# HG changeset patch # User Matt Johnston # Date 1206613176 0 # Node ID 271887c81c07a55111e0cf7d6e303a064d141418 # Parent 706e234212d09cc9a8be4b6aaeea95fe439be49b# Parent 8c2d2edadf2a22fc85b246eeb9bb013ace02f7dc merge of '9879f7138f243bb2077a06e4c9ea925fa34abe2b' and 'e28650f207028a45182fc2de545b7bd218d13077' diff -r 706e234212d0 -r 271887c81c07 debian/README.runit --- a/debian/README.runit Sat Mar 01 02:01:35 2008 +0000 +++ b/debian/README.runit Thu Mar 27 10:19:36 2008 +0000 @@ -31,16 +31,16 @@ # vi /etc/dropbear/run -Finally enable the service by linking dropbear's service directory to -/var/service/. The service will be started within five seconds, and -automatically at boot time. The sysv init script is disabled; see the -runsvctrl(8) program for information on how to control services handled by -runit. See the svlogd(8) program on how to configure the log service. +Finally enable the service through runit's update-service(8) program, the +service will be started within five seconds, and automatically at boot +time, and the sysv init script will automatically be disabled; see the +sv(8) program for information on how to control services handled by runit. +See the svlogd(8) program on how to configure the log service. - # ln -s /etc/dropbear /var/service/ + # update-service --add /etc/dropbear Optionally check the status of the service a few seconds later - # runsvstat -l /var/service/dropbear + # sv status dropbear - -- Gerrit Pape , Sun, 16 May 2004 15:52:34 +0000 + -- Gerrit Pape , Fri, 02 Mar 2007 20:41:08 +0000 diff -r 706e234212d0 -r 271887c81c07 debian/changelog --- a/debian/changelog Sat Mar 01 02:01:35 2008 +0000 +++ b/debian/changelog Thu Mar 27 10:19:36 2008 +0000 @@ -1,14 +1,69 @@ -dropbear (0.50-0.1) unstable; urgency=low +dropbear (0.50-4) unstable; urgency=low + + * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB + formatted dependency info in init.d script (closes: #466257). + * debian/rules: no longer include symlinks for ./supervise/ subdirectories. + * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed + by runit, remove service, and re-add using update-service(8). + * debian/control: Standards-Version: 3.7.3.0. + * debian/rules: target clean: don't ignore errors but check for readable + ./Makefile. + + -- Gerrit Pape Thu, 06 Mar 2008 19:06:58 +0000 + +dropbear (0.50-3) unstable; urgency=low - * New upstream release. + * debian/dropbear.init: use the update-service(8) program from the runit + package instead of directly checking for the symlink in /var/service/. + * debian/README.runit: talk about update-service(8) instead of symlinks + in /var/service/. + + -- Gerrit Pape Fri, 15 Feb 2008 00:32:37 +0000 - -- Matt Johnston Wed, 8 Aug 2007 11:22:33 +0800 +dropbear (0.50-2) unstable; urgency=low + + * debian/dropbear.README.Debian: no longer talk about entropy from + /dev/random, /dev/urandom is now used by default (thx Joey Hess, + closes: #441515). + + -- Gerrit Pape Mon, 24 Sep 2007 16:49:17 +0000 + +dropbear (0.50-1) unstable; urgency=low -dropbear (0.49-0.1) unstable; urgency=low + * debian/README.runit: minor. + * new upstream version. + * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: + remove; fixed upstream. + + -- Gerrit Pape Thu, 09 Aug 2007 23:01:01 +0000 + +dropbear (0.49-2) unstable; urgency=low + + * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of + -p0. + * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff: + new; options.h: use /dev/urandom instead of /dev/random as + DROPBEAR_RANDOM_DEV (closes: #386976). + * debian/rules: target clean: remove libtomcrypt/Makefile, + libtommath/Makefile. - * New upstream release. + -- Gerrit Pape Sat, 09 Jun 2007 08:59:59 +0000 + +dropbear (0.49-1) unstable; urgency=high - -- Matt Johnston Fri, 23 Feb 2007 00:44:00 +0900 + * new upstream release, fixes + * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey + mismatch (closes: #412899). + * dbclient uses static "Password:" prompt instead of using the server's + prompt (closes: #394996). + * debian/control: Suggests: openssh-client, not ssh (closes: #405686); + Standards-Version: 3.7.2.2. + * debian/README.Debian: ssh -> openssh-server, openssh-client; remove + 'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not + installing the openssh-server package. + * debian/README.runit: runsvstat -> sv status. + + -- Gerrit Pape Fri, 2 Mar 2007 20:48:18 +0000 dropbear (0.48.1-1) unstable; urgency=medium diff -r 706e234212d0 -r 271887c81c07 debian/control --- a/debian/control Sat Mar 01 02:01:35 2008 +0000 +++ b/debian/control Thu Mar 27 10:19:36 2008 +0000 @@ -3,12 +3,12 @@ Priority: optional Maintainer: Gerrit Pape Build-Depends: libz-dev -Standards-Version: 3.6.2.1 +Standards-Version: 3.7.3.0 Package: dropbear Architecture: any Depends: ${shlibs:Depends} -Suggests: ssh, runit +Suggests: openssh-client, runit Description: lightweight SSH2 server and client dropbear is a SSH 2 server and client designed to be small enough to be used in small memory environments, while still being functional and diff -r 706e234212d0 -r 271887c81c07 debian/dropbear.README.Debian --- a/debian/dropbear.README.Debian Sat Mar 01 02:01:35 2008 +0000 +++ b/debian/dropbear.README.Debian Thu Mar 27 