From 3f49a1709f7b21b5361a191533a2307e2a1b21d2 Mon Sep 17 00:00:00 2001 From: Richard Shaw Date: Sat, 25 Dec 2021 10:35:01 -0600 Subject: [PATCH] Add patches / updates for various fixes: * Add patch for Python 3.11 compatibilitys, fixes RHBZ#2034205. * Comment out a few lines in the selinux files that broke building on EPEL and don't seem to be needed. Fixes RHBZ#2029193. * Work around 2to3 being removed from Python setuptools. --- fail2ban-python311.patch | 21 +++++++++++++++++++++ fail2ban.spec | 12 ++++++++++-- fail2ban.te | 10 +++++----- 3 files changed, 36 insertions(+), 7 deletions(-) create mode 100644 fail2ban-python311.patch diff --git a/fail2ban-python311.patch b/fail2ban-python311.patch new file mode 100644 index 0000000..bd5d050 --- /dev/null +++ b/fail2ban-python311.patch @@ -0,0 +1,21 @@ +Index: fail2ban-0.11.2/fail2ban/tests/actiontestcase.py +=================================================================== +--- fail2ban-0.11.2.orig/fail2ban/tests/actiontestcase.py ++++ fail2ban-0.11.2/fail2ban/tests/actiontestcase.py +@@ -244,14 +244,14 @@ class CommandActionTest(LogCaptureTestCa + setattr(self.__action, 'ab', "") + setattr(self.__action, 'x?family=inet6', "") + # produce self-referencing properties except: +- self.assertRaisesRegexp(ValueError, r"properties contain self referencing definitions", ++ self.assertRaisesRegex(ValueError, r"properties contain self referencing definitions", + lambda: self.__action.replaceTag("", + self.__action._properties, conditional="family=inet4") + ) + # remore self-referencing in props: + delattr(self.__action, 'ac') + # produce self-referencing query except: +- self.assertRaisesRegexp(ValueError, r"possible self referencing definitions in query", ++ self.assertRaisesRegex(ValueError, r"possible self referencing definitions in query", + lambda: self.__action.replaceTag(""*30, + self.__action._properties, conditional="family=inet6") + ) diff --git a/fail2ban.spec b/fail2ban.spec index 93ad3d9..fc96869 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -23,6 +23,10 @@ Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf452771 Patch2: https://github.com/fail2ban/fail2ban/compare/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch # CVE-2021-32749 https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm Patch3: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844.patch +# https://github.com/fail2ban/fail2ban/issues/2882 +#Patch4: https://github.com/fail2ban/fail2ban/commit/ebf5784b8cd4b7c52d0f328b780833b8594f5567.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2034205 +Patch5: fail2ban-python311.patch BuildArch: noarch @@ -217,6 +221,10 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3 # SELinux sources cp -p %SOURCE1 %SOURCE2 %SOURCE3 . +# 2to3 has been removed from setuptools and we already use the binary in +# %%prep. +sed -i "/use_2to3/d" setup.py + %build %if 0%{?rhel} && 0%{?rhel} < 8 @@ -263,8 +271,8 @@ cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <] -banaction_allports = firewallcmd-rich-rules[actiontype=] +banaction = firewallcmd-rich-rules +banaction_allports = firewallcmd-rich-rules EOF # systemd journal configuration diff --git a/fail2ban.te b/fail2ban.te index 92615ca..8cbf7b3 100644 --- a/fail2ban.te +++ b/fail2ban.te @@ -45,7 +45,7 @@ allow fail2ban_t self:netlink_netfilter_socket create_socket_perms; read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t) -allow fail2ban_t fail2ban_log_t:file watch; +#allow fail2ban_t fail2ban_log_t:file watch; append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t) create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t) setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t) @@ -100,10 +100,10 @@ logging_read_syslog_pid(fail2ban_t) logging_dontaudit_search_audit_logs(fail2ban_t) logging_mmap_generic_logs(fail2ban_t) logging_mmap_journal(fail2ban_t) -logging_watch_audit_log_files(fail2ban_t) -logging_watch_audit_log_dirs(fail2ban_t) -logging_watch_generic_log_dirs(fail2ban_t) -logging_watch_journal_dir(fail2ban_t) +#logging_watch_audit_log_files(fail2ban_t) +#logging_watch_audit_log_dirs(fail2ban_t) +#logging_watch_generic_log_dirs(fail2ban_t) +#logging_watch_journal_dir(fail2ban_t) mta_send_mail(fail2ban_t)