Accepted dropbear 2022.82-4.1~bpo11+1 (source amd64 all) into bullseye-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Oct 2022 15:23:20 +0200
Source: dropbear
Binary: dropbear dropbear-bin dropbear-bin-dbgsym dropbear-initramfs dropbear-run
Architecture: source amd64 all
Version: 2022.82-4.1~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
dropbear - lightweight SSH2 server and client - startup scripts
dropbear-bin - lightweight SSH2 server and client - command line tools
dropbear-initramfs - lightweight SSH2 server and client - initramfs integration
dropbear-run - transitional dummy package for dropbear
Closes: 903403 907082 955384 958526 962132 1003951 1017876
Changes:
dropbear (2022.82-4.1~bpo11+1) bullseye-backports; urgency=medium
.
* Rebuild for bullseye-backports.
* d/gbp.conf: Set debian-branch to ‘debian/bullseye-backports’.
.
dropbear (2022.82-4) unstable; urgency=medium
.
[ Guilhem Moulin ]
* d/rules: Inspect DEB_BUILD_* with $(filter ,) not $(findstring ,).
* Salsa CI: Remove default configuration file.
* Update standards version to 4.6.1, no changes needed.
* d/t/remote-unlocking: Mask systemd-firstboot.service to fix debci with
systemd 251.5-1.
* d/copyright: typofix.
* Refresh lintian overrides to accommodate lintian v2.115.
.
[ Steve Langasek ]
* DEP-8: Call mkdir with -p to fix autopkgtest on Ubuntu. (Closes: #1017876)
.
dropbear (2022.82-3) unstable; urgency=low
.
* d/t/upstream-tests: Set DBTEST_IN_ACTION=true so we don't skip
test_svrauth.py.
* d/t/upstream-tests: Guard against direct use.
* d/dropbear.preinst: Also migrate *unmodified* /etc/default/dropbear from
Jessie, Stretch, and Buster to conffile. Existing files were never
touched by postinst, so it makes sense to migrate known stock versions
older than Bullseye.
* d/t/remote-unlocking: Don't look for swap in the validation phase as doing
so is racy.
* d/patches: Fix FTBFS on hurd-i386.
* Add d/u/metadata.
* d/dropbear.postrm: Minor quoting improvements
* d/t/control: Improve comment in remote-unlocking test.
.
dropbear (2022.82-2) unstable; urgency=medium
.
* d/dropbear.postrm: Remove redundant `rm` call.
* d/t/upstream-tests: Run pytest in ./test.
* d/p: Raise connection delay in test/test_channels.py to make it pass on
slower machines (such as the armhf debci runners).
.
dropbear (2022.82-1) unstable; urgency=medium
.
[ Matt Johnston ]
* New upstream release 2022.82. Highlights include:
- dropbearconvert(1): Support converting from OpenSSH (>=7.8) private key
format (closes: #955384), and convert to that format rather than PEM
- Reworked -v verbose printing, specifying multiple times will increase
verbosity.
- Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in
authorized_keys(5).
- Use a separate $PATH when logging in as root (closes: #903403).
- Disable dh-group1 key exchange by default. It has been disabled server
side by default since 2018.76-1.
- Removed Twofish cipher.
.
[ Lee Garrett ]
* initramfs script configuration: Add quotes to indicate they're required.
(Closes: #1003951)
.
[ Guilhem Moulin ]
* Add missing build dependency on dh addon.
* initramfs script configuration: Clarify that assignment follow shell
semantics.
* d/gbp.conf: Add upstream VCS tag as additional parent to upstream/$VERSION.
* Run wrap-and-sort(1).
* Fix autopkgtest for non-sid suites.
* Create localoptions.h in d/rules not from d/patches.
* d/localoptions.h: Hardcode PATH environment variable when a regular user
resp. the superuser logs in to the login.defs(5) default values, namely
"/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" resp.
"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin".
* d/tests: Run the upstream test suite as a DEP-8 test. We skip it at build
time since it needs access to ~/.ssh which is forbidden in the build
environment.
* Update d/copyright.
* d/rules: Remove useless override_dh_installinit target and rename
d/dropbear.dropbear.init to d/dropbear.init.
* d/dropbear.init: Put PID file in /run not /var/run.
* d/dropbear.init: Minor refactoring.
* d/dropbear.postinst: Replace deprecated which(1) calls with `command -v`.
* d/dropbear.postinst: Also convert OpenSSH keys in new format since
dropbearconvert(1) can now convert those.
* Remove d/README.Debian.diet from 'dropbear-bin' documentation.
* Install README.Debian in 'dropbear' package not 'dropbear-bin'.
* Minor d/dropbear.README.Debian improvement.
* d/control: Improve package description.
