ssh-audit was imported

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: ssh-audit was imported
From: Dr. Thomas Orgis <thomas.orgis%uni-hamburg.de@localhost>
Date: Tue, 26 Dec 2023 17:34:06 +0000
Module Name:	pkgsrc-wip
Committed By:	Dr. Thomas Orgis <thomas.orgis%uni-hamburg.de@localhost>
Pushed By:	thor
Date:		Tue Dec 26 18:34:06 2023 +0100
Changeset:	813647ff1df244cafe4ac3038953801943734529

Modified Files:
	Makefile
Removed Files:
	ssh-audit/DESCR
	ssh-audit/Makefile
	ssh-audit/PLIST
	ssh-audit/distinfo
	ssh-audit/patches/patch-01-upstream-44393c-more-cbc.patch

Log Message:
ssh-audit was imported

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=813647ff1df244cafe4ac3038953801943734529

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 Makefile                                           |   1 -
 ssh-audit/DESCR                                    |  15 ---
 ssh-audit/Makefile                                 |  30 ------
 ssh-audit/PLIST                                    | 101 ---------------------
 ssh-audit/distinfo                                 |   6 --
 .../patch-01-upstream-44393c-more-cbc.patch        |  47 ----------
 6 files changed, 200 deletions(-)

diffs:
diff --git a/Makefile b/Makefile
index 9bac8fd845..825fac20c7 100644
--- a/Makefile
+++ b/Makefile
@@ -5190,7 +5190,6 @@ SUBDIR+=	src
 SUBDIR+=	srecord
 SUBDIR+=	srvx
 SUBDIR+=	sselp
-SUBDIR+=	ssh-audit
 SUBDIR+=	ssh_ping
 SUBDIR+=	ssid
 SUBDIR+=	ssiv-git
diff --git a/ssh-audit/DESCR b/ssh-audit/DESCR
deleted file mode 100644
index c4eb8de610..0000000000
--- a/ssh-audit/DESCR
+++ /dev/null
@@ -1,15 +0,0 @@
-ssh-audit is a tool for ssh server & client configuration auditing.
-
-Features:
-* SSH1 and SSH2 protocol server support
-* analyze SSH client configuration
-* grab banner, recognize device or software and OS, detect compression
-* gather key-exchange, host-key, encryption and MAC algorithms
-* output algorithm information
-  (available since, removed/disabled, unsafe/weak/legacy, etc)
-* output algorithm recommendations
-  (append or remove based on recognized software version)
-* output security information (related issues, assigned CVE list, etc)
-* analyze SSH version compatibility based on algorithm information
-* historical information from OpenSSH, Dropbear SSH and libssh
-* policy scans to ensure adherence to a hardened/standard configuration
diff --git a/ssh-audit/Makefile b/ssh-audit/Makefile
deleted file mode 100644
index 9feff1c778..0000000000
--- a/ssh-audit/Makefile
+++ /dev/null
@@ -1,30 +0,0 @@
-# $NetBSD: Makefile,v 1.5 2023/10/19 12:58:34 wiz Exp $
-
-DISTNAME=	ssh-audit-3.1.0
-# revision 1 because of added patch from upstream
-PKGREVISION=	1
-CATEGORIES=	security
