summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2008-03-27 10:19:28 +0000
committerMatt Johnston <matt@ucc.asn.au>2008-03-27 10:19:28 +0000
commitb91874cedc1c216797950a98fc8087b2c9635149 (patch)
tree78b707cf226b2e7b3ca7cf9380c2fb15f75735f9
parent6c9d2abc75e7efc3021c22fc18d65ca99344afcd (diff)
Update to debian 0.50-4 diff
--HG-- extra : convert_revision : e28650f207028a45182fc2de545b7bd218d13077
-rw-r--r--debian/README.runit16
-rw-r--r--debian/changelog67
-rw-r--r--debian/control4
-rw-r--r--debian/dropbear.README.Debian55
-rw-r--r--debian/dropbear.init11
-rw-r--r--debian/dropbear.postinst8
-rwxr-xr-xdebian/rules9
7 files changed, 103 insertions, 67 deletions
diff --git a/debian/README.runit b/debian/README.runit
index 4ac2814..0a32176 100644
--- a/debian/README.runit
+++ b/debian/README.runit
@@ -31,16 +31,16 @@ run script
# vi /etc/dropbear/run
-Finally enable the service by linking dropbear's service directory to
-/var/service/. The service will be started within five seconds, and
-automatically at boot time. The sysv init script is disabled; see the
-runsvctrl(8) program for information on how to control services handled by
-runit. See the svlogd(8) program on how to configure the log service.
+Finally enable the service through runit's update-service(8) program, the
+service will be started within five seconds, and automatically at boot
+time, and the sysv init script will automatically be disabled; see the
+sv(8) program for information on how to control services handled by runit.
+See the svlogd(8) program on how to configure the log service.
- # ln -s /etc/dropbear /var/service/
+ # update-service --add /etc/dropbear
Optionally check the status of the service a few seconds later
- # runsvstat -l /var/service/dropbear
+ # sv status dropbear
- -- Gerrit Pape <pape@smarden.org>, Sun, 16 May 2004 15:52:34 +0000
+ -- Gerrit Pape <pape@smarden.org>, Fri, 02 Mar 2007 20:41:08 +0000
diff --git a/debian/changelog b/debian/changelog
index e7d4141..78dcea9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,69 @@
-dropbear (0.50-0.1) unstable; urgency=low
+dropbear (0.50-4) unstable; urgency=low
- * New upstream release.
+ * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB
+ formatted dependency info in init.d script (closes: #466257).
+ * debian/rules: no longer include symlinks for ./supervise/ subdirectories.
+ * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed
+ by runit, remove service, and re-add using update-service(8).
+ * debian/control: Standards-Version: 3.7.3.0.
+ * debian/rules: target clean: don't ignore errors but check for readable
+ ./Makefile.
- -- Matt Johnston <matt@ucc.asn.au> Wed, 8 Aug 2007 11:22:33 +0800
+ -- Gerrit Pape <pape@smarden.org> Thu, 06 Mar 2008 19:06:58 +0000
-dropbear (0.49-0.1) unstable; urgency=low
+dropbear (0.50-3) unstable; urgency=low
- * New upstream release.
+ * debian/dropbear.init: use the update-service(8) program from the runit
+ package instead of directly checking for the symlink in /var/service/.
+ * debian/README.runit: talk about update-service(8) instead of symlinks
+ in /var/service/.
+
+ -- Gerrit Pape <pape@smarden.org> Fri, 15 Feb 2008 00:32:37 +0000
+
+dropbear (0.50-2) unstable; urgency=low
+
+ * debian/dropbear.README.Debian: no longer talk about entropy from
+ /dev/random, /dev/urandom is now used by default (thx Joey Hess,
+ closes: #441515).
+
+ -- Gerrit Pape <pape@smarden.org> Mon, 24 Sep 2007 16:49:17 +0000
+
+dropbear (0.50-1) unstable; urgency=low
+
+ * debian/README.runit: minor.
+ * new upstream version.
+ * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
+ remove; fixed upstream.
