On Wed, Sep 20, 2023 at 01:07:04PM +0100, Stuart Henderson wrote: > (oops, resending from correct address) > > Dovecot on OpenBSD uses a "dovecot: " prefix on log lines, which > sshguard's parser doesn't handle. I haven't sent it upstream yet > but will do so. > > Update to the current upstream release and add missing pledge marker > while there. > > OK?
Ok from me as maintainer. Since I no longer am using this software, you may as well remove me as maintainer while you're at it. Thanks! Andreas > > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/security/sshguard/Makefile,v > retrieving revision 1.19 > diff -u -p -r1.19 Makefile > --- Makefile 11 Mar 2022 19:54:05 -0000 1.19 > +++ Makefile 20 Sep 2023 11:58:19 -0000 > @@ -1,17 +1,18 @@ > COMMENT= protect against brute force attacks on sshd and others > > -DISTNAME= sshguard-2.4.2 > +DISTNAME= sshguard-2.4.3 > CATEGORIES= security > > HOMEPAGE= https://www.sshguard.net/ > > -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/} > +SITES= ${SITE_SOURCEFORGE:=sshguard/} > > MAINTAINER= Andreas Kusalananda Kahari <andreas.kah...@abc.se> > > # BSD > PERMIT_PACKAGE= Yes > > +# uses pledge() > WANTLIB+= c pthread > > CONFIGURE_STYLE=gnu > Index: distinfo > =================================================================== > RCS file: /cvs/ports/security/sshguard/distinfo,v > retrieving revision 1.6 > diff -u -p -r1.6 distinfo > --- distinfo 22 Jul 2021 18:16:32 -0000 1.6 > +++ distinfo 20 Sep 2023 11:58:19 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (sshguard-2.4.2.tar.gz) = J3C3duXqcKm+3+xP2E1XQAr6kn8PdSKHDS3LvhrON+g= > -SIZE (sshguard-2.4.2.tar.gz) = 835431 > +SHA256 (sshguard-2.4.3.tar.gz) = ZAKd7/bekP3u+x9JfUFPDkBFB2aTqR2hpw63WV6X7+s= > +SIZE (sshguard-2.4.3.tar.gz) = 1118756 > Index: patches/patch-doc_sshguard_8 > =================================================================== > RCS file: /cvs/ports/security/sshguard/patches/patch-doc_sshguard_8,v > retrieving revision 1.2 > diff -u -p -r1.2 patch-doc_sshguard_8 > --- patches/patch-doc_sshguard_8 11 Mar 2022 19:54:05 -0000 1.2 > +++ patches/patch-doc_sshguard_8 20 Sep 2023 11:58:19 -0000 > @@ -1,7 +1,7 @@ > Index: doc/sshguard.8 > --- doc/sshguard.8.orig > +++ doc/sshguard.8 > -@@ -119,8 +119,8 @@ Set to enable verbose output from sshg\-blocker. > +@@ -124,8 +124,8 @@ Set to enable verbose output from \fBsshg\-blocker\fP\ > .SH FILES > .INDENT 0.0 > .TP > Index: patches/patch-src_common_sandbox_c > =================================================================== > RCS file: patches/patch-src_common_sandbox_c > diff -N patches/patch-src_common_sandbox_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_common_sandbox_c 20 Sep 2023 11:58:19 -0000 > @@ -0,0 +1,9 @@ > +Index: src/common/sandbox.c > +--- src/common/sandbox.c.orig > ++++ src/common/sandbox.c > +@@ -1,3 +1,5 @@ > ++#include <stdio.h> > ++#include <unistd.h> > + #include "config.h" > + #include "sandbox.h" > + > Index: patches/patch-src_parser_attack_scanner_l > =================================================================== > RCS file: patches/patch-src_parser_attack_scanner_l > diff -N patches/patch-src_parser_attack_scanner_l > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_parser_attack_scanner_l 20 Sep 2023 11:58:19 -0000 > @@ -0,0 +1,12 @@ > +Index: src/parser/attack_scanner.l > +--- src/parser/attack_scanner.l.orig > ++++ src/parser/attack_scanner.l > +@@ -249,7 +249,7 @@ HTTP_LOGIN_200OK_BAD .*({WORDPRESS_LOGIN}|{TYPO3 > + <sendmail_authfailure>"]".* { > BEGIN(INITIAL); return SENDMAIL_AUTHFAILURE_SUFF; } > + > + /* dovecot */ > +-("(libdovecot."[0-9\.]+".dylib) ")?(imap|pop3|submission)"-login: ""Info: > "?("Aborted login"|Disconnected).*" (auth failed, "{NUMBER}" attempts".*"): > ".+" rip=" { BEGIN(dovecot_loginerr); return DOVECOT_IMAP_LOGINERR_PREF; } > ++("(libdovecot."[0-9\.]+".dylib) "|"dovecot: > ")?(imap|pop3|submission)"-login: ""Info: "?("Aborted login"|Disconnected).*" > (auth failed, "{NUMBER}" attempts".*"): ".+" rip=" { BEGIN(dovecot_loginerr); > return DOVECOT_IMAP_LOGINERR_PREF; } > + <dovecot_loginerr>", lip=".+ { > BEGIN(INITIAL); return DOVECOT_IMAP_LOGINERR_SUFF; } > + > + /* UWimap login errors */ > Index: patches/patch-src_parser_tests_txt > =================================================================== > RCS file: patches/patch-src_parser_tests_txt > diff -N patches/patch-src_parser_tests_txt > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_parser_tests_txt 20 Sep 2023 11:58:19 -0000 > @@ -0,0 +1,13 @@ > +Index: src/parser/tests.txt > +--- src/parser/tests.txt.orig > ++++ src/parser/tests.txt > +@@ -231,6 +231,9 @@ M > + imap-login: Aborted login (auth failed, 6 attempts): XYZ > rip=2001:db8::a11:beef:7ac0, lip=127.0.0.1 > + 210 2001:db8::a11:beef:7ac0 6 10 > + M > ++dovecot: imap-login: Disconnected: Aborted login by logging out (auth > failed, 2 attempts in 4 secs): XYZ, method=PLAIN, rip=192.0.2.1, > lip=192.168.41.21, TLS, session=<uAr6j8UFtcoC2jhm>, TLSv1.3 with cipher > TLS_AES_256_GCM_SHA384 (256/256 bits) > ++210 192.0.2.1 4 10 > ++M > + 2019-10-15 08:08:52 imap-login: Info: Disconnected (auth failed, 1 attempts > in 2 secs): user=<test>, method=PLAIN, rip=172.21.0.1, lip=172.21.0.3, TLS, > session=<1MyTfu0USIqsFQAB> > + 210 172.21.0.1 4 10 > + M -- Andreas (Kusalananda) Kähäri Uppsala, Sweden .
