Forum: >>> Magnum BBS <<<

Bug#1110166: unblock: dropbear/2025.88-2

From Adrian Bunk@21:1/5 to All on Thu Jul 31 02:20:01 2025

XPost: linux.debian.devel.release

This is a multi-part MIME message sent by reportbug.

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:dropbear
User: [email protected]
Usertags: unblock

Please unblock package dropbear

* d/rules: Build with `--disable-lastlog` as Trixie ships without
lastlog(8), see #1083102.

It also adds a build dependency on libcrypt-dev,
which is a nop in trixie.

unblock dropbear/2025.88-2

diffstat for dropbear-2025.88 dropbear-2025.88

changelog | 14 ++++++++++++++
control | 1 +
rules | 2 +-
3 files changed, 16 insertions(+), 1 deletion(-)

diff -Nru dropbear-2025.88/debian/changelog dropbear-2025.88/debian/changelog --- dropbear-2025.88/debian/changelog 2025-05-07 18:02:27.000000000 +0300
+++ dropbear-2025.88/debian/changelog 2025-07-09 00:05:41.000000000 +0300
@@ -1,6 +1,20 @@
+dropbear (2025.88-2) unstable; urgency=medium
+
+ [ Guilhem Moulin ]
+ * d/control: Explicitly add `Build-Depends: libcrypt-dev`.
+ (Closes: #1106965)
+
+ [ MichaIng ]
+ * d/rules: Build with `--disable-lastlog` as Trixie ships without
+ lastlog(8), see #1083102.
+
+ -- Guilhem Moulin <[email protected]> Tue, 08 Jul 2025 23:05:41 +0200
+
dropbear (2025.88-1) unstable; urgency=medium

* New upstream security and bugfix release.
+ + Fix CVE-2025-47203: dbclient allows command injection via an untrusted
+ hostname argument, because a shell is used.
* Update Standards-Version to 4.7.2 (no changes necessary).

-- Guilhem Moulin <[email protected]> Wed, 07 May 2025 17:02:27 +0200
diff -Nru dropbear-2025.88/debian/control dropbear-2025.88/debian/control
--- dropbear-2025.88/debian/control 2025-05-07

From Paul Gevers@21:1/5 to Adrian Bunk on Thu Jul 31 08:50:02 2025

XPost: linux.debian.devel.release
To: [email protected]

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------ze07wc6BPIxRmmZVyS1JSxpX
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

Q29udHJvbDogdGFncyAtMSBtb3JlaW5mbw0KDQpIaSBBZHJpYW4sDQoNCk9uIDMxLTA3LTIw MjUgMDE6NTMsIEFkcmlhbiBCdW5rIHdyb3RlOg0KPiBQbGVhc2UgdW5ibG9jayBwYWNrYWdl IGRyb3BiZWFyDQo+IA0KPiAgICAqIGQvcnVsZXM6IEJ1aWxkIHdpdGggYC0tZGlzYWJsZS1s YXN0bG9nYCBhcyBUcml4aWUgc2hpcHMgd2l0aG91dA0KPiAgICAgIGxhc3Rsb2coOCksIHNl ZSAjMTA4MzEwMi4NCg0KDQpXaGF0IGhhcHBlbnMgaWYgdGhpcyByZWJ1aWxkIG1pc3NlcyB0 cml4aWU/DQoNClBhdWwNCg0K

--------------ze07wc6BPIxRmmZVyS1JSxpX--

-----BEGIN PGP SIGNATURE-----

wsC7BAABCABvBYJoixBICRCcXJnrBb11CkcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmexJcsuy2o9mhhNkXSvLV5hXt2uM4DER2O47htWlZRQ KxYhBFi2bUhza+k7BS3mcpxcmesFvXUKAABcYAgAwNLpQcYXcWzpw/Ad7+JHwfaY n48zSzAYTdAwZBzTtVtXMVK3zv6PtnOMNxhOSg8n1cPyQp0LrJD+v6K5y3lAewC7 0GjvSv9eXnE1i/eMqCbON1EQOQzKc/f86jKRWboAkhOssm0fOwlrEfnlTe5cExv4 iQFLny+UMRWYAdurDu/JEKKhizAAvp4Vxp95TFVTtbguuvMDXTiOYiuOjz+o+PXd SfneoMuAPvcHs3AojqMTxt/UfagYDD5fRObv35vSHAz3jcqJv8ZiZ/2MTIZt/pE1 OUdhI17Vq63eMj2pGiu7Zm+Y4naygWHIAxxAzhnZ77DlhnDtXudd6PTIlXByUA==
=SBIj
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adrian Bunk@21:1/5 to Paul Gevers on Thu Jul 31 12:10:01 2025

XPost: linux.debian.devel.release

Control: tags -1 - moreinfo

On Thu, Jul 31, 2025 at 08:42:16AM +0200, Paul Gevers wrote:

...
On 31-07-2025 01:53, Adrian Bunk wrote:

Please unblock package dropbear

* d/rules: Build with `--disable-lastlog` as Trixie ships without
lastlog(8), see #1083102.

What happens if this rebuild misses trixie?

When the user followed the instructions in the release notes to delete /var/log/lastlog, on each login auth.log would contains lines
dropbear[683948]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory
dropbear[683948]: lastlog_openseek: /var/log/lastlog is not a file or directory!

Paul

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Krenn
  Tue Jun 9 11:18:15 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Tue Jun 9 10:31:07 2026
  from Wales, Uk via Telnet
- Centurion
  Mon Jun 8 23:30:43 2026
  from Berea, Ohio via Telnet
- Centurion
  Mon Jun 8 21:33:11 2026
  from Berea, Ohio via Telnet
- Bob Worm
  Mon Jun 8 20:15:00 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 14:11:46 2026
  from Wales, Uk via Telnet
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	43:30:09
Calls:	12,111
Calls today:	2
Files:	15,008
Messages:	6,518,440

Bug#1110166: unblock: dropbear/2025.88-2

Who's Online

Recent Visitors

System Info