From owner-svn-ports-all@freebsd.org Sun Jan 17 18:56:47 2021 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4A7DB4D44CC; Sun, 17 Jan 2021 18:56:47 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DJkfl1fDrz3sRM; Sun, 17 Jan 2021 18:56:47 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 20EEC2654F; Sun, 17 Jan 2021 18:56:47 +0000 (UTC) (envelope-from swills@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 10HIul2A041536; Sun, 17 Jan 2021 18:56:47 GMT (envelope-from swills@FreeBSD.org) Received: (from swills@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 10HIujM7041530; Sun, 17 Jan 2021 18:56:45 GMT (envelope-from swills@FreeBSD.org) Message-Id: <202101171856.10HIujM7041530@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: swills set sender to swills@FreeBSD.org using -f From: Steve Wills Date: Sun, 17 Jan 2021 18:56:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r561861 - in head/security/logcheck: . files X-SVN-Group: ports-head X-SVN-Commit-Author: swills X-SVN-Commit-Paths: in head/security/logcheck: . files X-SVN-Commit-Revision: 561861 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jan 2021 18:56:47 -0000 Author: swills Date: Sun Jan 17 18:56:45 2021 New Revision: 561861 URL: https://svnweb.freebsd.org/changeset/ports/561861 Log: security/logcheck: Fix runtime error with bsdgrep PR: 251778 Submitted by: Yasuhiro Kimura (maintainer) Added: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix (contents, props changed) head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp (contents, props changed) head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs (contents, props changed) head/security/logcheck/files/patch-rulefiles_linux_violations.d_kernel (contents, props changed) Modified: head/security/logcheck/Makefile (contents, props changed) head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh (contents, props changed) head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix (contents, props changed) Modified: head/security/logcheck/Makefile ============================================================================== --- head/security/logcheck/Makefile Sun Jan 17 18:52:06 2021 (r561860) +++ head/security/logcheck/Makefile Sun Jan 17 18:56:45 2021 (r561861) @@ -3,6 +3,7 @@ PORTNAME= logcheck PORTVERSION= 1.3.20 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= DEBIAN_POOL DISTNAME= ${PORTNAME}_${PORTVERSION} Modified: head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh ============================================================================== --- head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh Sun Jan 17 18:52:06 2021 (r561860) +++ head/security/logcheck/files/patch-rulefiles__linux__ignore.d.server__ssh Sun Jan 17 18:56:45 2021 (r561861) @@ -1,5 +1,14 @@ ---- rulefiles/linux/ignore.d.server/ssh.orig 2017-01-25 21:08:04 UTC +--- rulefiles/linux/ignore.d.server/ssh.orig 2019-03-01 22:27:31 UTC +++ rulefiles/linux/ignore.d.server/ssh +@@ -14,7 +14,7 @@ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+(: | port [[:digit:]]+:)11: (disconnected by user|Closed due to user request\.)$ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,256} \[preauth\]$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: .{0,255} \[preauth\]$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from [:[:xdigit:].]+ port [[:digit:]]+$ @@ -27,8 +27,8 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) bad username \[[^]]+\]$ Added: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_postfix Sun Jan 17 18:56:45 2021 (r561861) @@ -0,0 +1,10 @@ +--- rulefiles/linux/ignore.d.paranoid/postfix.orig 2015-12-10 18:14:10 UTC ++++ rulefiles/linux/ignore.d.paranoid/postfix +@@ -1,5 +1,5 @@ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(local|pipe|virtual)\[[[:digit:]]+\]: [[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, |)relay=[^[:space:]]+, delay=[.[:digit:]]+, (delays=[.[:digit:]/]+, dsn=[.[:digit:]]+, )?status=[[:alnum:]]+ \(.*\)$ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-|)message-id=<[^[:space:]]+>$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(local|pipe|virtual)\[[[:digit:]]+\]: [[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, )?relay=[^[:space:]]+, delay=[.[:digit:]]+, (delays=[.[:digit:]/]+, dsn=[.[:digit:]]+, )?status=[[:alnum:]]+ \(.