-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: dropbear Binary: dropbear-bin, dropbear-run, dropbear-initramfs, dropbear Architecture: any all Version: 2015.68-1 Maintainer: Guilhem Moulin <[email protected]> Uploaders: Gerrit Pape <[email protected]>, Homepage: https://matt.ucc.asn.au/dropbear/dropbear.html Standards-Version: 3.9.6 Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/dropbear.git Vcs-Git: git://anonscm.debian.org/collab-maint/dropbear.git Build-Depends: libz-dev, debhelper (>= 9), dh-exec, dh-autoreconf Package-List: dropbear deb oldlibs extra arch=all dropbear-bin deb net optional arch=any dropbear-initramfs deb net optional arch=any dropbear-run deb net optional arch=any Checksums-Sha1: 42ef0bfd45066bcf641b689f4e92337d2dd5f3bf 1805539 dropbear_2015.68.orig.tar.gz 5fd8f076104fd783178a46fbc024b455a49aef61 17508 dropbear_2015.68-1.debian.tar.xz Checksums-Sha256: e37362515ec09ca59362f4bbb61ff2982aa23028eb161b7eb5ac99e182c14880 1805539 dropbear_2015.68.orig.tar.gz 5cd34aa4f34e33ec3e1bbc39eac461cea05573bdb8cbf47e9d7ba23177ff60fd 17508 dropbear_2015.68-1.debian.tar.xz Files: b58c7852cfceddb8e41005bdc98898a6 1805539 dropbear_2015.68.orig.tar.gz c1054efb70902128a888c806c93a0bf0 17508 dropbear_2015.68-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWGB9LAAoJEPNPCXROn13Z7OkP/RJFHcepLygHxIh0pYoYeMUv PEW8lhRAf95xKfEfAq+kpP4xol92Rk0ei1dssQlpeSPw/IINlZ6Zy2CKnt+OAxnO YuVDDhDw7Cflp7B5TXTySPR7ReDN3oO/gTWnUigfJOHcos2UU3LfBgDaVTC1fwfP llY864HlFViySMHH+n18vFX0pqPcUGB58MONvUUK0rkMRTAQR7at9TRhWCgp3j0I /ePhgMHVANVvdxqaxITnjNPtZM5zpyv65pqV8k+r/skwT40t3/zuxIrOiV3lL1Al b8mcuwGpvzWof6qipINLLXqUQc5ZyDDMV9WeiovQ5WPk4QlOGsIt0WRUlMRhyaK5 P4s9o500T+LOQp62j+xKmWGQKM/pzgSLWlRi6QkJ1HxZv1RBrqFKOPch0NC0ZSK5 1TiCgLLfQfi4Zztu+bNANfb1wuY8Nqh5KYAPkMiKRKBtuijh/59Fnq4tAfDlY5qz NwhXSvwaQ9FNCGU2CUoedjCZchkDdd9FPj+MK9PAuOSLftFFEKVVUzTYaxWumzcZ ar64X8nSl0MDtlRhh89rVcxTYqnG5t2AQqYTE3B+H0MGnCi5KBFFzoWrJZj3HJ8P iUGWxdhZFivTKHbjZLw7N1dd8Gmb1nxzbqao4zPgSkuWXmkeq2Ebg5SOJwSSY47/ fi5DLD9HeEw5BTtA940M =OoJQ -----END PGP SIGNATURE----- Changes: dropbear (2015.68-1) unstable; urgency=low * New co-maintainer. [ Matt Johnston ] * New upstream release. (Closes: #631858, #775222.) [ Guilhem Moulin ] * debian/source/format: 3.0 (quilt) * debian/compat: 9 * debian/control: + Bump Standards-Version to 3.9.6 (no changes necessary). + Add Homepage, Vcs-Git, and Vcs-Browser fields. * debian/copyright: add machine-readable file. * Split up package in dropbear-bin (binaries), dropbear-run (init scripts) and dropbear-initramfs (initramfs integration). 'dropbear' is now a transitional dummy package depending on on dropbear-run and dropbear-initramfs. (Closes: #692932.) * Refactor the package using dh_* tools, including dh_autoreconf. (Closes: #689618, #777324, #793006, #793917.) * Add 'Multi-Arch: foreign' tags. * dropbear-run: + Add a status option to the /etc/init.d script. + Pass key files with -r not -d in /etc/init.d script. (Closes: #761143.) + Post-installation script: Generate missing ECDSA in addition to RSA and DSS host keys. (Closes: #776976.) * dropbear-initramfs: + No longer mark /usr/share/initramfs-tools/conf-hooks.d/dropbear as a configuration file, since it violates the Debian Policy Manual section 10.7.2. (Regression from 2014.64-1.) Instead, move the file to /etc/initramfs-tools/conf-hooks.d/dropbear and add a symlink in /usr/share/initramfs-tools/conf-hooks.d. + Delete debian/initramfs/premount-devpts, since /dev/pts in mounted by init since initramfs-tools 0.94. (Closes: #632656, #797939.) + Auto-generate host keys in the postinstall script, not when runing update-initramfs. Pass the '-R' option (via $PKGOPTION_dropbear_OPTION) for the old behavior. Also, print fingerprint and ASCII art for generated keys (if ssh-keygen is available). + Revert ad2fb1c and remove warning about changing host key. Users shouldn't be encouraged to use the same keys in the encrypted partition and in the initramfs. The proper fix is to use an alternative port or UserKnownHostFile. + Set ~root to `mktemp -d "$DESTDIR/root-XXXXXX"` to avoid collisions with $rootmnt. (Closes: #558115.) + Exit gracefully if $IP is 'none' or 'off'. (Closes: #692932.) + Start dropbear with flag -s to explicitly disable password logins. + Terminate all children before killing dropbear, to avoid stalled SSH connections. (Closes: #735203.) + Run configure_networking in the foreground. (Closes: #584780, #626181, #739519.) + Bring down interfaces and flush IP routes and addresses before exiting the ramdisk, to avoid dirty network configuration in the regular kernel. (Closes: #715048, #720987, #720988.) The interfaces considered are those matching the $DROPBEAR_IFDOWN shell pattern (default: '*'); the special value 'none' keeps all interfaces up and preserves routing tables and addresses. -- Guilhem Moulin <[email protected]> Sat, 03 Oct 2015 20:47:33 +0200