CVS commit: pkgsrc/security/fail2ban

["Nils Ratusznik" <nils%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nils
Date:           Thu Feb  2 18:35:56 UTC 2017

Modified Files:
        pkgsrc/security/fail2ban: Makefile PLIST distinfo

Log Message:
Updated security/fail2ban to 0.9.6.

Upstream changelog :
* Misleading add resp. enable of (already available) jail in database, that
  induced a subsequent error: last position of log file will be never retrieved (gh-795)
* Fixed a distribution related bug within testReadStockJailConfForceEnabled
  (e.g. test-cases faults on Fedora, see gh-1353)
* Fixed pythonic filters and test scripts (running via wrong python version,
  uses "fail2ban-python" now);
* Fixed test case "testSetupInstallRoot" for not default python version (also
  using direct call, out of virtualenv);
* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
* Monit config: scripting is not supported in path (gh-1556)
* `filter.d/apache-modsecurity.conf`
    - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all
      replaced for safer match, unneeded catch-all anchoring removed, non-capturing
* `filter.d/asterisk.conf`
    - Fixed to match different asterisk log prefix (source file: method:)
* `filter.d/dovecot.conf`
    - Fixed failregex ignores failures through some not relevant info (gh-1623)
* `filter.d/ignorecommands/apache-fakegooglebot`
    - Fixed error within apache-fakegooglebot, that will be called
      with wrong python version (gh-1506)
* `filter.d/assp.conf`
    - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
* `filter.d/postfix-sasl.conf`
    - Allow for having no trailing space after 'failed:' (gh-1497)
* `filter.d/vsftpd.conf`
    - Optional reason part in message after FAIL LOGIN (gh-1543)
* `filter.d/sendmail-reject.conf`
    - removed mandatory double space (if dns-host available, gh-1579)
* filter.d/sshd.conf
    - recognized "Failed publickey for" (gh-1477);
    - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
    - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
    - optional port part after host (see gh-1533, gh-1581)

* New Actions:
    - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
* New Filters:
    - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine)
      (gh-1586, gh-1606 and gh-1607)

* DateTemplate regexp extended with the word-end boundary, additionally to
  word-start boundary
* Introduces new command "fail2ban-python", as automatically created symlink to
  python executable, where fail2ban currently installed (resp. its modules are located):
    - allows to use the same version, fail2ban currently running, e.g. in
      external scripts just via replace python with fail2ban-python:
      ```diff
      -#!/usr/bin/env python
      +#!/usr/bin/env fail2ban-python
      ```
    - always the same pickle protocol
    - the same (and also guaranteed available) fail2ban modules
    - simplified stand-alone install, resp. stand-alone installation possibility
      via setup (like gh-1487) is getting closer
* Several test cases rewritten using new methods assertIn, assertNotIn
* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
  Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged
  are test covered now
* Jail configuration extended with new syntax to pass options to the backend (see gh-1408),
  examples:
    - `backend = systemd[journalpath=/run/log/journal/machine-1]`
    - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
    - `backend = systemd[journalflags=2]`


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/fail2ban/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/fail2ban/PLIST \
    pkgsrc/security/fail2ban/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/fail2ban/Makefile
diff -u pkgsrc/security/fail2ban/Makefile:1.5 pkgsrc/security/fail2ban/Makefile:1.6
--- pkgsrc/security/fail2ban/Makefile:1.5       Sun Dec  4 21:02:55 2016
+++ pkgsrc/security/fail2ban/Makefile   Thu Feb  2 18:35:56 2017
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.5 2016/12/04 21:02:55 nils Exp $
+# $NetBSD: Makefile,v 1.6 2017/02/02 18:35:56 nils Exp $
 #
 
-DISTNAME=      fail2ban-0.9.5
+DISTNAME=      fail2ban-0.9.6
 #PKGREVISION=  2
 CATEGORIES=    security
 MASTER_SITES=  -https://github.com/fail2ban/fail2ban/archive/${PKGVERSION_NOREV}${EXTRACT_SUFX}
@@ -33,11 +33,11 @@ CONF_FILES+=                ${EGDIR}/${config} ${PKG_S
 .endfor
 
