- add stage support

- use PYDISTUTILS_AUTOPLIST - rename patch files to reflect `make makepatch' naming - fix possible DOS reported on: http://seclists.org/oss-sec/2013/q4/535 PR: ports/185141 Submitted by: ohauer Approved by: maintainer timeout
svn path=/head/; revision=350260
2014-04-05 19:44:15 +00:00 · 2014-04-05 19:44:15 +00:00 · 80daace904 · 2021-03-31 03:12:20 +00:00
commit 80daace904
parent b649aeca0f
7 changed files with 75 additions and 114 deletions
--- a/security/denyhosts/Makefile
+++ b/security/denyhosts/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	denyhosts
 PORTVERSION=	2.6
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=	SF
 DISTNAME=	DenyHosts-${PORTVERSION}
@ -11,9 +11,19 @@ DISTNAME=	DenyHosts-${PORTVERSION}
 MAINTAINER=	jmohacsi@bsd.hu
 COMMENT=	Script to thwart ssh attacks

+LICENSE=	GPLv2
+
 USE_PYTHON=	yes
 USE_PYDISTUTILS=	yes
-PYDISTUTILS_PKGNAME=	DenyHosts
+PYDISTUTILS_AUTOPLIST=	yes
+
+USES=		shebangfix
+env_OLD_CMD=	/bin/env
+env_CMD=	${SETENV}
+SHEBANG_LANG=	python env
+SHEBANG_FILES=	plugins/test_deny.py \
+		scripts/restricted_from_invalid.py \
+		scripts/restricted_from_passwd.py

 USE_RC_SUBR=	denyhosts
 SUB_LIST+=	PYTHON=${PYTHON_CMD}
@ -21,24 +31,20 @@ SUB_FILES=	pkg-message

 PORTDOCS=	CHANGELOG.txt LICENSE.txt README.txt

-NO_STAGE=	yes
 post-patch:
 	@${REINPLACE_CMD} -e 's,%%PREFIX%%,${PREFIX},' \
 		${WRKSRC}/daemon-control-dist \
 		${WRKSRC}/denyhosts.cfg-dist \
 		${WRKSRC}/setup.py
-	@${RM} ${WRKSRC}/scripts/restricted_from_passwd.py.orig
+
+pre-install:
+	@${FIND} ${WRKSRC} -type f \( -name \*.bak -o -name \*.orig \) -delete

 post-install:
-	${INSTALL_DATA} ${WRKSRC}/denyhosts.cfg-dist ${PREFIX}/etc/denyhosts.conf-dist
-	[ -f ${PREFIX}/etc/denyhosts.conf ] || \
-		${INSTALL_DATA} ${WRKSRC}/denyhosts.cfg-dist ${PREFIX}/etc/denyhosts.conf
-.if !defined(NOPORTDOCS)
-	@${MKDIR} ${DOCSDIR}
-. for f in ${PORTDOCS}
-	${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
-. endfor
-.endif
-	@${CAT} ${PKGMESSAGE}
+	${INSTALL_DATA} ${WRKSRC}/denyhosts.cfg-dist \
+		${STAGEDIR}${PREFIX}/etc/denyhosts.conf-dist
+
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}

