diff options
author | Christoph Junghans <ottxor@gentoo.org> | 2015-09-22 09:37:12 -0600 |
---|---|---|
committer | Christoph Junghans <ottxor@gentoo.org> | 2015-09-22 09:37:12 -0600 |
commit | 2dc63155c81722b03388eda7ef41452585e4d42a (patch) | |
tree | 978d31a6e846ee0d1e65f3823bf0d842bffd6df9 /app-admin/denyhosts/files | |
parent | ros-meta/bond_core: Initial import. Ebuild by me. (diff) | |
download | gentoo-2dc63155c81722b03388eda7ef41452585e4d42a.tar.gz gentoo-2dc63155c81722b03388eda7ef41452585e4d42a.tar.bz2 gentoo-2dc63155c81722b03388eda7ef41452585e4d42a.zip |
app-admin/denyhosts: remove old
Package-Manager: portage-2.2.20.1
Diffstat (limited to 'app-admin/denyhosts/files')
9 files changed, 0 insertions, 343 deletions
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-cve-2013-6890.patch b/app-admin/denyhosts/files/denyhosts-2.6-cve-2013-6890.patch deleted file mode 100644 index 3065d5e98424..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-cve-2013-6890.patch +++ /dev/null @@ -1,60 +0,0 @@ -Subject: address remote denial of service CVE-2013-6890 -From: Helmut Grohne <helmut () subdivi de> - -ssh -l 'Invalid user root from 123.123.123.123' 21.21.21.21 - -results in a log lines - -sshd[123]: Invalid user Invalid user root from 123.123.123.123 from 21.21.21.21 -sshd[123]: input_userauth_request: invalid user Invalid user root from 123.123.123.123 [preauth] -sshd[123]: Connection closed by 21.21.21.21 [preauth] - -and causes denyhosts to block both ips 21.21.21.21 and 123.123.123.123. - -This patch tightens the regular expressions used to avoid these and similar -injections. - -Index: denyhosts-2.6/DenyHosts/regex.py -=================================================================== ---- denyhosts-2.6.orig/DenyHosts/regex.py 2013-12-22 11:54:42.000000000 +0100 -+++ denyhosts-2.6/DenyHosts/regex.py 2013-12-22 11:55:05.000000000 +0100 -@@ -6,22 +6,22 @@ - - #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""") - --SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""") -+SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""") - #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""") - --FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - --FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - --FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX3 = None - --FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") -+FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""") - --FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""") -+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""") - --FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - --FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers""") -+FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""") - - - # these are reserved for future versions -@@ -42,7 +42,7 @@ - FAILED_ENTRY_REGEX_MAP[i] = rx - - --SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") -+SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") - - TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""") - diff --git a/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch b/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch deleted file mode 100644 index 1a733e41280e..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./daemon-control-dist.orig ./daemon-control-dist ---- ./daemon-control-dist.orig 2006-04-21 18:04:43.000000000 -0500 -+++ ./daemon-control-dist 2008-08-28 11:05:01.000000000 -0500 -@@ -13,7 +13,7 @@ - - DENYHOSTS_BIN = "/usr/bin/denyhosts.py" - DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" --DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" -+DENYHOSTS_CFG = "/etc/denyhosts.conf" - - PYTHON_BIN = "/usr/bin/env python" - diff --git a/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch b/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch deleted file mode 100644 index c384367d0031..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ./DenyHosts/constants.py.defconffile ./DenyHosts/constants.py ---- ./DenyHosts/constants.py.defconffile 2008-07-01 18:12:34.000000000 -0500 -+++ ./DenyHosts/constants.py 2008-07-01 18:12:43.000000000 -0500 -@@ -36,7 +36,7 @@ PURGE_HISTORY = "purge-history" - # Miscellaneous constants # - ################################################################################# - --CONFIG_FILE = "denyhosts.cfg" # default can be overridden on cmd line -+CONFIG_FILE = "/etc/denyhosts.conf" # default can be overridden on cmd line - - DENY_DELIMITER = "# DenyHosts:" - ENTRY_DELIMITER = " | " diff --git a/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch b/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch deleted file mode 100644 index 9f10707f9be8..