* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2017-03-29 3:22 Jeroen Roovers
0 siblings, 0 replies; 12+ messages in thread
From: Jeroen Roovers @ 2017-03-29 3:22 UTC (permalink / raw
To: gentoo-commits
commit: 33ec5da48ff4577598c8e45b44024376c70f7ca0
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 29 03:22:11 2017 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed Mar 29 03:22:11 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33ec5da4
net-analyzer/fail2ban: Old.
Package-Manager: Portage-2.3.5, Repoman-2.3.2
net-analyzer/fail2ban/Manifest | 3 -
net-analyzer/fail2ban/fail2ban-0.9.3-r1.ebuild | 108 ---------------------
net-analyzer/fail2ban/fail2ban-0.9.4.ebuild | 102 -------------------
net-analyzer/fail2ban/fail2ban-0.9.5.ebuild | 104 --------------------
.../fail2ban/files/fail2ban-0.9.2-initd.patch | 25 -----
.../fail2ban/files/fail2ban-0.9.2-logrotate.patch | 12 ---
6 files changed, 354 deletions(-)
diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest
index 0c8ede3fd2b..79e5dbce864 100644
--- a/net-analyzer/fail2ban/Manifest
+++ b/net-analyzer/fail2ban/Manifest
@@ -1,4 +1 @@
-DIST fail2ban-0.9.3.tar.gz 321960 SHA256 146811530b7acf706db6d28068ee60806f6e0c80da14d89b732955a696728c46 SHA512 c8f45f776677a1e2e222feb4e33499a59c0c1c108365b759daf417870e2cc717a8b26073869eb3846a24928d8a2d33225761a19965b804bb7fee750e86cef6c8 WHIRLPOOL d01a25a9ac422e538e15db5f4f6c5015ee5c429c8fa6adf35accb80ce56f8e703e5104860ca7b205b927697b20a9a1109852dc6059b6ce208c432e0661a78edb
-DIST fail2ban-0.9.4.tar.gz 335521 SHA256 9a4a6402f8e6bda15ef8b5a848ce8d91d80735356b52dfac0d7612cdd2fbcaf3 SHA512 fee7368adf30c9b5a47309c0c519de9fb0113a49b5e69d0f9396b5fb3dc9a3c6a5a51fef155fcf7debd86eb839441d1199c992fa8211da83a81f7c182c4a2125 WHIRLPOOL 5d44f39204eb3717f00102c686b5b3873555b82dd3bcae0bfbbb96f54e15d0d020655c3b3efe51536a5746489d133e2dc5bf3d3b7081c6619ba2ab715abe4ba2
-DIST fail2ban-0.9.5.tar.gz 342310 SHA256 7fec0e7a23a315358b09580962920d3faec7369a85a0c9f349775b06605aa759 SHA512 d894a5f62d553ccdb406a25163995a655cbd952c1253e966d1b27500bd8431c6e7eba33400412a0ef9df844e1f31ce544b80fb49e3706f7536f58e8d84022d51 WHIRLPOOL 555f929535f68612a05eecbd6ff1ef8d39412dff156e0d06d0c8268f2319797e9f4272e99a09660b784cc38ba9321f9c2d74b5af4164c2aee261c44bdc2451fa
DIST fail2ban-0.9.6.tar.gz 352145 SHA256 c6758b43f9d673ec014fc2f2d3497476d5396f9f85e37724a638b43dfdde7a97 SHA512 c09778d39741dc38d1073495a9f491012717d5ed04d28722f2ae6755104bdcc472baf06d33f500fed592b04c05277ba5cf74e527f1c0ed751108f4f1be22fa7e WHIRLPOOL a18b4d2905d8c2d4bbb8121bf4a7f69ce1d95ecb9fa521d753fd5f103bf463ada09d04e4e60b9191dce56cfced09426f74397c09df87bffeaf13dc7358a570b4
diff --git a/net-analyzer/fail2ban/fail2ban-0.9.3-r1.ebuild b/net-analyzer/fail2ban/fail2ban-0.9.3-r1.ebuild
deleted file mode 100644
index e2e0606eacd..00000000000
--- a/net-analyzer/fail2ban/fail2ban-0.9.3-r1.ebuild
+++ /dev/null
@@ -1,108 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-PYTHON_COMPAT=( python{2_7,3_4,3_5} pypy )
-DISTUTILS_SINGLE_IMPL=1
-
-inherit distutils-r1 eutils systemd vcs-snapshot
-
-DESCRIPTION="scans log files and bans IPs that show malicious signs"
-HOMEPAGE="http://www.fail2ban.org/"
-SRC_URI="https://github.com/${PN}/${PN}/tarball/${PV} -> ${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ppc ppc64 sparc x86 ~x86-fbsd"
-IUSE="selinux systemd"
-
-# TODO support ipfw and ipfilter
-RDEPEND="
- kernel_linux? ( net-firewall/iptables )
- kernel_FreeBSD? ( sys-freebsd/freebsd-pf )
- net-misc/whois
- virtual/logger
- virtual/mta
- selinux? ( sec-policy/selinux-fail2ban )
- systemd? ( $(python_gen_cond_dep '|| (
- dev-python/python-systemd[${PYTHON_USEDEP}]
- sys-apps/systemd[python(-),${PYTHON_USEDEP}]
- )' 'python*' ) )
-"
-
-REQUIRED_USE="systemd? ( !python_single_target_pypy )"
-
-DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
-
-python_prepare_all() {
- # Replace /var/run with /run, but not in the top source directory
- find . -mindepth 2 -type f -exec \
- sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
-
- # Fix bashisms and do not direct useful output to /dev/null (bug #536320)
- # Remove global logrotate settings (bug #549856)
- epatch \
- "${FILESDIR}"/${PN}-0.9.2-initd.patch \
- "${FILESDIR}"/${PN}-0.9.2-logrotate.patch
-
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- "${PYTHON}" "bin/${PN}-testcases" || die "tests failed with ${EPYTHON}"
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- rm -rf "${D}"/usr/share/doc/${PN} "${D}"/run || die
-
- # not FILESDIR
- newconfd files/gentoo-confd ${PN}
- newinitd files/gentoo-initd ${PN}
- systemd_dounit files/${PN}.service
- systemd_dotmpfilesd files/${PN}-tmpfiles.conf
- doman man/*.{1,5}
-
- # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
- # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
- insinto /etc/logrotate.d
- newins files/${PN}-logrotate ${PN}
-}
-
-pkg_preinst() {
- has_version "<${CATEGORY}/${PN}-0.7"
- previous_less_than_0_7=$?
-}
-
-pkg_postinst() {
- if [[ $previous_less_than_0_7 = 0 ]] ; then
- elog
- elog "Configuration files are now in /etc/fail2ban/"
- elog "You probably have to manually update your configuration"
- elog "files before restarting Fail2ban!"
- elog
- elog "Fail2ban is not installed under /usr/lib anymore. The"
- elog "new location is under /usr/share."
- elog
- elog "You are upgrading from version 0.6.x, please see:"
- elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
- fi
- if ! has_version ${CATEGORY}/${PN}; then
- if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin; then
- elog "For most jail.conf configurations, it is recommended you install either"
- elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
- elog "to control how log file modifications are detected"
- fi
-
- if ! has_version dev-lang/python[sqlite]; then
- elog "If you want to use ${PN}'s persistent database, then reinstall"
- elog "dev-lang/python with USE=sqlite"
- fi
-
- if has_version sys-apps/systemd[-python]; then
- elog "If you want to track logins through sys-apps/systemd's"
- elog "journal backend, then reinstall sys-apps/systemd with USE=python"
- fi
- fi
-}
diff --git a/net-analyzer/fail2ban/fail2ban-0.9.4.ebuild b/net-analyzer/fail2ban/fail2ban-0.9.4.ebuild
deleted file mode 100644
index f65dee1387a..00000000000
--- a/net-analyzer/fail2ban/fail2ban-0.9.4.ebuild
+++ /dev/null
@@ -1,102 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-PYTHON_COMPAT=( python{2_7,3_4,3_5} pypy )
-DISTUTILS_SINGLE_IMPL=1
-
-inherit distutils-r1 eutils systemd vcs-snapshot
-
-DESCRIPTION="scans log files and bans IPs that show malicious signs"
-HOMEPAGE="http://www.fail2ban.org/"
-SRC_URI="https://github.com/${PN}/${PN}/tarball/${PV} -> ${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
-IUSE="selinux systemd"
-
-# TODO support ipfw and ipfilter
-RDEPEND="
- kernel_linux? ( net-firewall/iptables )
- kernel_FreeBSD? ( sys-freebsd/freebsd-pf )
- net-misc/whois
- virtual/logger
- virtual/mta
- selinux? ( sec-policy/selinux-fail2ban )
- systemd? ( $(python_gen_cond_dep '|| (
- dev-python/python-systemd[${PYTHON_USEDEP}]
- sys-apps/systemd[python(-),${PYTHON_USEDEP}]
- )' 'python*' ) )
-"
-
-REQUIRED_USE="systemd? ( !python_single_target_pypy )"
-
-DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
-
-python_prepare_all() {
- # Replace /var/run with /run, but not in the top source directory
- find . -mindepth 2 -type f -exec \
- sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
-
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- "${PYTHON}" "bin/${PN}-testcases" || die "tests failed with ${EPYTHON}"
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- rm -rf "${D}"/usr/share/doc/${PN} "${D}"/run || die
-
- # not FILESDIR
- newconfd files/gentoo-confd ${PN}
- newinitd files/gentoo-initd ${PN}
- systemd_dounit files/${PN}.service
- systemd_dotmpfilesd files/${PN}-tmpfiles.conf
- doman man/*.{1,5}
-
- # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
- # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
- insinto /etc/logrotate.d
- newins files/${PN}-logrotate ${PN}
-}
-
-pkg_preinst() {
- has_version "<${CATEGORY}/${PN}-0.7"
- previous_less_than_0_7=$?
-}
-
-pkg_postinst() {
- if [[ $previous_less_than_0_7 = 0 ]] ; then
- elog
- elog "Configuration files are now in /etc/fail2ban/"
- elog "You probably have to manually update your configuration"
- elog "files before restarting Fail2ban!"
- elog
- elog "Fail2ban is not installed under /usr/lib anymore. The"
- elog "new location is under /usr/share."
