diff --git a/.gitignore b/.gitignore index c3b808e..9eb5e0d 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ fail2ban-0.8.4.tar.bz2 /fail2ban-0.9-d529151.tar.xz /fail2ban-0.9-1f1a561.tar.xz /fail2ban-0.9.tar.gz +/fail2ban-0.9.1.tar.gz diff --git a/0001-Separate-php-url-fopen-logpath-by-newline.patch b/0001-Separate-php-url-fopen-logpath-by-newline.patch new file mode 100644 index 0000000..5f80bd1 --- /dev/null +++ b/0001-Separate-php-url-fopen-logpath-by-newline.patch @@ -0,0 +1,26 @@ +From d8867807f560838e70375cc9ca90585179700fe6 Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Fri, 28 Nov 2014 22:04:09 -0700 +Subject: [PATCH] Separate php-url-fopen logpath by newline + +--- + config/jail.conf | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/config/jail.conf b/config/jail.conf +index d119d22..6a95aa1 100644 +--- a/config/jail.conf ++++ b/config/jail.conf +@@ -302,7 +302,8 @@ logpath = %(nginx_error_log)s + [php-url-fopen] + + port = http,https +-logpath = %(nginx_access_log)s %(apache_access_log)s ++logpath = %(nginx_access_log)s ++ %(apache_access_log)s + + + [suhosin] +-- +2.1.0 + diff --git a/fail2ban-loglevel.patch b/fail2ban-loglevel.patch deleted file mode 100644 index f41fb87..0000000 --- a/fail2ban-loglevel.patch +++ /dev/null @@ -1,21 +0,0 @@ -commit 1470e3c01d49841335e11ed7ca7898516d1b8be8 -Author: Steven Hiscocks -Date: Wed Mar 19 19:09:07 2014 +0000 - - BF: fail2ban.conf reader expected "int" type for `loglevel` - - Closes #657 - -diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py -index f17ff92..251c698 100644 ---- a/fail2ban/client/fail2banreader.py -+++ b/fail2ban/client/fail2banreader.py -@@ -45,7 +45,7 @@ class Fail2banReader(ConfigReader): - return ConfigReader.getOptions(self, "Definition", opts) - - def getOptions(self): -- opts = [["int", "loglevel", "INFO" ], -+ opts = [["string", "loglevel", "INFO" ], - ["string", "logtarget", "STDERR"], - ["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"], - ["int", "dbpurgeage", 86400]] diff --git a/fail2ban-logpath.patch b/fail2ban-logpath.patch deleted file mode 100644 index 8de38a0..0000000 --- a/fail2ban-logpath.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff -up fail2ban-0.9/config/jail.conf.logpath fail2ban-0.9/config/jail.conf ---- fail2ban-0.9/config/jail.conf.logpath 2014-08-08 13:29:40.101582649 -0600 -+++ fail2ban-0.9/config/jail.conf 2014-08-08 13:33:56.376307236 -0600 -@@ -370,7 +370,7 @@ logpath = /var/log/tomcat*/catalina.out - [webmin-auth] - - port = 10000 --logpath = /var/log/auth.log -+logpath = %(syslog_authpriv)s - - - # -@@ -423,7 +423,7 @@ maxretry = 6 - - [vsftpd] - # or overwrite it in jails.local to be --# logpath = /var/log/auth.log -+# logpath = %(syslog_authpriv)s - # if you want to rely on PAM failed login attempts - # vsftpd's failregex should match both of those formats - port = ftp,ftp-data,ftps,ftps-data -@@ -533,7 +533,7 @@ logpath = %(postfix_log)s - [perdition] - - port = imap3,imaps,pop3,pop3s --logpath = /var/log/maillog -+logpath = %(syslog_mail)s - - - [squirrelmail] -@@ -657,13 +657,13 @@ maxretry = 5 - [pam-generic] - # pam-generic filter can be customized to monitor specific subset of 'tty's - banaction = iptables-allports --logpath = /var/log/auth.log -+logpath = %(syslog_authpriv)s - - - [xinetd-fail] - - banaction = iptables-multiport-log --logpath = /var/log/daemon.log -+logpath = %(syslog_daemon)s - maxretry = 2 - - -@@ -693,5 +693,5 @@ action = %(banaction)s[name=%(__name__) - [nagios] - - enabled = false --logpath = /var/log/messages ; nrpe.cfg may define a different log_facility -+logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility - maxretry = 1 diff --git a/fail2ban-tests-nonet.patch b/fail2ban-tests-nonet.patch deleted file mode 100644 index 57e1c1c..0000000 --- a/fail2ban-tests-nonet.patch +++ /dev/null @@ -1,20 +0,0 @@ -commit 175c5934620adb600fe4435732a3887855320669 -Author: Steven Hiscocks -Date: Wed Mar 19 19:30:48 2014 +0000 - - TST: Skip badips.py test is no network option set - -diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py -index 456a829..85c1d92 100644 ---- a/fail2ban/tests/utils.py -+++ b/fail2ban/tests/utils.py -@@ -209,6 +209,9 @@ def gatherTests(regexps=None, no_network=False): - for file_ in os.listdir( - os.path.abspath(os.path.dirname(action_d.__file__))): - if file_.startswith("test_") and file_.endswith(".py"): -+ if no_network and file_ in ['test_badips.py']: #pragma: no cover -+ # Test required network -+ continue - tests.addTest(testloader.loadTestsFromName( - "%s.