diff options
author | muradm <mail@muradm.net> | 2022-07-17 05:30:40 +0300 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-08-01 17:20:27 +0200 |
commit | d7e7494bc4d69de9db49488ee812e572c3250211 (patch) | |
tree | f8ea83e950b0d55685793554e8b4c1afedc79c0d | |
parent | 18d998ffdb8a64478f984bac479734e3fcc90cc3 (diff) |
gnu: Add fail2ban.
* gnu/packages/admin.scm (fail2ban): New variable.
* gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch,
gnu/packages/patches/fail2ban-paths-guix-conf.patch,
gnu/packages/patches/fail2ban-python310-server-action.patch,
gnu/packages/patches/fail2ban-python310-server-actions.patch,
gnu/packages/patches/fail2ban-python310-server-jails.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r-- | gnu/local.mk | 7 | ||||
-rw-r--r-- | gnu/packages/admin.scm | 217 | ||||
-rw-r--r-- | gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch | 155 | ||||
-rw-r--r-- | gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 | ||||
-rw-r--r-- | gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch | 48 | ||||
-rw-r--r-- | gnu/packages/patches/fail2ban-paths-guix-conf.patch | 32 | ||||
-rw-r--r-- | gnu/packages/patches/fail2ban-python310-server-action.patch | 27 | ||||
-rw-r--r-- | gnu/packages/patches/fail2ban-python310-server-actions.patch | 25 | ||||
-rw-r--r-- | gnu/packages/patches/fail2ban-python310-server-jails.patch | 25 |
9 files changed, 600 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index bba9f08bbe..10c3192ade 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1049,6 +1049,13 @@ dist_patch_DATA = \ %D%/packages/patches/exercism-disable-self-update.patch \ %D%/packages/patches/extempore-unbundle-external-dependencies.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ + %D%/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch \ + %D%/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch \ + %D%/packages/patches/fail2ban-0.11.2_fix-test-suite.patch \ + %D%/packages/patches/fail2ban-paths-guix-conf.patch \ + %D%/packages/patches/fail2ban-python310-server-action.patch \ + %D%/packages/patches/fail2ban-python310-server-actions.patch \ + %D%/packages/patches/fail2ban-python310-server-jails.patch \ %D%/packages/patches/farstream-gupnp.patch \ %D%/packages/patches/farstream-make.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 571271b5ab..146423d068 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -100,6 +100,7 @@ #:use-module (gnu packages cross-base) #:use-module (gnu packages crypto) #:use-module (gnu packages cryptsetup) + #:use-module (gnu packages curl) #:use-module (gnu packages cyrus-sasl) #:use-module (gnu packages dns) #:use-module (gnu packages elf) @@ -134,6 +135,7 @@ #:use-module (gnu packages mcrypt) #:use-module (gnu packages mpi) #:use-module (gnu packages ncurses) + #:use-module (gnu packages networking) #:use-module (gnu packages openldap) #:use-module (gnu packages patchutils) #:use-module (gnu packages pciutils) @@ -152,6 +154,7 @@ #:use-module (gnu packages ruby) #:use-module (gnu packages selinux) #:use-module (gnu packages serialization) + #:use-module (gnu packages sqlite) #:use-module (gnu packages ssh) #:use-module (gnu packages sphinx) #:use-module (gnu packages tcl) @@ -5230,3 +5233,217 @@ allows applications to use whatever seat management is available.") mediate access to shared devices, such as graphics and input, for applications that require it.") (license license:expat))) + +(define-public fail2ban + (package + (name "fail2ban") + (version "0.11.2") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/fail2ban/fail2ban") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Get rid of absolute file names. + (substitute* "setup.py" + (("/etc/fail2ban") + "etc/fail2ban") + (("/var/lib/fail2ban") + "var/lib/fail2ban") + (("\"/usr/bin/\"") + "\"usr/bin/\"") + (("\"/usr/lib/fail2ban/\"") + "\"usr/lib/fail2ban/\"") + (("'/usr/share/doc/fail2ban'") + "'usr/share/doc/fail2ban'")) + ;; disable tests performing unacceptable side-effects + (let ((make-suite (lambda (t) + (string-append + "tests.addTest.unittest.makeSuite." + t "..")))) + (substitute* "fail2ban/tests/utils.py" + (((make-suite "actiontestcase.CommandActionTest")) + "") + (((make-suite "misctestcase.SetupTest")) + "") + (((make-suite + "filtertestcase.DNSUtilsNetworkTests")) + "") + (((make-suite "filtertestcase.IgnoreIPDNS")) + "") + (((make-suite "filtertestcase.GetFailures")) + "") + (((make-suite + "fail2banclienttestcase.Fail2banServerTest")) + "") + (((make-suite + "servertestcase.ServerConfigReaderTests")) + ""))))) + (patches (search-patches + "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch" + "fail2ban-python310-server-action.patch" + "fail2ban-python310-server-actions.patch" + "fail2ban-python310-server-jails.patch" + "fail2ban-0.11.2_fix-test-suite.patch" + "fail2ban-0.11.2_CVE-2021-32749.patch" + "fail2ban-paths-guix-conf.patch")))) + (build-system python-build-system) + (arguments + '(#:phases (modify-phases %standard-phases + (add-before 'build 'invoke-2to3 + (lambda _ + (invoke "./fail2ban-2to3"))) + (add-before 'install 'fix-default-config + (lambda* (#:key outputs #:allow-other-keys) + (substitute* '("config/paths-common.conf" + "fail2ban/tests/utils.py" + "fail2ban/client/configreader.py" + "fail2ban/client/fail2bancmdline.py" + "fail2ban/client/fail2banregex.py") + (("/etc/fail2ban") + (string-append (assoc-ref outputs "out") + "/etc/fail2ban"))))) + (add-after 'fix-default-config 'set-action-dependencies + (lambda* (#:key inputs #:allow-other-keys) + ;; deleting things that are not feasible to fix + ;; or won't be used any way + (with-directory-excursion "config" + (for-each delete-file + '("paths-arch.conf" + "paths-debian.conf" + "paths-fedora.conf" + "paths-freebsd.conf" + "paths-opensuse.conf" + "paths-osx.conf"))) + (with-directory-excursion "config/action.d" + (for-each delete-file + '("apf.conf" + "bsd-ipfw.conf" + "dshield.conf" + "ipfilter.conf" + "ipfw.conf" + "firewallcmd-allports.conf" + "firewallcmd-common.conf" + "firewallcmd-ipset.conf" + "firewallcmd-multiport.conf" + "firewallcmd-new.conf" + "firewallcmd-rich-logging.conf" + "firewallcmd-rich-rules.conf" + "osx-afctl.conf" + "osx-ipfw.conf" + "pf.conf" + "nginx-block-map.conf" + "npf.conf" + "shorewall.conf" + "shorewall-ipset-proto6.conf" + "ufw.conf"))) + (let* ((lookup-cmd (lambda (i) + (search-input-file inputs i))) + (bin (lambda (i) + (lookup-cmd (string-append "/bin/" i)))) + (sbin (lambda (i) + (lookup-cmd (string-append "/sbin/" i)))) + (ip (sbin "ip")) + (sendmail (sbin "sendmail"))) + (substitute* (find-files "config/action.d" "\\.conf$") + ;; TODO: deal with geoiplookup .. + (("(awk|curl|dig|jq)" all cmd) + (bin cmd)) + (("(cat|echo|grep|head|printf|wc) " all + cmd) + (string-append (bin cmd) " ")) + ((" (date|rm|sed|tail|touch|tr) " all + cmd) + (string-append " " + (bin cmd) " ")) + (("cut -d") + (string-append (bin "cut") " -d")) + (("`date`") + (string-append "`" + (bin "date") "`")) + (("id -") + (string-append (bin "id") " -")) + (("ip -([46]) addr" all ver) + (string-append ip " -" ver " addr")) + (("ip route") + (string-append ip " route")) + (("ipset ") + (string-append (sbin "ipset") " ")) + (("(iptables|ip6tables) <" all cmd) + (string-append (sbin cmd) " <")) + (("/usr/bin/nsupdate") + (bin "nsupdate")) + (("mail -E") + (string-append sendmail " -E")) + (("nftables = nft") + (string-append "nftables = " (sbin "nft"))) + (("perl -e") + (string-append (bin "perl") " -e")) + (("/usr/sbin/sendmail") + sendmail) + (("test -e") + (string-append (bin "test") " -e")) + (("_whois = whois") + (string-append "_whois = " (bin "whois"))))) + (substitute* "config/jail.conf" + (("before = paths-debian.conf") + "before = paths-guix.conf")))) + (add-after 'install 'copy-man-pages + (lambda* (#:key outputs #:allow-other-keys) + (let* ((man (string-append (assoc-ref outputs "out") + "/man")) + (install-man (lambda (m) + (lambda (f) + (install-file (string-append f + "." m) + (string-append man + "/man" m))))) + (install-man1 (install-man "1")) + (install-man5 (install-man "5"))) + (with-directory-excursion "man" + (for-each install-man1 + '("fail2ban" + "fail2ban-client" + "fail2ban-python" + "fail2ban-regex" + "fail2ban-server" + "fail2ban-testcases")) + (for-each install-man5 + '("jail.conf"))))))))) + (inputs (list gawk + coreutils-minimal + curl + grep + jq + iproute + ipset + iptables + `(,isc-bind "utils") + nftables + perl + python-pyinotify + sed + sendmail + sqlite + whois)) + (home-page "http://www.fail2ban.org") + (synopsis "Daemon to ban hosts that cause multiple authentication errors") + (description + "Fail2Ban scans log files like @file{/var/log/auth.log} and bans IP +addresses conducting too many failed login attempts. It does this by updating +system firewall rules to reject new connections from those IP addresses, for a +configurable amount of