Fixes log injection reported by Sune Kloppenborg Jeppesen in bug #181213.

Package-Manager: portage-2.1.3.9

5 files changed, 111 insertions, 5 deletions

diff --git a/app-admin/denyhosts/ChangeLog b/app-admin/denyhosts/ChangeLog
index 9601939a810f..d20982566944 100644
--- a/app-admin/denyhosts/ChangeLog
+++ b/app-admin/denyhosts/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-admin/denyhosts
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/ChangeLog,v 1.27 2007/08/14 18:10:41 strerror Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/ChangeLog,v 1.28 2007/09/13 15:09:14 pva Exp $
+
+*denyhosts-2.6-r1 (13 Sep 2007)
+
+  13 Sep 2007; <pva@gentoo.org>
+  +files/denyhosts-2.6-log-injection-regex.patch, +denyhosts-2.6-r1.ebuild:
+  Fixes log injection reported by Sune Kloppenborg Jeppesen in bug #181213.
 
   14 Aug 2007; Benjamin Smee <strerror@gentoo.org> files/denyhosts.init:
   fix for bug #174501
diff --git a/app-admin/denyhosts/Manifest b/app-admin/denyhosts/Manifest
index e701767580c4..11fb560e8cb8 100644
--- a/app-admin/denyhosts/Manifest
+++ b/app-admin/denyhosts/Manifest
@@ -2,6 +2,10 @@ AUX denyhosts-2.6-gentoo.patch 1072 RMD160 e396870f65e7cd512996229d901c6c19bd403
 MD5 d224528900ced34e5445b822b5e993c2 files/denyhosts-2.6-gentoo.patch 1072
 RMD160 e396870f65e7cd512996229d901c6c19bd403b8b files/denyhosts-2.6-gentoo.patch 1072
 SHA256 9a8aa093691efd23a0f34f7dd6ec8716eaeb266ceb96f851f7b2eb12dad44a5a files/denyhosts-2.6-gentoo.patch 1072
+AUX denyhosts-2.6-log-injection-regex.patch 1142 RMD160 0fee22c97c27bcd7c3fa40c0ae1377d8c1cabb66 SHA1 92d9cb6e69179e0e0d49b78db1fdceec4cc4bbf5 SHA256 836bbec93f10e6314afc63a98c0312c1ba7ec95ba0bb857807f3dd9131f79df8
+MD5 79abdfcd7ce0859f2f3f134598a89209 files/denyhosts-2.6-log-injection-regex.patch 1142
+RMD160 0fee22c97c27bcd7c3fa40c0ae1377d8c1cabb66 files/denyhosts-2.6-log-injection-regex.patch 1142
+SHA256 836bbec93f10e6314afc63a98c0312c1ba7ec95ba0bb857807f3dd9131f79df8 files/denyhosts-2.6-log-injection-regex.patch 1142
 AUX denyhosts-gentoo.patch 2395 RMD160 8f028a90f5afa17f77d6bd346e4f2b1e44266d83 SHA1 0e5a55cd8c5bca95265e322bac919f70da0a5b48 SHA256 50f169c45f674708fef8f1912a816b798107e4e624e027974e71d1c585a2b3ed
 MD5 90c425b8fbcfa5fc084063999c2e3b9a files/denyhosts-gentoo.patch 2395
 RMD160 8f028a90f5afa17f77d6bd346e4f2b1e44266d83 files/denyhosts-gentoo.patch 2395
@@ -11,14 +15,18 @@ MD5 1ab965015c3774a2138d443fe0411d84 files/denyhosts.init 362
 RMD160 ef6f3cb195f1e8c333bc2e574509147f014536da files/denyhosts.init 362
 SHA256 671186507b221383b3e542aa38866677764e04ecb5ce01f3dabf904f3743b1f5 files/denyhosts.init 362
 DIST DenyHosts-2.6.tar.gz 42667 RMD160 cab4206af992f5405ed1c9b302341c7b5649c71a SHA1 02143843cb7c37c986c222b7acc11f7b75eb7373 SHA256 5190ead13a7238e3ccf328cb3b71b16716e1c73939909a4f3fa6904ba58ddf7d