%s" % (action_d.__name__, os.path.splitext(file_)[0]))) - diff --git a/fail2ban-tests-syslog.patch b/fail2ban-tests-syslog.patch deleted file mode 100644 index 0541367..0000000 --- a/fail2ban-tests-syslog.patch +++ /dev/null @@ -1,23 +0,0 @@ -commit 75325da09091f3ae800a2efbcde1a016617e5f1a -Author: Steven Hiscocks -Date: Wed Mar 19 19:21:23 2014 +0000 - - TST: Skip SYSLOG log target test if '/dev/log' not present - -diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py -index 231aecd..c4163db 100644 ---- a/fail2ban/tests/servertestcase.py -+++ b/fail2ban/tests/servertestcase.py -@@ -678,6 +678,12 @@ class TransmitterLogging(TransmitterBase): - - self.setGetTest("logtarget", "STDOUT") - self.setGetTest("logtarget", "STDERR") -+ -+ def testLogTargetSYSLOG(self): -+ if not os.path.exists("/dev/log") and sys.version_info >= (2, 7): -+ raise unittest.SkipTest("'/dev/log' not present") -+ elif not os.path.exists("/dev/log"): -+ return - self.setGetTest("logtarget", "SYSLOG") - - def testLogLevel(self): diff --git a/fail2ban-tests.patch b/fail2ban-tests.patch deleted file mode 100644 index b4dc47a..0000000 --- a/fail2ban-tests.patch +++ /dev/null @@ -1,41 +0,0 @@ -commit b2a1032f5738575f1c368360ba93fc7da5991225 -Author: Yaroslav Halchenko -Date: Tue Aug 12 11:31:42 2014 -0400 - - ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test - -diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py -index c02e861..1fa3116 100644 ---- a/fail2ban/tests/filtertestcase.py -+++ b/fail2ban/tests/filtertestcase.py -@@ -24,6 +24,7 @@ __license__ = "GPL" - - from __builtin__ import open as fopen - import unittest -+import getpass - import os - import sys - import time -@@ -349,10 +350,20 @@ class LogFileMonitor(LogCaptureTestCase): - # shorter wait time for not modified status - return not self.isModified(0.4) - -- def testNoLogFile(self): -+ def testUnaccessibleLogFile(self): - os.chmod(self.name, 0) - self.filter.getFailures(self.name) -- self.assertTrue(self._is_logged('Unable to open %s' % self.name)) -+ failure_was_logged = self._is_logged('Unable to open %s' % self.name) -+ is_root = getpass.getuser() == 'root' -+ # If ran as root, those restrictive permissions would not -+ # forbid log to be read. -+ self.assertTrue(failure_was_logged != is_root) -+ -+ def testNoLogFile(self): -+ _killfile(self.file, self.name) -+ self.filter.getFailures(self.name) -+ failure_was_logged = self._is_logged('Unable to open %s' % self.name) -+ self.assertTrue(failure_was_logged) - - def testRemovingFailRegex(self): - self.filter.delFailRegex(0) diff --git a/fail2ban.spec b/fail2ban.spec index 6d58c3a..b64e7e4 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,26 +1,12 @@ Summary: Daemon to ban hosts that cause multiple authentication errors Name: fail2ban -Version: 0.9 -Release: 9%{?dist} +Version: 0.9.1 +Release: 1%{?dist} License: GPLv2+ URL: http://fail2ban.sourceforge.net/ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz -# Upstream patch to fix setting loglevel -# https://github.com/fail2ban/fail2ban/issues/657 -Patch0: fail2ban-loglevel.patch -# Upstream patch to skip tests with no-network -# https://github.com/fail2ban/fail2ban/issues/110 -Patch1: fail2ban-tests-nonet.patch -# Upstream patch to skip syslog tests without /dev/log -# https://github.com/fail2ban/fail2ban/issues/110 -Patch2: fail2ban-tests-syslog.patch -# Fix logpaths to use syslog macros -# https://bugzilla.redhat.com/show_bug.cgi?id=1128152 -# https://github.com/fail2ban/fail2ban/pull/780 -Patch3: fail2ban-logpath.patch -# Fix test failure -# https://github.com/fail2ban/fail2ban/pull/784 -Patch4: fail2ban-tests.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1169026 +Patch0: 0001-Separate-php-url-fopen-logpath-by-newline.patch BuildRequires: python2-devel # For testcases @@ -152,11 +138,6 @@ by default. %prep %setup -q -%patch0 -p1 -b .loglevel -%patch1 -p1 -b .tests-nonet -%patch2 -p1 -b .tests-syslog -%patch3 -p1 -b .logpath -%patch4 -p1 -b .tests # Use Fedora paths sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147) @@ -283,6 +264,12 @@ fi %changelog +* Fri Nov 28 2014 Orion Poplawski - 0.9.1-2 +- Fix php-url-fopen logpath (bug #1169026) + +* Tue Oct 28 2014 Orion Poplawski - 0.9.1-1 +- Update to 0.9.1 + * Fri Aug 15 2014 Orion Poplawski - 0.9-8 - Add patch to fix tests diff --git a/sources b/sources index 78e6b89..a0b3ea2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -02de1ff774f3c16d23450a3ad1c43137 fail2ban-0.9.tar.gz +3554cc3de3f06ddfd7f90f8305b765b8 fail2ban-0.9.1.tar.gz