- elog
- elog "You are upgrading from version 0.6.x, please see:"
- elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
- fi
- if ! has_version ${CATEGORY}/${PN}; then
- if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin; then
- elog "For most jail.conf configurations, it is recommended you install either"
- elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
- elog "to control how log file modifications are detected"
- fi
-
- if ! has_version dev-lang/python[sqlite]; then
- elog "If you want to use ${PN}'s persistent database, then reinstall"
- elog "dev-lang/python with USE=sqlite"
- fi
-
- if has_version sys-apps/systemd[-python]; then
- elog "If you want to track logins through sys-apps/systemd's"
- elog "journal backend, then reinstall sys-apps/systemd with USE=python"
- fi
- fi
-}
diff --git a/net-analyzer/fail2ban/fail2ban-0.9.5.ebuild b/net-analyzer/fail2ban/fail2ban-0.9.5.ebuild
deleted file mode 100644
index f9375b0e5ad..00000000000
--- a/net-analyzer/fail2ban/fail2ban-0.9.5.ebuild
+++ /dev/null
@@ -1,104 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-PYTHON_COMPAT=( python{2_7,3_4,3_5} pypy )
-DISTUTILS_SINGLE_IMPL=1
-
-inherit distutils-r1 eutils systemd vcs-snapshot
-
-DESCRIPTION="scans log files and bans IPs that show malicious signs"
-HOMEPAGE="http://www.fail2ban.org/"
-SRC_URI="https://github.com/${PN}/${PN}/tarball/${PV} -> ${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
-IUSE="selinux systemd"
-
-# TODO support ipfw and ipfilter
-RDEPEND="
- kernel_linux? ( net-firewall/iptables )
- kernel_FreeBSD? ( sys-freebsd/freebsd-pf )
- net-misc/whois
- virtual/logger
- virtual/mta
- selinux? ( sec-policy/selinux-fail2ban )
- systemd? ( $(python_gen_cond_dep '|| (
- dev-python/python-systemd[${PYTHON_USEDEP}]
- sys-apps/systemd[python(-),${PYTHON_USEDEP}]
- )' 'python*' ) )
-"
-
-REQUIRED_USE="systemd? ( !python_single_target_pypy )"
-
-DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
-
-python_prepare_all() {
- # Replace /var/run with /run, but not in the top source directory
- find . -mindepth 2 -type f -exec \
- sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
-
- sed -i -e 's|runscript|openrc-run|g' files/gentoo-initd || die
-
- distutils-r1_python_prepare_all
-}
-
-python_test() {
- "${PYTHON}" "bin/${PN}-testcases" || die "tests failed with ${EPYTHON}"
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- rm -rf "${D}"/usr/share/doc/${PN} "${D}"/run || die
-
- # not FILESDIR
- newconfd files/gentoo-confd ${PN}
- newinitd files/gentoo-initd ${PN}
- systemd_dounit files/${PN}.service
- systemd_dotmpfilesd files/${PN}-tmpfiles.conf
- doman man/*.{1,5}
-
- # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
- # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
- insinto /etc/logrotate.d
- newins files/${PN}-logrotate ${PN}
-}
-
-pkg_preinst() {
- has_version "<${CATEGORY}/${PN}-0.7"
- previous_less_than_0_7=$?
-}
-
-pkg_postinst() {
- if [[ $previous_less_than_0_7 = 0 ]] ; then
- elog
- elog "Configuration files are now in /etc/fail2ban/"
- elog "You probably have to manually update your configuration"
- elog "files before restarting Fail2ban!"
- elog
- elog "Fail2ban is not installed under /usr/lib anymore. The"
- elog "new location is under /usr/share."
- elog
- elog "You are upgrading from version 0.6.x, please see:"
- elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
- fi
- if ! has_version ${CATEGORY}/${PN}; then
- if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin; then
- elog "For most jail.conf configurations, it is recommended you install either"
- elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
- elog "to control how log file modifications are detected"
- fi
-
- if ! has_version dev-lang/python[sqlite]; then
- elog "If you want to use ${PN}'s persistent database, then reinstall"
- elog "dev-lang/python with USE=sqlite"
- fi
-
- if has_version sys-apps/systemd[-python]; then
- elog "If you want to track logins through sys-apps/systemd's"
- elog "journal backend, then reinstall sys-apps/systemd with USE=python"
- fi
- fi
-}
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.9.2-initd.patch b/net-analyzer/fail2ban/files/fail2ban-0.9.2-initd.patch
deleted file mode 100644
index 47bffe6af9f..00000000000
--- a/net-analyzer/fail2ban/files/fail2ban-0.9.2-initd.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- a/files/gentoo-initd
-+++ b/files/gentoo-initd
-@@ -38,19 +38,19 @@
- # bug 347477
- rm -rf /run/fail2ban/fail2ban.sock || return 1
- fi
-- ${FAIL2BAN} start &> /dev/null
-+ ${FAIL2BAN} start
- eend $? "Failed to start fail2ban"
- }
-
- stop() {
- ebegin "Stopping fail2ban"
-- ${FAIL2BAN} stop &> /dev/null
-+ ${FAIL2BAN} stop
- eend $? "Failed to stop fail2ban"
- }
-
- reload() {
- ebegin "Reloading fail2ban"
-- ${FAIL2BAN} reload > /dev/null
-+ ${FAIL2BAN} reload
- eend $? "Failed to reload fail2ban"
- }
-
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.9.2-logrotate.patch b/net-analyzer/fail2ban/files/fail2ban-0.9.2-logrotate.patch
deleted file mode 100644
index 65354a2a025..00000000000
--- a/net-analyzer/fail2ban/files/fail2ban-0.9.2-logrotate.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/files/fail2ban-logrotate
-+++ b/files/fail2ban-logrotate
-@@ -9,9 +9,7 @@
- # http://pkgs.fedoraproject.org/cgit/fail2ban.git/tree/fail2ban-logrotate
-
- /var/log/fail2ban.log {
-- rotate 7
- missingok
-- compress
- postrotate
- /usr/bin/fail2ban-client flushlogs 1>/dev/null || true
- endscript
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2021-05-14 17:22 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2021-05-14 17:22 UTC (permalink / raw
To: gentoo-commits
commit: 592ea98a632c53260a6358ce42280cd3076c3d34
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri May 14 12:51:59 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri May 14 17:22:22 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=592ea98a
net-analyzer/fail2ban: run tests
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-analyzer/fail2ban/fail2ban-0.11.2.ebuild | 12 ++++--
.../files/fail2ban-0.11.2-fix-tests-for-2021.patch | 50 ++++++++++++++++++++++
2 files changed, 58 insertions(+), 4 deletions(-)
diff --git a/net-analyzer/fail2ban/fail2ban-0.11.2.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2.ebuild
index 8f57fd666aa..1c47a71b51d 100644
--- a/net-analyzer/fail2ban/fail2ban-0.11.2.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-0.11.2.ebuild
@@ -16,8 +16,6 @@ LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm ~arm64 hppa ppc ppc64 sparc x86"
IUSE="selinux systemd"
-# Needs some work to enable them right now
-RESTRICT="test"
RDEPEND="
virtual/logger
@@ -34,9 +32,11 @@ RDEPEND="
DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
-python_prepare_all() {
- default
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-tests-for-2021.patch
+)
+python_prepare_all() {
# Replace /var/run with /run, but not in the top source directory
find . -mindepth 2 -type f -exec \
sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
@@ -51,6 +51,10 @@ python_compile() {
distutils-r1_python_compile
}
+python_test() {
+ bin/fail2ban-testcases -n -g --verbosity=4 || die "Tests failed with ${EPYTHON}"
+}
+
python_install_all() {
distutils-r1_python_install_all
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-tests-for-2021.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-tests-for-2021.patch
new file mode 100644
index 00000000000..36193b18193
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-tests-for-2021.patch
@@ -0,0 +1,50 @@
+https://github.com/fail2ban/fail2ban/issues/2904
+
+From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Mon, 4 Jan 2021 02:42:38 +0100
+Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
+ tests, considering interval from 2005 (alternate now) to now; + better
+ grouping algorithm for resulting century RE
+
+---
+ fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
+index 1464a96d1f..39fc795865 100644
+--- a/fail2ban/server/strptime.py
++++ b/fail2ban/server/strptime.py
+@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
+ Thereby respect possible run in the test-cases (alternate date used there)
+ """
+ cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
++ def grp(exprset):
++ c = None
++ if len(exprset) > 1:
++ for i in exprset:
++ if c is None or i[0:-1] == c:
++ c = i[0:-1]
++ else:
++ c = None
++ break
++ if not c:
++ for i in exprset:
++ if c is None or i[0] == c:
++ c = i[0]
++ else:
++ c = None
++ break
++ if c:
++ return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
++ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
++ if len(exprset) > 1 else "".join(exprset)
+ exprset = set( cent(now[0].year + i) for i in (-1, distance) )
+ if len(now) and now[1]:
+- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
+- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
++ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
++ return grp(sorted(list(exprset)))
+
+ timeRE = TimeRE()
+
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2021-08-11 1:01 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2021-08-11 1:01 UTC (permalink / raw
To: gentoo-commits
commit: 00402f66d1cdf8144ff08f446010cfdbd8d2fe4a
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 11 01:00:15 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug 11 01:00:15 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00402f66
net-analyzer/fail2ban: fix Apache log path
Closes: https://bugs.gentoo.org/805485
Signed-off-by: Sam James <sam <AT> gentoo.org>
...l2ban-9999.ebuild => fail2ban-0.11.2-r1.ebuild} | 12 ++++++---
net-analyzer/fail2ban/fail2ban-9999.ebuild | 6 ++++-
.../fail2ban-0.11.2-adjust-apache-logs-paths.patch | 29 ++++++++++++++++++++++
3 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
similarity index 94%
copy from net-analyzer/fail2ban/fail2ban-9999.ebuild
copy to net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
index 2ad8f462e23..a858cbe09d2 100644
--- a/net-analyzer/fail2ban/fail2ban-9999.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
@@ -3,7 +3,7 @@
EAPI=7
-PYTHON_COMPAT=( python3_{7,8,9} )
+PYTHON_COMPAT=( python3_{8,9} )
DISTUTILS_SINGLE_IMPL=1
inherit bash-completion-r1 distutils-r1 systemd tmpfiles
@@ -31,13 +31,17 @@ RDEPEND="
|| (
dev-python/python-systemd[${PYTHON_USEDEP}]
sys-apps/systemd[python(-),${PYTHON_USEDEP}]
- )
- ' 'python*')
+ )' 'python*' )
)
"
DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-tests-for-2021.patch
+ "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+)
+
python_prepare_all() {
# Replace /var/run with /run, but not in the top source directory
find . -mindepth 2 -type f -exec \
@@ -94,7 +98,7 @@ pkg_preinst() {
pkg_postinst() {
tmpfiles_process ${PN}-tmpfiles.conf
- if [[ ${previous_less_than_0_7} == 0 ]] ; then
+ if [[ ${previous_less_than_0_7} = 0 ]] ; then
elog
elog "Configuration files are now in /etc/fail2ban/"
elog "You probably have to manually update your configuration"
diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-9999.ebuild
index 2ad8f462e23..9d117cebef4 100644
--- a/net-analyzer/fail2ban/fail2ban-9999.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-9999.ebuild
@@ -3,7 +3,7 @@
EAPI=7
-PYTHON_COMPAT=( python3_{7,8,9} )
+PYTHON_COMPAT=( python3_{8,9} )
DISTUTILS_SINGLE_IMPL=1
inherit bash-completion-r1 distutils-r1 systemd tmpfiles
@@ -38,6 +38,10 @@ RDEPEND="
DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+)
+
python_prepare_all() {
# Replace /var/run with /run, but not in the top source directory
find . -mindepth 2 -type f -exec \
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-adjust-apache-logs-paths.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-adjust-apache-logs-paths.patch
new file mode 100644
index 00000000000..3017883f0d5
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-adjust-apache-logs-paths.patch
@@ -0,0 +1,29 @@
+From bda9b88e883207b99781352c68610980e23fa62f Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Wed, 11 Aug 2021 01:58:05 +0100
+Subject: [PATCH] Adjust Apache log paths for Gentoo
+
+Closes: https://bugs.gentoo.org/805485
+---
+ config/paths-common.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/config/paths-common.conf b/config/paths-common.conf
+index 7383caf..4f4a6e1 100644
+--- a/config/paths-common.conf
++++ b/config/paths-common.conf
+@@ -36,9 +36,9 @@ sshd_backend = %(default_backend)s
+ dropbear_log = %(syslog_authpriv)s
+ dropbear_backend = %(default_backend)s
+
+-apache_error_log = /var/log/apache2/*error.log
++apache_error_log = /var/log/apache2/*error_log
+
+-apache_access_log = /var/log/apache2/*access.log
++apache_access_log = /var/log/apache2/*access_log
+
+ # from /etc/audit/auditd.conf
+ auditd_log = /var/log/audit/audit.log
+--
+2.32.0
+
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2021-10-24 3:39 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2021-10-24 3:39 UTC (permalink / raw
To: gentoo-commits
commit: 6fe5661c2c211076587b54ff97e06bef9f69d864
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 24 03:38:46 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 24 03:38:59 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fe5661c
net-analyzer/fail2ban: backport upstream test fix for systemd
Closes: https://bugs.gentoo.org/794931
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild | 3 ++-
.../files/fail2ban-0.11.2-fix-systemd-test.patch | 22 ++++++++++++++++++++++
2 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
index 3e667a2f573..52bfd2a78f2 100644
--- a/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-0.11.2-r1.ebuild
@@ -40,7 +40,8 @@ DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
PATCHES=(
"${FILESDIR}"/${P}-fix-tests-for-2021.patch
"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
- "${FILESDIR}"/${PN}-0.11.2-fix-2to3-usage.patch
+ "${FILESDIR}"/${P}-fix-2to3-usage.patch
+ "${FILESDIR}"/${P}-fix-systemd-test.patch
)
python_prepare_all() {
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-systemd-test.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-systemd-test.patch
new file mode 100644
index 00000000000..865ce19912b
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-systemd-test.patch
@@ -0,0 +1,22 @@
+https://github.com/fail2ban/fail2ban/pull/3037
+https://bugs.gentoo.org/794931
+
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Tue, 8 Jun 2021 17:48:12 -0400
+Subject: [PATCH] tests: improve detection of readable systemd journal
+
+Look for system.journal in journal sub-directory.
