Tue Feb 4 15:38:16 2014 UTC ()
Added DSA-2826-2 fix


(pettai)
diff -r1.10 -r1.11 pkgsrc/security/py-denyhosts/Makefile
diff -r1.5 -r1.6 pkgsrc/security/py-denyhosts/distinfo
diff -r1.2 -r1.3 pkgsrc/security/py-denyhosts/patches/patch-af
cvs diff -r1.10 -r1.11 pkgsrc/security/py-denyhosts/Makefile (expand / switch to unified diff)

--- pkgsrc/security/py-denyhosts/Makefile 2014/01/25 10:30:20 1.10
+++ pkgsrc/security/py-denyhosts/Makefile 2014/02/04 15:38:16 1.11
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1# $NetBSD: Makefile,v 1.10 2014/01/25 10:30:20 wiz Exp $ 1# $NetBSD: Makefile,v 1.11 2014/02/04 15:38:16 pettai Exp $
2 2
3VER= 2.6 3VER= 2.6
4DISTNAME= DenyHosts-${VER} 4DISTNAME= DenyHosts-${VER}
5PKGNAME= ${PYPKGPREFIX}-denyhosts-${VER} 5PKGNAME= ${PYPKGPREFIX}-denyhosts-${VER}
6PKGREVISION= 4 6PKGREVISION= 5
7CATEGORIES= sysutils 7CATEGORIES= sysutils
8MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=denyhosts/} 8MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=denyhosts/}
9LICENSE= gnu-gpl-v2 9LICENSE= gnu-gpl-v2
10 10
11MAINTAINER= he@NetBSD.org 11MAINTAINER= he@NetBSD.org
12HOMEPAGE= http://denyhosts.sourceforge.net/ 12HOMEPAGE= http://denyhosts.sourceforge.net/
13COMMENT= Watch auth log for invalid ssh login attempts and block hosts 13COMMENT= Watch auth log for invalid ssh login attempts and block hosts
14 14
15PYDISTUTILSPKG= yes 15PYDISTUTILSPKG= yes
16 16
17CONF_FILES+= ${PREFIX}/share/denyhosts/denyhosts.cfg-dist \ 17CONF_FILES+= ${PREFIX}/share/denyhosts/denyhosts.cfg-dist \
18 ${PREFIX}/etc/denyhosts.conf 18 ${PREFIX}/etc/denyhosts.conf
19 19
cvs diff -r1.5 -r1.6 pkgsrc/security/py-denyhosts/distinfo (expand / switch to unified diff)

--- pkgsrc/security/py-denyhosts/distinfo 2013/12/29 20:27:55 1.5
+++ pkgsrc/security/py-denyhosts/distinfo 2014/02/04 15:38:16 1.6
@@ -1,11 +1,11 @@ @@ -1,11 +1,11 @@
1$NetBSD: distinfo,v 1.5 2013/12/29 20:27:55 pettai Exp $ 1$NetBSD: distinfo,v 1.6 2014/02/04 15:38:16 pettai Exp $
2 2
3SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373 3SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373
4RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a 4RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a
5Size (DenyHosts-2.6.tar.gz) = 42667 bytes 5Size (DenyHosts-2.6.tar.gz) = 42667 bytes
6SHA1 (patch-aa) = 4bbb07f5918330a8dd828e8cfdf5bad3c4f50893 6SHA1 (patch-aa) = 4bbb07f5918330a8dd828e8cfdf5bad3c4f50893
7SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8 7SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8
8SHA1 (patch-ac) = 67eec2ff93ecfffeda2ed92fe7943fa5bc161083 8SHA1 (patch-ac) = 67eec2ff93ecfffeda2ed92fe7943fa5bc161083
9SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb 9SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb
10SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038 10SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038
11SHA1 (patch-af) = 4ce30eef4df19715ff2cedae193ea3dd8876c186 11SHA1 (patch-af) = df52c4b0e842ab311b3a698ba29ad7d20bd7fbf0
cvs diff -r1.2 -r1.3 pkgsrc/security/py-denyhosts/patches/Attic/patch-af (expand / switch to unified diff)

--- pkgsrc/security/py-denyhosts/patches/Attic/patch-af 2013/12/26 23:30:41 1.2
+++ pkgsrc/security/py-denyhosts/patches/Attic/patch-af 2014/02/04 15:38:16 1.3
@@ -1,30 +1,30 @@ @@ -1,30 +1,30 @@
1$NetBSD: patch-af,v 1.2 2013/12/26 23:30:41 pettai Exp $ 1$NetBSD: patch-af,v 1.3 2014/02/04 15:38:16 pettai Exp $
2 2
3Fix for CVE-2013-6890 3Fix for CVE-2013-6890 (See http://seclists.org/oss-sec/2013/q4/535)
4(See http://seclists.org/oss-sec/2013/q4/535) 4Added DSA-2826-2 fix for regression (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734329)
5 5
6--- DenyHosts/regex.py.orig 2013-12-26 22:46:33.000000000 +0000 6--- DenyHosts/regex.py.orig 2013-12-26 22:46:33.000000000 +0000
7+++ DenyHosts/regex.py 7+++ DenyHosts/regex.py
8@@ -6,22 +6,22 @@ import re 8@@ -6,22 +6,22 @@ import re
9  9
10 #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""") 10 #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""")
11  11
12-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""") 12-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""")
13+SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""") 13+SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""")
14 #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""") 14 #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""")
15  15
16-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") 16-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
17+FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") 17+FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})( port \d+)?( ssh2)?$""")
18  18
19-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") 19-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
20+FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") 20+FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
21  21
22-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") 22-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
23+FAILED_ENTRY_REGEX3 = None 23+FAILED_ENTRY_REGEX3 = None
24  24
25-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") 25-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
26+FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""") 26+FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""")
27  27
28-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""") 28-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
29+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""") 29+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""")
30  30