From brix@lothlorien.brixandersen.dk  Sun Jun 17 15:33:08 2007
Return-Path: <brix@lothlorien.brixandersen.dk>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4E8C016A468
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Jun 2007 15:33:08 +0000 (UTC)
	(envelope-from brix@lothlorien.brixandersen.dk)
Received: from solow.pil.dk (relay.pil.dk [195.41.47.164])
	by mx1.freebsd.org (Postfix) with ESMTP id 1908813C465
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 17 Jun 2007 15:33:07 +0000 (UTC)
	(envelope-from brix@lothlorien.brixandersen.dk)
Received: from lothlorien.brixandersen.dk (osgiliath.brixandersen.dk [87.53.223.189])
	by solow.pil.dk (Postfix) with ESMTP id 72F551CC105;
	Sun, 17 Jun 2007 17:33:06 +0200 (CEST)
Received: by lothlorien.brixandersen.dk (Postfix, from userid 1001)
	id DEC481141F; Sun, 17 Jun 2007 17:33:05 +0200 (CEST)
Message-Id: <20070617153305.DEC481141F@lothlorien.brixandersen.dk>
Date: Sun, 17 Jun 2007 17:33:05 +0200 (CEST)
From: Henrik Brix Andersen <henrik@brixandersen.dk>
Reply-To: Henrik Brix Andersen <henrik@brixandersen.dk>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Mij <mij@bitchx.it>
Subject: [patch] security/sshguard{,-ipfw,-pf} doesn't recognize all IPv6 addresses
X-Send-Pr-Version: 3.113
X-GNATS-Notify: mij@bitchx.it

>Number:         113800
>Category:       ports
>Synopsis:       [patch] security/sshguard{,-ipfw,-pf} doesn't recognize all IPv6 addresses
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    itetcu
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 17 15:40:02 GMT 2007
>Closed-Date:    Sun Jun 17 21:55:31 GMT 2007
>Last-Modified:  Sun Jun 17 22:00:06 GMT 2007
>Originator:     Henrik Brix Andersen
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
pil.dk
>Environment:
System: FreeBSD lothlorien.brixandersen.dk 7.0-CURRENT FreeBSD 7.0-CURRENT #44: Wed Jun 13 13:26:40 CEST 2007 root@lothlorien.brixandersen.dk:/usr/obj/usr/src/sys/LOTHLORIEN i386


	
>Description:

The regex used to recognize IPv6 addresses in
security/sshguard{,-ipfw,-pf} doesn't catch all IPv6 addresses. The
author (and port maintainer) is aware of this issue and supplied the
following patch, which fixes the issue. The patch will be part of
sshguard-1.1, which is due soonish.

He OK'ed that I submit the patch for inclusion in FreeBSD ports.

	
>How-To-Repeat:
	
>Fix:

	

--- sshguard.diff begins here ---
diff -urpN /usr/ports/security/sshguard/Makefile security/sshguard/Makefile
--- /usr/ports/security/sshguard/Makefile	Wed Jun 13 00:13:32 2007
+++ security/sshguard/Makefile	Sun Jun 17 17:25:16 2007
@@ -7,6 +7,7 @@
 
