Apply patch for CVE-2009-5023. Bug #364883

Package-Manager: portage-2.1.9.46/cvs/Linux x86_64
author: Markos Chandras <hwoarang@gentoo.org> 2011-05-04 19:43:06 +0000
committer: Markos Chandras <hwoarang@gentoo.org> 2011-05-04 19:43:06 +0000
commit: 53ae3e3ec399a426f7c90854fd7ccabe71a897a2 (patch)
tree: b58504f78dfca83a64d42cf41f38feb4658726b8 /net-analyzer/fail2ban
parent: Stable on amd64 wrt bug #344059 (diff)
download: historical-53ae3e3ec399a426f7c90854fd7ccabe71a897a2.tar.gz
historical-53ae3e3ec399a426f7c90854fd7ccabe71a897a2.tar.bz2
historical-53ae3e3ec399a426f7c90854fd7ccabe71a897a2.zip
4 files changed, 145 insertions, 2 deletions
diff --git a/net-analyzer/fail2ban/ChangeLog b/net-analyzer/fail2ban/ChangeLog
index 75543a3fd7f3..15efa91998b6 100644
--- a/net-analyzer/fail2ban/ChangeLog
+++ b/net-analyzer/fail2ban/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-analyzer/fail2ban
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.65 2011/03/21 11:31:15 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.66 2011/05/04 19:43:06 hwoarang Exp $
+
+*fail2ban-0.8.4-r3 (04 May 2011)
+
+  04 May 2011; Markos Chandras <hwoarang@gentoo.org> +fail2ban-0.8.4-r3.ebuild,
+  +files/fail2ban-0.8.4-cve2009-5023.patch:
+  Apply patch for CVE-2009-5023. Bug #364883
 
   21 Mar 2011; Kacper Kowalik <xarthisius@gentoo.org> fail2ban-0.8.4-r2.ebuild:
   ppc/ppc64 stable wrt #351803
diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest
index 97da51dad26f..90ebdf01caf0 100644
--- a/net-analyzer/fail2ban/Manifest
+++ b/net-analyzer/fail2ban/Manifest
@@ -1,3 +1,7 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+AUX fail2ban-0.8.4-cve2009-5023.patch 1587 RMD160 fce36b64effa72a6e73db3698bc40c5949f6a400 SHA1 73cc35b8cc823e0a1d5f84aa1791be329cc38e2d SHA256 de788f841d650a0b875091a7c58f2dc21a243c5b4559617aec341d28492ab4e1
 AUX fail2ban-0.8.4-hashlib.patch 1129 RMD160 c3df715e57eb621274ef953d4da1991c46a60a6e SHA1 2385a85135b9040239901d381fb2cec564f7463b SHA256 a590d116849a2072fcd6403cfc985f3297e275caf11b184877faa45378237a9f
 AUX fail2ban-0.8.4-sshd-breakin.patch 1107 RMD160 719d206fd118e25d0cee3887db7b4c8b1c241524 SHA1 c9780ec64a8e59cee3c74be2863b3816ff6b16e8 SHA256 0a986bc24fe3333254b4f4eb3fd04bb2f46652ae3be2b02d137e5c7d6aa483c8
 AUX fail2ban-logrotate 191 RMD160 26756583fbaa7b7ad09e300ac9d0cbbe8a2bdcf3 SHA1 c66d4786e9532d6785b25f36999438b590ae9040 SHA256 4cfe274ec9c71dd0ae0575298f5327230f6e67b2f8fc1a616c645d0f6b3ce02f
@@ -6,6 +10,24 @@ AUX gentoo-initd_create_run_dir.patch 591 RMD160 31ad2f85704fbff25b6f9ea62734e17
 DIST fail2ban-0.8.4.tar.bz2 71818 RMD160 05a9dfd206f734bea9d063a2527695c1b033ea43 SHA1 0816a9f8d54013dc9b395284caff3c54f44377d8 SHA256 7a4fc0ea6dffde1db1d096757878e1b2c5f0b087a05ed7e7ca0202fb0b127982
 EBUILD fail2ban-0.8.4-r1.ebuild 1883 RMD160 eaf21ca4a77e3eefefd8ca86d3a7074289e4a1b4 SHA1 0d2a4a94b26d51b97ba182823a031527aceed25b SHA256 928b04b77a61d6651b4e3d6e716237cbc7ad96040babfcca18c6e234b605745a
 EBUILD fail2ban-0.8.4-r2.ebuild 1852 RMD160 93373aa7ec57ed6c0260b1b01828abd5363fed97 SHA1 247bf371b7b08c3a1740d369ad0496499281e067 SHA256 646e8cbdc7baa24dc14c2141c9d955d4197ff81ea2cfce28daf42087e9e840b5
