Hello community, here is the log from the commit of package ssh-audit for openSUSE:Factory checked in at 2020-11-10 13:39:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ssh-audit (Old) and /work/SRC/openSUSE:Factory/.ssh-audit.new.11331 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ssh-audit" Tue Nov 10 13:39:52 2020 rev:3 rq:845611 version:2.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/ssh-audit/ssh-audit.changes 2020-03-12 23:11:40.983309163 +0100 +++ /work/SRC/openSUSE:Factory/.ssh-audit.new.11331/ssh-audit.changes 2020-11-10 13:45:05.923800488 +0100 @@ -1,0 +2,56 @@ +Fri Oct 30 19:27:23 UTC 2020 - Martin Hauke <mar...@gmx.de> + +- Update to version 2.3.1 + * Now parses public key sizes for + rsa-sha2-256-cert-...@openssh.com and + rsa-sha2-512-cert-...@openssh.com host key types. + * Flag ssh-rsa-cert-...@openssh.com as a failure due to SHA-1 + hash. + * Fixed bug in recommendation output which suppressed some + algorithms inappropriately. + * Built-in policies now include CA key requirements (if + certificates are in use). + * Lookup function (--lookup) now performs case-insensitive + lookups of similar algorithms. + * Migrated pre-made policies from external files to internal + database. + * Split single 3,500 line script into many files (by class). + * Added setup.py support + * Added 1 new cipher: des-...@ssh.com. +- Install manpage +- Use py-* rpm macros + +------------------------------------------------------------------- +Mon Sep 28 08:44:00 UTC 2020 - Martin Hauke <mar...@gmx.de> + +- Update to version 2.3.0 + The highlight of this release is support for policy scanning + (this allows an admin to test a server against a + hardened/standard configuration). + * Added new policy auditing functionality to test adherence to + a hardening guide/standard configuration + (see -L/--list-policies, -M/--make-policy and -P/--policy). + * Created new man page (see ssh-audit.1 file). + * 1024-bit moduli upgraded from warnings to failures. + * Many Python 2 code clean-ups, testing framework improvements, + pylint & flake8 fixes, and mypy type comments. + * Added feature to look up algorithms in internal database + (see --lookup) + * Suppress recommendation of token host key types. + * Added check for use-after-free vulnerability in PuTTY v0.73. + * Added 11 new host key types: ssh-rsa1, ssh-dss-sha...