[bug#56579,v5] gnu: admin: Add fail2ban 0.11.2.

Message ID	20220717023040.422-1-mail@muradm.net
State	Accepted
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#56579] [PATCH v5] gnu: admin: Add fail2ban 0.11.2. Resent-From: muradm <mail@muradm.net> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Jul 2022 02:31:02 +0000 Resent-Message-ID: <handler.56579.B56579.165802504726929@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org To: 56579@debbugs.gnu.org From: muradm <mail@muradm.net> Date: Sun, 17 Jul 2022 05:30:40 +0300 Message-Id: <20220717023040.422-1-mail@muradm.net> In-Reply-To: <20220715221132.11937-1-mail@muradm.net> References: <20220715221132.11937-1-mail@muradm.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-getmail-retrieved-from-mailbox: Patches
Series	[bug#56579,v5] gnu: admin: Add fail2ban 0.11.2. \| expand [bug#56579,v5] gnu: admin: Add fail2ban 0.11.2.

Context	Check	Description
cbaines/applying patch	fail	View Laminar job
cbaines/issue	success	View issue

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 88cb8fded9..4e2b7b081a 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -100,6 +100,7 @@ (define-module (gnu packages admin) #:use-module (gnu packages cross-base) #:use-module (gnu packages crypto) #:use-module (gnu packages cryptsetup) + #:use-module (gnu packages curl) #:use-module (gnu packages cyrus-sasl) #:use-module (gnu packages dns) #:use-module (gnu packages elf) @@ -134,6 +135,7 @@ (define-module (gnu packages admin) #:use-module (gnu packages mcrypt) #:use-module (gnu packages mpi) #:use-module (gnu packages ncurses) + #:use-module (gnu packages networking) #:use-module (gnu packages openldap) #:use-module (gnu packages patchutils) #:use-module (gnu packages pciutils) @@ -152,6 +154,7 @@ (define-module (gnu packages admin) #:use-module (gnu packages ruby) #:use-module (gnu packages selinux) #:use-module (gnu packages serialization) + #:use-module (gnu packages sqlite) #:use-module (gnu packages ssh) #:use-module (gnu packages sphinx) #:use-module (gnu packages tcl) @@ -5231,3 +5234,195 @@ (define-public seatd mediate access to shared devices, such as graphics and input, for applications that require it.") (license license:expat))) + +(define-public fail2ban + (package + (name "fail2ban") + (version "0.11.2") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/fail2ban/fail2ban") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db")) + (modules '((guix build utils))) + (snippet + '(begin + ;; get rid of absolute paths + (substitute* "setup.py" + (("/etc/fail2ban") "etc/fail2ban") + (("/var/lib/fail2ban") "var/lib/fail2ban") + (("\"/usr/bin/\"") "\"usr/bin/\"") + (("\"/usr/lib/fail2ban/\"") "\"usr/lib/fail2ban/\"") + (("'/usr/share/doc/fail2ban'") "'usr/share/doc/fail2ban'")) + ;; disable tests performing unacceptable side-effects + (let ((make-suite + (lambda (t) + (string-append "tests.addTest.unittest.makeSuite." t "..")))) + (substitute* "fail2ban/tests/utils.py" + (((make-suite "actiontestcase.CommandActionTest")) "") + (((make-suite "misctestcase.SetupTest")) "") + (((make-suite "filtertestcase.DNSUtilsNetworkTests")) "") + (((make-suite "filtertestcase.IgnoreIPDNS")) "") + (((make-suite "filtertestcase.GetFailures")) "") + (((make-suite "fail2banclienttestcase.Fail2banServerTest")) "") + (((make-suite "servertestcase.ServerConfigReaderTests")) ""))))) + (patches + (search-patches + "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch" + "fail2ban-python310-server-action.patch" + "fail2ban-python310-server-actions.patch" + "fail2ban-python310-server-jails.patch" + "fail2ban-0.11.2_fix-test-suite.patch" + "fail2ban-0.11.2_CVE-2021-32749.patch" + "fail2ban-paths-guix-conf.patch")))) + (build-system python-build-system) + (arguments + '(#:phases (modify-phases %standard-phases + (add-before 'build 'invoke-2to3 + (lambda _ + (invoke "./fail2ban-2to3"))) + (add-before 'install 'fix-default-config + (lambda* (#:key outputs #:allow-other-keys) + (for-each + (lambda (f) + (substitute* f + (("/etc/fail2ban") + (string-append + (assoc-ref outputs "out") + "/etc/fail2ban")))) + '("config/paths-common.conf" + "fail2ban/tests/utils.py" + "fail2ban/client/configreader.py" + "fail2ban/client/fail2bancmdline.py" + "fail2ban/client/fail2banregex.py")))) + (add-after 