pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/ssh-audit

Module Name:    pkgsrc
Committed By:   he
Date:           Tue Jan  7 16:36:43 UTC 2025

Modified Files:
        pkgsrc/security/ssh-audit: Makefile PLIST distinfo
Removed Files:
        pkgsrc/security/ssh-audit/patches:
            patch-01-upstream-44393c-more-cbc.patch

Log Message:
security/ssh-audit: Update to version 3.3.0.

Pkgsrc changes:
 * Remove upstream patch which is now integrated
 * Checksum updates

Upstream changes:

### v3.3.0 (2024-10-15)
 - Added Python 3.13 support.
 - Added built-in policies for Ubuntu 24.04 LTS server & client,
   OpenSSH 9.8, and OpenSSH 9.9.
 - Added IPv6 support for DHEat and connection rate tests.
 - Added TCP port information to JSON policy scan results; credit
   [Fabian Malte Kopp](https://github.com/dreizehnutters).
 - Added LANcom LCOS server recognition and Ed448 key extraction;
   credit [Daniel Lenski](https://github.com/dlenskiSB).
 - Now reports ECDSA and DSS fingerprints when in verbose mode;
   partial credit [Daniel Lenski](https://github.com/dlenskiSB).
 - Removed CVE information based on server/client version numbers,
   as this was wildly inaccurate (see [this thread]
   (https://github.com/jtesta/ssh-audit/issues/240) for the full
   discussion, as well as the results of the community vote on this
   matter).
 - Fixed crash when running with `-P` and `-T` options simultaneously.
 - Fixed host key tests from only reporting a key type at most once
   despite multiple hosts supporting it; credit [Daniel
   Lenski](https://github.com/dlenskiSB).
 - Fixed DHEat connection rate testing on MacOS X and BSD platforms;
   credit [Drew Noel](https://github.com/drewmnoel) and [Michael
   Osipov](https://github.com/michael-o).
 - Fixed invalid JSON output when a socket error occurs while
   performing a client audit.
 - Fixed `--conn-rate-test` feature on Windows.
 - When scanning multiple targets (using `-T`/`--targets`), the
   `-p`/`--port` option will now be used as the default port (set to
   22 if `-p`/`--port` is not given).  Hosts specified in the file
   can override this default with an explicit port number (i.e.:
   "host1:1234").  For example, when using `-T targets.txt -p 222`,
   all hosts in `targets.txt` that do not explicitly include a port
   number will default to 222; when using `-T targets.txt` (without
   `-p`), all hosts will use a default of 22.
 - Updated built-in server & client policies for Amazon Linux 2023,
   Debian 12, Rocky Linux 9, and Ubuntu 22.04 to improve host key
   efficiency and cipher resistance to quantum attacks.
 - Added 1 new cipher: `grasshopper-ctr128`.
 - Added 2 new key exchanges: `mlkem768x25519-sha256`, `sntrup761x25519-sha512`.

### v3.2.0 (2024-04-22)
 - Added implementation of the DHEat denial-of-service attack (see
   `--dheat` option; [CVE-2002-20001]
   (https://nvd.nist.gov/vuln/detail/CVE-2002-20001)).
 - Expanded filter of CBC ciphers to flag for the Terrapin
   vulnerability.  It now includes more rarely found ciphers.
 - Fixed parsing of `ecdsa-sha2-nistp*` CA signatures on host keys.
   Additionally, they are now flagged as potentially back-doored,
   just as standard host keys are.
 - Gracefully handle rare exceptions (i.e.: crashes) while performing
   GEX tests.
 - The built-in man page (`-m`, `--manual`) is now available on
   Docker, PyPI, and Snap builds, in addition to the Windows build.
 - Snap builds are now architecture-independent.
 - Changed Docker base image from `python:3-slim` to `python:3-alpine`,
   resulting in a 59% reduction in image size; credit [Daniel
   Thamdrup](https://github.com/dallemon).
 - Added built-in policies for Amazon Linux 2023, Debian 12, OpenSSH
   9.7, and Rocky Linux 9.
 - Built-in policies now include a change log (use `-L -v` to view them).
 - Custom policies now support the `allow_algorithm_subset_and_reordering`
   directive to allow targets to pass with a subset and/or re-ordered
   list of host keys, kex, ciphers, and MACs.  This allows for the
   creation of a baseline policy where targets can optionally implement
   stricter controls; partial credit [yannik1015]
   (https://github.com/yannik1015).
 - Custom policies now support the `allow_larger_keys` directive
   to allow targets to pass with larger host keys, CA keys, and
   Diffie-Hellman keys.  This allows for the creation of a baseline
   policy where targets can optionally implement stricter controls;
   partial credit [Damian Szuberski](https://github.com/szubersk).
 - Color output is disabled if the `NO_COLOR` environment variable
   is set (see https://no-color.org/).
 - Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`.
 - Added 1 new cipher: `aes128-ocb%libassh.org@localhost`.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/ssh-audit/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/ssh-audit/PLIST
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/ssh-audit/distinfo
cvs rdiff -u -r1.2 -r0 \
    pkgsrc/security/ssh-audit/patches/patch-01-upstream-44393c-more-cbc.patch