time. Fail2Ban comes out-of-the-box ready to read many +standard log files, such as those for sshd and Apache, and is easily +configured to read any log file of your choosing, for any error you wish. + +Though Fail2Ban is able to reduce the rate of incorrect authentication +attempts, it cannot eliminate the risk presented by weak authentication. Set +up services to use only two factor, or public/private authentication +mechanisms if you really want to protect services.") + (license license:gpl2+))) diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch new file mode 100644 index 0000000000..d3c677918c --- /dev/null +++ b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch @@ -0,0 +1,155 @@ +From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001 +From: sebres <serg.brester@sebres.de> +Date: Mon, 21 Jun 2021 17:12:53 +0200 +Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable + (default tilde) stops consider "~" char after new-line as composing escape + sequence + +--- + config/action.d/complain.conf | 2 +- + config/action.d/dshield.conf | 2 +- + config/action.d/mail-buffered.conf | 8 ++++---- + config/action.d/mail-whois-lines.conf | 2 +- + config/action.d/mail-whois.conf | 6 +++--- + config/action.d/mail.conf | 6 +++--- + 6 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf +index 3a5f882c9f..4d73b05859 100644 +--- a/config/action.d/complain.conf ++++ b/config/action.d/complain.conf +@@ -102,7 +102,7 @@ logpath = /dev/null + # Notes.: Your system mail command. Is passed 2 args: subject and recipient + # Values: CMD + # +-mailcmd = mail -s ++mailcmd = mail -E 'set escape' -s + + # Option: mailargs + # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf +index c128bef348..3d5a7a53a9 100644 +--- a/config/action.d/dshield.conf ++++ b/config/action.d/dshield.conf +@@ -179,7 +179,7 @@ tcpflags = + # Notes.: Your system mail command. Is passed 2 args: subject and recipient + # Values: CMD + # +-mailcmd = mail -s ++mailcmd = mail -E 'set escape' -s + + # Option: mailargs + # Notes.: Additional arguments to mail command. e.g. for standard Unix mail: +diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf +index 325f185b2f..79b841049c 100644 +--- a/config/action.d/mail-buffered.conf ++++ b/config/action.d/mail-buffered.conf +@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n + The jail <name> has been started successfully.\n + Output will be buffered until <lines> lines are available.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> + + # Option: actionstop + # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then + These hosts have been banned by Fail2Ban.\n + `cat <tmpfile>` + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest> + rm <tmpfile> + fi + printf %%b "Hi,\n + The jail <name> has been stopped.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> + + # Option: actioncheck + # Notes.: command executed once before each actionban command +@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile> + These hosts have been banned by Fail2Ban.\n + `cat <tmpfile>` + \nRegards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest> + rm <tmpfile> + fi + +diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf +index 3a3e56b2c7..d2818cb9b9 100644 +--- a/config/action.d/mail-whois-lines.conf ++++ b/config/action.d/mail-whois-lines.conf +@@ -72,7 +72,7 @@ actionunban = + # Notes.: Your system mail command. Is passed 2 args: subject and recipient + # Values: CMD + # +-mailcmd = mail -s ++mailcmd = mail -E 'set escape' -s + + # Default name of the chain + # +diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf +index 7fea34c40d..ab33b616dc 100644 +--- a/config/action.d/mail-whois.conf ++++ b/config/action.d/mail-whois.conf +@@ -20,7 +20,7 @@ norestored = 1 + actionstart = printf %%b "Hi,\n + The jail <name> has been started successfully.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> + + # Option: actionstop + # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n + actionstop = printf %%b "Hi,\n + The jail <name> has been stopped.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> + + # Option: actioncheck + # Notes.: command executed once before each actionban command +@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n + Here is more information about <ip> :\n + `%(_whois_command)s`\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> + + # Option: actionunban + # Notes.: command executed when unbanning an IP. Take care that the +diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf +index 5d8c0e154c..f4838ddcb6 100644 +--- a/config/action.d/mail.conf ++++ b/config/action.d/mail.conf +@@ -16,7 +16,7 @@ norestored = 1 + actionstart = printf %%b "Hi,\n + The jail <name> has been started successfully.