Date: Fri, 5 Jul 2013 17:01:09 +0100 (IST) From: Nick Hilliard <nick@foobar.org> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/180327: bug fix: bugfixes for security/py-fail2ban port Message-ID: <201307051601.r65G19V8076926@pancake.netability.ie> Resent-Message-ID: <201307051610.r65GA1hc005463@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 180327 >Category: ports >Synopsis: bug fix: bugfixes for security/py-fail2ban port >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Jul 05 16:10:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Nick Hilliard >Release: FreeBSD 9.0-RELEASE amd64 >Organization: Network Ability Ltd >Environment: System: FreeBSD 9.0-RELEASE >Description: this patch fixes two bugs: - installation / removal stomps all over existing configuration files, which means that upgrading destroys existing configs. - default to /var/log/auth.log instead of /var/log/sshd.log in jail.conf. auth.log exists by default on all freebsd installations; sshd.log doesn't. >How-To-Repeat: >Fix: diff -bNur py-fail2ban.orig/Makefile py-fail2ban/Makefile --- py-fail2ban.orig/Makefile 2013-07-05 12:13:41.000000000 +0100 +++ py-fail2ban/Makefile 2013-07-05 16:37:47.000000000 +0100 @@ -3,6 +3,7 @@ PORTNAME= fail2ban PORTVERSION= 0.8.9 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= https://github.com/${PORTNAME}/${PORTNAME}/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -38,12 +39,17 @@ ${WRKSRC}/client/configreader.py \ ${WRKSRC}/fail2ban-client +CONFFILES= fail2ban.conf jail.conf + .include <bsd.port.options.mk> post-patch: @${ECHO_CMD} ${FILES} | ${XARGS} ${REINPLACE_CMD} -e 's,/etc/fail2ban,${ETCDIR},g' @${REINPLACE_CMD} -e 's,/bin/grep,grep,g' \ ${WRKSRC}/config/action.d/sendmail-whois-lines.conf +.for f in ${CONFFILES} + @${INSTALL_DATA} ${WRKSRC}/config/${f} ${WRKSRC}/config/${f}.dist +.endfor post-install: .if ${PORT_OPTIONS:MDOCS} diff -bNur py-fail2ban.orig/files/patch-jail.conf py-fail2ban/files/patch-jail.conf --- py-fail2ban.orig/files/patch-jail.conf 1970-01-01 01:00:00.000000000 +0100 +++ py-fail2ban/files/patch-jail.conf 2013-07-05 12:17:46.000000000 +0100 @@ -0,0 +1,11 @@ +--- config/jail.conf.orig 2013-07-05 12:16:39.000000000 +0100 ++++ config/jail.conf 2013-07-05 12:17:20.000000000 +0100 +@@ -400,7 +400,7 @@ + enabled=false + filter = sshd + action = pf +-logpath = /var/log/sshd.log ++logpath = /var/log/auth.log + maxretry=5 + + diff -bNur py-fail2ban.orig/files/patch-setup.py py-fail2ban/files/patch-setup.py --- py-fail2ban.orig/files/patch-setup.py 2013-07-05 12:13:41.000000000 +0100 +++ py-fail2ban/files/patch-setup.py 2013-07-05 16:34:24.000000000 +0100 @@ -1,5 +1,14 @@ ---- setup.py.orig 2013-06-10 03:40:55.000000000 -0400 -+++ setup.py 2013-06-10 03:41:17.000000000 -0400 +--- setup.py.orig 2013-05-13 16:24:07.000000000 +0100 ++++ setup.py 2013-07-05 16:32:15.000000000 +0100 +@@ -57,7 +57,7 @@ + ], + data_files = [ + ('/etc/fail2ban', +- glob("config/*.conf") ++ glob("config/*.conf.dist") + ), + ('/etc/fail2ban/filter.d', + glob("config/filter.d/*.conf") @@ -67,9 +67,6 @@ ), ('/var/run/fail2ban', @@ -10,3 +19,4 @@ ) ] ) + diff -bNur py-fail2ban.orig/pkg-plist py-fail2ban/pkg-plist --- py-fail2ban.orig/pkg-plist 2013-07-05 12:13:41.000000000 +0100 +++ py-fail2ban/pkg-plist 2013-07-05 16:27:14.000000000 +0100 @@ -26,7 +26,7 @@ %%ETCDIR%%/action.d/sendmail-whois.conf %%ETCDIR%%/action.d/sendmail.conf %%ETCDIR%%/action.d/shorewall.conf -%%ETCDIR%%/fail2ban.conf +%%ETCDIR%%/fail2ban.conf.dist %%ETCDIR%%/filter.d/apache-auth.conf %%ETCDIR%%/filter.d/apache-badbots.conf %%ETCDIR%%/filter.d/apache-nohome.conf @@ -66,7 +66,7 @@ %%ETCDIR%%/filter.d/webmin-auth.conf %%ETCDIR%%/filter.d/wuftpd.conf %%ETCDIR%%/filter.d/xinetd-fail.conf -%%ETCDIR%%/jail.conf +%%ETCDIR%%/jail.conf.dist %%PYTHON_SITELIBDIR%%/client/__init__.py %%PYTHON_SITELIBDIR%%/client/__init__.pyc %%PYTHON_SITELIBDIR%%/client/actionreader.py >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307051601.r65G19V8076926>