+
+ -- Gerrit Pape <pape@smarden.org> Thu, 09 Aug 2007 23:01:01 +0000
+
+dropbear (0.49-2) unstable; urgency=low
+
+ * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of
+ -p0.
+ * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
+ new; options.h: use /dev/urandom instead of /dev/random as
+ DROPBEAR_RANDOM_DEV (closes: #386976).
+ * debian/rules: target clean: remove libtomcrypt/Makefile,
+ libtommath/Makefile.
+
+ -- Gerrit Pape <pape@smarden.org> Sat, 09 Jun 2007 08:59:59 +0000
+
+dropbear (0.49-1) unstable; urgency=high
+
+ * new upstream release, fixes
+ * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey
+ mismatch (closes: #412899).
+ * dbclient uses static "Password:" prompt instead of using the server's
+ prompt (closes: #394996).
+ * debian/control: Suggests: openssh-client, not ssh (closes: #405686);
+ Standards-Version: 3.7.2.2.
+ * debian/README.Debian: ssh -> openssh-server, openssh-client; remove
+ 'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not
+ installing the openssh-server package.
+ * debian/README.runit: runsvstat -> sv status.
- -- Matt Johnston <matt@ucc.asn.au> Fri, 23 Feb 2007 00:44:00 +0900
+ -- Gerrit Pape <pape@smarden.org> Fri, 2 Mar 2007 20:48:18 +0000
dropbear (0.48.1-1) unstable; urgency=medium
diff --git a/debian/control b/debian/control
index 81835b3..e2731f6 100644
--- a/debian/control
+++ b/debian/control
@@ -3,12 +3,12 @@ Section: net
Priority: optional
Maintainer: Gerrit Pape <pape@smarden.org>
Build-Depends: libz-dev
-Standards-Version: 3.6.2.1
+Standards-Version: 3.7.3.0
Package: dropbear
Architecture: any
Depends: ${shlibs:Depends}
-Suggests: ssh, runit
+Suggests: openssh-client, runit
Description: lightweight SSH2 server and client
dropbear is a SSH 2 server and client designed to be small enough to
be used in small memory environments, while still being functional and
diff --git a/debian/dropbear.README.Debian b/debian/dropbear.README.Debian
index 7eec3e6..0ce1874 100644
--- a/debian/dropbear.README.Debian
+++ b/debian/dropbear.README.Debian
@@ -1,52 +1,19 @@
Dropbear for Debian
-------------------
-This package will attempt to listen on port 22. If the OpenSSH
-package ("ssh") is installed, the file /etc/default/dropbear
-will be set up so that the server does not start by default.
+This package will attempt to setup the Dropbear ssh server to listen on
+port 22. If the OpenSSH server package ("openssh-server") is installed,
+the file /etc/default/dropbear will be set up so that the server does not
+start by default.
-You can run Dropbear concurrently with OpenSSH 'sshd' by
-modifying /etc/default/dropbear so that "NO_START" is set to
-"0" and changing the port number that Dropbear runs on. Follow
-the instructions in the file.
+You can run Dropbear concurrently with OpenSSH 'sshd' by modifying
+/etc/default/dropbear so that "NO_START" is set to "0", and changing the
+port number that Dropbear runs on. Follow the instructions in the file.
-This package suggests you install the "ssh" package. This package
-provides the "ssh" client program, as well as the "/usr/bin/scp"
-binary you will need to be able to retrieve files from a server
-running Dropbear via SCP.
-
-Replacing OpenSSH "sshd" with Dropbear
---------------------------------------
-
-You will still want to have the "ssh" package installed, as it
-provides the "ssh" and "scp" binaries. When you install this
-package, it checks for existing OpenSSH host keys and if found,
-converts them to the Dropbear format.
-
-If this appears to have worked, you should be able to change over
-by following these steps:
-
-1. Stop the OpenSSH server
- % /etc/init.d/ssh stop
-2. Prevent the OpenSSH server from starting in the future
- % touch /etc/ssh/sshd_not_to_be_run
-3. Modify the Dropbear defaults file, set NO_START to 0 and
- ensure DROPBEAR_PORT is set to 22.
