Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Alex Legler (a3li)" <a3li@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-analyzer/fail2ban/files: fail2ban-CVE-2009-0362.patch
Date: Sun, 23 Aug 2009 21:04:50
Message-Id: E1MfKF6-0003aN-H5@stork.gentoo.org
1 a3li 09/08/23 21:04:48
2
3 Added: fail2ban-CVE-2009-0362.patch
4 Log:
5 Non-maintainer commit: Revbump to fix security bug 258866. Removing unneeded vulnerable versions.
6 (Portage version: 2.2_rc33/cvs/Linux x86_64)
7
8 Revision Changes Path
9 1.1 net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch?rev=1.1&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-CVE-2009-0362.patch?rev=1.1&content-type=text/plain
13
14 Index: fail2ban-CVE-2009-0362.patch
15 ===================================================================
16 Patch for bug 258866. Taken via svn diff from upstream SVN.
17 Removed Changelog and cyrus filter changes as they didn't apply. --a3li
18
19 Index: testcases/filtertestcase.py
20 ===================================================================
21 --- testcases/filtertestcase.py (revision 727)
22 +++ testcases/filtertestcase.py (revision 728)
23 @@ -99,7 +99,7 @@
24 output = ('193.168.0.128', 3, 1124013599.0)
25
26 self.__filter.addLogPath(GetFailures.FILENAME_01)
27 - self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
28 + self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
29
30 self.__filter.getFailures(GetFailures.FILENAME_01)
31
32 @@ -116,7 +116,7 @@
33 output = ('141.3.81.106', 4, 1124013539.0)
34
35 self.__filter.addLogPath(GetFailures.FILENAME_02)
36 - self.__filter.addFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
37 + self.__filter.addFailRegex("Failed .* from <HOST>")
38
39 self.__filter.getFailures(GetFailures.FILENAME_02)
40
41 @@ -133,7 +133,7 @@
42 output = ('203.162.223.135', 6, 1124013544.0)
43
44 self.__filter.addLogPath(GetFailures.FILENAME_03)
45 - self.__filter.addFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
46 + self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
47
48 self.__filter.getFailures(GetFailures.FILENAME_03)
49
50 @@ -151,7 +151,7 @@
51 ('212.41.96.185', 4, 1124013598.0)]
52
53 self.__filter.addLogPath(GetFailures.FILENAME_04)
54 - self.__filter.addFailRegex("Invalid user .* (?P<host>\S*)")
55 + self.__filter.addFailRegex("Invalid user .* <HOST>")
56
57 self.__filter.getFailures(GetFailures.FILENAME_04)
58
59 Index: config/filter.d/postfix.conf
60 ===================================================================
61 --- config/filter.d/postfix.conf (revision 727)
62 +++ config/filter.d/postfix.conf (revision 728)
63 @@ -11,7 +11,7 @@
64 # Notes.: regex to match the password failures messages in the logfile. The
65 # host must be matched by a group named "host". The tag "<HOST>" can
66 # be used for standard IP/hostname matching and is only an alias for
67 -# (?:::f{4,6}:)?(?P<host>\S+)
68 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
69 # Values: TEXT
70 #
71 failregex = reject: RCPT from (.*)\[<HOST>\]: 554
72 Index: config/filter.d/sshd.conf
73 ===================================================================
74 --- config/filter.d/sshd.conf (revision 727)
75 +++ config/filter.d/sshd.conf (revision 728)
76 @@ -20,7 +20,7 @@
77 # Notes.: regex to match the password failures messages in the logfile. The
78 # host must be matched by a group named "host". The tag "<HOST>" can
79 # be used for standard IP/hostname matching and is only an alias for
80 -# (?:::f{4,6}:)?(?P<host>\S+)
81 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
82 # Values: TEXT
83 #
84 failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
85 Index: config/filter.d/courierlogin.conf
86 ===================================================================
87 --- config/filter.d/courierlogin.conf (revision 727)
88 +++ config/filter.d/courierlogin.conf (revision 728)
89 @@ -12,7 +12,7 @@
90 # Notes.: regex to match the password failures messages in the logfile. The
91 # host must be matched by a group named "host". The tag "<HOST>" can
92 # be used for standard IP/hostname matching and is only an alias for
93 -# (?:::f{4,6}:)?(?P<host>\S+)
94 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
95 # Values: TEXT
96 #
97 failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
98 Index: config/filter.d/sasl.conf
99 ===================================================================
100 --- config/filter.d/sasl.conf (revision 727)
101 +++ config/filter.d/sasl.conf (revision 728)
102 @@ -11,7 +11,7 @@
103 # Notes.: regex to match the password failures messages in the logfile. The
104 # host must be matched by a group named "host". The tag "<HOST>" can
105 # be used for standard IP/hostname matching and is only an alias for
106 -# (?:::f{4,6}:)?(?P<host>\S+)
107 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
108 # Values: TEXT
109 #
110 failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
111 Index: config/filter.d/exim.conf
112 ===================================================================
113 --- config/filter.d/exim.conf (revision 727)
114 +++ config/filter.d/exim.conf (revision 728)
115 @@ -11,7 +11,7 @@
116 # Notes.: regex to match the password failures messages in the logfile. The
117 # host must be matched by a group named "host". The tag "<HOST>" can
118 # be used for standard IP/hostname matching and is only an alias for
119 -# (?:::f{4,6}:)?(?P<host>\S+)
120 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
121 # Values: TEXT
122 #
123 failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
124 Index: config/filter.d/qmail.conf
125 ===================================================================
126 --- config/filter.d/qmail.conf (revision 727)
127 +++ config/filter.d/qmail.conf (revision 728)
128 @@ -11,7 +11,7 @@
129 # Notes.: regex to match the password failures messages in the logfile. The
130 # host must be matched by a group named "host". The tag "<HOST>" can
131 # be used for standard IP/hostname matching and is only an alias for
132 -# (?:::f{4,6}:)?(?P<host>\S+)
133 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
134 # Values: TEXT
135 #
136 failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST>
137 Index: config/filter.d/xinetd-fail.conf
138 ===================================================================
139 --- config/filter.d/xinetd-fail.conf (revision 727)
140 +++ config/filter.d/xinetd-fail.conf (revision 728)
141 @@ -11,7 +11,7 @@
142 # Notes.: regex to match the password failures messages in the logfile. The
143 # host must be matched by a group named "host". The tag "<HOST>" can
144 # be used for standard IP/hostname matching and is only an alias for
145 -# (?:::f{4,6}:)?(?P<host>\S+)
146 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
147 # Values: TEXT
148 #
149 # Cfr.: /var/log/(daemon\.|sys)log
150 Index: config/filter.d/vsftpd.conf
151 ===================================================================
152 --- config/filter.d/vsftpd.conf (revision 727)
153 +++ config/filter.d/vsftpd.conf (revision 728)
154 @@ -11,7 +11,7 @@
155 # Notes.: regex to match the password failures messages in the logfile. The
156 # host must be matched by a group named "host". The tag "<HOST>" can
157 # be used for standard IP/hostname matching and is only an alias for
158 -# (?:::f{4,6}:)?(?P<host>\S+)
159 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
160 # Values: TEXT
161 #
162 failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
163 Index: config/filter.d/pure-ftpd.conf
164 ===================================================================
165 --- config/filter.d/pure-ftpd.conf (revision 727)
166 +++ config/filter.d/pure-ftpd.conf (revision 728)
167 @@ -16,7 +16,7 @@
168 # Notes.: regex to match the password failures messages in the logfile. The
169 # host must be matched by a group named "host". The tag "<HOST>" can
170 # be used for standard IP/hostname matching and is only an alias for
171 -# (?:::f{4,6}:)?(?P<host>\S+)
172 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
173 # Values: TEXT
174 #
175 failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
176 Index: config/filter.d/couriersmtp.conf
177 ===================================================================
178 --- config/filter.d/couriersmtp.conf (revision 727)
179 +++ config/filter.d/couriersmtp.conf (revision 728)
180 @@ -11,7 +11,7 @@
181 # Notes.: regex to match the password failures messages in the logfile. The
182 # host must be matched by a group named "host". The tag "<HOST>" can
183 # be used for standard IP/hostname matching and is only an alias for
184 -# (?:::f{4,6}:)?(?P<host>\S+)
185 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
186 # Values: TEXT
187 #
188 failregex = error,relay=<HOST>,.*550 User unknown
189 Index: config/filter.d/proftpd.conf
190 ===================================================================
191 --- config/filter.d/proftpd.conf (revision 727)
