[Bug 1510837] Re: Sync dropbear 2015.68-1 (universe) from Debian unstable (main)

Angel Abad angelabad at gmail.com
Sun Nov 8 12:26:52 UTC 2015 

This bug was fixed in the package dropbear - 2015.68-1
Sponsored for LocutusOfBorg (costamagnagianfranco)

---------------
dropbear (2015.68-1) unstable; urgency=low

  * New co-maintainer.

  [ Matt Johnston ]
  * New upstream release.  (Closes: #631858, #775222.)

  [ Guilhem Moulin ]
  * debian/source/format: 3.0 (quilt)
  * debian/compat: 9
  * debian/control:
    + Bump Standards-Version to 3.9.6 (no changes necessary).
    + Add Homepage, Vcs-Git, and Vcs-Browser fields.
  * debian/copyright: add machine-readable file.
  * Split up package in dropbear-bin (binaries), dropbear-run (init scripts)
    and dropbear-initramfs (initramfs integration).  'dropbear' is now a
    transitional dummy package depending on on dropbear-run and
    dropbear-initramfs.  (Closes: #692932.)
  * Refactor the package using dh_* tools, including dh_autoreconf.  (Closes:
    #689618, #777324, #793006, #793917.)
  * Add 'Multi-Arch: foreign' tags.
  * dropbear-run:
    + Add a status option to the /etc/init.d script.
    + Pass key files with -r not -d in /etc/init.d script.  (Closes: #761143.)
    + Post-installation script: Generate missing ECDSA in addition to RSA and
      DSS host keys.  (Closes: #776976.)
  * dropbear-initramfs:
    + No longer mark /usr/share/initramfs-tools/conf-hooks.d/dropbear as a
      configuration file, since it violates the Debian Policy Manual section
      10.7.2.  (Regression from 2014.64-1.)  Instead, move the file to
      /etc/initramfs-tools/conf-hooks.d/dropbear and add a symlink in
      /usr/share/initramfs-tools/conf-hooks.d.
    + Delete debian/initramfs/premount-devpts, since /dev/pts in mounted by
      init since initramfs-tools 0.94.  (Closes: #632656, #797939.)
    + Auto-generate host keys in the postinstall script, not when runing
      update-initramfs.  Pass the '-R' option (via $PKGOPTION_dropbear_OPTION)
      for the old behavior.  Also, print fingerprint and ASCII art for
      generated keys (if ssh-keygen is available).
    + Revert ad2fb1c and remove warning about changing host key.  Users
      shouldn't be encouraged to use the same keys in the encrypted partition
      and in the initramfs.  The proper fix is to use an alternative port or
      UserKnownHostFile.
    + Set ~root to `mktemp -d "$DESTDIR/root-XXXXXX"` to avoid collisions with
      $rootmnt.  (Closes: #558115.)
    + Exit gracefully if $IP is 'none' or 'off'.  (Closes: #692932.)
    + Start dropbear with flag -s to explicitly disable password logins.
    + Terminate all children before killing dropbear, to avoid stalled SSH
      connections.  (Closes: #735203.)
    + Run configure_networking in the foreground.  (Closes: #584780, #626181,
      #739519.)
    + Bring down interfaces and flush IP routes and addresses before exiting
      the ramdisk, to avoid dirty network configuration in the regular kernel.
      (Closes: #715048, #720987, #720988.)  The interfaces considered are
      those matching the $DROPBEAR_IFDOWN shell pattern (default: '*'); the
      special value 'none' keeps all interfaces up and preserves routing
      tables and addresses.

 -- Guilhem Moulin <guilhem at guilhem.org>  Sat, 03 Oct 2015 20:47:33
+0200

** Changed in: dropbear (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1510837

Title:
  Sync dropbear 2015.68-1 (universe) from Debian unstable (main)

