Bug#1110166: unblock: dropbear/2025.88-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1110166: unblock: dropbear/2025.88-2
From: Adrian Bunk <bunk@debian.org>
Date: Wed, 30 Jul 2025 23:53:40 +0000
Message-id: <[🔎] 175391962031.639756.9830741006422124571.reportbug@localhost>
Reply-to: Adrian Bunk <bunk@debian.org>, 1110166@bugs.debian.org

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: dropbear@packages.debian.org
Control: affects -1 + src:dropbear
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package dropbear

  * d/rules: Build with `--disable-lastlog` as Trixie ships without
    lastlog(8), see #1083102.

It also adds a build dependency on libcrypt-dev,
which is a nop in trixie.

unblock dropbear/2025.88-2

diffstat for dropbear-2025.88 dropbear-2025.88

 changelog |   14 ++++++++++++++
 control   |    1 +
 rules     |    2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff -Nru dropbear-2025.88/debian/changelog dropbear-2025.88/debian/changelog
--- dropbear-2025.88/debian/changelog	2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/changelog	2025-07-09 00:05:41.000000000 +0300
@@ -1,6 +1,20 @@
+dropbear (2025.88-2) unstable; urgency=medium
+
+  [ Guilhem Moulin ]
+  * d/control: Explicitly add `Build-Depends: libcrypt-dev`.
+    (Closes: #1106965)
+
+  [ MichaIng ]
+  * d/rules: Build with `--disable-lastlog` as Trixie ships without
+    lastlog(8), see #1083102.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Tue, 08 Jul 2025 23:05:41 +0200
+
 dropbear (2025.88-1) unstable; urgency=medium
 
   * New upstream security and bugfix release.
+    + Fix CVE-2025-47203: dbclient allows command injection via an untrusted
+      hostname argument, because a shell is used.
   * Update Standards-Version to 4.7.2 (no changes necessary).
 
  -- Guilhem Moulin <guilhem@debian.org>  Wed, 07 May 2025 17:02:27 +0200
diff -Nru dropbear-2025.88/debian/control dropbear-2025.88/debian/control
--- dropbear-2025.88/debian/control	2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/control	2025-07-09 00:05:41.000000000 +0300
@@ -4,6 +4,7 @@
 Maintainer: Guilhem Moulin <guilhem@debian.org>
 Build-Depends: debhelper,
                debhelper-compat (= 13),
+               libcrypt-dev,
                libtomcrypt-dev (>= 1.18.2~),
                libtommath-dev (>= 1.2.0~),
                libz-dev
diff -Nru dropbear-2025.88/debian/rules dropbear-2025.88/debian/rules
--- dropbear-2025.88/debian/rules	2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/rules	2025-07-09 00:05:41.000000000 +0300
@@ -24,7 +24,7 @@
 	dh $@
 
 override_dh_auto_configure:
-	dh_auto_configure -- --disable-bundled-libtom \
+	dh_auto_configure -- --disable-bundled-libtom --disable-lastlog \
 	  CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS)
 
 execute_before_dh_auto_build:

Reply to:

Follow-Ups:
- Processed: unblock: dropbear/2025.88-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Re: Bug#1110166: unblock: dropbear/2025.88-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1110166: unblock: dropbear/2025.88-2
  - From: Paul Gevers <elbrus@debian.org>
- Processed: Re: Bug#1110166: unblock: dropbear/2025.88-2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1110166: marked as done (unblock: dropbear/2025.88-2)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: unblock: dropbear/2025.88-2
Next by Date: Processed: unblock: mimedefang/3.6-2
Previous by thread: Bug#1110165: marked as done (unblock: jose/14-2)
Next by thread: Processed: unblock: dropbear/2025.88-2
Index(es):
- Date
- Thread