git: 72a671a3d290 - main - security/py-fail2ban: Update to 1.0.2
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 09 Nov 2022 18:07:51 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=72a671a3d290e522db62c1411f05ba02dc75cb5f
commit 72a671a3d290e522db62c1411f05ba02dc75cb5f
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-11-09 18:04:14 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-11-09 18:07:07 +0000
security/py-fail2ban: Update to 1.0.2
Update to 1.0.2. This update includes the fix for upstream gh-issue-3370,
which is now removed from our patches.
Reported by: Ken <mayhem30@gmail.com>
---
security/py-fail2ban/Makefile | 3 +-
security/py-fail2ban/distinfo | 6 +-
security/py-fail2ban/files/patch-ISSUE-3370 | 87 -----------------------------
3 files changed, 4 insertions(+), 92 deletions(-)
diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile
index 789a7f54c903..dcc22566019f 100644
--- a/security/py-fail2ban/Makefile
+++ b/security/py-fail2ban/Makefile
@@ -1,6 +1,5 @@
PORTNAME= fail2ban
-DISTVERSION= 1.0.1
-PORTREVISION= 3
+DISTVERSION= 1.0.2
CATEGORIES= security python
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
diff --git a/security/py-fail2ban/distinfo b/security/py-fail2ban/distinfo
index 677fb13cc841..f1a1f71d0aea 100644
--- a/security/py-fail2ban/distinfo
+++ b/security/py-fail2ban/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1664854580
-SHA256 (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 62b54679ebae81ac57f32c5e27aba9f2494ec5bafd45a0fd68e7a27fd448e5ac
-SIZE (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 582122
+TIMESTAMP = 1668016124
+SHA256 (fail2ban-fail2ban-1.0.2_GH0.tar.gz) = ae8b0b41f27a7be12d40488789d6c258029b23a01168e3c0d347ee80b325ac23
+SIZE (fail2ban-fail2ban-1.0.2_GH0.tar.gz) = 583295
diff --git a/security/py-fail2ban/files/patch-ISSUE-3370 b/security/py-fail2ban/files/patch-ISSUE-3370
deleted file mode 100644
index 74e5a98cad01..000000000000
--- a/security/py-fail2ban/files/patch-ISSUE-3370
+++ /dev/null
@@ -1,87 +0,0 @@
-From ca2b94c5229bd474f612b57b67d796252a4aab7a Mon Sep 17 00:00:00 2001
-From: sebres <serg.brester@sebres.de>
-Date: Tue, 4 Oct 2022 14:03:07 +0200
-Subject: [PATCH] fixes gh-3370: resolve extremely long search by repeated
- apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following
- branches (it may be extremely slow up to infinite search depending on
- message); added new regression tests amend to gh-3210: fixes regression and
- matches new format in aggressive mode too
-
----
- ChangeLog | 4 ++++
- config/filter.d/dovecot.conf | 8 +++++---
- fail2ban/tests/files/logs/dovecot | 22 ++++++++++++++++++++++
- 3 files changed, 31 insertions(+), 3 deletions(-)
-
-diff --git config/filter.d/dovecot.conf config/filter.d/dovecot.conf
-index 0415ecb4..dc3ebbcd 100644
---- config/filter.d/dovecot.conf
-+++ config/filter.d/dovecot.conf
-@@ -7,19 +7,21 @@ before = common.conf
-
- [Definition]
-
-+_daemon = (?:dovecot(?:-auth)?|auth)
-+
- _auth_worker = (?:dovecot: )?auth(?:-worker)?
- _auth_worker_info = (?:conn \w+:auth(?:-worker)? \([^\)]+\): auth(?:-worker)?<\d+>: )?
--_daemon = (?:dovecot(?:-auth)?|auth)
-+_bypass_reject_reason = (?:: (?:\w+\([^\):]*\) \w+|[^\(]+))*
-
- prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap|managesieve|submission)-login: )?(?:Info: )?%(_auth_worker_info)s<F-CONTENT>.+</F-CONTENT>$
-
- failregex = ^authentication failure; logname=<F-ALT_USER1>\S*</F-ALT_USER1> uid=\S* euid=\S* tty=dovecot ruser=<F-USER>\S*</F-USER> rhost=<HOST>(?:\s+user=<F-ALT_USER>\S*</F-ALT_USER>)?\s*$
-- ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?:: (?:[^\(]+|\w+\([^\)]*\))+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
-+ ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
- ^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$
- ^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch)
- <mdre-<mode>>
-
--mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?::(?: [^ \(]+)+)? \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
-+mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
-
- mdre-normal =
-
-diff --git fail2ban/tests/files/logs/dovecot fail2ban/tests/files/logs/dovecot
-index 75934c37..0e332961 100644
---- fail2ban/tests/files/logs/dovecot
-+++ fail2ban/tests/files/logs/dovecot
-@@ -115,6 +115,17 @@ Aug 28 06:38:51 s166-62-100-187 dovecot: imap-login: Disconnected (auth failed,
- # failJSON: { "time": "2004-08-28T06:38:52", "match": true , "host": "192.0.2.4", "desc": "open parenthesis in optional part between Disconnected and (auth failed ...), gh-3210" }
- Aug 28 06:38:52 s166-62-100-187 dovecot: imap-login: Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=<test@example.com>, rip=192.0.2.4, lip=127.0.0.19, session=<Lsz0Oo7WXti3b7xe>
-
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
-+
- # failJSON: { "time": "2004-08-29T03:17:18", "match": true , "host": "192.0.2.133" }
- Aug 29 03:17:18 server dovecot: submission-login: Client has quit the connection (auth failed, 1 attempts in 2 secs): user=<user1>, method=LOGIN, rip=192.0.2.133, lip=0.0.0.0
- # failJSON: { "time": "2004-08-29T03:53:52", "match": true , "host": "192.0.2.169" }
-@@ -128,6 +139,17 @@ Aug 29 15:33:53 server dovecot: managesieve-login: Disconnected: Too many invali
-
- # filterOptions: [{"mode": "aggressive"}]
-
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
-+
- # failJSON: { "time": "2004-08-29T16:06:58", "match": true , "host": "192.0.2.5" }
- Aug 29 16:06:58 s166-62-100-187 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.0.2.5, lip=192.168.1.2, TLS handshaking: SSL_accept() syscall failed: Connection reset by peer
- # failJSON: { "time": "2004-08-31T16:15:10", "match": true , "host": "192.0.2.6" }
---
-2.38.0
-