[csw-devel] SF.net SVN: gar:[21388] csw/mgar/pkg/denyhosts/trunk

dmichelsen at users.sourceforge.net dmichelsen at users.sourceforge.net
Fri Jun 21 15:49:16 CEST 2013


Revision: 21388
          http://gar.svn.sourceforge.net/gar/?rev=21388&view=rev
Author:   dmichelsen
Date:     2013-06-21 13:49:12 +0000 (Fri, 21 Jun 2013)
Log Message:
-----------
denyhosts/trunk: Fix #4491, #4492 and #4493

Modified Paths:
--------------
    csw/mgar/pkg/denyhosts/trunk/Makefile
    csw/mgar/pkg/denyhosts/trunk/checksums

Added Paths:
-----------
    csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch
    csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch
    csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch

Modified: csw/mgar/pkg/denyhosts/trunk/Makefile
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/Makefile	2013-06-20 21:25:52 UTC (rev 21387)
+++ csw/mgar/pkg/denyhosts/trunk/Makefile	2013-06-21 13:49:12 UTC (rev 21388)
@@ -18,39 +18,43 @@
   DenyHosts attempts to address the above.
 endef
 
-SPKG_SOURCEURL = http://denyhosts.sf.net/
 MASTER_SITES = $(SF_MIRRORS)
 DISTNAME = DenyHosts-$(VERSION)
-DISTFILES  = $(DISTNAME).tar.gz
+DISTFILES += $(DISTNAME).tar.gz
+
+# Selected patches from ftp://ftp.debian.org/debian/pool/main/d/denyhosts/denyhosts_2.6-7.debian.tar.gz
+# as reported in https://www.opencsw.org/mantis/view.php?id=4491
+PATCHFILES += 07_regex.patch
+PATCHFILES += 09_plugin_deny.patch
+PATCHFILES += 10_create_timestamp.patch
+
 LICENSE = LICENSE.txt
-ARCHALL = 1
-INITSMF = /etc/opt/csw/init.d/cswdenyhosts
 
+VENDOR_URL = http://denyhosts.sf.net/
+
 PACKAGES = CSWdenyhosts
-
+SPKG_DECS_CSWdenyhosts = A tool to limit SSH brute force attacks
+ARCHALL_CSWdenyhosts = 1
 CHECKPKG_OVERRIDES_CSWdenyhosts += pkgname-does-not-start-with-CSWpy-
 CHECKPKG_OVERRIDES_CSWdenyhosts += catalogname-does-not-start-with-py_
 
-# We define upstream file regex so we can be notifed of new upstream software release
-UFILES_REGEX = $(NAME)-(\d+(?:\.\d+)*).tar.gz
+INITSMF = /etc/opt/csw/init.d/cswdenyhosts
 
 # No test target
 TEST_SCRIPTS = 
 EXTRA_INSTALL_ARGS += --no-compile
 
-sysconfdir = /etc/opt/csw/
-localstatedir = /var/opt/csw/
-SAMPLECONF = $(sysconfdir)/denyhosts.cfg
+PRESERVECONF = $(sysconfdir)/denyhosts.cfg
 
 include gar/category.mk
 
 # setup.py puts everything in /usr/share by default, adjust this to $(datadir)
-pre-install-modulated:
+pre-install:
 	gsed -ie 's,/usr/share/denyhosts,$(datadir)/$(NAME),' $(WORKSRC)/setup.py
 	@$(MAKECOOKIE)
 
-post-install-modulated: DOCDEST = $(DESTDIR)$(docdir)/$(NAME)
-post-install-modulated:
+post-install: DOCDEST = $(DESTDIR)$(docdir)/$(NAME)
+post-install:
 	ginstall -d $(DOCDEST)
 	ginstall -d $(DESTDIR)$(sysconfdir)
 	ginstall -d $(DESTDIR)$(sysconfdir)/init.d
@@ -67,15 +71,19 @@
 
