diff options
| -rw-r--r-- | security/py-denyhosts/Makefile | 5 | ||||
| -rw-r--r-- | security/py-denyhosts/distinfo | 4 | ||||
| -rw-r--r-- | security/py-denyhosts/patches/patch-af | 46 |
3 files changed, 44 insertions, 11 deletions
diff --git a/security/py-denyhosts/Makefile b/security/py-denyhosts/Makefile index 1e5d08bb7ee..9add3f46cc8 100644 --- a/security/py-denyhosts/Makefile +++ b/security/py-denyhosts/Makefile @@ -1,12 +1,13 @@ -# $NetBSD: Makefile,v 1.8 2012/10/23 18:16:53 asau Exp $ +# $NetBSD: Makefile,v 1.9 2013/12/26 23:30:41 pettai Exp $ # VER= 2.6 DISTNAME= DenyHosts-${VER} PKGNAME= ${PYPKGPREFIX}-denyhosts-${VER} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= sysutils MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=denyhosts/} +LICENSE= gnu-gpl-v2 MAINTAINER= he@NetBSD.org HOMEPAGE= http://denyhosts.sourceforge.net/ diff --git a/security/py-denyhosts/distinfo b/security/py-denyhosts/distinfo index 2e62da5c3bb..cfc2b67b9f8 100644 --- a/security/py-denyhosts/distinfo +++ b/security/py-denyhosts/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2011/12/14 03:05:04 sbd Exp $ +$NetBSD: distinfo,v 1.4 2013/12/26 23:30:41 pettai Exp $ SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373 RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a @@ -8,4 +8,4 @@ SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8 SHA1 (patch-ac) = 67eec2ff93ecfffeda2ed92fe7943fa5bc161083 SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038 -SHA1 (patch-af) = 536d14cf67cad8dc3767a5a7b3ea2e2278c7392a +SHA1 (patch-af) = 518d7cf1c584e879abe00c8c8f466a797c49337f diff --git a/security/py-denyhosts/patches/patch-af b/security/py-denyhosts/patches/patch-af index d8f2280b621..241bebe581c 100644 --- a/security/py-denyhosts/patches/patch-af +++ b/security/py-denyhosts/patches/patch-af @@ -1,15 +1,47 @@ -$NetBSD: patch-af,v 1.1 2007/08/18 15:10:39 taca Exp $ +$NetBSD: patch-af,v 1.2 2013/12/26 23:30:41 pettai Exp $ -Fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4323 +Fix for CVE-2013-6890 +(See http://seclists.org/oss-sec/2013/q4/535) ---- DenyHosts/regex.py.orig 2006-12-08 04:47:04.000000000 +0900 +--- DenyHosts/regex.py.orig 2013-12-26 22:46:33.000000000 +0000 +++ DenyHosts/regex.py -@@ -17,7 +17,7 @@ FAILED_ENTRY_REGEX3 = re.compile(r"""Aut +@@ -6,22 +6,22 @@ import re - FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") + #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""") + +-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""") ++SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""") + #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""") + +-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") + +-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") + +-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX3 = None + +-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") ++FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""") -FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""") -+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""") ++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""") + +-FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") + +-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""") ++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""") + + + # these are reserved for future versions +@@ -42,7 +42,7 @@ for i in FAILED_ENTRY_REGEX_RANGE: + FAILED_ENTRY_REGEX_MAP[i] = rx + + +-SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") + TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""") |