192 +++ config/filter.d/proftpd.conf (revision 728)
193 @@ -11,7 +11,7 @@
194 # Notes.: regex to match the password failures messages in the logfile. The
195 # host must be matched by a group named "host". The tag "<HOST>" can
196 # be used for standard IP/hostname matching and is only an alias for
197 -# (?:::f{4,6}:)?(?P<host>\S+)
198 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
199 # Values: TEXT
200 #
201 failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
202 Index: config/filter.d/apache-noscript.conf
203 ===================================================================
204 --- config/filter.d/apache-noscript.conf (revision 727)
205 +++ config/filter.d/apache-noscript.conf (revision 728)
206 @@ -11,7 +11,7 @@
207 # Notes.: regex to match the password failure messages in the logfile. The
208 # host must be matched by a group named "host". The tag "<HOST>" can
209 # be used for standard IP/hostname matching and is only an alias for
210 -# (?:::f{4,6}:)?(?P<host>\S+)
211 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
212 # Values: TEXT
213 #
214 failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)
215 Index: config/filter.d/apache-auth.conf
216 ===================================================================
217 --- config/filter.d/apache-auth.conf (revision 727)
218 +++ config/filter.d/apache-auth.conf (revision 728)
219 @@ -11,7 +11,7 @@
220 # Notes.: regex to match the password failure messages in the logfile. The
221 # host must be matched by a group named "host". The tag "<HOST>" can
222 # be used for standard IP/hostname matching and is only an alias for
223 -# (?:::f{4,6}:)?(?P<host>\S+)
224 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
225 # Values: TEXT
226 #
227 failregex = [[]client <HOST>[]] user .* authentication failure
228 Index: config/filter.d/webmin-auth.conf
229 ===================================================================
230 --- config/filter.d/webmin-auth.conf (revision 727)
231 +++ config/filter.d/webmin-auth.conf (revision 728)
232 @@ -15,7 +15,7 @@
233 # Notes.: regex to match the password failure messages in the logfile. The
234 # host must be matched by a group named "host". The tag "<HOST>" can
235 # be used for standard IP/hostname matching and is only an alias for
236 -# (?:::f{4,6}:)?(?P<host>\S+)
237 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
238 # Values: TEXT
239 #
240 failregex = webmin.* Non-existent login as .+ from <HOST>$
241 Index: config/filter.d/common.conf
242 ===================================================================
243 --- config/filter.d/common.conf (revision 727)
244 +++ config/filter.d/common.conf (revision 728)
245 @@ -3,7 +3,7 @@
246 #
247 # Author: Yaroslav Halchenko
248 #
249 -# $Revision: 1.1 $
250 +# $Revision: 1.1 $
251 #
252
253 [INCLUDES]
254 Index: config/filter.d/sshd-ddos.conf
255 ===================================================================
256 --- config/filter.d/sshd-ddos.conf (revision 727)
257 +++ config/filter.d/sshd-ddos.conf (revision 728)
258 @@ -11,7 +11,7 @@
259 # Notes.: regex to match the password failures messages in the logfile. The
260 # host must be matched by a group named "host". The tag "<HOST>" can
261 # be used for standard IP/hostname matching and is only an alias for
262 -# (?:::f{4,6}:)?(?P<host>\S+)
263 +# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
264 # Values: TEXT
265 #
266 failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
267 Index: server/failregex.py
268 ===================================================================
269 --- server/failregex.py (revision 727)
270 +++ server/failregex.py (revision 728)
271 @@ -44,7 +44,7 @@
272 self._matchCache = None
273 # Perform shortcuts expansions.
274 # Replace "<HOST>" with default regular expression for host.
275 - regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
276 + regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)")
277 if regex.lstrip() == '':
278 raise RegexException("Cannot add empty regex")
279 try:
280 Index: server/filter.py
281 ===================================================================
282 --- server/filter.py (revision 727)
283 +++ server/filter.py (revision 728)
284 @@ -492,7 +492,7 @@
285
286 class DNSUtils:
287
288 - IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}")
289 + IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
290
291 #@staticmethod
292 def dnsToIp(dns):
Report Message
Find on MARC Find on Google Groups