summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /app-admin/denyhosts
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'app-admin/denyhosts')
-rw-r--r--app-admin/denyhosts/Manifest3
-rw-r--r--app-admin/denyhosts/denyhosts-2.6-r10.ebuild92
-rw-r--r--app-admin/denyhosts/denyhosts-2.6-r9.ebuild92
-rw-r--r--app-admin/denyhosts/denyhosts-2.9.ebuild73
-rw-r--r--app-admin/denyhosts/denyhosts-3.0.ebuild64
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-cve-2013-6890.patch60
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch12
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch12
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch137
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch42
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-hostname.patch21
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch21
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch23
-rw-r--r--app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch24
-rw-r--r--app-admin/denyhosts/files/denyhosts.init-r228
-rw-r--r--app-admin/denyhosts/files/denyhosts.logrotate12
-rw-r--r--app-admin/denyhosts/files/denyhosts.logrotate-r210
-rw-r--r--app-admin/denyhosts/files/denyhosts.service12
-rw-r--r--app-admin/denyhosts/metadata.xml11
19 files changed, 749 insertions, 0 deletions
diff --git a/app-admin/denyhosts/Manifest b/app-admin/denyhosts/Manifest
new file mode 100644
index 000000000000..7750d7bef32a
--- /dev/null
+++ b/app-admin/denyhosts/Manifest
@@ -0,0 +1,3 @@
+DIST DenyHosts-2.6.tar.gz 42667 SHA256 5190ead13a7238e3ccf328cb3b71b16716e1c73939909a4f3fa6904ba58ddf7d SHA512 331144348d4930e2fa7a057a779bb7504dfa8ec348660e1a73fcd6a9195258408abb7c77de2bcc96724dfc42afbee918320eebfbc3b380d6ac4ff2d275e89600 WHIRLPOOL a414cd3013508876e63253ffc9c46d12179cca76249ee00cbf66c04c7b88a8578c79bea4d098149081aa83dca115947b10214f3aa8b82bdd78d764032849e27a
+DIST denyhosts-2.9.tar.gz 49472 SHA256 751ce6f11c91d1f29c2e726e829c8fe5ddc417bfbb2f229829f5ec820c236716 SHA512 f41e2985e84f0eeaa493def6b8609de934889d02b124962b0bfd02ebe5e41d0670822124eb50ed84eb1c3b8a2a96775fbe09386cef48a3c3e04949fd6b1452c1 WHIRLPOOL 6930899d84a50200c869298cf1061d51a0cebab27edea58252a66c97c81792b13898a726a6bbcba35510cc6041b66d175557d2ddfb5c21c2ae5b62bd4e43fe5d
+DIST denyhosts-3.0.tar.gz 56283 SHA256 581cd3b782d7b702f41873ae52d39472d27c90ebd1b2178802cdd623e8e94240 SHA512 8a1c796c259049ffab2c88cef780b175ec75c94216841421f831dfbf45f4ba0cdbcfbb0e3dab7200aa79eeb2416db5234ad5016d5770d8ab2f28ef4c9754e70d WHIRLPOOL 6b8db8e88a5f1693d4a72ea54009b5d185b035040c9407585f829b0f8f918bcbfa38623b0ecb08157256da045427b8b5111f7dc8f520505c56aefdaf1a02a154
diff --git a/app-admin/denyhosts/denyhosts-2.6-r10.ebuild b/app-admin/denyhosts/denyhosts-2.6-r10.ebuild
new file mode 100644
index 000000000000..ad3022a9dfb6
--- /dev/null
+++ b/app-admin/denyhosts/denyhosts-2.6-r10.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 eutils readme.gentoo systemd
+
+MY_PN="DenyHosts"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="DenyHosts is a utility to help sys admins thwart ssh hackers"
+HOMEPAGE="http://www.denyhosts.net"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ppc sparc x86"
+IUSE=""
+
+DEPEND=""
+RDEPEND=""
+
+S="${WORKDIR}/${MY_P}"
+
+DISABLE_AUTOFORMATTING="yes"
+DOC_CONTENTS="
+You can configure DenyHosts to run as a daemon by running:
+# rc-update add denyhosts default
