From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1787437-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 572A01581B9
	for <garchives@archives.gentoo.org>; Sun, 28 Sep 2025 04:15:19 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 3F55D340D9E
	for <garchives@archives.gentoo.org>; Sun, 28 Sep 2025 04:15:19 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
	by bobolink.gentoo.org (Postfix) with ESMTP id 413CD1104A0;
	Sun, 28 Sep 2025 04:15:18 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by bobolink.gentoo.org (Postfix) with ESMTPS id 36E5E1104A0
	for <gentoo-commits@lists.gentoo.org>; Sun, 28 Sep 2025 04:15:18 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E2B61340D9E
	for <gentoo-commits@lists.gentoo.org>; Sun, 28 Sep 2025 04:15:17 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 3F7CF3985
	for <gentoo-commits@lists.gentoo.org>; Sun, 28 Sep 2025 04:15:16 +0000 (UTC)
From: "Ulrich Müller" <ulm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Ulrich Müller" <ulm@gentoo.org>
Message-ID: <1759032896.9c6262037269150abc0c2d25dc91eb1b5f4f7f32.ulm@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/fail2ban/files/, net-analyzer/fail2ban/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild net-analyzer/fail2ban/fail2ban-1.1.0-r6.ebuild net-analyzer/fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch
X-VCS-Directories: net-analyzer/fail2ban/ net-analyzer/fail2ban/files/
X-VCS-Committer: ulm
X-VCS-Committer-Name: Ulrich Müller
X-VCS-Revision: 9c6262037269150abc0c2d25dc91eb1b5f4f7f32
X-VCS-Branch: master
Date: Sun, 28 Sep 2025 04:15:16 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 7c138759-33df-4ba6-ba56-e13e5066517e
X-Archives-Hash: f94be5a0d25be01d891599fc0f7d8101

commit:     9c6262037269150abc0c2d25dc91eb1b5f4f7f32
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 27 16:50:39 2025 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Sun Sep 28 04:14:56 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c626203

net-analyzer/fail2ban: Fix mdre-ddos regex in filter.d/sshd.conf

The current regex doesn't match the following log entry:
Sep 27 12:34:56 myhost sshd[12345]: Timeout before authentication for connection from 192.0.2.25 to 203.0.113.78, pid = 6789

Closes: https://bugs.gentoo.org/963511
Reviewed-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 ...an-1.1.0-r5.ebuild => fail2ban-1.1.0-r6.ebuild} |  1 +
 .../fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch  | 33 ++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r6.ebuild
similarity index 98%
rename from net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
rename to net-analyzer/fail2ban/fail2ban-1.1.0-r6.ebuild
index b187290650fb..0cd44babae39 100644
--- a/net-analyzer/fail2ban/fail2ban-1.1.0-r5.ebuild
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r6.ebuild
@@ -61,6 +61,7 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-1.1.0-systemd-order.patch
 	"${FILESDIR}"/${PN}-1.1.0-postfix-pref.patch
 	"${FILESDIR}"/${PN}-1.1.0-postfix-ddos.patch
+	"${FILESDIR}"/${PN}-1.1.0-sshd-ddos.patch
 )
 
 src_prepare() {

diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch
new file mode 100644
index 000000000000..6a19031ca406
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-sshd-ddos.patch
@@ -0,0 +1,33 @@
+https://github.com/fail2ban/fail2ban/issues/3907
+https://bugs.gentoo.org/963511
+
+commit 89b5f3bb1ecd3789b3271b648eeb83c620668e6f
+Author: Serg G. Brester <info@sebres.de>
+Date:   Thu Dec 26 14:24:15 2024 +0100
+
+    `filter.d/sshd.conf`: `ddos` and `aggressive` modes, regex extended for timeout before authentication (optional connection from part);
+    closes gh-3907
+
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -70,7 +70,7 @@
+ # used to differentiate "connection closed" with and without `[preauth]` (fail/nofail cases in ddos mode)
+ mdre-normal-other = ^<F-NOFAIL><F-MLFFORGET>(?:Connection (?:closed|reset)|Disconnect(?:ed|ing))</F-MLFFORGET></F-NOFAIL>%(__authng_user)s <ADDR>%(__on_port_opt)s(?:: (?!Too many authentication failures)[^\[]+)?(?: \[preauth\])?\s*$
+ 
+-mdre-ddos = ^(?:Did not receive identification string from|Timeout before authentication for) <HOST>
++mdre-ddos = ^(?:Did not receive identification string from|Timeout before authentication for(?: connection from)?) <HOST>
+             ^kex_exchange_identification: (?:read: )?(?:[Cc]lient sent invalid protocol identifier|[Cc]onnection (?:closed by remote host|reset by peer))
+             ^Bad protocol version identification '(?:[^']|.*?)' (?:from )?<HOST>%(__suff)s$
+             ^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\d+;[A-Z]\w+:
+--- a/fail2ban/tests/files/logs/sshd
++++ b/fail2ban/tests/files/logs/sshd
+@@ -360,6 +360,9 @@
+ # failJSON: { "match": false, "desc": "Connection reset already triggered above (known IP, no-fail helper unused here)" }
+ Jun  7 04:29:10 host sshd[649921]: Connection reset by 192.0.2.16 port 51280
+ 
++# failJSON: { "time": "2005-06-10T09:43:06", "match": true , "host": "192.0.2.17", "desc": "ddos: timeout ... connection from, gh-3907" }
++Jun 10 09:43:06 host sshd[3801]: Timeout before authentication for connection from 192.0.2.17 to 127.0.0.1, pid = 29098
++
+ # filterOptions: [{"mode": "extra"}, {"mode": "aggressive"}]
+ 
+ # several other cases from gh-864: