From 22045133fed08d82c78f1090e80d8045093a8e14 Mon Sep 17 00:00:00 2001 From: Automatic Build System Date: Tue, 30 Apr 2024 09:54:58 +0200 Subject: [PATCH] automatic version update by autodist [release 1.1.0-1mamba;Tue Apr 30 2024] --- fail2ban-0.11.2-ufw-0.36-ipv6-2.patch | 37 -------------- fail2ban-0.11.2-ufw-0.36-ipv6.patch | 58 ---------------------- fail2ban-0.11.2-ufw-add-kill-options.patch | 45 ----------------- fail2ban.spec | 14 ++---- 4 files changed, 5 insertions(+), 149 deletions(-) delete mode 100644 fail2ban-0.11.2-ufw-0.36-ipv6-2.patch delete mode 100644 fail2ban-0.11.2-ufw-0.36-ipv6.patch delete mode 100644 fail2ban-0.11.2-ufw-add-kill-options.patch diff --git a/fail2ban-0.11.2-ufw-0.36-ipv6-2.patch b/fail2ban-0.11.2-ufw-0.36-ipv6-2.patch deleted file mode 100644 index 4afcfc1..0000000 --- a/fail2ban-0.11.2-ufw-0.36-ipv6-2.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 5debaa4cac2723fa863ede9ed32c19cc82c71786 Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" -Date: Thu, 6 May 2021 20:23:58 +0200 -Subject: [PATCH] option "add", can be set to "insert " instead of prepend - (customization or backwards compat) - ---- - config/action.d/ufw.conf | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf -index b47fa7e77..bf06fe679 100644 ---- a/config/action.d/ufw.conf -+++ b/config/action.d/ufw.conf -@@ -19,9 +19,9 @@ actioncheck = - - actionban = if [ -n "" ] && ufw app info "" - then -- ufw prepend from to app "" comment "" -+ ufw from to app "" comment "" - else -- ufw prepend from to comment "" -+ ufw from to comment "" - fi - ss -K dst [] - -@@ -33,6 +33,10 @@ actionunban = if [ -n "" ] && ufw app info "" - fi - - [Init] -+# Option: add -+# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1): -+add = prepend -+ - # Option: blocktype - # Notes.: reject or deny - blocktype = reject diff --git a/fail2ban-0.11.2-ufw-0.36-ipv6.patch b/fail2ban-0.11.2-ufw-0.36-ipv6.patch deleted file mode 100644 index 30b3189..0000000 --- a/fail2ban-0.11.2-ufw-0.36-ipv6.patch +++ /dev/null @@ -1,58 +0,0 @@ -From e4e7a83cffb4fb5cbb35c204795fba45c8f40c61 Mon Sep 17 00:00:00 2001 -From: usernamepi <53445688+usernamepi@users.noreply.github.com> -Date: Thu, 6 May 2021 13:44:36 +0200 -Subject: [PATCH] Update ufw.conf - -Prerequisites: -* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY. -* Ufw version is => 0.36 (released in 2018) - -* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses. -* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532 -* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open. - Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option. - My system apparently is compiled that way. ---- - config/action.d/ufw.conf | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf -index d2f731f2e6..b47fa7e772 100644 ---- a/config/action.d/ufw.conf -+++ b/config/action.d/ufw.conf -@@ -13,17 +13,26 @@ actionstop = - - actioncheck = - --actionban = [ -n "" ] && app="app " -- ufw insert from to $app -- --actionunban = [ -n "" ] && app="app " -- ufw delete from to $app -+# ufw does "quickly process packets for which we already have a connection" in before.rules, -+# therefore all related sockets should be closed -+# actionban is using `ss` to do so, this only handles IPv4 and IPv6. -+ -+actionban = if [ -n "" ] && ufw app info "" -+ then -+ ufw prepend from to app "" comment "" -+ else -+ ufw prepend from to