Include multiple Fedora and Debian patches that also provide a fix for plugin deny behavior (#264165 by Christoph Erdle).

(Portage version: 2.1.11.19/cvs/Linux x86_64)
author: Pacho Ramos <pacho@gentoo.org> 2012-09-23 08:25:09 +0000
committer: Pacho Ramos <pacho@gentoo.org> 2012-09-23 08:25:09 +0000
commit: 15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e (patch)
tree: 9f7936ca11751acc448424ceb1162928b115ff65 /app-admin
parent: x86 stable wrt bug #433878 (diff)
download: gentoo-2-15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e.tar.gz
gentoo-2-15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e.tar.bz2
gentoo-2-15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e.zip
8 files changed, 331 insertions, 2 deletions
diff --git a/app-admin/denyhosts/ChangeLog b/app-admin/denyhosts/ChangeLog
index d6663a72e3da..da189d93def7 100644
--- a/app-admin/denyhosts/ChangeLog
+++ b/app-admin/denyhosts/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for app-admin/denyhosts
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/ChangeLog,v 1.49 2012/09/19 20:15:42 darkside Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/ChangeLog,v 1.50 2012/09/23 08:25:09 pacho Exp $
+
+*denyhosts-2.6-r6 (23 Sep 2012)
+
+  23 Sep 2012; Pacho Ramos <pacho@gentoo.org> +denyhosts-2.6-r6.ebuild,
+  +files/denyhosts-2.6-daemon-control.patch,
+  +files/denyhosts-2.6-defconffile.patch,
+  +files/denyhosts-2.6-foreground_mode.patch,
+  +files/denyhosts-2.6-hostname.patch, +files/denyhosts-2.6-plugin_deny.patch,
+  +files/denyhosts-2.6-single_config_switch.patch:
+  Include multiple Fedora and Debian patches that also provide a fix for plugin
+  deny behavior (#264165 by Christoph Erdle).
 
   19 Sep 2012; Jeremy Olexa <darkside@gentoo.org> metadata.xml:
   dropping maintainership, two very minor bugs remain open, app otherwise works
@@ -201,4 +212,3 @@
   07 Oct 2005; Benjamin Smee <strerror@gentoo.org> +files/denyhosts.init,
   +files/denyhosts-gentoo.patch, +metadata.xml, +denyhosts-1.1.2.ebuild:
   Initial import. Thanks to Rene Zbinden and Mike Kelly for initial ebuild
-
diff --git a/app-admin/denyhosts/denyhosts-2.6-r6.ebuild b/app-admin/denyhosts/denyhosts-2.6-r6.ebuild
new file mode 100644
index 000000000000..d3cec75c2502
--- /dev/null
+++ b/app-admin/denyhosts/denyhosts-2.6-r6.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/denyhosts/denyhosts-2.6-r6.ebuild,v 1.1 2012/09/23 08:25:09 pacho Exp $
+
+EAPI=4
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="3.*"
+PYTHON_DEPEND="2"
+
+inherit distutils eutils
+
+MY_PN="DenyHosts"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="DenyHosts is a utility to help sys admins thwart ssh hackers"
+HOMEPAGE="http://www.denyhosts.net"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~sparc ~x86"
+IUSE=""
+
+DEPEND=""
+RDEPEND=""
+
+PYTHON_MODNAME="${MY_PN}"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	# changes default file installations
+	epatch "${FILESDIR}"/${P}-gentoo.patch
+	epatch "${FILESDIR}"/${P}-log-injection-regex.patch
+
+	# Multiple patches from Fedora and Debian
+	epatch "${FILESDIR}"/${P}-daemon-control.patch
+	epatch "${FILESDIR}"/${P}-defconffile.patch
+	epatch "${FILESDIR}"/${P}-foreground_mode.patch
+	epatch "${FILESDIR}"/${P}-hostname.patch
+	epatch "${FILESDIR}"/${P}-plugin_deny.patch
+	epatch "${FILESDIR}"/${P}-single_config_switch.patch
+
+	sed -i -e 's:DENY_THRESHOLD_VALID = 10:DENY_THRESHOLD_VALID = 5:' \
+		denyhosts.cfg-dist || die "sed failed"
+}
+
+src_install() {
+	DOCS="CHANGELOG.txt README.txt PKG-INFO"
+	distutils_src_install
+
+	insinto /etc
+	insopts -m0640
+	newins denyhosts.cfg-dist denyhosts.conf
+
+	dodir /etc/logrotate.d
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/${PN}.logrotate ${PN}
+
+	newinitd "${FILESDIR}"/denyhosts.init denyhosts
+
+	# build system installs docs that we installed above
+	rm -f "${D}"/usr/share/denyhosts/*.txt
+
+	keepdir /var/lib/denyhosts
+}
+
+pkg_postinst() {