+EBUILD fail2ban-0.8.4-r3.ebuild 1897 RMD160 b2dbba3df09fcac52fbe29a23c18dd5e3095a68d SHA1 e4e57164a94cb4576d1da8dc162c6e9c76352276 SHA256 af282f644ff4a67b2d3a21d763b7ac3fedf8526740a334a6059d50e0d8980536
 EBUILD fail2ban-0.8.4.ebuild 1720 RMD160 860582c76e1781c99e69ad004fd986ba80de05aa SHA1 a1b4d99fe205d51b124d8338e451740468d1acf3 SHA256 9d05c441802440349830547bf089d35ec51cb445ebc3a437fc116cab13087c2b
-MISC ChangeLog 10422 RMD160 d2ce88bb7ec2e6f91509bb7b27056ecc3c268ad0 SHA1 66dbd1baf79fb5f0cc4d872f686106bb137cb70a SHA256 684eca75a50af5a9eab1930f63e1476b9ffb1db7f531540ae9ba7fc9fbfc3f58
+MISC ChangeLog 10624 RMD160 7983946c493d9e460c94ee31296f33eefc354c8a SHA1 83bd1340f66882556bb47b0fcd90be580ef80ad0 SHA256 50ea3cd8984af47db2bf667395193fe7a1260556febba66a6b64c4979144174e
 MISC metadata.xml 252 RMD160 cdc7c3fd17bea80f58e06f161a20d23c4028d84c SHA1 efa55fa719cd06beb2ca49131d6445b6787c5da8 SHA256 4f9ebee95f874fc7e89bf6844826f7826d899d2ddf06847e3eda21465ed56113
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.17 (GNU/Linux)
+
+iQIcBAEBCgAGBQJNwaxPAAoJEPqDWhW0r/LCSO0P/A2JD+ZjZqEMP3Xke/rwkaO1
+CI5bk+7h4s2ShEjOMtui5FhvgZCxe4V1tSlAuXDLY05MgH8AsLP/N7qx+PiGHv1Y
+wlDlaorow6LGvDuTi77YAywqnU/QG9aQAjeMiDh/JUtypkmiAykSCHmnuvbVSUKH
+dhnM+8YajW3ndrDVMN6jPjIbjt/QbeShx5/AHcy2VMWuG8cnAZviy2RWdW9+1l9L
+xqXvb1wGgsG6IYBNszsibp5xHc4nUbtRKprWHXsfSncSSD6bKOMWujP4JM6RK97/
+ymXIjC2SG0B/gwJevJ246HoOyeOC+8BR1NAa5pQnAdz5TO00r37hIJ/Xf1t9lCg9
+vryBnGDkcXotJLpyYgA9Bj7x5COY9qHEDeQDv22N1szwzSao1McyWUdEGhrzVRrs
+zTtfPSdJvt4pYlVA+Nv7V8AnmHA6KjiYJ4HqcnB9weK0NRKfDWxHWtPEpN3KVQDi
+TEoW564xnIgQNP3YCUYT51G74aqo6AwDHaEEXdPUQhjM6ThhdbnVyk6oAYcTBRG0
+1YJlkHpYque0DgjdxsLLOCIt5bPzgQBYbri97AYfddCzb+fLNKqIZu2WwwiHqcCr
+WgwbVvYnJe7wrLm+3qvmgsWJf1voYfk5XnWE9EHbol+yFqePooZevDc/keJUynp6
+aF78kNS1jjwecK4ih9u8
+=9DXy
+-----END PGP SIGNATURE-----
diff --git a/net-analyzer/fail2ban/fail2ban-0.8.4-r3.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.4-r3.ebuild
new file mode 100644
index 000000000000..fac815b22d83
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-0.8.4-r3.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.4-r3.ebuild,v 1.1 2011/05/04 19:43:06 hwoarang Exp $
+
+EAPI="3"
+PYTHON_DEPEND="2"
+
+inherit distutils eutils
+
+DESCRIPTION="Bans IP that make too many password failures"
+HOMEPAGE="http://fail2ban.sourceforge.net/"
+SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND="net-misc/whois
+	virtual/mta
+	net-firewall/iptables"
+
+pkg_setup() {
+	python_set_active_version 2
+	python_pkg_setup
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-hashlib.patch \
+		"${FILESDIR}"/${P}-sshd-breakin.patch \
+		"${FILESDIR}"/gentoo-initd_create_run_dir.patch \
+		"${FILESDIR}"/${P}-cve2009-5023.patch
+	distutils_src_prepare
+}
+
+src_install() {
+	distutils_src_install
+
+	newconfd files/gentoo-confd fail2ban
+	newinitd files/gentoo-initd fail2ban
+	dodoc ChangeLog README TODO || die "dodoc failed"
+	doman man/*.1 || die "doman failed"
+
+	# Use INSTALL_MASK  if you do not want to touch /etc/logrotate.d.
