Accepted dropbear 2022.82-4.1~bpo11+1 (source amd64 all) into bullseye-backports

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Oct 2022 15:23:20 +0200
Source: dropbear
Binary: dropbear dropbear-bin dropbear-bin-dbgsym dropbear-initramfs dropbear-run
Architecture: source amd64 all
Version: 2022.82-4.1~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear   - lightweight SSH2 server and client - startup scripts
 dropbear-bin - lightweight SSH2 server and client - command line tools
 dropbear-initramfs - lightweight SSH2 server and client - initramfs integration
 dropbear-run - transitional dummy package for dropbear
Closes: 903403 907082 955384 958526 962132 1003951 1017876
Changes:
 dropbear (2022.82-4.1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
   * d/gbp.conf: Set debian-branch to ‘debian/bullseye-backports’.
 .
 dropbear (2022.82-4) unstable; urgency=medium
 .
   [ Guilhem Moulin ]
   * d/rules: Inspect DEB_BUILD_* with $(filter ,) not $(findstring ,).
   * Salsa CI: Remove default configuration file.
   * Update standards version to 4.6.1, no changes needed.
   * d/t/remote-unlocking: Mask systemd-firstboot.service to fix debci with
     systemd 251.5-1.
   * d/copyright: typofix.
   * Refresh lintian overrides to accommodate lintian v2.115.
 .
   [ Steve Langasek ]
   * DEP-8: Call mkdir with -p to fix autopkgtest on Ubuntu. (Closes: #1017876)
 .
 dropbear (2022.82-3) unstable; urgency=low
 .
   * d/t/upstream-tests: Set DBTEST_IN_ACTION=true so we don't skip
     test_svrauth.py.
   * d/t/upstream-tests: Guard against direct use.
   * d/dropbear.preinst: Also migrate *unmodified* /etc/default/dropbear from
     Jessie, Stretch, and Buster to conffile.  Existing files were never
     touched by postinst, so it makes sense to migrate known stock versions
     older than Bullseye.
   * d/t/remote-unlocking: Don't look for swap in the validation phase as doing
     so is racy.
   * d/patches: Fix FTBFS on hurd-i386.
   * Add d/u/metadata.
   * d/dropbear.postrm: Minor quoting improvements
   * d/t/control: Improve comment in remote-unlocking test.
 .
 dropbear (2022.82-2) unstable; urgency=medium
 .
   * d/dropbear.postrm: Remove redundant `rm` call.
   * d/t/upstream-tests: Run pytest in ./test.
   * d/p: Raise connection delay in test/test_channels.py to make it pass on
     slower machines (such as the armhf debci runners).
 .
 dropbear (2022.82-1) unstable; urgency=medium
 .
   [ Matt Johnston ]
   * New upstream release 2022.82.  Highlights include:
     - dropbearconvert(1): Support converting from OpenSSH (>=7.8) private key
       format (closes: #955384), and convert to that format rather than PEM
     - Reworked -v verbose printing, specifying multiple times will increase
       verbosity.
     - Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in
       authorized_keys(5).
     - Use a separate $PATH when logging in as root (closes: #903403).
     - Disable dh-group1 key exchange by default. It has been disabled server
       side by default since 2018.76-1.
     - Removed Twofish cipher.
 .
   [ Lee Garrett ]
   * initramfs script configuration: Add quotes to indicate they're required.
     (Closes: #1003951)
 .
   [ Guilhem Moulin ]
   * Add missing build dependency on dh addon.
   * initramfs script configuration: Clarify that assignment follow shell
     semantics.
   * d/gbp.conf: Add upstream VCS tag as additional parent to upstream/$VERSION.
   * Run wrap-and-sort(1).
   * Fix autopkgtest for non-sid suites.
   * Create localoptions.h in d/rules not from d/patches.
   * d/localoptions.h: Hardcode PATH environment variable when a regular user
     resp. the superuser logs in to the login.defs(5) default values, namely
     "/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" resp.
     "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin".
   * d/tests: Run the upstream test suite as a DEP-8 test.  We skip it at build
     time since it needs access to ~/.ssh which is forbidden in the build
     environment.
   * Update d/copyright.
   * d/rules: Remove useless override_dh_installinit target and rename
     d/dropbear.dropbear.init to d/dropbear.init.
   * d/dropbear.init: Put PID file in /run not /var/run.
   * d/dropbear.init: Minor refactoring.
   * d/dropbear.postinst: Replace deprecated which(1) calls with `command -v`.
   * d/dropbear.postinst: Also convert OpenSSH keys in new format since
     dropbearconvert(1) can now convert those.
   * Remove d/README.Debian.diet from 'dropbear-bin' documentation.
   * Install README.Debian in 'dropbear' package not 'dropbear-bin'.
   * Minor d/dropbear.README.Debian improvement.
   * d/control: Improve package description.
   * Add systemd.service(5) file.