 .include <bsd.port.mk>
--- a/security/denyhosts/files/patch-DenyHosts__regex.py
+++ b/security/denyhosts/files/patch-DenyHosts__regex.py
@ -0,0 +1,44 @@
+# Patch shaped from http://seclists.org/oss-sec/2013/q4/535
+===================================================================
+--- ./DenyHosts/regex.py.orig	2006-12-07 20:47:04.000000000 +0100
+++ ./DenyHosts/regex.py	2013-12-23 17:17:42.000000000 +0100
+@@ -6,22 +6,22 @@
+ 
+ #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""")
+ 
+-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""")
+SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""")
+ #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""")
+ 
+-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+ 
+-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+ 
+-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+FAILED_ENTRY_REGEX3 = None
+ 
+-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
+FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""")
+ 
+-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""")
+ 
+-FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+ 
+-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""")
+FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""")
+ 
+ 
+ # these are reserved for future versions
+@@ -42,7 +42,7 @@
+     FAILED_ENTRY_REGEX_MAP[i] = rx
+ 
+ 
+-SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+ 
+ TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""")
+ 
--- a/security/denyhosts/files/patch-DenyHosts_regex.py
+++ b/security/denyhosts/files/patch-DenyHosts_regex.py
@ -1,11 +0,0 @@
--- DenyHosts/regex.py.orig	Sat Jun 23 14:32:34 2007
-+++ DenyHosts/regex.py	Sat Jun 23 14:32:58 2007
-@@ -17,7 +17,7 @@
- 
- FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
- 
-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
-+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
- 
- FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
- 
--- a/security/denyhosts/files/patch-scripts__restricted_from_passwd.py
+++ b/security/denyhosts/files/patch-scripts__restricted_from_passwd.py
@ -0,0 +1,10 @@
+--- ./scripts/restricted_from_passwd.py.orig	2013-12-28 18:51:41.000000000 +0100
+++ ./scripts/restricted_from_passwd.py	2013-12-28 18:51:41.000000000 +0100
+@@ -12,6 +12,7 @@
+ ############################################################################
+ 
+ RESTRICTED_SHELLS = ("/sbin/nologin",
+                     "/usr/sbin/nologin",
+                      "/sbin/shutdown",
+                      "/sbin/halt")
+ 
--- a/security/denyhosts/files/patch-scripts_restrited-from-passwd.py
+++ b/security/denyhosts/files/patch-scripts_restrited-from-passwd.py
@ -1,11 +0,0 @@
--- scripts/restricted_from_passwd.py.orig	2008-11-26 12:06:31.231726279 -0500
-+++ scripts/restricted_from_passwd.py	2008-11-26 12:06:36.696728675 -0500
-@@ -11,7 +11,7 @@
- #
- ############################################################################
- 
-RESTRICTED_SHELLS = ("/sbin/nologin",
-+RESTRICTED_SHELLS = ("/usr/sbin/nologin",
-                      "/sbin/shutdown",
-                      "/sbin/halt")
- 
--- a/security/denyhosts/pkg-descr
+++ b/security/denyhosts/pkg-descr
@ -18,4 +18,4 @@ Denyhosts helps you:
 - Optionally sends an email of newly banned hosts and suspicious logins.
 - Resolves IP addresses to hostnames, if you want

-WWW:	http://denyhosts.sourceforge.net/
+WWW: http://denyhosts.sourceforge.net/
--- a/security/denyhosts/pkg-plist
+++ b/security/denyhosts/pkg-plist
@ -1,80 +1,3 @@
-bin/denyhosts.py
@unexec if cmp -s %D/etc/denyhosts.conf %D/etc/denyhosts.conf-dist; then rm -f %D/etc/denyhosts.conf; fi
 etc/denyhosts.conf-dist
@exec [ -f %B/denyhosts.conf ] || cp -f %B/%f %B/denyhosts.conf
-%%DATADIR%%/daemon-control-dist
-%%DATADIR%%/denyhosts.cfg-dist
-%%DATADIR%%/setup.py
-%%DATADIR%%/scripts/restricted_from_invalid.py
-%%DATADIR%%/scripts/restricted_from_passwd.py
-%%DATADIR%%/plugins/README.contrib
-%%DATADIR%%/plugins/shorewall_allow.sh
-%%DATADIR%%/plugins/shorewall_deny.sh
-%%DATADIR%%/plugins/test_deny.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/loginattempt.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/version.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/version.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/lockfile.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/old-daemon.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/util.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/util.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/deny_hosts.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/plugin.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/purgecounter.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/purgecounter.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/purgecounter.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/constants.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/constants.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/daemon.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/allowedhosts.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/report.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/report.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/__init__.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/python_version.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/filetracker.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/counter.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/counter.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/denyfileutil.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/prefs.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/regex.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/regex.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/sync.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/sync.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/sync.pyo
-%%PYTHON_SITELIBDIR%%/DenyHosts/restricted.py
-%%PYTHON_SITELIBDIR%%/DenyHosts/restricted.pyc
-%%PYTHON_SITELIBDIR%%/DenyHosts/restricted.pyo
-@dirrm %%PYTHON_SITELIBDIR%%/DenyHosts
-@dirrm %%DATADIR%%/scripts
-@dirrm %%DATADIR%%/plugins
-@dirrm %%DATADIR%%