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch +++ /dev/null @@ -1,137 +0,0 @@ -From: Marco Bertorello <marco@bertorello.ns0.it> -Date: Thu, 14 Apr 2011 00:11:35 +0200 -Subject: 08_foreground_mode - -Add a useful switch to denyhost for run in foreground/debugging mode ---- - DenyHosts/deny_hosts.py | 9 +++++++-- - denyhosts.py | 20 +++++++++++++------- - 2 files changed, 20 insertions(+), 9 deletions(-) - -diff --git a/DenyHosts/deny_hosts.py b/DenyHosts/deny_hosts.py -index 7a985e6..f308264 100644 ---- a/DenyHosts/deny_hosts.py -+++ b/DenyHosts/deny_hosts.py -@@ -41,7 +41,7 @@ error = logging.getLogger("denyhosts").error - class DenyHosts: - def __init__(self, logfile, prefs, lock_file, - ignore_offset=0, first_time=0, -- noemail=0, daemon=0): -+ noemail=0, daemon=0, foreground=0): - self.__denied_hosts = {} - self.__prefs = prefs - self.__lock_file = lock_file -@@ -49,6 +49,7 @@ class DenyHosts: - self.__noemail = noemail - self.__report = Report(prefs.get("HOSTNAME_LOOKUP"), is_true(prefs['SYSLOG_REPORT'])) - self.__daemon = daemon -+ self.__foreground = foreground - self.__sync_server = prefs.get('SYNC_SERVER') - self.__sync_upload = is_true(prefs.get("SYNC_UPLOAD")) - self.__sync_download = is_true(prefs.get("SYNC_DOWNLOAD")) -@@ -87,7 +88,7 @@ class DenyHosts: - info("Log file size has not changed. Nothing to do.") - - -- if daemon: -+ if daemon and not foreground: - info("launching DenyHosts daemon (version %s)..." % VERSION) - #logging.getLogger().setLevel(logging.WARN) - -@@ -101,6 +102,10 @@ class DenyHosts: - self.runDaemon(logfile, last_offset) - else: - die("Error creating daemon: %s (%d)" % (retCode[1], retCode[0])) -+ elif foreground: -+ info("launching DenyHosts (version %s)..." % VERSION) -+ self.__lock_file.remove() -+ self.runDaemon(logfile, last_offset) - - - def killDaemon(self, signum, frame): -diff --git a/denyhosts.py b/denyhosts.py -index 48bd837..727e565 100755 ---- a/denyhosts.py -+++ b/denyhosts.py -@@ -34,6 +34,7 @@ def usage(): - print " --migrate: migrate your HOSTS_DENY file so that it is suitable for --purge" - print " --purge: expire entries older than your PURGE_DENY setting" - print " --daemon: run DenyHosts in daemon mode" -+ print " --foreground: run DenyHosts in foreground mode" - print " --sync: run DenyHosts synchronization mode" - print " --version: Prints the version of DenyHosts and exits" - -@@ -63,6 +64,7 @@ if __name__ == '__main__': - purge = 0 - sync_mode = 0 - daemon = 0 -+ foreground = 0 - enable_debug = 0 - upgrade099 = 0 - args = sys.argv[1:] -@@ -70,8 +72,8 @@ if __name__ == '__main__': - (opts, getopts) = getopt.getopt(args, 'f:c:dinuvps?hV', - ["file=", "ignore", "verbose", "debug", - "help", "noemail", "config=", "version", -- "migrate", "purge", "daemon", "sync", -- "upgrade099"]) -+ "migrate", "purge", "daemon", "foreground", -+ "sync", "upgrade099"]) - except: - print "\nInvalid command line option detected." - usage() -@@ -101,6 +103,8 @@ if __name__ == '__main__': - sync_mode = 1 - if opt == '--daemon': - daemon = 1 -+ if opt == '--foreground': -+ foreground = 1 - if opt == '--upgrade099': - upgrade099 = 1 - if opt == '--version': -@@ -131,21 +135,21 @@ if __name__ == '__main__': - - lock_file.create() - -- if upgrade099 and not daemon: -+ if upgrade099 and not (daemon or foreground): - if not prefs.get('PURGE_DENY'): - lock_file.remove() - die("You have supplied the --upgrade099 flag, however you have not set PURGE_DENY in your configuration file") - else: - u = UpgradeTo099(prefs.get("HOSTS_DENY")) - -- if migrate and not daemon: -+ if migrate and not (daemon or foreground): - if not prefs.get('PURGE_DENY'): - lock_file.remove() - die("You have supplied the --migrate flag however you have not set PURGE_DENY in your configuration file.") - else: - m = Migrate(prefs.get("HOSTS_DENY")) - -- if purge and not daemon: -+ if purge and not (daemon or foreground): - purge_time = prefs.get('PURGE_DENY') - if not purge_time: - lock_file.remove() -@@ -162,7 +166,9 @@ if __name__ == '__main__': - try: - for f in logfiles: - dh = DenyHosts(f, prefs, lock_file, ignore_offset, -- first_time, noemail, daemon) -+ first_time, noemail, daemon, foreground) -+ except KeyboardInterrupt: -+ pass - except SystemExit, e: - pass - except Exception, e: -@@ -170,7 +176,7 @@ if __name__ == '__main__': - print "\nDenyHosts exited abnormally" - - -- if sync_mode and not daemon: -+ if sync_mode and not (daemon or foreground): - if not prefs.get('SYNC_SERVER'): - lock_file.remove() - die("You have provided the --sync flag however your configuration file is missing a value for SYNC_SERVER.") --- diff --git a/app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch b/app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch deleted file mode 100644 index 157b201aa26a..