From nobody Tue Oct 4 15:13:00 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mhh646SwNz4f3lQ; Tue, 4 Oct 2022 15:13:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mhh646BRWz3rtF; Tue, 4 Oct 2022 15:13:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664896380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=btUPyOCIrym8dr0khBwWliwc8SNgzrPjQaOEsyYhxmQ=; b=asiVJYEjL5hA6fin1XTXFJCIZmTxQhdqcfOZZSoHC/szjs8yXIUfO9JMkwm0p7h3COjb/K 8ZnQFnBTZ+8HRgBlKxHQHvSz1yPbWI7yTiRSZCNQOBs1FmJ7M79tngVcHSDKy3g14zZqLO 1yQnyR+Uhy5vvcVhDWNO/IaA/w80srFtpe6Ihm+N78X/TTgCBchMfgBTCahXCzMYyUjQdo LKFQetyy2i3n7DuCIbfUfAQmxQup10T8qr8XcRAC1Vlrf4IZQt1nRzTEt6ToAMX+Beh8zW RMKifQC6NMszITfZSIY1ncbFO4FwbDAsbTpqkYl0omoK6ETgRwjQlMlFoY3T+Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Mhh645CV0zc2L; Tue, 4 Oct 2022 15:13:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 294FD0Tu059464; Tue, 4 Oct 2022 15:13:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 294FD0Wo059463; Tue, 4 Oct 2022 15:13:00 GMT (envelope-from git) Date: Tue, 4 Oct 2022 15:13:00 GMT Message-Id: <202210041513.294FD0Wo059463@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Cy Schubert Subject: git: 97829d274c53 - main - security/py-fail2ban: Update to 1.0.1 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 97829d274c538ecf69540c35025bb2edcb8393ca Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664896380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=btUPyOCIrym8dr0khBwWliwc8SNgzrPjQaOEsyYhxmQ=; b=onY7C7bTUB8sh2GsBH4BzigZrWGrgX5fjmay6k0Cyw4PtHjcw4sypdWYew5wMruVC4LAdd YmFi+iMFny/ru7LzxAT7nPKg5BAi07qeWPBwpSOt30W44WnYXMPWbcSoUE9MCsUN4Sa/Dp fxPso6yueuUt52SWbdux0O0+wPZLkWsel/QKo3jterYmSTJBDm9SdzpzF2j638E0w5dKFl qxo/ijG0RMPjB9dZzz3AtOl2SdE+RURo85dNOZRGKhtttkA+MH6cM7Ez9vPx0JLWcHb/6S VmniefZRxQ9EUf9gaDG5j4H2lF67WwMez491JJhVir9Fc690zfvILCmsQ7L2YA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664896380; a=rsa-sha256; cv=none; b=iFhjg7OVOeRWTbzlyWHq3/G3TNezAMAJGpuEhI7snJompWNywWzoKq6f1welk9cLoldSLt dCcTMRZT2CB55p548Y6z4WyT2Mw4U/dI9Wejoc0CDovGkYtDqi5oUmZiBreoMOQy91D6JQ zNX0CMxiMP1OiKiVgPW9vOekol8wuf1F740rT4KdfuP4QG2/CPeAtiLrbNXZDG58tSwlAF 8va3h8QJ+RGpf5C3rIqmCjTB8JbHDDaz8eSMSe2EkjY7mfT5gLtsY2mpf/UmGsL0nwA9iZ Nba/N9FzAOaZBjOvCKhivlIZGKK55KwMQcchjrZRmpadh58cfKu/546Tq7uYvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=97829d274c538ecf69540c35025bb2edcb8393ca commit 97829d274c538ecf69540c35025bb2edcb8393ca Author: Cy Schubert AuthorDate: 2022-10-04 03:45:32 +0000 Commit: Cy Schubert CommitDate: 2022-10-04 15:06:21 +0000 security/py-fail2ban: Update to 1.0.1 This major release of fail2ban includes many bugfixes and features. See https://github.com/fail2ban/fail2ban/releases for more information. Add comment about "build" being performed in post-patch. Assume maintainership. PR: 266810 Approved by: MAINTAINER (theis@gmx.at) --- security/py-fail2ban/Makefile | 7 +- security/py-fail2ban/distinfo | 6 +- security/py-fail2ban/files/patch-CVE-2021-32749 | 158 --------------------- .../files/patch-fail2ban_server_action.py | 30 ---- .../files/patch-fail2ban_server_actions.py | 28 ---- .../files/patch-fail2ban_server_jails.py | 28 ---- security/py-fail2ban/files/patch-setup.py | 26 ---- 7 files changed, 7 insertions(+), 276 deletions(-) diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile index f1c770376cfd..3efb617f55a1 100644 --- a/security/py-fail2ban/Makefile +++ b/security/py-fail2ban/Makefile @@ -1,10 +1,9 @@ PORTNAME= fail2ban -DISTVERSION= 0.11.2 -PORTREVISION= 3 +DISTVERSION= 1.0.1 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} -MAINTAINER= theis@gmx.at +MAINTAINER= cy@FreeBSD.org COMMENT= Scans log files and bans IP that makes too many password failures WWW= https://www.fail2ban.org/wiki/index.php/Main_Page @@ -63,6 +62,8 @@ post-patch: @${REINPLACE_CMD} -e 's, sed , ${SED} ,g' \ ${WRKSRC}/config/action.d/hostsdeny.conf + # XXX Ideally this should be in do-build but it only works in + # XXX post-patch (cd ${WRKSRC}/ && ${PY2TO3_CMD} ${PY2TO3_ARG} bin/* fail2ban) post-install: diff --git a/security/py-fail2ban/distinfo b/security/py-fail2ban/distinfo