diff options
| author |   Markos Chandras <hwoarang@gentoo.org> | 2010-11-05 15:05:51 +0000 |
|---|---|---|
| committer | Markos Chandras <hwoarang@gentoo.org> | 2010-11-05 15:05:51 +0000 |
| commit | c8575e5083cffbbc087bd186a5261960bef5bb53 (patch) | |
| tree | f84a3cc52aaa98d268f4c7e92b111fed6a1a1d1e /net-analyzer/fail2ban | |
| parent | Masking fail2ban revbump for testing (diff) | |
| download | gentoo-2-c8575e5083cffbbc087bd186a5261960bef5bb53.tar.gz gentoo-2-c8575e5083cffbbc087bd186a5261960bef5bb53.tar.bz2 gentoo-2-c8575e5083cffbbc087bd186a5261960bef5bb53.zip | |
Bugfix revision. Fixes bug 260337,283629,301139,315073,343955. Thanks to Robert Trace <bugzilla-gentoo@farcaster.org>, Harley Peters <harley@thepetersclan.com> for the patches.
(Portage version: 2.2.0_alpha3_p8/cvs/Linux x86_64)
Diffstat (limited to 'net-analyzer/fail2ban')
| -rw-r--r-- | net-analyzer/fail2ban/ChangeLog | 11 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild | 66 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch | 31 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch | 15 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-logrotate | 2 |
5 files changed, 123 insertions, 2 deletions
diff --git a/net-analyzer/fail2ban/ChangeLog b/net-analyzer/fail2ban/ChangeLog index 3f90ad2c58de..fb3f027070c5 100644 --- a/net-analyzer/fail2ban/ChangeLog +++ b/net-analyzer/fail2ban/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-analyzer/fail2ban # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.58 2010/02/08 08:35:18 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.59 2010/11/05 15:05:51 hwoarang Exp $ + +*fail2ban-0.8.4-r1 (05 Nov 2010) + + 05 Nov 2010; Markos Chandras <hwoarang@gentoo.org> + +files/fail2ban-0.8.4-hashlib.patch, files/fail2ban-logrotate, + +fail2ban-0.8.4-r1.ebuild, +files/fail2ban-0.8.4-sshd-breakin.patch: + Bugfix revision. Fixes bug 260337,283629,301139,315073,343955. Thanks to + Robert Trace <bugzilla-gentoo@farcaster.org>, Harley Peters + <harley@thepetersclan.com> for the patches. 08 Feb 2010; Peter Volkov <pva@gentoo.org> fail2ban-0.8.3-r1.ebuild: Add inherit eutils for epatch. diff --git a/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild new file mode 100644 index 000000000000..166a2e13f09e --- /dev/null +++ b/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild,v 1.1 2010/11/05 15:05:51 hwoarang Exp $ + +EAPI=2 + +PYTHON_DEPEND="2" + +inherit distutils eutils + +DESCRIPTION="Bans IP that make too many password failures" +HOMEPAGE="http://fail2ban.sourceforge.net/" +SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="" + +RDEPEND="net-misc/whois + virtual/mta + net-firewall/iptables" + +src_prepare() { + epatch "${FILESDIR}"/${P}-hashlib.patch \ + "${FILESDIR}"/${P}-sshd-breakin.patch + distutils_src_prepare +} + +src_install() { + distutils_src_install + + diropts -m 0755 -o root -g root + dodir /var/run/${PN} + keepdir /var/run/${PN} + + newconfd files/gentoo-confd fail2ban + newinitd files/gentoo-initd fail2ban + dodoc ChangeLog README TODO || die "dodoc failed" + doman man/*.1 || die "doman failed" + + # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d. + # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675 + insinto /etc/logrotate.d + newins "${FILESDIR}"/${PN}-logrotate ${PN} || die +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-0.7" + previous_less_than_0_7=$? +} + +pkg_postinst() { + if [[ $previous_less_than_0_7 = 0 ]] ; then + elog + elog "Configuration files are now in /etc/fail2ban/" + elog "You probably have to manually update your configuration" + elog "files before restarting Fail2ban!" + elog + elog "Fail2ban is not installed under /usr/lib anymore. The" + elog "new location is under /usr/share." + elog + elog "You are upgrading from version 0.6.x, please see:" + elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8" + fi +} diff --git a/net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch b/net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch new file mode 100644 index 000000000000..4ab90b85c88f --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch @@ -0,0 +1,31 @@ +Index: fail2ban-0.8.4/server/filter.py +=================================================================== +--- fail2ban-0.8.4.orig/server/filter.py ++++ fail2ban-0.8.4/server/filter.py +@@ -439,7 +439,7 @@ class FileFilter(Filter): + # In order to detect log rotation, the hash (MD5) of the first line of the file + # is computed and compared to the previous hash of this line. + +-import md5 ++import hashlib + + class FileContainer: + +@@ -454,7 +454,7 @@ class FileContainer: + try: + firstLine = handler.readline() + # Computes the MD5 of the first line. +- self.__hash = md5.new(firstLine).digest() ++ self.__hash = hashlib.md5(firstLine).digest() + # Start at the beginning of file if tail mode is off. + if tail: + handler.seek(0, 2) +@@ -471,7 +471,7 @@ class FileContainer: + self.__handler = open(self.__filename) + firstLine = self.__handler.readline() + # Computes the MD5 of the first line. +- myHash = md5.new(firstLine).digest() ++ myHash = hashlib.md5(firstLine).digest() + stats = os.fstat(self.__handler.fileno()) + # Compare hash and inode + if self.__hash != myHash or self.__ino != stats.st_ino: diff --git a/net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch b/net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch new file mode 100644 index 000000000000..dcfc43f95f25 --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch @@ -0,0 +1,15 @@ +Index: fail2ban-0.8.4/config/filter.d/sshd.conf +=================================================================== +--- fail2ban-0.8.4.orig/config/filter.d/sshd.conf ++++ fail2ban-0.8.4/config/filter.d/sshd.conf +@@ -31,8 +31,8 @@ failregex = ^%(__prefix_line)s(?:error: + ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ + ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ + ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ +- ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$ +- ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$ ++ ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT\!\s* ++ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$ + + # Option: ignoreregex + # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/net-analyzer/fail2ban/files/fail2ban-logrotate b/net-analyzer/fail2ban/files/fail2ban-logrotate index 7a4c3fda2d4b..5d22bd03950f 100644 --- a/net-analyzer/fail2ban/files/fail2ban-logrotate +++ b/net-analyzer/fail2ban/files/fail2ban-logrotate @@ -4,6 +4,6 @@ missingok compress postrotate - /usr/bin/fail2ban-client reload 1>/dev/null || true + /usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1>/dev/null || true endscript } |