+Add -readable to the find command.
+
+Bug: https://bugs.gentoo.org/794931
+--- a/fail2ban/tests/filtertestcase.py
++++ b/fail2ban/tests/filtertestcase.py
+@@ -1396,7 +1396,7 @@ def _getRuntimeJournal(self):
+ # check one at at time until the first hit
+ for systemd_var in 'system-runtime-logs', 'system-state-logs':
+ tmp = Utils.executeCmd(
+- 'find "$(systemd-path %s)" -name system.journal' % systemd_var,
++ 'find "$(systemd-path %s)/journal" -name system.journal -readable' % systemd_var,
+ timeout=10, shell=True, output=True
+ )
+ self.assertTrue(tmp)
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2022-12-10 4:36 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2022-12-10 4:36 UTC (permalink / raw
To: gentoo-commits
commit: 6b506fb96eba87f9d4f5d1865c086f4697d7bcb9
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 10 04:32:27 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 10 04:35:07 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b506fb9
net-analyzer/fail2ban: drop 0.11.2-r4, 1.0.1
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-analyzer/fail2ban/Manifest | 2 -
net-analyzer/fail2ban/fail2ban-0.11.2-r4.ebuild | 137 ------------
net-analyzer/fail2ban/fail2ban-1.0.1.ebuild | 133 -----------
.../files/fail2ban-0.11.2-fix-2to3-usage.patch | 109 ---------
.../fail2ban-0.11.2-fix-py3.10-collections.patch | 33 ---
.../files/fail2ban-0.11.2-fix-systemd-test.patch | 22 --
.../files/fail2ban-0.11.2-fix-tests-for-2021.patch | 50 -----
.../files/fail2ban-0.11.2-upstream-openrc.patch | 247 ---------------------
8 files changed, 733 deletions(-)
diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest
index 8d0bacdc9b1a..ab84e5639461 100644
--- a/net-analyzer/fail2ban/Manifest
+++ b/net-analyzer/fail2ban/Manifest
@@ -1,3 +1 @@
-DIST fail2ban-0.11.2.tar.gz 559552 BLAKE2B 0c61c1d5f6eb23d585533fbb84e69343cb305df188537a97002489318292c6056447c4c221c9d4d4cde6cca52f0c2fb877b597957f703e4d6707801a646e52b0 SHA512 46b27abd947b00ea64106dbac563ef8afef38eec86684024d47d9a0e8c1969ff864ad6df7f4f8de2aa3eb1af6d769fb6796592d9f0e35521d5f95f17b8cade97
-DIST fail2ban-1.0.1.tar.gz 582122 BLAKE2B 1fe1e5b3d6a1790304c29066b7a8edcb5a6ea11bea6fd8a2bf5f42a4725db1d5bfdd9ed1215a51bfc0eeccafa8a0e93c45940e897ceba7335965126f9b913ab0 SHA512 a4d0ee5405225b1ec950f3209bc304c1168c644d06309a187d77119f6bea12c382db046130a86411aad4210b458a16ee092269dc7953400950969a34550c6da5
DIST fail2ban-1.0.2.tar.gz 583295 BLAKE2B 84eb5e3487c4db734f4f0a36af142d520e1cc53c2960893ee2f05ff4e78133860be59ed9580fa0d972509a03c17e5d9458b8e3f6b470a4c3154f10911f94691e SHA512 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb
diff --git a/net-analyzer/fail2ban/fail2ban-0.11.2-r4.ebuild b/net-analyzer/fail2ban/fail2ban-0.11.2-r4.ebuild
deleted file mode 100644
index ffabcf3a0b71..000000000000
--- a/net-analyzer/fail2ban/fail2ban-0.11.2-r4.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..10} )
-DISTUTILS_SINGLE_IMPL=1
-
-inherit bash-completion-r1 distutils-r1 systemd tmpfiles
-
-DESCRIPTION="Scans log files and bans IPs that show malicious signs"
-HOMEPAGE="https://www.fail2ban.org/"
-if [[ ${PV} == *9999 ]] ; then
- EGIT_REPO_URI="https://github.com/${PN}/${PN}"
- inherit git-r3
-else
- SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 hppa ppc ppc64 sparc x86"
-fi
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="selinux systemd"
-
-RDEPEND="
- virtual/logger
- virtual/mta
- selinux? ( sec-policy/selinux-fail2ban )
- systemd? (
- $(python_gen_cond_dep '
- || (
- dev-python/python-systemd[${PYTHON_USEDEP}]
- sys-apps/systemd[python(-),${PYTHON_USEDEP}]
- )' 'python*' )
- )
-"
-
-DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
-
-PATCHES=(
- "${FILESDIR}"/${P}-fix-tests-for-2021.patch
- "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
- "${FILESDIR}"/${P}-fix-2to3-usage.patch
- "${FILESDIR}"/${P}-fix-systemd-test.patch
- "${FILESDIR}"/${P}-fix-py3.10-collections.patch
- "${FILESDIR}"/${P}-upstream-openrc.patch
-)
-
-python_prepare_all() {
- distutils-r1_python_prepare_all
-
- # Replace /var/run with /run, but not in the top source directory
- find . -mindepth 2 -type f -exec \
- sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
-}
-
-python_compile() {
- ./fail2ban-2to3 || die
- distutils-r1_python_compile
-}
-
-python_test() {
- bin/fail2ban-testcases \
- --no-network \
- --no-gamin \
- --verbosity=4 || die "Tests failed with ${EPYTHON}"
-
- # Workaround for bug #790251
- rm -r fail2ban.egg-info || die
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
-
- newconfd files/fail2ban-openrc.conf ${PN}
-
- # These two are placed in the ${BUILD_DIR} after being "built"
- # in install_scripts().
- newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
- systemd_dounit "${BUILD_DIR}/${PN}.service"
-
- dotmpfiles files/${PN}-tmpfiles.conf
-
- doman man/*.{1,5}
-
- # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
- # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
- insinto /etc/logrotate.d
- newins files/${PN}-logrotate ${PN}
-
- keepdir /var/lib/${PN}
-
- newbashcomp files/bash-completion ${PN}-client
- bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
-}
-
-pkg_preinst() {
- has_version "<${CATEGORY}/${PN}-0.7"
- previous_less_than_0_7=$?
-}
-
-pkg_postinst() {
- tmpfiles_process ${PN}-tmpfiles.conf
-
- if [[ ${previous_less_than_0_7} = 0 ]] ; then
- elog
- elog "Configuration files are now in /etc/fail2ban/"
- elog "You probably have to manually update your configuration"
- elog "files before restarting Fail2Ban!"
- elog
- elog "Fail2Ban is not installed under /usr/lib anymore. The"
- elog "new location is under /usr/share."
- elog
- elog "You are upgrading from version 0.6.x, please see:"
- elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
- fi
-
- if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then
- elog "For most jail.conf configurations, it is recommended you install either"
- elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
- elog "to control how log file modifications are detected"
- fi
-
- if ! has_version dev-lang/python[sqlite] ; then
- elog "If you want to use ${PN}'s persistent database, then reinstall"
- elog "dev-lang/python with USE=sqlite. If you do not use the"
- elog "persistent database feature, then you should set"
- elog "dbfile = :memory: in fail2ban.conf accordingly."
- fi
-
- if has_version sys-apps/systemd[-python] ; then
- elog "If you want to track logins through sys-apps/systemd's"
- elog "journal backend, then reinstall sys-apps/systemd with USE=python"
- fi
-}
diff --git a/net-analyzer/fail2ban/fail2ban-1.0.1.ebuild b/net-analyzer/fail2ban/fail2ban-1.0.1.ebuild
deleted file mode 100644
index cf108a52442c..000000000000
--- a/net-analyzer/fail2ban/fail2ban-1.0.1.ebuild
+++ /dev/null
@@ -1,133 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_SINGLE_IMPL=1
-PYTHON_COMPAT=( python3_{8..11} )
-
-inherit bash-completion-r1 distutils-r1 systemd tmpfiles
-
-DESCRIPTION="Scans log files and bans IPs that show malicious signs"
-HOMEPAGE="https://www.fail2ban.org/"
-
-if [[ ${PV} == *9999 ]] ; then
- EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
- inherit git-r3
-else
- SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
-fi
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="selinux systemd"
-
-RDEPEND="
- virtual/logger
- virtual/mta
- selinux? ( sec-policy/selinux-fail2ban )
- systemd? (
- $(python_gen_cond_dep '
- || (
- dev-python/python-systemd[${PYTHON_USEDEP}]
- sys-apps/systemd[python(-),${PYTHON_USEDEP}]
- )' 'python*' )
- )
-"
-
-DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
-)
-
-python_prepare_all() {
- distutils-r1_python_prepare_all
-
- # Replace /var/run with /run, but not in the top source directory
- find . -mindepth 2 -type f -exec \
- sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
-}
-
-python_compile() {
- ./fail2ban-2to3 || die
- distutils-r1_python_compile
-}
-
-python_test() {
- bin/fail2ban-testcases \
- --no-network \
- --no-gamin \
- --verbosity=4 || die "Tests failed with ${EPYTHON}"
-
- # Workaround for bug #790251
- rm -r fail2ban.egg-info || die
-}
-
-python_install_all() {
- distutils-r1_python_install_all
-
- rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
-
- newconfd files/fail2ban-openrc.conf ${PN}
-
- # These two are placed in the ${BUILD_DIR} after being "built"
- # in install_scripts().
- newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
- systemd_dounit "${BUILD_DIR}/${PN}.service"
-
- dotmpfiles files/${PN}-tmpfiles.conf
-
- doman man/*.{1,5}
-
- # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
- # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
- insinto /etc/logrotate.d
- newins files/${PN}-logrotate ${PN}
-
- keepdir /var/lib/${PN}
-
- newbashcomp files/bash-completion ${PN}-client
- bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
-}
-
-pkg_preinst() {
- has_version "<${CATEGORY}/${PN}-0.7"
- previous_less_than_0_7=$?
-}
-
-pkg_postinst() {
- tmpfiles_process ${PN}-tmpfiles.conf
-
- if [[ ${previous_less_than_0_7} = 0 ]] ; then
- elog
- elog "Configuration files are now in /etc/fail2ban/"
- elog "You probably have to manually update your configuration"
- elog "files before restarting Fail2Ban!"
- elog
- elog "Fail2Ban is not installed under /usr/lib anymore. The"
- elog "new location is under /usr/share."
- elog
- elog "You are upgrading from version 0.6.x, please see:"
- elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
- fi
-
- if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then
- elog "For most jail.conf configurations, it is recommended you install either"
- elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
- elog "to control how log file modifications are detected"
- fi
-
- if ! has_version dev-lang/python[sqlite] ; then
- elog "If you want to use ${PN}'s persistent database, then reinstall"
- elog "dev-lang/python with USE=sqlite. If you do not use the"
- elog "persistent database feature, then you should set"
- elog "dbfile = :memory: in fail2ban.conf accordingly."
- fi
-
- if has_version sys-apps/systemd[-python] ; then
- elog "If you want to track logins through sys-apps/systemd's"
- elog "journal backend, then reinstall sys-apps/systemd with USE=python"
- fi
-}
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-2to3-usage.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-2to3-usage.patch
deleted file mode 100644
index 9098d096e8ad..000000000000
--- a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-2to3-usage.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-https://github.com/fail2ban/fail2ban/commit/7f22c4873aed3b5ffce0953f079f3c1977297c9a
-https://github.com/fail2ban/fail2ban/commit/5ac303df8a171f748330d4c645ccbf1c2c7f3497
-https://github.com/fail2ban/fail2ban/commit/d6b884f3b72b8a42b21da863836569ef6836c2ea
-https://github.com/fail2ban/fail2ban/issues/3098
-https://bugs.gentoo.org/818733
-
-From: "Sergey G. Brester" <serg.brester@sebres.de>
-Date: Sun, 19 Sep 2021 18:36:02 +0200
-Subject: [PATCH] remove 2to3 in setup (should be called outside before setup)
-
---- a/setup.py
-+++ b/setup.py
-@@ -39,14 +39,6 @@
- if setuptools is None:
- from distutils.command.install import install
- from distutils.command.install_scripts import install_scripts
--try:
-- # python 3.x
-- from distutils.command.build_py import build_py_2to3
-- from distutils.command.build_scripts import build_scripts_2to3
-- _2to3 = True
--except ImportError:
-- # python 2.x
-- _2to3 = False
-
- import os
- from os.path import isfile, join, isdir, realpath
-
-From: sebres <info@sebres.de>
-Date: Sun, 19 Sep 2021 18:49:18 +0200
-Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
- command: use_2to3 is invalid (setuptools 58+)
-
---- a/setup.py
-+++ b/setup.py
-@@ -48,7 +48,7 @@
- from glob import glob
-
- from fail2ban.setup import updatePyExec
--
-+from fail2ban.version import version
-
- source_dir = os.path.realpath(os.path.dirname(
- # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
-@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
- # Wrapper to specify fail2ban own options:
- class install_command_f2b(install):
- user_options = install.user_options + [
-- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
- ('without-tests', None, 'without tests files installation'),
- ]
- def initialize_options(self):
-- self.disable_2to3 = None
- self.without_tests = not with_tests
- install.initialize_options(self)
- def finalize_options(self):
-- global _2to3
-- ## in the test cases 2to3 should be already done (fail2ban-2to3):
-- if self.disable_2to3:
-- _2to3 = False
-- if _2to3:
-- cmdclass = self.distribution.cmdclass
-- cmdclass['build_py'] = build_py_2to3
-- cmdclass['build_scripts'] = build_scripts_2to3
- if self.without_tests:
- self.distribution.scripts.remove('bin/fail2ban-testcases')
-
-@@ -178,7 +168,6 @@ def run(self):
- if setuptools:
- setup_extra = {
- 'test_suite': "fail2ban.tests.utils.gatherTests",
-- 'use_2to3': True,
- }
- else:
- setup_extra = {}
-@@ -202,9 +191,6 @@ def run(self):
- ('/usr/share/doc/fail2ban', doc_files)
- )
-
--# Get version number, avoiding importing fail2ban.
--# This is due to tests not functioning for python3 as 2to3 takes place later
--exec(open(join("fail2ban", "version.py")).read())
-
- setup(
- name = "fail2ban",
-From: sebres <info@sebres.de>
-Date: Sun, 19 Sep 2021 18:52:34 +0200
-Subject: [PATCH] amend to fix gh-3098: no option `--disable-2to3` anymore
-
---- a/fail2ban/tests/misctestcase.py
-+++ b/fail2ban/tests/misctestcase.py
-@@ -111,7 +111,7 @@ def testSetupInstallDryRun(self):
- supdbgout = ' >/dev/null 2>&1' if unittest.F2B.log_level >= logging.DEBUG else '' # HEAVYDEBUG
- try:
- # try dry-run:
-- os.system("%s %s --dry-run install --disable-2to3 --root=%s%s"
-+ os.system("%s %s --dry-run install --root=%s%s"
- % (sys.executable, self.setup , tmp, supdbgout))
- # check nothing was created:
- self.assertTrue(not os.listdir(tmp))
-@@ -127,7 +127,7 @@ def testSetupInstallRoot(self):
- # suppress stdout (and stderr) if not heavydebug
- supdbgout = ' >/dev/null' if unittest.F2B.log_level >= logging.DEBUG else '' # HEAVYDEBUG
- try:
-- self.assertEqual(os.system("%s %s install --disable-2to3 --root=%s%s"
-+ self.assertEqual(os.system("%s %s install --root=%s%s"
- % (sys.executable, self.setup, tmp, supdbgout)), 0)
-
- def strippath(l):
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-py3.10-collections.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-py3.10-collections.patch
deleted file mode 100644
index 6cf4e194b089..000000000000
--- a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-py3.10-collections.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- a/fail2ban/server/action.py
-+++ b/fail2ban/server/action.py
-@@ -30,7 +30,7 @@ import tempfile
- import threading
- import time
- from abc import ABCMeta
--from collections import MutableMapping
-+from collections.abc import MutableMapping
-
- from .failregex import mapTag2Opt
- from .ipdns import DNSUtils
---- a/fail2ban/server/actions.py
-+++ b/fail2ban/server/actions.py
-@@ -28,7 +28,7 @@ import logging
- import os
- import sys
- import time
--from collections import Mapping
-+from collections.abc import Mapping
- try:
- from collections import OrderedDict
- except ImportError:
---- a/fail2ban/server/jails.py
-+++ b/fail2ban/server/jails.py
-@@ -22,7 +22,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2013- Yaroslav Halchenko"
- __license__ = "GPL"
-
- from threading import Lock
--from collections import Mapping
-+from collections.abc import Mapping
-
- from ..exceptions import DuplicateJailException, UnknownJailException
- from .jail import Jail
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-systemd-test.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-systemd-test.patch
deleted file mode 100644
index 865ce19912bb..000000000000
--- a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-systemd-test.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-https://github.com/fail2ban/fail2ban/pull/3037
-https://bugs.gentoo.org/794931
-
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Tue, 8 Jun 2021 17:48:12 -0400
-Subject: [PATCH] tests: improve detection of readable systemd journal
-
-Look for system.journal in journal sub-directory.
-Add -readable to the find command.
-
-Bug: https://bugs.gentoo.org/794931
---- a/fail2ban/tests/filtertestcase.py
-+++ b/fail2ban/tests/filtertestcase.py
-@@ -1396,7 +1396,7 @@ def _getRuntimeJournal(self):
- # check one at at time until the first hit
- for systemd_var in 'system-runtime-logs', 'system-state-logs':
- tmp = Utils.executeCmd(
-- 'find "$(systemd-path %s)" -name system.journal' % systemd_var,
-+ 'find "$(systemd-path %s)/journal" -name system.journal -readable' % systemd_var,
- timeout=10, shell=True, output=True
- )
- self.assertTrue(tmp)
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-tests-for-2021.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-tests-for-2021.patch
deleted file mode 100644
index 36193b181933..000000000000
--- a/net-analyzer/fail2ban/files/fail2ban-0.11.2-fix-tests-for-2021.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-https://github.com/fail2ban/fail2ban/issues/2904
-
-From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
-From: sebres <info@sebres.de>
-Date: Mon, 4 Jan 2021 02:42:38 +0100
-Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
- tests, considering interval from 2005 (alternate now) to now; + better
- grouping algorithm for resulting century RE
-
----
- fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
- 1 file changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
-index 1464a96d1f..39fc795865 100644
---- a/fail2ban/server/strptime.py
-+++ b/fail2ban/server/strptime.py
-@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
- Thereby respect possible run in the test-cases (alternate date used there)
- """
- cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
-+ def grp(exprset):
-+ c = None
-+ if len(exprset) > 1:
-+ for i in exprset:
-+ if c is None or i[0:-1] == c:
-+ c = i[0:-1]
-+ else:
-+ c = None
-+ break
-+ if not c:
-+ for i in exprset:
-+ if c is None or i[0] == c:
-+ c = i[0]
-+ else:
-+ c = None
-+ break
-+ if c:
-+ return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
-+ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
-+ if len(exprset) > 1 else "".join(exprset)
- exprset = set( cent(now[0].year + i) for i in (-1, distance) )
- if len(now) and now[1]:
-- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
-- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
-+ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
-+ return grp(sorted(list(exprset)))
-
- timeRE = TimeRE()
-
diff --git a/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch b/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch
deleted file mode 100644
index bbe655124d36..000000000000
--- a/net-analyzer/fail2ban/files/fail2ban-0.11.2-upstream-openrc.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-https://github.com/fail2ban/fail2ban/pull/2182
-
-diff --git a/MANIFEST b/MANIFEST
-index 48c751a0..c2df1e51 100644
---- a/MANIFEST
-+++ b/MANIFEST
-@@ -393,8 +393,8 @@ files/fail2ban.service.in
- files/fail2ban-tmpfiles.conf
- files/fail2ban.upstart
- files/gen_badbots
--files/gentoo-confd
--files/gentoo-initd
-+files/fail2ban-openrc.conf
-+files/fail2ban-openrc.init.in
- files/ipmasq-ZZZzzz_fail2ban.rul
- files/logwatch/fail2ban
- files/logwatch/fail2ban-0.8.log
-diff --git a/files/fail2ban-openrc.conf b/files/fail2ban-openrc.conf
-new file mode 100644
-index 00000000..9454ef68
---- /dev/null
-+++ b/files/fail2ban-openrc.conf
-@@ -0,0 +1,2 @@
-+# For available options, please run "fail2ban-server --help".
