summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2007-09-13 15:09:18 +0000
committerPeter Volkov <pva@gentoo.org>2007-09-13 15:09:18 +0000
commit902344cde83d77cf3af55399f3c2d157ddac59ee (patch)
tree2ebeeed8fde376e4228fd4a1f6f61a4c9082064b /app-admin
parentInitial commit. (diff)
downloadgentoo-2-902344cde83d77cf3af55399f3c2d157ddac59ee.tar.gz
gentoo-2-902344cde83d77cf3af55399f3c2d157ddac59ee.tar.bz2
gentoo-2-902344cde83d77cf3af55399f3c2d157ddac59ee.zip
Fixes log injection reported by Sune Kloppenborg Jeppesen in bug #181213.
(Portage version: 2.1.3.9)
Diffstat (limited to 'app-admin')
-rw-r--r--app-admin/denyhosts/ChangeLog8
-rw-r--r--app-admin/denyhosts/denyhosts-2.6-r1.ebuild65
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch21
-rw-r--r--app-admin/denyhosts/files/digest-denyhosts-2.6-r13
4 files changed, 96 insertions, 1 deletions
diff --git a/app-admin/denyhosts/ChangeLog b/app-admin/denyhosts/ChangeLog
index 9601939a810f..d20982566944 100644
--- a/app-admin/denyhosts/ChangeLog
+++ b/app-admin/denyhosts/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-admin/denyhosts
# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/ChangeLog,v 1.27 2007/08/14 18:10:41 strerror Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/ChangeLog,v 1.28 2007/09/13 15:09:14 pva Exp $
+
+*denyhosts-2.6-r1 (13 Sep 2007)
+
+ 13 Sep 2007; <pva@gentoo.org>
+ +files/denyhosts-2.6-log-injection-regex.patch, +denyhosts-2.6-r1.ebuild:
+ Fixes log injection reported by Sune Kloppenborg Jeppesen in bug #181213.
14 Aug 2007; Benjamin Smee <strerror@gentoo.org> files/denyhosts.init:
fix for bug #174501
diff --git a/app-admin/denyhosts/denyhosts-2.6-r1.ebuild b/app-admin/denyhosts/denyhosts-2.6-r1.ebuild
new file mode 100644
index 000000000000..f9e0a05b10a1
--- /dev/null
+++ b/app-admin/denyhosts/denyhosts-2.6-r1.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/denyhosts-2.6-r1.ebuild,v 1.1 2007/09/13 15:09:14 pva Exp $
+
+inherit distutils eutils
+
+my_PN="DenyHosts"
+my_P="${my_PN}-${PV}"
+DESCRIPTION="DenyHosts is a utility to help sys admins thwart ssh hackers"
+HOMEPAGE="http://www.denyhosts.net"
+SRC_URI="mirror://sourceforge/${PN}/${my_P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86"
+IUSE=""
+DEPEND=">=dev-lang/python-2.3"
+S="${WORKDIR}/${my_P}"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ # changes default file installations
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ epatch "${FILESDIR}"/${P}-log-injection-regex.patch
+ sed -i -e 's:#!/usr/bin/env python:#!/usr/bin/python:' \
+ denyhosts.py || die "sed failed"
+ sed -i -e 's:DENY_THRESHOLD_VALID = 10:DENY_THRESHOLD_VALID = 5:' \
+ denyhosts.cfg-dist || die "sed failed"
+}
+
+src_install() {
+ distutils_src_install
+
+ insinto /etc
+ insopts -m0640
+ newins denyhosts.cfg-dist denyhosts.conf
+
+ newinitd "${FILESDIR}"/denyhosts.init denyhosts
+
+ exeinto /usr/bin
+ newexe denyhosts.py denyhosts
+
+ dodoc CHANGELOG.txt README.txt
+
+ keepdir /var/lib/denyhosts
+}
+
+pkg_postinst() {
+ if [ ! -f /etc/hosts.deny ]
+ then
+ touch /etc/hosts.deny
+ fi
+
+ elog "You can configure DenyHosts to run as a daemon by running:"
+ elog
+ elog "rc-update add denyhosts default"
+ elog
+ elog "or as a cronjob, by adding the following to /etc/crontab"
+ elog "# run DenyHosts every 10 minutes"
+ elog "*/10 * * * * root python /usr/bin/denyhosts -c /etc/denyhosts.conf"
+ elog
+ elog "More information can be found at http://denyhosts.sourceforge.net/faq.html"
+ elog
+ ewarn "Modify /etc/denyhosts.conf to suit your environment system."
+}
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch b/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch
new file mode 100644
index 000000000000..c6fc20541019
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch
@@ -0,0 +1,21 @@
+Address Log injection reported at
+
+http://bugs.gentoo.org/show_bug.cgi?id=181213
+
+diff -ur a/DenyHosts/regex.py b/DenyHosts/regex.py
+--- a/DenyHosts/regex.py 2006-12-07 13:47:04.000000000 -0600
++++ b/DenyHosts/regex.py 2007-06-19 18:51:54.000000000 -0500
+@@ -17,11 +17,11 @@
+
+ FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
+
+-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
+
+ FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+
+-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""")
++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers""")
+
+
+ # these are reserved for future versions
diff --git a/app-admin/denyhosts/files/digest-denyhosts-2.6-r1 b/app-admin/denyhosts/files/digest-denyhosts-2.6-r1
new file mode 100644
index 000000000000..eaec57e06035
--- /dev/null
+++ b/app-admin/denyhosts/files/digest-denyhosts-2.6-r1
@@ -0,0 +1,3 @@
+MD5 fc2365305a9402886a2b0173d1beb7df DenyHosts-2.6.tar.gz 42667
+RMD160 cab4206af992f5405ed1c9b302341c7b5649c71a DenyHosts-2.6.tar.gz 42667
+SHA256 5190ead13a7238e3ccf328cb3b71b16716e1c73939909a4f3fa6904ba58ddf7d DenyHosts-2.6.tar.gz 42667