 PORTNAME=	sshguard
 DISTVERSION=	1.0
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
diff -urpN /usr/ports/security/sshguard/files/patch-attack_scanner.l security/sshguard/files/patch-attack_scanner.l
--- /usr/ports/security/sshguard/files/patch-attack_scanner.l	Thu Jan  1 01:00:00 1970
+++ security/sshguard/files/patch-attack_scanner.l	Sun Jun 17 17:22:37 2007
@@ -0,0 +1,11 @@
+--- src/attack_scanner.l.orig	Wed May 23 20:53:53 2007
++++ src/attack_scanner.l	Sat Jun 16 17:45:43 2007
+@@ -46,7 +46,7 @@ NUMBER      [1-9][0-9]*
+  /* an IPv4 address */
+ (25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]([0-9])?)(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]([0-9])?|0)){3} { yylval.str = yytext; return IPv4; }
+  /* an IPv6 address */
+-((([a-fA-F0-9]{1,4}:){2}(:[a-fA-F0-9]{1,4}){1,5})|(:(:[a-fA-F0-9]{1,4}){1,6}|([a-fA-F0-9]{1,4}:)(:[a-fA-F0-9]{1,4}){1,6}|([a-fA-F0-9]{1,4}:){2}(:[a-fA-F0-9]{1,4}){1,5}|([a-fA-F0-9]{1,4}:){3}(:[a-fA-F0-9]{1,4}){1,4}|([a-fA-F0-9]{1,4}:){4}(:[a-fA-F0-9]{1,4}){1,3}|([a-fA-F0-9]{1,4}:){5}(:[a-fA-F0-9]{1,4}){1,2}|([a-fA-F0-9]{1,4}:){6}:[a-fA-F0-9]{1,4}))           { yylval.str = yytext; return IPv6;  }
++(([a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7})|(([a-fA-F0-9]{1,4}:){2}(:[a-fA-F0-9]{1,4}){1,5})|(:(:[a-fA-F0-9]{1,4}){1,6}|([a-fA-F0-9]{1,4}:)(:[a-fA-F0-9]{1,4}){1,6}|([a-fA-F0-9]{1,4}:){2}(:[a-fA-F0-9]{1,4}){1,5}|([a-fA-F0-9]{1,4}:){3}(:[a-fA-F0-9]{1,4}){1,4}|([a-fA-F0-9]{1,4}:){4}(:[a-fA-F0-9]{1,4}){1,3}|([a-fA-F0-9]{1,4}:){5}(:[a-fA-F0-9]{1,4}){1,2}|([a-fA-F0-9]{1,4}:){6}:[a-fA-F0-9]{1,4}))           { yylval.str = yytext; return IPv6;  }
+ 
+  /* an host address (PTR) */
+ localhost|([-a-zA-Z0-9]+\.)+[a-zA-Z]+                           { yylval.str = yytext; return HOSTADDR; }
--- sshguard.diff ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Sun Jun 17 15:40:10 UTC 2007 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113800 

From: Mij <mij@bitchx.it>
To: bug-followup@FreeBSD.org
Cc: Henrik Brix Andersen <henrik@brixandersen.dk>
Subject: Re: ports/113800: [patch] security/sshguard{,-ipfw,-pf} doesn't recognize all IPv6 addresses
Date: Sun, 17 Jun 2007 23:35:42 +0200

 On 17/giu/07, at 17:33, Henrik Brix Andersen wrote:
 
 > The regex used to recognize IPv6 addresses in
 > security/sshguard{,-ipfw,-pf} doesn't catch all IPv6 addresses. The
 > author (and port maintainer) is aware of this issue and supplied the
 > following patch, which fixes the issue. The patch will be part of
 > sshguard-1.1, which is due soonish.
 >
 > He OK'ed that I submit the patch for inclusion in FreeBSD ports.
 
 All correct.
 I will release 1.1 which includes this change the next week end,
 so decide yourselves committers depending on your workload.
Responsible-Changed-From-To: freebsd-ports-bugs->itetcu 
Responsible-Changed-By: itetcu 
Responsible-Changed-When: Sun Jun 17 21:50:29 UTC 2007 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113800 
State-Changed-From-To: feedback->closed 
State-Changed-By: itetcu 
State-Changed-When: Sun Jun 17 21:55:29 UTC 2007 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113800 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/113800: commit references a PR
Date: Sun, 17 Jun 2007 21:55:27 +0000 (UTC)

 itetcu      2007-06-17 21:55:21 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/sshguard    Makefile 
   Added files:
     security/sshguard/files patch-attack_scanner.l 
   Log:
   - add patch for:
   The regex used to recognize IPv6 addresses in security/sshguard{,-ipfw,-pf}
   doesn't catch all IPv6 addresses. The author (and port maintainer) is aware of
   this issue and supplied the patch, which fixes the issue. The patch will be
   part of sshguard-1.1, which is due soonish.
   - bump PORTREVISION
   
   PR:             113800
   Submitted by:   Henrik Brix Andersen
   Approved by:    Mij (maintainer)
   
   Revision  Changes    Path
   1.6       +1 -0      ports/security/sshguard/Makefile
   1.1       +11 -0     ports/security/sshguard/files/patch-attack_scanner.l (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
