CVS commit: pkgsrc/security/ssh-audit

["Dr. Thomas Orgis" <thor%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   thor
Date:           Tue Dec 26 17:30:56 UTC 2023

Modified Files:
        pkgsrc/security/ssh-audit: Makefile distinfo

Log Message:
security/ssh-audit: update to 3.1.0 with patch for terrapin

    upstream changes since 3.0.0:

    v3.2.0-dev (???)

        Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. It now includes
          more rarely found ciphers.

    v3.1.0 (2023-12-20)

        Added test for the Terrapin message prefix truncation vulnerability (CVE-2023-48795).
        Dropped support for Python 3.7 (EOL was reached in June 2023).
        Added Python 3.12 support.
        In server policies, reduced expected DH modulus sizes from 4096 to 3072 to match
          the online hardening guides (note that 3072-bit moduli provide the equivalent of
          128-bit symmetric security).
        In Ubuntu 22.04 client policy, moved host key types sk-ssh-ed25519%openssh.com@localhost and
          ssh-ed25519 to the end of all certificate types.
        Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange
          list changes due to Terrapin vulnerability patches.
        Re-organized option host key types for OpenSSH 9.2 server policy to correspond with
          updated Debian 12 hardening guide.
        Added built-in policies for OpenSSH 9.5 and 9.6.
        Added an additional_notes field to the JSON output.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/ssh-audit/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/ssh-audit/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/ssh-audit/Makefile
diff -u pkgsrc/security/ssh-audit/Makefile:1.5 pkgsrc/security/ssh-audit/Makefile:1.6
--- pkgsrc/security/ssh-audit/Makefile:1.5      Thu Oct 19 12:58:34 2023
+++ pkgsrc/security/ssh-audit/Makefile  Tue Dec 26 17:30:56 2023
@@ -1,6 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2023/10/19 12:58:34 wiz Exp $
+# $NetBSD: Makefile,v 1.6 2023/12/26 17:30:56 thor Exp $
 
-DISTNAME=      ssh-audit-3.0.0
+DISTNAME=      ssh-audit-3.1.0
+# revision 1 because of added patch from upstream
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=jtesta/}
 GITHUB_RELEASE=        v${PKGVERSION_NOREV}

Index: pkgsrc/security/ssh-audit/distinfo
diff -u pkgsrc/security/ssh-audit/distinfo:1.3 pkgsrc/security/ssh-audit/distinfo:1.4
--- pkgsrc/security/ssh-audit/distinfo:1.3      Thu Oct 19 12:58:34 2023
+++ pkgsrc/security/ssh-audit/distinfo  Tue Dec 26 17:30:56 2023
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2023/10/19 12:58:34 wiz Exp $
+$NetBSD: distinfo,v 1.4 2023/12/26 17:30:56 thor Exp $
 
-BLAKE2s (ssh-audit-3.0.0.tar.gz) = 42ea223813f118143e3b29284caf9d640da508a0ba7d8dfd33ead16840a3d1bf
-SHA512 (ssh-audit-3.0.0.tar.gz) = 2fcfc6c8b6737d54894de70dbcf1f800662ca122995c897507c87c73fecad66571b44bc3dfe102ff0dbafd270e537e5e00c7449319f1ee12b90494ee784c0cde
-Size (ssh-audit-3.0.0.tar.gz) = 151667 bytes
+BLAKE2s (ssh-audit-3.1.0.tar.gz) = 65a44a1573eb309986bf7c59425b587b060141b4fdd28594cd62fc8ee3ecdc2e
+SHA512 (ssh-audit-3.1.0.tar.gz) = ea42aa93272cb1881d8c5882b2f68655606fe73f64a708bc0f9f743f14137aab1026eabf10a813f3919de179117c1a9b4c8325d511e25afd60caee273cb32deb
+Size (ssh-audit-3.1.0.tar.gz) = 154296 bytes
+SHA1 (patch-01-upstream-44393c-more-cbc.patch) = 82486cbfd878c7c12cecadfd019b18fe5575c229