[csw-devel] SF.net SVN: gar:[21388] csw/mgar/pkg/denyhosts/trunk
dmichelsen at users.sourceforge.net
dmichelsen at users.sourceforge.net
Fri Jun 21 15:49:16 CEST 2013
Revision: 21388
http://gar.svn.sourceforge.net/gar/?rev=21388&view=rev
Author: dmichelsen
Date: 2013-06-21 13:49:12 +0000 (Fri, 21 Jun 2013)
Log Message:
-----------
denyhosts/trunk: Fix #4491, #4492 and #4493
Modified Paths:
--------------
csw/mgar/pkg/denyhosts/trunk/Makefile
csw/mgar/pkg/denyhosts/trunk/checksums
Added Paths:
-----------
csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch
csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch
csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch
Modified: csw/mgar/pkg/denyhosts/trunk/Makefile
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/Makefile 2013-06-20 21:25:52 UTC (rev 21387)
+++ csw/mgar/pkg/denyhosts/trunk/Makefile 2013-06-21 13:49:12 UTC (rev 21388)
@@ -18,39 +18,43 @@
DenyHosts attempts to address the above.
endef
-SPKG_SOURCEURL = http://denyhosts.sf.net/
MASTER_SITES = $(SF_MIRRORS)
DISTNAME = DenyHosts-$(VERSION)
-DISTFILES = $(DISTNAME).tar.gz
+DISTFILES += $(DISTNAME).tar.gz
+
+# Selected patches from ftp://ftp.debian.org/debian/pool/main/d/denyhosts/denyhosts_2.6-7.debian.tar.gz
+# as reported in https://www.opencsw.org/mantis/view.php?id=4491
+PATCHFILES += 07_regex.patch
+PATCHFILES += 09_plugin_deny.patch
+PATCHFILES += 10_create_timestamp.patch
+
LICENSE = LICENSE.txt
-ARCHALL = 1
-INITSMF = /etc/opt/csw/init.d/cswdenyhosts
+VENDOR_URL = http://denyhosts.sf.net/
+
PACKAGES = CSWdenyhosts
-
+SPKG_DECS_CSWdenyhosts = A tool to limit SSH brute force attacks
+ARCHALL_CSWdenyhosts = 1
CHECKPKG_OVERRIDES_CSWdenyhosts += pkgname-does-not-start-with-CSWpy-
CHECKPKG_OVERRIDES_CSWdenyhosts += catalogname-does-not-start-with-py_
-# We define upstream file regex so we can be notifed of new upstream software release
-UFILES_REGEX = $(NAME)-(\d+(?:\.\d+)*).tar.gz
+INITSMF = /etc/opt/csw/init.d/cswdenyhosts
# No test target
TEST_SCRIPTS =
EXTRA_INSTALL_ARGS += --no-compile
-sysconfdir = /etc/opt/csw/
-localstatedir = /var/opt/csw/
-SAMPLECONF = $(sysconfdir)/denyhosts.cfg
+PRESERVECONF = $(sysconfdir)/denyhosts.cfg
include gar/category.mk
# setup.py puts everything in /usr/share by default, adjust this to $(datadir)
-pre-install-modulated:
+pre-install:
gsed -ie 's,/usr/share/denyhosts,$(datadir)/$(NAME),' $(WORKSRC)/setup.py
@$(MAKECOOKIE)
-post-install-modulated: DOCDEST = $(DESTDIR)$(docdir)/$(NAME)
-post-install-modulated:
+post-install: DOCDEST = $(DESTDIR)$(docdir)/$(NAME)
+post-install:
ginstall -d $(DOCDEST)
ginstall -d $(DESTDIR)$(sysconfdir)
ginstall -d $(DESTDIR)$(sysconfdir)/init.d
@@ -67,15 +71,19 @@
#Adjust config to match Solaris paths + our package paths
gsed -i \
- -e 's,/var/log/secure,path to ssh log,' \
+ -e 's,/var/log/secure,/var/log/authlog,' \
-e 's,/usr/share/denyhosts/data,$(localstatedir)/$(NAME),' \
-e 's,/var/lock/subsys/denyhosts,/var/opt/csw/run/denyhosts.pid,' \
