rpms/fail2ban/F-9 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch, NONE, 1.1 fail2ban.spec, 1.13, 1.14

[Axel Thimm]

Author: athimm

Update of /cvs/extras/rpms/fail2ban/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9649/F-9

Modified Files:
	fail2ban.spec 
Added Files:
	0001-BF-anchoring-regex-for-IP-with-at-the-end.patch 
Log Message:
Fixes CVE-2009-0362

0001-BF-anchoring-regex-for-IP-with-at-the-end.patch:

--- NEW FILE 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch ---
>From a8f963a2803acef984c66cd1910631eb06363ac1 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian at onerussian.com>
Date: Wed, 4 Feb 2009 15:38:11 -0500
Subject: [PATCH] BF: anchoring regex for IP with " *$" at the end

to forbid matching IP encoded in the hostname prior doing actual DNS
lookup.

It is quite important and actually security hazard: DoS is easy to
perform...
---
 server/filter.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/server/filter.py b/server/filter.py
index 457bb03..77042ad 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -492,7 +492,7 @@ import socket, struct
 
 class DNSUtils:
 	
-	IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}")
+	IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3} *$")
 	
 	#@staticmethod
 	def dnsToIp(dns):
-- 
1.5.6.5



Index: fail2ban.spec
===================================================================
RCS file: /cvs/extras/rpms/fail2ban/F-9/fail2ban.spec,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- fail2ban.spec	25 Aug 2008 09:20:30 -0000	1.13
+++ fail2ban.spec	14 Feb 2009 07:13:55 -0000	1.14
@@ -4,7 +4,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.3
-Release: 16%{?dist}
+Release: 18%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -14,6 +14,7 @@
 Patch1: fail2ban-0.8.1-sshd.patch
 #Patch2: fail2ban-0.8.1-sock.patch
 Patch3: fail2ban-0.8.2-fd_cloexec.patch
+Patch4: 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 BuildArch: noarch
@@ -33,6 +34,7 @@
 %patch1 -p1 -b .sshd
 #patch2 -p1 -b .sock
 %patch3 -p1 -b .fd_cloexec
+%patch4 -p1 -b .CVE-2009-0362
 
 %build
 python setup.py build
@@ -82,6 +84,12 @@
 %dir %{_localstatedir}/run/fail2ban
 
 %changelog
+* Sat Feb 14 2009 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.8.3-18
+- Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
+
+* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm at gmail.com> - 0.8.3-17
+- Rebuild for Python 2.6
+
 * Sun Aug 24 2008 Axel Thimm <Axel.Thimm at ATrpms.net> - 0.8.3-16
 - Update to 0.8.3.