Status in dropbear package in Ubuntu:
  Fix Released

Bug description:
  Please sync dropbear 2015.68-1 (universe) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)
    * Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)
    * Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)
    * Merge from Debian unstable. (LP: #1355670) Remaining changes:
      + debian/initramfs/premount-devpts, debian/rules: drop the script, this is
        handled by initramfs-tools.
      + debian/initramfs/dropbear-hook: do not install dropbear in the initramfs
        if there's no uncommented line in /etc/crypttab.
      + debian/initramfs/premout-dropbear: fix so that the network configuration
        happens before dropbear takes hold of the network card.
    * Merge from Debian unstable. (LP: #1355670) Remaining changes:
      + debian/initramfs/premount-devpts, debian/rules: drop the script, this is
        handled by initramfs-tools.
      + debian/initramfs/dropbear-hook: do not install dropbear in the initramfs
        if there's no uncommented line in /etc/crypttab.
      + debian/initramfs/premout-dropbear: fix so that the network configuration
        happens before dropbear takes hold of the network card.
    * Fix initramfs hooks so that the network configuration happens before
      dropbear takes hold of the network card. (LP: #363958)
    * Drop premount-devpts script, this is handled by initramfs-tools.
      (LP: #1070992)
    * Do not install dropbear in the initramfs if there's no uncommented line in
      /etc/crypttab.
    * Fix initramfs hooks so that the network configuration happens before
      dropbear takes hold of the network card. (LP: #363958)
    * Drop premount-devpts script, this is handled by initramfs-tools.
      (LP: #1070992)
    * Do not install dropbear in the initramfs if there's no uncommented line in
      /etc/crypttab.
    * Merge from Debian unstable.  Remaining changes: (LP: #1274195)
      - debian/initrmfs/premount-devpts: if /dev/pts is already mounted, don't
        re-mount it.
    * debian/diff/autoconfupdate.diff: dropped, not needed anymore.

  
  with the new release the delta shouldn't be needed anymore

  Changelog entries since current xenial version 2014.65-1ubuntu2:

  dropbear (2015.68-1) unstable; urgency=low

    * New co-maintainer.

    [ Matt Johnston ]
    * New upstream release.  (Closes: #631858, #775222.)

    [ Guilhem Moulin ]
    * debian/source/format: 3.0 (quilt)
    * debian/compat: 9
    * debian/control:
      + Bump Standards-Version to 3.9.6 (no changes necessary).
      + Add Homepage, Vcs-Git, and Vcs-Browser fields.
    * debian/copyright: add machine-readable file.
    * Split up package in dropbear-bin (binaries), dropbear-run (init scripts)
      and dropbear-initramfs (initramfs integration).  'dropbear' is now a
      transitional dummy package depending on on dropbear-run and
      dropbear-initramfs.  (Closes: #692932.)
    * Refactor the package using dh_* tools, including dh_autoreconf.  (Closes:
      #689618, #777324, #793006, #793917.)
    * Add 'Multi-Arch: foreign' tags.
    * dropbear-run:
      + Add a status option to the /etc/init.d script.
      + Pass key files with -r not -d in /etc/init.d script.  (Closes: #761143.)
      + Post-installation script: Generate missing ECDSA in addition to RSA and
        DSS host keys.  (Closes: #776976.)
    * dropbear-initramfs:
      + No longer mark /usr/share/initramfs-tools/conf-hooks.d/dropbear as a
        configuration file, since it violates the Debian Policy Manual section
        10.7.2.  (Regression from 2014.64-1.)  Instead, move the file to
        /etc/initramfs-tools/conf-hooks.d/dropbear and add a symlink in
        /usr/share/initramfs-tools/conf-hooks.d.
      + Delete debian/initramfs/premount-devpts, since /dev/pts in mounted by
        init since initramfs-tools 0.94.  (Closes: #632656, #797939.)
      + Auto-generate host keys in the postinstall script, not when runing
        update-initramfs.  Pass the '-R' option (via $PKGOPTION_dropbear_OPTION)
        for the old behavior.  Also, print fingerprint and ASCII art for
        generated keys (if ssh-keygen is available).
      + Revert ad2fb1c and remove warning about changing host key.  Users
        shouldn't be encouraged to use the same keys in the encrypted partition
        and in the initramfs.  The proper fix is to use an alternative port or
        UserKnownHostFile.
      + Set ~root to `mktemp -d "$DESTDIR/root-XXXXXX"` to avoid collisions with
        $rootmnt.  (Closes: #558115.)
      + Exit gracefully if $IP is 'none' or 'off'.  (Closes: #692932.)
      + Start dropbear with flag -s to explicitly disable password logins.
      + Terminate all children before killing dropbear, to avoid stalled SSH
        connections.  (Closes: #735203.)
      + Run configure_networking in the foreground.  (Closes: #584780, #626181,
        #739519.)
      + Bring down interfaces and flush IP routes and addresses before exiting
        the ramdisk, to avoid dirty network configuration in the regular kernel.
        (Closes: #715048, #720987, #720988.)  The interfaces considered are
        those matching the $DROPBEAR_IFDOWN shell pattern (default: '*'); the
        special value 'none' keeps all interfaces up and preserves routing
        tables and addresses.

   -- Guilhem Moulin <guilhem at guilhem.org>  Sat, 03 Oct 2015 20:47:33
  +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1510837/+subscriptions

More information about the Ubuntu-sponsors mailing list