-e 's,/var/log/denyhosts,$(localstatedir)/$(NAME)/$(NAME).log,' \
$(DESTDIR)$(sysconfdir)/denyhosts.cfg
+ # From http://denyhosts.sourceforge.net/solaris.txt
+ echo 'SSHD_FORMAT_REGEX=.* (sshd\[.*\]: \[ID \d* auth.info\]) (?P<message>.*)' \
+ >>$(DESTDIR)$(sysconfdir)/denyhosts.cfg
+
gsed -i \
-e 's,denyhosts.cfg,$(sysconfdir)/denyhosts.cfg,' \
- $(DESTDIR)/opt/csw/lib/python2.6/site-packages/DenyHosts/constants.py
+ $(DESTDIR)/opt/csw/lib/python/site-packages/DenyHosts/constants.py
#Adjust daemon-control-dist wrapper script to match our package paths
gsed -i \
Modified: csw/mgar/pkg/denyhosts/trunk/checksums
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/checksums 2013-06-20 21:25:52 UTC (rev 21387)
+++ csw/mgar/pkg/denyhosts/trunk/checksums 2013-06-21 13:49:12 UTC (rev 21388)
@@ -1 +1 @@
-fc2365305a9402886a2b0173d1beb7df download/DenyHosts-2.6.tar.gz
+fc2365305a9402886a2b0173d1beb7df DenyHosts-2.6.tar.gz
Added: csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch (rev 0)
+++ csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch 2013-06-21 13:49:12 UTC (rev 21388)
@@ -0,0 +1,13 @@
+Author: Nico Golde <nion at debian.org> and Marco Bertorello <marco at bertorello.ns0.it>
+Description: Fix a vulnerability (CVE-2007-4323) and other problem with regexp
+--- a/DenyHosts/regex.py
++++ b/DenyHosts/regex.py
+@@ -17,7 +17,7 @@
+
+ FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
+
+-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
+
+ FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+
Added: csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch (rev 0)
+++ csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch 2013-06-21 13:49:12 UTC (rev 21388)
@@ -0,0 +1,13 @@
+Author: Marco Bertorello <marco at bertorello.ns0.it>
+Description: Correct the upstream bug http://sourceforge.net/tracker/index.php?func=detail&aid=1734736&group_id=131204&atid=720419
+--- a/DenyHosts/deny_hosts.py
++++ b/DenyHosts/deny_hosts.py
+@@ -443,7 +443,7 @@
+ self.__report.add_section(msg, new_denied_hosts)
+ if self.__sync_server: self.sync_add_hosts(new_denied_hosts)
+ plugin_deny = self.__prefs.get('PLUGIN_DENY')
+- if plugin_deny: plugin.execute(plugin_deny, deny_hosts)
++ if plugin_deny: plugin.execute(plugin_deny, new_denied_hosts)
+
+ new_suspicious_logins = login_attempt.get_new_suspicious_logins()
+ if new_suspicious_logins:
Added: csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch (rev 0)
+++ csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch 2013-06-21 13:49:12 UTC (rev 21388)
@@ -0,0 +1,13 @@
+Author: Marco Bertorello <marco at bertorello.ns0.it>
+Description: create a timestamp file if doesn't exist
+--- a/DenyHosts/sync.py
++++ b/DenyHosts/sync.py
+@@ -53,7 +53,7 @@
+ def set_sync_timestamp(self, timestamp):
+ try:
+ fp = open(os.path.join(self.__work_dir,
+- SYNC_TIMESTAMP), "w")
++ SYNC_TIMESTAMP), "a")
+ fp.write(timestamp)
+ except e:
+ error(e)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list