Pullup ticket #4278 - requested by pettai

security/py-denyhosts: security patch

Revisions pulled up:
- security/py-denyhosts/Makefile                                1.9
- security/py-denyhosts/distinfo                                1.4-1.5
- security/py-denyhosts/patches/patch-af                        1.2

---
   Module Name:    pkgsrc
   Committed By:   pettai
   Date:           Thu Dec 26 23:30:41 UTC 2013

   Modified Files:
           pkgsrc/security/py-denyhosts: Makefile distinfo
           pkgsrc/security/py-denyhosts/patches: patch-af

   Log Message:
   Fix for CVE-2013-6890

---
   Module Name:    pkgsrc
   Committed By:   pettai
   Date:           Sun Dec 29 20:27:55 UTC 2013

   Modified Files:
           pkgsrc/security/py-denyhosts: distinfo

   Log Message:
   Fixed broken checksum

3 files changed, 44 insertions, 11 deletions

diff --git a/security/py-denyhosts/Makefile b/security/py-denyhosts/Makefile
index 1e5d08bb7ee..2d12ed92eea 100644
--- a/security/py-denyhosts/Makefile
+++ b/security/py-denyhosts/Makefile
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.8 2012/10/23 18:16:53 asau Exp $
+# $NetBSD: Makefile,v 1.8.8.1 2013/12/29 21:21:36 tron Exp $
 #
 
 VER=		2.6
 DISTNAME=	DenyHosts-${VER}
 PKGNAME=	${PYPKGPREFIX}-denyhosts-${VER}
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	sysutils
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=denyhosts/}
+LICENSE=	gnu-gpl-v2
 
 MAINTAINER=	he@NetBSD.org
 HOMEPAGE=	http://denyhosts.sourceforge.net/
diff --git a/security/py-denyhosts/distinfo b/security/py-denyhosts/distinfo
index 2e62da5c3bb..4211209ea38 100644
--- a/security/py-denyhosts/distinfo
+++ b/security/py-denyhosts/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.3 2011/12/14 03:05:04 sbd Exp $
+$NetBSD: distinfo,v 1.3.16.1 2013/12/29 21:21:36 tron Exp $
 
 SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373
 RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a
@@ -8,4 +8,4 @@ SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8
 SHA1 (patch-ac) = 67eec2ff93ecfffeda2ed92fe7943fa5bc161083
 SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb
 SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038
-SHA1 (patch-af) = 536d14cf67cad8dc3767a5a7b3ea2e2278c7392a
+SHA1 (patch-af) = 4ce30eef4df19715ff2cedae193ea3dd8876c186
diff --git a/security/py-denyhosts/patches/patch-af b/security/py-denyhosts/patches/patch-af
index d8f2280b621..3c1006636e8 100644
--- a/security/py-denyhosts/patches/patch-af
+++ b/security/py-denyhosts/patches/patch-af
@@ -1,15 +1,47 @@
-$NetBSD: patch-af,v 1.1 2007/08/18 15:10:39 taca Exp $
+$NetBSD: patch-af,v 1.1.54.1 2013/12/29 21:21:36 tron Exp $
 
-Fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4323
+Fix for CVE-2013-6890
+(See http://seclists.org/oss-sec/2013/q4/535)
 
---- DenyHosts/regex.py.orig	2006-12-08 04:47:04.000000000 +0900
+--- DenyHosts/regex.py.orig	2013-12-26 22:46:33.000000000 +0000
 +++ DenyHosts/regex.py
-@@ -17,7 +17,7 @@ FAILED_ENTRY_REGEX3 = re.compile(r"""Aut
+@@ -6,22 +6,22 @@ import re
  
- FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
+ #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""")
+ 
+-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""")
++SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""")
+ #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""")
+ 
+-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+ 
+-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+ 
+-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX3 = None
+ 
+-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
++FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""")
  
 -FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
-+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""")
+ 
+-FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+ 
+-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""")
++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""")
+ 
+ 
+ # these are reserved for future versions
+@@ -42,7 +42,7 @@ for i in FAILED_ENTRY_REGEX_RANGE:
+     FAILED_ENTRY_REGEX_MAP[i] = rx
+ 
+ 
+-SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
  
- FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+ TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""")