-+#FAIL2BAN_OPTIONS="-x"
-diff --git a/files/fail2ban-openrc.init.in b/files/fail2ban-openrc.init.in
-new file mode 100755
-index 00000000..2c56ee3a
---- /dev/null
-+++ b/files/fail2ban-openrc.init.in
-@@ -0,0 +1,86 @@
-+#!/sbin/openrc-run
-+# This file is part of Fail2Ban.
-+#
-+# Fail2Ban is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# Fail2Ban is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with Fail2Ban; if not, write to the Free Software
-+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-+#
-+# Author: Sireyessire, Cyril Jaquier
-+#
-+
-+description="Ban hosts that cause multiple authentication errors"
-+description_reload="reload configuration without dropping bans"
-+extra_started_commands="reload"
-+
-+# Can't (and shouldn't) be changed by the end-user.
-+#
-+# Note that @BINDIR@ is already supplied by the build system. Some
-+# day, it might be nice to have @RUNDIR@ supplied by the build system
-+# as well, so that we don't have to hard-code /run here.
-+FAIL2BAN_RUNDIR="/run/${RC_SVCNAME}"
-+FAIL2BAN_SOCKET="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.sock"
-+
-+# The fail2ban-client program is also capable of starting and stopping
-+# the server, but things are simpler if we let start-stop-daemon do it.
-+command="@BINDIR@/fail2ban-server"
-+pidfile="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.pid"
-+
-+# We force the pidfile/socket location in this service script because
-+# we're taking responsibility for ensuring that their parent directory
-+# exists and has the correct permissions (which we can't do if the
-+# user is allowed to change them).
-+command_args="${FAIL2BAN_OPTIONS} -p ${pidfile} -s ${FAIL2BAN_SOCKET}"
-+retry="30"
-+
-+depend() {
-+ use logger
-+ after iptables
-+}
-+
-+checkconfig() {
-+ "${command}" ${command_args} --test
-+}
-+
-+start_pre() {
-+ # If this isn't a restart, make sure that the user's config isn't
-+ # busted before we try to start the daemon (this will produce
-+ # better error messages than if we just try to start it blindly).
-+ #
-+ # If, on the other hand, this *is* a restart, then the stop_pre
-+ # action will have ensured that the config is usable and we don't
-+ # need to do that again.
-+ if [ "${RC_CMD}" != "restart" ] ; then
-+ checkconfig || return $?
-+ fi
-+ checkpath -d "${FAIL2BAN_RUNDIR}"
-+}
-+
-+stop_pre() {
-+ # If this is a restart, check to make sure the user's config
-+ # isn't busted before we stop the running daemon.
-+ if [ "${RC_CMD}" = "restart" ] ; then
-+ checkconfig || return $?
-+ fi
-+}
-+
-+reload() {
-+ # The fail2ban-client uses an undocumented protocol to tell
-+ # the server to reload(), so we have to use it here rather
-+ # than e.g. sending a signal to the server daemon. Note that
-+ # the reload will fail (on the server side) if the new config
-+ # is invalid; we therefore don't need to test it ourselves
-+ # with checkconfig() before initiating the reload.
-+ ebegin "Reloading ${RC_SVCNAME}"
-+ "@BINDIR@/fail2ban-client" ${command_args} reload
-+ eend $? "Failed to reload ${RC_SVCNAME}"
-+}
-diff --git a/files/gentoo-confd b/files/gentoo-confd
-deleted file mode 100644
-index 00d19f8b..00000000
---- a/files/gentoo-confd
-+++ /dev/null
-@@ -1,8 +0,0 @@
--# Config file for /etc/init.d/fail2ban
--#
--# For information on options, see "/usr/bin/fail2ban-client -h".
--
--FAIL2BAN_OPTIONS=""
--
--# Force execution of the server even if the socket already exists:
--#FAIL2BAN_OPTIONS="-x"
-diff --git a/files/gentoo-initd b/files/gentoo-initd
-deleted file mode 100755
-index 0fb157cd..00000000
---- a/files/gentoo-initd
-+++ /dev/null
-@@ -1,60 +0,0 @@
--#!/sbin/openrc-run
--# This file is part of Fail2Ban.
--#
--# Fail2Ban is free software; you can redistribute it and/or modify
--# it under the terms of the GNU General Public License as published by
--# the Free Software Foundation; either version 2 of the License, or
--# (at your option) any later version.
--#
--# Fail2Ban is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with Fail2Ban; if not, write to the Free Software
--# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
--#
--# Author: Sireyessire, Cyril Jaquier
--#
--
--description="Daemon to ban hosts that cause multiple authentication errors"
--description_reload="reload configuration"
--description_showlog="show fail2ban logs"
--extra_started_commands="reload showlog"
--
--FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}"
--
--depend() {
-- need net
-- need logger
-- after iptables
--}
--
--start() {
-- ebegin "Starting fail2ban"
-- mkdir -p /var/run/fail2ban || return 1
-- # remove stalled sock file after system crash
-- # bug 347477
-- rm -f /var/run/fail2ban/fail2ban.sock || return 1
-- start-stop-daemon --start --pidfile /var/run/fail2ban/fail2ban.pid \
-- -- ${FAIL2BAN} start
-- eend $? "Failed to start fail2ban"
--}
--
--stop() {
-- ebegin "Stopping fail2ban"
-- start-stop-daemon --stop --pidfile /var/run/fail2ban/fail2ban.pid --retry 30 \
-- -- ${FAIL2BAN} stop
-- eend $? "Failed to stop fail2ban"
--}
--
--reload() {
-- ebegin "Reloading fail2ban"
-- ${FAIL2BAN} reload
-- eend $? "Failed to reload fail2ban"
--}
--
--showlog(){
-- less /var/log/fail2ban.log
--}
-diff --git a/setup.py b/setup.py
-index 98413273..91f71cf2 100755
---- a/setup.py
-+++ b/setup.py
-@@ -89,24 +89,27 @@ class install_scripts_f2b(install_scripts):
- if install_dir.startswith(root):
- install_dir = install_dir[len(root):]
- except: # pragma: no cover
-- print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".')
-- print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir))
-- with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn:
-- lines = fn.readlines()
-- fn = None
-- if not dry_run:
-- fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w')
-- try:
-- for ln in lines:
-- ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
-- if dry_run:
-- sys.stdout.write(' | ' + ln)
-- continue
-- fn.write(ln)
-- finally:
-- if fn: fn.close()
-- if dry_run:
-- print(' `')
-+ print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service" and "fail2ban-openrc.init".')
-+
-+ scripts = ['fail2ban.service', 'fail2ban-openrc.init']
-+ for script in scripts:
-+ print('Creating %s/%s (from %s.in): @BINDIR@ -> %s' % (buildroot, script, script, install_dir))
-+ with open(os.path.join(source_dir, 'files/%s.in' % script), 'r') as fn:
-+ lines = fn.readlines()
-+ fn = None
-+ if not dry_run:
-+ fn = open(os.path.join(buildroot, script), 'w')
-+ try:
-+ for ln in lines:
-+ ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
-+ if dry_run:
-+ sys.stdout.write(' | ' + ln)
-+ continue
-+ fn.write(ln)
-+ finally:
-+ if fn: fn.close()
-+ if dry_run:
-+ print(' `')
-
-
- # Wrapper to specify fail2ban own options:
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2023-07-02 20:33 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2023-07-02 20:33 UTC (permalink / raw
To: gentoo-commits
commit: 56503f6777856b3e3b37ae6046c2ef39d4addbb8
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 2 20:31:54 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 2 20:32:52 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56503f67
net-analyzer/fail2ban: avoid test umask affecting installed files
Bug: https://bugs.gentoo.org/790251
Closes: https://bugs.gentoo.org/907350
Signed-off-by: Sam James <sam <AT> gentoo.org>
...il2ban-9999.ebuild => fail2ban-1.0.2-r2.ebuild} | 9 ++++-
net-analyzer/fail2ban/fail2ban-9999.ebuild | 1 +
.../files/fail2ban-1.0.2-umask-tests.patch | 45 ++++++++++++++++++++++
3 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-1.0.2-r2.ebuild
similarity index 94%
copy from net-analyzer/fail2ban/fail2ban-9999.ebuild
copy to net-analyzer/fail2ban/fail2ban-1.0.2-r2.ebuild
index 19d76da94cf4..a440fa2f6374 100644
--- a/net-analyzer/fail2ban/fail2ban-9999.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-1.0.2-r2.ebuild
@@ -4,7 +4,6 @@
EAPI=8
DISTUTILS_SINGLE_IMPL=1
-DISUTILS_USE_PEP517=setuptools
PYTHON_COMPAT=( python3_{10..11} )
inherit bash-completion-r1 distutils-r1 systemd tmpfiles
@@ -39,6 +38,8 @@ DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
PATCHES=(
"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+ "${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+ "${FILESDIR}"/${P}-configreader-warning.patch
)
python_prepare_all() {
@@ -49,10 +50,16 @@ python_prepare_all() {
sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
}
+python_compile() {
+ ./fail2ban-2to3 || die
+ distutils-r1_python_compile
+}
+
python_test() {
# Skip testRepairDb for bug #907348 (didn't always fail..)
bin/fail2ban-testcases \
--no-network \
+ --no-gamin \
--ignore databasetestcase.DatabaseTest.testRepairDb \
--verbosity=4 || die "Tests failed with ${EPYTHON}"
diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-9999.ebuild
index 19d76da94cf4..b657eb644f4a 100644
--- a/net-analyzer/fail2ban/fail2ban-9999.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-9999.ebuild
@@ -39,6 +39,7 @@ DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
PATCHES=(
"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+ "${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
)
python_prepare_all() {
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.0.2-umask-tests.patch b/net-analyzer/fail2ban/files/fail2ban-1.0.2-umask-tests.patch
new file mode 100644
index 000000000000..8feca43412ec
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.0.2-umask-tests.patch
@@ -0,0 +1,45 @@
+Avoid corrupting umask permanently in the testdir because of fail2ban/server/server.py::start.
+
+In particular:
+* https://bugs.gentoo.org/659010#c11
+* https://bugs.gentoo.org/790251#c10
+* https://bugs.gentoo.org/907350
+
+But see also the many dupes.
