Up to [cvs.NetBSD.org] / pkgsrc / security / py-denyhosts
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.25 / (download) - annotate - [select for diffs], Sat Oct 15 20:29:48 2022 UTC (7 months, 1 week ago) by he
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, HEAD
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
security/py-denyhosts: port to work with python 3.x. ListType and TupleType is just "list" and "tuple" in python 3, google reveals... Bump PKGREVISION.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Jan 19 18:09:08 2022 UTC (16 months, 1 week ago) by wiz
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1
Changes since 1.23: +7 -7 lines
Diff to previous 1.23 (colored)
py-denyhosts: convert to egg.mk
Revision 1.23 / (download) - annotate - [select for diffs], Sat Nov 27 14:28:10 2021 UTC (18 months ago) by he
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.22: +17 -13 lines
Diff to previous 1.22 (colored)
Update py-denyhosts to version 3.0. Pkgsrc changes: * Change naming style for patches * Adapt patches to new version * Relinquish maintainership to indicate others can update * Add dependency on py-expat Upstream changes: 3.0 ====================== Initial translation of code from Python 2 to Python 3. DenyHosts can now be run as either a Python 2 or a Python 3 program. Added patch from Fedora to fix initial sync issue and insure info logging stream is active. (Provided by Jason Tibbitts.) Added "import logging" to denyhosts.py to avoid errors when setting up logging. (See above change.) Added option PF_TABLE_FILE to the configuration file. When this option is enabled it causes DenyHosts to write blocked IP addresses to a text file. The default location is /etc/blacklist. This text file should correspond to a PF firewall table. At start-up, try to create the file specified by HOSTS_DENY. That way we avoid errors later if the file does not exists. Can be a problem on operating systems where /etc/hosts.deny does not exist in the default configuration. Added regex pattern to detect invalid user accounts. This blocks connections from remote hosts who are attempting to login with accounts not found on the local system. While these connections to non-existent accounts are relatively harmless, they are usually used as part of a brute force attack and filtering them before they reach OpenSSH is a good idea. 2.10 ====================== - Updated example rule for PF in configuration file to make black listing attacking IPs more effective. - Added debugging info in case we cannot create a new PF table entry. - Fixed syntax for comparing suspecious logins. Avoids always testing true/false depending on Python version. - No longer require ETC_DIR in the configuration file. Use a default value "/etc" if ETC_DIR is not manually specified. - Make sure DenyHosts logs when running in foreground mode. When in foreground, warnings are logged to a file rather than outputted to terminal. Keeps things clean. - Add --unlock command line arguement to remove old lock files. - Updated README, version and Makefile with new version/maintainer information. - Added check for PAM failures on FreeBSD. This should block both failed user logins that are reported by PAM and also block repteated attempts at accessing the root account when root logins are disabled by OpenSSH. The latter does not really add more practical protection, but can prevent the connection \ attempts at the firewall level before the OpenSSH service is contacted. - Add systemd unit file, denyhosts.service 2.9 (November 3, 2014) ====================== - DenyHost now supports working with the PF packet filter, a popular firewall for FreeBSD, OpenBSD, TrueOS, PC-BSD and NetBSD. To enable PF support in DenyHost, comment out the IPTABLES option in the denyhosts.conf file and enable the PFCTL_PATH and PF_TABLE options. DenyHost will add misbehaving IP addresses to the PF table specified by "PF_TABLE". This table should be blocked using the pf.conf file. Please see the denyhosts.conf file for more information and example PF rules for blocking incoming traffic. Please note that even if /etc/hosts.deny is not used to block incoming connectins, the file should still exists or DenyHosts may throw an error. (This should be fixed in the next release.) 2.8 (June 12, 2014) =================== - Use standard errno instead of hardcoded errno value. Patch provided by Pino Toscano. - Make sure PLUGIN_DENY is called for each host we receive from the sync server. Patch provided by Sean M. Collins. - Made sure only new hosts in hosts.deny are reported as new, not all hosts. This prevents the PLUGIN_DENY plugin from getting old entries repeatedly. Patch provided by Chris Erdle. - We now check user defined regular expression filters, even if we already found a match with an existing filter. This allows the user to filter more services without using a plugin. Patch provided by Ben. - Added --purge-all command line flag to allow us to remove all old entries from the deny file without waiting. Patch provided by 9MediaCenterGUI on SourceForge. - Updated copyright information and some documentation. - Added manual page from Debian and fixed typo. Added additional command line options to man page. - Added --purgeip option to allow us to remove specific IP addresses from