Your message dated Thu, 31 Jul 2025 14:10:15 +0000
with message-id <[email protected]>
and subject line unblock dropbear
has caused the Debian Bug report #1110166,
regarding unblock: dropbear/2025.88-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110166
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:dropbear
User: [email protected]
Usertags: unblock
Please unblock package dropbear
* d/rules: Build with `--disable-lastlog` as Trixie ships without
lastlog(8), see #1083102.
It also adds a build dependency on libcrypt-dev,
which is a nop in trixie.
unblock dropbear/2025.88-2
diffstat for dropbear-2025.88 dropbear-2025.88
changelog | 14 ++++++++++++++
control | 1 +
rules | 2 +-
3 files changed, 16 insertions(+), 1 deletion(-)
diff -Nru dropbear-2025.88/debian/changelog dropbear-2025.88/debian/changelog
--- dropbear-2025.88/debian/changelog 2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/changelog 2025-07-09 00:05:41.000000000 +0300
@@ -1,6 +1,20 @@
+dropbear (2025.88-2) unstable; urgency=medium
+
+ [ Guilhem Moulin ]
+ * d/control: Explicitly add `Build-Depends: libcrypt-dev`.
+ (Closes: #1106965)
+
+ [ MichaIng ]
+ * d/rules: Build with `--disable-lastlog` as Trixie ships without
+ lastlog(8), see #1083102.
+
+ -- Guilhem Moulin <[email protected]> Tue, 08 Jul 2025 23:05:41 +0200
+
dropbear (2025.88-1) unstable; urgency=medium
* New upstream security and bugfix release.
+ + Fix CVE-2025-47203: dbclient allows command injection via an untrusted
+ hostname argument, because a shell is used.
* Update Standards-Version to 4.7.2 (no changes necessary).
-- Guilhem Moulin <[email protected]> Wed, 07 May 2025 17:02:27 +0200
diff -Nru dropbear-2025.88/debian/control dropbear-2025.88/debian/control
--- dropbear-2025.88/debian/control 2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/control 2025-07-09 00:05:41.000000000 +0300
@@ -4,6 +4,7 @@
Maintainer: Guilhem Moulin <[email protected]>
Build-Depends: debhelper,
debhelper-compat (= 13),
+ libcrypt-dev,
libtomcrypt-dev (>= 1.18.2~),
libtommath-dev (>= 1.2.0~),
libz-dev
diff -Nru dropbear-2025.88/debian/rules dropbear-2025.88/debian/rules
--- dropbear-2025.88/debian/rules 2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/rules 2025-07-09 00:05:41.000000000 +0300
@@ -24,7 +24,7 @@
dh $@
override_dh_auto_configure:
- dh_auto_configure -- --disable-bundled-libtom \
+ dh_auto_configure -- --disable-bundled-libtom --disable-lastlog \
CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS)
execute_before_dh_auto_build:
--- End Message ---
--- Begin Message ---
Unblocked dropbear.
--- End Message ---