+	distutils_pkg_postinst
+
+	if [[ ! -f "${ROOT}etc/hosts.deny" ]]; then
+		touch "${ROOT}etc/hosts.deny"
+	fi
+
+	if [ "$(rc-config list default | grep denyhosts)" = "" ] ; then
+	elog "You can configure DenyHosts to run as a daemon by running:"
+	elog
+	elog "rc-update add denyhosts default"
+	elog
+	fi
+
+	elog "To run DenyHosts as a cronjob instead of a daemon add the following"
+	elog "to /etc/crontab"
+	elog "# run DenyHosts every 10 minutes"
+	elog "*/10  *  * * *	root	/usr/bin/denyhosts.py -c /etc/denyhosts.conf"
+	elog
+	elog "More information can be found at http://denyhosts.sourceforge.net/faq.html"
+	elog
+	ewarn "Modify /etc/denyhosts.conf to suit your environment system."
+}
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch b/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch
new file mode 100644
index 000000000000..1a733e41280e
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch
@@ -0,0 +1,12 @@
+diff -up ./daemon-control-dist.orig ./daemon-control-dist
+--- ./daemon-control-dist.orig	2006-04-21 18:04:43.000000000 -0500
++++ ./daemon-control-dist	2008-08-28 11:05:01.000000000 -0500
+@@ -13,7 +13,7 @@
+ 
+ DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
+ DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
+-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
++DENYHOSTS_CFG   = "/etc/denyhosts.conf"
+ 
+ PYTHON_BIN      = "/usr/bin/env python"
+ 
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch b/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch
new file mode 100644
index 000000000000..c384367d0031
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch
@@ -0,0 +1,12 @@
+diff -up ./DenyHosts/constants.py.defconffile ./DenyHosts/constants.py
+--- ./DenyHosts/constants.py.defconffile	2008-07-01 18:12:34.000000000 -0500
++++ ./DenyHosts/constants.py	2008-07-01 18:12:43.000000000 -0500
+@@ -36,7 +36,7 @@ PURGE_HISTORY = "purge-history"
+ #                           Miscellaneous constants                             #
+ #################################################################################
+ 
+-CONFIG_FILE = "denyhosts.cfg"  # default can be overridden on cmd line
++CONFIG_FILE = "/etc/denyhosts.conf"  # default can be overridden on cmd line
+ 
+ DENY_DELIMITER = "# DenyHosts:"
+ ENTRY_DELIMITER = " | "
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch b/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch
new file mode 100644
index 000000000000..9f10707f9be8
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch
@@ -0,0 +1,137 @@
+From: Marco Bertorello <marco@bertorello.ns0.it>
+Date: Thu, 14 Apr 2011 00:11:35 +0200
+Subject: 08_foreground_mode
+
+Add a useful switch to denyhost for run in foreground/debugging mode
+---
+ DenyHosts/deny_hosts.py |    9 +++++++--
+ denyhosts.py            |   20 +++++++++++++-------
+ 2 files changed, 20 insertions(+), 9 deletions(-)
+
+diff --git a/DenyHosts/deny_hosts.py b/DenyHosts/deny_hosts.py
+index 7a985e6..f308264 100644
+--- a/DenyHosts/deny_hosts.py
++++ b/DenyHosts/deny_hosts.py
+@@ -41,7 +41,7 @@ error = logging.getLogger("denyhosts").error
+ class DenyHosts:
+     def __init__(self, logfile, prefs, lock_file,
+                  ignore_offset=0, first_time=0,
+-                 noemail=0, daemon=0):
++                 noemail=0, daemon=0, foreground=0):
+         self.__denied_hosts = {}
+         self.__prefs = prefs
+         self.__lock_file = lock_file
+@@ -49,6 +49,7 @@ class DenyHosts:
+         self.__noemail = noemail
+         self.__report = Report(prefs.get("HOSTNAME_LOOKUP"), is_true(prefs['SYSLOG_REPORT']))
+         self.__daemon = daemon
++        self.__foreground = foreground
+         self.__sync_server = prefs.get('SYNC_SERVER')
+         self.__sync_upload = is_true(prefs.get("SYNC_UPLOAD"))
+         self.__sync_download = is_true(prefs.get("SYNC_DOWNLOAD"))
+@@ -87,7 +88,7 @@ class DenyHosts:
+             info("Log file size has not changed.  Nothing to do.")
+ 
+             
+-        if daemon:
++        if daemon and not foreground:
+             info("launching DenyHosts daemon (version %s)..." % VERSION)
+             #logging.getLogger().setLevel(logging.WARN)
+ 
+@@ -101,6 +102,10 @@ class DenyHosts:
+                 self.runDaemon(logfile, last_offset)
+             else:
+                 die("Error creating daemon: %s (%d)" % (retCode[1], retCode[0]))
++        elif foreground:
++            info("launching DenyHosts (version %s)..." % VERSION)
++            self.__lock_file.remove()
++            self.runDaemon(logfile, last_offset)
+ 
+ 
+     def killDaemon(self, signum, frame):
+diff --git a/denyhosts.py b/denyhosts.py
+index 48bd837..727e565 100755
+--- a/denyhosts.py
++++ b/denyhosts.py
+@@ -34,6 +34,7 @@ def usage():
+     print " --migrate: migrate your HOSTS_DENY file so that it is suitable for --purge"
+     print " --purge: expire entries older than your PURGE_DENY setting"
+     print " --daemon: run DenyHosts in daemon mode"
++    print " --foreground: run DenyHosts in foreground mode"
+     print " --sync: run DenyHosts synchronization mode"
+     print " --version: Prints the version of DenyHosts and exits"
+     
+@@ -63,6 +64,7 @@ if __name__ == '__main__':
+     purge = 0
+     sync_mode = 0
+     daemon = 0
++    foreground = 0
+     enable_debug = 0
+     upgrade099 = 0
+     args = sys.argv[1:]
+@@ -70,8 +72,8 @@ if __name__ == '__main__':
+         (opts, getopts) = getopt.getopt(args, 'f:c:dinuvps?hV',
+                                         ["file=", "ignore", "verbose", "debug", 
+                                          "help", "noemail", "config=", "version",
+-                                         "migrate", "purge", "daemon", "sync",
+-                                         "upgrade099"])
++                                         "migrate", "purge", "daemon", "foreground",
++                                         "sync", "upgrade099"])
+     except:
+         print "\nInvalid command line option detected."
+         usage()
+@@ -101,6 +103,8 @@ if __name__ == '__main__':
+             sync_mode = 1
+         if opt == '--daemon':
+             daemon = 1
++        if opt == '--foreground':
++            foreground = 1
+         if opt == '--upgrade099':
+             upgrade099 = 1
+         if opt == '--version':
+@@ -131,21 +135,21 @@ if __name__ == '__main__':
+ 
+     lock_file.create()
+ 
+-    if upgrade099 and not daemon:
++    if upgrade099 and not (daemon or foreground):
+         if not prefs.get('PURGE_DENY'):
+             lock_file.remove()
+             die("You have supplied the --upgrade099 flag, however you have not set PURGE_DENY in your configuration file")
+         else:
+             u = UpgradeTo099(prefs.get("HOSTS_DENY"))
+ 
+-    if migrate and not daemon:
++    if migrate and not (daemon or foreground):
+         if not prefs.get('PURGE_DENY'):
+             lock_file.remove()
+             die("You have supplied the --migrate flag however you have not set PURGE_DENY in your configuration file.")
+         else:
+             m = Migrate(prefs.get("HOSTS_DENY"))
+ 
+-    if purge and not daemon:
++    if purge and not (daemon or foreground):
+         purge_time = prefs.get('PURGE_DENY')
+         if not purge_time:
+             lock_file.remove()
+@@ -162,7 +166,9 @@ if __name__ == '__main__':
+     try:
+         for f in logfiles:
+             dh = DenyHosts(f, prefs, lock_file, ignore_offset,
+-                           first_time, noemail, daemon)
++                           first_time, noemail, daemon, foreground)
++    except KeyboardInterrupt:
++        pass
+     except SystemExit, e:
+         pass
+     except Exception, e:
+@@ -170,7 +176,7 @@ if __name__ == '__main__':
+         print "\nDenyHosts exited abnormally"
+ 
+ 
+-    if sync_mode and not daemon:
++    if sync_mode and not (daemon or foreground):
+         if not prefs.get('SYNC_SERVER'):
+             lock_file.remove()
+             die("You have provided the --sync flag however your configuration file is missing a value for SYNC_SERVER.")
+-- 
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-hostname.patch b/app-admin/denyhosts/files/denyhosts-2.6-hostname.patch
new file mode 100644
index 000000000000..56d881319c5f
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-hostname.patch
@@ -0,0 +1,21 @@
+diff -up ./denyhosts.py.orig ./denyhosts.py
+--- ./denyhosts.py.orig	2012-01-30 13:14:41.146715839 -0600
++++ ./denyhosts.py	2012-01-30 14:45:14.372539341 -0600
+@@ -1,5 +1,6 @@
+ #!/usr/bin/env python
+ import os
++import platform
+ import sys
+ 
+ import DenyHosts.python_version
+@@ -107,6 +108,10 @@ if __name__ == '__main__':
+             print "DenyHosts version:", VERSION
+             sys.exit(0)
+ 
++    # This is generally expected to be in the environment, but there's no
++    # non-hackish way to get systemd to set it, so just hack it in here.
++    os.environ['HOSTNAME'] = platform.node()
++
+     prefs = Prefs(config_file)    
+             
+     first_time = 0
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch b/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch
new file mode 100644
index 000000000000..74868e79678c
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch
@@ -0,0 +1,23 @@
+From: Marco Bertorello <marco@bertorello.ns0.it>
+Date: Thu, 14 Apr 2011 00:11:35 +0200
+Subject: 09_plugin_deny
+
+Correct the upstream bug http://sourceforge.net/tracker/index.php?func=detail&aid=1734736&group_id=131204&atid=720419
+---
+ DenyHosts/deny_hosts.py |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/DenyHosts/deny_hosts.py b/DenyHosts/deny_hosts.py
+index f308264..0f5f48d 100644
+--- a/DenyHosts/deny_hosts.py
++++ b/DenyHosts/deny_hosts.py
+@@ -443,7 +443,7 @@ allowed based on your %s file"""  % (self.__prefs.get("HOSTS_DENY"),
+             self.__report.add_section(msg, new_denied_hosts)
+             if self.__sync_server: self.sync_add_hosts(new_denied_hosts)
+             plugin_deny = self.__prefs.get('PLUGIN_DENY')
+-            if plugin_deny: plugin.execute(plugin_deny, deny_hosts)
++            if plugin_deny: plugin.execute(plugin_deny, new_denied_hosts)
+         
+         new_suspicious_logins = login_attempt.get_new_suspicious_logins()
+         if new_suspicious_logins:
+-- 
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch b/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch
new file mode 100644
index 000000000000..cb39df977be6
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch
@@ -0,0 +1,24 @@
+From: Marco Bertorello <marco@bertorello.ns0.it>
+Date: Thu, 14 Apr 2011 00:11:35 +0200
+Subject: 11_single_config_switch
+
+A patch to prevent denyhosts running with a double --config switch
+---
+ daemon-control-dist |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/daemon-control-dist b/daemon-control-dist
+index 9f42b60..14d0f70 100755
+--- a/daemon-control-dist
++++ b/daemon-control-dist
+@@ -144,7 +144,8 @@ if __name__ == '__main__':
+ 
+     try:
+         if option in ('start', 'restart', 'condrestart'):
+-            if '--config' not in args and '-c' not in args:
++            anystartswith = lambda prefix, xs: any(map(lambda x: x.startswith(prefix), xs))
++            if not anystartswith('--config', args) and '-c' not in args:
+                 args.append("--config=%s" % DENYHOSTS_CFG)
+ 
+         cmd = cases[option]
+--
author	Pacho Ramos <pacho@gentoo.org>	2012-09-23 08:25:09 +0000
committer	Pacho Ramos <pacho@gentoo.org>	2012-09-23 08:25:09 +0000
commit	15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e (patch)
tree	9f7936ca11751acc448424ceb1162928b115ff65 /app-admin
parent	x86 stable wrt bug #433878 (diff)
download	gentoo-2-15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e.tar.gz gentoo-2-15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e.tar.bz2 gentoo-2-15b3ed7f6c811a6fa71d6ca8b3314e1247d3986e.zip