the blocked list at start time. Patch provided by Nelson Howell. Should close Debian bug 529089. - Updated FAILED_ENTRY_REGEX7 to be more flexible. - Added ability to use Linux iptables to block incoming connections. See IPTABLES option in the configuration file. - Made it possible to block specific ports, allowing remote hosts to conenct to some services while being blocked on others by the iptables firewall. See the BLOCKPORT option in the configuration file. 2.7 (May 18, 2014) ================== - Forked code from DenyHosts (denyhosts.sf.net) New project now maintained at denyhost.sf.net - Added private moduls patch from Marco Bertorello. Loads modules from /usr/share/denyhosts - Place config, lock and executable file in more standard locations. Patch provided by Marco Bertorello. - Fixed configuration (denyhosts.cfg-dist) to better support Debian and Ubuntu. Patch supplied by Marco Nenciarini. - Added warning to migrate switch. Patch provided by Marco Bertorello. - Avoid installing unwanted files (extra scripts and changelog). Patch provided by Marco Nenciarini. - Fix bug which would not recognize an attack on the root user account. Patch provided by Kyle Willmon. - Fix pattern matching bug (CVE-2007-4323). Patch provided by Nico Golde. - Added foreground mode for debugging. Patch supplied by Marco Bertorello. - Applied patch to fix plugin execution. Patched provided by Marco Bertorello. - Added patch to prevent DenyHosts from running with a double --config switch. Patch provided by Maro Bertorello. - Convert path of "env" from /bin/env to /usr/bin/env Patch provided by Kyle Willmon. - Added patch to perform missing bounds check in Purge action. Provided by Kyle Willmon. - Added patch to include SYNC_PROXY_SERVER configuration option. Provided by Kyle Willmon. - Change HOSTNAME_LOOKUP to default to "NO". Will save time. Also brings us into closer alignment with FreeBSD patches. - Added /usr/sbin/nologin to restricted_from_passwd script. Requirement from FreeBSD patch set. - Added variable "ETC_DIR" which dictates the location of configuration files. This should usually be set to /etc or /usr/local/etc - The restricted-usernames file is now loaded from the "ETC_DIR" directory, rather than from "WORK_DIR" to avoid this human-made configuration file from being over-writeen. Closes Ubuntu bug #675034 - Confirm setting timestamp over-writes old tiemstamp file. Closes Ubuntu bug #564476 - Applied advanced pattern check for authentication file which takes into account alternative port numbers. Patch provided by Helmut Grohne. - Updated license and readme files. - Updated help output from DenyHost script to include --config tip.
Revision 1.22 / (download) - annotate - [select for diffs], Fri Mar 20 11:58:19 2020 UTC (3 years, 2 months ago) by nia
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
*: Convert broken sourceforge HOMEPAGEs back to http
Revision 1.21 / (download) - annotate - [select for diffs], Sat Jan 18 23:35:12 2020 UTC (3 years, 4 months ago) by rillig
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)
all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU.
Revision 1.20 / (download) - annotate - [select for diffs], Mon Nov 4 21:13:00 2019 UTC (3 years, 6 months ago) by rillig
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.19: +8 -8 lines
Diff to previous 1.19 (colored)
security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
Revision 1.19 / (download) - annotate - [select for diffs], Mon Sep 2 13:19:55 2019 UTC (3 years, 8 months ago) by adam
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
Changed PYTHON_VERSIONS_INCOMPATIBLE to PYTHON_VERSIONS_ACCEPTED; needed for future Python 3.8
Revision 1.18 / (download) - annotate - [select for diffs], Fri Apr 26 13:14:12 2019 UTC (4 years, 1 month ago) by maya
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
Omit mentions of python 34 and 35, after those were removed. - Includes some whitespace changes, to be handled in a separate commit.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Jul 3 05:03:31 2018 UTC (4 years, 10 months ago) by adam
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
extend PYTHON_VERSIONS_ for Python 3.7
Revision 1.16 / (download) - annotate - [select for diffs], Sun Jan 1 14:43:55 2017 UTC (6 years, 4 months ago) by wiz
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Add python-3.6 to incompatible versions.
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jul 9 13:04:04 2016 UTC (6 years, 10 months ago) by wiz
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
Remove python33: adapt all packages that refer to it.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Dec 5 21:25:57 2015 UTC (7 years, 5 months ago) by adam
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
Extend PYTHON_VERSIONS_INCOMPATIBLE to 35
Revision 1.13 / (download) - annotate - [select for diffs], Fri May 9 07:37:18 2014 UTC (9 years ago) by wiz
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
Mark packages that are not ready for python-3.3 also not ready for 3.4, until proven otherwise.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Mar 11 14:34:40 2014 UTC (9 years, 2 months ago) by jperkin
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)
Import initial SMF support for individual packages.