index 49d9430148a1..677fb13cc841 100644 --- a/security/py-fail2ban/distinfo +++ b/security/py-fail2ban/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1606166575 -SHA256 (fail2ban-fail2ban-0.11.2_GH0.tar.gz) = 383108e5f8644cefb288537950923b7520f642e7e114efb843f6e7ea9268b1e0 -SIZE (fail2ban-fail2ban-0.11.2_GH0.tar.gz) = 559552 +TIMESTAMP = 1664854580 +SHA256 (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 62b54679ebae81ac57f32c5e27aba9f2494ec5bafd45a0fd68e7a27fd448e5ac +SIZE (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 582122 diff --git a/security/py-fail2ban/files/patch-CVE-2021-32749 b/security/py-fail2ban/files/patch-CVE-2021-32749 deleted file mode 100644 index cdea27c37f8a..000000000000 --- a/security/py-fail2ban/files/patch-CVE-2021-32749 +++ /dev/null @@ -1,158 +0,0 @@ -From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001 -From: sebres -Date: Mon, 21 Jun 2021 17:12:53 +0200 -Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable - (default tilde) stops consider "~" char after new-line as composing escape - sequence - ---- - config/action.d/complain.conf | 2 +- - config/action.d/dshield.conf | 2 +- - config/action.d/mail-buffered.conf | 8 ++++---- - config/action.d/mail-whois-lines.conf | 2 +- - config/action.d/mail-whois.conf | 6 +++--- - config/action.d/mail.conf | 6 +++--- - 6 files changed, 13 insertions(+), 13 deletions(-) - -diff --git config/action.d/complain.conf config/action.d/complain.conf -index 3a5f882c..4d73b058 100644 ---- config/action.d/complain.conf -+++ config/action.d/complain.conf -@@ -102,7 +102,7 @@ logpath = /dev/null - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: -diff --git config/action.d/dshield.conf config/action.d/dshield.conf -index c128bef3..3d5a7a53 100644 ---- config/action.d/dshield.conf -+++ config/action.d/dshield.conf -@@ -179,7 +179,7 @@ tcpflags = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: -diff --git config/action.d/mail-buffered.conf config/action.d/mail-buffered.conf -index 325f185b..79b84104 100644 ---- config/action.d/mail-buffered.conf -+++ config/action.d/mail-buffered.conf -@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Output will be buffered until lines are available.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -28,13 +28,13 @@ actionstop = if [ -f ]; then - These hosts have been banned by Fail2Ban.\n - `cat ` - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : Summary from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary from " - rm - fi - printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: ( failures)\n" >> - These hosts have been banned by Fail2Ban.\n - `cat ` - \nRegards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : Summary" -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary" - rm - fi - -diff --git config/action.d/mail-whois-lines.conf config/action.d/mail-whois-lines.conf -index 3a3e56b2..d2818cb9 100644 ---- config/action.d/mail-whois-lines.conf -+++ config/action.d/mail-whois-lines.conf -@@ -72,7 +72,7 @@ actionunban = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Default name of the chain - # -diff --git config/action.d/mail-whois.conf config/action.d/mail-whois.conf -index 7fea34c4..ab33b616 100644 ---- config/action.d/mail-whois.conf -+++ config/action.d/mail-whois.conf -@@ -20,7 +20,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n - Here is more information about :\n - `%(_whois_command)s`\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : banned from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned from " - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the -diff --git config/action.d/mail.conf config/action.d/mail.conf -index 5d8c0e15..f4838ddc 100644 ---- config/action.d/mail.conf -+++ config/action.d/mail.conf -@@ -16,7 +16,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : started on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : stopped on " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n - The IP has just been banned by Fail2Ban after - attempts against .