diff options
| author |   Markos Chandras <hwoarang@gentoo.org> | 2010-11-05 15:05:51 +0000 |
|---|---|---|
| committer | Markos Chandras <hwoarang@gentoo.org> | 2010-11-05 15:05:51 +0000 |
| commit | 3a1f2f62b6dd4a5912504afb94c19d19625c0357 (patch) | |
| tree | daee0c537a11d87d1279c95da2948bfe9f19a690 /net-analyzer/fail2ban | |
| parent | Masking fail2ban revbump for testing (diff) | |
| download | historical-3a1f2f62b6dd4a5912504afb94c19d19625c0357.tar.gz historical-3a1f2f62b6dd4a5912504afb94c19d19625c0357.tar.bz2 historical-3a1f2f62b6dd4a5912504afb94c19d19625c0357.zip | |
Bugfix revision. Fixes bug 260337,283629,301139,315073,343955. Thanks to Robert Trace <bugzilla-gentoo@farcaster.org>, Harley Peters <harley@thepetersclan.com> for the patches.
Package-Manager: portage-2.2.0_alpha3_p8/cvs/Linux x86_64
Diffstat (limited to 'net-analyzer/fail2ban')
| -rw-r--r-- | net-analyzer/fail2ban/ChangeLog | 11 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/Manifest | 17 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild | 66 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch | 31 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch | 15 | ||||
| -rw-r--r-- | net-analyzer/fail2ban/files/fail2ban-logrotate | 2 |
6 files changed, 138 insertions, 4 deletions
diff --git a/net-analyzer/fail2ban/ChangeLog b/net-analyzer/fail2ban/ChangeLog index 3f90ad2c58de..fb3f027070c5 100644 --- a/net-analyzer/fail2ban/ChangeLog +++ b/net-analyzer/fail2ban/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-analyzer/fail2ban # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.58 2010/02/08 08:35:18 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/ChangeLog,v 1.59 2010/11/05 15:05:51 hwoarang Exp $ + +*fail2ban-0.8.4-r1 (05 Nov 2010) + + 05 Nov 2010; Markos Chandras <hwoarang@gentoo.org> + +files/fail2ban-0.8.4-hashlib.patch, files/fail2ban-logrotate, + +fail2ban-0.8.4-r1.ebuild, +files/fail2ban-0.8.4-sshd-breakin.patch: + Bugfix revision. Fixes bug 260337,283629,301139,315073,343955. Thanks to + Robert Trace <bugzilla-gentoo@farcaster.org>, Harley Peters + <harley@thepetersclan.com> for the patches. 08 Feb 2010; Peter Volkov <pva@gentoo.org> fail2ban-0.8.3-r1.ebuild: Add inherit eutils for epatch. diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest index 3b7105c4f2ce..5c22e7dd62af 100644 --- a/net-analyzer/fail2ban/Manifest +++ b/net-analyzer/fail2ban/Manifest @@ -1,6 +1,19 @@ -AUX fail2ban-logrotate 163 RMD160 8b64b7af9c0ee6bb9064f5858c0e58cda0609958 SHA1 287a067a369b1da6ddfee855e4950d6b222e2ba2 SHA256 6a668bc9383371f258eae6008b925a18d587e6120edd4a7add3e1a20ac3ca4b0 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +AUX fail2ban-0.8.4-hashlib.patch 1129 RMD160 c3df715e57eb621274ef953d4da1991c46a60a6e SHA1 2385a85135b9040239901d381fb2cec564f7463b SHA256 a590d116849a2072fcd6403cfc985f3297e275caf11b184877faa45378237a9f +AUX fail2ban-0.8.4-sshd-breakin.patch 1107 RMD160 719d206fd118e25d0cee3887db7b4c8b1c241524 SHA1 c9780ec64a8e59cee3c74be2863b3816ff6b16e8 SHA256 0a986bc24fe3333254b4f4eb3fd04bb2f46652ae3be2b02d137e5c7d6aa483c8 +AUX fail2ban-logrotate 191 RMD160 26756583fbaa7b7ad09e300ac9d0cbbe8a2bdcf3 SHA1 c66d4786e9532d6785b25f36999438b590ae9040 SHA256 4cfe274ec9c71dd0ae0575298f5327230f6e67b2f8fc1a616c645d0f6b3ce02f AUX fail2ban.conf.d 217 RMD160 7d8b079d1b569caf1d822af0ec8a040723f492c5 SHA1 9592b732be3d96699c9872add7287e82260f37c0 SHA256 e35f1f820bfe5ecaac2696d60155c348d84af428e8c615e97b900c24a587d233 DIST fail2ban-0.8.4.tar.bz2 71818 RMD160 05a9dfd206f734bea9d063a2527695c1b033ea43 SHA1 0816a9f8d54013dc9b395284caff3c54f44377d8 SHA256 7a4fc0ea6dffde1db1d096757878e1b2c5f0b087a05ed7e7ca0202fb0b127982 +EBUILD fail2ban-0.8.4-r1.ebuild 1793 RMD160 23ebe439d8b2127b48e74a4f0da6e48ada3074c1 SHA1 71e3946e1dbe6dad219ffe6432d70a021689574d SHA256 28c77ff8f64ef7719bcddead8149d415c6452b62344fc0e40f20b701190f1044 EBUILD fail2ban-0.8.4.ebuild 1643 RMD160 39cd31142f4415aab038eb5d9203e4188c79fde6 SHA1 66fb9cbad7425bc97f2347b6325a9e19fb023d79 SHA256 d7e907e859cec324156749f5c4e00f1ad990515373fdfc62ff48aeaad4d88b93 -MISC ChangeLog 9026 RMD160 9806069eded3964cc9bbab31e11b32f822664dc5 SHA1 3417608994aea113354f7dbf2521943debc366b2 SHA256 ab5e3bfe36eac8a50e74ef4eccdc79bed52db8f15ee756a5555c19e824ce01e3 +MISC ChangeLog 9438 RMD160 cb86019fe1fd14aa6e0e3c486e615af53eebb292 SHA1 9336330164514533fd7dac6b3723e4976799a23a SHA256 c8775db90577f2b0ba870a22d611befa86b9dda9728b05e53c8a6b3804360cbe MISC metadata.xml 159 RMD160 28e799fe0fd02aaab9d4bbe5595f133101606f5b SHA1 9f5df3eabd621951a959cc8e0e2e0d352cd1fe1e SHA256 b75c711bd971e46f0ec957e833c60879b0c5023e0bb94409a6255781b69f6dc6 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.16 (GNU/Linux) + +iEYEARECAAYFAkzUHVMACgkQ9/cejkQaxBC2rQCeKlzQkC+kBR8dd75moi6+zx4+ +iFwAnj1w26Lybsb/zJOVdH81ABdVHN0W +=F1rc +-----END PGP SIGNATURE----- diff --git a/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild b/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild new file mode 100644 index 000000000000..166a2e13f09e --- /dev/null +++ b/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/fail2ban/fail2ban-0.8.4-r1.ebuild,v 1.1 2010/11/05 15:05:51 hwoarang Exp $ + +EAPI=2 + +PYTHON_DEPEND="2" + +inherit distutils eutils + +DESCRIPTION="Bans IP that make too many password failures" +HOMEPAGE="http://fail2ban.sourceforge.net/" +SRC_URI="mirror://sourceforge/fail2ban/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="" + +RDEPEND="net-misc/whois + virtual/mta + net-firewall/iptables" + +src_prepare() { + epatch "${FILESDIR}"/${P}-hashlib.patch \ + "${FILESDIR}"/${P}-sshd-breakin.patch + distutils_src_prepare +} + +src_install() { + distutils_src_install + + diropts -m 0755 -o root -g root + dodir /var/run/${PN} + keepdir /var/run/${PN} + + newconfd files/gentoo-confd fail2ban + newinitd files/gentoo-initd fail2ban + dodoc ChangeLog README TODO || die "dodoc failed" + doman man/*.1 || die "doman failed" + + # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d. + # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675 + insinto /etc/logrotate.d + newins "${FILESDIR}"/${PN}-logrotate ${PN} || die +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-0.7" + previous_less_than_0_7=$? +} + +pkg_postinst() { + if [[ $previous_less_than_0_7 = 0 ]] ; then + elog + elog "Configuration files are now in /etc/fail2ban/" + elog "You probably have to manually update your configuration" + elog "files before restarting Fail2ban!" + elog + elog "Fail2ban is not installed under /usr/lib anymore. The" + elog "new location is under /usr/share." + elog + elog "You are upgrading from version 0.6.x, please see:" + elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8" + fi +} diff --git a/net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch b/net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch new file mode 100644 index 000000000000..4ab90b85c88f --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-0.8.4-hashlib.patch @@ -0,0 +1,31 @@ +Index: fail2ban-0.8.4/server/filter.py +=================================================================== +--- fail2ban-0.8.4.orig/server/filter.py ++++ fail2ban-0.8.4/server/filter.py +@@ -439,7 +439,7 @@ class FileFilter(Filter): + # In order to detect log rotation, the hash (MD5) of the first line of the file + # is computed and compared to the previous hash of this line. + +-import md5 ++import hashlib + + class FileContainer: + +@@ -454,7 +454,7 @@ class FileContainer: + try: + firstLine = handler.readline() + # Computes the MD5 of the first line. +- self.__hash = md5.new(firstLine).digest() ++ self.__hash = hashlib.md5(firstLine).digest() + # Start at the beginning of file if tail mode is off. + if tail: + handler.seek(0, 2) +@@ -471,7 +471,7 @@ class FileContainer: + self.__handler = open(self.__filename) + firstLine = self.__handler.readline() + # Computes the MD5 of the first line. +- myHash = md5.new(firstLine).digest() ++ myHash = hashlib.md5(firstLine).digest() + stats = os.fstat(self.__handler.fileno()) + # Compare hash and inode + if self.__hash != myHash or self.__ino != stats.st_ino: diff --git a/net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch b/net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch new file mode 100644 index 000000000000..dcfc43f95f25 --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-0.8.4-sshd-breakin.patch @@ -0,0 +1,15 @@ +Index: fail2ban-0.8.4/config/filter.d/sshd.conf +=================================================================== +--- fail2ban-0.8.4.orig/config/filter.d/sshd.conf ++++ fail2ban-0.8.4/config/filter.d/sshd.conf +@@ -31,8 +31,8 @@ failregex = ^%(__prefix_line)s(?:error: + ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ + ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ + ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ +- ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$ +- ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$ ++ ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT\!\s* ++ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because none of user's groups are listed in AllowGroups$ + + # Option: ignoreregex + # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/net-analyzer/fail2ban/files/fail2ban-logrotate b/net-analyzer/fail2ban/files/fail2ban-logrotate index 7a4c3fda2d4b..5d22bd03950f 100644 --- a/net-analyzer/fail2ban/files/fail2ban-logrotate +++ b/net-analyzer/fail2ban/files/fail2ban-logrotate @@ -4,6 +4,6 @@ missingok compress postrotate - /usr/bin/fail2ban-client reload 1>/dev/null || true + /usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1>/dev/null || true endscript } |