 
-.for action in apf.conf badips.conf badips.py blocklist_de.conf bsd-ipfw.conf cloudflare.conf complain.conf dshield.conf dummy.conf firewallcmd-allports.conf firewallcmd-ipset.conf 
firewallcmd-multiport.conf firewallcmd-new.conf firewallcmd-rich-logging.conf firewallcmd-rich-rules.conf hostsdeny.conf ipfilter.conf ipfw.conf iptables-allports.conf iptables-common.conf 
iptables-ipset-proto4.conf iptables-ipset-proto6-allports.conf iptables-ipset-proto6.conf iptables-multiport-log.conf iptables-multiport.conf iptables-new.conf iptables-xt_recent-echo.conf 
iptables.conf mail-buffered.conf mail-whois-common.conf mail-whois-lines.conf mail-whois.conf mail.conf mynetwatchman.conf nftables-allports.conf nftables-common.conf nftables-multiport.conf 
nsupdate.conf osx-afctl.conf osx-ipfw.conf pf.conf route.conf sendmail-buffered.conf sendmail-common.conf sendmail-geoip-lines.conf sendmail-whois-ipjailmatches.conf sendmail-whois-ipmatches.conf 
sendmail-whois-lines.conf sendmail-whois-matches.co
 nf sendmail-whois.conf sendmail.conf shorewall-ipset-proto6.conf shorewall.conf smtp.py symbiosis-blacklist-allports.conf ufw.conf xarf-login-attack.conf
+.for action in apf.conf badips.conf badips.py blocklist_de.conf bsd-ipfw.conf cloudflare.conf complain.conf dshield.conf dummy.conf firewallcmd-allports.conf firewallcmd-ipset.conf 
firewallcmd-multiport.conf firewallcmd-new.conf firewallcmd-rich-logging.conf firewallcmd-rich-rules.conf hostsdeny.conf ipfilter.conf ipfw.conf iptables-allports.conf iptables-common.conf 
iptables-ipset-proto4.conf iptables-ipset-proto6-allports.conf iptables-ipset-proto6.conf iptables-multiport-log.conf iptables-multiport.conf iptables-new.conf iptables-xt_recent-echo.conf 
iptables.conf mail-buffered.conf mail-whois-common.conf mail-whois-lines.conf mail-whois.conf mail.conf mynetwatchman.conf nftables-allports.conf nftables-common.conf nftables-multiport.conf npf.conf 
nsupdate.conf osx-afctl.conf osx-ipfw.conf pf.conf route.conf sendmail-buffered.conf sendmail-common.conf sendmail-geoip-lines.conf sendmail-whois-ipjailmatches.conf sendmail-whois-ipmatches.conf 
sendmail-whois-lines.conf sendmail-whois-m
 atches.conf sendmail-whois.conf sendmail.conf shorewall-ipset-proto6.conf shorewall.conf smtp.py symbiosis-blacklist-allports.conf ufw.conf xarf-login-attack.conf
 CONF_FILES+=           ${EGDIR}/action.d/${action} ${PKG_SYSCONFDIR}/action.d/${action}
 .endfor
 