\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] : banned from " -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned from " - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the --- -2.33.1 - diff --git a/security/py-fail2ban/files/patch-fail2ban_server_action.py b/security/py-fail2ban/files/patch-fail2ban_server_action.py deleted file mode 100644 index eed4bbc6d84d..000000000000 --- a/security/py-fail2ban/files/patch-fail2ban_server_action.py +++ /dev/null @@ -1,30 +0,0 @@ -From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" -Date: Mon, 8 Feb 2021 17:19:24 +0100 -Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes` - moved to the :mod:`collections.abc` module - -(since 3.10-alpha.5 `MutableMapping` is missing in collections module) ---- - fail2ban/server/action.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git fail2ban/server/action.py fail2ban/server/action.py -index 3bc48fe0..f0f1e6f5 100644 ---- fail2ban/server/action.py -+++ fail2ban/server/action.py -@@ -30,7 +30,10 @@ import tempfile - import threading - import time - from abc import ABCMeta --from collections import MutableMapping -+try: -+ from collections.abc import MutableMapping -+except ImportError: -+ from collections import MutableMapping - - from .failregex import mapTag2Opt - from .ipdns import DNSUtils --- -2.32.0 - diff --git a/security/py-fail2ban/files/patch-fail2ban_server_actions.py b/security/py-fail2ban/files/patch-fail2ban_server_actions.py deleted file mode 100644 index bdbf5ab2f18e..000000000000 --- a/security/py-fail2ban/files/patch-fail2ban_server_actions.py +++ /dev/null @@ -1,28 +0,0 @@ -From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" -Date: Mon, 8 Feb 2021 17:25:45 +0100 -Subject: [PATCH] amend for `Mapping` - ---- - fail2ban/server/actions.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git fail2ban/server/actions.py fail2ban/server/actions.py -index b7b95b44..897d907c 100644 ---- fail2ban/server/actions.py -+++ fail2ban/server/actions.py -@@ -28,7 +28,10 @@ import logging - import os - import sys - import time --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - try: - from collections import OrderedDict - except ImportError: --- -2.32.0 - diff --git a/security/py-fail2ban/files/patch-fail2ban_server_jails.py b/security/py-fail2ban/files/patch-fail2ban_server_jails.py deleted file mode 100644 index c299687b992a..000000000000 --- a/security/py-fail2ban/files/patch-fail2ban_server_jails.py +++ /dev/null @@ -1,28 +0,0 @@ -From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" -Date: Mon, 8 Feb 2021 17:35:59 +0100 -Subject: [PATCH] amend for `Mapping` (jails) - ---- - fail2ban/server/jails.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git fail2ban/server/jails.py fail2ban/server/jails.py -index 972a8c4b..27e12ddf 100644 ---- fail2ban/server/jails.py -+++ fail2ban/server/jails.py -@@ -22,7 +22,10 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2013- Yaroslav Halchenko" - __license__ = "GPL" - - from threading import Lock --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - - from ..exceptions import DuplicateJailException, UnknownJailException - from .jail import Jail --- -2.32.0 - diff --git a/security/py-fail2ban/files/patch-setup.py b/security/py-fail2ban/files/patch-setup.py deleted file mode 100644 index cc09c1acae19..000000000000 --- a/security/py-fail2ban/files/patch-setup.py +++ /dev/null @@ -1,26 +0,0 @@ ---- setup.py.orig 2020-11-23 20:43:03 UTC -+++ setup.py -@@ -39,14 +39,7 @@ from distutils.command.build_scripts import build_scri - if setuptools is None: - from distutils.command.install import install - from distutils.command.install_scripts import install_scripts --try: -- # python 3.x -- from distutils.command.build_py import build_py_2to3 -- from distutils.command.build_scripts import build_scripts_2to3 -- _2to3 = True --except ImportError: -- # python 2.x -- _2to3 = False -+_2to3 = False - - import os - from os.path import isfile, join, isdir, realpath -@@ -186,7 +179,6 @@ commands.''' - if setuptools: - setup_extra = { - 'test_suite': "fail2ban.tests.utils.gatherTests", -- 'use_2to3': True, - } - else: - setup_extra = {}