-MASTER_SITES=	${MASTER_SITE_GITHUB:=jtesta/}
-GITHUB_RELEASE=	v${PKGVERSION_NOREV}
-
-MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE=	https://github.com/jtesta/ssh-audit/
-COMMENT=	Tool for SSH server & client configuration auditing
-LICENSE=	mit
-
-TEST_DEPENDS+=	${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test
-
-USE_LANGUAGES=	# none
-
-INSTALLATION_DIRS+=	${PKGMANDIR}/man1
-
-post-install:
-	${RUN}${INSTALL_MAN} ${WRKSRC}/ssh-audit.1 \
-		${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
-
-TEST_ENV+=	PYTHONPATH=${WRKSRC}/build/lib
-do-test:
-	cd ${WRKSRC} && ${SETENV} ${TEST_ENV} pytest-${PYVERSSUFFIX}
-
-.include "../../lang/python/egg.mk"
-.include "../../mk/bsd.pkg.mk"
diff --git a/ssh-audit/PLIST b/ssh-audit/PLIST
deleted file mode 100644
index 1141a41cff..0000000000
--- a/ssh-audit/PLIST
+++ /dev/null
@@ -1,101 +0,0 @@
-@comment $NetBSD: PLIST,v 1.2 2022/11/15 15:08:22 fcambus Exp $
-bin/ssh-audit
-${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
-${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
-${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
-${PYSITELIB}/${EGG_INFODIR}/entry_points.txt
-${PYSITELIB}/${EGG_INFODIR}/top_level.txt
-${PYSITELIB}/ssh_audit/__init__.py
-${PYSITELIB}/ssh_audit/__init__.pyc
-${PYSITELIB}/ssh_audit/__init__.pyo
-${PYSITELIB}/ssh_audit/__main__.py
-${PYSITELIB}/ssh_audit/__main__.pyc
-${PYSITELIB}/ssh_audit/__main__.pyo
-${PYSITELIB}/ssh_audit/algorithm.py
-${PYSITELIB}/ssh_audit/algorithm.pyc
-${PYSITELIB}/ssh_audit/algorithm.pyo
-${PYSITELIB}/ssh_audit/algorithms.py
-${PYSITELIB}/ssh_audit/algorithms.pyc
-${PYSITELIB}/ssh_audit/algorithms.pyo
-${PYSITELIB}/ssh_audit/auditconf.py
-${PYSITELIB}/ssh_audit/auditconf.pyc
-${PYSITELIB}/ssh_audit/auditconf.pyo
-${PYSITELIB}/ssh_audit/banner.py
-${PYSITELIB}/ssh_audit/banner.pyc
-${PYSITELIB}/ssh_audit/banner.pyo
-${PYSITELIB}/ssh_audit/exitcodes.py
-${PYSITELIB}/ssh_audit/exitcodes.pyc
-${PYSITELIB}/ssh_audit/exitcodes.pyo
-${PYSITELIB}/ssh_audit/fingerprint.py
-${PYSITELIB}/ssh_audit/fingerprint.pyc
-${PYSITELIB}/ssh_audit/fingerprint.pyo
-${PYSITELIB}/ssh_audit/gextest.py
-${PYSITELIB}/ssh_audit/gextest.pyc
-${PYSITELIB}/ssh_audit/gextest.pyo
-${PYSITELIB}/ssh_audit/globals.py
-${PYSITELIB}/ssh_audit/globals.pyc
-${PYSITELIB}/ssh_audit/globals.pyo
-${PYSITELIB}/ssh_audit/hostkeytest.py
-${PYSITELIB}/ssh_audit/hostkeytest.pyc
-${PYSITELIB}/ssh_audit/hostkeytest.pyo
-${PYSITELIB}/ssh_audit/kexdh.py
-${PYSITELIB}/ssh_audit/kexdh.pyc
-${PYSITELIB}/ssh_audit/kexdh.pyo
-${PYSITELIB}/ssh_audit/outputbuffer.py
-${PYSITELIB}/ssh_audit/outputbuffer.pyc
-${PYSITELIB}/ssh_audit/outputbuffer.pyo
-${PYSITELIB}/ssh_audit/policy.py
-${PYSITELIB}/ssh_audit/policy.pyc
-${PYSITELIB}/ssh_audit/policy.pyo