@ssh.com, + ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512, + spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256, + x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, + x509v3-rsa2048-sha256. + * Added 8 new key exchanges: diffie-hellman-group1-sha256, + kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-, + gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-, + gss-curve25519-sha256-. + * Added 5 new ciphers: blowfish, AEAD_AES_128_GCM, + AEAD_AES_256_GCM, crypticore...@ssh.com, seed-...@ssh.com. + * Added 3 new MACs: chacha20-poly1...@openssh.com, hmac-sha3-224, + crypticore-...@ssh.com. +- Update ssh-audit.keyring + +------------------------------------------------------------------- Old: ---- ssh-audit-2.2.0.tar.gz ssh-audit-2.2.0.tar.gz.sig New: ---- ssh-audit-2.3.1.tar.gz ssh-audit-2.3.1.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ssh-audit.spec ++++++ --- /var/tmp/diff_new_pack.V7EgTS/_old 2020-11-10 13:45:07.143798065 +0100 +++ /var/tmp/diff_new_pack.V7EgTS/_new 2020-11-10 13:45:07.147798056 +0100 @@ -17,7 +17,7 @@ Name: ssh-audit -Version: 2.2.0 +Version: 2.3.1 Release: 0 Summary: SSH server auditing License: MIT @@ -26,7 +26,10 @@ Source: https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz Source1: https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig Source2: %{name}.keyring +BuildRequires: fdupes BuildRequires: python3-pytest +BuildRequires: python3-rpm-macros +BuildRequires: python3-setuptools Requires: python >= 3 BuildArch: noarch @@ -42,25 +45,27 @@ * output security information (related issues, assigned CVE list, etc); * analyze SSH version compatibility based on algorithm information; * historical information from OpenSSH, Dropbear SSH and libssh; - * no dependencies, compatible with Python 2.6+, Python 3.x and PyPy; %prep %setup -q -sed -i "s|#!/usr/bin/env python3|#!%{_bindir}/python3|g" ssh-audit.py +sed -i -e '/^#!