   * /etc/default/dropbear: Breaking changes to accommodate the
     systemd.service(5) logic:
     + Drop support for NO_START=1 (one needs to manually disable the service
       or remove the package instead); and
     + Drop support for DROPBEAR_*KEY and DROPBEAR_BANNER (one needs to use
       DROPBEAR_EXTRA_ARGS with the adequate dropbear(8) instead instead).
   * Handle /etc/default/dropbear as a conffile instead of letting postinst
     create it.
 .
 dropbear (2020.81-5) unstable; urgency=medium
 .
   * d/t/remote-unlocking: Replace QEMU's deprecated short-form boolean options.
   * d/t/remote-unlocking: Set cache=unsafe on the target drive.
   * d/t/remote-unlocking: Use apt-get indextargets's Repo-URI not its URI.
   * d/t/remote-unlocking: Ensure the current version of the package is
     available.
   * d/t/remote-unlocking: Replace linux-image-amd64 with linux-image-generic.
   * d/t/remote-unlocking: Set 'size=256' in crypttab(5).
   * d/t/remote-unlocking: Fix APT Repo-URI scheme.
   * d/rules: Replace manual call to dh_link with a new d/dropbear.links file.
   * d/copyright: Set field Upstream-Name.
   * Refresh lintian overrides to accommodate lintian v2.114.
 .
 dropbear (2020.81-4) unstable; urgency=low
 .
   * d/control: Remove <pape> from Uploaders. Thanks to gerrit for their work
     on the dropbear package! (Closes: #907082)
   * d/control: dropbear: Demote 'dropbear-initramfs' to Suggests.
     (Closes: #962132)
   * d/control: Bump Standards-Version to 4.6.0 (no changes necessary).
   * initramfs boot script: Don't exit when IP={none,off}. (Closes: #958526)
   * Rename /etc/dropbear-initramfs to /etc/dropbear/initramfs, and
     /etc/dropbear-initramfs/config to /etc/dropbear/initramfs/dropbear.conf.
   * d/t/on-lvm-and-luks: Near-complete rewrite:
     - Adjust partition sizes to account for the current needs of the distro.
     - Set 'Architecture: amd64' to properly skip the test on other
       architectures.
     - Run mmdebstrap(1) with --mode=auto instead of --mode=root.  This uses
       --mode=unshare when kernel.unprivileged_userns_clone is set to 1,
       otherwise --mode=fakeroot (#944929 is now fixed)
     - Consolidate style.
     - Ensure we're testing the current dropbear-initramfs version.
     - Use KVM acceleration when possible.  Also, try to create /dev/kvm if
       missing (for instance in a chroot where /dev is not managed by udev).
     - Raise timeout values so the test has a chance to complete when KVM is
       not supported/used.
     - Adjust copyright.
     - Replace 'Depends: libguestfs-tools, sleepenh, time' with 'Depends:
       cryptsetup-initramfs, fdisk, initramfs-tools-core, lvm2'.  Instead of
       using guestfish(1) to set up a first system which is in turn used to set
       up the target system, we build a custom initramfs image containing the
       required dependencies, boot into it and entirely set up the target
       system from there.
     - Unconditionally dump (in real time) the guest's serial console into the
       standard output.  Before it was only done upon error.
     - Use a random key file instead of a hardcoded/pre-chosen passphrase.
     - Restrict the guest's ability to reach external hosts.
     - Assign static addresses under 10.0.2.128/25 instead of using DHCP.  That
       way we don't have to include 'isc-dhcp-client' in the debootstrap chroot.
     - Use dropbear instead of OpenSSH in the main system as well, not just in
       the initramfs.  After all we're testing dropbear here :-)
     - Instead of having the root and swap (resume) devices each in its own LV
       held by a LUKS device, we put the root FS directly on the root device,
       and add a new plain dm-crypt partition for a transient swap device.
       This removes 'Depends: lvm2'.  Consequently, the test is renamed to
       'remote-unlocking'.
