Package Release Info

ssh-audit-3.0.0-bp156.1.1

Update Info: Base Release
Available in Package Hub : 15 SP6

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

ssh-audit

Change Logs

* Sat Sep 09 2023 Martin Hauke <mardnh@gmx.de>
- Update to version 3.0.0
  * Results from concurrent scans against multiple hosts are no
    longer improperly combined.
  * Hostname resolution failure no longer causes scans against
    multiple hosts to terminate unexpectedly.
  * Algorithm recommendations resulting from warnings are now
    printed in yellow instead of red.
  * Added failure, warning, and info notes to JSON output (note
    that this results in a breaking change to the banner protocol,
    "enc", and "mac" fields).
  * Fixed crash during GEX tests.
  * Refined GEX testing against OpenSSH servers: when the fallback
    mechanism is suspected of being triggered, perform an
    additional test to obtain more accurate results.
  * The color of all notes will be printed in green when the
    related algorithm is rated good.
  * Prioritized host key certificate algorithms for Ubuntu
    22.04 LTS client policy.
  * Marked all NIST K-, B-, and T-curves as unproven since they
    are so rarely used.
  * Added built-in policy for OpenSSH 9.4.
  * Added 12 new host keys
  * Added 15 new key exchanges.
  * Added 8 new ciphers.
  * Added 14 new MACs.
* Mon May 01 2023 Martin Hauke <mardnh@gmx.de>
- Update to version 2.9.0
  * Dropped support for Python 3.6
  * Updated CVE database.
  * Added -g and --gex-test for granular GEX modulus size tests.
  * JSON 'target' field now always includes port number.
  * JSON output now includes recommendations and CVE data.
  * Mixed host key/CA key types (i.e.: RSA host keys signed with
    ED25519 CAs, etc.) are now properly handled.
  * Warnings are now printed for 2048-bit moduli.
  * SHA-1 algorithms now cause failures.
  * CBC mode ciphers are now warnings instead of failures.
  * Generic failure/warning messages replaced with more specific
    reasons (i.e.:'using weak cipher' => 'using broken RC4 cipher')
  * Updated built-in policies to include missing host key size
    information.
  * Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2,
    and 9.3.
  * Added 33 new host keys.
  * Added 46 new key exchanges.
  * Added 28 new ciphers.
  * Added 5 new MACs.
Version: 2.5.0-bp153.2.3.1
* Mon Aug 30 2021 Martin Hauke <mardnh@gmx.de>
- Require correct python version
* Thu Aug 26 2021 Martin Hauke <mardnh@gmx.de>
- Update to version 2.5.0
  * Fixed crash when running host key tests.
  * Handles server connection failures more gracefully.
  * Now prints JSON with indents when -jj is used (useful for
    debugging).
  * Added MD5 fingerprints to verbose output.
  * Added -d/--debug option for getting debugging output.
  * Updated JSON output to include MD5 fingerprints. Note that
    this results in a breaking change in the 'fingerprints'
    dictionary format.
  * Updated OpenSSH 8.1 (and earlier) policies to include
    rsa-sha2-512 and rsa-sha2-256.
  * Added OpenSSH v8.6 & v8.7 policies.
  * Added 3 new key exchanges:
    + gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==
    + gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==
    + gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
  * Added 3 new MACs:
    + hmac-ripemd160-96
    + AEAD_AES_128_GCM
    + AEAD_AES_256_GCM
* Mon Mar 01 2021 Martin Hauke <mardnh@gmx.de>
- Update to version 2.4.0
  * Added multi-threaded scanning support.
  * Added version check for OpenSSH user enumeration
    (CVE-2018-15473).
  * Added deprecation note to host key types based on SHA-1.
  * Added extra warnings for SSHv1.
  * Added built-in hardened OpenSSH v8.5 policy.
  * Upgraded warnings to failures for host key types based on SHA-1
  * Fixed crash when receiving unexpected response during host key
    test.
  * Fixed hang against older Cisco devices during host key test &
    gex test.
  * Fixed improper termination while scanning multiple targets when
    one target returns an error.
  * Dropped support for Python 3.5 (which reached EOL in Sept.2020)
  * Added 1 new key exchange: sntrup761x25519-sha512@openssh.com.
* Fri Oct 30 2020 Martin Hauke <mardnh@gmx.de>
- Update to version 2.3.1
  * Now parses public key sizes for
    rsa-sha2-256-cert-v01@openssh.com and
    rsa-sha2-512-cert-v01@openssh.com host key types.
  * Flag ssh-rsa-cert-v01@openssh.com as a failure due to SHA-1
    hash.
  * Fixed bug in recommendation output which suppressed some
    algorithms inappropriately.
  * Built-in policies now include CA key requirements (if
    certificates are in use).
  * Lookup function (--lookup) now performs case-insensitive
    lookups of similar algorithms.
  * Migrated pre-made policies from external files to internal
    database.
  * Split single 3,500 line script into many files (by class).
  * Added setup.py support
  * Added 1 new cipher: des-cbc@ssh.com.
- Install manpage
- Use py-* rpm macros
* Mon Sep 28 2020 Martin Hauke <mardnh@gmx.de>
- Update to version 2.3.0
  The highlight of this release is support for policy scanning
  (this allows an admin to test a server against a
  hardened/standard configuration).
  * Added new policy auditing functionality to test adherence to
    a hardening guide/standard configuration
    (see -L/--list-policies, -M/--make-policy and -P/--policy).
  * Created new man page (see ssh-audit.1 file).
  * 1024-bit moduli upgraded from warnings to failures.
  * Many Python 2 code clean-ups, testing framework improvements,
    pylint & flake8 fixes, and mypy type comments.
  * Added feature to look up algorithms in internal database
    (see --lookup)
  * Suppress recommendation of token host key types.
  * Added check for use-after-free vulnerability in PuTTY v0.73.
  * Added 11 new host key types: ssh-rsa1, ssh-dss-sha256@ssh.com,
    ssh-gost2001, ssh-gost2012-256, ssh-gost2012-512,
    spki-sign-rsa, ssh-ed448, x509v3-ecdsa-sha2-nistp256,
    x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521,
    x509v3-rsa2048-sha256.
  * Added 8 new key exchanges: diffie-hellman-group1-sha256,
    kexAlgoCurve25519SHA256, Curve25519SHA256, gss-group14-sha256-,
    gss-group15-sha512-, gss-group16-sha512-, gss-nistp256-sha256-,
    gss-curve25519-sha256-.
  * Added 5 new ciphers: blowfish, AEAD_AES_128_GCM,
    AEAD_AES_256_GCM, crypticore128@ssh.com, seed-cbc@ssh.com.
  * Added 3 new MACs: chacha20-poly1305@openssh.com, hmac-sha3-224,
    crypticore-mac@ssh.com.
- Update ssh-audit.keyring
Version: 2.2.0-bp152.1.7
* Wed Mar 11 2020 Martin Hauke <mardnh@gmx.de>
- Update to version 2.2.0
  * Marked host key type ssh-rsa as weak due to practical SHA-1
    collisions.
  * Added 10 new host key types:
    ecdsa-sha2-1.3.132.0.10, x509v3-sign-dss, x509v3-sign-rsa,
    x509v3-sign-rsa-sha256@ssh.com,
    x509v3-ssh-dss, x509v3-ssh-rsa,
    sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
    sk-ecdsa-sha2-nistp256@openssh.com,
    sk-ssh-ed25519-cert-v01@openssh.com,
    and sk-ssh-ed25519@openssh.com.
  * Added 18 new key exchanges:
    diffie-hellman-group14-sha256@ssh.com,
    diffie-hellman-group15-sha256@ssh.com,
    diffie-hellman-group15-sha384@ssh.com,
    diffie-hellman-group16-sha384@ssh.com,
    diffie-hellman-group16-sha512@ssh.com,
    diffie-hellman-group18-sha512@ssh.com,
    ecdh-sha2-curve25519, ecdh-sha2-nistb233,
    ecdh-sha2-nistb409, ecdh-sha2-nistk163,
    ecdh-sha2-nistk233, ecdh-sha2-nistk283,
    ecdh-sha2-nistk409, ecdh-sha2-nistp192,
    ecdh-sha2-nistp224, ecdh-sha2-nistt571,
    gss-gex-sha1-, and gss-group1-sha1-.
  * Added 9 new ciphers:
    camellia128-cbc, camellia128-ctr, camellia192-cbc,
    camellia192-ctr, camellia256-cbc, camellia256-ctr,
    aes128-gcm, aes256-gcm, and chacha20-poly1305.
  * Added 2 new MACs:
    aes128-gcm and aes256-gcm.
* Tue Feb 04 2020 Martin Hauke <mardnh@gmx.de>
- Rename keyring to %name.keyring
* Mon Feb 03 2020 Martin Hauke <mardnh@gmx.de>
* Remove _service file; use download URL for all files
  * Run spec-cleaner
  * Don't package ssh-audit with the .py extension
  * Run testsuite
* Sun Dec 29 2019 Lars Vogdt <lars@linux-schulserver.de>
- update to 2.1.1:
  This maintenance release focuses on improving support for client testing.
  The full changelog is:
  + Added 2 new host key types: rsa-sha2-256-cert-v01@openssh.com,
    rsa-sha2-512-cert-v01@openssh.com.
  + Added 2 new ciphers: des, 3des.
  + Added 3 new PuTTY vulnerabilities.
  + During client testing, client IP address is now listed in output.
- added _service file
- add signatures for source verification
* Fri Nov 15 2019 Lars Vogdt <lars@linux-schulserver.de>
- update to 2.1.0:
  The highlights of this release include client-testing functionality to audit
  the protocols accepted by client software, a JSON output format, support for
  new algorithms, and bugfixes. Below is the full changelog:
  + Added client software auditing functionality (see -c / --client-audit option).
  + Added JSON output option (see -j / --json option; credit Andreas Jaggi).
  + Fixed crash while scanning Solaris Sun_SSH.
* Wed Sep 25 2019 lars@linux-schulserver.de - 2.0.0
- initial version 2.0.0