- % editor /etc/default/dropbear
-4. Restart the Dropbear server.
- % /etc/init.d/dropbear restart
+This package suggests you install the "openssh-client" package, which
+provides the "ssh" client program, as well as the "/usr/bin/scp" binary
+you will need to be able to retrieve files via SCP from a server running
+Dropbear.
See the Dropbear homepage for more information:
http://matt.ucc.asn.au/dropbear/dropbear.html
-
-
-Entropy from /dev/random
-------------------------
-
-The dropbear binary package is configured at compile time to read
-entropy from /dev/random. If /dev/random on a system blocks when
-reading data from it, client logins may be delayed until the client
-times out. The dropbear server writes a notice to the logs when it
-sees /dev/random blocking. A workaround for such systems is to
-re-compile the package with DROPBEAR_RANDOM_DEV set to /dev/urandom
-in options.h.
diff --git a/debian/dropbear.init b/debian/dropbear.init
index ee69076..1705330 100644
--- a/debian/dropbear.init
+++ b/debian/dropbear.init
@@ -1,4 +1,11 @@
#!/bin/sh
+### BEGIN INIT INFO
+# Provides: dropbear
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+### END INIT INFO
#
# Do not configure this file. Edit /etc/default/dropbear instead!
#
@@ -17,8 +24,8 @@ set -e
cancel() { echo "$1" >&2; exit 0; };
test ! -r /etc/default/dropbear || . /etc/default/dropbear
test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
-test ! -h /var/service/dropbear || \
- cancel '/var/service/dropbear exists, service is controlled through runit.'
+test ! -x /usr/sbin/update-service || ! update-service --check dropbear ||
+ cancel 'The dropbear service is controlled through runit, use the sv(8) program'
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
diff --git a/debian/dropbear.postinst b/debian/dropbear.postinst
index e51e2b7..7c95cfa 100644
--- a/debian/dropbear.postinst
+++ b/debian/dropbear.postinst
@@ -69,3 +69,11 @@ if test -x /etc/init.d/dropbear; then
/etc/init.d/dropbear restart
fi
fi
+
+if test -n "$2" && dpkg --compare-versions "$2" lt '0.50-4' &&
+update-service --check dropbear; then
+ update-service --remove /etc/dropbear 2>/dev/null || :
+ sleep 6
+ rm -rf /var/run/dropbear /var/run/dropbear.log
+ update-service --add /etc/dropbear || :
+fi
diff --git a/debian/rules b/debian/rules
index 52c3ea8..605754e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -28,7 +28,7 @@ DIR =$(shell pwd)/debian/dropbear
patch: deb-checkdir patch-stamp
patch-stamp:
for i in `ls -1 debian/diff/*.diff || :`; do \
- patch -p0 <$$i || exit 1; \
+ patch -p1 <$$i || exit 1; \
done
touch patch-stamp
@@ -46,10 +46,11 @@ build-stamp: config.status
touch build-stamp
clean: deb-checkdir deb-checkuid
- -$(MAKE) distclean
+ test ! -r Makefile || $(MAKE) distclean
+ rm -f libtomcrypt/Makefile libtommath/Makefile
test ! -e patch-stamp || \
for i in `ls -1r debian/diff/*.diff || :`; do \
- patch -p0 -R <$$i; \
+ patch -p1 -R <$$i; \
done
rm -f patch-stamp build-stamp config.log config.status
rm -rf '$(DIR)'
@@ -76,8 +77,6 @@ install: deb-checkdir deb-checkuid build-stamp
install -d -m0755 '$(DIR)'/etc/dropbear/log
install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run
ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
- ln -s /var/run/dropbear '$(DIR)'/etc/dropbear/supervise
- ln -s /var/run/dropbear.log '$(DIR)'/etc/dropbear/log/supervise
# man pages
install -d -m0755 '$(DIR)'/usr/share/man/man8
for i in dropbear.8 dropbearkey.8; do \