From 74c554a8443bb02b1214be2012800a565672a97d Mon Sep 17 00:00:00 2001 From: maxice8 Date: Tue, 10 Jul 2018 06:25:01 -0300 Subject: [PATCH] sshguard: update to 2.2.0. --- srcpkgs/sshguard/patches/fix_ipv6.patch | 180 ------------------------ srcpkgs/sshguard/template | 14 +- 2 files changed, 7 insertions(+), 187 deletions(-) delete mode 100644 srcpkgs/sshguard/patches/fix_ipv6.patch diff --git a/srcpkgs/sshguard/patches/fix_ipv6.patch b/srcpkgs/sshguard/patches/fix_ipv6.patch deleted file mode 100644 index eb53a7a124..0000000000 --- a/srcpkgs/sshguard/patches/fix_ipv6.patch +++ /dev/null @@ -1,180 +0,0 @@ -diff --git src/parser/attack_parser.y src/parser/attack_parser.y -index 247adf3..a4d65c7 100644 ---- src/parser/attack_parser.y -+++ src/parser/attack_parser.y -@@ -46,7 +46,7 @@ static void yyerror(attack_t *, const char *); - } - - /* semantic values for tokens */ --%token IPv4 IPv6 HOSTADDR WORD -+%token IPv4 IPv6 IPv6_WITH_SUFFIX HOSTADDR WORD - %token INTEGER SYSLOG_BANNER_PID SOCKLOG_BANNER_PID - - /* flat tokens */ -@@ -176,6 +176,12 @@ addr: - attack->address.kind = ADDRKIND_IPv6; - strcpy(attack->address.value, $1); - } -+ | IPv6_WITH_SUFFIX -+ { -+ attack->address.kind = ADDRKIND_IPv6; -+ char* percent = strchr($1, '%'); -+ strncpy(attack->address.value, $1, percent - $1); -+ } - | HOSTADDR { - if (!attack_from_hostname(attack, $1)) { - YYABORT; -diff --git src/parser/attack_scanner.l src/parser/attack_scanner.l -index a32e9e6..50ad009 100644 ---- src/parser/attack_scanner.l -+++ src/parser/attack_scanner.l -@@ -75,6 +75,7 @@ PROCESSNAME ([-_a-zA-Z0-9]{2,7})|([-_a-zA-Z0-9]{9,})|([-_a-rt-zA-RT-Z0-9][-_a-zA - IPV4 ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?|0)(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?|0)){3}) - /* IPv6 addresses including compressed variants (RFC 2373) */ - IPV6 (::|:(:[0-9a-fA-F]{1,4}){1,7}|[0-9a-fA-F]{1,4}:([0-9a-fA-F]{1,4}:(:[0-9a-fA-F]{1,4}){1,5}|(:[0-9a-fA-F]{1,4}){1,6})|([0-9a-fA-F]{1,4}:){3}([0-9a-fA-F]{1,4}:(:[0-9a-fA-F]{1,4}){1,3}|(:[0-9a-fA-F]{1,4}){1,4})|([0-9a-fA-F]{1,4}:){5}([0-9a-fA-F]{1,4}:[0-9a-fA-F]{0,4}:[0-9a-fA-F]{1,4}|(:[0-9a-fA-F]{1,4}){1,2})|([0-9a-fA-F]{1,4}:){1,7}:) -+IFNAME %[^ \n]{1,15} - /* an IPv4 packed in IPv6 as IPv4-mapped IPv6 address */ - IPV4MAPPED6 ((:(:0{1,4}){0,4}|0{1,4}:(:0{1,4}){1,3}|(0{1,4}:){2}(0{1,4}:0{0,4}:0{1,4}|(:0{1,4}){1,2})|(0{1,4}:){1,4}):[fF]{4}:(((2[0-4]|1[0-9]|[1-9])?[0-9]|25[0-5])\.){3}((2[0-4]|1[0-9]|[1-9])?[0-9]|25[0-5])) - -@@ -270,6 +271,7 @@ WORDPRESS_LOGIN .*"/wp-login"(\.php)? - /* an IPv6 address */ - /* standard | clouds implied | embedded IPv4 */ - {IPV6} { yylval.str = yytext; return IPv6; } -+{IPV6}{IFNAME} { yylval.str = yytext; return IPv6_WITH_SUFFIX; } - - /* an host address (PTR) */ - {HOSTADDR} { yylval.str = yytext; return HOSTADDR; } -diff --git src/parser/attacks.txt src/parser/attacks.txt -index 8871bdf..c118ea7 100644 ---- src/parser/attacks.txt -+++ src/parser/attacks.txt -@@ -1,13 +1,18 @@ - Invalid user inexu from 6.6.6.0 - Invalid user inexu from 2001:db8::a11:beef:7ac0 -+Invalid user inexu from 2001:db8::a11:beef:7ac0%abcdefgh1234567 - User mario from 6.6.6.0 not allowed because XYZ - User mario from 2001:db8::a11:beef:7ac0 not allowed because XYZ -+User mario from 2001:db8::a11:beef:7ac0%lo not allowed because XYZ - Failed XYZ for XYZ from 6.6.6.0 port 14423 ssh2 - Failed XYZ for XYZ from 2001:db8::a11:beef:7ac0 port 14423 ssh2 -+Failed XYZ for XYZ from 2001:db8::a11:beef:7ac0%enp3s0 port 14423 ssh2 - error: PAM: authentication failure for mario from 6.6.6.0 - error: PAM: authentication failure for mario from 2001:db8::a11:beef:7ac0 -+error: PAM: authentication failure for mario from 2001:db8::a11:beef:7ac0%vbr1 - Did not receive identification string from 6.6.6.0 - Did not receive identification string from 2001:db8::a11:beef:7ac0 -+Did not receive identification string from 2001:db8::a11:beef:7ac0%eth0 - Bad protocol version identification XYZ from 6.6.6.0 - Bad protocol version identification XYZ from 2001:db8::a11:beef:7ac0 - authentication failure XYZ 6.6.6.0 -diff --git src/parser/expected.txt