* Add systemd.service(5) file.
* /etc/default/dropbear: Breaking changes to accommodate the
systemd.service(5) logic:
+ Drop support for NO_START=1 (one needs to manually disable the service
or remove the package instead); and
+ Drop support for DROPBEAR_*KEY and DROPBEAR_BANNER (one needs to use
DROPBEAR_EXTRA_ARGS with the adequate dropbear(8) instead instead).
* Handle /etc/default/dropbear as a conffile instead of letting postinst
create it.
.
dropbear (2020.81-5) unstable; urgency=medium
.
* d/t/remote-unlocking: Replace QEMU's deprecated short-form boolean options.
* d/t/remote-unlocking: Set cache=unsafe on the target drive.
* d/t/remote-unlocking: Use apt-get indextargets's Repo-URI not its URI.
* d/t/remote-unlocking: Ensure the current version of the package is
available.
* d/t/remote-unlocking: Replace linux-image-amd64 with linux-image-generic.
* d/t/remote-unlocking: Set 'size=256' in crypttab(5).
* d/t/remote-unlocking: Fix APT Repo-URI scheme.
* d/rules: Replace manual call to dh_link with a new d/dropbear.links file.
* d/copyright: Set field Upstream-Name.
* Refresh lintian overrides to accommodate lintian v2.114.
.
dropbear (2020.81-4) unstable; urgency=low
.
* d/control: Remove <pape> from Uploaders. Thanks to gerrit for their work
on the dropbear package! (Closes: #907082)
* d/control: dropbear: Demote 'dropbear-initramfs' to Suggests.
(Closes: #962132)
* d/control: Bump Standards-Version to 4.6.0 (no changes necessary).
* initramfs boot script: Don't exit when IP={none,off}. (Closes: #958526)
* Rename /etc/dropbear-initramfs to /etc/dropbear/initramfs, and
/etc/dropbear-initramfs/config to /etc/dropbear/initramfs/dropbear.conf.
* d/t/on-lvm-and-luks: Near-complete rewrite:
- Adjust partition sizes to account for the current needs of the distro.
- Set 'Architecture: amd64' to properly skip the test on other
architectures.
- Run mmdebstrap(1) with --mode=auto instead of --mode=root. This uses
--mode=unshare when kernel.unprivileged_userns_clone is set to 1,
otherwise --mode=fakeroot (#944929 is now fixed)
- Consolidate style.
- Ensure we're testing the current dropbear-initramfs version.
- Use KVM acceleration when possible. Also, try to create /dev/kvm if
missing (for instance in a chroot where /dev is not managed by udev).
- Raise timeout values so the test has a chance to complete when KVM is
not supported/used.
- Adjust copyright.
- Replace 'Depends: libguestfs-tools, sleepenh, time' with 'Depends:
cryptsetup-initramfs, fdisk, initramfs-tools-core, lvm2'. Instead of
using guestfish(1) to set up a first system which is in turn used to set
up the target system, we build a custom initramfs image containing the
required dependencies, boot into it and entirely set up the target
system from there.
- Unconditionally dump (in real time) the guest's serial console into the
standard output. Before it was only done upon error.
- Use a random key file instead of a hardcoded/pre-chosen passphrase.
- Restrict the guest's ability to reach external hosts.
- Assign static addresses under 10.0.2.128/25 instead of using DHCP. That
way we don't have to include 'isc-dhcp-client' in the debootstrap chroot.
- Use dropbear instead of OpenSSH in the main system as well, not just in
the initramfs. After all we're testing dropbear here :-)
- Instead of having the root and swap (resume) devices each in its own LV
held by a LUKS device, we put the root FS directly on the root device,
and add a new plain dm-crypt partition for a transient swap device.
This removes 'Depends: lvm2'. Consequently, the test is renamed to
'remote-unlocking'.