+--- a/fail2ban/tests/fail2banclienttestcase.py
++++ b/fail2ban/tests/fail2banclienttestcase.py
+@@ -23,6 +23,7 @@ __author__ = "Serg Brester"
+ __copyright__ = "Copyright (c) 2014- Serg G. Brester (sebres), 2008- Fail2Ban Contributors"
+ __license__ = "GPL"
+
++import atexit
+ import fileinput
+ import os
+ import re
+@@ -40,6 +41,14 @@ from ..client.fail2bancmdline import Fail2banCmdLine
+ from ..client.fail2banclient import exec_command_line as _exec_client, CSocket, VisualWait
+ from ..client.fail2banserver import Fail2banServer, exec_command_line as _exec_server
+ from .. import protocol
++
++def current_umask():
++ tmp = os.umask(0o022)
++ os.umask(tmp)
++ return tmp
++
++old_umask = current_umask()
++
+ from ..server import server
+ from ..server.mytime import MyTime
+ from ..server.utils import Utils
+@@ -48,6 +57,11 @@ from .utils import LogCaptureTestCase, logSys as DefLogSys, with_tmpdir, shutil,
+
+ from ..helpers import getLogger
+
++def restore_umask():
++ os.umask(old_umask)
++
++atexit.register(restore_umask)
++
+ # Gets the instance of the logger.
+ logSys = getLogger(__name__)
+
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2024-07-04 0:54 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2024-07-04 0:54 UTC (permalink / raw
To: gentoo-commits
commit: 8f40d76b04279142985ca0da8048356d34557849
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 4 00:52:49 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jul 4 00:53:45 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f40d76b
net-analyzer/fail2ban: fix openssh-9.8 compat
openssh-9.8 changes services names and binary layout.
Closes: https://bugs.gentoo.org/935392
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-analyzer/fail2ban/fail2ban-1.1.0-r1.ebuild | 136 +++++++++++++++++++++
.../files/fail2ban-1.1.0-openssh-9.8.patch | 75 ++++++++++++
2 files changed, 211 insertions(+)
diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r1.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r1.ebuild
new file mode 100644
index 000000000000..653e6d91c9c9
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r1.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_SINGLE_IMPL=1
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit bash-completion-r1 distutils-r1 systemd tmpfiles
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+
+if [[ ${PV} == *9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ $(python_gen_cond_dep '
+ dev-python/pyasyncore[${PYTHON_USEDEP}]
+ dev-python/pyasynchat[${PYTHON_USEDEP}]
+ ' 3.12)
+ virtual/logger
+ virtual/mta
+ selinux? ( sec-policy/selinux-fail2ban )
+ systemd? (
+ $(python_gen_cond_dep '
+ dev-python/python-systemd[${PYTHON_USEDEP}]
+ ')
+ )
+"
+BDEPEND="
+ test? (
+ $(python_gen_cond_dep '
+ dev-python/aiosmtpd[${PYTHON_USEDEP}]
+ ')
+ )
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+ "${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+ "${FILESDIR}"/${PN}-1.1.0-openssh-9.8.patch
+)
+
+python_prepare_all() {
+ distutils-r1_python_prepare_all
+
+ # Replace /var/run with /run, but not in the top source directory
+ find . -mindepth 2 -type f -exec \
+ sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+}
+
+python_test() {
+ # Skip testRepairDb for bug #907348 (didn't always fail..)
+ # https://github.com/fail2ban/fail2ban/issues/3586
+ bin/fail2ban-testcases \
+ --no-network \
+ --ignore databasetestcase.DatabaseTest.testRepairDb \
+ --verbosity=4 || die "Tests failed with ${EPYTHON}"
+
+ # Workaround for bug #790251
+ rm -rf fail2ban.egg-info || die
+}
+
+python_install_all() {
+ distutils-r1_python_install_all
+
+ rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+ newconfd files/fail2ban-openrc.conf ${PN}
+
+ # These two are placed in the ${BUILD_DIR} after being "built"
+ # in install_scripts().
+ newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
+ systemd_dounit "${BUILD_DIR}/${PN}.service"
+
+ dotmpfiles files/${PN}-tmpfiles.conf
+
+ doman man/*.{1,5}
+
+ # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+ # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+ insinto /etc/logrotate.d
+ newins files/${PN}-logrotate ${PN}
+
+ keepdir /var/lib/${PN}
+
+ newbashcomp files/bash-completion ${PN}-client
+ bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+ has_version "<${CATEGORY}/${PN}-0.7"
+ previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+ tmpfiles_process ${PN}-tmpfiles.conf
+
+ if [[ ${previous_less_than_0_7} == 0 ]] ; then
+ elog
+ elog "Configuration files are now in /etc/fail2ban/"
+ elog "You probably have to manually update your configuration"
+ elog "files before restarting Fail2Ban!"
+ elog
+ elog "Fail2Ban is not installed under /usr/lib anymore. The"
+ elog "new location is under /usr/share."
+ elog
+ elog "You are upgrading from version 0.6.x, please see:"
+ elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+ fi
+
+ if ! has_version dev-python/pyinotify ; then
+ elog "For most jail.conf configurations, it is recommended you install"
+ elog "dev-python/pyinotify to control how log file modifications are detected"
+ fi
+
+ if ! has_version dev-lang/python[sqlite] ; then
+ elog "If you want to use ${PN}'s persistent database, then reinstall"
+ elog "dev-lang/python with USE=sqlite. If you do not use the"
+ elog "persistent database feature, then you should set"
+ elog "dbfile = :memory: in fail2ban.conf accordingly."
+ fi
+}
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8.patch
new file mode 100644
index 000000000000..6b7800ca3f0a
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8.patch
@@ -0,0 +1,75 @@
+https://bugs.gentoo.org/935392
+https://github.com/fail2ban/fail2ban/commit/6fce23e7baa484c7d1f9b0c9a11986f3916c41dd
+https://github.com/fail2ban/fail2ban/commit/2fed408c05ac5206b490368d94599869bd6a056d
+https://github.com/fail2ban/fail2ban/commit/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a
+
+From 6fce23e7baa484c7d1f9b0c9a11986f3916c41dd Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 10 Jun 2024 01:40:59 +0200
+Subject: [PATCH] `filterd./sshd.conf`: fixed journalmatch (sshd.service seems
+ to be renamed to ssh.service)
+
+closes gh-3747
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index a954774c62..1c8a02deb5 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -126,7 +126,7 @@ ignoreregex =
+
+ maxlines = 1
+
+-journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
++journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=sshd
+
+ # DEV Notes:
+ #
+
+From 2fed408c05ac5206b490368d94599869bd6a056d Mon Sep 17 00:00:00 2001
+From: Fabian Dellwing <fabian.dellwing@mbconnectline.de>
+Date: Tue, 2 Jul 2024 07:54:15 +0200
+Subject: [PATCH] Adjust sshd filter for OpenSSH 9.8 new daemon name
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index 1c8a02deb5..a1fd749aed 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+
+ [DEFAULT]
+
+-_daemon = sshd
++_daemon = (?:sshd(?:-session)?)
+
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
+
+From 50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Wed, 3 Jul 2024 19:35:28 +0200
+Subject: [PATCH] filter.d/sshd.conf: ungroup (unneeded for _daemon)
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index a1fd749aed..3a84b1ba52 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+
+ [DEFAULT]
+
+-_daemon = (?:sshd(?:-session)?)
++_daemon = sshd(?:-session)?
+
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2024-08-29 1:55 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2024-08-29 1:55 UTC (permalink / raw
To: gentoo-commits
commit: a74794caf315f33baf0a2ca7ee9da1aa649b85fd
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 29 01:53:56 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Aug 29 01:53:56 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a74794ca
net-analyzer/fail2ban: fix openssh-9.8 compat harder; openrc tweak
* Fix OpenSSH 9.8 harder by backporting more patches from upstream
* Backport mjo's OpenRC init script tweak for nftables
Bug: https://bugs.gentoo.org/935392
Closes: https://bugs.gentoo.org/936838
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild | 138 +++++++++++++++++++++
.../files/fail2ban-1.1.0-openrc-nftables.patch | 25 ++++
.../files/fail2ban-1.1.0-openssh-9.8-fixups.patch | 40 ++++++
3 files changed, 203 insertions(+)
diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild
new file mode 100644
index 000000000000..5cf1db15faa4
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_SINGLE_IMPL=1
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit bash-completion-r1 distutils-r1 systemd tmpfiles
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+
+if [[ ${PV} == *9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ $(python_gen_cond_dep '
+ dev-python/pyasyncore[${PYTHON_USEDEP}]
+ dev-python/pyasynchat[${PYTHON_USEDEP}]
+ ' 3.12)
+ virtual/logger
+ virtual/mta
+ selinux? ( sec-policy/selinux-fail2ban )
+ systemd? (
+ $(python_gen_cond_dep '
+ dev-python/python-systemd[${PYTHON_USEDEP}]
+ ')
+ )
+"
+BDEPEND="
+ test? (
+ $(python_gen_cond_dep '
+ dev-python/aiosmtpd[${PYTHON_USEDEP}]
+ ')
+ )
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+ "${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+ "${FILESDIR}"/${PN}-1.1.0-openssh-9.8.patch
+ "${FILESDIR}"/${PN}-1.1.0-openssh-9.8-fixups.patch
+ "${FILESDIR}"/${PN}-1.1.0-openrc-nftables.patch
+)
+
+python_prepare_all() {
+ distutils-r1_python_prepare_all
+
+ # Replace /var/run with /run, but not in the top source directory
+ find . -mindepth 2 -type f -exec \
+ sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+}
+
+python_test() {
+ # Skip testRepairDb for bug #907348 (didn't always fail..)
+ # https://github.com/fail2ban/fail2ban/issues/3586
+ bin/fail2ban-testcases \
+ --no-network \
+ --ignore databasetestcase.DatabaseTest.testRepairDb \
+ --verbosity=4 || die "Tests failed with ${EPYTHON}"
+
+ # Workaround for bug #790251
+ rm -rf fail2ban.egg-info || die
+}
+
+python_install_all() {
+ distutils-r1_python_install_all
+
+ rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+ newconfd files/fail2ban-openrc.conf ${PN}
+
+ # These two are placed in the ${BUILD_DIR} after being "built"
+ # in install_scripts().
+ newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
+ systemd_dounit "${BUILD_DIR}/${PN}.service"
+
+ dotmpfiles files/${PN}-tmpfiles.conf
+
+ doman man/*.{1,5}
+
+ # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+ # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+ insinto /etc/logrotate.d
+ newins files/${PN}-logrotate ${PN}
+
+ keepdir /var/lib/${PN}
+
+ newbashcomp files/bash-completion ${PN}-client
+ bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+ has_version "<${CATEGORY}/${PN}-0.7"
+ previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+ tmpfiles_process ${PN}-tmpfiles.conf
+
+ if [[ ${previous_less_than_0_7} == 0 ]] ; then
+ elog
+ elog "Configuration files are now in /etc/fail2ban/"
+ elog "You probably have to manually update your configuration"
+ elog "files before restarting Fail2Ban!"
+ elog
+ elog "Fail2Ban is not installed under /usr/lib anymore. The"
+ elog "new location is under /usr/share."
+ elog
+ elog "You are upgrading from version 0.6.x, please see:"
+ elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+ fi
+
+ if ! has_version dev-python/pyinotify ; then
+ elog "For most jail.conf configurations, it is recommended you install"
+ elog "dev-python/pyinotify to control how log file modifications are detected"
+ fi
+
+ if ! has_version dev-lang/python[sqlite] ; then
+ elog "If you want to use ${PN}'s persistent database, then reinstall"
+ elog "dev-lang/python with USE=sqlite. If you do not use the"
+ elog "persistent database feature, then you should set"
+ elog "dbfile = :memory: in fail2ban.conf accordingly."
