CVS commit: pkgsrc/security/terrapin-scanner

["Amitai Schleier" <schmonz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   schmonz
Date:           Wed Dec 20 16:43:04 UTC 2023

Added Files:
        pkgsrc/security/terrapin-scanner: DESCR Makefile PLIST distinfo

Log Message:
Add terrapin-scanner: Scan SSH servers and clients for Terrapin vulnerability

The Terrapin Vulnerability Scanner is a small utility program written in
Go, which can be used to determine the vulnerability of an SSH client or
server against the Terrapin Attack. The vulnerability scanner requires a
single connection with the peer to gather all supported algorithms.
However, it does not perform a fully fledged SSH key exchange, will
never attempt authentication on a server, and does not perform the
attack in practice. Instead, vulnerability is determined by checking the
supported algorithms and support for known countermeasures (strict key
exchange). This may falsely claim vulnerability in case the peer
supports countermeasures unknown to this tool.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/security/terrapin-scanner/DESCR \
    pkgsrc/security/terrapin-scanner/Makefile \
    pkgsrc/security/terrapin-scanner/PLIST \
    pkgsrc/security/terrapin-scanner/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: pkgsrc/security/terrapin-scanner/DESCR
diff -u /dev/null pkgsrc/security/terrapin-scanner/DESCR:1.1
--- /dev/null   Wed Dec 20 16:43:04 2023
+++ pkgsrc/security/terrapin-scanner/DESCR      Wed Dec 20 16:43:04 2023
@@ -0,0 +1,10 @@
+The Terrapin Vulnerability Scanner is a small utility program written in
+Go, which can be used to determine the vulnerability of an SSH client or
+server against the Terrapin Attack. The vulnerability scanner requires a
+single connection with the peer to gather all supported algorithms.
+However, it does not perform a fully fledged SSH key exchange, will
+never attempt authentication on a server, and does not perform the
+attack in practice. Instead, vulnerability is determined by checking the
+supported algorithms and support for known countermeasures (strict key
+exchange). This may falsely claim vulnerability in case the peer
+supports countermeasures unknown to this tool.
Index: pkgsrc/security/terrapin-scanner/Makefile
diff -u /dev/null pkgsrc/security/terrapin-scanner/Makefile:1.1
--- /dev/null   Wed Dec 20 16:43:04 2023
+++ pkgsrc/security/terrapin-scanner/Makefile   Wed Dec 20 16:43:04 2023
@@ -0,0 +1,15 @@
+# $NetBSD: Makefile,v 1.1 2023/12/20 16:43:04 schmonz Exp $
+
+DISTNAME=      Terrapin-Scanner-1.0.3
+PKGNAME=       ${DISTNAME:tl}
+CATEGORIES=    security
+MASTER_SITES=  ${MASTER_SITE_GITHUB:=RUB-NDS/}
+GITHUB_TAG=    v${PKGVERSION_NOREV}
+
+MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=      https://terrapin-attack.com/
+COMMENT=       Scan SSH servers and clients for Terrapin vulnerability
+LICENSE=       apache-2.0
+
+.include "../../lang/go/go-module.mk"
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/terrapin-scanner/PLIST
diff -u /dev/null pkgsrc/security/terrapin-scanner/PLIST:1.1
--- /dev/null   Wed Dec 20 16:43:04 2023
+++ pkgsrc/security/terrapin-scanner/PLIST      Wed Dec 20 16:43:04 2023
@@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST,v 1.1 2023/12/20 16:43:04 schmonz Exp $
+bin/Terrapin-Scanner
Index: pkgsrc/security/terrapin-scanner/distinfo
diff -u /dev/null pkgsrc/security/terrapin-scanner/distinfo:1.1
--- /dev/null   Wed Dec 20 16:43:04 2023
+++ pkgsrc/security/terrapin-scanner/distinfo   Wed Dec 20 16:43:04 2023
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1 2023/12/20 16:43:04 schmonz Exp $
+
+BLAKE2s (Terrapin-Scanner-1.0.3.tar.gz) = b5988af4581e0bf355413b53726c83c9deb757e6d618c077ff83941a3a901e59
+SHA512 (Terrapin-Scanner-1.0.3.tar.gz) = b64a2d2b67e632a59cb05f0b3597a2146a14294017cc8f015821d3ecbaf2add67f07ddbb13ac2774b845aa86c267f5d2cad099e85f6817c93ff764847cccbc27
+Size (Terrapin-Scanner-1.0.3.tar.gz) = 9470 bytes