*\)$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-)?message-id=<[^[:space:]]+>$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/nqmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ \(queue active\)$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/pickup\[[[:digit:]]+\]: [[:alnum:]]+: uid=[[:digit:]]+ from=[^[:space:]]+$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/qmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ \(queue active\)$ Added: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_dhcp Sun Jan 17 18:56:45 2021 (r561861) @@ -0,0 +1,22 @@ +--- rulefiles/linux/ignore.d.server/dhcp.orig 2017-01-14 11:42:45 UTC ++++ rulefiles/linux/ignore.d.server/dhcp +@@ -10,13 +10,13 @@ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$ + #Added for dhcp 3 +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+ \((not )?found\)$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|)\) via [._[:alnum:]-]+)?$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own \(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$ Added: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_nfs Sun Jan 17 18:56:45 2021 (r561861) @@ -0,0 +1,7 @@ +--- rulefiles/linux/ignore.d.server/nfs.orig 2015-12-10 18:14:10 UTC ++++ rulefiles/linux/ignore.d.server/nfs +@@ -1,2 +1,2 @@ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated (un|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated (un)?mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un)?mount request from [._[:alnum:]-]+:[0-9]+ for (/[._[:alnum:]-]*)+ \((/[._[:alnum:]-]*)+\)$ Modified: head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix ============================================================================== --- head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix Sun Jan 17 18:52:06 2021 (r561860) +++ head/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_postfix Sun Jan 17 18:56:45 2021 (r561861) @@ -1,5 +1,14 @@ --- rulefiles/linux/ignore.d.server/postfix.orig 2019-03-01 15:22:43 UTC +++ rulefiles/linux/ignore.d.server/postfix +@@ -8,7 +8,7 @@ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/anvil\[[[:digit:]]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):([.:[:xdigit:]]+|unknown)\) at \w{3} [ :[:digit:]]{11}$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/anvil\[[[:digit:]]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :[:digit:]]{11}$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [[:xdigit:]]+: sender (delay|non-delivery|delivery status) notification: [[:xdigit:]]+$ +-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-|)message-id=]+>?( \(added by [^[:space:]]+\))?$ ++^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: (resent-)?message-id=]+>?( \(added by [^[:space:]]+\))?$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:alnum:]]+: milter-discard: END-OF-MESSAGE from [-._[:alnum:]]+\[([.[:digit:]]+|[:[:xdigit:]]+)\]: milter triggers DISCARD action; from=<[^[:space:]]*> to=<[^[:space:]]*> proto=E?SMTP helo=<[^[:space:]]+>$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:upper:][:digit:]]+: reject: header [^[:space:]]+:.+ from=<[^[:space:]]*>( to=<[^[:space:]]+>)? proto=E?SMTP helo=<[^[:space:]]+>: .+$ + ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/cleanup\[[[:digit:]]+\]: [[:xdigit:]]+: milter-reject: END-OF-MESSAGE from [-._[:alnum:]]+\[[.[:digit:]]+\]: [45]\.7\.1 (virus [-._/[:alnum:]]+ detected by ClamAV - http://www\.clamav\.net|Command rejected); from=<[^[:space:]]*> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$ @@ -60,7 +60,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: [^[:space:]]+ offered null AUTH mechanism list$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: mailer loop: best MX for [^[:space:]]+ is local$ Added: head/security/logcheck/files/patch-rulefiles_linux_violations.d_kernel ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/logcheck/files/patch-rulefiles_linux_violations.d_kernel Sun Jan 17 18:56:45 2021 (r561861) @@ -0,0 +1,6 @@ +--- rulefiles/linux/violations.d/kernel.orig 2015-12-10 18:14:10 UTC ++++ rulefiles/linux/violations.d/kernel +@@ -1,2 +1,2 @@ +-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error \(bad sector\): status=0x[[:xdigit:]]+ { DriveReady SeekComplete Error }$ ++^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: media error \(bad sector\): status=0x[[:xdigit:]]+ \{ DriveReady SeekComplete Error \}$ + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? end_request: I/O error, dev [[:alnum:]]+, sector [[:digit:]]+