From b524383086eec23d4f8f5025f66939f2cd2d5a65 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 7 Oct 2016 16:15:02 -0600 Subject: [PATCH 1/4] Add .rpmlint file --- .rpmlint | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .rpmlint diff --git a/.rpmlint b/.rpmlint new file mode 100644 index 0000000..05ddcce --- /dev/null +++ b/.rpmlint @@ -0,0 +1,8 @@ +from Config import * +addFilter("incoherent-logrotate-file /etc/logrotate.d/fail2ban"); +addFilter("macro-in-comment %{(name|version|release)}"); +addFilter("spelling-error .* (tcp|sendmail|shorewall|sshd)"); +# Tests +addFilter("hidden-file-or-dir .*fail2ban/tests/files/config/apache.*/\.htpasswd"); +addFilter("htaccess-file-error .*fail2ban/tests/files/config/apache.*/\.htaccess"); +addFilter("zero-length .*fail2ban/tests/files/files/"); From 79ae934283ec6fa173dc60f809d4161603c80899 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 7 Oct 2016 16:15:22 -0600 Subject: [PATCH 2/4] %ghost /run/fail2ban - Fix typo in shorewall description - Move tests to -tests sub-package --- fail2ban.spec | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index d188879..9e95afe 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.5 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -115,6 +115,14 @@ This package enables support for manipulating tcp_wrapper's /etc/hosts.deny files. +%package tests +Summary: Fail2Ban testcases +Requires: %{name}-server = %{version}-%{release} + +%description tests +This package contains Fail2Ban's testscases and scripts. + + %package mail Summary: Mail actions for Fail2Ban Requires: %{name}-server = %{version}-%{release} @@ -141,7 +149,7 @@ Requires: %{name}-server = %{version}-%{release} Requires: shorewall %description shorewall -This package enables support for manipulating shoreall rules. +This package enables support for manipulating shorewall rules. %package systemd @@ -182,7 +190,7 @@ install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban -install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ +install -d -m 0755 %{buildroot}/run/fail2ban/ install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ mkdir -p %{buildroot}%{_tmpfilesdir} install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf @@ -241,17 +249,20 @@ fi %files server %doc README.md TODO ChangeLog COPYING doc/*.txt -%{_bindir}/fail2ban-server %{_bindir}/fail2ban-client %{_bindir}/fail2ban-regex -%{_bindir}/fail2ban-testcases +%{_bindir}/fail2ban-server %{python3_sitelib}/* +%exclude %{python3_sitelib}/fail2ban/tests %if 0%{?fedora} || 0%{?rhel} >= 7 %{_unitdir}/fail2ban.service %else %{_initddir}/fail2ban %endif -%{_mandir}/man1/fail2ban*.1* +%{_mandir}/man1/fail2ban.1* +%{_mandir}/man1/fail2ban-client.1* +%{_mandir}/man1/fail2ban-regex.1* +%{_mandir}/man1/fail2ban-server.1* %{_mandir}/man5/*.5* %config(noreplace) %{_sysconfdir}/fail2ban %exclude %{_sysconfdir}/fail2ban/action.d/complain.conf @@ -263,7 +274,7 @@ fi %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban %{_tmpfilesdir}/fail2ban.conf %dir %{_localstatedir}/lib/fail2ban/ -%dir %{_localstatedir}/run/fail2ban/ +%ghost %dir /run/fail2ban/ %files all @@ -273,6 +284,11 @@ fi %files hostsdeny %config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf +%files tests +%{_bindir}/fail2ban-testcases +%{_mandir}/man1/fail2ban-testcases.1* +%{python3_sitelib}/fail2ban/tests + %files mail %config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf %config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-*.conf @@ -288,6 +304,11 @@ fi %changelog +* Fri Oct 7 2016 Orion Poplawski - 0.9.5-4 +- %%ghost /run/fail2ban +- Fix typo in shorewall description +- Move tests to -tests sub-package + * Mon Oct 3 2016 Orion Poplawski - 0.9.5-3 - Add journalmatch entries for sendmail (bug #1329919) From 61410ac2576999421e894729653585efb7740432 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 19 Dec 2016 18:20:36 +0100 Subject: [PATCH 3/4] Rebuild for Python 3.6 --- fail2ban.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 9e95afe..82669c3 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban Version: 0.9.5 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -304,6 +304,9 @@ fi %changelog +* Mon Dec 19 2016 Miro Hrončok - 0.9.5-5 +- Rebuild for Python 3.6 + * Fri Oct 7 2016 Orion Poplawski - 0.9.5-4 - %%ghost /run/fail2ban - Fix typo in shorewall description From eaa8e0f385511dd57b37f38ee4205d8e5e32c5a2 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 6 Jan 2017 19:29:08 -0700 Subject: [PATCH 4/4] Update to 0.9.6 Fix sendmail-auth filter (bug #1329919) --- .gitignore | 1 + ...e12f701807a8d89bfe57c9f7f492375a0a53.patch | 60 ------------------- fail2ban-sendmail.patch | 29 +++++---- fail2ban-test.patch | 12 ---- fail2ban.spec | 17 +++--- sources | 2 +- 6 files changed, 23 insertions(+), 98 deletions(-) delete mode 100644 c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch delete mode 100644 fail2ban-test.patch diff --git a/.gitignore b/.gitignore index 000a84c..8e54753 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban-0.9.3.tar.gz /fail2ban-0.9.4.tar.gz /fail2ban-0.9.5.tar.gz +/fail2ban-0.9.6.tar.gz diff --git a/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch deleted file mode 100644 index 848ef2a..0000000 --- a/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch +++ /dev/null @@ -1,60 +0,0 @@ -From c49fe12f701807a8d89bfe57c9f7f492375a0a53 Mon Sep 17 00:00:00 2001 -From: sebres -Date: Mon, 15 Aug 2016 12:53:40 +0200 -Subject: [PATCH] fix fail2banregextestcase using setUpMyTime/tearDownMyTime: - always use correct static time as base-time (using mock up MyTime), correct - datetimes inside test - ---- - fail2ban/tests/fail2banregextestcase.py | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py -index 3321ffd..1119efd 100644 ---- a/fail2ban/tests/fail2banregextestcase.py -+++ b/fail2ban/tests/fail2banregextestcase.py -@@ -39,7 +39,7 @@ - - from ..client import fail2banregex - from ..client.fail2banregex import Fail2banRegex, get_opt_parser, output --from .utils import LogCaptureTestCase, logSys -+from .utils import setUpMyTime, tearDownMyTime, LogCaptureTestCase, logSys - from .utils import CONFIG_DIR - - -@@ -70,10 +70,12 @@ class Fail2banRegexTest(LogCaptureTestCase): - def setUp(self): - """Call before every test case.""" - LogCaptureTestCase.setUp(self) -+ setUpMyTime() - - def tearDown(self): - """Call after every test case.""" - LogCaptureTestCase.tearDown(self) -+ tearDownMyTime() - - def testWrongRE(self): - (opts, args, fail2banRegex) = _Fail2banRegex( -@@ -159,8 +161,8 @@ def testVerbose(self): - self.assertTrue(fail2banRegex.start(opts, args)) - self.assertLogged('Lines: 13 lines, 0 ignored, 5 matched, 8 missed') - -- self.assertLogged('141.3.81.106 Fri Aug 14 11:53:59 2015') -- self.assertLogged('141.3.81.106 Fri Aug 14 11:54:59 2015') -+ self.assertLogged('141.3.81.106 Sun Aug 14 11:53:59 2005') -+ self.assertLogged('141.3.81.106 Sun Aug 14 11:54:59 2005') - - def testWronChar(self): - (opts, args, fail2banRegex) = _Fail2banRegex( -@@ -169,9 +171,8 @@ def testWronChar(self): - self.assertTrue(fail2banRegex.start(opts, args)) - self.assertLogged('Lines: 4 lines, 0 ignored, 2 matched, 2 missed') - -- self.assertLogged('Error decoding line'); -- self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:58 user '); -- self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:59 user '); -+ self.assertLogged('Error decoding line') -+ self.assertLogged('Continuing to process line ignoring invalid characters:') - - self.assertLogged('Nov 8 00:16:12 main sshd[32548]: input_userauth_request: invalid user llinco') - self.assertLogged('Nov 8 00:16:12 main sshd[32547]: pam_succeed_if(sshd:auth): error retrieving information about user llinco') diff --git a/fail2ban-sendmail.patch b/fail2ban-sendmail.patch index c612560..bc2f228 100644 --- a/fail2ban-sendmail.patch +++ b/fail2ban-sendmail.patch @@ -1,14 +1,14 @@ -commit 6a5f8ddf63658f3645a88988641c06d5a9625c00 -Author: Orion Poplawski -Date: Mon Oct 3 16:26:11 2016 -0600 - - Add sendmail journalmatch options - -diff --git a/config/filter.d/sendmail-auth.conf b/config/filter.d/sendmail-auth.conf -index 138fbb8..7886e60 100644 ---- a/config/filter.d/sendmail-auth.conf -+++ b/config/filter.d/sendmail-auth.conf -@@ -13,6 +13,10 @@ failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: po +diff -up fail2ban-0.9.6/config/filter.d/sendmail-auth.conf.sendmail fail2ban-0.9.6/config/filter.d/sendmail-auth.conf +--- fail2ban-0.9.6/config/filter.d/sendmail-auth.conf.sendmail 2017-01-06 19:00:12.228687290 -0700 ++++ fail2ban-0.9.6/config/filter.d/sendmail-auth.conf 2017-01-06 19:01:33.991702030 -0700 +@@ -7,12 +7,16 @@ before = common.conf + + [Definition] + +-_daemon = (?:sm-(mta|acceptingconnections)) ++_daemon = (?:sendmail|sm-(?:mta|acceptingconnections)) + + failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$ ignoreregex = @@ -19,10 +19,9 @@ index 138fbb8..7886e60 100644 # DEV Notes: # # Author: Daniel Black -diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf -index 93b8343..219d910 100644 ---- a/config/filter.d/sendmail-reject.conf -+++ b/config/filter.d/sendmail-reject.conf +diff -up fail2ban-0.9.6/config/filter.d/sendmail-reject.conf.sendmail fail2ban-0.9.6/config/filter.d/sendmail-reject.conf +--- fail2ban-0.9.6/config/filter.d/sendmail-reject.conf.sendmail 2017-01-06 19:00:12.229687303 -0700 ++++ fail2ban-0.9.6/config/filter.d/sendmail-reject.conf 2017-01-06 19:00:12.229687303 -0700 @@ -33,6 +33,8 @@ ignoreregex = [Init] diff --git a/fail2ban-test.patch b/fail2ban-test.patch deleted file mode 100644 index 1522ece..0000000 --- a/fail2ban-test.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py.test fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py ---- fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py.test 2016-03-09 10:43:53.649645648 -0700 -+++ fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py 2016-03-09 11:00:19.208546116 -0700 -@@ -632,8 +632,6 @@ class JailsReaderTest(LogCaptureTestCase - - # and we know even some of them by heart - for j in ['sshd', 'recidive']: -- # by default we have 'auto' backend ATM -- self.assertTrue(['add', j, 'auto'] in comm_commands) - # and warn on useDNS - self.assertTrue(['set', j, 'usedns', 'warn'] in comm_commands) - self.assertTrue(['start', j] in comm_commands) diff --git a/fail2ban.spec b/fail2ban.spec index 82669c3..f2c4ab7 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,17 +1,11 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban -Version: 0.9.5 -Release: 5%{?dist} +Version: 0.9.6 +Release: 1%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz -# Fix failing test -# https://github.com/fail2ban/fail2ban/issues/1353 -Patch0: fail2ban-test.patch -# Upstream patch to fix failing tests -# https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53 -Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch # Give up being PartOf iptables for now # https://bugzilla.redhat.com/show_bug.cgi?id=1379141 Patch2: fail2ban-partof.patch @@ -163,8 +157,6 @@ by default. %prep %setup -q -%patch0 -p1 -b .test -%patch1 -p1 %patch2 -p1 -b .partof %patch3 -p1 -b .sendmail # Use Fedora paths @@ -250,6 +242,7 @@ fi %files server %doc README.md TODO ChangeLog COPYING doc/*.txt %{_bindir}/fail2ban-client +%{_bindir}/fail2ban-python %{_bindir}/fail2ban-regex %{_bindir}/fail2ban-server %{python3_sitelib}/* @@ -304,6 +297,10 @@ fi %changelog +* Fri Jan 6 2017 Orion Poplawski - 0.9.6-1 +- Update to 0.9.6 +- Fix sendmail-auth filter (bug #1329919) + * Mon Dec 19 2016 Miro Hrončok - 0.9.5-5 - Rebuild for Python 3.6 diff --git a/sources b/sources index 7cb27dc..b9708c4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1b59fc84a40b790e3f959257d64ab313 fail2ban-0.9.5.tar.gz +SHA512 (fail2ban-0.9.6.tar.gz) = 4a0c09451409f81882664c2316867aa1c45572018b7f4647f8dc356f9115c9c2ff4a17098ef249bcc6712acfed6b5c99518b1c069ef1bf253d96c900d29be1d2