From 3ac8d910c750787276cfa7f5548af3b84b38190c Mon Sep 17 00:00:00 2001 From: tron Date: Sun, 29 Dec 2013 21:21:36 +0000 Subject: Pullup ticket #4278 - requested by pettai security/py-denyhosts: security patch Revisions pulled up: - security/py-denyhosts/Makefile 1.9 - security/py-denyhosts/distinfo 1.4-1.5 - security/py-denyhosts/patches/patch-af 1.2 --- Module Name: pkgsrc Committed By: pettai Date: Thu Dec 26 23:30:41 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: Makefile distinfo pkgsrc/security/py-denyhosts/patches: patch-af Log Message: Fix for CVE-2013-6890 --- Module Name: pkgsrc Committed By: pettai Date: Sun Dec 29 20:27:55 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: distinfo Log Message: Fixed broken checksum --- security/py-denyhosts/Makefile | 5 ++-- security/py-denyhosts/distinfo | 4 +-- security/py-denyhosts/patches/patch-af | 46 ++++++++++++++++++++++++++++------ 3 files changed, 44 insertions(+), 11 deletions(-) diff --git a/security/py-denyhosts/Makefile b/security/py-denyhosts/Makefile index 1e5d08bb7ee..2d12ed92eea 100644 --- a/security/py-denyhosts/Makefile +++ b/security/py-denyhosts/Makefile @@ -1,12 +1,13 @@ -# $NetBSD: Makefile,v 1.8 2012/10/23 18:16:53 asau Exp $ +# $NetBSD: Makefile,v 1.8.8.1 2013/12/29 21:21:36 tron Exp $ # VER= 2.6 DISTNAME= DenyHosts-${VER} PKGNAME= ${PYPKGPREFIX}-denyhosts-${VER} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= sysutils MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=denyhosts/} +LICENSE= gnu-gpl-v2 MAINTAINER= he@NetBSD.org HOMEPAGE= http://denyhosts.sourceforge.net/ diff --git a/security/py-denyhosts/distinfo b/security/py-denyhosts/distinfo index 2e62da5c3bb..4211209ea38 100644 --- a/security/py-denyhosts/distinfo +++ b/security/py-denyhosts/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2011/12/14 03:05:04 sbd Exp $ +$NetBSD: distinfo,v 1.3.16.1 2013/12/29 21:21:36 tron Exp $ SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373 RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a @@ -8,4 +8,4 @@ SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8 SHA1 (patch-ac) = 67eec2ff93ecfffeda2ed92fe7943fa5bc161083 SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038 -SHA1 (patch-af) = 536d14cf67cad8dc3767a5a7b3ea2e2278c7392a +SHA1 (patch-af) = 4ce30eef4df19715ff2cedae193ea3dd8876c186 diff --git a/security/py-denyhosts/patches/patch-af b/security/py-denyhosts/patches/patch-af index d8f2280b621..3c1006636e8 100644 --- a/security/py-denyhosts/patches/patch-af +++ b/security/py-denyhosts/patches/patch-af @@ -1,15 +1,47 @@ -$NetBSD: patch-af,v 1.1 2007/08/18 15:10:39 taca Exp $ +$NetBSD: patch-af,v 1.1.54.1 2013/12/29 21:21:36 tron Exp $ -Fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4323 +Fix for CVE-2013-6890 +(See http://seclists.org/oss-sec/2013/q4/535) ---- DenyHosts/regex.py.orig 2006-12-08 04:47:04.000000000 +0900 +--- DenyHosts/regex.py.orig 2013-12-26 22:46:33.000000000 +0000 +++ DenyHosts/regex.py -@@ -17,7 +17,7 @@ FAILED_ENTRY_REGEX3 = re.compile(r"""Aut +@@ -6,22 +6,22 @@ import re - FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P.*) .*from (?P.*)""") + #DATE_FORMAT_REGEX = re.compile(r"""(?P[A-z]{3,3})\s*(?P\d+)""") + +-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P.*)""") ++SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P.*)""") + #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P.*)""") + +-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P.*) for (?Pinvalid user |illegal user )?(?P.*?) .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P\S*) for (?Pinvalid user |illegal user )?(?P.*) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") + +-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P(Illegal|Invalid)) user (?P.*?) .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX2 = re.compile(r"""(?P(Illegal|Invalid)) user (?P.*) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") + +-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P.*) .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX3 = None + +-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P.*) .*from (?P.*)""") ++FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P.*) from (::ffff:)?(?P\S+)$""") -FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P.*) .*from (?P.*) not allowed because none of user's groups are listed in AllowGroups""") -+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P.*) .*from (?P.*) not allowed because none of user's groups are listed in AllowGroups$""") ++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P.*) from (::ffff:)?(?P\S+) not allowed because none of user's groups are listed in AllowGroups$""") + +-FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") + +-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P.*) not allowed because not listed in AllowUsers""") ++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P.*) from (::ffff:)?(?P\S+) not allowed because not listed in AllowUsers$""") + + + # these are reserved for future versions +@@ -42,7 +42,7 @@ for i in FAILED_ENTRY_REGEX_RANGE: + FAILED_ENTRY_REGEX_MAP[i] = rx + + +-SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P.*) for (?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") ++SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P\S+) for (?P.*?) from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") + TIME_SPEC_REGEX = re.compile(r"""(?P\d*)\s*(?P[smhdwy])?""") -- cgit v1.2.3