From adcf4f8116a4a850dae301fb4dbcd7b71cb35975 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Thu, 29 Aug 2024 12:00:47 +0100 Subject: gentoo auto-resync : 29:08:2024 - 12:00:47 --- net-analyzer/Manifest.gz | Bin 43306 -> 43308 bytes net-analyzer/fail2ban/Manifest | 3 + net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild | 138 +++++++++++++++++++++ .../files/fail2ban-1.1.0-openrc-nftables.patch | 25 ++++ .../files/fail2ban-1.1.0-openssh-9.8-fixups.patch | 40 ++++++ net-analyzer/wireshark/Manifest | 2 +- net-analyzer/wireshark/wireshark-4.2.6.ebuild | 2 +- 7 files changed, 208 insertions(+), 2 deletions(-) create mode 100644 net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild create mode 100644 net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch create mode 100644 net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch (limited to 'net-analyzer') diff --git a/net-analyzer/Manifest.gz b/net-analyzer/Manifest.gz index 3915cd01989f..5973cb631789 100644 Binary files a/net-analyzer/Manifest.gz and b/net-analyzer/Manifest.gz differ diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest index f447748e1a18..0d23535b4146 100644 --- a/net-analyzer/fail2ban/Manifest +++ b/net-analyzer/fail2ban/Manifest @@ -1,11 +1,14 @@ AUX fail2ban-0.11.2-adjust-apache-logs-paths.patch 893 BLAKE2B 5b80b81488a5245d9d9d15a1b0205a1d86f132e3faa5ea3e5cf91d55082b2d264e558dca4b7fbe62f643601b3315ac31cae387c433c2d90b670965abfa744f87 SHA512 dddff4858431170f5a24daab2d3cedcdcd7a1194b8ecbbcd794dfe00dcaee4af410afef102d3a25f86f541267d7be63e3e1d239c879e95d20cef9f0dacdcdc4c AUX fail2ban-1.0.2-configreader-warning.patch 844 BLAKE2B 3dca580b50c7fa425765ee28fd07d033e738e81ac08f1b66a9b328c7fdf24227c0dca81927e61933c3c3d0c7b6895aed797642f15b449bb6485c8bef6c2315a7 SHA512 119f6b06c099f1dd147859408714fdfe3c73e254ad0d4bf04e535a1f6cbaf08ba368f3e616df792579528e5b6e26bd1be5408258a807d7e2ba36020b211d8e9e AUX fail2ban-1.0.2-umask-tests.patch 1329 BLAKE2B a7535b515e5d3be56d6e842b34e37cc6786338c1874827ff82c58251ecab63917b54d3c1de6fb4047112deade46195c168b5783922dec8895a13f7751f2c64a7 SHA512 bfffcaa54e74c34e87f4a1205573ac9fb8a66dbcc8534f9b42574be699e21ee92ce153204a7dfc63aedfe319a34d9ac3e656ff29cc054fcaf3b4709b0d56b24b +AUX fail2ban-1.1.0-openrc-nftables.patch 869 BLAKE2B 0fe00777f1c10d9c405d395c4c7e4c55ecca494242a2a42ab4a894863cc0bb4e981a6997533e864d0d4a9445e0e72746a440dcbc68d02517efda9e46ec728587 SHA512 d7a9f1aaac3631d3328891d7a0be1ec779dc03fa0fef0faf6a9fee83233a09869a537e6175ca18cb35ad02fc6d2a444b5e967f3e9200c6c7f5949dbf62cd4d2d +AUX fail2ban-1.1.0-openssh-9.8-fixups.patch 1324 BLAKE2B 5ae79dbacc19e9936f81313a3d3fc06ab90530cdfae502b17fa4493848f63f6ce84a52209a0388aff1e4e5758024a8deadc3e9fe47b0b0de0f1b4b8e1769340b SHA512 ddb31d9c013e353717a1c05bd5f4e33d7e19209d0d2ef163a88a9fa07f3c637567cbd4c7365cae3cd90eecd6c746a1f9ca31ccc6d02b1dbe6dc8533bcf2bd822 AUX fail2ban-1.1.0-openssh-9.8.patch 2482 BLAKE2B 5ca3d572332470131ec93330a14676a988f85e7177d44441c36c25ecd3095d8c0ea34cf9535c64df258d211cddf22306119f4a055c8ec5fc19c49d4b5d2281b5 SHA512 c26efa8e4929ed8a3973e4176a8adb0ca3d34fdac550376b3b5da6788f8f0f0afffc7a9031b118e6ce70052af590ff4669ea191b09d34f97636abf3515fc548e DIST fail2ban-1.0.2.tar.gz 583295 BLAKE2B 84eb5e3487c4db734f4f0a36af142d520e1cc53c2960893ee2f05ff4e78133860be59ed9580fa0d972509a03c17e5d9458b8e3f6b470a4c3154f10911f94691e SHA512 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb DIST fail2ban-1.1.0.tar.gz 603854 BLAKE2B f7c2d3a1e5b5cdca1f26d92cefe75958bb61b87ad1cf316380b91527c96f3261e5665478c5fbb053f6419956dda934c8ef3ce837af2819b1b1c8d162246fc15f SHA512 9bff7b9c41e58a953901800468e5c4153c9db6af01c7eb18111ad8620b40d03a0771020472fb759b2809d250e2bb45471e6c7e8283e72ea48290ecf7bf921821 EBUILD fail2ban-1.0.2-r3.ebuild 3817 BLAKE2B 350ebf2c9d0523009ed9f390548132367805742b20014c719fa396f3edf8df188b531374237922324b591238f4e8df5ff5fdade2505c32444e301a9b3f3d533b SHA512 9b42311a494d88f0f9ac71ed85ad1cc47917824f54858a13857176674c3ccaee66ff88b1f4fa63245556563274bcb0de891c8777f925deef3b4156e02f1c5c32 EBUILD fail2ban-1.1.0-r1.ebuild 3737 BLAKE2B d281459ba8bff2bd7cc661294bf681ef203116bfd207eef2a86b8e8aee05367a3a4ecb9f2e047d0709a10a13734d8d92a427ee7096af1f1a685ba8752abbe773 SHA512 26e2f016396a43f521b26720be1b9a46a1e734478e123a5541a135e1b7d0be78bc1f15946a1bbb78d695ef19618315034164b69b0c889a799997c828a0c41656 +EBUILD fail2ban-1.1.0-r2.ebuild 3832 BLAKE2B b5cac819ec37c544d933caa6602802ce7a7888dedf393bf012269fcfa364f4617aef425e9a220f9d865597bb544c24ac52569282149112e2478209c4490b08e2 SHA512 085c6cd52e45c90161d4f6d336cb5fc34739bca80d13a8c01466741dca625d375c9d56d1a826ce9439147f716fac13d4efbfa142b881697abf19fe7066c2f2a6 EBUILD fail2ban-1.1.0.ebuild 3692 BLAKE2B 0185481423dd83d1ebbd22f249e483852a496f22208084840c59e67d86978452e956f66da4e8021cb9fe9322513bc9316b29ab412ed3c50ba3f8e14512355e0b SHA512 bd8c84d5976a2b6d7cb823f6090a5f4ab88b2a9588f1368d8a736ed62224ef72c803a308b5e23184d667ac93966763f4c1255a5b51423bb9f0091797bb5f1743 EBUILD fail2ban-9999.ebuild 3692 BLAKE2B b0ad9a842e3e4b623f48b5f7e69bd8c61c1828dd53e90cee72966b736561dd3105e692d9cbcb4318fa5af7f40a63dbb3c4eae46cb15c4bd09140a50e2da76080 SHA512 6bc8b3092090abffcbbc7594df86d48ca1503fcbd52f97a12495a7a290015de987bd4ea42c80dfa982bfd9f0716b2d22e7071bd53deb557a64f2cdfaea3f966f MISC metadata.xml 357 BLAKE2B a5dee8c760b80bbfad6bca9a7adae797eda34b9db80716db8842c6813b4ed25ed4707290756dc869a7db4163de1ff6114c1995fcc2c485df1bcc6cad9c9a8f14 SHA512 9877a507bd3617c33351036317c5dc7855a1024d8f04f76a57edb93bd80e62b2b7c4f35784f447e94497305eab33246ae5913ba36ea001aa9068d1f91aeee9f0 diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild new file mode 100644 index 000000000000..aa1a5b054c52 --- /dev/null +++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_SINGLE_IMPL=1 +PYTHON_COMPAT=( python3_{10..13} ) + +inherit bash-completion-r1 distutils-r1 systemd tmpfiles + +DESCRIPTION="Scans log files and bans IPs that show malicious