'fix-default-config 'set-action-dependencies + (lambda* (#:key inputs #:allow-other-keys) + ;; deleting things that are not feasible to fix + ;; or won't be used any way + (with-directory-excursion "config" + (for-each delete-file '("paths-arch.conf" + "paths-debian.conf" + "paths-fedora.conf" + "paths-freebsd.conf" + "paths-opensuse.conf" + "paths-osx.conf"))) + (with-directory-excursion "config/action.d" + (for-each delete-file + '("apf.conf" + "bsd-ipfw.conf" + "dshield.conf" + "ipfilter.conf" + "ipfw.conf" + "firewallcmd-allports.conf" + "firewallcmd-common.conf" + "firewallcmd-ipset.conf" + "firewallcmd-multiport.conf" + "firewallcmd-new.conf" + "firewallcmd-rich-logging.conf" + "firewallcmd-rich-rules.conf" + "osx-afctl.conf" + "osx-ipfw.conf" + "pf.conf" + "nginx-block-map.conf" + "npf.conf" + "shorewall.conf" + "shorewall-ipset-proto6.conf" + "ufw.conf"))) + (let* ((lookup-cmd (lambda (i) (search-input-file inputs i))) + (bin (lambda (i) (lookup-cmd (string-append "/bin/" i)))) + (sbin (lambda (i) (lookup-cmd (string-append "/sbin/" i)))) + (ip (sbin "ip")) + (sendmail (sbin "sendmail"))) + (for-each + (lambda (f) + (substitute* f + ;; TODO: deal with geoiplookup .. + (("(awk|curl|dig|jq)" all cmd) + (bin cmd)) + (("(cat|echo|grep|head|printf|wc) " all cmd) + (string-append (bin cmd) " ")) + ((" (date|rm|sed|tail|touch|tr) " all cmd) + (string-append " " (bin cmd) " ")) + (("cut -d") + (string-append (bin "cut") " -d")) + (("`date`") + (string-append "`" (bin "date") "`")) + (("id -") + (string-append (bin "id") " -")) + (("ip -([46]) addr" all ver) + (string-append ip " -" ver " addr")) + (("ip route") + (string-append ip " route")) + (("ipset ") + (string-append (sbin "ipset") " ")) + (("(iptables|ip6tables) <" all cmd) + (string-append (sbin cmd) " <")) + (("/usr/bin/nsupdate") (bin "nsupdate")) + (("mail -E") + (string-append sendmail " -E")) + (("nftables = nft") + (string-append "nftables = " (sbin "nft"))) + (("perl -e") + (string-append (bin "perl") " -e")) + (("/usr/sbin/sendmail") sendmail) + (("test -e") + (string-append (bin "test") " -e")) + (("_whois = whois") + (string-append "_whois = " (bin "whois"))))) + (find-files "config/action.d" "\\.conf$"))) + (substitute* "config/jail.conf" + (("before = paths-debian.conf") "before = paths-guix.conf")))) + (add-after 'install 'copy-man-pages + (lambda* (#:key outputs #:allow-other-keys) + (let* ((man (string-append (assoc-ref outputs "out") "/man")) + (install-man + (lambda (m) + (lambda (f) + (install-file + (string-append f "." m) + (string-append man "/man" m))))) + (install-man1 (install-man "1")) + (install-man5 (install-man "5"))) + (with-directory-excursion "man" + (for-each install-man1 '("fail2ban" + "fail2ban-client" + "fail2ban-python" + "fail2ban-regex" + "fail2ban-server" + "fail2ban-testcases")) + (for-each install-man5 '("jail.conf"))))))))) + (inputs (list + gawk + coreutils + curl + grep + jq + iproute + ipset + iptables + `(,isc-bind "utils") + nftables + perl + python-pyinotify + sed + sendmail + sqlite + whois)) + (home-page "http://www.fail2ban.org") + (synopsis "Daemon to ban hosts that cause multiple authentication errors") + (description "Fail2Ban scans log files like /var/log/auth.log and bans IP +addresses conducting too many failed login attempts. It does this by updating +system firewall rules to reject new connections from those IP addresses, for +a configurable amount of time. Fail2Ban comes out-of-the-box ready to read +many standard log files, such as those for sshd and Apache, and is easily +configured to read any log file of your choosing, for any error you wish. + +Though Fail2Ban is able to reduce the rate of incorrect authentication +attempts, it cannot eliminate the risk presented by weak authentication. Set +up services to use only two factor, or public/private authentication +mechanisms if you really want to protect services.") + (license license:gpl2))) diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch new file mode 100644 index 0000000000..d3c677918c --- /dev/null +++ b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch @@ -0,0 +1,155 @@ +From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001 +From: sebres <serg.brester@sebres.de> +Date: Mon, 21 Jun 2021 17:12:53 +0200 +Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable + (default tilde) stops consider "~" char after new-line as composing escape + sequence + +--- + config/action.d/complain.conf | 2 +- + config/action.d/dshield.conf | 2 +- + config/action.d/mail-buffered.conf | 8 ++++---- + config/action.d/mail-whois-lines.conf | 2 +- + config/action.d/mail-whois.conf | 6 +++--- + config/action.d/mail.conf | 6 +++--- + 6 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf +index 3a5f882c9f..4d73b05859 100644 +--- a/config/action.d/complain.conf ++++ b/config/action.d/complain.conf +@@ -102,7 +102,7 @@ logpath = /dev/null + # Notes.: Your system mail command. Is passed 2 args: subject and recipient + # Values: CMD + # +-mailcmd = mail -s ++mailcmd = mail -E 'set escape' -s + + # Option: mailargs + # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf +index c128bef348..3d5a7a53a9 100644 +--- a/config/action.d/dshield.conf ++++ b/config/action.d/dshield.conf +@@ -179,7 +179,7 @@ tcpflags = + # Notes.: Your system mail command. Is passed 2 args: subject and recipient + # Values: CMD + # +-mailcmd = mail -s ++mailcmd = mail -E 'set escape' -s + + # Option: mailargs + # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf +index 325f185b2f..79b841049c 100644 +--- a/config/action.d/mail-buffered.conf ++++ b/config/action.d/mail-buffered.conf +@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n + The jail <name> has been started successfully.\n + Output will be buffered until <lines> lines are available.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> + + # Option: actionstop + # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then + These hosts have been banned by Fail2Ban.\n + `cat <tmpfile>` + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest> + rm <tmpfile> + fi + printf %%b "Hi,\n + The jail <name> has been stopped.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> + + # Option: actioncheck + # Notes.: command executed once before each actionban command +@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile> + These hosts have been banned by Fail2Ban.\n + `cat <tmpfile>` + \nRegards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest> + rm <tmpfile> + fi + +diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf +index 3a3e56b2c7..d2818cb9b9 100644 +--- a/config/action.d/mail-whois-lines.conf ++++ b/config/action.d/mail-whois-lines.conf +@@ -72,7 +72,7 @@ actionunban = + # Notes.: Your system mail command. Is passed 2 args: subject and recipient + # Values: CMD + # +-mailcmd = mail -s ++mailcmd = mail -E 'set escape' -s + + # Default name of the chain + # +diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf +index 7fea34c40d..ab33b616dc 100644 +--- a/config/action.d/mail-whois.conf ++++ b/config/action.d/mail-whois.conf +@@ -20,7 +20,7 @@ norestored = 1 + actionstart = printf %%b "Hi,\n + The jail <name> has been started successfully.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> + + # Option: actionstop + # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n + actionstop = printf %%b "Hi,\n + The jail <name> has been stopped.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> + + # Option: actioncheck + # Notes.: command executed once before each actionban command +@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n + Here is more information about <ip> :\n + `%(_whois_command)s`\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> + + # Option: actionunban + # Notes.: command executed when unbanning an IP. Take care that the +diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf +index 5d8c0e154c..f4838ddcb6 100644 +--- a/config/action.d/mail.conf ++++ b/config/action.d/mail.conf +@@ -16,7 +16,7 @@ norestored = 1 + actionstart = printf %%b "Hi,\n + The jail <name> has been started successfully.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> + + # Option: actionstop + # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n + actionstop = printf %%b "Hi,\n + The jail <name> has been stopped.