\//, 1d' src/ssh_audit/ssh_audit.py %build -# +%python3_build %install -install -Dm0755 ssh-audit.py %{buildroot}%{_bindir}/ssh-audit +%python3_install +%fdupes %{buildroot}%{python3_sitelib} +install -D -p -m0644 ssh-audit.1 %{buildroot}%{_mandir}/man1/ssh-audit.1 %check -# Skip tests that need a network environment -python3 -m pytest -vv -k 'not (TestResolve or test_socket or test_add_constraint_with_platform or TestSSH2)' +%pytest %files %license LICENSE %doc README.md %{_bindir}/ssh-audit +%{_mandir}/man1/ssh-audit.1%{?ext_man} +%{python3_sitelib}/ssh_audit* %changelog ++++++ ssh-audit-2.2.0.tar.gz -> ssh-audit-2.3.1.tar.gz ++++++ ++++ 16010 lines of diff (skipped) ++++++ ssh-audit.keyring ++++++ --- /var/tmp/diff_new_pack.V7EgTS/_old 2020-11-10 13:45:07.311797731 +0100 +++ /var/tmp/diff_new_pack.V7EgTS/_new 2020-11-10 13:45:07.311797731 +0100 @@ -1,51 +1,51 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFlBzS0BEADSrm4xHItZBXNeiWj1T8jhprPL5xb5MlSIPAg0GJv1+28yE2kJ -81kyA5uP+/S0BzJ6blcVZo2wMeKOPEmOvUc3Pqj4NADwnk55O2v/NXs4DFFoDE42 -8DVyTW/ZZ+2yE14FsCOS5dMiOpTu/O6XcwWxJd1n+7Bn3F5dNGi1O8ryew3GM7DP -lo4CIAI7r9jkpUWnFrZ9D8utYS4OLweuQxnAa5HRELYbsO7fieriHIaUWkjv95PW -UBF9K40S+DFQmEtd6Z1YtYozzjKT9x616av9BCsikY7pUvZfx7MbWkfeJRQd+2Lf -4P6nXjJvbNWoV0J08j5xSkPizIS+0/PQfidWRQ2+DRsXNmcjP9g0g0pZ7nNGHKYq -w7nebuT04OIMG/7K2YrVt+pXiFoerfSY0Zl6SCsLOCBCcVQPVtWyxRDAl6lwxvWt -6tCD/AuJtmJStIu+LdU13/p9H07KNCwK5gU+hoyoBz98EE0ZN/71X5e8h8Tm/uol -CBJYLYiYIjKenMD9q2ZpH1RNQofbcJDgRIlrlOK3VVR4x+h0nsBto791PVrDYTf5 -3UgS2d4BIXYmrZoZMSdCdp9eZ5h1Te2Hl1cCcIZn6kOsJSItk5dnryeOMRbhhFlD -RE3+KivlPpqZESfGKRLIrYE359ighOiUjFkJmMXW02msVWxgwIj2VFbM+wARAQAB +mQINBF51CO4BEAC6kFw3X4xNqf5HCN6LiPFgZbuuPB9Rg+COyAKxb1UynqxT1UCr +JFJhPKMhTQTN4M6f2lw0TH7hkVbWD4ittFy6BM2JAqn0/+ngiu3t8ZXAy2Hprdw6 +rbw2Y5EZo79eEOHKGliCugEWK9ZHvcbU7RIZh57oa0wKVAXSDOqgv92a4r9x+YdX +BozCR+iISgfCrgzAMs+m41zsKh24NvRJ0PEXsKjf/H42U6nPtTdV4qRS8uu1t+Rn +DSGtJzXoI43EPZkflSzWfvegsXScawRhGqvMNvdVxac4FHNDluelhoXqYkSCs5I8 +24Me01zI75aZv4nk+q+LRRZ5YeO7CPEiPaxjyEJEaLkKVET5mvgcJFn7M15k03ST +021jcBiz3H825zlQgOD7xD4wlPclru5vK/OjgkKtqC+SwLpfIyigbzj33sWBEzon +kma6yECycWLnwXIPILBrfCAA17y7TULJEbn0HtXzmSkGMr5JJp64Phju2clOtENU +aYQFWr/CCGxxQ3qlLvSzq/TlatEf8fauAsKMUmdwcli9+n/gvYN0KpIwCha5oPOA +DL46wHsheEB1JLYO6mZ0PW6GfHWOqzlIWl3zQ1O1N7V9dVsJvtMraOR5kAXndU3z +NKYtCgvPCrnMcX6o2OMdEIUJvBeYCwJEpj8ScywlFU8X2vaNTBCpQ0/QqwARAQAB tDBKb3NlcGggUy4gVGVzdGEgSUkgPGp0ZXN0YUBwb3NpdHJvbnNlY3VyaXR5LmNv -bT6JAj8EEwECACkFAllBzS0CGwMFCQWjmoAHCwkIBwMCAQYVCAIJCgsEFgIDAQIe -AQIXgAAKCRCQScQi0qr8Eh3pEACfRJ8eC1EHmnkPX5vBMiT96OyOUaeL2PeBmf09 -zdo7ypKLZa27LuC0GJVtoEWaMxxQfm2mCuEGic2Tp/+vnsOVSSc/xCbo8xg//ieB -OJoQlF9CXEVGt2XBSgXUsfJJ/KAOzPAwMJLR1JSllvoFLid2GaRgly+j45S8Wpbf -KDU7r7eK2/7k1FP22zKW+4Eaxbmw/24FDeUl/ZAG1HeQ+3uz7nRi19LFCPLddIwq -VJJPTNdQVxaZM3V/6lJ/LzLKLkTFcCiiRy2MhiSf9hxmJn3usRnEhnljIb9yDMO4 -vdR2Y0BGBUtDMMVaKLJftKyq6lv5agt9oK6jbZZXvZBO6KP784Tluz8qHhpOcvxR -FVj1i+OWgp89VawRrkjRaiqlnzp0/ycfEgejZu5wxSBlK/E+u8eAdBJXQdeExvH9 -KX8l7cgGCMx0DHEYJQBZiI9wcc3O+OH9o3wmIKb+l7RY1oSqlnbdVs575HFc/kj+ -1wNahOsWi1wOWr3HEfKWQrGgpEVhbqUQIKdvwmXxn4znUBhNoCFjmVdiGWxb8F6G -lv/6E3xzrPt12funbJGlJjsLp+EWOASxcfNtroMaLn0kRT0kPbaWjyVWaOx5Xo69 -0YMT/5WRj+VRre0gMmi6iK/YP8MY2hBYGD8WJPx+Fimh5yS8rnFQ8tPq7ld96feW -jqG987kCDQRZQc0tARAA87O+WvveV3ISGo7HegzY3On0v+H3moJd0b5xZux8IPGz -xIXSTm15aPVbYgrM30+dtZIIb6wejvNIDmL3tmKlFMSdJvBkLlV5Jgd2ROlVxO2a -7MRdgIH3hA0GMrNwxeGP49xWr0uCMTTcyLlAFKehIbSvyHA6j4OnGMw+FRKGi1E5 -+hdRDQODXq85qzICZnMoZv23VuLNjlFTsS26gv9Nl4SL5qxOz32qcAhKz20o7IEn -0E0mxN2HXf7AbRhvKYpHCDb7jdb6tGHW2yWb7HDmiV1HwvFU7zZuvl8QNfy49Szp -wAa0fvbPKvNpBgRD0MuxHqzs1O1yj8ZG+jqOmIHYK4xhn0JyPF3UB+eG/Auq4krS -zB8YdM44exPFuTlFPLmltegSAASTrmz7mv0hPKFE90K4Ucv92VJk8NRLWu/Ogu/A -k9Ms3OTWJnx143ehvdit0RlUdQnLRgV46PmnKSabSvkLu+vH6HtiSd0VkBvFq66y -hPuNhUuiXAEUKEwRkTvAHlhU8DY0NB749nbnObACSXRxXugTzTEWewseS4wbIO7N -Cib+Wou2K3m+v0R9l5nOBFpss5qi+qSMbKxNBluyxOHvsy3dVqJnl7VGoTgBuQhW -VoJIwabzKzUCU4WXKJp0RIX2CwZ/q5FwqAo/ZubtFqHKAYoKlOqTlUn6aeA/Fx0A -EQEAAYkCJQQYAQIADwUCWUHNLQIbDAUJBaOagAAKCRCQScQi0qr8EiR4D/4miprK -EHQyt6Vb3M7M/rIS7Va53+DM1xhwWcnq4qFJ8MmKQTI3DubjZBn+xbSm3gFOuwkG -elDoFGe6AwsfssvVi/0sLxy9xaPUZW0YcUJXrkAEXXovFiv73glRZcyVENPMkRct -8uKYUdsL/ilD5jVkSP/IK7fIRg5lQA6cieNFFGPRMKLZpZlwp6UHUcW/VohjL0ha -Dgw7DdN358OcR3UwtOlKDuQ47Z193oBSu+zJh/k2xw/GTLVt5MUyoCXeMaCZBGCG -zrENAnKoeZbIAonw/D/eDh85D2N8zerx83la3ynGZ13fFS2/RIe7FsWUmEZUo1kz -AB3KJEtMPF2X72WhdYmzOHBq6Z6cqnEehLJR99tPYvRzayPzR651oB/TeVKQO4Db -+kXgKULj4CfnX2gYe91ZibZQqYOJo+vppY59wXLgiVaykG25ULItrQUggAPD3ljH -C5mHoeCrzRSPLtPPIf6TJqrvpTIXuPw25pNMG+x8W6rWuHSOeof1L2XF+nORhlVe -wXHWROeQn3gW0SlOCO2p6OmI6Lz04SB+j+BJGUK/A4MvulDC9z2Yw/G5pYrdy1fG -LxNlhBTsIXmqUvwlnevgZ+2JvzcCKkW3MqvDSJyMz8jWi2fo2x1ZvDhx1lJrEwuu -aHg8J1hHb55gJPV/PdrUQSuZOAXK7GIBZBnabQ== -=CNvz +bT6JAj0EEwEIACcFAl51CO4CGwMFCQlmAYAFCwkIBwIGFQgJCgsCBBYCAwECHgEC +F4AACgkQ5E9f07eZkWq7chAAkg1fixhHAiTq8n406WmpycsiVXCgcpivreDnr/SG +rrbME0ntgS5pL2cwCrogHbgv0zuI4BXDBlczWxhPwsZlXNu1GJytoEmxH/WSsTuG +wvLarBqvo/toNF+yfVJzXMrTnDNs1bLhAxlqLz6Nzfr9WEv9phPeD2GWdsR3k100 +Bv7IxrEbxtT6nrRqqrlHr0PVCK9lAGqN/3urITMmnTUk9v0l4mvcGYoYXICLZJAB +qOzM5KikSSyoff7cp8GYhxIePLmA3MFUg7WXIGccLNqOeW3e3g7+9l79lpRogJ2g +aM/OpgmQk0DrSA71enWTqgdJURW1/vBf0Be3L6ccQI+TDEQZUSvak41GZjsOt5tm +EKsjuCOfa8B9rTgGOK0KXp1ymxY95K3MdWxLmZARRBnTnsnaA1pmdkHwfqAWORNN +y6waRMz0HltXrcNfBm+EzrfA3Q4Z/r6C8AuHVgivTghA9Dj/uvMbUwI3s5f2xyCd +ucJtOxygKKbIT34DFztdszSyGj0aP+LleWnE3bs2y349TQzZOiKYvzVhVcdILXYc +lnlO92WN/6wN99z0nsjo8ndXCenuNAfmXUMimbfMg9B5p8FPH5e/R6ZoWoeRvdMY +XoD16Ei5T8Iava1BkQxaEtEQWB9So+mvRPCLtr8bVkRsinSTEJbMDnkaUdTks0bZ +k8i5Ag0EXnUI7gEQAM5yO4IfEQeVvLdpS8EJwy2pKbLvuIinZlkeMV6Xzpnt1cQO ++aJTBXkt++rmA4SLmI5vXJaOgj06xe7d2DDmHtfVPyyyB+HNNE1zZ00LDezGp1SX +3lCtBW78YPr8oG8JFL3YquqOKfGQcVYZR+LrpJ6PSQHlVx/tDj9K6Ad/jMTmk8bh +3GH6Cb/BXveqALA7onAorH2dxc2McHEQviXL8LnBYzFY5syL63RLE2mbHOfwvxfW +bzcaxgLuW8+A95tAuDlY0XaIZVGN0Wbfjx0NeaRRtCS/mVHM4NBox6cg/dClkjXo +awtTS9604D7yRYewqQ/luYwGmhg8DUg3MsPxvK1PCCmi+BNKowi3ijNXCHz5wqil +hTffYGTkJk/ah7F75ZjkFH3R+s3lvHr9mkr07jLSRcZJKHRhcQBLU/jJiwsmilki +MXj1L/D2lT0ZuIm7t/dpkscqo3MmDEW8fQVAVb7p7w0MxfYm5LqFFPP+ZE9d3slm +PTZxbzWHpqZZsp9yU6tA72fK1untCyT3eVxdfaJQXagH5NKpq1x3RPH2OTF+37Rm +PpEhXdzjWouzL26v5eLOaXf8v87+MsdSdURPGImHk7aqZmf/GTKJB8gUaSLlG7Ns +4DtZdfA5VuTmZznCkhwsOqxrjyDezsADguqL3hKvM/iWzot5bb/5DDd/vnUjABEB +AAGJAiUEGAEIAA8FAl51CO4CGwwFCQlmAYAACgkQ5E9f07eZkWoAzRAAoTeqgA7s +mpe79Yg3dCh231q8f94Y56r9pY71dqvgXzvTE/jXPVfdIsdfDBxt9kTKFsDh2m7/ +eH6NN8yBxFC04/KrcGa6ZqNG4VLL7Uhz8V9Q2HrJR4niWJS0XE/2bL5O5G+dnS0u +F/NsDhUuqG1DW9ixfnrhMU+/4sVazW8Prx/yaKiyo2gYSlPAjCfNYBZV3VNcFYDb +HOIb9+cXLX5TmF9Jv1B/YpfFWgF9gMiM+E3I4Kygo3c5TTtqSmM4uhHS2IyxiLh9 +EehegsYLNdC8l7jxxYoynKIUgUDtyQvxtobqlnyFW6SusldYeQfCgJKY8fuDiLgR +zwftPeRCzTpYtq8l9wPbGlqXZMH0NEtZyZIg/txfV4pNT6bSvNyY9YZL/nWuszYU +ZiPd8RPMzAB58PBzEK+5NdFYijMxzvajP2Qq1PDw/OBFZEOYyYCWbNxP9Idi71oB +hJW344HiikOQKfFLKccBX0Gv1d6yBL3Yr8sL9qS2hoW3gmrzEMEsQwauZGLYXy7O +NpH9N26u5B1IMKdwgF9AmEWbWe2ov9jyxHQC05Tt8xD3tMrb6OcZgv6IB9JZmfWd +8zdpWLhvt2w3+5ms8Kz2LELuo0xyEPgoyyFh2odbp14A7Kaa/iE+Qb9gmm6P6c7J +E2wkxcDjIJsCpyuWtp1A78QbyCFaZKOZf6c= +=u1o6 -----END PGP PUBLIC KEY BLOCK-----