comment "" -+ fi -+ ss -K dst [] -+ -+actionunban = if [ -n "" ] && ufw app info "" -+ then -+ ufw delete from to app "" -+ else -+ ufw delete from to -+ fi - - [Init] --# Option: insertpos --# Notes.: The position number in the firewall list to insert the block rule --insertpos = 1 -- - # Option: blocktype - # Notes.: reject or deny - blocktype = reject diff --git a/fail2ban-0.11.2-ufw-add-kill-options.patch b/fail2ban-0.11.2-ufw-add-kill-options.patch deleted file mode 100644 index 1d02012..0000000 --- a/fail2ban-0.11.2-ufw-add-kill-options.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 8f6a8df3a45395620e434fd15b4ede694a1d00aa Mon Sep 17 00:00:00 2001 -From: "Sergey G. Brester" -Date: Thu, 6 May 2021 21:47:06 +0200 -Subject: [PATCH] added new options `kill-mode` and `kill`, which makes the - drop of all connections optional - ---- - config/action.d/ufw.conf | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf -index bf06fe679..cf8c22bec 100644 ---- a/config/action.d/ufw.conf -+++ b/config/action.d/ufw.conf -@@ -23,7 +23,7 @@ actionban = if [ -n "" ] && ufw app info "" - else - ufw from to comment "" - fi -- ss -K dst [] -+ - - actionunban = if [ -n "" ] && ufw app info "" - then -@@ -32,6 +32,21 @@ actionunban = if [ -n "" ] && ufw app info "" - ufw delete from to - fi - -+# Option: kill-mode -+# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill) -+# Example: banaction = ufw[kill-mode=ss] -+kill-mode = -+ -+# intern conditional parameter used to provide killing mode after ban: -+_kill_ = -+_kill_ss = ss -K dst "[]" -+ -+# Option: kill -+# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode -+# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[]"'] -+ banaction = ufw[kill='cutter ""'] -+kill = <_kill_> -+ - [Init] - # Option: add - # Notes.: can be set to "insert 1" to insert a rule at certain position (here 1): diff --git a/fail2ban.spec b/fail2ban.spec index 1279ed7..3c0f08a 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,6 +1,6 @@ Name: fail2ban -Version: 1.0.2 -Release: 2mamba +Version: 1.1.0 +Release: 1mamba Summary: Daemon to ban hosts that cause multiple authentication errors Group: Applications/Security Vendor: openmamba @@ -9,9 +9,6 @@ Packager: Silvan Calarco URL: https://github.com/fail2ban/fail2ban Source: https://github.com/fail2ban/fail2ban.git/%{version}/fail2ban-%{version}.tar.bz2 Source1: fail2ban-paths-openmamba.conf -Patch0: fail2ban-0.11.2-ufw-0.36-ipv6.patch -Patch1: fail2ban-0.11.2-ufw-0.36-ipv6-2.patch -Patch2: fail2ban-0.11.2-ufw-add-kill-options.patch License: GPL ## AUTOBUILDREQ-BEGIN BuildRequires: libpython311-devel @@ -25,9 +22,6 @@ Daemon to ban hosts that cause multiple authentication errors. %prep %setup -q -#%patch0 -p1 -#%patch1 -p1 -#%patch2 -p1 sed -i "s|/var/run/|/run/|" files/fail2ban.service.in \ files/fail2ban-tmpfiles.conf fail2ban/server/*.py \ @@ -37,7 +31,6 @@ sed -i "s|/var/run/|/run/|" files/fail2ban.service.in \ sed -i "s|paths-debian.conf|paths-openmamba.conf|" config/jail.conf %build -./fail2ban-2to3 CFLAGS="%{optflags}" %{__python3} setup.py build %install @@ -119,6 +112,9 @@ rm -f %{buildroot}%{_sysconfdir}/paths-{arch,debian,fedora,freebsd,opensuse,osx} %doc COPYING THANKS %changelog +* Tue Apr 30 2024 Automatic Build System 1.1.0-1mamba +- automatic version update by autodist + * Mon Oct 09 2023 Silvan Calarco 1.0.2-2mamba - rebuilt with python3 == 3.11