From 83ab8cd69d68fb990b389897b438cf500b553a77 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Feb 14 2013 21:31:50 +0000 Subject: Add patch from upstream to fix module imports (Bug #892365) Add patch from upstream to UTF-8 characters in syslog (Bug #905097) --- diff --git a/fail2ban-import.patch b/fail2ban-import.patch new file mode 100644 index 0000000..c4a2836 --- /dev/null +++ b/fail2ban-import.patch @@ -0,0 +1,75 @@ +commit d561a4c2bbc336db70d5923cf630813bc51dc3ee +Author: Yaroslav Halchenko +Date: Mon Jan 28 09:54:08 2013 -0500 + + BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112) + + This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed + + but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse + +diff --git a/fail2ban-client b/fail2ban-client +index 1d8eb15..13d018e 100755 +--- a/fail2ban-client ++++ b/fail2ban-client +@@ -27,12 +27,13 @@ import getopt, time, shlex, socket + + # Inserts our own modules path first in the list + # fix for bug #343821 +-if os.path.abspath(__file__).startswith('/usr/'): +- # makes sense to use system-wide library iff -client is also under /usr/ ++try: ++ from common.version import version ++except ImportError, e: + sys.path.insert(1, "/usr/share/fail2ban") ++ from common.version import version + +-# Now we can import our modules +-from common.version import version ++# Now we can import the rest of modules + from common.protocol import printFormatted + from client.csocket import CSocket + from client.configurator import Configurator +diff --git a/fail2ban-regex b/fail2ban-regex +index a42ed96..f9bc72c 100755 +--- a/fail2ban-regex ++++ b/fail2ban-regex +@@ -26,13 +26,14 @@ import getopt, sys, time, logging, os + + # Inserts our own modules path first in the list + # fix for bug #343821 +-if os.path.abspath(__file__).startswith('/usr/'): +- # makes sense to use system-wide library iff -regex is also under /usr/ +- sys.path.insert(1, "/usr/share/fail2ban") ++try: ++ from common.version import version ++except ImportError, e: ++ sys.path.insert(1, "/usr/share/fail2ban") ++ from common.version import version + + from client.configparserinc import SafeConfigParserWithIncludes + from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError +-from common.version import version + from server.filter import Filter + from server.failregex import RegexException + +diff --git a/fail2ban-server b/fail2ban-server +index bd86e6c..0f3410c 100755 +--- a/fail2ban-server ++++ b/fail2ban-server +@@ -26,11 +26,12 @@ import getopt, sys, logging, os + + # Inserts our own modules path first in the list + # fix for bug #343821 +-if os.path.abspath(__file__).startswith('/usr/'): +- # makes sense to use system-wide library iff -server is also under /usr/ ++try: ++ from common.version import version ++except ImportError, e: + sys.path.insert(1, "/usr/share/fail2ban") ++ from common.version import version + +-from common.version import version + from server.server import Server + + # Gets the instance of the logger. diff --git a/fail2ban-utf8.patch b/fail2ban-utf8.patch new file mode 100644 index 0000000..d0013e7 --- /dev/null +++ b/fail2ban-utf8.patch @@ -0,0 +1,18 @@ +commit f8983872ad4297ddb3017f4818edd08892dd2129 +Author: Yaroslav Halchenko +Date: Fri Feb 1 16:07:00 2013 -0500 + + BF: return str(host) to avoid spurious characters in the logs (Close gh-113) + + thanks to opoplawski@github + +diff --git a/server/failregex.py b/server/failregex.py +index 8ce9597..b194d47 100644 +--- a/server/failregex.py ++++ b/server/failregex.py +@@ -130,4 +130,4 @@ class FailRegex(Regex): + s = self._matchCache.string + r = self._matchCache.re + raise RegexException("No 'host' found in '%s' using '%s'" % (s, r)) +- return host ++ return str(host) diff --git a/fail2ban.spec b/fail2ban.spec index 80d1bae..90ac37d 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.8 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ @@ -13,6 +13,14 @@ Patch1: fail2ban-0.8.7.1-sshd.patch # Do not use pam_unix failure messages to ban sshd # https://github.com/fail2ban/fail2ban/issues/106 Patch2: fail2ban-0.8.8-sshd-pam.patch +# Upstream patch to fix module loading +# https://github.com/fail2ban/fail2ban/issues/112 +# https://bugzilla.redhat.com/show_bug.cgi?id=892365 +Patch3: fail2ban-import.patch +# Upstream patch to fix UTF-8 characters in hostnames +# https://github.com/fail2ban/fail2ban/issues/113 +# https://bugzilla.redhat.com/show_bug.cgi?id=905097 +Patch4: fail2ban-utf8.patch Patch6: fail2ban-0.8.3-log2syslog.patch Patch7: asyncserver.start_selinux.patch Patch8: fail2ban-0.8.7.1-notmp.patch @@ -21,7 +29,8 @@ BuildRequires: python-devel >= 2.3 # For testcases BuildRequires: python-inotify BuildArch: noarch -Requires: iptables, tcp_wrappers, shorewall, gamin-python +Requires: iptables +Requires: gamin-python Requires: python-inotify Requires: initscripts Requires(post): /sbin/chkconfig @@ -33,11 +42,17 @@ Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. +To use the hostsdeny and shorewall actions you must install tcp_wrappers +and shorewall respectively. + + %prep %setup -q %patch0 -p1 -b .init %patch1 -p1 -b .sshd %patch2 -p1 -b .sshd-pam +%patch3 -p1 -b .import +%patch4 -p1 -b .utf8 %patch6 -p1 -b .log2syslog %patch7 -p1 -b .fd_cloexec2 %patch8 -p1 -b .notmp @@ -98,6 +113,10 @@ fi %dir %{_localstatedir}/lib/fail2ban/ %changelog +* Thu Feb 14 2013 Orion Poplawski - 0.8.8-3 +- Add patch from upstream to fix module imports (Bug #892365) +- Add patch from upstream to UTF-8 characters in syslog (Bug #905097) + * Fri Jan 18 2013 Orion Poplawski - 0.8.8-2 - Add patch to prevent sshd blocks of successful logins for systems that use sssd or ldap