Sun Dec 29 21:21:36 2013 UTC ()
Pullup ticket #4278 - requested by pettai
security/py-denyhosts: security patch

Revisions pulled up:
- security/py-denyhosts/Makefile                                1.9
- security/py-denyhosts/distinfo                                1.4-1.5
- security/py-denyhosts/patches/patch-af                        1.2

---
   Module Name:    pkgsrc
   Committed By:   pettai
   Date:           Thu Dec 26 23:30:41 UTC 2013

   Modified Files:
           pkgsrc/security/py-denyhosts: Makefile distinfo
           pkgsrc/security/py-denyhosts/patches: patch-af

   Log Message:
   Fix for CVE-2013-6890

---
   Module Name:    pkgsrc
   Committed By:   pettai
   Date:           Sun Dec 29 20:27:55 UTC 2013

   Modified Files:
           pkgsrc/security/py-denyhosts: distinfo

   Log Message:
   Fixed broken checksum


(tron)
diff -r1.8 -r1.8.8.1 pkgsrc/security/py-denyhosts/Makefile
diff -r1.3 -r1.3.16.1 pkgsrc/security/py-denyhosts/distinfo
diff -r1.1 -r1.1.54.1 pkgsrc/security/py-denyhosts/patches/patch-af
cvs diff -r1.8 -r1.8.8.1 pkgsrc/security/py-denyhosts/Makefile (expand / switch to unified diff)

--- pkgsrc/security/py-denyhosts/Makefile 2012/10/23 18:16:53 1.8
+++ pkgsrc/security/py-denyhosts/Makefile 2013/12/29 21:21:36 1.8.8.1
@@ -1,22 +1,23 @@ @@ -1,22 +1,23 @@
1# $NetBSD: Makefile,v 1.8 2012/10/23 18:16:53 asau Exp $ 1# $NetBSD: Makefile,v 1.8.8.1 2013/12/29 21:21:36 tron Exp $
2# 2#
3 3
4VER= 2.6 4VER= 2.6
5DISTNAME= DenyHosts-${VER} 5DISTNAME= DenyHosts-${VER}
6PKGNAME= ${PYPKGPREFIX}-denyhosts-${VER} 6PKGNAME= ${PYPKGPREFIX}-denyhosts-${VER}
7PKGREVISION= 3 7PKGREVISION= 4
8CATEGORIES= sysutils 8CATEGORIES= sysutils
9MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=denyhosts/} 9MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=denyhosts/}
 10LICENSE= gnu-gpl-v2
10 11
11MAINTAINER= he@NetBSD.org 12MAINTAINER= he@NetBSD.org
12HOMEPAGE= http://denyhosts.sourceforge.net/ 13HOMEPAGE= http://denyhosts.sourceforge.net/
13COMMENT= Watch auth log for invalid ssh login attempts and block hosts 14COMMENT= Watch auth log for invalid ssh login attempts and block hosts
14 15
15PYDISTUTILSPKG= yes 16PYDISTUTILSPKG= yes
16 17
17CONF_FILES+= ${PREFIX}/share/denyhosts/denyhosts.cfg-dist \ 18CONF_FILES+= ${PREFIX}/share/denyhosts/denyhosts.cfg-dist \
18 ${PREFIX}/etc/denyhosts.conf 19 ${PREFIX}/etc/denyhosts.conf
19 20
20FILES_SUBST+= PYTHONBIN=${PYTHONBIN:Q} 21FILES_SUBST+= PYTHONBIN=${PYTHONBIN:Q}
21 22
22SUBST_CLASSES+= cf 23SUBST_CLASSES+= cf
cvs diff -r1.3 -r1.3.16.1 pkgsrc/security/py-denyhosts/distinfo (expand / switch to unified diff)

--- pkgsrc/security/py-denyhosts/distinfo 2011/12/14 03:05:04 1.3
+++ pkgsrc/security/py-denyhosts/distinfo 2013/12/29 21:21:36 1.3.16.1
@@ -1,11 +1,11 @@ @@ -1,11 +1,11 @@
1$NetBSD: distinfo,v 1.3 2011/12/14 03:05:04 sbd Exp $ 1$NetBSD: distinfo,v 1.3.16.1 2013/12/29 21:21:36 tron Exp $
2 2
3SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373 3SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373
4RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a 4RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a
5Size (DenyHosts-2.6.tar.gz) = 42667 bytes 5Size (DenyHosts-2.6.tar.gz) = 42667 bytes
6SHA1 (patch-aa) = 4bbb07f5918330a8dd828e8cfdf5bad3c4f50893 6SHA1 (patch-aa) = 4bbb07f5918330a8dd828e8cfdf5bad3c4f50893
7SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8 7SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8
8SHA1 (patch-ac) = 67eec2ff93ecfffeda2ed92fe7943fa5bc161083 8SHA1 (patch-ac) = 67eec2ff93ecfffeda2ed92fe7943fa5bc161083
9SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb 9SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb
10SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038 10SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038
11SHA1 (patch-af) = 536d14cf67cad8dc3767a5a7b3ea2e2278c7392a 11SHA1 (patch-af) = 4ce30eef4df19715ff2cedae193ea3dd8876c186
cvs diff -r1.1 -r1.1.54.1 pkgsrc/security/py-denyhosts/patches/Attic/patch-af (expand / switch to unified diff)

--- pkgsrc/security/py-denyhosts/patches/Attic/patch-af 2007/08/18 15:10:39 1.1
+++ pkgsrc/security/py-denyhosts/patches/Attic/patch-af 2013/12/29 21:21:36 1.1.54.1
@@ -1,15 +1,47 @@ @@ -1,15 +1,47 @@
1$NetBSD: patch-af,v 1.1 2007/08/18 15:10:39 taca Exp $ 1$NetBSD: patch-af,v 1.1.54.1 2013/12/29 21:21:36 tron Exp $
2 2
3Fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4323 3Fix for CVE-2013-6890
 4(See http://seclists.org/oss-sec/2013/q4/535)
4 5
5--- DenyHosts/regex.py.orig 2006-12-08 04:47:04.000000000 +0900 6--- DenyHosts/regex.py.orig 2013-12-26 22:46:33.000000000 +0000
6+++ DenyHosts/regex.py 7+++ DenyHosts/regex.py
7@@ -17,7 +17,7 @@ FAILED_ENTRY_REGEX3 = re.compile(r"""Aut 8@@ -6,22 +6,22 @@ import re
8  9
9 FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") 10 #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""")
 11
 12-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""")
 13+SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""")
 14 #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""")
 15
 16-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
 17+FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
 18
 19-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
 20+FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
 21
 22-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
 23+FAILED_ENTRY_REGEX3 = None
 24
 25-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
 26+FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""")
10  27
11-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""") 28-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
12+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""") 29+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""")
 30
 31-FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
 32+FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
 33
 34-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""")
 35+FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""")
 36
 37
 38 # these are reserved for future versions
 39@@ -42,7 +42,7 @@ for i in FAILED_ENTRY_REGEX_RANGE:
 40 FAILED_ENTRY_REGEX_MAP[i] = rx
 41
 42
 43-SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
 44+SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
13  45
14 FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") 46 TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""")
15  47