-.for filter in 3proxy.conf apache-auth.conf apache-badbots.conf apache-botsearch.conf apache-common.conf apache-fakegooglebot.conf apache-modsecurity.conf apache-nohome.conf apache-noscript.conf 
apache-overflows.conf apache-pass.conf apache-shellshock.conf assp.conf asterisk.conf botsearch-common.conf common.conf counter-strike.conf courier-auth.conf courier-smtp.conf cyrus-imap.conf 
directadmin.conf dovecot.conf dropbear.conf drupal-auth.conf ejabberd-auth.conf exim-common.conf exim-spam.conf exim.conf freeswitch.conf froxlor-auth.conf groupoffice.conf gssftpd.conf 
guacamole.conf haproxy-http-auth.conf horde.conf kerio.conf lighttpd-auth.conf monit.conf murmur.conf mysqld-auth.conf nagios.conf named-refused.conf nginx-botsearch.conf nginx-http-auth.conf 
nginx-limit-req.conf nsd.conf openhab.conf openwebmail.conf oracleims.conf pam-generic.conf perdition.conf php-url-fopen.conf portsentry.conf postfix-rbl.conf postfix-sasl.conf postfix.conf 
proftpd.conf pure-ftpd.conf qmail.conf rec
 idive.conf roundcube-auth.conf screensharingd.conf selinux-common.conf selinux-ssh.conf sendmail-auth.conf sendmail-reject.conf sieve.conf slapd.conf sogo-auth.conf solid-pop3d.conf squid.conf 
squirrelmail.conf sshd-ddos.conf sshd.conf stunnel.conf suhosin.conf tine20.conf uwimap-auth.conf vsftpd.conf webmin-auth.conf wuftpd.conf xinetd-fail.conf
+.for filter in 3proxy.conf apache-auth.conf apache-badbots.conf apache-botsearch.conf apache-common.conf apache-fakegooglebot.conf apache-modsecurity.conf apache-nohome.conf apache-noscript.conf 
apache-overflows.conf apache-pass.conf apache-shellshock.conf assp.conf asterisk.conf botsearch-common.conf common.conf counter-strike.conf courier-auth.conf courier-smtp.conf cyrus-imap.conf 
directadmin.conf dovecot.conf dropbear.conf drupal-auth.conf ejabberd-auth.conf exim-common.conf exim-spam.conf exim.conf freeswitch.conf froxlor-auth.conf groupoffice.conf gssftpd.conf 
guacamole.conf haproxy-http-auth.conf horde.conf kerio.conf lighttpd-auth.conf mongodb-auth.conf monit.conf murmur.conf mysqld-auth.conf nagios.conf named-refused.conf nginx-botsearch.conf 
nginx-http-auth.conf nginx-limit-req.conf nsd.conf openhab.conf openwebmail.conf oracleims.conf pam-generic.conf perdition.conf php-url-fopen.conf portsentry.conf postfix-rbl.conf postfix-sasl.conf 
postfix.conf proftpd.conf pure-ftpd.c
 onf qmail.conf recidive.conf roundcube-auth.conf screensharingd.conf selinux-common.conf selinux-ssh.conf sendmail-auth.conf sendmail-reject.conf sieve.conf slapd.conf sogo-auth.conf 
solid-pop3d.conf squid.conf squirrelmail.conf sshd-ddos.conf sshd.conf stunnel.conf suhosin.conf tine20.conf uwimap-auth.conf vsftpd.conf webmin-auth.conf wuftpd.conf xinetd-fail.conf
 CONF_FILES+=           ${EGDIR}/filter.d/${filter} ${PKG_SYSCONFDIR}/filter.d/${filter}
 .endfor
 
@@ -109,8 +109,11 @@ post-install:
 .for manfile5 in ${MANPAGES5}
        ${INSTALL_MAN} ${WRKSRC}/man/${manfile5} ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/
 .endfor
-.for i in ${TXTDOCFILES}
-       ${INSTALL_DATA} ${WRKSRC}/doc/build/text/${i} ${DESTDIR}${DOCDIR}/
+.for txt1 in ${TXTDOCFILES}
+       ${INSTALL_DATA} ${WRKSRC}/doc/build/text/${txt1} ${DESTDIR}${DOCDIR}/
+.endfor
+.for txt2 in DEVELOP FILTERS README.Solaris README.md doc/run-rootless.txt
+       ${INSTALL_DATA} ${WRKSRC}/${txt2} ${DESTDIR}${DOCDIR}/
 .endfor
 
 .include "options.mk"