-${PYSITELIB}/ssh_audit/product.py
-${PYSITELIB}/ssh_audit/product.pyc
-${PYSITELIB}/ssh_audit/product.pyo
-${PYSITELIB}/ssh_audit/protocol.py
-${PYSITELIB}/ssh_audit/protocol.pyc
-${PYSITELIB}/ssh_audit/protocol.pyo
-${PYSITELIB}/ssh_audit/readbuf.py
-${PYSITELIB}/ssh_audit/readbuf.pyc
-${PYSITELIB}/ssh_audit/readbuf.pyo
-${PYSITELIB}/ssh_audit/software.py
-${PYSITELIB}/ssh_audit/software.pyc
-${PYSITELIB}/ssh_audit/software.pyo
-${PYSITELIB}/ssh_audit/ssh1.py
-${PYSITELIB}/ssh_audit/ssh1.pyc
-${PYSITELIB}/ssh_audit/ssh1.pyo
-${PYSITELIB}/ssh_audit/ssh1_crc32.py
-${PYSITELIB}/ssh_audit/ssh1_crc32.pyc
-${PYSITELIB}/ssh_audit/ssh1_crc32.pyo
-${PYSITELIB}/ssh_audit/ssh1_kexdb.py
-${PYSITELIB}/ssh_audit/ssh1_kexdb.pyc
-${PYSITELIB}/ssh_audit/ssh1_kexdb.pyo
-${PYSITELIB}/ssh_audit/ssh1_publickeymessage.py
-${PYSITELIB}/ssh_audit/ssh1_publickeymessage.pyc
-${PYSITELIB}/ssh_audit/ssh1_publickeymessage.pyo
-${PYSITELIB}/ssh_audit/ssh2_kex.py
-${PYSITELIB}/ssh_audit/ssh2_kex.pyc
-${PYSITELIB}/ssh_audit/ssh2_kex.pyo
-${PYSITELIB}/ssh_audit/ssh2_kexdb.py
-${PYSITELIB}/ssh_audit/ssh2_kexdb.pyc
-${PYSITELIB}/ssh_audit/ssh2_kexdb.pyo
-${PYSITELIB}/ssh_audit/ssh2_kexparty.py
-${PYSITELIB}/ssh_audit/ssh2_kexparty.pyc
-${PYSITELIB}/ssh_audit/ssh2_kexparty.pyo
-${PYSITELIB}/ssh_audit/ssh_audit.py
-${PYSITELIB}/ssh_audit/ssh_audit.pyc
-${PYSITELIB}/ssh_audit/ssh_audit.pyo
-${PYSITELIB}/ssh_audit/ssh_socket.py
-${PYSITELIB}/ssh_audit/ssh_socket.pyc
-${PYSITELIB}/ssh_audit/ssh_socket.pyo
-${PYSITELIB}/ssh_audit/timeframe.py
-${PYSITELIB}/ssh_audit/timeframe.pyc
-${PYSITELIB}/ssh_audit/timeframe.pyo
-${PYSITELIB}/ssh_audit/utils.py
-${PYSITELIB}/ssh_audit/utils.pyc
-${PYSITELIB}/ssh_audit/utils.pyo
-${PYSITELIB}/ssh_audit/versionvulnerabilitydb.py
-${PYSITELIB}/ssh_audit/versionvulnerabilitydb.pyc
-${PYSITELIB}/ssh_audit/versionvulnerabilitydb.pyo
-${PYSITELIB}/ssh_audit/writebuf.py
-${PYSITELIB}/ssh_audit/writebuf.pyc
-${PYSITELIB}/ssh_audit/writebuf.pyo
-man/man1/ssh-audit.1
diff --git a/ssh-audit/distinfo b/ssh-audit/distinfo
deleted file mode 100644
index 8459a4885f..0000000000
--- a/ssh-audit/distinfo
+++ /dev/null
@@ -1,6 +0,0 @@
-$NetBSD: distinfo,v 1.3 2023/10/19 12:58:34 wiz Exp $
-
-BLAKE2s (ssh-audit-3.1.0.tar.gz) = 65a44a1573eb309986bf7c59425b587b060141b4fdd28594cd62fc8ee3ecdc2e
-SHA512 (ssh-audit-3.1.0.tar.gz) = ea42aa93272cb1881d8c5882b2f68655606fe73f64a708bc0f9f743f14137aab1026eabf10a813f3919de179117c1a9b4c8325d511e25afd60caee273cb32deb
-Size (ssh-audit-3.1.0.tar.gz) = 154296 bytes
-SHA1 (patch-01-upstream-44393c-more-cbc.patch) = 82486cbfd878c7c12cecadfd019b18fe5575c229
diff --git a/ssh-audit/patches/patch-01-upstream-44393c-more-cbc.patch b/ssh-audit/patches/patch-01-upstream-44393c-more-cbc.patch