+EBUILD denyhosts-2.6-r1.ebuild 1790 RMD160 35662d26274c39ceb89d3ae8dbaeeb718c240a21 SHA1 51b1f9bc06dc42549279bc7288f92e18ea4d7b0a SHA256 15c0830027206141c1a4e866a2b3f610ecb2daf503064adc675860f9819b861c
+MD5 c7fe64cb87b7a12c798052a55402b30d denyhosts-2.6-r1.ebuild 1790
+RMD160 35662d26274c39ceb89d3ae8dbaeeb718c240a21 denyhosts-2.6-r1.ebuild 1790
+SHA256 15c0830027206141c1a4e866a2b3f610ecb2daf503064adc675860f9819b861c denyhosts-2.6-r1.ebuild 1790
 EBUILD denyhosts-2.6.ebuild 1735 RMD160 c2868f05c73d6801ec0661baf0f86c848735330c SHA1 68646486c00925518b5b98417d7fc78c26e034d6 SHA256 7102915971f81507a4394752ae0221545c90b417433c3756b21701a63694d7dc
 MD5 0427930b5e9d91e7d893e0d4428b238a denyhosts-2.6.ebuild 1735
 RMD160 c2868f05c73d6801ec0661baf0f86c848735330c denyhosts-2.6.ebuild 1735
 SHA256 7102915971f81507a4394752ae0221545c90b417433c3756b21701a63694d7dc denyhosts-2.6.ebuild 1735
-MISC ChangeLog 3844 RMD160 66c0343f3a1349646de5641dc7c12de48b6e2e0c SHA1 1287d879321a308e78ef1c553b3c50923ec3414d SHA256 71057a4567825e5410767b1e403b2a09cf314ac61283ccab5866ab80071a0354
-MD5 0f08b594d725de3604c101519e7a6691 ChangeLog 3844
-RMD160 66c0343f3a1349646de5641dc7c12de48b6e2e0c ChangeLog 3844
-SHA256 71057a4567825e5410767b1e403b2a09cf314ac61283ccab5866ab80071a0354 ChangeLog 3844
+MISC ChangeLog 4057 RMD160 b78df4fe06f96a1e9032bd4b9b514f8365459c65 SHA1 059b85f69342ed01d6a2272ebe39a3938ffb0830 SHA256 b4b8e5f6ac84e21aa52fb891fc70eed57c0ea20f97304170e0c3633a504440a4
+MD5 a70e5f611926cd8f425818e903085b3f ChangeLog 4057
+RMD160 b78df4fe06f96a1e9032bd4b9b514f8365459c65 ChangeLog 4057
+SHA256 b4b8e5f6ac84e21aa52fb891fc70eed57c0ea20f97304170e0c3633a504440a4 ChangeLog 4057
 MISC metadata.xml 224 RMD160 3a30d2e0e1f652c515f93c173967ef86498c9d20 SHA1 4fda81119f9b7840f52a4843498d447917a7199d SHA256 8a997cd219f6f1521d13661747f916705f1f0a208cf9210891313d873684cf99
 MD5 a68c4bae140abb67c873bc75786dd04c metadata.xml 224
 RMD160 3a30d2e0e1f652c515f93c173967ef86498c9d20 metadata.xml 224
@@ -26,3 +34,6 @@ SHA256 8a997cd219f6f1521d13661747f916705f1f0a208cf9210891313d873684cf99 metadata
 MD5 0b2fac84380e47840828a988a45432ec files/digest-denyhosts-2.6 238
 RMD160 7814e4e9b217a7bf73e33b80de7c7098ba6794c2 files/digest-denyhosts-2.6 238
 SHA256 b147471e95f374999228127295b8bde626934347b71c66d5cd0ba2b4ebde0ef6 files/digest-denyhosts-2.6 238
+MD5 0b2fac84380e47840828a988a45432ec files/digest-denyhosts-2.6-r1 238
+RMD160 7814e4e9b217a7bf73e33b80de7c7098ba6794c2 files/digest-denyhosts-2.6-r1 238
+SHA256 b147471e95f374999228127295b8bde626934347b71c66d5cd0ba2b4ebde0ef6 files/digest-denyhosts-2.6-r1 238
diff --git a/app-admin/denyhosts/denyhosts-2.6-r1.ebuild b/app-admin/denyhosts/denyhosts-2.6-r1.ebuild
new file mode 100644
index 000000000000..f9e0a05b10a1
--- /dev/null
+++ b/app-admin/denyhosts/denyhosts-2.6-r1.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/denyhosts-2.6-r1.ebuild,v 1.1 2007/09/13 15:09:14 pva Exp $
+
+inherit distutils eutils
+
+my_PN="DenyHosts"
+my_P="${my_PN}-${PV}"
+DESCRIPTION="DenyHosts is a utility to help sys admins thwart ssh hackers"
+HOMEPAGE="http://www.denyhosts.net"
+SRC_URI="mirror://sourceforge/${PN}/${my_P}.tar.gz"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86"
+IUSE=""
+DEPEND=">=dev-lang/python-2.3"
+S="${WORKDIR}/${my_P}"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	# changes default file installations
+	epatch "${FILESDIR}"/${P}-gentoo.patch
+	epatch "${FILESDIR}"/${P}-log-injection-regex.patch
+	sed -i -e 's:#!/usr/bin/env python:#!/usr/bin/python:' \
+		denyhosts.py || die "sed failed"
+	sed -i -e 's:DENY_THRESHOLD_VALID = 10:DENY_THRESHOLD_VALID = 5:' \
+		denyhosts.cfg-dist || die "sed failed"
+}
+
+src_install() {
+	distutils_src_install
+
+	insinto /etc
+	insopts -m0640
+	newins denyhosts.cfg-dist denyhosts.conf
+
+	newinitd "${FILESDIR}"/denyhosts.init denyhosts
+
+	exeinto /usr/bin
+	newexe denyhosts.py denyhosts
+
+	dodoc CHANGELOG.txt README.txt
+
+	keepdir /var/lib/denyhosts
+}
+
+pkg_postinst() {
+	if [ ! -f /etc/hosts.deny ]
+	then
+		touch /etc/hosts.deny
+	fi
+
+	elog "You can configure DenyHosts to run as a daemon by running:"
+	elog
+	elog "rc-update add denyhosts default"
+	elog
+	elog "or as a cronjob, by adding the following to /etc/crontab"
+	elog "# run DenyHosts every 10 minutes"
+	elog "*/10  *  * * *	root	python /usr/bin/denyhosts -c /etc/denyhosts.conf"
+	elog
+	elog "More information can be found at http://denyhosts.sourceforge.net/faq.html"
+	elog
+	ewarn "Modify /etc/denyhosts.conf to suit your environment system."
+}
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch b/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch
new file mode 100644
index 000000000000..c6fc20541019
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch
@@ -0,0 +1,21 @@
+Address Log injection reported at
+
+http://bugs.gentoo.org/show_bug.cgi?id=181213
+
+diff -ur a/DenyHosts/regex.py b/DenyHosts/regex.py
+--- a/DenyHosts/regex.py	2006-12-07 13:47:04.000000000 -0600
++++ b/DenyHosts/regex.py	2007-06-19 18:51:54.000000000 -0500
+@@ -17,11 +17,11 @@
+ 
+ FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
+ 
+-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
+ 
+ FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+ 
+-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""")
++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers""")
+ 
+ 
+ # these are reserved for future versions
diff --git a/app-admin/denyhosts/files/digest-denyhosts-2.6-r1 b/app-admin/denyhosts/files/digest-denyhosts-2.6-r1
new file mode 100644
index 000000000000..eaec57e06035
--- /dev/null
+++ b/app-admin/denyhosts/files/digest-denyhosts-2.6-r1
@@ -0,0 +1,3 @@
+MD5 fc2365305a9402886a2b0173d1beb7df DenyHosts-2.6.tar.gz 42667
+RMD160 cab4206af992f5405ed1c9b302341c7b5649c71a DenyHosts-2.6.tar.gz 42667
+SHA256 5190ead13a7238e3ccf328cb3b71b16716e1c73939909a4f3fa6904ba58ddf7d DenyHosts-2.6.tar.gz 42667