Your message dated Sat, 25 Jan 2014 15:47:05 +0000 with message-id <[email protected]> and subject line Bug#734329: fixed in denyhosts 2.6-10+deb7u3 has caused the Debian Bug report #734329, regarding denyhosts: regression in regex.py to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 734329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734329 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: denyhosts Version: 2.6-10.1 Severity: important Hi I have 2.6-10 running on a few squeeze hosts here and applied the patch that should fix #692229. I think there is a problem with one aspect of that change - - FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") + FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") The issue is the $ after the IP address matching - this fails on my syslog files which have lines like: Jan 5 21:01:15 venice sshd[12491]: Failed password for root from 122.252.245.89 port 57845 ssh2 To make the regex match again, just drop the $. (Tested with 'kodos'). What I am unclear about is whether making this change will allow IP address injections again. Can the wildcard for the <user> match be made non-greedy? Otherwise, the following regex may be ok: Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})( port \d+)? This issue is also present in 2.6-7+deb6u2 (I checked regex.py) and (I infer) 2.6-10+deb7u. Kind regards Vince -- System Information: Debian Release: 6.0.8 APT prefers oldstable APT policy: (990, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-0.bpo.4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages denyhosts depends on: ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii python 2.6.6-3+squeeze7 interactive high-level object-orie denyhosts recommends no packages. denyhosts suggests no packages.
--- End Message ---
--- Begin Message ---Source: denyhosts Source-Version: 2.6-10+deb7u3 We believe that the bug you reported is fixed in the latest version of denyhosts, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <[email protected]> (supplier of updated denyhosts package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Jan 2014 22:38:21 +0100 Source: denyhosts Binary: denyhosts Architecture: source all Version: 2.6-10+deb7u3 Distribution: wheezy-security Urgency: medium Maintainer: Kyle Willmon <[email protected]> Changed-By: Yves-Alexis Perez <[email protected]> Description: denyhosts - Utility to help sys admins thwart SSH crackers Closes: 734329 Changes: denyhosts (2.6-10+deb7u3) wheezy-security; urgency=medium . [ Helmut Grohne ] * Non-maintainer upload by the Security Team. * Fix another regression. Closes: 734329. Checksums-Sha1: 080339f58ef6116dc2d67e2385ba4b42d177597d 1734 denyhosts_2.6-10+deb7u3.dsc 991581208db9ba8721a19e6005c1f501abeb6abf 41624 denyhosts_2.6-10+deb7u3.debian.tar.gz fd3d6c9091d92b6db355d5c0abf89c404d440e18 74666 denyhosts_2.6-10+deb7u3_all.deb Checksums-Sha256: 34cdb91107a0bea8d7877e5c9494b106185be74f555f151b2769e18c26406a34 1734 denyhosts_2.6-10+deb7u3.dsc 131283a18bb50d11b9e0fa174a881fe8d374cd51b3632019c291eaf7c0577447 41624 denyhosts_2.6-10+deb7u3.debian.tar.gz befc8d8bbbbaeb51c240a26be7b91f30ee0a29a550c83ba19e6a48246b891f7a 74666 denyhosts_2.6-10+deb7u3_all.deb Files: 5a2c5362f51f8717906244c2ffe31cd6 1734 net optional denyhosts_2.6-10+deb7u3.dsc 14ef04017cd1d1e432ac2cda9620b4aa 41624 net optional denyhosts_2.6-10+deb7u3.debian.tar.gz b65a13310b98eedab8e63a5818d87b2f 74666 net optional denyhosts_2.6-10+deb7u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQF8BAEBCgBmBQJS4Y3OXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5NzQ1QjAyMjczMjM4MUZFOUU3RUFGRjU2 RERCNTNGMkE2NzVDMEE1AAoJEG3bU/KmdcClhUkH/AvEa5RjBn+xiea+eSVn64rD dbXxyD362pvWpQTs+zMv3j1ncmKeaPV+PWMLcu5fzw8qmnC27+bfqOUpJFg9lVO2 rLbRl9/2JCB5Xv0QM0lQKAMMkKS0f9vhGNfbUzuucLQHp8eHLmsEpF/bVzZVYbYO PvelLg4P9U0SdRGt4zTYUCGaDeNkxG8QigdIv2BBQsm0+YqlnluaK7aJOkscfTnt auxw6VjyIPMWvFrDNIM2C80ABw2zP2RujfOkEzrQWdhDeSd2geHDX1iKQkOXxQVg hYwK2Zjg9k5hyvhugdbwsGgC7EkGpJxY/h75wQusvidpd0DZxiUBAF0vfYIPeLo= =0e0p -----END PGP SIGNATURE-----
--- End Message ---
