Date: Tue, 4 Oct 2022 15:13:00 GMT From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 97829d274c53 - main - security/py-fail2ban: Update to 1.0.1 Message-ID: <202210041513.294FD0Wo059463@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=97829d274c538ecf69540c35025bb2edcb8393ca commit 97829d274c538ecf69540c35025bb2edcb8393ca Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-10-04 03:45:32 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-10-04 15:06:21 +0000 security/py-fail2ban: Update to 1.0.1 This major release of fail2ban includes many bugfixes and features. See https://github.com/fail2ban/fail2ban/releases for more information. Add comment about "build" being performed in post-patch. Assume maintainership. PR: 266810 Approved by: MAINTAINER (theis@gmx.at) --- security/py-fail2ban/Makefile | 7 +- security/py-fail2ban/distinfo | 6 +- security/py-fail2ban/files/patch-CVE-2021-32749 | 158 --------------------- .../files/patch-fail2ban_server_action.py | 30 ---- .../files/patch-fail2ban_server_actions.py | 28 ---- .../files/patch-fail2ban_server_jails.py | 28 ---- security/py-fail2ban/files/patch-setup.py | 26 ---- 7 files changed, 7 insertions(+), 276 deletions(-) diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile index f1c770376cfd..3efb617f55a1 100644 --- a/security/py-fail2ban/Makefile +++ b/security/py-fail2ban/Makefile @@ -1,10 +1,9 @@ PORTNAME= fail2ban -DISTVERSION= 0.11.2 -PORTREVISION= 3 +DISTVERSION= 1.0.1 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} -MAINTAINER= theis@gmx.at +MAINTAINER= cy@FreeBSD.org COMMENT= Scans log files and bans IP that makes too many password failures WWW= https://www.fail2ban.org/wiki/index.php/Main_Page @@ -63,6 +62,8 @@ post-patch: @${REINPLACE_CMD} -e 's, sed , ${SED} ,g' \ ${WRKSRC}/config/action.d/hostsdeny.conf + # XXX Ideally this should be in do-build but it only works in + # XXX post-patch (cd ${WRKSRC}/ && ${PY2TO3_CMD} ${PY2TO3_ARG} bin/* fail2ban) post-install: diff --git a/security/py-fail2ban/distinfo b/security/py-fail2ban/distinfo index 49d9430148a1..677fb13cc841 100644 --- a/security/py-fail2ban/distinfo +++ b/security/py-fail2ban/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1606166575 -SHA256 (fail2ban-fail2ban-0.11.2_GH0.tar.gz) = 383108e5f8644cefb288537950923b7520f642e7e114efb843f6e7ea9268b1e0 -SIZE (fail2ban-fail2ban-0.11.2_GH0.tar.gz) = 559552 +TIMESTAMP = 1664854580 +SHA256 (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 62b54679ebae81ac57f32c5e27aba9f2494ec5bafd45a0fd68e7a27fd448e5ac +SIZE (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 582122 diff --git a/security/py-fail2ban/files/patch-CVE-2021-32749 b/security/py-fail2ban/files/patch-CVE-2021-32749 deleted file mode 100644 index cdea27c37f8a..000000000000 --- a/security/py-fail2ban/files/patch-CVE-2021-32749 +++ /dev/null @@ -1,158 +0,0 @@ -From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001 -From: sebres <serg.brester@sebres.de> -Date: Mon, 21 Jun 2021 17:12:53 +0200 -Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable - (default tilde) stops consider "~" char after new-line as composing escape - sequence - ---- - config/action.d/complain.conf | 2 +- - config/action.d/dshield.conf | 2 +- - config/action.d/mail-buffered.conf | 8 ++++---- - config/action.d/mail-whois-lines.conf | 2 +- - config/action.d/mail-whois.conf | 6 +++--- - config/action.d/mail.conf | 6 +++--- - 6 files changed, 13 insertions(+), 13 deletions(-) - -diff --git config/action.d/complain.conf config/action.d/complain.conf -index 3a5f882c..4d73b058 100644 ---- config/action.d/complain.conf -+++ config/action.d/complain.conf -@@ -102,7 +102,7 @@ logpath = /dev/null - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: -diff --git config/action.d/dshield.conf config/action.d/dshield.conf -index c128bef3..3d5a7a53 100644 ---- config/action.d/dshield.conf -+++ config/action.d/dshield.conf -@@ -179,7 +179,7 @@ tcpflags = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Option: mailargs - # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: -diff --git config/action.d/mail-buffered.conf config/action.d/mail-buffered.conf -index 325f185b..79b84104 100644 ---- config/action.d/mail-buffered.conf -+++ config/action.d/mail-buffered.conf -@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n - The jail <name> has been started successfully.\n - Output will be buffered until <lines> lines are available.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then - These hosts have been banned by Fail2Ban.\n - `cat <tmpfile>` - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest> - rm <tmpfile> - fi - printf %%b "Hi,\n - The jail <name> has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile> - These hosts have been banned by Fail2Ban.\n - `cat <tmpfile>` - \nRegards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest> - rm <tmpfile> - fi - -diff --git config/action.d/mail-whois-lines.conf config/action.d/mail-whois-lines.conf -index 3a3e56b2..d2818cb9 100644 ---- config/action.d/mail-whois-lines.conf -+++ config/action.d/mail-whois-lines.conf -@@ -72,7 +72,7 @@ actionunban = - # Notes.: Your system mail command. Is passed 2 args: subject and recipient - # Values: CMD - # --mailcmd = mail -s -+mailcmd = mail -E 'set escape' -s - - # Default name of the chain - # -diff --git config/action.d/mail-whois.conf config/action.d/mail-whois.conf -index 7fea34c4..ab33b616 100644 ---- config/action.d/mail-whois.conf -+++ config/action.d/mail-whois.conf -@@ -20,7 +20,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail <name> has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail <name> has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n - Here is more information about <ip> :\n - `%(_whois_command)s`\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the -diff --git config/action.d/mail.conf config/action.d/mail.conf -index 5d8c0e15..f4838ddc 100644 ---- config/action.d/mail.conf -+++ config/action.d/mail.conf -@@ -16,7 +16,7 @@ norestored = 1 - actionstart = printf %%b "Hi,\n - The jail <name> has been started successfully.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> - - # Option: actionstop - # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) -@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n - actionstop = printf %%b "Hi,\n - The jail <name> has been stopped.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> - - # Option: actioncheck - # Notes.: command executed once before each actionban command -@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n - The IP <ip> has just been banned by Fail2Ban after - <failures> attempts against <name>.\n - Regards,\n -- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> -+ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the --- -2.33.1 - diff --git a/security/py-fail2ban/files/patch-fail2ban_server_action.py b/security/py-fail2ban/files/patch-fail2ban_server_action.py deleted file mode 100644 index eed4bbc6d84d..000000000000 --- a/security/py-fail2ban/files/patch-fail2ban_server_action.py +++ /dev/null @@ -1,30 +0,0 @@ -From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" <serg.brester@sebres.de> -Date: Mon, 8 Feb 2021 17:19:24 +0100 -Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes` - moved to the :mod:`collections.abc` module - -(since 3.10-alpha.5 `MutableMapping` is missing in collections module) ---- - fail2ban/server/action.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git fail2ban/server/action.py fail2ban/server/action.py -index 3bc48fe0..f0f1e6f5 100644 ---- fail2ban/server/action.py -+++ fail2ban/server/action.py -@@ -30,7 +30,10 @@ import tempfile - import threading - import time - from abc import ABCMeta --from collections import MutableMapping -+try: -+ from collections.abc import MutableMapping -+except ImportError: -+ from collections import MutableMapping - - from .failregex import mapTag2Opt - from .ipdns import DNSUtils --- -2.32.0 - diff --git a/security/py-fail2ban/files/patch-fail2ban_server_actions.py b/security/py-fail2ban/files/patch-fail2ban_server_actions.py deleted file mode 100644 index bdbf5ab2f18e..000000000000 --- a/security/py-fail2ban/files/patch-fail2ban_server_actions.py +++ /dev/null @@ -1,28 +0,0 @@ -From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" <serg.brester@sebres.de> -Date: Mon, 8 Feb 2021 17:25:45 +0100 -Subject: [PATCH] amend for `Mapping` - ---- - fail2ban/server/actions.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git fail2ban/server/actions.py fail2ban/server/actions.py -index b7b95b44..897d907c 100644 ---- fail2ban/server/actions.py -+++ fail2ban/server/actions.py -@@ -28,7 +28,10 @@ import logging - import os - import sys - import time --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - try: - from collections import OrderedDict - except ImportError: --- -2.32.0 - diff --git a/security/py-fail2ban/files/patch-fail2ban_server_jails.py b/security/py-fail2ban/files/patch-fail2ban_server_jails.py deleted file mode 100644 index c299687b992a..000000000000 --- a/security/py-fail2ban/files/patch-fail2ban_server_jails.py +++ /dev/null @@ -1,28 +0,0 @@ -From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" <serg.brester@sebres.de> -Date: Mon, 8 Feb 2021 17:35:59 +0100 -Subject: [PATCH] amend for `Mapping` (jails) - ---- - fail2ban/server/jails.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git fail2ban/server/jails.py fail2ban/server/jails.py -index 972a8c4b..27e12ddf 100644 ---- fail2ban/server/jails.py -+++ fail2ban/server/jails.py -@@ -22,7 +22,10 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2013- Yaroslav Halchenko" - __license__ = "GPL" - - from threading import Lock --from collections import Mapping -+try: -+ from collections.abc import Mapping -+except ImportError: -+ from collections import Mapping - - from ..exceptions import DuplicateJailException, UnknownJailException - from .jail import Jail --- -2.32.0 - diff --git a/security/py-fail2ban/files/patch-setup.py b/security/py-fail2ban/files/patch-setup.py deleted file mode 100644 index cc09c1acae19..000000000000 --- a/security/py-fail2ban/files/patch-setup.py +++ /dev/null @@ -1,26 +0,0 @@ ---- setup.py.orig 2020-11-23 20:43:03 UTC -+++ setup.py -@@ -39,14 +39,7 @@ from distutils.command.build_scripts import build_scri - if setuptools is None: - from distutils.command.install import install - from distutils.command.install_scripts import install_scripts --try: -- # python 3.x -- from distutils.command.build_py import build_py_2to3 -- from distutils.command.build_scripts import build_scripts_2to3 -- _2to3 = True --except ImportError: -- # python 2.x -- _2to3 = False -+_2to3 = False - - import os - from os.path import isfile, join, isdir, realpath -@@ -186,7 +179,6 @@ commands.''' - if setuptools: - setup_extra = { - 'test_suite': "fail2ban.tests.utils.gatherTests", -- 'use_2to3': True, - } - else: - setup_extra = {}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210041513.294FD0Wo059463>