Revision 188.8.131.52 / (download) - annotate - [select for diffs], Tue Feb 11 20:50:43 2014 UTC (9 years, 3 months ago) by tron
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
Pullup ticket #4321 - requested by pettai security/py-denyhosts: security patch Revisions pulled up: - security/py-denyhosts/Makefile 1.11 - security/py-denyhosts/distinfo 1.6 - security/py-denyhosts/patches/patch-af 1.3 --- Module Name: pkgsrc Committed By: pettai Date: Tue Feb 4 15:38:16 UTC 2014 Modified Files: pkgsrc/security/py-denyhosts: Makefile distinfo pkgsrc/security/py-denyhosts/patches: patch-af Log Message: Added DSA-2826-2 fix
Revision 1.11 / (download) - annotate - [select for diffs], Tue Feb 4 15:38:16 2014 UTC (9 years, 3 months ago) by pettai
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Added DSA-2826-2 fix
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jan 25 10:30:20 2014 UTC (9 years, 4 months ago) by wiz
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)
Mark packages as not ready for python-3.x where applicable; either because they themselves are not ready or because a dependency isn't. This is annotated by PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z or PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar respectively, please use the same style for other packages, and check during updates. Use versioned_dependencies.mk where applicable. Use REPLACE_PYTHON instead of handcoded alternatives, where applicable. Reorder Makefile sections into standard order, where applicable. Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default with the next commit. Whitespace cleanups and other nits corrected, where necessary.
Revision 184.108.40.206 / (download) - annotate - [select for diffs], Sun Dec 29 21:21:36 2013 UTC (9 years, 5 months ago) by tron
Changes since 1.8: +3 -2 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
Pullup ticket #4278 - requested by pettai security/py-denyhosts: security patch Revisions pulled up: - security/py-denyhosts/Makefile 1.9 - security/py-denyhosts/distinfo 1.4-1.5 - security/py-denyhosts/patches/patch-af 1.2 --- Module Name: pkgsrc Committed By: pettai Date: Thu Dec 26 23:30:41 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: Makefile distinfo pkgsrc/security/py-denyhosts/patches: patch-af Log Message: Fix for CVE-2013-6890 --- Module Name: pkgsrc Committed By: pettai Date: Sun Dec 29 20:27:55 UTC 2013 Modified Files: pkgsrc/security/py-denyhosts: distinfo Log Message: Fixed broken checksum
Revision 1.9 / (download) - annotate - [select for diffs], Thu Dec 26 23:30:41 2013 UTC (9 years, 5 months ago) by pettai
CVS Tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Changes since 1.8: +3 -2 lines
Diff to previous 1.8 (colored)
Fix for CVE-2013-6890
Revision 1.8 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:53 2012 UTC (10 years, 7 months ago) by asau
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Branch point for: pkgsrc-2013Q3
Changes since 1.7: +1 -3 lines
Diff to previous 1.7 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.7 / (download) - annotate - [select for diffs], Thu Oct 4 00:21:59 2012 UTC (10 years, 7 months ago) by cheusov
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
Bump revision for packages with changed CONFLICTS (PYTHON_SELF_CONFLICT)
Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 3 23:40:37 2012 UTC (10 years, 7 months ago) by cheusov
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)
CONFLICTS between python modules
Revision 1.5 / (download) - annotate - [select for diffs], Fri Apr 29 16:51:27 2011 UTC (12 years, 1 month ago) by taca
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
More replace interpreter.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Apr 25 20:39:11 2008 UTC (15 years, 1 month ago) by joerg
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.3: +1 -2 lines
Diff to previous 1.3 (colored)
Update PYTHON_VERSIONS_COMPATIBLE - assume that Python 2.4 and 2.5 are compatible and allow checking for fallout. - remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+ default. Modify the others to deal with the removals.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Aug 20 07:31:38 2007 UTC (15 years, 9 months ago) by taca
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3
Changes since 1.2: +4 -2 lines
Diff to previous 1.2 (colored)
Replace python's path in RCD_SCRIPTS, files/denyhosts. Bump PKGREVISION.
Revision 1.2 / (download) - annotate - [select for diffs], Sat Aug 18 15:10:38 2007 UTC (15 years, 9 months ago) by taca
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)
Add a patch for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4323. Bump PKGREVISION.
Revision 220.127.116.11 / (download) - annotate - [select for diffs] (vendor branch), Thu Aug 2 17:27:30 2007 UTC (15 years, 9 months ago) by he
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Import a package for DenyHosts version 2.6, ref. http://denyhosts.sourceforge.net/ DenyHosts is a script intended to be run by system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks). In short, it does this by monitoring your syslog output for failed login attempts and tweaking /etc/hosts.deny accordingly, and it can optionally send and fetch lists of ssh probers from a central server. Thanks to joerg@ for review and corrections.
Revision 1.1 / (download) - annotate - [select for diffs], Thu Aug 2 17:27:30 2007 UTC (15 years, 9 months ago) by he
This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.