commit ssh-audit for openSUSE:Factory

2020-11-10 Thread root
Hello community,

here is the log from the commit of package ssh-audit for openSUSE:Factory 
checked in at 2020-11-10 13:39:52

Comparing /work/SRC/openSUSE:Factory/ssh-audit (Old)
 and  /work/SRC/openSUSE:Factory/.ssh-audit.new.11331 (New)


Package is "ssh-audit"

Tue Nov 10 13:39:52 2020 rev:3 rq:845611 version:2.3.1

Changes:

--- /work/SRC/openSUSE:Factory/ssh-audit/ssh-audit.changes  2020-03-12 
23:11:40.983309163 +0100
+++ /work/SRC/openSUSE:Factory/.ssh-audit.new.11331/ssh-audit.changes   
2020-11-10 13:45:05.923800488 +0100
@@ -1,0 +2,56 @@
+Fri Oct 30 19:27:23 UTC 2020 - Martin Hauke 
+
+- Update to version 2.3.1
+  * Now parses public key sizes for
+rsa-sha2-256-cert-...@openssh.com and
+rsa-sha2-512-cert-...@openssh.com host key types.
+  * Flag ssh-rsa-cert-...@openssh.com as a failure due to SHA-1
+hash.
+  * Fixed bug in recommendation output which suppressed some
+algorithms inappropriately.
+  * Built-in policies now include CA key requirements (if
+certificates are in use).
+  * Lookup function (--lookup) now performs case-insensitive
+lookups of similar algorithms.
+  * Migrated pre-made policies from external files to internal
+database.
+  * Split single 3,500 line script into many files (by class).
+  * Added setup.py support
+  * Added 1 new cipher: des-...@ssh.com.
+- Install manpage
+- Use py-* rpm macros
+
+---
+Mon Sep 28 08:44:00 UTC 2020 - Martin Hauke 
+
+- Update to version 2.3.0
+  The highlight of this release is support for policy scanning
+  (this allows an admin to test a server against a
+  hardened/standard configuration).
+  * Added new policy auditing functionality to test adherence to
+a hardening guide/standard configuration
+(see -L/--list-policies, -M/--make-policy and -P/--policy).
+  * Created new man page (see ssh-audit.1 file).
+  * 1024-bit moduli upgraded from warnings to failures.
+  * Many Python 2 code clean-ups, testing framework improvements,
+pylint & flake8 fixes, and mypy type comments.
+  * Added feature to look up algorithms in internal database
+(see --lookup)
+  * Suppress recommendation of token host key types.
+  * Added check for use-after-free vulnerability in PuTTY v0.73.
+  * Added 11 new host key types: ssh-rsa1, ssh-dss-sha...@ssh.com,
+ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512,
+spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256,
+x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521,
+x509v3-rsa2048-sha256.
+  * Added 8 new key exchanges: diffie-hellman-group1-sha256,
+kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-,
+gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-,
+gss-curve25519-sha256-.
+  * Added 5 new ciphers: blowfish, AEAD_AES_128_GCM,
+AEAD_AES_256_GCM, crypticore...@ssh.com, seed-...@ssh.com.
+  * Added 3 new MACs: chacha20-poly1...@openssh.com, hmac-sha3-224,
+crypticore-...@ssh.com.
+- Update ssh-audit.keyring
+
+---

Old:

  ssh-audit-2.2.0.tar.gz
  ssh-audit-2.2.0.tar.gz.sig

New:

  ssh-audit-2.3.1.tar.gz
  ssh-audit-2.3.1.tar.gz.sig



Other differences:
--
++ ssh-audit.spec ++
--- /var/tmp/diff_new_pack.V7EgTS/_old  2020-11-10 13:45:07.143798065 +0100
+++ /var/tmp/diff_new_pack.V7EgTS/_new  2020-11-10 13:45:07.147798056 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   ssh-audit
-Version:2.2.0
+Version:2.3.1
 Release:0
 Summary:SSH server auditing
 License:MIT
@@ -26,7 +26,10 @@
 Source: 
https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1:
https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig
 Source2:%{name}.keyring
+BuildRequires:  fdupes
 BuildRequires:  python3-pytest
+BuildRequires:  python3-rpm-macros
+BuildRequires:  python3-setuptools
 Requires:   python >= 3
 BuildArch:  noarch
 
@@ -42,25 +45,27 @@
  * output security information (related issues, assigned CVE list, etc);
  * analyze SSH version compatibility based on algorithm information;
  * historical information from OpenSSH, Dropbear SSH and libssh;
- * no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
 
 %prep
 %setup -q
-sed -i "s|#!/usr/bin/env python3|#!%{_bindir}/python3|g" ssh-audit.py
+sed -i -e '/^#!\//, 1d' src/ssh_audit/ssh_audit.py
 
 %build
-#
+%python3_build
 
 %install
-install -Dm0755 ssh-audit.py %{buildroot}%{_bindir}/ssh-audit
+%python3_install
+%fdupes %{buildroot}%{python3_sitelib}
+install -D -p -m0644 ssh-audit.1 %{buildroot}%{_mandir}/man1/ssh-audit.1
 
 

commit ssh-audit for openSUSE:Factory

2020-03-12 Thread root
Hello community,

here is the log from the commit of package ssh-audit for openSUSE:Factory 
checked in at 2020-03-12 23:06:14

Comparing /work/SRC/openSUSE:Factory/ssh-audit (Old)
 and  /work/SRC/openSUSE:Factory/.ssh-audit.new.3160 (New)


Package is "ssh-audit"

Thu Mar 12 23:06:14 2020 rev:2 rq:784062 version:2.2.0

Changes:

--- /work/SRC/openSUSE:Factory/ssh-audit/ssh-audit.changes  2020-02-04 
19:57:51.733479391 +0100
+++ /work/SRC/openSUSE:Factory/.ssh-audit.new.3160/ssh-audit.changes
2020-03-12 23:11:40.983309163 +0100
@@ -1,0 +2,34 @@
+Wed Mar 11 18:35:53 UTC 2020 - Martin Hauke 
+
+- Update to version 2.2.0
+  * Marked host key type ssh-rsa as weak due to practical SHA-1
+collisions.
+  * Added 10 new host key types:
+ecdsa-sha2-1.3.132.0.10, x509v3-sign-dss, x509v3-sign-rsa,
+x509v3-sign-rsa-sha...@ssh.com,
+x509v3-ssh-dss, x509v3-ssh-rsa,
+sk-ecdsa-sha2-nistp256-cert-...@openssh.com,
+sk-ecdsa-sha2-nistp...@openssh.com,
+sk-ssh-ed25519-cert-...@openssh.com,
+and sk-ssh-ed25...@openssh.com.
+  * Added 18 new key exchanges:
+diffie-hellman-group14-sha...@ssh.com,
+diffie-hellman-group15-sha...@ssh.com,
+diffie-hellman-group15-sha...@ssh.com,
+diffie-hellman-group16-sha...@ssh.com,
+diffie-hellman-group16-sha...@ssh.com,
+diffie-hellman-group18-sha...@ssh.com,
+ecdh-sha2-curve25519, ecdh-sha2-nistb233,
+ecdh-sha2-nistb409, ecdh-sha2-nistk163,
+ecdh-sha2-nistk233, ecdh-sha2-nistk283,
+ecdh-sha2-nistk409, ecdh-sha2-nistp192,
+ecdh-sha2-nistp224, ecdh-sha2-nistt571,
+gss-gex-sha1-, and gss-group1-sha1-.
+  * Added 9 new ciphers:
+camellia128-cbc, camellia128-ctr, camellia192-cbc,
+camellia192-ctr, camellia256-cbc, camellia256-ctr,
+aes128-gcm, aes256-gcm, and chacha20-poly1305.
+  * Added 2 new MACs:
+aes128-gcm and aes256-gcm.
+
+---

Old:

  ssh-audit-2.1.1.tar.gz
  ssh-audit-2.1.1.tar.gz.sig

New:

  ssh-audit-2.2.0.tar.gz
  ssh-audit-2.2.0.tar.gz.sig



Other differences:
--
++ ssh-audit.spec ++
--- /var/tmp/diff_new_pack.oshIS4/_old  2020-03-12 23:11:41.939309540 +0100
+++ /var/tmp/diff_new_pack.oshIS4/_new  2020-03-12 23:11:41.943309542 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package ssh-audit
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,17 +12,17 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:   ssh-audit
-Version:2.1.1
+Version:2.2.0
 Release:0
 Summary:SSH server auditing
 License:MIT
 Group:  Productivity/Security
-Url:https://github.com/jtesta/ssh-audit
+URL:https://github.com/jtesta/ssh-audit
 Source: 
https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1:
https://github.com/jtesta/ssh-audit/releases/download/v%{version}/%{name}-%{version}.tar.gz.sig
 Source2:%{name}.keyring

++ ssh-audit-2.1.1.tar.gz -> ssh-audit-2.2.0.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ssh-audit-2.1.1/.gitignore 
new/ssh-audit-2.2.0/.gitignore
--- old/ssh-audit-2.1.1/.gitignore  2019-11-26 17:48:18.0 +0100
+++ new/ssh-audit-2.2.0/.gitignore  2020-03-11 16:55:14.0 +0100
@@ -1,5 +1,7 @@
 *~
 *.pyc
+*.exe
+*.asc
 venv*/
 .cache/
 .tox
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ssh-audit-2.1.1/README.md 
new/ssh-audit-2.2.0/README.md
--- old/ssh-audit-2.1.1/README.md   2019-11-26 17:48:18.0 +0100
+++ new/ssh-audit-2.2.0/README.md   2020-03-11 16:55:14.0 +0100
@@ -17,6 +17,7 @@
 - output security information (related issues, assigned CVE list, etc);
 - analyze SSH version compatibility based on algorithm information;
 - historical information from OpenSSH, Dropbear SSH and libssh;
+- runs on Linux and Windows;
 - no dependencies
 
 ## Usage
@@ -55,6 +56,14 @@
 Guides to harden server & client configuration can be found here: 
[https://www.ssh-audit.com/hardening_guides.html](https://www.ssh-audit.com/hardening_guides.html)
 
 ## ChangeLog
+### v2.2.0 (2020-03-11)
+ - Marked host key type `ssh-rsa` as weak due to [practical SHA-1