src/parser/expected.txt -new file mode 100644 -index 0000000..fa5bd8d ---- /dev/null -+++ src/parser/expected.txt -@@ -0,0 +1,85 @@ -+100 6.6.6.0 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 6.6.6.0 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 6.6.6.0 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 6.6.6.0 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 6.6.6.0 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 6.6.6.0 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+230 6.6.6.0 4 10 -+230 2001:db8::a11:beef:7ac0 6 10 -+240 6.6.6.0 4 10 -+240 2001:db8::a11:beef:7ac0 6 10 -+250 6.6.6.0 4 10 -+250 2001:db8::a11:beef:7ac0 6 10 -+210 6.6.6.0 4 10 -+210 2001:db8::a11:beef:7ac0 6 10 -+200 6.6.6.0 4 10 -+200 2001:db8::a11:beef:7ac0 6 10 -+220 6.6.6.0 4 10 -+220 2001:db8::a11:beef:7ac0 6 10 -+300 6.6.6.0 4 10 -+300 2001:db8::a11:beef:7ac0 6 10 -+310 6.6.6.0 4 10 -+310 2001:db8::a11:beef:7ac0 6 10 -+320 6.6.6.0 4 10 -+320 2001:db8::a11:beef:7ac0 6 10 -+330 6.6.6.0 4 10 -+330 2001:db8::a11:beef:7ac0 6 10 -+260 199.19.110.207 4 10 -+260 2001:db8::a11:beef:7ac0 6 10 -+100 66.240.236.119 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 95.9.156.208 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 130.207.203.56 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 103.237.33.58 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+240 87.76.31.6 4 10 -+240 2001:db8::a11:beef:7ac0 6 10 -+240 10.0.0.1 4 10 -+240 2001:db8::a11:beef:7ac0 6 10 -+100 192.168.2.1 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 192.168.2.200 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+260 24.213.217.114 4 10 -+260 2001:db8::a11:beef:7ac0 6 10 -+100 117.81.26.226 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+100 190.50.238.98 4 10 -+100 2001:db8::a11:beef:7ac0 6 10 -+340 172.22.10.15 4 10 -+340 2001:db8::a11:beef:7ac0 6 10 -+100 172.22.10.15 4 10 -+100 2001:db8::a11:beef:7ac1 6 10 -+350 10.42.42.39 4 10 -+360 10.42.42.40 4 10 -+360 10.42.42.41 4 10 -+360 10.42.42.42 4 10 -+360 10.42.42.43 4 10 -+360 2001:db8::a11:beef:7aa0 6 10 -+360 10.42.42.44 4 10 -+360 2001:db8::a11:beef:7aa1 6 10 -+360 10.42.42.45 4 10 -+100 10.42.42.42 4 10 -+370 2001:db8::a11:b2ef:78f2 6 10 -+370 10.42.57.1 4 10 -+370 2001:db8::a11:beef:7aa2 6 10 -+370 192.68.11.1 4 10 -+370 192.68.11.1 4 10 -+350 2001:db8::a11:beef:7aa3 6 10 -+110 2001:db8::a11:beef:456e 6 10 -+110 192.68.18.1 4 10 -+110 192.68.18.2 4 10 -+110 2001:db8::a11:beef:456f 6 10 -diff --git src/parser/test-sshg-parser src/parser/test-sshg-parser -index 094dbe7..dbecead 100755 ---- src/parser/test-sshg-parser -+++ src/parser/test-sshg-parser -@@ -1,12 +1,5 @@ - #!/bin/sh --file="attacks.txt" --in_count=`wc -l $file | awk '{ print $1 }'` --out_count=`./sshg-parser < $file | wc -l | awk '{ print $1 }'` --if [ $in_count -ne $out_count ]; then -- exit 1 --fi - --not_out_count=`./sshg-parser < not-attacks.txt | wc -l | awk '{ print $1 }'` --if [ 0 -ne $not_out_count ]; then -- exit 1 --fi -+cat attacks.txt | ./sshg-parser | diff -u expected.txt - || exit 1 -+ -+cat not-attacks.txt | ./sshg-parser | diff -u /dev/null - || exit 1 diff --git a/srcpkgs/sshguard/template b/srcpkgs/sshguard/template index 5a1ef35fd1..4e79ecf875 100644 --- a/srcpkgs/sshguard/template +++ b/srcpkgs/sshguard/template @@ -1,18 +1,18 @@ # Template file for 'sshguard' pkgname=sshguard -version=2.1.0 -revision=2 +version=2.2.0 +revision=1 build_style=gnu-configure -make_dirs="/var/db/sshguard 0755 root root" -depends="iptables" hostmakedepends="flex" +depends="iptables" short_desc="Protects networked hosts from brute force attacks" maintainer="Lodvær " -license="3-clause-BSD" +license="BSD-3-Clause" homepage="http://www.sshguard.net/" -distfiles="${SOURCEFORGE_SITE}/sshguard/$pkgname-$version.tar.gz" -checksum=21252a4834ad8408df384ee4ddf468624aa9de9cead5afde1c77380a48cf028a +distfiles="${SOURCEFORGE_SITE}/sshguard/${pkgname}-${version}.tar.gz" +checksum=2aff07fee6ec33e4ffd5411916b75189977af1d77b86dac5f3834dd3aa3656c2 +make_dirs="/var/db/sshguard 0755 root root" conf_files="/etc/sshguard.conf" post_install() {