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- denyhosts.cfg-dist 2006-08-20 14:09:57.000000000 +0000 -+++ denyhosts.cfg-new 2006-12-09 15:41:20.000000000 +0000 -@@ -9,13 +9,13 @@ - # argument - # - # Redhat or Fedora Core: --SECURE_LOG = /var/log/secure -+#SECURE_LOG = /var/log/secure - # - # Mandrake, FreeBSD or OpenBSD: - #SECURE_LOG = /var/log/auth.log - # --# SuSE: --#SECURE_LOG = /var/log/messages -+# Gentoo/SuSE: -+SECURE_LOG = /var/log/messages - # - # Mac OS X (v10.4 or greater - - # also refer to: http://www.denyhosts.net/faq.html#macos -@@ -150,7 +150,7 @@ - # Note: it is recommended that you use an absolute pathname - # for this value (eg. /home/foo/denyhosts/data) - # --WORK_DIR = /usr/share/denyhosts/data -+WORK_DIR = /var/lib/denyhosts - # - ####################################################################### - -@@ -192,10 +192,10 @@ - # running at a time. - # - # Redhat/Fedora: --LOCK_FILE = /var/lock/subsys/denyhosts -+#LOCK_FILE = /var/lock/subsys/denyhosts - # --# Debian --#LOCK_FILE = /var/run/denyhosts.pid -+# Gentoo/Debian -+LOCK_FILE = /var/run/denyhosts.pid - # - # Misc - #LOCK_FILE = /tmp/denyhosts.lock diff --git a/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch b/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch deleted file mode 100644 index c6fc20541019..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch +++ /dev/null @@ -1,21 +0,0 @@ -Address Log injection reported at - -http://bugs.gentoo.org/show_bug.cgi?id=181213 - -diff -ur a/DenyHosts/regex.py b/DenyHosts/regex.py ---- a/DenyHosts/regex.py 2006-12-07 13:47:04.000000000 -0600 -+++ b/DenyHosts/regex.py 2007-06-19 18:51:54.000000000 -0500 -@@ -17,11 +17,11 @@ - - FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""") - --FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""") -+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""") - - FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") - --FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""") -+FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers""") - - - # these are reserved for future versions diff --git a/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch b/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch deleted file mode 100644 index 74868e79678c..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Marco Bertorello <marco@bertorello.ns0.it> -Date: Thu, 14 Apr 2011 00:11:35 +0200 -Subject: 09_plugin_deny - -Correct the upstream bug http://sourceforge.net/tracker/index.php?func=detail&aid=1734736&group_id=131204&atid=720419 ---- - DenyHosts/deny_hosts.py | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/DenyHosts/deny_hosts.py b/DenyHosts/deny_hosts.py -index f308264..0f5f48d 100644 ---- a/DenyHosts/deny_hosts.py -+++ b/DenyHosts/deny_hosts.py -@@ -443,7 +443,7 @@ allowed based on your %s file""" % (self.__prefs.get("HOSTS_DENY"), - self.__report.add_section(msg, new_denied_hosts) - if self.__sync_server: self.sync_add_hosts(new_denied_hosts) - plugin_deny = self.__prefs.get('PLUGIN_DENY') -- if plugin_deny: plugin.execute(plugin_deny, deny_hosts) -+ if plugin_deny: plugin.execute(plugin_deny, new_denied_hosts) - - new_suspicious_logins = login_attempt.get_new_suspicious_logins() - if new_suspicious_logins: --- diff --git a/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch b/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch deleted file mode 100644 index cb39df977be6..000000000000 --- a/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Marco Bertorello <marco@bertorello.ns0.it> -Date: Thu, 14 Apr 2011 00:11:35 +0200 -Subject: 11_single_config_switch - -A patch to prevent denyhosts running with a double --config switch ---- - daemon-control-dist | 3 ++- - 1 files changed, 2 insertions(+), 1 deletions(-) - -diff --git a/daemon-control-dist b/daemon-control-dist -index 9f42b60..14d0f70 100755 ---- a/daemon-control-dist -+++ b/daemon-control-dist -@@ -144,7 +144,8 @@ if __name__ == '__main__': - - try: - if option in ('start', 'restart', 'condrestart'): -- if '--config' not in args and '-c' not in args: -+ anystartswith = lambda prefix, xs: any(map(lambda x: x.startswith(prefix), xs)) -+ if not anystartswith('--config', args) and '-c' not in args: - args.append("--config=%s" % DENYHOSTS_CFG) - - cmd = cases[option] --- diff --git a/app-admin/denyhosts/files/denyhosts.logrotate b/app-admin/denyhosts/files/denyhosts.logrotate deleted file mode 100644 index 19a478870757..000000000000 --- a/app-admin/denyhosts/files/denyhosts.logrotate +++ /dev/null @@ -1,12 +0,0 @@ -/var/log/denyhosts { - missingok - notifempty - create 0640 root root - sharedscripts - prerotate - /etc/init.d/denyhosts stop -q - endscript - postrotate - /etc/init.d/denyhosts start -q - endscript -} |