+ fi
+}
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch
new file mode 100644
index 000000000000..844be1cedd34
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch
@@ -0,0 +1,25 @@
+https://github.com/fail2ban/fail2ban/commit/9e31cfc1f10e8304dc0b5adf0a429d57fcb598a3
+
+From 9e31cfc1f10e8304dc0b5adf0a429d57fcb598a3 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 24 Aug 2024 11:59:59 -0400
+Subject: [PATCH] files/fail2ban-openrc.init.in: start after nftables
+
+The "after iptables" clause in the OpenRC service script's depend()
+function causes fail2ban to start after iptables, if iptables is
+scheduled to start. Here we add "after nftables" as well: nftables is
+the successor to iptables, and fail2ban supports it out-of-the-box.
+If nftables is scheduled to start, we want to wait until it's done
+before starting fail2ban.
+--- a/files/fail2ban-openrc.init.in
++++ b/files/fail2ban-openrc.init.in
+@@ -44,7 +44,7 @@ retry="30"
+
+ depend() {
+ use logger
+- after iptables
++ after iptables nftables
+ }
+
+ checkconfig() {
+
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch
new file mode 100644
index 000000000000..06ff07bd0599
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/936838
+https://github.com/fail2ban/fail2ban/commit/c769046a1f729880cc53efdff4b52ac96010752f
+https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c479d9d9bf19a4
+
+From c769046a1f729880cc53efdff4b52ac96010752f Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 11 Aug 2024 11:55:39 +0200
+Subject: [PATCH] Revert "`filterd./sshd.conf`: fixed journalmatch
+ (sshd.service seems to be renamed to ssh.service)" - it'd patched in debian
+ branch. This reverts commit 6fce23e7baa484c7d1f9b0c9a11986f3916c41dd.
+
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -126,7 +126,7 @@ ignoreregex =
+
+ maxlines = 1
+
+-journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=sshd
++journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
+
+ # DEV Notes:
+ #
+
+From 54c0effceb998b73545073ac59c479d9d9bf19a4 Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 11 Aug 2024 12:10:12 +0200
+Subject: [PATCH] filter.d/sshd.conf: amend to #3747/#3812 (new ssh version
+ would log with `_COMM=sshd-session`)
+
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -126,7 +126,7 @@ ignoreregex =
+
+ maxlines = 1
+
+-journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
++journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd + _COMM=sshd-session
+
+ # DEV Notes:
+ #
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2025-08-30 14:42 Sam James
0 siblings, 0 replies; 12+ messages in thread
From: Sam James @ 2025-08-30 14:42 UTC (permalink / raw
To: gentoo-commits
commit: e48605a688cd3ca9724c129c07924babab308e0a
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 30 14:22:08 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 30 14:41:06 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e48605a6
net-analyzer/fail2ban: improve systemd unit ordering
If fail2ban was using ipset as a backend, previously, fail2ban would create
e.g. a 'f2b-sshd' ipset on startup and delete it on shutdown. But the
ipstables-store service would save this on shutdown too (and run before
fail2ban cleans it up), and then on boot, try to restore it before fail2ban
can create it again.
Thanks to Ryan Tsien and Mike Fisher for both their patience and explanations
on the bug. Quoting Mike on the fix:
> With this ordering, upon shutdown fail2ban stops, removing the iptables
> rule it inserted at the front of the INPUT chain, then iptables-store saves
> the remaining rules. Upon startup iptables-restore repopulates the bulk of
> the rules, then fail2ban starts and inserts itself back in the front of the
> chain after it creates the ipset.
Closes: https://bugs.gentoo.org/871996
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../{fail2ban-9999.ebuild => fail2ban-1.1.0-r4.ebuild} | 6 +++++-
net-analyzer/fail2ban/fail2ban-9999.ebuild | 1 +
.../fail2ban/files/fail2ban-1.1.0-systemd-order.patch | 14 ++++++++++++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r4.ebuild
similarity index 93%
copy from net-analyzer/fail2ban/fail2ban-9999.ebuild
copy to net-analyzer/fail2ban/fail2ban-1.1.0-r4.ebuild
index 3202e7ba5294..49a53ad4ae0f 100644
--- a/net-analyzer/fail2ban/fail2ban-9999.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r4.ebuild
@@ -15,7 +15,7 @@ if [[ ${PV} == *9999 ]] ; then
inherit git-r3
else
SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
fi
LICENSE="GPL-2"
@@ -55,6 +55,10 @@ DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
PATCHES=(
"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
"${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+ "${FILESDIR}"/${PN}-1.1.0-openssh-9.8.patch
+ "${FILESDIR}"/${PN}-1.1.0-openssh-9.8-fixups.patch
+ "${FILESDIR}"/${PN}-1.1.0-openrc-nftables.patch
+ "${FILESDIR}"/${PN}-1.1.0-systemd-order.patch
)
src_prepare() {
diff --git a/net-analyzer/fail2ban/fail2ban-9999.ebuild b/net-analyzer/fail2ban/fail2ban-9999.ebuild
index 3202e7ba5294..768e6cb64ce5 100644
--- a/net-analyzer/fail2ban/fail2ban-9999.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-9999.ebuild
@@ -55,6 +55,7 @@ DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
PATCHES=(
"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
"${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+ "${FILESDIR}"/${PN}-1.1.0-systemd-order.patch
)
src_prepare() {
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-systemd-order.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-systemd-order.patch
new file mode 100644
index 000000000000..39da720466ef
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-systemd-order.patch
@@ -0,0 +1,14 @@
+https://bugs.gentoo.org/871996
+--- a/files/fail2ban.service.in
++++ b/files/fail2ban.service.in
+@@ -1,7 +1,10 @@
+ [Unit]
+ Description=Fail2Ban Service
+ Documentation=man:fail2ban(1)
++
++Before=iptables-store.service ip6tables-store.service
+ After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
++After=iptables-restore.service ip6tables-restore.service
+ PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
+
+ [Service]
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2025-09-18 17:31 Ulrich Müller
0 siblings, 0 replies; 12+ messages in thread
From: Ulrich Müller @ 2025-09-18 17:31 UTC (permalink / raw
To: gentoo-commits
commit: 9887cc1da7851677abcb7e5cc6a8bbd60f87859f
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 18 16:54:45 2025 +0000
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Thu Sep 18 17:22:17 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9887cc1d
net-analyzer/fail2ban: Fix mdpr-ddos regex in filter.d/postfix.conf
The current regex doesn't match the following log entry:
Sep 17 18:19:20 mxhost postfix/smtpd[12345]: NOQUEUE: lost connection after CONNECT from unknown[192.0.2.25]
Closes: https://bugs.gentoo.org/963047
Acked-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild | 151 +++++++++++++++++++++
.../files/fail2ban-1.1.0-postfix-ddos.patch | 38 ++++++
2 files changed, 189 insertions(+)
diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
new file mode 100644
index 000000000000..05a953241bd5
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
@@ -0,0 +1,151 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..13} )
+
+inherit bash-completion-r1 edo python-single-r1 systemd tmpfiles
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+
+if [[ ${PV} == *9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RDEPEND="
+ ${PYTHON_DEPS}
+ $(python_gen_cond_dep '
+ dev-python/pyasyncore[${PYTHON_USEDEP}]
+ dev-python/pyasynchat[${PYTHON_USEDEP}]
+ ' 3.12)
+ virtual/logger
+ virtual/mta
+ selinux? ( sec-policy/selinux-fail2ban )
+ systemd? (
+ $(python_gen_cond_dep '
+ dev-python/python-systemd[${PYTHON_USEDEP}]
+ ')
+ )
+"
+BDEPEND="
+ $(python_gen_cond_dep '
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ ')
+ test? (
+ $(python_gen_cond_dep '
+ dev-python/aiosmtpd[${PYTHON_USEDEP}]
+ ')
+ )
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+ "${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+ "${FILESDIR}"/${PN}-1.1.0-openssh-9.8.patch
+ "${FILESDIR}"/${PN}-1.1.0-openssh-9.8-fixups.patch
+ "${FILESDIR}"/${PN}-1.1.0-openrc-nftables.patch
+ "${FILESDIR}"/${PN}-1.1.0-systemd-order.patch
+ "${FILESDIR}"/${PN}-1.1.0-postfix-ddos.patch
+)
+
+src_prepare() {
+ default
+
+ # Replace /var/run with /run, but not in the top source directory
+ find . -mindepth 2 -type f -exec \
+ sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+}
+
+src_compile() {
+ edo ${EPYTHON} setup.py build
+}
+
+src_test() {
+ # Skip testRepairDb for bug #907348 (didn't always fail..)
+ # https://github.com/fail2ban/fail2ban/issues/3586
+ bin/fail2ban-testcases \
+ --no-network \
+ --ignore databasetestcase.DatabaseTest.testRepairDb \
+ --verbosity=4 || die "Tests failed with ${EPYTHON}"
+
+ # Workaround for bug #790251
+ rm -rf fail2ban.egg-info || die
+}
+
+src_install() {
+ edo ${EPYTHON} setup.py install --prefix="${EPREFIX}/usr" --root="${D}"
+ python_fix_shebang "${ED}"/usr/bin
+ python_optimize
+
+ einstalldocs
+
+ rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+ newconfd files/fail2ban-openrc.conf ${PN}
+ # These two are placed in the ${BUILD_DIR} after being "built"
+ # in install_scripts().
+ newinitd "${S}"/build/fail2ban-openrc.init ${PN}
+ systemd_dounit "${S}"/build/${PN}.service
+
+ dotmpfiles files/${PN}-tmpfiles.conf
+
+ doman man/*.{1,5}
+
+ # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+ # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+ insinto /etc/logrotate.d
+ newins files/${PN}-logrotate ${PN}
+
+ keepdir /var/lib/${PN}
+
+ newbashcomp files/bash-completion ${PN}-client
+ bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+ has_version "<${CATEGORY}/${PN}-0.7"
+ previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+ tmpfiles_process ${PN}-tmpfiles.conf
+
+ if [[ ${previous_less_than_0_7} == 0 ]] ; then
+ elog
+ elog "Configuration files are now in /etc/fail2ban/"
+ elog "You probably have to manually update your configuration"
+ elog "files before restarting Fail2Ban!"
+ elog
+ elog "Fail2Ban is not installed under /usr/lib anymore. The"
+ elog "new location is under /usr/share."
+ elog
+ elog "You are upgrading from version 0.6.x, please see:"
+ elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+ fi
+
+ if ! has_version dev-python/pyinotify ; then
+ elog "For most jail.conf configurations, it is recommended you install"
+ elog "dev-python/pyinotify to control how log file modifications are detected"
+ fi
+
+ if ! has_version dev-lang/python[sqlite] ; then
+ elog "If you want to use ${PN}'s persistent database, then reinstall"
+ elog "dev-lang/python with USE=sqlite. If you do not use the"
+ elog "persistent database feature, then you should set"
+ elog "dbfile = :memory: in fail2ban.conf accordingly."