+or:
+# systemctl enable denyhosts.service
+(if you use systemd)
+
+To run DenyHosts as a cronjob instead of a daemon add the following
+to /etc/crontab
+# run DenyHosts every 10 minutes
+*/10 * * * * root /usr/bin/denyhosts.py -c /etc/denyhosts.conf
+
+More information can be found at http://denyhosts.sourceforge.net/faq.html"
+
+src_prepare() {
+ # changes default file installations
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ epatch "${FILESDIR}"/${P}-log-injection-regex.patch
+
+ # Multiple patches from Fedora and Debian
+ epatch "${FILESDIR}"/${P}-daemon-control.patch
+ epatch "${FILESDIR}"/${P}-defconffile.patch
+ epatch "${FILESDIR}"/${P}-foreground_mode.patch
+ epatch "${FILESDIR}"/${P}-hostname.patch
+ epatch "${FILESDIR}"/${P}-plugin_deny.patch
+ epatch "${FILESDIR}"/${P}-single_config_switch.patch
+
+ epatch "${FILESDIR}"/${P}-cve-2013-6890.patch
+
+ sed -i -e 's:DENY_THRESHOLD_VALID = 10:DENY_THRESHOLD_VALID = 5:' \
+ denyhosts.cfg-dist || die "sed failed"
+
+ distutils-r1_src_prepare
+}
+
+src_install() {
+ readme.gentoo_create_doc
+
+ dodoc CHANGELOG.txt README.txt PKG-INFO
+ distutils-r1_src_install
+
+ insinto /etc
+ insopts -m0640
+ newins denyhosts.cfg-dist denyhosts.conf
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}.logrotate-r2 ${PN}
+
+ newinitd "${FILESDIR}"/denyhosts.init-r2 denyhosts
+ systemd_dounit "${FILESDIR}"/${PN}.service
+
+ # build system installs docs that we installed above
+ rm -f "${D}"/usr/share/denyhosts/*.txt
+
+ keepdir /var/lib/denyhosts
+}
+
+pkg_postinst() {
+ if [[ ! -f "${ROOT}etc/hosts.deny" ]]; then
+ touch "${ROOT}etc/hosts.deny"
+ fi
+
+ readme.gentoo_print_elog
+}
diff --git a/app-admin/denyhosts/denyhosts-2.6-r9.ebuild b/app-admin/denyhosts/denyhosts-2.6-r9.ebuild
new file mode 100644
index 000000000000..349e25ad8d0e
--- /dev/null
+++ b/app-admin/denyhosts/denyhosts-2.6-r9.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 eutils readme.gentoo systemd
+
+MY_PN="DenyHosts"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="DenyHosts is a utility to help sys admins thwart ssh hackers"
+HOMEPAGE="http://www.denyhosts.net"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ppc sparc x86"
+IUSE=""
+
+DEPEND=""
+RDEPEND=""
+
+S="${WORKDIR}/${MY_P}"
+
+DISABLE_AUTOFORMATTING="yes"
+DOC_CONTENTS="
+You can configure DenyHosts to run as a daemon by running:
+# rc-update add denyhosts default
+or:
+# systemctl enable denyhosts.service
+(if you use systemd)
+
+To run DenyHosts as a cronjob instead of a daemon add the following
+to /etc/crontab
+# run DenyHosts every 10 minutes
+*/10 * * * * root /usr/bin/denyhosts.py -c /etc/denyhosts.conf
+
+More information can be found at http://denyhosts.sourceforge.net/faq.html"
+
+src_prepare() {
+ # changes default file installations
+ epatch "${FILESDIR}"/${P}-gentoo.patch
+ epatch "${FILESDIR}"/${P}-log-injection-regex.patch
+
+ # Multiple patches from Fedora and Debian
+ epatch "${FILESDIR}"/${P}-daemon-control.patch
+ epatch "${FILESDIR}"/${P}-defconffile.patch
+ epatch "${FILESDIR}"/${P}-foreground_mode.patch
+ epatch "${FILESDIR}"/${P}-hostname.patch
+ epatch "${FILESDIR}"/${P}-plugin_deny.patch
+ epatch "${FILESDIR}"/${P}-single_config_switch.patch
+
+ epatch "${FILESDIR}"/${P}-cve-2013-6890.patch
+
+ sed -i -e 's:DENY_THRESHOLD_VALID = 10:DENY_THRESHOLD_VALID = 5:' \
+ denyhosts.cfg-dist || die "sed failed"
+
+ distutils-r1_src_prepare
+}
+
+src_install() {
+ readme.gentoo_create_doc
+
+ dodoc CHANGELOG.txt README.txt PKG-INFO
+ distutils-r1_src_install
+
+ insinto /etc
+ insopts -m0640
+ newins denyhosts.cfg-dist denyhosts.conf
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}.logrotate ${PN}
+
+ newinitd "${FILESDIR}"/denyhosts.init-r2 denyhosts
+ systemd_dounit "${FILESDIR}"/${PN}.service
+
+ # build system installs docs that we installed above
+ rm -f "${D}"/usr/share/denyhosts/*.txt
+
+ keepdir /var/lib/denyhosts
+}
+
+pkg_postinst() {
+ if [[ ! -f "${ROOT}etc/hosts.deny" ]]; then
+ touch "${ROOT}etc/hosts.deny"
+ fi
+
+ readme.gentoo_print_elog
+}
diff --git a/app-admin/denyhosts/denyhosts-2.9.ebuild b/app-admin/denyhosts/denyhosts-2.9.ebuild
new file mode 100644
index 000000000000..4e4c52a3983d
--- /dev/null
+++ b/app-admin/denyhosts/denyhosts-2.9.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 eutils readme.gentoo systemd
+
+DESCRIPTION="DenyHosts is a utility to help sys admins thwart ssh hackers"
+HOMEPAGE="http://denyhost.sourceforge.net/"
+SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~hppa ~ppc ~sparc x86"
+IUSE=""
+
+DEPEND=""
+RDEPEND=""
+
+DISABLE_AUTOFORMATTING="yes"
+DOC_CONTENTS="
+>=net-misc/openssh-6.7p1 dropped support for sys-apps/tcp-wrappers
+(see bug#531156) that means you either have patch openssh or use
+denyhosts' iptables feature to get any protection.
+
+You can configure DenyHosts to run as a daemon by running:
+# rc-update add denyhosts default
+or:
+# systemctl enable denyhosts.service
+(if you use systemd)
+
+To run DenyHosts as a cronjob instead of a daemon add the following
+to /etc/crontab
+# run DenyHosts every 10 minutes
+*/10 * * * * root /usr/bin/denyhosts.py -c /etc/denyhosts.conf
+
+More information can be found at ${HOMEPAGE}faq.html"
+
+src_prepare() {
+ #systemd needs HOSTNAME
+ epatch "${FILESDIR}"/${PN}-2.6-hostname.patch
+
+ sed -e '/^DENY_THRESHOLD_VALID =/s/=.*/= 5/' \
+ -e '/^SECURE_LOG/s/^/#/' \
+ -e '\@#SECURE_LOG.*/var/log/messages@s/^#//' \
+ -i denyhosts.conf || die "sed failed"
+
+ distutils-r1_src_prepare
+}
+
+src_install() {
+ readme.gentoo_create_doc
+
+ dodoc CHANGELOG.txt README.txt PKG-INFO
+ distutils-r1_src_install
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}.logrotate-r2 ${PN}
+
+ newinitd "${FILESDIR}"/denyhosts.init-r2 denyhosts
+ systemd_dounit "${FILESDIR}"/${PN}.service
+
+ keepdir /var/lib/denyhosts
+}
+
+pkg_postinst() {
+ [[ -f "${EROOT}etc/hosts.deny" ]] || touch "${EROOT}etc/hosts.deny"
+
+ readme.gentoo_print_elog
+}
diff --git a/app-admin/denyhosts/denyhosts-3.0.ebuild b/app-admin/denyhosts/denyhosts-3.0.ebuild
new file mode 100644
index 000000000000..fef100da9c14
--- /dev/null
+++ b/app-admin/denyhosts/denyhosts-3.0.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+PYTHON_COMPAT=( python2_7 )
+
+inherit distutils-r1 eutils readme.gentoo systemd
+
+DESCRIPTION="DenyHosts is a utility to help sys admins thwart ssh hackers"
+HOMEPAGE="https://github.com/denyhosts/denyhosts"
+SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~sparc ~x86"
+IUSE=""
+
+DEPEND=""
+RDEPEND=""
+
+DISABLE_AUTOFORMATTING="yes"
+DOC_CONTENTS="
+>=net-misc/openssh-6.7p1 dropped support for sys-apps/tcp-wrappers
+(see bug#531156) that means you either have patch openssh or use
+denyhosts' iptables feature to get any protection.
+
+You can configure DenyHosts to run as a daemon by running:
+# rc-update add denyhosts default
+or:
+# systemctl enable denyhosts.service
+(if you use systemd)
+
+To run DenyHosts as a cronjob instead of a daemon add the following
+to /etc/crontab
+# run DenyHosts every 10 minutes
+*/10 * * * * root /usr/bin/denyhosts.py -c /etc/denyhosts.conf
+
+More information can be found at ${HOMEPAGE}faq.html"
+
+src_prepare() {
+ sed -e '/^DENY_THRESHOLD_VALID =/s/=.*/= 5/' \
+ -e '/^SECURE_LOG/s/^/#/' \
+ -e '\@#SECURE_LOG.*/var/log/messages@s/^#//' \
+ -i denyhosts.conf || die "sed failed"
+
+ distutils-r1_src_prepare
+}
+
+src_install() {
+ readme.gentoo_create_doc
+
+ dodoc CHANGELOG.txt README.md
+ distutils-r1_src_install
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}.logrotate-r2 ${PN}
+
+ newinitd "${FILESDIR}"/denyhosts.init-r2 denyhosts
+ systemd_dounit "${FILESDIR}"/${PN}.service
+
+ keepdir /var/lib/denyhosts
+}
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-cve-2013-6890.patch b/app-admin/denyhosts/files/denyhosts-2.6-cve-2013-6890.patch
new file mode 100644
index 000000000000..3065d5e98424
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-cve-2013-6890.patch
@@ -0,0 +1,60 @@
+Subject: address remote denial of service CVE-2013-6890
+From: Helmut Grohne <helmut () subdivi de>
+
+ssh -l 'Invalid user root from 123.123.123.123' 21.21.21.21
+
+results in a log lines
+
+sshd[123]: Invalid user Invalid user root from 123.123.123.123 from 21.21.21.21
+sshd[123]: input_userauth_request: invalid user Invalid user root from 123.123.123.123 [preauth]
+sshd[123]: Connection closed by 21.21.21.21 [preauth]
+
+and causes denyhosts to block both ips 21.21.21.21 and 123.123.123.123.
+
+This patch tightens the regular expressions used to avoid these and similar
+injections.
+
+Index: denyhosts-2.6/DenyHosts/regex.py
+===================================================================
+--- denyhosts-2.6.orig/DenyHosts/regex.py 2013-12-22 11:54:42.000000000 +0100
++++ denyhosts-2.6/DenyHosts/regex.py 2013-12-22 11:55:05.000000000 +0100
+@@ -6,22 +6,22 @@
+
+ #DATE_FORMAT_REGEX = re.compile(r"""(?P<month>[A-z]{3,3})\s*(?P<day>\d+)""")
+
+-SSHD_FORMAT_REGEX = re.compile(r""".* (sshd.*:|\[sshd\]) (?P<message>.*)""")
++SSHD_FORMAT_REGEX = re.compile(r""".*? (sshd.*?:|\[sshd\]) (?P<message>.*)""")
+ #SSHD_FORMAT_REGEX = re.compile(r""".* sshd.*: (?P<message>.*)""")
+
+-FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+
+-FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX2 = re.compile(r"""(?P<invalid>(Illegal|Invalid)) user (?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+
+-FAILED_ENTRY_REGEX3 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX3 = None
+
+-FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
++FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) from (::ffff:)?(?P<host>\S+)$""")
+
+-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because none of user's groups are listed in AllowGroups$""")
+
+-FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+
+-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers""")
++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) from (::ffff:)?(?P<host>\S+) not allowed because not listed in AllowUsers$""")
+
+
+ # these are reserved for future versions
+@@ -42,7 +42,7 @@
+ FAILED_ENTRY_REGEX_MAP[i] = rx
+
+
+-SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>.*) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
++SUCCESSFUL_ENTRY_REGEX = re.compile(r"""Accepted (?P<method>\S+) for (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""")
+
+ TIME_SPEC_REGEX = re.compile(r"""(?P<units>\d*)\s*(?P<period>[smhdwy])?""")
+
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch b/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch
new file mode 100644
index 000000000000..1a733e41280e
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-daemon-control.patch
@@ -0,0 +1,12 @@
+diff -up ./daemon-control-dist.orig ./daemon-control-dist
+--- ./daemon-control-dist.orig 2006-04-21 18:04:43.000000000 -0500
++++ ./daemon-control-dist 2008-08-28 11:05:01.000000000 -0500
+@@ -13,7 +13,7 @@
+
+ DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
+ DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts"
+-DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
++DENYHOSTS_CFG = "/etc/denyhosts.conf"
+
+ PYTHON_BIN = "/usr/bin/env python"
+
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch b/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch
new file mode 100644
index 000000000000..c384367d0031
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-defconffile.patch
@@ -0,0 +1,12 @@
+diff -up ./DenyHosts/constants.py.defconffile ./DenyHosts/constants.py
+--- ./DenyHosts/constants.py.defconffile 2008-07-01 18:12:34.000000000 -0500
++++ ./DenyHosts/constants.py 2008-07-01 18:12:43.000000000 -0500
+@@ -36,7 +36,7 @@ PURGE_HISTORY = "purge-history"
+ # Miscellaneous constants #
+ #################################################################################
+
+-CONFIG_FILE = "denyhosts.cfg" # default can be overridden on cmd line
++CONFIG_FILE = "/etc/denyhosts.conf" # default can be overridden on cmd line
+
+ DENY_DELIMITER = "# DenyHosts:"
+ ENTRY_DELIMITER = " | "
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch b/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch
new file mode 100644
index 000000000000..9f10707f9be8
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-foreground_mode.patch
@@ -0,0 +1,137 @@
+From: Marco Bertorello <marco@bertorello.ns0.it>
+Date: Thu, 14 Apr 2011 00:11:35 +0200
+Subject: 08_foreground_mode
+
+Add a useful switch to denyhost for run in foreground/debugging mode
+---
+ DenyHosts/deny_hosts.py | 9 +++++++--
+ denyhosts.py | 20 +++++++++++++-------
+ 2 files changed, 20 insertions(+), 9 deletions(-)
+
+diff --git a/DenyHosts/deny_hosts.py b/DenyHosts/deny_hosts.py
+index 7a985e6..f308264 100644
+--- a/DenyHosts/deny_hosts.py
++++ b/DenyHosts/deny_hosts.py
+@@ -41,7 +41,7 @@ error = logging.getLogger("denyhosts").error
+ class DenyHosts:
+ def __init__(self, logfile, prefs, lock_file,
+ ignore_offset=0, first_time=0,
+- noemail=0, daemon=0):
++ noemail=0, daemon=0, foreground=0):
+ self.__denied_hosts = {}
+ self.__prefs = prefs
+ self.__lock_file = lock_file
+@@ -49,6 +49,7 @@ class DenyHosts:
+ self.__noemail = noemail
+ self.__report = Report(prefs.get("HOSTNAME_LOOKUP"), is_true(prefs['SYSLOG_REPORT']))
+ self.__daemon = daemon
++ self.__foreground = foreground
+ self.__sync_server = prefs.get('SYNC_SERVER')
+ self.__sync_upload = is_true(prefs.get("SYNC_UPLOAD"))
+ self.__sync_download = is_true(prefs.get("SYNC_DOWNLOAD"))
+@@ -87,7 +88,7 @@ class DenyHosts:
+ info("Log file size has not changed. Nothing to do.")
+
+
+- if daemon:
++ if daemon and not foreground:
+ info("launching DenyHosts daemon (version %s)..." % VERSION)
+ #logging.getLogger().setLevel(logging.WARN)
+
+@@ -101,6 +102,10 @@ class DenyHosts:
+ self.runDaemon(logfile, last_offset)
+ else:
+ die("Error creating daemon: %s (%d)" % (retCode[1], retCode[0]))
++ elif foreground:
++ info("launching DenyHosts (version %s)..." % VERSION)
++ self.__lock_file.remove()
++ self.runDaemon(logfile, last_offset)
+
+
+ def killDaemon(self, signum, frame):
+diff --git a/denyhosts.py b/denyhosts.py
+index 48bd837..727e565 100755
+--- a/denyhosts.py
++++ b/denyhosts.py
+@@ -34,6 +34,7 @@ def usage():
+ print " --migrate: migrate your HOSTS_DENY file so that it is suitable for --purge"
+ print " --purge: expire entries older than your PURGE_DENY setting"
+ print " --daemon: run DenyHosts in daemon mode"
++ print " --foreground: run DenyHosts in foreground mode"
+ print " --sync: run DenyHosts synchronization mode"
+ print " --version: Prints the version of DenyHosts and exits"
+
+@@ -63,6 +64,7 @@ if __name__ == '__main__':
+ purge = 0
+ sync_mode = 0
+ daemon = 0
++ foreground = 0
+ enable_debug = 0
+ upgrade099 = 0
+ args = sys.argv[1:]
+@@ -70,8 +72,8 @@ if __name__ == '__main__':
+ (opts, getopts) = getopt.getopt(args, 'f:c:dinuvps?hV',
+ ["file=", "ignore", "verbose", "debug",
+ "help", "noemail", "config=", "version",
+- "migrate", "purge", "daemon", "sync",
+- "upgrade099"])
++ "migrate", "purge", "daemon", "foreground",
++ "sync", "upgrade099"])
+ except:
+ print "\nInvalid command line option detected."
+ usage()
+@@ -101,6 +103,8 @@ if __name__ == '__main__':
+ sync_mode = 1
+ if opt == '--daemon':
+ daemon = 1
++ if opt == '--foreground':
++ foreground = 1
+ if opt == '--upgrade099':
+ upgrade099 = 1
+ if opt == '--version':
+@@ -131,21 +135,21 @@ if __name__ == '__main__':
+
+ lock_file.create()
+
+- if upgrade099 and not daemon:
++ if upgrade099 and not (daemon or foreground):
+ if not prefs.get('PURGE_DENY'):
+ lock_file.remove()
+ die("You have supplied the --upgrade099 flag, however you have not set PURGE_DENY in your configuration file")
+ else:
+ u = UpgradeTo099(prefs.get("HOSTS_DENY"))
+
+- if migrate and not daemon:
++ if migrate and not (daemon or foreground):
+ if not prefs.get('PURGE_DENY'):
+ lock_file.remove()
+ die("You have supplied the --migrate flag however you have not set PURGE_DENY in your configuration file.")
+ else:
+ m = Migrate(prefs.get("HOSTS_DENY"))
+
+- if purge and not daemon:
++ if purge and not (daemon or foreground):
+ purge_time = prefs.get('PURGE_DENY')
+ if not purge_time:
+ lock_file.remove()
+@@ -162,7 +166,9 @@ if __name__ == '__main__':
+ try:
+ for f in logfiles:
+ dh = DenyHosts(f, prefs, lock_file, ignore_offset,
+- first_time, noemail, daemon)
++ first_time, noemail, daemon, foreground)
++ except KeyboardInterrupt:
++ pass
+ except SystemExit, e:
+ pass
+ except Exception, e:
+@@ -170,7 +176,7 @@ if __name__ == '__main__':
+ print "\nDenyHosts exited abnormally"
+
+
+- if sync_mode and not daemon:
++ if sync_mode and not (daemon or foreground):
+ if not prefs.get('SYNC_SERVER'):
+ lock_file.remove()
+ die("You have provided the --sync flag however your configuration file is missing a value for SYNC_SERVER.")
+--
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch b/app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch
new file mode 100644
index 000000000000..157b201aa26a
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch
@@ -0,0 +1,42 @@
+--- denyhosts.cfg-dist 2006-08-20 14:09:57.000000000 +0000
++++ denyhosts.cfg-new 2006-12-09 15:41:20.000000000 +0000
+@@ -9,13 +9,13 @@
+ # argument
+ #
+ # Redhat or Fedora Core:
+-SECURE_LOG = /var/log/secure
++#SECURE_LOG = /var/log/secure
+ #
+ # Mandrake, FreeBSD or OpenBSD:
+ #SECURE_LOG = /var/log/auth.log
+ #
+-# SuSE:
+-#SECURE_LOG = /var/log/messages
++# Gentoo/SuSE:
++SECURE_LOG = /var/log/messages
+ #
+ # Mac OS X (v10.4 or greater -
+ # also refer to: http://www.denyhosts.net/faq.html#macos
+@@ -150,7 +150,7 @@
+ # Note: it is recommended that you use an absolute pathname
+ # for this value (eg. /home/foo/denyhosts/data)
+ #
+-WORK_DIR = /usr/share/denyhosts/data
++WORK_DIR = /var/lib/denyhosts
+ #
+ #######################################################################
+
+@@ -192,10 +192,10 @@
+ # running at a time.
+ #
+ # Redhat/Fedora:
+-LOCK_FILE = /var/lock/subsys/denyhosts
++#LOCK_FILE = /var/lock/subsys/denyhosts
+ #
+-# Debian
+-#LOCK_FILE = /var/run/denyhosts.pid
++# Gentoo/Debian
++LOCK_FILE = /var/run/denyhosts.pid
+ #
+ # Misc
+ #LOCK_FILE = /tmp/denyhosts.lock
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-hostname.patch b/app-admin/denyhosts/files/denyhosts-2.6-hostname.patch
new file mode 100644
index 000000000000..56d881319c5f
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-hostname.patch
@@ -0,0 +1,21 @@
+diff -up ./denyhosts.py.orig ./denyhosts.py
+--- ./denyhosts.py.orig 2012-01-30 13:14:41.146715839 -0600
++++ ./denyhosts.py 2012-01-30 14:45:14.372539341 -0600
+@@ -1,5 +1,6 @@
+ #!/usr/bin/env python
+ import os
++import platform
+ import sys
+
+ import DenyHosts.python_version
+@@ -107,6 +108,10 @@ if __name__ == '__main__':
+ print "DenyHosts version:", VERSION
+ sys.exit(0)
+
++ # This is generally expected to be in the environment, but there's no
++ # non-hackish way to get systemd to set it, so just hack it in here.
++ os.environ['HOSTNAME'] = platform.node()
++
+ prefs = Prefs(config_file)
+
+ first_time = 0
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch b/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch
new file mode 100644
index 000000000000..c6fc20541019
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-log-injection-regex.patch
@@ -0,0 +1,21 @@
+Address Log injection reported at
+
+http://bugs.gentoo.org/show_bug.cgi?id=181213
+
+diff -ur a/DenyHosts/regex.py b/DenyHosts/regex.py
+--- a/DenyHosts/regex.py 2006-12-07 13:47:04.000000000 -0600
++++ b/DenyHosts/regex.py 2007-06-19 18:51:54.000000000 -0500
+@@ -17,11 +17,11 @@
+
+ FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .*from (?P<host>.*)""")
+
+-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""")
++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""")
+
+ FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""")
+
+-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) not allowed because not listed in AllowUsers""")
++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P<user>.*) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers""")
+
+
+ # these are reserved for future versions
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch b/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch
new file mode 100644
index 000000000000..74868e79678c
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-plugin_deny.patch
@@ -0,0 +1,23 @@
+From: Marco Bertorello <marco@bertorello.ns0.it>
+Date: Thu, 14 Apr 2011 00:11:35 +0200
+Subject: 09_plugin_deny
+
+Correct the upstream bug http://sourceforge.net/tracker/index.php?func=detail&aid=1734736&group_id=131204&atid=720419
+---
+ DenyHosts/deny_hosts.py | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/DenyHosts/deny_hosts.py b/DenyHosts/deny_hosts.py
+index f308264..0f5f48d 100644
+--- a/DenyHosts/deny_hosts.py
++++ b/DenyHosts/deny_hosts.py
+@@ -443,7 +443,7 @@ allowed based on your %s file""" % (self.__prefs.get("HOSTS_DENY"),
+ self.__report.add_section(msg, new_denied_hosts)
+ if self.__sync_server: self.sync_add_hosts(new_denied_hosts)
+ plugin_deny = self.__prefs.get('PLUGIN_DENY')
+- if plugin_deny: plugin.execute(plugin_deny, deny_hosts)
++ if plugin_deny: plugin.execute(plugin_deny, new_denied_hosts)
+
+ new_suspicious_logins = login_attempt.get_new_suspicious_logins()
+ if new_suspicious_logins:
+--
diff --git a/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch b/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch
new file mode 100644
index 000000000000..cb39df977be6