10:19:36 2008 +0000 @@ -1,52 +1,19 @@ Dropbear for Debian ------------------- -This package will attempt to listen on port 22. If the OpenSSH -package ("ssh") is installed, the file /etc/default/dropbear -will be set up so that the server does not start by default. - -You can run Dropbear concurrently with OpenSSH 'sshd' by -modifying /etc/default/dropbear so that "NO_START" is set to -"0" and changing the port number that Dropbear runs on. Follow -the instructions in the file. - -This package suggests you install the "ssh" package. This package -provides the "ssh" client program, as well as the "/usr/bin/scp" -binary you will need to be able to retrieve files from a server -running Dropbear via SCP. - -Replacing OpenSSH "sshd" with Dropbear --------------------------------------- +This package will attempt to setup the Dropbear ssh server to listen on +port 22. If the OpenSSH server package ("openssh-server") is installed, +the file /etc/default/dropbear will be set up so that the server does not +start by default. -You will still want to have the "ssh" package installed, as it -provides the "ssh" and "scp" binaries. When you install this -package, it checks for existing OpenSSH host keys and if found, -converts them to the Dropbear format. - -If this appears to have worked, you should be able to change over -by following these steps: +You can run Dropbear concurrently with OpenSSH 'sshd' by modifying +/etc/default/dropbear so that "NO_START" is set to "0", and changing the +port number that Dropbear runs on. Follow the instructions in the file. -1. Stop the OpenSSH server - % /etc/init.d/ssh stop -2. Prevent the OpenSSH server from starting in the future - % touch /etc/ssh/sshd_not_to_be_run -3. Modify the Dropbear defaults file, set NO_START to 0 and - ensure DROPBEAR_PORT is set to 22. - % editor /etc/default/dropbear -4. Restart the Dropbear server. - % /etc/init.d/dropbear restart +This package suggests you install the "openssh-client" package, which +provides the "ssh" client program, as well as the "/usr/bin/scp" binary +you will need to be able to retrieve files via SCP from a server running +Dropbear. See the Dropbear homepage for more information: http://matt.ucc.asn.au/dropbear/dropbear.html - - -Entropy from /dev/random ------------------------- - -The dropbear binary package is configured at compile time to read -entropy from /dev/random. If /dev/random on a system blocks when -reading data from it, client logins may be delayed until the client -times out. The dropbear server writes a notice to the logs when it -sees /dev/random blocking. A workaround for such systems is to -re-compile the package with DROPBEAR_RANDOM_DEV set to /dev/urandom -in options.h. diff -r 706e234212d0 -r 271887c81c07 debian/dropbear.init --- a/debian/dropbear.init Sat Mar 01 02:01:35 2008 +0000 +++ b/debian/dropbear.init Thu Mar 27 10:19:36 2008 +0000 @@ -1,4 +1,11 @@ #!/bin/sh +### BEGIN INIT INFO +# Provides: dropbear +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +### END INIT INFO # # Do not configure this file. Edit /etc/default/dropbear instead! # @@ -17,8 +24,8 @@ cancel() { echo "$1" >&2; exit 0; }; test ! -r /etc/default/dropbear || . /etc/default/dropbear test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable." -test ! -h /var/service/dropbear || \ - cancel '/var/service/dropbear exists, service is controlled through runit.' +test ! -x /usr/sbin/update-service || ! update-service --check dropbear || + cancel 'The dropbear service is controlled through runit, use the sv(8) program' test -z "$DROPBEAR_BANNER" || \ DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" diff -r 706e234212d0 -r 271887c81c07 debian/dropbear.postinst --- a/debian/dropbear.postinst Sat Mar 01 02:01:35 2008 +0000 +++ b/debian/dropbear.postinst Thu Mar 27 10:19:36 2008 +0000 @@ -69,3 +69,11 @@ /etc/init.d/dropbear restart fi fi + +if test -n "$2" && dpkg --compare-versions "$2" lt '0.50-4' && +update-service --check dropbear; then + update-service --remove /etc/dropbear 2>/dev/null || : + sleep 6 + rm -rf /var/run/dropbear /var/run/dropbear.log + update-service --add /etc/dropbear || : +fi diff -r 706e234212d0 -r 271887c81c07 debian/rules --- a/debian/rules Sat Mar 01 02:01:35 2008 +0000 +++ b/debian/rules Thu Mar 27 10:19:36 2008 +0000 @@ -28,7 +28,7 @@ patch: deb-checkdir patch-stamp patch-stamp: for i in `ls -1 debian/diff/*.diff || :`; do \ - patch -p0 <$$i || exit 1; \ + patch -p1 <$$i || exit 1; \ done touch patch-stamp @@ -46,10 +46,11 @@ touch build-stamp clean: deb-checkdir deb-checkuid - -$(MAKE) distclean + test ! -r Makefile || $(MAKE) distclean + rm -f libtomcrypt/Makefile libtommath/Makefile test ! -e patch-stamp || \ for i in `ls -1r debian/diff/*.diff || :`; do \ - patch -p0 -R <$$i; \ + patch -p1 -R <$$i; \ done rm -f patch-stamp build-stamp config.log config.status rm -rf '$(DIR)' @@ -76,8 +77,6 @@ install -d -m0755 '$(DIR)'/etc/dropbear/log install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main - ln -s /var/run/dropbear '$(DIR)'/etc/dropbear/supervise - ln -s /var/run/dropbear.log '$(DIR)'/etc/dropbear/log/supervise # man pages install -d -m0755 '$(DIR)'/usr/share/man/man8 for i in dropbear.8 dropbearkey.8; do \