+ fi
+}
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-postfix-ddos.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-postfix-ddos.patch
new file mode 100644
index 000000000000..efdc463e1fea
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-postfix-ddos.patch
@@ -0,0 +1,38 @@
+https://github.com/fail2ban/fail2ban/pull/4072
+https://bugs.gentoo.org/963047
+
+commit 0fee8dbe9241f8d387f064a079668457a0efd33d
+Author: Ulrich Müller <ulm@gentoo.org>
+Date: Thu Sep 18 07:20:38 2025 +0200
+
+ filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos
+
+ The current regex doesn't match the following log entry, seen with
+ Postfix 3.10.2:
+
+ Sep 17 18:19:20 mxhost postfix/smtpd[12345]: NOQUEUE: lost connection after CONNECT from unknown[192.0.2.25]
+ Sep 17 18:19:20 mxhost postfix/smtpd[12345]: disconnect from unknown[192.0.2.25] commands=0/0
+
+--- a/config/filter.d/postfix.conf
++++ b/config/filter.d/postfix.conf
+@@ -38,7 +38,7 @@
+
+ # Includes some of the log messages described in
+ # <http://www.postfix.org/POSTSCREEN_README.html>.
+-mdpr-ddos = (?:lost connection after (?!(?:DATA|AUTH)\b)[A-Z]+|disconnect(?= from \S+(?: \S+=\d+)* auth=0/(?:[1-9]|\d\d+))|(?:PREGREET \d+|HANGUP) after \S+|COMMAND (?:TIME|COUNT|LENGTH) LIMIT)
++mdpr-ddos = (?:NOQUEUE: )?(?:lost connection after (?!(?:DATA|AUTH)\b)[A-Z]+|disconnect(?= from \S+(?: \S+=\d+)* auth=0/(?:[1-9]|\d\d+))|(?:PREGREET \d+|HANGUP) after \S+|COMMAND (?:TIME|COUNT|LENGTH) LIMIT)
+ mdre-ddos = ^from [^[]*\[<HOST>\]%(_port)s:?
+
+ mdpr-extra = (?:%(mdpr-auth)s|%(mdpr-normal)s)
+--- a/fail2ban/tests/files/logs/postfix
++++ b/fail2ban/tests/files/logs/postfix
+@@ -187,6 +187,9 @@
+ # failJSON: { "time": "2005-06-08T23:14:54", "match": true , "host": "192.0.2.26", "desc": "abusive clients hitting command limit (gh-3040)" }
+ Jun 8 23:14:54 proxy2 postfix/postscreen[473]: COMMAND COUNT LIMIT from [192.0.2.26]:15592 after RCPT
+
++# failJSON: { "time": "2004-09-17T18:19:20", "match": true , "host": "192.0.2.25" }
++Sep 17 18:19:20 mxhost postfix/smtpd[12345]: NOQUEUE: lost connection after CONNECT from unknown[192.0.2.25]
++
+
+ # filterOptions: [{}, {"mode": "ddos"}, {"mode": "aggressive"}]
+ # failJSON: { "match": false, "desc": "don't affect lawful data (sporadical connection aborts within DATA-phase, see gh-1813 for discussion)" }
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2025-09-28 4:15 Ulrich Müller
0 siblings, 0 replies; 12+ messages in thread
From: Ulrich Müller @ 2025-09-28 4:15 UTC (permalink / raw
To: gentoo-commits
commit: 9c6262037269150abc0c2d25dc91eb1b5f4f7f32
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 27 16:50:39 2025 +0000
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Sun Sep 28 04:14:56 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c626203
net-analyzer/fail2ban: Fix mdre-ddos regex in filter.d/sshd.conf
The current regex doesn't match the following log entry:
Sep 27 12:34:56 myhost sshd[12345]: Timeout before authentication for connection from 192.0.2.25 to 203.0.113.78, pid = 6789
Closes: https://bugs.gentoo.org/963511
Reviewed-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
...an-1.1.0-r5.ebuild => fail2ban-1.1.0-r6.ebuild} | 1 +
.../fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch | 33 ++++++++++++++++++++++
2 files changed, 34 insertions(+)
diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r6.ebuild
similarity index 98%
rename from net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
rename to net-analyzer/fail2ban/fail2ban-1.1.0-r6.ebuild
index b187290650fb..0cd44babae39 100644
--- a/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r6.ebuild
@@ -61,6 +61,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-1.1.0-systemd-order.patch
"${FILESDIR}"/${PN}-1.1.0-postfix-pref.patch
"${FILESDIR}"/${PN}-1.1.0-postfix-ddos.patch
+ "${FILESDIR}"/${PN}-1.1.0-sshd-ddos.patch
)
src_prepare() {
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch
new file mode 100644
index 000000000000..6a19031ca406
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch
@@ -0,0 +1,33 @@
+https://github.com/fail2ban/fail2ban/issues/3907
+https://bugs.gentoo.org/963511
+
+commit 89b5f3bb1ecd3789b3271b648eeb83c620668e6f
+Author: Serg G. Brester <info@sebres.de>
+Date: Thu Dec 26 14:24:15 2024 +0100
+
+ `filter.d/sshd.conf`: `ddos` and `aggressive` modes, regex extended for timeout before authentication (optional connection from part);
+ closes gh-3907
+
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -70,7 +70,7 @@
+ # used to differentiate "connection closed" with and without `[preauth]` (fail/nofail cases in ddos mode)
+ mdre-normal-other = ^<F-NOFAIL><F-MLFFORGET>(?:Connection (?:closed|reset)|Disconnect(?:ed|ing))</F-MLFFORGET></F-NOFAIL>%(__authng_user)s <ADDR>%(__on_port_opt)s(?:: (?!Too many authentication failures)[^\[]+)?(?: \[preauth\])?\s*$
+
+-mdre-ddos = ^(?:Did not receive identification string from|Timeout before authentication for) <HOST>
++mdre-ddos = ^(?:Did not receive identification string from|Timeout before authentication for(?: connection from)?) <HOST>
+ ^kex_exchange_identification: (?:read: )?(?:[Cc]lient sent invalid protocol identifier|[Cc]onnection (?:closed by remote host|reset by peer))
+ ^Bad protocol version identification '(?:[^']|.*?)' (?:from )?<HOST>%(__suff)s$
+ ^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\d+;[A-Z]\w+:
+--- a/fail2ban/tests/files/logs/sshd
++++ b/fail2ban/tests/files/logs/sshd
+@@ -360,6 +360,9 @@
+ # failJSON: { "match": false, "desc": "Connection reset already triggered above (known IP, no-fail helper unused here)" }
+ Jun 7 04:29:10 host sshd[649921]: Connection reset by 192.0.2.16 port 51280
+
++# failJSON: { "time": "2005-06-10T09:43:06", "match": true , "host": "192.0.2.17", "desc": "ddos: timeout ... connection from, gh-3907" }
++Jun 10 09:43:06 host sshd[3801]: Timeout before authentication for connection from 192.0.2.17 to 127.0.0.1, pid = 29098
++
+ # filterOptions: [{"mode": "extra"}, {"mode": "aggressive"}]
+
+ # several other cases from gh-864:
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
@ 2025-09-28 4:15 Ulrich Müller
0 siblings, 0 replies; 12+ messages in thread
From: Ulrich Müller @ 2025-09-28 4:15 UTC (permalink / raw
To: gentoo-commits
commit: 82f7c744835c48b3f49bb5409588011ab6c62563
Author: Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 27 17:40:41 2025 +0000
Commit: Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Sun Sep 28 04:14:55 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82f7c744
net-analyzer/fail2ban: More general _pref in filter.d/postfix.conf
This considers commands like CONNECT as a valid _pref.
Reviewed-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>
net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild | 1 +
.../files/fail2ban-1.1.0-postfix-pref.patch | 32 ++++++++++++++++++++++
2 files changed, 33 insertions(+)
diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
index 05a953241bd5..b187290650fb 100644
--- a/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
@@ -59,6 +59,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-1.1.0-openssh-9.8-fixups.patch
"${FILESDIR}"/${PN}-1.1.0-openrc-nftables.patch
"${FILESDIR}"/${PN}-1.1.0-systemd-order.patch
+ "${FILESDIR}"/${PN}-1.1.0-postfix-pref.patch
"${FILESDIR}"/${PN}-1.1.0-postfix-ddos.patch
)
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-postfix-pref.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-postfix-pref.patch
new file mode 100644
index 000000000000..72a21d6681a5
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-postfix-pref.patch
@@ -0,0 +1,32 @@
+https://github.com/fail2ban/fail2ban/issues/3800
+
+commit 93810fff75640ddfe4c248e670ed80b5d225bf10
+Author: Serg G. Brester <info@sebres.de>
+Date: Fri Jul 26 19:25:09 2024 +0200
+
+ consider CONNECT and other rejected commands as a valid `_pref`;
+ closes gh-3800
+
+--- a/config/filter.d/postfix.conf
++++ b/config/filter.d/postfix.conf
+@@ -12,7 +12,7 @@
+
+ _daemon = postfix(-\w+)?/[^/\[:\s]+(?:/smtp[ds])?
+ _port = (?::\d+)?
+-_pref = [A-Z]{4}
++_pref = [A-Z]{4,}
+
+ prefregex = ^%(__prefix_line)s<mdpr-<mode>> <F-CONTENT>.+</F-CONTENT>$
+
+--- a/fail2ban/tests/files/logs/postfix
++++ b/fail2ban/tests/files/logs/postfix
+@@ -70,6 +70,9 @@
+ # failJSON: { "time": "2005-05-05T15:51:11", "match": true , "host": "216.245.194.173", "desc": "postfix postscreen / gh-1764" }
+ May 5 15:51:11 xxx postfix/postscreen[1148]: NOQUEUE: reject: RCPT from [216.245.194.173]:60591: 550 5.7.1 Service unavailable; client [216.245.194.173] blocked using rbl.example.com; from=<spammer@example.com>, to=<goodguy@example.com>, proto=ESMTP, helo=<badguy.example.com>
+
++# failJSON: { "time": "2005-06-01T19:00:55", "match": true , "host": "192.0.2.114", "desc": "postfix client restriction / gh-3800" }
++Jun 1 19:00:55 mail postfix/smtpd[7749]: NOQUEUE: reject: CONNECT from unknown[192.0.2.114]: 450 4.7.25 Client host rejected: cannot find your hostname, [178.215.236.114]; proto=SMTP
++
+ # failJSON: { "time": "2005-06-03T06:25:43", "match": true , "host": "192.0.2.11", "desc": "too many errors / gh-2439" }
+ Jun 3 06:25:43 srv postfix/smtpd[29306]: too many errors after RCPT from example.com[192.0.2.11]
+
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2025-09-28 4:15 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-28 4:15 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/ Ulrich Müller
-- strict thread matches above, loose matches on Subject: below --
2025-09-28 4:15 Ulrich Müller
2025-09-18 17:31 Ulrich Müller
2025-08-30 14:42 Sam James
2024-08-29 1:55 Sam James
2024-07-04 0:54 Sam James
2023-07-02 20:33 Sam James
2022-12-10 4:36 Sam James
2021-10-24 3:39 Sam James
2021-08-11 1:01 Sam James
2021-05-14 17:22 Sam James
2017-03-29 3:22 Jeroen Roovers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox