Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id A9B7885049
	for <pkgsrc-changes@NetBSD.org>; Tue, 26 Dec 2023 17:30:57 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id 2G5Gg7vXWtX0 for <pkgsrc-changes@netbsd.org>;
	Tue, 26 Dec 2023 17:30:57 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 1493284C86
	for <pkgsrc-changes@NetBSD.org>; Tue, 26 Dec 2023 17:30:57 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 0B98DFA42; Tue, 26 Dec 2023 17:30:57 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_170361185755850"
MIME-Version: 1.0
Date: Tue, 26 Dec 2023 17:30:57 +0000
From: "Dr. Thomas Orgis" <thor@netbsd.org>
Subject: CVS commit: pkgsrc/security/ssh-audit
To: pkgsrc-changes@NetBSD.org
Approved: commit_and_comment
Reply-To: thor@netbsd.org
X-Mailer: log_accum
Message-Id: <20231226173057.0B98DFA42@cvs.NetBSD.org>

This is a multi-part message in MIME format.

--_----------=_170361185755850
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	thor
Date:		Tue Dec 26 17:30:56 UTC 2023

Modified Files:
	pkgsrc/security/ssh-audit: Makefile distinfo

Log Message:
security/ssh-audit: update to 3.1.0 with patch for terrapin

    upstream changes since 3.0.0:

    v3.2.0-dev (???)

        Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. It now includes
          more rarely found ciphers.

    v3.1.0 (2023-12-20)

        Added test for the Terrapin message prefix truncation vulnerability (CVE-2023-48795).
        Dropped support for Python 3.7 (EOL was reached in June 2023).
        Added Python 3.12 support.
        In server policies, reduced expected DH modulus sizes from 4096 to 3072 to match
          the online hardening guides (note that 3072-bit moduli provide the equivalent of
          128-bit symmetric security).
        In Ubuntu 22.04 client policy, moved host key types sk-ssh-ed25519@openssh.com and
          ssh-ed25519 to the end of all certificate types.
        Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange
          list changes due to Terrapin vulnerability patches.
        Re-organized option host key types for OpenSSH 9.2 server policy to correspond with
          updated Debian 12 hardening guide.
        Added built-in policies for OpenSSH 9.5 and 9.6.
        Added an additional_notes field to the JSON output.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/ssh-audit/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/ssh-audit/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_170361185755850
Content-Disposition: inline
Content-Length: 1741
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/ssh-audit/Makefile
diff -u pkgsrc/security/ssh-audit/Makefile:1.5 pkgsrc/security/ssh-audit/Makefile:1.6
--- pkgsrc/security/ssh-audit/Makefile:1.5	Thu Oct 19 12:58:34 2023
+++ pkgsrc/security/ssh-audit/Makefile	Tue Dec 26 17:30:56 2023
@@ -1,6 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2023/10/19 12:58:34 wiz Exp $
+# $NetBSD: Makefile,v 1.6 2023/12/26 17:30:56 thor Exp $
 
-DISTNAME=	ssh-audit-3.0.0
+DISTNAME=	ssh-audit-3.1.0
+# revision 1 because of added patch from upstream
+PKGREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_GITHUB:=jtesta/}
 GITHUB_RELEASE=	v${PKGVERSION_NOREV}

Index: pkgsrc/security/ssh-audit/distinfo
diff -u pkgsrc/security/ssh-audit/distinfo:1.3 pkgsrc/security/ssh-audit/distinfo:1.4
--- pkgsrc/security/ssh-audit/distinfo:1.3	Thu Oct 19 12:58:34 2023
+++ pkgsrc/security/ssh-audit/distinfo	Tue Dec 26 17:30:56 2023
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2023/10/19 12:58:34 wiz Exp $
+$NetBSD: distinfo,v 1.4 2023/12/26 17:30:56 thor Exp $
 
-BLAKE2s (ssh-audit-3.0.0.tar.gz) = 42ea223813f118143e3b29284caf9d640da508a0ba7d8dfd33ead16840a3d1bf
-SHA512 (ssh-audit-3.0.0.tar.gz) = 2fcfc6c8b6737d54894de70dbcf1f800662ca122995c897507c87c73fecad66571b44bc3dfe102ff0dbafd270e537e5e00c7449319f1ee12b90494ee784c0cde
-Size (ssh-audit-3.0.0.tar.gz) = 151667 bytes
+BLAKE2s (ssh-audit-3.1.0.tar.gz) = 65a44a1573eb309986bf7c59425b587b060141b4fdd28594cd62fc8ee3ecdc2e
+SHA512 (ssh-audit-3.1.0.tar.gz) = ea42aa93272cb1881d8c5882b2f68655606fe73f64a708bc0f9f743f14137aab1026eabf10a813f3919de179117c1a9b4c8325d511e25afd60caee273cb32deb
+Size (ssh-audit-3.1.0.tar.gz) = 154296 bytes
+SHA1 (patch-01-upstream-44393c-more-cbc.patch) = 82486cbfd878c7c12cecadfd019b18fe5575c229


--_----------=_170361185755850--