+	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/${PN}-logrotate ${PN} || die
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-0.7"
+	previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+	distutils_pkg_postinst
+
+	if [[ $previous_less_than_0_7 = 0 ]] ; then
+		elog
+		elog "Configuration files are now in /etc/fail2ban/"
+		elog "You probably have to manually update your configuration"
+		elog "files before restarting Fail2ban!"
+		elog
+		elog "Fail2ban is not installed under /usr/lib anymore. The"
+		elog "new location is under /usr/share."
+		elog
+		elog "You are upgrading from version 0.6.x, please see:"
+		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+	fi
+}
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.8.4-cve2009-5023.patch b/net-analyzer/fail2ban/files/fail2ban-0.8.4-cve2009-5023.patch
new file mode 100644
index 000000000000..d1b69a44c0d5
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.8.4-cve2009-5023.patch
@@ -0,0 +1,45 @@
+Index: config/action.d/mail-buffered.conf
+===================================================================
+--- config/action.d/mail-buffered.conf	(revision 766)
++++ config/action.d/mail-buffered.conf	(revision 767)
+@@ -81,7 +81,7 @@
+ 
+ # Default temporary file
+ #
+-tmpfile = /tmp/fail2ban-mail.txt
++tmpfile = /var/run/fail2ban/tmp-mail.txt
+ 
+ # Destination/Addressee of the mail
+ #
+Index: config/action.d/sendmail-buffered.conf
+===================================================================
+--- config/action.d/sendmail-buffered.conf	(revision 766)
++++ config/action.d/sendmail-buffered.conf	(revision 767)
+@@ -101,5 +101,5 @@
+ 
+ # Default temporary file
+ #
+-tmpfile = /tmp/fail2ban-mail.txt
++tmpfile = /var/run/fail2ban/tmp-mail.txt
+ 
+Index: config/action.d/dshield.conf
+===================================================================
+--- config/action.d/dshield.conf	(revision 766)
++++ config/action.d/dshield.conf	(revision 767)
+@@ -206,5 +206,5 @@
+ # Notes.:  Base name of temporary files used for buffering
+ # Values:  [ STRING ]  Default: /tmp/fail2ban-dshield
+ #
+-tmpfile = /tmp/fail2ban-dshield
++tmpfile = /var/run/fail2ban/tmp-dshield
+ 
+Index: config/action.d/mynetwatchman.conf
+===================================================================
+--- config/action.d/mynetwatchman.conf	(revision 766)
++++ config/action.d/mynetwatchman.conf	(revision 767)
+@@ -141,4 +141,4 @@
+ # Notes.:  Base name of temporary files
+ # Values:  [ STRING ]  Default: /tmp/fail2ban-mynetwatchman
+ #
+-tmpfile = /tmp/fail2ban-mynetwatchman
++tmpfile = /var/run/fail2ban/tmp-mynetwatchman
author	Markos Chandras <hwoarang@gentoo.org>	2011-05-04 19:43:06 +0000
committer	Markos Chandras <hwoarang@gentoo.org>	2011-05-04 19:43:06 +0000
commit	53ae3e3ec399a426f7c90854fd7ccabe71a897a2 (patch)
tree	b58504f78dfca83a64d42cf41f38feb4658726b8 /net-analyzer/fail2ban
parent	Stable on amd64 wrt bug #344059 (diff)
download	historical-53ae3e3ec399a426f7c90854fd7ccabe71a897a2.tar.gz historical-53ae3e3ec399a426f7c90854fd7ccabe71a897a2.tar.bz2 historical-53ae3e3ec399a426f7c90854fd7ccabe71a897a2.zip