remove code causing bothersome warning on package install (closes: #256752). * debian/README.Debian.diet: new; how to build with the diet libc. * debian/dropbear.docs: add debian/README.Debian.diet. * debian/rules: support "diet" in DEB_BUILD_OPTIONS; minor cleanup. -- Gerrit Pape Sat, 17 Jul 2004 19:31:19 +0000 dropbear (0.42-1) unstable; urgency=low * New upstream release 0.42. * debian/diff/cvs-20040520.diff: remove; obsolete. * debian/rules: disable target patch. -- Matt Johnston Wed, 16 June 2004 12:44:54 +0800 dropbear (0.41-3) unstable; urgency=low * 1st upload to the Debian archive (closes: #216553). * debian/diff/cvs-20040520.diff: new; stable cvs snapshot. * debian/rules: new target patch: apply diffs in debian/diff/, reverse apply in target clean; install man pages. * debian/control: Priority: optional. -- Gerrit Pape Sun, 23 May 2004 08:32:37 +0000 dropbear (0.41-2) unstable; urgency=low * new maintainer. * debian/control: no longer Build-Depends: debhelper; Build-Depends: libz-dev; Standards-Version: 3.6.1.0; Suggests: runit; update descriptions. * debian/rules: stop using debhelper, use implicit rules; cleanup; install dropbearconvert into /usr/lib/dropbear/. * debian/impicit: new; implicit rules. * debian/copyright.in: adapt. * debian/dropbear.init: minor adaptions; test for dropbear service directory. * debian/README.runit: new; how to use dropbear with runit. * debian/README.Debian, debian/docs: rename to debian/dropbear.*. * debian/dropbear.docs: add debian/README.runit * debian/conffiles: rename to debian/dropbear.conffiles; add init script, and run scripts. * debian/postinst: rename to debian/dropbear.postinst; adapt; use invloke-rc.d dropbear start. * debian/dropbear.prerm: new; invoke-rc.d dropbear stop. * debian/postrm: rename to debian/dropbear.postrm; adapt; clean up service directories. * debian/compat, debian/dirs, dropbear.default: remove; obsolete. -- Gerrit Pape Sun, 16 May 2004 16:50:55 +0000 dropbear (0.41-1) unstable; urgency=low * Updated to 0.41 release. * Various minor fixes -- Matt Johnston Mon, 19 Jan 2004 23:20:54 +0800 dropbear (0.39-1) unstable; urgency=low * updated to 0.39 release. Some new features, some bugfixes. -- Matt Johnston Tue, 16 Dec 2003 16:20:54 +0800 dropbear (0.38-1) unstable; urgency=medium * updated to 0.38 release - various important bugfixes -- Matt Johnston Sat, 11 Oct 2003 16:28:54 +0800 dropbear (0.37-1) unstable; urgency=medium * updated to 0.37 release - various important bugfixes -- Matt Johnston Wed, 24 Sept 2003 19:43:54 +0800 dropbear (0.36-1) unstable; urgency=high * updated to 0.36 release - various important bugfixes -- Matt Johnston Tues, 19 Aug 2003 12:20:54 +0800 dropbear (0.35-1) unstable; urgency=high * updated to 0.35 release - contains fix for remotely exploitable vulnerability. -- Matt Johnston Sun, 17 Aug 2003 05:37:47 +0800 dropbear (0.34-1) unstable; urgency=medium * updated to 0.34 release -- Matt Johnston Fri, 15 Aug 2003 15:10:00 +0800 dropbear (0.33-1) unstable; urgency=medium * updated to 0.33 release -- Matt Johnston Sun, 22 Jun 2003 22:22:00 +0800 dropbear (0.32cvs-1) unstable; urgency=medium * now maintained in UCC CVS * debian/copyright.in file added, generated from LICENSE -- Grahame Bowland Sat, 21 Jun 2003 17:57:02 +0800 dropbear (0.32cvs-1) unstable; urgency=medium * sync with CVS * fixes X crash bug -- Grahame Bowland Fri, 20 Jun 2003 15:04:47 +0800 dropbear (0.32-2) unstable; urgency=low * fix creation of host keys to use correct names in /etc/dropbear * init script "restart" function fixed * purging this package now deletes the host keys and /etc/dropbear * change priority in debian/control to 'standard' -- Grahame Bowland Tue, 17 Jun 2003 15:04:47 +0800 dropbear (0.32-1) unstable; urgency=low * Initial Release. -- Grahame Bowland Tue, 17 Jun 2003 15:04:47 +0800