deleted file mode 100644
index 6fd40bd160..0000000000
--- a/ssh-audit/patches/patch-01-upstream-44393c-more-cbc.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 44393c56b3238daf43215504f5f4272e1bd9d1bb Mon Sep 17 00:00:00 2001
-From: Joe Testa <jtesta%positronsecurity.com@localhost>
-Date: Thu, 21 Dec 2023 15:30:43 -0500
-Subject: [PATCH] Expanded filter of CBC ciphers to flag for the Terrapin
- vulnerability.
-
----
- README.md                  | 3 +++
- src/ssh_audit/ssh_audit.py | 4 ++--
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git README.md README.md
-index a8d0c2b8..d748db01 100644
---- README.md
-+++ README.md
-@@ -178,6 +178,9 @@ For convenience, a web front-end on top of the command-line tool is available at
- 
- ## ChangeLog
- 
-+### v3.2.0 (???)
-+ - Expanded filter of CBC ciphers to flag for the Terrapin vulnerability.  It now includes more rarely found ciphers.
-+
- ### v3.1.0 (2023-12-20)
-  - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
-  - Dropped support for Python 3.7 (EOL was reached in June 2023).
-diff --git src/ssh_audit/ssh_audit.py src/ssh_audit/ssh_audit.py
-index 481fc8e5..61e8c10d 100755
---- src/ssh_audit/ssh_audit.py
-+++ src/ssh_audit/ssh_audit.py
-@@ -491,7 +491,7 @@ def _get_cbc_ciphers_enabled(algs: Algorithms) -> List[str]:
-         if algs.ssh2kex is not None:
-             ciphers_supported = algs.ssh2kex.client.encryption if client_audit else algs.ssh2kex.server.encryption
-             for cipher in ciphers_supported:
--                if cipher.endswith("-cbc"):
-+                if cipher.endswith("-cbc") or cipher.endswith("-cbc%openssh.org@localhost") or cipher.endswith("-cbc%ssh.com@localhost") or cipher == "rijndael-cbc%lysator.liu.se@localhost":
-                     ret.append(cipher)
- 
-         return ret
-@@ -501,7 +501,7 @@ def _get_cbc_ciphers_not_enabled(db: Dict[str, Dict[str, List[List[Optional[str]
-         ret = []
- 
-         for cipher in db["enc"]:
--            if cipher.endswith("-cbc") and cipher not in _get_cbc_ciphers_enabled(algs):
-+            if (cipher.endswith("-cbc") or cipher.endswith("-cbc%openssh.org@localhost") or cipher.endswith("-cbc%ssh.com@localhost") or cipher == "rijndael-cbc%lysator.liu.se@localhost") and cipher not in _get_cbc_ciphers_enabled(algs):
-                 ret.append(cipher)
- 
-         return ret
Prev by Date: ssh-audit: prepare update to 3.1.0 with patch for terrapin
Next by Date: netbsd_exporter: finished package, waiting for freeze to end
Previous by Thread: ssh-audit: prepare update to 3.1.0 with patch for terrapin
Next by Thread: netbsd_exporter: finished package, waiting for freeze to end
Indexes:
Home | Main Index | Thread Index | Old Index