Checksums-Sha1:
56962e7d6fdfb26d346dc82d4a5dd420dd256de3 2622 dropbear_2022.82-4.1~bpo11+1.dsc
eb60ba26716f9c970ec7e29e7a6d3b5794c881f5 34456 dropbear_2022.82-4.1~bpo11+1.debian.tar.xz
89b00f9e3387f6c47abcd41793c7af2225eb0a8e 507040 dropbear-bin-dbgsym_2022.82-4.1~bpo11+1_amd64.deb
51b2d42716a6f6ed956fc3f83bed1aa9cd69b1ff 160536 dropbear-bin_2022.82-4.1~bpo11+1_amd64.deb
525db1d44bf534deefe986d13ff838354e5caa27 49408 dropbear-initramfs_2022.82-4.1~bpo11+1_all.deb
dfcc9f6c4f3af932df4921dba5c03f920632116d 42548 dropbear-run_2022.82-4.1~bpo11+1_all.deb
018a13279083e497db73439760f992bdb6526313 48676 dropbear_2022.82-4.1~bpo11+1_all.deb
eef70a6e2ddfa9669729aa95cf043960f0e80d9a 7448 dropbear_2022.82-4.1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
401d02b868ebcbc99e4b3cfa4346c25696c118eedea9e9e03a881b4557a12e93 2622 dropbear_2022.82-4.1~bpo11+1.dsc
6d0117275d48444893c515f595b8692912774152ba8c77305588a4a1172684fd 34456 dropbear_2022.82-4.1~bpo11+1.debian.tar.xz
1dabddba8ca2bec0c0c8017217851a36825173eb1733f2e1ceec322e38eecdcb 507040 dropbear-bin-dbgsym_2022.82-4.1~bpo11+1_amd64.deb
0de7f8c5acae126b5c0c972cb63cbc70b6f88b6387787cd3a738d21509f836cf 160536 dropbear-bin_2022.82-4.1~bpo11+1_amd64.deb
e93ddf7b25ef31e6de201c3ab9c024077d374ee6019a156e35d0d1f7383b4320 49408 dropbear-initramfs_2022.82-4.1~bpo11+1_all.deb
fb45c6758210811ea16b5b3398349e70961d5fa3d4bb399b47c4aef3d0dfc21a 42548 dropbear-run_2022.82-4.1~bpo11+1_all.deb
a2802d59ce89488707b73a19ff79c1f194cd010603a61f60c98a8e597afd50a5 48676 dropbear_2022.82-4.1~bpo11+1_all.deb
9ae3a3d182695cf18e7d60ca1f3b008ee3d3363ebc53f79c6469e3483aaa99e0 7448 dropbear_2022.82-4.1~bpo11+1_amd64.buildinfo
Files:
9b68ed0362e8024c11eb0544eb0ff394 2622 net optional dropbear_2022.82-4.1~bpo11+1.dsc
20f4d268d5b9f58cdcba6a0f559fda77 34456 net optional dropbear_2022.82-4.1~bpo11+1.debian.tar.xz
07f7910dacad6b68f3e251c209ad2822 507040 debug optional dropbear-bin-dbgsym_2022.82-4.1~bpo11+1_amd64.deb
dbe0b7d1545087288265623d02a6538e 160536 net optional dropbear-bin_2022.82-4.1~bpo11+1_amd64.deb
007c09674ab5294552c486022e8c71ca 49408 net optional dropbear-initramfs_2022.82-4.1~bpo11+1_all.deb
5cab40c66c249087ce8636d037e4e2af 42548 oldlibs optional dropbear-run_2022.82-4.1~bpo11+1_all.deb
d5d63010d3171a2fbeb6a66db322c573 48676 net optional dropbear_2022.82-4.1~bpo11+1_all.deb
b7212fc1e06e092783d0191836709f48 7448 net optional dropbear_2022.82-4.1~bpo11+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmNRTxYACgkQ05pJnDwh
pVLzuRAAy+m61cW1K7Ktf+p8eKx1FuDUGBoB80nH5br+PGu3oQl5B9W3Vj9rLtLU
5TN+IO3soS9EW1dNDTobxRlSjf1N0yIc4ahmAggcxcejw6DAFSqcONlaZHkrMBKS
6jhF73Tv35jluobKl3fAlaVbzFwlEWI32iJpqvU0uTNDXhHw7m0cxHCoZbG0z4qh
tRdSY0Ey23s7rGspOXhqcXyibMvrZY3W5Vd7WgcqBHpphNbmMlBMCQMnmSq4eLH+
sDsxNahT9OUIAAEGeY9WzHoHLtBPfYT4FqozQ8x4upPWdzdMr66D97mZAr0IftwR
WbBmBUjOWPODMjXN7d3cMtmCey9gIdLugiuzspVfA6NfDZiWAcsLFSQMqhDttIYE
1CpXc1sXKvxrbhkxMcXpfIMJPtIVmvDEOs+53HRCohzW8NwbG2AdfZ1rlLn54jI1
y1Sc+vGnpkgaUHz7u0gks5pXRzdMC797HPVzLF6dyQJsLdSTpGsdVK+377eMQMxP
859WNTmInarpycgiAO8sQdqe1omGXbLkY28y8FRYqx4PCZnuJYeh1bqLuo3QZVuN
Z4//5oldmFYXrzjr4XpdTOYPORle67Xt2gQYyPYLDPS1EcMxveVDrqyKVnaa/18g
/Gzk1dRl3tC0pNL1TwOMy3KXlN1r7AHF8WbN7y781ULfazFH0uo=
=0rCo
-----END PGP SIGNATURE-----
Reply to: