[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1110166: marked as done (unblock: dropbear/2025.88-2)

Your message dated Thu, 31 Jul 2025 14:10:15 +0000
with message-id <E1uhTz5-004Vwz-2J@respighi.debian.org>
and subject line unblock dropbear
has caused the Debian Bug report #1110166,
regarding unblock: dropbear/2025.88-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1110166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110166
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: dropbear@packages.debian.org
Control: affects -1 + src:dropbear
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package dropbear

  * d/rules: Build with `--disable-lastlog` as Trixie ships without
    lastlog(8), see #1083102.

It also adds a build dependency on libcrypt-dev,
which is a nop in trixie.

unblock dropbear/2025.88-2

diffstat for dropbear-2025.88 dropbear-2025.88

 changelog |   14 ++++++++++++++
 control   |    1 +
 rules     |    2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff -Nru dropbear-2025.88/debian/changelog dropbear-2025.88/debian/changelog
--- dropbear-2025.88/debian/changelog	2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/changelog	2025-07-09 00:05:41.000000000 +0300
@@ -1,6 +1,20 @@
+dropbear (2025.88-2) unstable; urgency=medium
+
+  [ Guilhem Moulin ]
+  * d/control: Explicitly add `Build-Depends: libcrypt-dev`.
+    (Closes: #1106965)
+
+  [ MichaIng ]
+  * d/rules: Build with `--disable-lastlog` as Trixie ships without
+    lastlog(8), see #1083102.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Tue, 08 Jul 2025 23:05:41 +0200
+
 dropbear (2025.88-1) unstable; urgency=medium
 
   * New upstream security and bugfix release.
+    + Fix CVE-2025-47203: dbclient allows command injection via an untrusted
+      hostname argument, because a shell is used.
   * Update Standards-Version to 4.7.2 (no changes necessary).
 
  -- Guilhem Moulin <guilhem@debian.org>  Wed, 07 May 2025 17:02:27 +0200
diff -Nru dropbear-2025.88/debian/control dropbear-2025.88/debian/control
--- dropbear-2025.88/debian/control	2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/control	2025-07-09 00:05:41.000000000 +0300
@@ -4,6 +4,7 @@
 Maintainer: Guilhem Moulin <guilhem@debian.org>
 Build-Depends: debhelper,
                debhelper-compat (= 13),
+               libcrypt-dev,
                libtomcrypt-dev (>= 1.18.2~),
                libtommath-dev (>= 1.2.0~),
                libz-dev
diff -Nru dropbear-2025.88/debian/rules dropbear-2025.88/debian/rules
--- dropbear-2025.88/debian/rules	2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/rules	2025-07-09 00:05:41.000000000 +0300
@@ -24,7 +24,7 @@
 	dh $@
 
 override_dh_auto_configure:
-	dh_auto_configure -- --disable-bundled-libtom \
+	dh_auto_configure -- --disable-bundled-libtom --disable-lastlog \
 	  CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS)
 
 execute_before_dh_auto_build:

--- End Message ---
--- Begin Message --- 
Unblocked dropbear.

--- End Message ---
Reply to: