denyhosts regex regression
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Raspbian |
New
|
Undecided
|
Unassigned |
Bug Description
In current denyhosts version of raspbian denyhosts has a regression that makes it inefective.
The current version of denyhosts is 2.6-10.1 and the file:
/usr/share/
contains this regex expression:
FAILED_ENTRY_REGEX2 = re.compile(
Unfortunately this regex is not working anymore because the log in auth.log has this format:
Failed password for root from 103.41.124.29 port 43517 ssh2
The right regex is this:
FAILED_ENTRY_REGEX = re.compile(
This regex is existing in upstream debian package:
denyhosts_
Please revert to upstream package or correct the regex in current package.
Thank you
Michele Renda
information type: | Private Security → Public |
First things first there are no raspbian specific customisations involved here.
This issue was patched by Debian for Wheezy but in Jessie they chose to remove the package instead.
Raspbian does not automatically follow removals from Debian so the last version that was in Debian jessie/sid
I see two options here, neither of them great.
1: I Could forward port the change from the wheezy package to the jessie package, the trouble is that would be giving a false indication of support, theres no way I can support a package like this going forward independently from Debian.
2: I could remove the package from raspbian jessie bringing us back into line with Debian but potentially leaving users who don't pay attention to the "obsolete and locally created packages" category in aptitude could be left with a broken tool.
Any thoughts on which is the least bad option? I'm inclined to go with the latter on the "stay as close to Debian as possible" principle.