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> + + # Option: actioncheck + # Notes.: command executed once before each actionban command +@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n + The IP <ip> has just been banned by Fail2Ban after + <failures> attempts against <name>.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> + + # Option: actionunban + # Notes.: command executed when unbanning an IP. Take care that the diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch new file mode 100644 index 0000000000..b0b14364b1 --- /dev/null +++ b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch @@ -0,0 +1,64 @@ +From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001 +From: sebres <info@sebres.de> +Date: Sun, 19 Sep 2021 18:49:18 +0200 +Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup + command: use_2to3 is invalid (setuptools 58+) + +--- + setup.py | 16 +--------------- + 1 file changed, 1 insertion(+), 15 deletions(-) + +diff --git a/setup.py b/setup.py +index f4c2550f6f..98413273c5 100755 +--- a/setup.py ++++ b/setup.py +@@ -48,7 +48,7 @@ + from glob import glob + + from fail2ban.setup import updatePyExec +- ++from fail2ban.version import version + + source_dir = os.path.realpath(os.path.dirname( + # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.): +@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False): + # Wrapper to specify fail2ban own options: + class install_command_f2b(install): + user_options = install.user_options + [ +- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'), + ('without-tests', None, 'without tests files installation'), + ] + def initialize_options(self): +- self.disable_2to3 = None + self.without_tests = not with_tests + install.initialize_options(self) + def finalize_options(self): +- global _2to3 +- ## in the test cases 2to3 should be already done (fail2ban-2to3): +- if self.disable_2to3: +- _2to3 = False +- if _2to3: +- cmdclass = self.distribution.cmdclass +- cmdclass['build_py'] = build_py_2to3 +- cmdclass['build_scripts'] = build_scripts_2to3 + if self.without_tests: + self.distribution.scripts.remove('bin/fail2ban-testcases') + +@@ -178,7 +168,6 @@ def run(self): + if setuptools: + setup_extra = { + 'test_suite': "fail2ban.tests.utils.gatherTests", +- 'use_2to3': True, + } + else: + setup_extra = {} +@@ -202,9 +191,6 @@ def run(self): + ('/usr/share/doc/fail2ban', doc_files) + ) + +-# Get version number, avoiding importing fail2ban. +-# This is due to tests not functioning for python3 as 2to3 takes place later +-exec(open(join("fail2ban", "version.py")).read()) + + setup( + name = "fail2ban", diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch new file mode 100644 index 0000000000..91d973e72e --- /dev/null +++ b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch @@ -0,0 +1,48 @@ +From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001 +From: sebres <info@sebres.de> +Date: Mon, 4 Jan 2021 02:42:38 +0100 +Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for + tests, considering interval from 2005 (alternate now) to now; + better + grouping algorithm for resulting century RE + +--- + fail2ban/server/strptime.py | 24 ++++++++++++++++++++++-- + 1 file changed, 22 insertions(+), 2 deletions(-) + +diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py +index 1464a96d1f..39fc795865 100644 +--- a/fail2ban/server/strptime.py ++++ b/fail2ban/server/strptime.py +@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo + Thereby respect possible run in the test-cases (alternate date used there) + """ + cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t] ++ def grp(exprset): ++ c = None ++ if len(exprset) > 1: ++ for i in exprset: ++ if c is None or i[0:-1] == c: ++ c = i[0:-1] ++ else: ++ c = None ++ break ++ if not c: ++ for i in exprset: ++ if c is None or i[0] == c: ++ c = i[0] ++ else: ++ c = None ++ break ++ if c: ++ return "%s%s" % (c, grp([i[len(c):] for i in exprset])) ++ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \ ++ if len(exprset) > 1 else "".join(exprset) + exprset = set( cent(now[0].year + i) for i in (-1, distance) ) + if len(now) and now[1]: +- exprset |= set( cent(now[1].year + i) for i in (-1, distance) ) +- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset) ++ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) ) ++ return grp(sorted(list(exprset))) + + timeRE = TimeRE() + diff --git a/gnu/packages/patches/fail2ban-paths-guix-conf.patch b/gnu/packages/patches/fail2ban-paths-guix-conf.patch new file mode 100644 index 0000000000..8c2a5747ba --- /dev/null +++ b/gnu/packages/patches/fail2ban-paths-guix-conf.patch @@ -0,0 +1,32 @@ +From ef28dcf7a5bdbfd8ba586bb066d5ec53188a6bf9 Mon Sep 17 00:00:00 2001 +From: muradm <mail@muradm.net> +Date: Fri, 15 Jul 2022 20:08:14 +0300 +Subject: [PATCH] Add paths-guix.conf file. + +--- + config/paths-guix.conf | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + create mode 100644 config/paths-guix.conf + +diff --git a/config/paths-guix.conf b/config/paths-guix.conf +new file mode 100644 +index 00000000..b4a2e9f5 +--- /dev/null ++++ b/config/paths-guix.conf +@@ -0,0 +1,13 @@ ++# Guix ++ ++[INCLUDES] ++ ++before = paths-common.conf ++after = paths-overrides.local ++ ++ ++[DEFAULT] ++ ++syslog_authpriv = /var/log/secure ++syslog_mail = /var/log/maillog ++syslog_mail_warn = /var/log/maillog +-- +2.36.1 + diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch b/gnu/packages/patches/fail2ban-python310-server-action.patch new file mode 100644 index 0000000000..723d7f7aa6 --- /dev/null +++ b/gnu/packages/patches/fail2ban-python310-server-action.patch @@ -0,0 +1,27 @@ +From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" <serg.brester@sebres.de> +Date: Mon, 8 Feb 2021 17:19:24 +0100 +Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes` + moved to the :mod:`collections.abc` module + +(since 3.10-alpha.5 `MutableMapping` is missing in collections module) +--- + fail2ban/server/action.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py +index 3bc48fe046..f0f1e6f59a 100644 +--- a/fail2ban/server/action.py ++++ b/fail2ban/server/action.py +@@ -30,7 +30,10 @@ + import threading + import time + from abc import ABCMeta +-from collections import MutableMapping ++try: ++ from collections.abc import MutableMapping ++except ImportError: ++ from collections import MutableMapping + + from .failregex import mapTag2Opt + from .ipdns import DNSUtils diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch b/gnu/packages/patches/fail2ban-python310-server-actions.patch new file mode 100644 index 0000000000..e31316d28b --- /dev/null +++ b/gnu/packages/patches/fail2ban-python310-server-actions.patch @@ -0,0 +1,25 @@ +From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" <serg.brester@sebres.de> +Date: Mon, 8 Feb 2021 17:25:45 +0100 +Subject: [PATCH] amend for `Mapping` + +--- + fail2ban/server/actions.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py +index b7b95b445a..897d907c1a 100644 +--- a/fail2ban/server/actions.py ++++ b/fail2ban/server/actions.py +@@ -28,7 +28,10 @@ + import os + import sys + import time +-from collections import Mapping ++try: ++ from collections.abc import Mapping ++except ImportError: ++ from collections import Mapping + try: + from collections import OrderedDict + except ImportError: diff --git a/gnu/packages/patches/fail2ban-python310-server-jails.patch b/gnu/packages/patches/fail2ban-python310-server-jails.patch new file mode 100644 index 0000000000..e5873c415e --- /dev/null +++ b/gnu/packages/patches/fail2ban-python310-server-jails.patch @@ -0,0 +1,25 @@ +From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" <serg.brester@sebres.de> +Date: Mon, 8 Feb 2021 17:35:59 +0100 +Subject: [PATCH] amend for `Mapping` (jails) + +--- + fail2ban/server/jails.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py +index 972a8c4bd2..27e12ddf65 100644 +--- a/fail2ban/server/jails.py ++++ b/fail2ban/server/jails.py +@@ -22,7 +22,10 @@ + __license__ = "GPL" + + from threading import Lock +-from collections import Mapping ++try: ++ from collections.abc import Mapping ++except ImportError: ++ from collections import Mapping + + from ..exceptions import DuplicateJailException, UnknownJailException + from .jail import Jail

[bug#56579,v5] gnu: admin: Add fail2ban 0.11.2.

Checks

Commit Message

Comments

Patch