From 9983a9b5c080497df9fe8fa192412b237de49679 Mon Sep 17 00:00:00 2001
From: Nicolas Porcel <nicolasporcel06@gmail.com>
Date: Thu, 22 Mar 2018 02:16:15 +0100
Subject: [PATCH] sshguard: fix build and add ipv6 patch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes: #12770 [via git-merge-pr]
Signed-off-by: Jürgen Buchmüller <pullmoll@t-online.de>
---
 srcpkgs/sshguard/patches/fix_ipv6.patch | 180 ++++++++++++++++++++++++
 srcpkgs/sshguard/template               |   6 +-
 2 files changed, 185 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/sshguard/patches/fix_ipv6.patch

diff --git a/srcpkgs/sshguard/patches/fix_ipv6.patch b/srcpkgs/sshguard/patches/fix_ipv6.patch
new file mode 100644
index 00000000000..eb53a7a1243
--- /dev/null
+++ b/srcpkgs/sshguard/patches/fix_ipv6.patch
@@ -0,0 +1,180 @@
+diff --git src/parser/attack_parser.y src/parser/attack_parser.y
+index 247adf3..a4d65c7 100644
+--- src/parser/attack_parser.y
++++ src/parser/attack_parser.y
+@@ -46,7 +46,7 @@ static void yyerror(attack_t *, const char *);
+ }
+ 
+ /* semantic values for tokens */
+-%token <str> IPv4 IPv6 HOSTADDR WORD
++%token <str> IPv4 IPv6 IPv6_WITH_SUFFIX HOSTADDR WORD
+ %token <num> INTEGER SYSLOG_BANNER_PID SOCKLOG_BANNER_PID
+ 
+ /* flat tokens */
+@@ -176,6 +176,12 @@ addr:
+                         attack->address.kind = ADDRKIND_IPv6;
+                         strcpy(attack->address.value, $1);
+                     }
++    | IPv6_WITH_SUFFIX
++                    {
++                        attack->address.kind = ADDRKIND_IPv6;
++                        char* percent = strchr($1, '%');
++                        strncpy(attack->address.value, $1, percent - $1);
++                    }
+     | HOSTADDR      {
+                         if (!attack_from_hostname(attack, $1)) {
+                             YYABORT;
+diff --git src/parser/attack_scanner.l src/parser/attack_scanner.l
+index a32e9e6..50ad009 100644
+--- src/parser/attack_scanner.l
++++ src/parser/attack_scanner.l
+@@ -75,6 +75,7 @@ PROCESSNAME ([-_a-zA-Z0-9]{2,7})|([-_a-zA-Z0-9]{9,})|([-_a-rt-zA-RT-Z0-9][-_a-zA
+ IPV4        ((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?|0)(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?|0)){3})
+  /* IPv6 addresses including compressed variants (RFC 2373) */
+ IPV6        (::|:(:[0-9a-fA-F]{1,4}){1,7}|[0-9a-fA-F]{1,4}:([0-9a-fA-F]{1,4}:(:[0-9a-fA-F]{1,4}){1,5}|(:[0-9a-fA-F]{1,4}){1,6})|([0-9a-fA-F]{1,4}:){3}([0-9a-fA-F]{1,4}:(:[0-9a-fA-F]{1,4}){1,3}|(:[0-9a-fA-F]{1,4}){1,4})|([0-9a-fA-F]{1,4}:){5}([0-9a-fA-F]{1,4}:[0-9a-fA-F]{0,4}:[0-9a-fA-F]{1,4}|(:[0-9a-fA-F]{1,4}){1,2})|([0-9a-fA-F]{1,4}:){1,7}:)
++IFNAME      %[^ \n]{1,15}
+  /* an IPv4 packed in IPv6 as IPv4-mapped IPv6 address */
+ IPV4MAPPED6 ((:(:0{1,4}){0,4}|0{1,4}:(:0{1,4}){1,3}|(0{1,4}:){2}(0{1,4}:0{0,4}:0{1,4}|(:0{1,4}){1,2})|(0{1,4}:){1,4}):[fF]{4}:(((2[0-4]|1[0-9]|[1-9])?[0-9]|25[0-5])\.){3}((2[0-4]|1[0-9]|[1-9])?[0-9]|25[0-5]))
+ 
+@@ -270,6 +271,7 @@ WORDPRESS_LOGIN            .*"/wp-login"(\.php)?
+  /* an IPv6 address */
+  /* standard | clouds implied | embedded IPv4 */
+ {IPV6}                                                          { yylval.str = yytext; return IPv6; }
++{IPV6}{IFNAME}                                                  { yylval.str = yytext; return IPv6_WITH_SUFFIX; }
+ 
+  /* an host address (PTR) */
+ {HOSTADDR}                                                      { yylval.str = yytext; return HOSTADDR; }
+diff --git src/parser/attacks.txt src/parser/attacks.txt
+index 8871bdf..c118ea7 100644
+--- src/parser/attacks.txt
++++ src/parser/attacks.txt
+@@ -1,13 +1,18 @@
+ Invalid user inexu from 6.6.6.0
+ Invalid user inexu from 2001:db8::a11:beef:7ac0
++Invalid user inexu from 2001:db8::a11:beef:7ac0%abcdefgh1234567
+ User mario from 6.6.6.0 not allowed because XYZ
+ User mario from 2001:db8::a11:beef:7ac0 not allowed because XYZ
++User mario from 2001:db8::a11:beef:7ac0%lo not allowed because XYZ
+ Failed XYZ for XYZ from 6.6.6.0 port 14423 ssh2
+ Failed XYZ for XYZ from 2001:db8::a11:beef:7ac0 port 14423 ssh2
++Failed XYZ for XYZ from 2001:db8::a11:beef:7ac0%enp3s0 port 14423 ssh2
+ error: PAM: authentication failure for mario from 6.6.6.0
+ error: PAM: authentication failure for mario from 2001:db8::a11:beef:7ac0
++error: PAM: authentication failure for mario from 2001:db8::a11:beef:7ac0%vbr1
+ Did not receive identification string from 6.6.6.0
+ Did not receive identification string from 2001:db8::a11:beef:7ac0
++Did not receive identification string from 2001:db8::a11:beef:7ac0%eth0
+ Bad protocol version identification XYZ from 6.6.6.0
+ Bad protocol version identification XYZ from 2001:db8::a11:beef:7ac0
+ authentication failure XYZ 6.6.6.0
+diff --git src/parser/expected.txt src/parser/expected.txt
+new file mode 100644
+index 0000000..fa5bd8d
+--- /dev/null
++++ src/parser/expected.txt
+@@ -0,0 +1,85 @@
++100 6.6.6.0 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 6.6.6.0 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 6.6.6.0 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 6.6.6.0 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 6.6.6.0 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 6.6.6.0 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++230 6.6.6.0 4 10
++230 2001:db8::a11:beef:7ac0 6 10
++240 6.6.6.0 4 10
++240 2001:db8::a11:beef:7ac0 6 10
++250 6.6.6.0 4 10
++250 2001:db8::a11:beef:7ac0 6 10
++210 6.6.6.0 4 10
++210 2001:db8::a11:beef:7ac0 6 10
++200 6.6.6.0 4 10
++200 2001:db8::a11:beef:7ac0 6 10
++220 6.6.6.0 4 10
++220 2001:db8::a11:beef:7ac0 6 10
++300 6.6.6.0 4 10
++300 2001:db8::a11:beef:7ac0 6 10
++310 6.6.6.0 4 10
++310 2001:db8::a11:beef:7ac0 6 10
++320 6.6.6.0 4 10
++320 2001:db8::a11:beef:7ac0 6 10
++330 6.6.6.0 4 10
++330 2001:db8::a11:beef:7ac0 6 10
++260 199.19.110.207 4 10
++260 2001:db8::a11:beef:7ac0 6 10
++100 66.240.236.119 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 95.9.156.208 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 130.207.203.56 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 103.237.33.58 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++240 87.76.31.6 4 10
++240 2001:db8::a11:beef:7ac0 6 10
++240 10.0.0.1 4 10
++240 2001:db8::a11:beef:7ac0 6 10
++100 192.168.2.1 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 192.168.2.200 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++260 24.213.217.114 4 10
++260 2001:db8::a11:beef:7ac0 6 10
++100 117.81.26.226 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++100 190.50.238.98 4 10
++100 2001:db8::a11:beef:7ac0 6 10
++340 172.22.10.15 4 10
++340 2001:db8::a11:beef:7ac0 6 10
++100 172.22.10.15 4 10
++100 2001:db8::a11:beef:7ac1 6 10
++350 10.42.42.39 4 10
++360 10.42.42.40 4 10
++360 10.42.42.41 4 10
++360 10.42.42.42 4 10
++360 10.42.42.43 4 10
++360 2001:db8::a11:beef:7aa0 6 10
++360 10.42.42.44 4 10
++360 2001:db8::a11:beef:7aa1 6 10
++360 10.42.42.45 4 10
++100 10.42.42.42 4 10
++370 2001:db8::a11:b2ef:78f2 6 10
++370 10.42.57.1 4 10
++370 2001:db8::a11:beef:7aa2 6 10
++370 192.68.11.1 4 10
++370 192.68.11.1 4 10
++350 2001:db8::a11:beef:7aa3 6 10
++110 2001:db8::a11:beef:456e 6 10
++110 192.68.18.1 4 10
++110 192.68.18.2 4 10
++110 2001:db8::a11:beef:456f 6 10
+diff --git src/parser/test-sshg-parser src/parser/test-sshg-parser
+index 094dbe7..dbecead 100755
+--- src/parser/test-sshg-parser
++++ src/parser/test-sshg-parser
+@@ -1,12 +1,5 @@
+ #!/bin/sh
+-file="attacks.txt"
+-in_count=`wc -l $file | awk '{ print $1 }'`
+-out_count=`./sshg-parser < $file | wc -l |  awk '{ print $1 }'`
+-if [ $in_count -ne $out_count ]; then
+-    exit 1
+-fi
+ 
+-not_out_count=`./sshg-parser < not-attacks.txt | wc -l |  awk '{ print $1 }'`
+-if [ 0 -ne $not_out_count ]; then
+-    exit 1
+-fi
++cat attacks.txt | ./sshg-parser | diff -u expected.txt - || exit 1
++
++cat not-attacks.txt | ./sshg-parser | diff -u /dev/null - || exit 1
diff --git a/srcpkgs/sshguard/template b/srcpkgs/sshguard/template
index a3d8ef142e7..517d8067935 100644
--- a/srcpkgs/sshguard/template
+++ b/srcpkgs/sshguard/template
@@ -1,10 +1,11 @@
 # Template file for 'sshguard'
 pkgname=sshguard
 version=2.1.0
-revision=1
+revision=2
 build_style=gnu-configure
 make_dirs="/var/db/sshguard 0755 root root"
 depends="iptables"
+hostmakedepends="flex"
 short_desc="Protects networked hosts from brute force attacks"
 maintainer="Lodvær <lodvaer@gmail.com>"
 license="3-clause-BSD"
@@ -12,6 +13,9 @@ homepage="http://www.sshguard.net/"
 distfiles="${SOURCEFORGE_SITE}/sshguard/$pkgname-$version.tar.gz"
 checksum=21252a4834ad8408df384ee4ddf468624aa9de9cead5afde1c77380a48cf028a
 
+CFLAGS+=" -fPIE -fPIC"
+LDFLAGS+=" -pie"
+
 conf_files="/etc/sshguard.conf"
 
 post_install() {