Update to 3.1

- Change MASTER_SITES from SF to GitHub - Add LICENSE_FILE - Relax USES=python - Update CPE - Update WWW Changes: https://github.com/denyhosts/denyhosts/releases PR: 200837 (based on) Submitted by: Jesse Smith <jsmith@resonatingmedia.com>
svn path=/head/; revision=513524
2024-10-18 19:49:40 +00:00 · 2019-10-01 19:16:59 +00:00 · 2019-10-01 19:16:59 +00:00 · 2b30969faf · 2021-03-31 03:12:20 +00:00
commit 2b30969faf
parent 69ff7f297a
9 changed files with 80 additions and 141 deletions
--- a/security/denyhosts/Makefile
+++ b/security/denyhosts/Makefile
@ -2,30 +2,33 @@
 # $FreeBSD$

 PORTNAME=	denyhosts
-PORTVERSION=	2.6
-PORTREVISION=	7
+PORTVERSION=	3.1
+DISTVERSIONPREFIX=	v
 CATEGORIES=	security
-MASTER_SITES=	SF
-DISTNAME=	DenyHosts-${PORTVERSION}
+PKGNAMESUFFIX=	${PYTHON_PKGNAMESUFFIX}

 MAINTAINER=	sunpoet@FreeBSD.org
-COMMENT=	Script to thwart ssh attacks
+COMMENT=	Script to thwart ssh and imap attacks

 LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt

-OPTIONS_DEFINE=	DOCS
+BUILD_DEPENDS=	${RUN_DEPENDS}
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ipaddr>=0:devel/py-ipaddr@${PY_FLAVOR}
+
+USES=		cpe python shebangfix
+USE_PYTHON=	autoplist concurrent distutils

-USES=		cpe python:2.7 shebangfix
-REINPLACE_ARGS=	-i ''
-USE_PYTHON=	autoplist distutils
-USE_RC_SUBR=	denyhosts
-CPE_VENDOR=	phil_schwartz
 NO_ARCH=	yes
+REINPLACE_ARGS=	-i ''
+USE_RC_SUBR=	denyhosts

-PORTDOCS=	CHANGELOG.txt LICENSE.txt README.txt
+PLIST_FILES=	"@sample etc/denyhosts.conf.sample"
 SUB_FILES=	pkg-message
 SUB_LIST=	PYTHON=${PYTHON_CMD}

+USE_GITHUB=	yes
+
 SHEBANG_LANG=	env
 SHEBANG_FILES=	daemon-control-dist \
 		plugins/test_deny.py \
@ -35,12 +38,11 @@ env_OLD_CMD=	/bin/env
 env_CMD=	${SETENV}

 post-patch:
-	@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/daemon-control-dist ${WRKSRC}/denyhosts.cfg-dist ${WRKSRC}/setup.py
+	@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/daemon-control-dist ${WRKSRC}/denyhosts.conf ${WRKSRC}/setup.py
+	@${REINPLACE_CMD} -e 's|%%PYTHON_CMD%%|${PYTHON_CMD}|' ${WRKSRC}/daemon-control-dist
 	@${FIND} ${WRKSRC} -type f -name '*.bak' -o -name '*.orig' -delete

 post-install:
-	${INSTALL_DATA} ${WRKSRC}/denyhosts.cfg-dist ${STAGEDIR}${PREFIX}/etc/denyhosts.conf.sample
-	${MKDIR} ${STAGEDIR}${DOCSDIR}/
-	cd ${WRKSRC}/ && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}/
+	${INSTALL_DATA} ${WRKSRC}/denyhosts.conf ${STAGEDIR}${PREFIX}/etc/denyhosts.conf.sample

 .include <bsd.port.mk>
--- a/security/denyhosts/distinfo
+++ b/security/denyhosts/distinfo
@ -1,2 +1,3 @@
-SHA256 (DenyHosts-2.6.tar.gz) = 5190ead13a7238e3ccf328cb3b71b16716e1c73939909a4f3fa6904ba58ddf7d
-SIZE (DenyHosts-2.6.tar.gz) = 42667
+TIMESTAMP = 1567007893
+SHA256 (denyhosts-denyhosts-v3.1_GH0.tar.gz) = 7a6aee5934a56473ad54d373715da1e715ff2ffd19b9dceb54b0297fe8c3a965
+SIZE (denyhosts-denyhosts-v3.1_GH0.tar.gz) = 57160
--- a/security/denyhosts/files/patch-DenyHosts__regex.py
+++ b/security/denyhosts/files/patch-DenyHosts__regex.py
@ -1,44 +0,0 @@
-# Patch shaped from http://seclists.org/oss-sec/2013/q4/535
-===================================================================
--- ./DenyHosts/regex.py.orig	2006-12-07 20:47:04.000000000 +0100
-+++ ./DenyHosts/regex.py	2013-12-23 17:17:42.000000000 +0100
-@@ -6,22 +6,22 @@
- 
- #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""")
- 
-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""")
-+SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""")
- #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""")
- 
-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
-+FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
- 
-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
-+FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
- 
-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
-+FAILED_ENTRY_REGEX3 = None
- 
-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
-+FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""")
- 
-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
-+FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""")
- 
-FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
-+FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
- 
-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""")
-+FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""")
- 
- 
- # these are reserved for future versions
-@@ -42,7 +42,7 @@
-     FAILED_ENTRY_REGEX_MAP[i] = rx
- 
- 
-SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
-+SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
- 
- TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""")
- 
--- a/security/denyhosts/files/patch-daemon-control-dist
+++ b/security/denyhosts/files/patch-daemon-control-dist
@ -1,15 +1,18 @@
--- daemon-control-dist.orig
+--- daemon-control-dist.orig	2015-09-16 19:40:15 UTC
 +++ daemon-control-dist
-@@ -11,9 +11,9 @@
+@@ -11,11 +11,11 @@
 #### Edit these to suit your configuration ####
 ###############################################
 
-DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
-DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
+-DENYHOSTS_BIN   = "/usr/sbin/denyhosts"
+-DENYHOSTS_LOCK  = "/run/denyhosts.pid"
+-DENYHOSTS_CFG   = "/etc/denyhosts.conf"
 +DENYHOSTS_BIN   = "%%PREFIX%%/bin/denyhosts.py"
-+DENYHOSTS_LOCK  = "/var/run/denyhosts"
-+DENYHOSTS_CFG   = "%%PREFIX%%/share/denyhosts/denyhosts.cfg"
+DENYHOSTS_LOCK  = "/var/run/denyhosts.pid"
+DENYHOSTS_CFG   = "%%PREFIX%%/etc/denyhosts.conf"
 
+-PYTHON_BIN      = "/usr/bin/env python"
+PYTHON_BIN      = "%%PYTHON_CMD%%"
 
 ###############################################
+ ####         Do not edit below             ####
--- a/security/denyhosts/files/patch-denyhosts.cfg-dist
+++ b/security/denyhosts/files/patch-denyhosts.cfg-dist
@ -1,28 +1,34 @@
--- denyhosts.cfg-dist.orig
-+++ denyhosts.cfg-dist
-@@ -9,10 +9,10 @@
- # argument
- #
- # Redhat or Fedora Core:
-SECURE_LOG = /var/log/secure
-+#SECURE_LOG = /var/log/secure
+--- denyhosts.conf.orig	2015-09-16 19:40:15 UTC
+++ denyhosts.conf
+@@ -12,7 +12,7 @@
+ #SECURE_LOG = /var/log/secure
 #
 # Mandrake, FreeBSD or OpenBSD: 
 -#SECURE_LOG = /var/log/auth.log
 +SECURE_LOG = /var/log/auth.log
 #
- # SuSE:
+ # SuSE or Gentoo:
 #SECURE_LOG = /var/log/messages
-@@ -31,7 +31,7 @@
+@@ -25,7 +25,7 @@
+ #SECURE_LOG=/private/var/log/system.log
+ #
+ # Debian and Ubuntu
+-SECURE_LOG = /var/log/auth.log
+#SECURE_LOG = /var/log/auth.log
+ ########################################################################
+ 
+ ########################################################################
+@@ -33,7 +33,8 @@ SECURE_LOG = /var/log/auth.log
 # HOSTS_DENY: the file which contains restricted host access information
 #
 # Most operating systems:
 -HOSTS_DENY = /etc/hosts.deny
+#HOSTS_DENY = /etc/hosts.deny
 +HOSTS_DENY = /etc/hosts.deniedssh
 #
 # Some BSD (FreeBSD) Unixes:
 #HOSTS_DENY = /etc/hosts.allow
-@@ -90,7 +90,7 @@
+@@ -92,7 +93,7 @@ PURGE_DENY = 
 # To block all services for the offending host:
 #BLOCK_SERVICE = ALL
 # To block only sshd:
@ -30,47 +36,32 @@
 +#BLOCK_SERVICE  = sshd
 # To only record the offending host and nothing else (if using
 # an auxilary file to list the hosts).  Refer to: 
- # http://denyhosts.sourceforge.net/faq.html#aux
-@@ -150,7 +150,7 @@
+ # http://denyhost.sourceforge.net/faq.html#aux
+@@ -162,7 +163,8 @@ DETECT_DOVECOT_LOGIN_ATTEMPTS = NO
 # Note: it is recommended that you use an absolute pathname
- # for this value (eg. /home/foo/denyhosts/data)
+ # for this value (eg. /home/foo/denyhost/data)
 #
-WORK_DIR = /usr/share/denyhosts/data
+-WORK_DIR = /var/lib/denyhosts
+#WORK_DIR = /var/lib/denyhosts
 +WORK_DIR = %%PREFIX%%/share/denyhosts/data
 #
 #######################################################################
 
-@@ -176,7 +176,7 @@
- # the corresponding hostname will be looked up and reported as well
- # (if available).
- #
-HOSTNAME_LOOKUP=YES
-+HOSTNAME_LOOKUP=NO
- #
- ######################################################################
- 
-@@ -192,10 +192,10 @@
- # running at a time.
- #
+@@ -220,7 +222,7 @@ HOSTNAME_LOOKUP=NO
 # Redhat/Fedora:
-LOCK_FILE = /var/lock/subsys/denyhosts
-+#LOCK_FILE = /var/lock/subsys/denyhosts
+ #LOCK_FILE = /var/lock/subsys/denyhosts
 #
-# Debian
-#LOCK_FILE = /var/run/denyhosts.pid
-+# Debian (and FreeBSD)
-+LOCK_FILE = /var/run/denyhosts.pid
+-# Debian or Gentoo
+# FreeBSD, Debian or Gentoo
+ LOCK_FILE = /var/run/denyhosts.pid
 #
 # Misc
- #LOCK_FILE = /tmp/denyhosts.lock
-@@ -414,7 +414,9 @@
- # See this faq entry for more details:
- #    http://denyhosts.sf.net/faq.html#userdef_regex
+@@ -502,6 +504,8 @@ AGE_RESET_INVALID=10d
+ #    http://denyhost.sf.net/faq.html#userdef_regex
 #
-#USERDEF_FAILED_ENTRY_REGEX=
+ #USERDEF_FAILED_ENTRY_REGEX=
 +USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
 +USERDEF_FAILED_ENTRY_REGEX=[a|A]uthentication error for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) from (?P<host>.*)
-+# sorry no entries for IPv6 address yet :(
 #
 #
 ######################################################################
--- a/security/denyhosts/files/patch-scripts__restricted_from_passwd.py
+++ b/security/denyhosts/files/patch-scripts__restricted_from_passwd.py
@ -1,10 +0,0 @@
--- ./scripts/restricted_from_passwd.py.orig	2013-12-28 18:51:41.000000000 +0100
-+++ ./scripts/restricted_from_passwd.py	2013-12-28 18:51:41.000000000 +0100
-@@ -12,6 +12,7 @@
- ############################################################################
- 
- RESTRICTED_SHELLS = ("/sbin/nologin",
-+                     "/usr/sbin/nologin",
-                      "/sbin/shutdown",
-                      "/sbin/halt")
- 
--- a/security/denyhosts/files/patch-setup.py
+++ b/security/denyhosts/files/patch-setup.py
@ -1,24 +1,21 @@
--- setup.py.orig
+--- setup.py.orig	2015-09-16 19:40:15 UTC
 +++ setup.py
-@@ -8,7 +8,7 @@
- from glob import glob
- 
+@@ -11,8 +11,8 @@ from DenyHosts.util import normalize_whi
+ from DenyHosts.version import VERSION
 
+ etcpath = "/etc"
+-manpath = "/usr/share/man/man8"
 -libpath = "/usr/share/denyhosts"
+manpath = "%%PREFIX%%/man/man8"
 +libpath = "%%PREFIX%%/share/denyhosts"
- scriptspath = "%s/scripts" % libpath
- pluginspath = "%s/plugins" % libpath
+ scriptspath = ospj("scripts", libpath)
+ pluginspath = ospj("plugins", libpath)
 
-@@ -26,11 +26,8 @@
-       data_files=[(libpath, glob("denyhosts.cfg-dist")),
-                   (libpath, glob("setup.py")),
-                   (libpath, glob("daemon-control-dist")),
-                  (libpath, glob("CHANGELOG.txt")),
-                  (libpath, glob("README.txt")),
-                   (scriptspath, glob("scripts/*")),
-                  (pluginspath, glob("plugins/*")),
-                  (libpath, glob("LICENSE.txt"))],
-+                  (pluginspath, glob("plugins/*"))],
-       license="GPL v2",
-       ##extra_path='denyhosts',
-       long_description="""
+@@ -28,7 +28,6 @@ setup(
+     packages=["DenyHosts"],
+     requires=["ipaddr"],
+     data_files=[
+-        (etcpath, glob("denyhosts.conf")),
+         (manpath, glob("denyhosts.8")),
+     ],
+     license="GPL v2",
--- a/security/denyhosts/pkg-descr
+++ b/security/denyhosts/pkg-descr
@ -1,5 +1,5 @@
-DenyHosts is a script intended to be run by *ix system administrators to
-help thwart ssh server attacks.
+DenyHosts is a utility developed by Phil Schwartz and maintained by a number of
+developers which aims to thwart sshd (ssh server) brute force attacks.

 If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed
 to see how many hackers attempted to gain access to your server.
@ -18,4 +18,4 @@ Denyhosts helps you:
 - Optionally sends an email of newly banned hosts and suspicious logins.
 - Resolves IP addresses to hostnames, if you want

-WWW: http://denyhosts.sourceforge.net/
+WWW: https://github.com/denyhosts/denyhosts
--- a/security/denyhosts/pkg-plist
+++ b/security/denyhosts/pkg-plist
@ -1 +0,0 @@
-@sample etc/denyhosts.conf.sample