commit ssh-audit for openSUSE:Factory
Hello community, here is the log from the commit of package ssh-audit for openSUSE:Factory checked in at 2020-11-10 13:39:52 Comparing /work/SRC/openSUSE:Factory/ssh-audit (Old) and /work/SRC/openSUSE:Factory/.ssh-audit.new.11331 (New) Package is "ssh-audit" Tue Nov 10 13:39:52 2020 rev:3 rq:845611 version:2.3.1 Changes: --- /work/SRC/openSUSE:Factory/ssh-audit/ssh-audit.changes 2020-03-12 23:11:40.983309163 +0100 +++ /work/SRC/openSUSE:Factory/.ssh-audit.new.11331/ssh-audit.changes 2020-11-10 13:45:05.923800488 +0100 @@ -1,0 +2,56 @@ +Fri Oct 30 19:27:23 UTC 2020 - Martin Hauke + +- Update to version 2.3.1 + * Now parses public key sizes for +rsa-sha2-256-cert-...@openssh.com and +rsa-sha2-512-cert-...@openssh.com host key types. + * Flag ssh-rsa-cert-...@openssh.com as a failure due to SHA-1 +hash. + * Fixed bug in recommendation output which suppressed some +algorithms inappropriately. + * Built-in policies now include CA key requirements (if +certificates are in use). + * Lookup function (--lookup) now performs case-insensitive +lookups of similar algorithms. + * Migrated pre-made policies from external files to internal +database. + * Split single 3,500 line script into many files (by class). + * Added setup.py support + * Added 1 new cipher: des-...@ssh.com. +- Install manpage +- Use py-* rpm macros + +--- +Mon Sep 28 08:44:00 UTC 2020 - Martin Hauke + +- Update to version 2.3.0 + The highlight of this release is support for policy scanning + (this allows an admin to test a server against a + hardened/standard configuration). + * Added new policy auditing functionality to test adherence to +a hardening guide/standard configuration +(see -L/--list-policies, -M/--make-policy and -P/--policy). + * Created new man page (see ssh-audit.1 file). + * 1024-bit moduli upgraded from warnings to failures. + * Many Python 2 code clean-ups, testing framework improvements, +pylint & flake8 fixes, and mypy type comments. + * Added feature to look up algorithms in internal database +(see --lookup) + * Suppress recommendation of token host key types. + * Added check for use-after-free vulnerability in PuTTY v0.73. + * Added 11 new host key types: ssh-rsa1, ssh-dss-sha...@ssh.com, +ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512, +spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256, +x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521, +x509v3-rsa2048-sha256. + * Added 8 new key exchanges: diffie-hellman-group1-sha256, +kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-, +gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-, +gss-curve25519-sha256-. + * Added 5 new ciphers: blowfish, AEAD_AES_128_GCM, +AEAD_AES_256_GCM, crypticore...@ssh.com, seed-...@ssh.com. + * Added 3 new MACs: chacha20-poly1...@openssh.com, hmac-sha3-224, +crypticore-...@ssh.com. +- Update ssh-audit.keyring + +--- Old: ssh-audit-2.2.0.tar.gz ssh-audit-2.2.0.tar.gz.sig New: ssh-audit-2.3.1.tar.gz ssh-audit-2.3.1.tar.gz.sig Other differences: -- ++ ssh-audit.spec ++ --- /var/tmp/diff_new_pack.V7EgTS/_old 2020-11-10 13:45:07.143798065 +0100 +++ /var/tmp/diff_new_pack.V7EgTS/_new 2020-11-10 13:45:07.147798056 +0100 @@ -17,7 +17,7 @@ Name: ssh-audit -Version:2.2.0 +Version:2.3.1 Release:0 Summary:SSH server auditing License:MIT @@ -26,7 +26,10 @@ Source: https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz Source1: https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig Source2:%{name}.keyring +BuildRequires: fdupes BuildRequires: python3-pytest +BuildRequires: python3-rpm-macros +BuildRequires: python3-setuptools Requires: python >= 3 BuildArch: noarch @@ -42,25 +45,27 @@ * output security information (related issues, assigned CVE list, etc); * analyze SSH version compatibility based on algorithm information; * historical information from OpenSSH, Dropbear SSH and libssh; - * no dependencies, compatible with Python 2.6+, Python 3.x and PyPy; %prep %setup -q -sed -i "s|#!/usr/bin/env python3|#!%{_bindir}/python3|g" ssh-audit.py +sed -i -e '/^#!\//, 1d' src/ssh_audit/ssh_audit.py %build -# +%python3_build %install -install -Dm0755 ssh-audit.py %{buildroot}%{_bindir}/ssh-audit +%python3_install +%fdupes %{buildroot}%{python3_sitelib} +install -D -p -m0644 ssh-audit.1 %{buildroot}%{_mandir}/man1/ssh-audit.1