signs" +HOMEPAGE="https://www.fail2ban.org/" + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/fail2ban/fail2ban" + inherit git-r3 +else + SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~alpha amd64 arm arm64 ~loong ppc ppc64 ~riscv ~sparc x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="selinux systemd test" +RESTRICT="!test? ( test )" + +RDEPEND=" + $(python_gen_cond_dep ' + dev-python/pyasyncore[${PYTHON_USEDEP}] + dev-python/pyasynchat[${PYTHON_USEDEP}] + ' 3.12) + virtual/logger + virtual/mta + selinux? ( sec-policy/selinux-fail2ban ) + systemd? ( + $(python_gen_cond_dep ' + dev-python/python-systemd[${PYTHON_USEDEP}] + ') + ) +" +BDEPEND=" + test? ( + $(python_gen_cond_dep ' + dev-python/aiosmtpd[${PYTHON_USEDEP}] + ') + ) +" + +DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt ) + +PATCHES=( + "${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch + "${FILESDIR}"/${PN}-1.0.2-umask-tests.patch + "${FILESDIR}"/${PN}-1.1.0-openssh-9.8.patch + "${FILESDIR}"/${PN}-1.1.0-openssh-9.8-fixups.patch + "${FILESDIR}"/${PN}-1.1.0-openrc-nftables.patch +) + +python_prepare_all() { + distutils-r1_python_prepare_all + + # Replace /var/run with /run, but not in the top source directory + find . -mindepth 2 -type f -exec \ + sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die +} + +python_test() { + # Skip testRepairDb for bug #907348 (didn't always fail..) + # https://github.com/fail2ban/fail2ban/issues/3586 + bin/fail2ban-testcases \ + --no-network \ + --ignore databasetestcase.DatabaseTest.testRepairDb \ + --verbosity=4 || die "Tests failed with ${EPYTHON}" + + # Workaround for bug #790251 + rm -rf fail2ban.egg-info || die +} + +python_install_all() { + distutils-r1_python_install_all + + rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die + + newconfd files/fail2ban-openrc.conf ${PN} + + # These two are placed in the ${BUILD_DIR} after being "built" + # in install_scripts(). + newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}" + systemd_dounit "${BUILD_DIR}/${PN}.service" + + dotmpfiles files/${PN}-tmpfiles.conf + + doman man/*.{1,5} + + # Use INSTALL_MASK if you do not want to touch /etc/logrotate.d. + # See http://thread.gmane.org/gmane.linux.gentoo.devel/35675 + insinto /etc/logrotate.d + newins files/${PN}-logrotate ${PN} + + keepdir /var/lib/${PN} + + newbashcomp files/bash-completion ${PN}-client + bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex +} + +pkg_preinst() { + has_version "<${CATEGORY}/${PN}-0.7" + previous_less_than_0_7=$? +} + +pkg_postinst() { + tmpfiles_process ${PN}-tmpfiles.conf + + if [[ ${previous_less_than_0_7} == 0 ]] ; then + elog + elog "Configuration files are now in /etc/fail2ban/" + elog "You probably have to manually update your configuration" + elog "files before restarting Fail2Ban!" + elog + elog "Fail2Ban is not installed under /usr/lib anymore. The" + elog "new location is under /usr/share." + elog + elog "You are upgrading from version 0.6.x, please see:" + elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8" + fi + + if ! has_version dev-python/pyinotify ; then + elog "For most jail.conf configurations, it is recommended you install" + elog "dev-python/pyinotify to control how log file modifications are detected" + fi + + if ! has_version dev-lang/python[sqlite] ; then + elog "If you want to use ${PN}'s persistent database, then reinstall" + elog "dev-lang/python with USE=sqlite. If you do not use the" + elog "persistent database feature, then you should set" + elog "dbfile = :memory: in fail2ban.conf accordingly." + fi +} diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch new file mode 100644 index 000000000000..844be1cedd34 --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch @@ -0,0 +1,25 @@ +https://github.com/fail2ban/fail2ban/commit/9e31cfc1f10e8304dc0b5adf0a429d57fcb598a3 + +From 9e31cfc1f10e8304dc0b5adf0a429d57fcb598a3 Mon Sep 17 00:00:00 2001 +From: Michael Orlitzky +Date: Sat, 24 Aug 2024 11:59:59 -0400 +Subject: [PATCH] files/fail2ban-openrc.init.in: start after nftables + +The "after iptables" clause in the OpenRC service script's depend() +function causes fail2ban to start after iptables, if iptables is +scheduled to start. Here we add "after nftables" as well: nftables is +the successor to iptables, and fail2ban supports it out-of-the-box. +If nftables is scheduled to start, we want to wait until it's done +before starting fail2ban. +--- a/files/fail2ban-openrc.init.in ++++ b/files/fail2ban-openrc.init.in +@@ -44,7 +44,7 @@ retry="30" + + depend() { + use logger +- after iptables ++ after iptables nftables + } + + checkconfig() { + diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch new file mode 100644 index 000000000000..06ff07bd0599 --- /dev/null +++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch @@ -0,0 +1,40 @@ +https://bugs.gentoo.org/936838 +https://github.com/fail2ban/fail2ban/commit/c769046a1f729880cc53efdff4b52ac96010752f +https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c479d9d9bf19a4 + +From c769046a1f729880cc53efdff4b52ac96010752f Mon Sep 17 00:00:00 2001 +From: sebres +Date: Sun, 11 Aug 2024 11:55:39 +0200 +Subject: [PATCH] Revert "`filterd./sshd.conf`: fixed journalmatch + (sshd.service seems to be renamed to ssh.service)" - it'd patched in debian + branch. This reverts commit 6fce23e7baa484c7d1f9b0c9a11986f3916c41dd. + +--- a/config/filter.d/sshd.conf ++++ b/config/filter.d/sshd.conf +@@ -126,7 +126,7 @@ ignoreregex = + + maxlines = 1 + +-journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=sshd ++journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd + + # DEV Notes: + # + +From 54c0effceb998b73545073ac59c479d9d9bf19a4 Mon Sep 17 00:00:00 2001 +From: sebres +Date: Sun, 11 Aug 2024 12:10:12 +0200 +Subject: [PATCH] filter.d/sshd.conf: amend to #3747/#3812 (new ssh version + would log with `_COMM=sshd-session`) + +--- a/config/filter.d/sshd.conf ++++ b/config/filter.d/sshd.conf +@@ -126,7 +126,7 @@ ignoreregex = + + maxlines = 1 + +-journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd ++journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd + _COMM=sshd-session + + # DEV Notes: + # diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index e0b7ce90ea54..a0514d5f40da 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -16,6 +16,6 @@ EBUILD wireshark-4.0.11.ebuild 8629 BLAKE2B 570d1896cdc2a12deca6e12740fd6db574ba EBUILD wireshark-4.0.15.ebuild 8629 BLAKE2B 570d1896cdc2a12deca6e12740fd6db574ba4591191541e329c9a9e71bbcd71cf3bc547ef8be4584ee5d7d39715ea4498f6bd558b5169e623cf4f3f68f17a49d SHA512 f8c4693e14e9d7b60832ffacf70b79ecb387abee9abab3f02292ef06f08a270b3580a9e0a7569d27404b22a05adf6159027f6f494bb9c81bccff57fc389befe9 EBUILD wireshark-4.2.4-r1.ebuild 8904 BLAKE2B 3d9d741806defe5c9d87d6ecf240632cb4a18561aaa9c5c59672ce351c04d8d601e26694e2bd25a82a19a110099bcc982286dad2f0c2b0ba2f829b44ccb69079 SHA512 6b22e258580abc67c34da5ab9b8430cbd9533c5c026bbf46ffbe61966f218dba7e6797769ae43800400664ca3ced3606c976ea60cb0f8a8a8e6beeadc129cb27 EBUILD wireshark-4.2.5.ebuild 8839 BLAKE2B 316ed65d419e409f389a30b8ddf57481352c75ee75a39115d7a61a1aca6dbe1888cfb29b02885d329d663f4f977da4b66561d1527fa445347a50ffaa59cfd843 SHA512 96122ad547d122cc897c86f66061a0ed860ccc4b8b7360ba3998b409af6a92bc7758eb300381abaca199d83893a0eea145817439cf89d609df718f9ff877cfde -EBUILD wireshark-4.2.6.ebuild 8812 BLAKE2B 9ab4129a8459e5cf853d71007c3049b4db8280e0b08a7f4b88983f8db93463a3c8593183b99eea9a4489dd9cc4e5f7ef2336a5019e0aee98f7b201b1b3b8905b SHA512 c68912c703692723c0cc7287c2b712a7389e210a8bfd2afa6a2eb50899ed51c3439344741dd7031a0303e62c16ceaec4f8c7bcb54e269a375176b7413644b2fd +EBUILD wireshark-4.2.6.ebuild 8808 BLAKE2B 02049bc8db4a1baa1838eae3faccca58bced64614b76c6804837ab7fec58888738e8ac7890afe10291c05ee75024c74ebc2f1d0bc5d5545698f3de654a6233f4 SHA512 185bd905b325d976da17cc2ea99062053405257199021c7035cc9961f189ca10904375c44bae4c0ffab83df3dd934d7337c8421b7022c80203f36a1c43eccfeb EBUILD wireshark-9999.ebuild 8812 BLAKE2B 9ab4129a8459e5cf853d71007c3049b4db8280e0b08a7f4b88983f8db93463a3c8593183b99eea9a4489dd9cc4e5f7ef2336a5019e0aee98f7b201b1b3b8905b SHA512 c68912c703692723c0cc7287c2b712a7389e210a8bfd2afa6a2eb50899ed51c3439344741dd7031a0303e62c16ceaec4f8c7bcb54e269a375176b7413644b2fd MISC metadata.xml 5352 BLAKE2B 319ae9385ccf49cf52abdc3bb2292a6181f8bad974eecb1863b69dc248e8e1b17d95de5c7267e4e70ee28809bffc82a13f06de3e7d15541d32e2e2ab7ada638f SHA512 15580364ef3f86e9d4020c8b7e2e765a2be97742dc398d11697b87e15085e1a95e951d0200eea71484fb8d124d54b86da8542921c0b8f29d064a26681192d919 diff --git a/net-analyzer/wireshark/wireshark-4.2.6.ebuild b/net-analyzer/wireshark/wireshark-4.2.6.ebuild index 63bc4eeebbb0..3a5f9372ce89 100644 --- a/net-analyzer/wireshark/wireshark-4.2.6.ebuild +++ b/net-analyzer/wireshark/wireshark-4.2.6.ebuild @@ -24,7 +24,7 @@ else S="${WORKDIR}/${P/_/}" if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~riscv ~x86" + KEYWORDS="amd64 arm arm64 ~hppa ~ia64 ~riscv x86" fi fi -- cgit v1.2.3