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest> + + # Option: actionstop + # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n + actionstop = printf %%b "Hi,\n + The jail <name> has been stopped.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest> + + # Option: actioncheck + # Notes.: command executed once before each actionban command +@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n + The IP <ip> has just been banned by Fail2Ban after + <failures> attempts against <name>.\n + Regards,\n +- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> ++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest> + + # Option: actionunban + # Notes.: command executed when unbanning an IP. Take care that the diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch new file mode 100644 index 0000000000..b0b14364b1 --- /dev/null +++ b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch @@ -0,0 +1,64 @@ +From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001 +From: sebres <info@sebres.de> +Date: Sun, 19 Sep 2021 18:49:18 +0200 +Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup + command: use_2to3 is invalid (setuptools 58+) + +--- + setup.py | 16 +--------------- + 1 file changed, 1 insertion(+), 15 deletions(-) + +diff --git a/setup.py b/setup.py +index f4c2550f6f..98413273c5 100755 +--- a/setup.py ++++ b/setup.py +@@ -48,7 +48,7 @@ + from glob import glob + + from fail2ban.setup import updatePyExec +- ++from fail2ban.version import version + + source_dir = os.path.realpath(os.path.dirname( + # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.): +@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False): + # Wrapper to specify fail2ban own options: + class install_command_f2b(install): + user_options = install.user_options + [ +- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'), + ('without-tests', None, 'without tests files installation'), + ] + def initialize_options(self): +- self.disable_2to3 = None + self.without_tests = not with_tests + install.initialize_options(self) + def finalize_options(self): +- global _2to3 +- ## in the test cases 2to3 should be already done (fail2ban-2to3): +- if self.disable_2to3: +- _2to3 = False +- if _2to3: +- cmdclass = self.distribution.cmdclass +- cmdclass['build_py'] = build_py_2to3 +- cmdclass['build_scripts'] = build_scripts_2to3 + if self.without_tests: + self.distribution.scripts.remove('bin/fail2ban-testcases') + +@@ -178,7 +168,6 @@ def run(self): + if setuptools: + setup_extra = { + 'test_suite': "fail2ban.tests.utils.gatherTests", +- 'use_2to3': True, + } + else: + setup_extra = {} +@@ -202,9 +191,6 @@ def run(self): + ('/usr/share/doc/fail2ban', doc_files) + ) + +-# Get version number, avoiding importing fail2ban. +-# This is due to tests not functioning for python3 as 2to3 takes place later +-exec(open(join("fail2ban", "version.py")).read()) + + setup( + name = "fail2ban", diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch new file mode 100644 index 0000000000..91d973e72e --- /dev/null +++ b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch @@ -0,0 +1,48 @@ +From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001 +From: sebres <info@sebres.de> +Date: Mon, 4 Jan 2021 02:42:38 +0100 +Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for + tests, considering interval from 2005 (alternate now) to now; + better + grouping algorithm for resulting century RE + +--- + fail2ban/server/strptime.py | 24 ++++++++++++++++++++++-- + 1 file changed, 22 insertions(+), 2 deletions(-) + +diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py +index 1464a96d1f..39fc795865 100644 +--- a/fail2ban/server/strptime.py ++++ b/fail2ban/server/strptime.py +@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo + Thereby respect possible run in the test-cases (alternate date used there) + """ + cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t] ++ def grp(exprset): ++ c = None ++ if len(exprset) > 1: ++ for i in exprset: ++ if c is None or i[0:-1] == c: ++ c = i[0:-1] ++ else: ++ c = None ++ break ++ if not c: ++ for i in exprset: ++ if c is None or i[0] == c: ++ c = i[0] ++ else: ++ c = None ++ break ++ if c: ++ return "%s%s" % (c, grp([i[len(c):] for i in exprset])) ++ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \ ++ if len(exprset) > 1 else "".join(exprset) + exprset = set( cent(now[0].year + i) for i in (-1, distance) ) + if len(now) and now[1]: +- exprset |= set( cent(now[1].year + i) for i in (-1, distance) ) +- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset) ++ exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) ) ++ return grp(sorted(list(exprset))) + + timeRE = TimeRE() + diff --git a/gnu/packages/patches/fail2ban-paths-guix-conf.patch b/gnu/packages/patches/fail2ban-paths-guix-conf.patch new file mode 100644 index 0000000000..8c2a5747ba --- /dev/null +++ b/gnu/packages/patches/fail2ban-paths-guix-conf.patch @@ -0,0 +1,32 @@ +From ef28dcf7a5bdbfd8ba586bb066d5ec53188a6bf9 Mon Sep 17 00:00:00 2001 +From: muradm <mail@muradm.net> +Date: Fri, 15 Jul 2022 20:08:14 +0300 +Subject: [PATCH] Add paths-guix.conf file. + +--- + config/paths-guix.conf | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + create mode 100644 config/paths-guix.conf + +diff --git a/config/paths-guix.conf b/config/paths-guix.conf +new file mode 100644 +index 00000000..b4a2e9f5 +--- /dev/null ++++ b/config/paths-guix.conf +@@ -0,0 +1,13 @@ ++# Guix ++ ++[INCLUDES] ++ ++before = paths-common.conf ++after = paths-overrides.local ++ ++ ++[DEFAULT] ++ ++syslog_authpriv = /var/log/secure ++syslog_mail = /var/log/maillog ++syslog_mail_warn = /var/log/maillog +-- +2.36.1 + diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch b/gnu/packages/patches/fail2ban-python310-server-action.patch new file mode 100644 index 0000000000..723d7f7aa6 --- /dev/null +++ b/gnu/packages/patches/fail2ban-python310-server-action.patch @@ -0,0 +1,27 @@ +From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" <serg.brester@sebres.de> +Date: Mon, 8 Feb 2021 17:19:24 +0100 +Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes` + moved to the :mod:`collections.abc` module + +(since 3.10-alpha.5 `MutableMapping` is missing in collections module) +--- + fail2ban/server/action.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py +index 3bc48fe046..f0f1e6f59a 100644 +--- a/fail2ban/server/action.py ++++ b/fail2ban/server/action.py +@@ -30,7 +30,10 @@ + import threading + import time + from abc import ABCMeta +-from collections import MutableMapping ++try: ++ from collections.abc import MutableMapping ++except ImportError: ++ from collections import MutableMapping + + from .failregex import mapTag2Opt + from .ipdns import DNSUtils diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch b/gnu/packages/patches/fail2ban-python310-server-actions.patch new file mode 100644 index 0000000000..e31316d28b --- /dev/null +++ b/gnu/packages/patches/fail2ban-python310-server-actions.patch @@ -0,0 +1,25 @@ +From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" <serg.brester@sebres.de> +Date: Mon, 8 Feb 2021 17:25:45 +0100 +Subject: [PATCH] amend for `Mapping` + +--- + fail2ban/server/actions.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py +index b7b95b445a..897d907c1a 100644 +--- a/fail2ban/server/actions.py ++++ b/fail2ban/server/actions.py +@@ -28,7 +28,10 @@ + import os + import sys + import time +-from collections import Mapping ++try: ++ from collections.abc import Mapping ++except ImportError: ++ from collections import Mapping + try: + from collections import OrderedDict + except ImportError: diff --git a/gnu/packages/patches/fail2ban-python310-server-jails.patch b/gnu/packages/patches/fail2ban-python310-server-jails.patch new file mode 100644 index 0000000000..e5873c415e --- /dev/null +++ b/gnu/packages/patches/fail2ban-python310-server-jails.patch @@ -0,0 +1,25 @@ +From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001 +From: "Sergey G. Brester" <serg.brester@sebres.de> +Date: Mon, 8 Feb 2021 17:35:59 +0100 +Subject: [PATCH] amend for `Mapping` (jails) + +--- + fail2ban/server/jails.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py +index 972a8c4bd2..27e12ddf65 100644 +--- a/fail2ban/server/jails.py ++++ b/fail2ban/server/jails.py +@@ -22,7 +22,10 @@ + __license__ = "GPL" + + from threading import Lock +-from collections import Mapping ++try: ++ from collections.abc import Mapping ++except ImportError: ++ from collections import Mapping + + from ..exceptions import DuplicateJailException, UnknownJailException + from .jail import Jail |