Created by James Westby on 2009-08-05 and last modified on 2015-10-03
Get this branch:
bzr branch lp:debian/dropbear
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

25. By Guilhem Moulin <email address hidden> on 2015-10-03

* New co-maintainer.

[ Matt Johnston ]
* New upstream release. (Closes: #631858, #775222.)

[ Guilhem Moulin ]
* debian/source/format: 3.0 (quilt)
* debian/compat: 9
* debian/control:
  + Bump Standards-Version to 3.9.6 (no changes necessary).
  + Add Homepage, Vcs-Git, and Vcs-Browser fields.
* debian/copyright: add machine-readable file.
* Split up package in dropbear-bin (binaries), dropbear-run (init scripts)
  and dropbear-initramfs (initramfs integration). 'dropbear' is now a
  transitional dummy package depending on on dropbear-run and
  dropbear-initramfs. (Closes: #692932.)
* Refactor the package using dh_* tools, including dh_autoreconf. (Closes:
  #689618, #777324, #793006, #793917.)
* Add 'Multi-Arch: foreign' tags.
* dropbear-run:
  + Add a status option to the /etc/init.d script.
  + Pass key files with -r not -d in /etc/init.d script. (Closes: #761143.)
  + Post-installation script: Generate missing ECDSA in addition to RSA and
    DSS host keys. (Closes: #776976.)
* dropbear-initramfs:
  + No longer mark /usr/share/initramfs-tools/conf-hooks.d/dropbear as a
    configuration file, since it violates the Debian Policy Manual section
    10.7.2. (Regression from 2014.64-1.) Instead, move the file to
    /etc/initramfs-tools/conf-hooks.d/dropbear and add a symlink in
  + Delete debian/initramfs/premount-devpts, since /dev/pts in mounted by
    init since initramfs-tools 0.94. (Closes: #632656, #797939.)
  + Auto-generate host keys in the postinstall script, not when runing
    update-initramfs. Pass the '-R' option (via $PKGOPTION_dropbear_OPTION)
    for the old behavior. Also, print fingerprint and ASCII art for
    generated keys (if ssh-keygen is available).
  + Revert ad2fb1c and remove warning about changing host key. Users
    shouldn't be encouraged to use the same keys in the encrypted partition
    and in the initramfs. The proper fix is to use an alternative port or
  + Set ~root to `mktemp -d "$DESTDIR/root-XXXXXX"` to avoid collisions with
    $rootmnt. (Closes: #558115.)
  + Exit gracefully if $IP is 'none' or 'off'. (Closes: #692932.)
  + Start dropbear with flag -s to explicitly disable password logins.
  + Terminate all children before killing dropbear, to avoid stalled SSH
    connections. (Closes: #735203.)
  + Run configure_networking in the foreground. (Closes: #584780, #626181,
  + Bring down interfaces and flush IP routes and addresses before exiting
    the ramdisk, to avoid dirty network configuration in the regular kernel.
    (Closes: #715048, #720987, #720988.) The interfaces considered are
    those matching the $DROPBEAR_IFDOWN shell pattern (default: '*'); the
    special value 'none' keeps all interfaces up and preserves routing
    tables and addresses.

24. By Gerrit Pape <email address hidden> on 2014-08-11

[ Matt Johnston ]
* New upstream release (closes: #757780).

[ Gerrit Pape ]
* debian/diff/0003-options.h-use-usr-bin-xauth-instead-of...diff:
  remove; applied upstream.
* debian/control: Standards-Version:

23. By Gerrit Pape <email address hidden> on 2014-08-01

[ Matt Johnston ]
* New upstream release (closes: #748826, #756561)..

[ Gerrit Pape ]
* debian/diff/: update.
* debian/initramfs/premount-devpts: apply patch from
  duplicate mount /dev/pts in initramfs (thx Mario 'BitKoenig' Holbe,
  Guy Roussin, closes: #632656).
* debian/dropbear.postinst: apply patch from Karl O. Pinc: dropbear's
  cryptroot setup does not use the system's host keys (closes:
* debian/initramfs/dropbear-hook: apply patch from Karl O. Pinc:
  There is no warning when the cryptroot host key differs from the
  regular host key (closes: #714900).
* debian/dropbear.postrm: apply patch from Karl O. Pinc: dropbear does
  not remove initramfs host keys on package purge (closes: #714945).
* debian/initramfs/premount-dropbear: apply half of patch from
  Robert.Heinzmann: allow option specification for dropbear in
  /etc/initramfs-tools/initramfs.conf (closes: #614981).
* debian/dropbear.conffiles: add
  /usr/share/initramfs-tools/conf-hooks.d/dropbear (thx Karl O. Pinc,
  closes: #715047).
* debian/rules: apply patch from Matthias Klose: please allow the
  package to cross build (closes: #729845).

22. By Gerrit Pape <email address hidden> on 2013-10-25

[ Matt Johnston ]
* New upstream release.

[ Gerrit Pape ]
* debian/diff/0004-cve-2013-4421.diff, 0005-user-disclosure.diff:
  remove; fixed upstream.
* debian/dropbear.postinst: don't fail if initramfs-tools it not
  installed (closes: #692653).

21. By Michael Gilbert <email address hidden> on 2013-10-16

* Non-maintainer upload by the Security Team.
* Fix cve-2013-4421: memory exhaustion issue (closes: #726019).
* Fix timing delays that may reveal whether a user account is valid
  (closes: #726118).

20. By Jeremy Bobbio on 2012-11-08

* Non-maintainer upload.
* Fix initramfs hook when multiple variant of libc are installed.
  All credits due to Helmut Grohne for the report and the solution.
  (Closes: #682964)

19. By Jeremy Bobbio on 2012-09-25

* Non-maintainer upload.
* Unbreak initramfs hook when upgrading from Squeeze.

18. By Jeremy Bobbio on 2012-09-25

* Non-maintainer upload.
* Adjust initramfs hook to work with multi-arch. Initial patch by
  Michael Stapelberg. (Closes: #630581)

17. By Gerrit Pape <email address hidden> on 2012-02-27

* New upstream release.
  * Fix use-after-free bug that could be triggered if command="..."
    authorized_keys restrictions are used. Could allow arbitrary
    code execution or bypass of the command="..." restriction to an
    authenticated user. This bug affects releases 0.52 onwards.
    Ref CVE-2012-0920 (closes: #661150). Thanks to Danny Fullerton
    of Mantor Organization for reporting the bug.

16. By Gerrit Pape <email address hidden> on 2011-11-16

[ Matt Johnston ]
* new upstream release.
  * Added ALLOW_BLANK_PASSWORD option. Dropbear also now allows public
    key logins to accounts with a blank password. Thanks to Rob
    Landley (closes: #555889).
  * Bind to sockets with IPV6_V6ONLY so that it works properly on
    systems regardless of the system-wide setting (closes: #636696).

[ Gerrit Pape ]
* debian/control: Standards-Version:

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.