commit ssh-audit for openSUSE:Factory
Hello community, here is the log from the commit of package ssh-audit for openSUSE:Factory checked in at 2020-03-12 23:06:14 Comparing /work/SRC/openSUSE:Factory/ssh-audit (Old) and /work/SRC/openSUSE:Factory/.ssh-audit.new.3160 (New) Package is "ssh-audit" Thu Mar 12 23:06:14 2020 rev:2 rq:784062 version:2.2.0 Changes: --- /work/SRC/openSUSE:Factory/ssh-audit/ssh-audit.changes 2020-02-04 19:57:51.733479391 +0100 +++ /work/SRC/openSUSE:Factory/.ssh-audit.new.3160/ssh-audit.changes 2020-03-12 23:11:40.983309163 +0100 @@ -1,0 +2,34 @@ +Wed Mar 11 18:35:53 UTC 2020 - Martin Hauke + +- Update to version 2.2.0 + * Marked host key type ssh-rsa as weak due to practical SHA-1 +collisions. + * Added 10 new host key types: +ecdsa-sha2-1.3.132.0.10, x509v3-sign-dss, x509v3-sign-rsa, +x509v3-sign-rsa-sha...@ssh.com, +x509v3-ssh-dss, x509v3-ssh-rsa, +sk-ecdsa-sha2-nistp256-cert-...@openssh.com, +sk-ecdsa-sha2-nistp...@openssh.com, +sk-ssh-ed25519-cert-...@openssh.com, +and sk-ssh-ed25...@openssh.com. + * Added 18 new key exchanges: +diffie-hellman-group14-sha...@ssh.com, +diffie-hellman-group15-sha...@ssh.com, +diffie-hellman-group15-sha...@ssh.com, +diffie-hellman-group16-sha...@ssh.com, +diffie-hellman-group16-sha...@ssh.com, +diffie-hellman-group18-sha...@ssh.com, +ecdh-sha2-curve25519, ecdh-sha2-nistb233, +ecdh-sha2-nistb409, ecdh-sha2-nistk163, +ecdh-sha2-nistk233, ecdh-sha2-nistk283, +ecdh-sha2-nistk409, ecdh-sha2-nistp192, +ecdh-sha2-nistp224, ecdh-sha2-nistt571, +gss-gex-sha1-, and gss-group1-sha1-. + * Added 9 new ciphers: +camellia128-cbc, camellia128-ctr, camellia192-cbc, +camellia192-ctr, camellia256-cbc, camellia256-ctr, +aes128-gcm, aes256-gcm, and chacha20-poly1305. + * Added 2 new MACs: +aes128-gcm and aes256-gcm. + +--- Old: ssh-audit-2.1.1.tar.gz ssh-audit-2.1.1.tar.gz.sig New: ssh-audit-2.2.0.tar.gz ssh-audit-2.2.0.tar.gz.sig Other differences: -- ++ ssh-audit.spec ++ --- /var/tmp/diff_new_pack.oshIS4/_old 2020-03-12 23:11:41.939309540 +0100 +++ /var/tmp/diff_new_pack.oshIS4/_new 2020-03-12 23:11:41.943309542 +0100 @@ -1,7 +1,7 @@ # # spec file for package ssh-audit # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,17 +12,17 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: ssh-audit -Version:2.1.1 +Version:2.2.0 Release:0 Summary:SSH server auditing License:MIT Group: Productivity/Security -Url:https://github.com/jtesta/ssh-audit +URL:https://github.com/jtesta/ssh-audit Source: https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz Source1: https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig Source2:%{name}.keyring ++ ssh-audit-2.1.1.tar.gz -> ssh-audit-2.2.0.tar.gz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssh-audit-2.1.1/.gitignore new/ssh-audit-2.2.0/.gitignore --- old/ssh-audit-2.1.1/.gitignore 2019-11-26 17:48:18.0 +0100 +++ new/ssh-audit-2.2.0/.gitignore 2020-03-11 16:55:14.0 +0100 @@ -1,5 +1,7 @@ *~ *.pyc +*.exe +*.asc venv*/ .cache/ .tox diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ssh-audit-2.1.1/README.md new/ssh-audit-2.2.0/README.md --- old/ssh-audit-2.1.1/README.md 2019-11-26 17:48:18.0 +0100 +++ new/ssh-audit-2.2.0/README.md 2020-03-11 16:55:14.0 +0100 @@ -17,6 +17,7 @@ - output security information (related issues, assigned CVE list, etc); - analyze SSH version compatibility based on algorithm information; - historical information from OpenSSH, Dropbear SSH and libssh; +- runs on Linux and Windows; - no dependencies ## Usage @@ -55,6 +56,14 @@ Guides to harden server & client configuration can be found here: [https://www.ssh-audit.com/hardening_guides.html](https://www.ssh-audit.com/hardening_guides.html) ## ChangeLog +### v2.2.0 (2020-03-11) + - Marked host key type `ssh-rsa` as weak due to [practical SHA-1