 	#Adjust config to match Solaris paths + our package paths
 	gsed -i \
-		-e 's,/var/log/secure,path to ssh log,' \
+		-e 's,/var/log/secure,/var/log/authlog,' \
 		-e 's,/usr/share/denyhosts/data,$(localstatedir)/$(NAME),' \
 		-e 's,/var/lock/subsys/denyhosts,/var/opt/csw/run/denyhosts.pid,' \
 		-e 's,/var/log/denyhosts,$(localstatedir)/$(NAME)/$(NAME).log,' \
 		$(DESTDIR)$(sysconfdir)/denyhosts.cfg
 
+	# From http://denyhosts.sourceforge.net/solaris.txt
+	echo 'SSHD_FORMAT_REGEX=.* (sshd\[.*\]: \[ID \d* auth.info\]) (?P<message>.*)' \
+		>>$(DESTDIR)$(sysconfdir)/denyhosts.cfg
+
 	gsed -i \
 		-e 's,denyhosts.cfg,$(sysconfdir)/denyhosts.cfg,' \
-		$(DESTDIR)/opt/csw/lib/python2.6/site-packages/DenyHosts/constants.py
+		$(DESTDIR)/opt/csw/lib/python/site-packages/DenyHosts/constants.py
 
 	#Adjust daemon-control-dist wrapper script to match our package paths
 	gsed -i \

Modified: csw/mgar/pkg/denyhosts/trunk/checksums
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/checksums	2013-06-20 21:25:52 UTC (rev 21387)
+++ csw/mgar/pkg/denyhosts/trunk/checksums	2013-06-21 13:49:12 UTC (rev 21388)
@@ -1 +1 @@
-fc2365305a9402886a2b0173d1beb7df  download/DenyHosts-2.6.tar.gz
+fc2365305a9402886a2b0173d1beb7df  DenyHosts-2.6.tar.gz

Added: csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch	                        (rev 0)
+++ csw/mgar/pkg/denyhosts/trunk/files/07_regex.patch	2013-06-21 13:49:12 UTC (rev 21388)
@@ -0,0 +1,13 @@
+Author: Nico Golde <nion at debian.org> and Marco Bertorello <marco at bertorello.ns0.it>
+Description: Fix a vulnerability (CVE-2007-4323) and other problem with regexp
+--- a/DenyHosts/regex.py
++++ b/DenyHosts/regex.py
+@@ -17,7 +17,7 @@
+ 
+ FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
+ 
+-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
+ 
+ FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+ 

Added: csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch	                        (rev 0)
+++ csw/mgar/pkg/denyhosts/trunk/files/09_plugin_deny.patch	2013-06-21 13:49:12 UTC (rev 21388)
@@ -0,0 +1,13 @@
+Author: Marco Bertorello <marco at bertorello.ns0.it>
+Description: Correct the upstream bug http://sourceforge.net/tracker/index.php?func=detail&aid=1734736&group_id=131204&atid=720419
+--- a/DenyHosts/deny_hosts.py
++++ b/DenyHosts/deny_hosts.py
+@@ -443,7 +443,7 @@
+             self.__report.add_section(msg, new_denied_hosts)
+             if self.__sync_server: self.sync_add_hosts(new_denied_hosts)
+             plugin_deny = self.__prefs.get('PLUGIN_DENY')
+-            if plugin_deny: plugin.execute(plugin_deny, deny_hosts)
++            if plugin_deny: plugin.execute(plugin_deny, new_denied_hosts)
+         
+         new_suspicious_logins = login_attempt.get_new_suspicious_logins()
+         if new_suspicious_logins:

Added: csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch
===================================================================
--- csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch	                        (rev 0)
+++ csw/mgar/pkg/denyhosts/trunk/files/10_create_timestamp.patch	2013-06-21 13:49:12 UTC (rev 21388)
@@ -0,0 +1,13 @@
+Author: Marco Bertorello <marco at bertorello.ns0.it>
+Description: create a timestamp file if doesn't exist
+--- a/DenyHosts/sync.py
++++ b/DenyHosts/sync.py
+@@ -53,7 +53,7 @@
+     def set_sync_timestamp(self, timestamp):
+         try:
+             fp = open(os.path.join(self.__work_dir,
+-                                   SYNC_TIMESTAMP), "w")
++                                   SYNC_TIMESTAMP), "a")
+             fp.write(timestamp)
+         except e:
+             error(e)

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



More information about the devel mailing list