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts-2.6-single_config_switch.patch
@@ -0,0 +1,24 @@
+From: Marco Bertorello <marco@bertorello.ns0.it>
+Date: Thu, 14 Apr 2011 00:11:35 +0200
+Subject: 11_single_config_switch
+
+A patch to prevent denyhosts running with a double --config switch
+---
+ daemon-control-dist | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/daemon-control-dist b/daemon-control-dist
+index 9f42b60..14d0f70 100755
+--- a/daemon-control-dist
++++ b/daemon-control-dist
+@@ -144,7 +144,8 @@ if __name__ == '__main__':
+
+ try:
+ if option in ('start', 'restart', 'condrestart'):
+- if '--config' not in args and '-c' not in args:
++ anystartswith = lambda prefix, xs: any(map(lambda x: x.startswith(prefix), xs))
++ if not anystartswith('--config', args) and '-c' not in args:
+ args.append("--config=%s" % DENYHOSTS_CFG)
+
+ cmd = cases[option]
+--
diff --git a/app-admin/denyhosts/files/denyhosts.init-r2 b/app-admin/denyhosts/files/denyhosts.init-r2
new file mode 100644
index 000000000000..092c9c4a88bc
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts.init-r2
@@ -0,0 +1,28 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_stopped_commands="purge"
+
+purge() {
+ ebegin "Purging hosts.deny"
+ start-stop-daemon --start --exec /usr/bin/denyhosts.py --pidfile /var/run/denyhosts.pid -- --purge
+ eend $?
+}
+
+depend() {
+ use logger sshd
+}
+
+start() {
+ ebegin "Starting DenyHosts daemon"
+ start-stop-daemon --start --exec /usr/bin/denyhosts.py --pidfile /var/run/denyhosts.pid -- --daemon -c /etc/denyhosts.conf
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping DenyHosts daemon"
+ start-stop-daemon --quiet --stop --pidfile /var/run/denyhosts.pid
+ eend $?
+}
diff --git a/app-admin/denyhosts/files/denyhosts.logrotate b/app-admin/denyhosts/files/denyhosts.logrotate
new file mode 100644
index 000000000000..19a478870757
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts.logrotate
@@ -0,0 +1,12 @@
+/var/log/denyhosts {
+ missingok
+ notifempty
+ create 0640 root root
+ sharedscripts
+ prerotate
+ /etc/init.d/denyhosts stop -q
+ endscript
+ postrotate
+ /etc/init.d/denyhosts start -q
+ endscript
+}
diff --git a/app-admin/denyhosts/files/denyhosts.logrotate-r2 b/app-admin/denyhosts/files/denyhosts.logrotate-r2
new file mode 100644
index 000000000000..582e72f7a365
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts.logrotate-r2
@@ -0,0 +1,10 @@
+/var/log/denyhosts {
+ missingok
+ notifempty
+ create 0640 root root
+ sharedscripts
+ postrotate
+ test -e /run/openrc/softlevel && /etc/init.d/denyhosts restart 1>/dev/null || true
+ test -e /run/systemd/system && systemctl restart denyhosts >/dev/null || true
+ endscript
+}
diff --git a/app-admin/denyhosts/files/denyhosts.service b/app-admin/denyhosts/files/denyhosts.service
new file mode 100644
index 000000000000..05a59dd27bfc
--- /dev/null
+++ b/app-admin/denyhosts/files/denyhosts.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=SSH log watcher
+Before=sshd.service
+
+[Service]
+Type=forking
+ExecStartPre=/bin/rm -f /var/run/denyhosts.pid
+ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
+PIDFile=/var/run/denyhosts.pid
+
+[Install]
+WantedBy=multi-user.target
diff --git a/app-admin/denyhosts/metadata.xml b/app-admin/denyhosts/metadata.xml
new file mode 100644
index 000000000000..0b1d27f8d6f3
--- /dev/null
+++ b/app-admin/denyhosts/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer>
+ <email>ottxor@gentoo.org</email>
+ <name>Christoph Junghans</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="github">denyhosts/denyhosts</remote-id>
+ </upstream>
+</pkgmetadata>