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/security/ssh-audit/Makefile
diff -u pkgsrc/security/ssh-audit/Makefile:1.6 pkgsrc/security/ssh-audit/Makefile:1.7
--- pkgsrc/security/ssh-audit/Makefile:1.6      Tue Dec 26 17:30:56 2023
+++ pkgsrc/security/ssh-audit/Makefile  Tue Jan  7 16:36:43 2025
@@ -1,8 +1,6 @@
-# $NetBSD: Makefile,v 1.6 2023/12/26 17:30:56 thor Exp $
+# $NetBSD: Makefile,v 1.7 2025/01/07 16:36:43 he Exp $
 
-DISTNAME=      ssh-audit-3.1.0
-# revision 1 because of added patch from upstream
-PKGREVISION=   1
+DISTNAME=      ssh-audit-3.3.0
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=jtesta/}
 GITHUB_RELEASE=        v${PKGVERSION_NOREV}

Index: pkgsrc/security/ssh-audit/PLIST
diff -u pkgsrc/security/ssh-audit/PLIST:1.2 pkgsrc/security/ssh-audit/PLIST:1.3
--- pkgsrc/security/ssh-audit/PLIST:1.2 Tue Nov 15 15:08:22 2022
+++ pkgsrc/security/ssh-audit/PLIST     Tue Jan  7 16:36:43 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2022/11/15 15:08:22 fcambus Exp $
+@comment $NetBSD: PLIST,v 1.3 2025/01/07 16:36:43 he Exp $
 bin/ssh-audit
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
@@ -23,6 +23,12 @@ ${PYSITELIB}/ssh_audit/auditconf.pyo
 ${PYSITELIB}/ssh_audit/banner.py
 ${PYSITELIB}/ssh_audit/banner.pyc
 ${PYSITELIB}/ssh_audit/banner.pyo
+${PYSITELIB}/ssh_audit/builtin_policies.py
+${PYSITELIB}/ssh_audit/builtin_policies.pyc
+${PYSITELIB}/ssh_audit/builtin_policies.pyo
+${PYSITELIB}/ssh_audit/dheat.py
+${PYSITELIB}/ssh_audit/dheat.pyc
+${PYSITELIB}/ssh_audit/dheat.pyo
 ${PYSITELIB}/ssh_audit/exitcodes.py
 ${PYSITELIB}/ssh_audit/exitcodes.pyc
 ${PYSITELIB}/ssh_audit/exitcodes.pyo
@@ -92,9 +98,6 @@ ${PYSITELIB}/ssh_audit/timeframe.pyo
 ${PYSITELIB}/ssh_audit/utils.py
 ${PYSITELIB}/ssh_audit/utils.pyc
 ${PYSITELIB}/ssh_audit/utils.pyo
-${PYSITELIB}/ssh_audit/versionvulnerabilitydb.py
-${PYSITELIB}/ssh_audit/versionvulnerabilitydb.pyc
-${PYSITELIB}/ssh_audit/versionvulnerabilitydb.pyo
 ${PYSITELIB}/ssh_audit/writebuf.py
 ${PYSITELIB}/ssh_audit/writebuf.pyc
 ${PYSITELIB}/ssh_audit/writebuf.pyo

Index: pkgsrc/security/ssh-audit/distinfo
diff -u pkgsrc/security/ssh-audit/distinfo:1.5 pkgsrc/security/ssh-audit/distinfo:1.6
--- pkgsrc/security/ssh-audit/distinfo:1.5      Tue Dec 26 17:54:02 2023
+++ pkgsrc/security/ssh-audit/distinfo  Tue Jan  7 16:36:43 2025
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.5 2023/12/26 17:54:02 wiz Exp $
+$NetBSD: distinfo,v 1.6 2025/01/07 16:36:43 he Exp $
 
-BLAKE2s (ssh-audit-3.1.0.tar.gz) = 65a44a1573eb309986bf7c59425b587b060141b4fdd28594cd62fc8ee3ecdc2e
-SHA512 (ssh-audit-3.1.0.tar.gz) = ea42aa93272cb1881d8c5882b2f68655606fe73f64a708bc0f9f743f14137aab1026eabf10a813f3919de179117c1a9b4c8325d511e25afd60caee273cb32deb
-Size (ssh-audit-3.1.0.tar.gz) = 154296 bytes
-SHA1 (patch-01-upstream-44393c-more-cbc.patch) = e30f79188445ef3c96b781962b3a96117503689a
+BLAKE2s (ssh-audit-3.3.0.tar.gz) = 3b929cbb1d569c72fed9c347d1c5e8a802cf8768f77261b88dfd0867f9c04c52
+SHA512 (ssh-audit-3.3.0.tar.gz) = 5be8c2e65ca76f34b425392ee54dc62be7a7bfe00fd567123000278a3c4fcd5fe7f4cab8f1edab5ffb08cb9827303ec1e6605b4d0b0a8b35c210f69a57fc595d
+Size (ssh-audit-3.3.0.tar.gz) = 172808 bytes
Home | Main Index | Thread Index | Old Index