Index: pkgsrc/security/fail2ban/PLIST
diff -u pkgsrc/security/fail2ban/PLIST:1.3 pkgsrc/security/fail2ban/PLIST:1.4
--- pkgsrc/security/fail2ban/PLIST:1.3  Sun Dec  4 21:02:55 2016
+++ pkgsrc/security/fail2ban/PLIST      Thu Feb  2 18:35:56 2017
@@ -1,5 +1,6 @@
-@comment $NetBSD: PLIST,v 1.3 2016/12/04 21:02:55 nils Exp $
+@comment $NetBSD: PLIST,v 1.4 2017/02/02 18:35:56 nils Exp $
 bin/fail2ban-client
+bin/fail2ban-python
 bin/fail2ban-regex
 bin/fail2ban-server
 bin/fail2ban-testcases
@@ -127,6 +128,9 @@ ${PYSITELIB}/fail2ban/server/ticket.pyo
 ${PYSITELIB}/fail2ban/server/transmitter.py
 ${PYSITELIB}/fail2ban/server/transmitter.pyc
 ${PYSITELIB}/fail2ban/server/transmitter.pyo
+${PYSITELIB}/fail2ban/setup.py
+${PYSITELIB}/fail2ban/setup.pyc
+${PYSITELIB}/fail2ban/setup.pyo
 ${PYSITELIB}/fail2ban/tests/__init__.py
 ${PYSITELIB}/fail2ban/tests/__init__.pyc
 ${PYSITELIB}/fail2ban/tests/__init__.pyo
@@ -253,6 +257,7 @@ ${PYSITELIB}/fail2ban/tests/files/logs/h
 ${PYSITELIB}/fail2ban/tests/files/logs/horde
 ${PYSITELIB}/fail2ban/tests/files/logs/kerio
 ${PYSITELIB}/fail2ban/tests/files/logs/lighttpd-auth
+${PYSITELIB}/fail2ban/tests/files/logs/mongodb-auth
 ${PYSITELIB}/fail2ban/tests/files/logs/monit
 ${PYSITELIB}/fail2ban/tests/files/logs/murmur
 ${PYSITELIB}/fail2ban/tests/files/logs/mysqld-auth
@@ -419,6 +424,7 @@ share/examples/fail2ban/action.d/mynetwa
 share/examples/fail2ban/action.d/nftables-allports.conf
 share/examples/fail2ban/action.d/nftables-common.conf
 share/examples/fail2ban/action.d/nftables-multiport.conf
+share/examples/fail2ban/action.d/npf.conf
 share/examples/fail2ban/action.d/nsupdate.conf
 share/examples/fail2ban/action.d/osx-afctl.conf
 share/examples/fail2ban/action.d/osx-ipfw.conf
@@ -478,6 +484,7 @@ share/examples/fail2ban/filter.d/horde.c
 share/examples/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
 share/examples/fail2ban/filter.d/kerio.conf
 share/examples/fail2ban/filter.d/lighttpd-auth.conf
+share/examples/fail2ban/filter.d/mongodb-auth.conf
 share/examples/fail2ban/filter.d/monit.conf
 share/examples/fail2ban/filter.d/murmur.conf
 share/examples/fail2ban/filter.d/mysqld-auth.conf
Index: pkgsrc/security/fail2ban/distinfo
diff -u pkgsrc/security/fail2ban/distinfo:1.3 pkgsrc/security/fail2ban/distinfo:1.4
--- pkgsrc/security/fail2ban/distinfo:1.3       Sun Dec  4 21:02:55 2016
+++ pkgsrc/security/fail2ban/distinfo   Thu Feb  2 18:35:56 2017
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.3 2016/12/04 21:02:55 nils Exp $
+$NetBSD: distinfo,v 1.4 2017/02/02 18:35:56 nils Exp $
 
-SHA1 (fail2ban-0.9.5.zip) = 58f086c48b6d384907e9efb81cbf7fc8d907d95a
-RMD160 (fail2ban-0.9.5.zip) = d9416b11b122a3ed553dcc9d09989b67515d6297
-SHA512 (fail2ban-0.9.5.zip) = 288ace1f8f32fa17358d5dceb4b435d0d2e2c4334d09da163b37d249f52582290b438acc12dbf8400756b3ae101215236264dad92a7d5755ca2734bf2c0468be
-Size (fail2ban-0.9.5.zip) = 534644 bytes
+SHA1 (fail2ban-0.9.6.zip) = 1f0bf1bdc8949f58f8b735c3806822ffa221e15f
+RMD160 (fail2ban-0.9.6.zip) = 63e2843a0c176768963413bcf38fbf34335d4ddd
+SHA512 (fail2ban-0.9.6.zip) = 9bceae3012e1d832b22d76968ddbc4716a45115fd8600a1dabb810990ab19f3b8c28fe5a1cb06b8b6d5a48e96d8e54b8b5d6dc323923cf3396c6e7e737fa4a6f
+Size (fail2ban-0.9.6.zip) = 546757 bytes
 SHA1 (patch-doc_Makefile) = b17d28b1ef79b0cf86e4cd5d6eaa3e3d1bc2da39