Checksums-Sha1:
 56962e7d6fdfb26d346dc82d4a5dd420dd256de3 2622 dropbear_2022.82-4.1~bpo11+1.dsc
 eb60ba26716f9c970ec7e29e7a6d3b5794c881f5 34456 dropbear_2022.82-4.1~bpo11+1.debian.tar.xz
 89b00f9e3387f6c47abcd41793c7af2225eb0a8e 507040 dropbear-bin-dbgsym_2022.82-4.1~bpo11+1_amd64.deb
 51b2d42716a6f6ed956fc3f83bed1aa9cd69b1ff 160536 dropbear-bin_2022.82-4.1~bpo11+1_amd64.deb
 525db1d44bf534deefe986d13ff838354e5caa27 49408 dropbear-initramfs_2022.82-4.1~bpo11+1_all.deb
 dfcc9f6c4f3af932df4921dba5c03f920632116d 42548 dropbear-run_2022.82-4.1~bpo11+1_all.deb
 018a13279083e497db73439760f992bdb6526313 48676 dropbear_2022.82-4.1~bpo11+1_all.deb
 eef70a6e2ddfa9669729aa95cf043960f0e80d9a 7448 dropbear_2022.82-4.1~bpo11+1_amd64.buildinfo
Checksums-Sha256:
 401d02b868ebcbc99e4b3cfa4346c25696c118eedea9e9e03a881b4557a12e93 2622 dropbear_2022.82-4.1~bpo11+1.dsc
 6d0117275d48444893c515f595b8692912774152ba8c77305588a4a1172684fd 34456 dropbear_2022.82-4.1~bpo11+1.debian.tar.xz
 1dabddba8ca2bec0c0c8017217851a36825173eb1733f2e1ceec322e38eecdcb 507040 dropbear-bin-dbgsym_2022.82-4.1~bpo11+1_amd64.deb
 0de7f8c5acae126b5c0c972cb63cbc70b6f88b6387787cd3a738d21509f836cf 160536 dropbear-bin_2022.82-4.1~bpo11+1_amd64.deb
 e93ddf7b25ef31e6de201c3ab9c024077d374ee6019a156e35d0d1f7383b4320 49408 dropbear-initramfs_2022.82-4.1~bpo11+1_all.deb
 fb45c6758210811ea16b5b3398349e70961d5fa3d4bb399b47c4aef3d0dfc21a 42548 dropbear-run_2022.82-4.1~bpo11+1_all.deb
 a2802d59ce89488707b73a19ff79c1f194cd010603a61f60c98a8e597afd50a5 48676 dropbear_2022.82-4.1~bpo11+1_all.deb
 9ae3a3d182695cf18e7d60ca1f3b008ee3d3363ebc53f79c6469e3483aaa99e0 7448 dropbear_2022.82-4.1~bpo11+1_amd64.buildinfo
Files:
 9b68ed0362e8024c11eb0544eb0ff394 2622 net optional dropbear_2022.82-4.1~bpo11+1.dsc
 20f4d268d5b9f58cdcba6a0f559fda77 34456 net optional dropbear_2022.82-4.1~bpo11+1.debian.tar.xz
 07f7910dacad6b68f3e251c209ad2822 507040 debug optional dropbear-bin-dbgsym_2022.82-4.1~bpo11+1_amd64.deb
 dbe0b7d1545087288265623d02a6538e 160536 net optional dropbear-bin_2022.82-4.1~bpo11+1_amd64.deb
 007c09674ab5294552c486022e8c71ca 49408 net optional dropbear-initramfs_2022.82-4.1~bpo11+1_all.deb
 5cab40c66c249087ce8636d037e4e2af 42548 oldlibs optional dropbear-run_2022.82-4.1~bpo11+1_all.deb
 d5d63010d3171a2fbeb6a66db322c573 48676 net optional dropbear_2022.82-4.1~bpo11+1_all.deb
 b7212fc1e06e092783d0191836709f48 7448 net optional dropbear_2022.82-4.1~bpo11+1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmNRTxYACgkQ05pJnDwh
pVLzuRAAy+m61cW1K7Ktf+p8eKx1FuDUGBoB80nH5br+PGu3oQl5B9W3Vj9rLtLU
5TN+IO3soS9EW1dNDTobxRlSjf1N0yIc4ahmAggcxcejw6DAFSqcONlaZHkrMBKS
6jhF73Tv35jluobKl3fAlaVbzFwlEWI32iJpqvU0uTNDXhHw7m0cxHCoZbG0z4qh
tRdSY0Ey23s7rGspOXhqcXyibMvrZY3W5Vd7WgcqBHpphNbmMlBMCQMnmSq4eLH+
sDsxNahT9OUIAAEGeY9WzHoHLtBPfYT4FqozQ8x4upPWdzdMr66D97mZAr0IftwR
WbBmBUjOWPODMjXN7d3cMtmCey9gIdLugiuzspVfA6NfDZiWAcsLFSQMqhDttIYE
1CpXc1sXKvxrbhkxMcXpfIMJPtIVmvDEOs+53HRCohzW8NwbG2AdfZ1rlLn54jI1
y1Sc+vGnpkgaUHz7u0gks5pXRzdMC797HPVzLF6dyQJsLdSTpGsdVK+377eMQMxP
859WNTmInarpycgiAO8sQdqe1omGXbLkY28y8FRYqx4PCZnuJYeh1bqLuo3QZVuN
Z4//5oldmFYXrzjr4XpdTOYPORle67Xt2gQYyPYLDPS1EcMxveVDrqyKVnaa/18g
/Gzk1dRl3tC0pNL1TwOMy3KXlN1r7AHF8WbN7y781ULfazFH0uo=
=0rCo
-----END PGP SIGNATURE-----