From nobody Wed Nov 09 18:07:51 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N6tHC2hsSz4dZ02; Wed, 9 Nov 2022 18:07:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N6tHC29Pyz3LZF; Wed, 9 Nov 2022 18:07:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668017271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=by+uzbUSJFtfPW4Hnz2E4/07AzAO6C1HIR9rUM1Cdsw=; b=Wy9jod1vO1bKCXcJqVNxV3cAW2d5jW0wOZi5qKV6YwUJSskF2Ai/bl/+oPqSc2h+C63RQ/ EFDbfFYrIlnv7syB4BzCReXXKsPfSh6pCM8EbnSbpQ4QDCUw65zChHdYfaDIC0YwGweyVT uUNBO6E41i40LSLTo7NCqZL6c3o1KNHVKZhq0R9iSLmNcIxuafhUUrcDiGK3mi4hTv2bIu t+J9afpiC5VhNWi+Y3cgITdqXG+f1NM2VkzLuv0ZBJfc4Rfhe2j1wQFjSidw5tNr3PhdY9 KG3P7o7BqcdSpztBbz8ZZzcLBRUpBsq/1w4dkojQcpkiXuyWIVRGJ15ue7LO9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668017271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=by+uzbUSJFtfPW4Hnz2E4/07AzAO6C1HIR9rUM1Cdsw=; b=p6f4yciSThVFOgtk1CIojz6ej6SX4XmnnLPCy/Vk085FLaEHGQomyYBYkADuHXrNoG4MP4 Qj4zg/hX0kmf4KPFIIpEhja+xQEkA1WR4ZZGD+Ym8GIyX8RyeaYnmltUNxoz7ek6tnKryg D4e3HPNhaHojLJjt023xZoDzlRlL64Ixok1bU2L8c6HZin2ILdBMOWX9W61nrla9Y7miB/ qJ+9uzC5+6sPIP+0Jq/82X5jxGXq0w84WC0yWwPxo+4wJKX+tIYg5sCVRFjEm1w+XoWtMa 4YL80S62VCmmLrWfofIUt+acZmuUJOb0DRZ4ADBvPLDeQKUcBFSIdSQjHD6N6A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668017271; a=rsa-sha256; cv=none; b=tAGZjSgfWCN7RxXJqguva3eYERoceWo0PQaAsavONPsIr5CqcgzHoaO+I21bRAe1R7THbl WzFl67JsczuLhlXiwrZ23Ojrtom64SWHB4HnKugdBK1WHaBe2ehJ88z0xdb+RYIGoMpxie J1/w5WygxyNoPFfP8khKQlH4Z28aGO2YcBTbfTjI/Mw/xQAxc+M2smtBzH4EFDUHxfXPGd mXiYdRdwdrCtKHreJNuer9F1hN4Rjt5+w4Z0gTG5jMBLKu6s5y6yVEhdJbVTclBzn2t5b6 G0hy8ab6V9mo1Ch5qy0qWvBsEIvzMQZpGhtredpj3GuFMLkK1tFTuXmgsCHftA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N6tHC1DVpzWcN; Wed, 9 Nov 2022 18:07:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2A9I7ppq056526; Wed, 9 Nov 2022 18:07:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2A9I7pjZ056525; Wed, 9 Nov 2022 18:07:51 GMT (envelope-from git) Date: Wed, 9 Nov 2022 18:07:51 GMT Message-Id: <202211091807.2A9I7pjZ056525@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Cy Schubert Subject: git: 72a671a3d290 - main - security/py-fail2ban: Update to 1.0.2 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 72a671a3d290e522db62c1411f05ba02dc75cb5f Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=72a671a3d290e522db62c1411f05ba02dc75cb5f commit 72a671a3d290e522db62c1411f05ba02dc75cb5f Author: Cy Schubert AuthorDate: 2022-11-09 18:04:14 +0000 Commit: Cy Schubert CommitDate: 2022-11-09 18:07:07 +0000 security/py-fail2ban: Update to 1.0.2 Update to 1.0.2. This update includes the fix for upstream gh-issue-3370, which is now removed from our patches. Reported by: Ken --- security/py-fail2ban/Makefile | 3 +- security/py-fail2ban/distinfo | 6 +- security/py-fail2ban/files/patch-ISSUE-3370 | 87 ----------------------------- 3 files changed, 4 insertions(+), 92 deletions(-) diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile index 789a7f54c903..dcc22566019f 100644 --- a/security/py-fail2ban/Makefile +++ b/security/py-fail2ban/Makefile @@ -1,6 +1,5 @@ PORTNAME= fail2ban -DISTVERSION= 1.0.1 -PORTREVISION= 3 +DISTVERSION= 1.0.2 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-fail2ban/distinfo b/security/py-fail2ban/distinfo index 677fb13cc841..f1a1f71d0aea 100644 --- a/security/py-fail2ban/distinfo +++ b/security/py-fail2ban/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1664854580 -SHA256 (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 62b54679ebae81ac57f32c5e27aba9f2494ec5bafd45a0fd68e7a27fd448e5ac -SIZE (fail2ban-fail2ban-1.0.1_GH0.tar.gz) = 582122 +TIMESTAMP = 1668016124 +SHA256 (fail2ban-fail2ban-1.0.2_GH0.tar.gz) = ae8b0b41f27a7be12d40488789d6c258029b23a01168e3c0d347ee80b325ac23 +SIZE (fail2ban-fail2ban-1.0.2_GH0.tar.gz) = 583295 diff --git a/security/py-fail2ban/files/patch-ISSUE-3370 b/security/py-fail2ban/files/patch-ISSUE-3370 deleted file mode 100644 index 74e5a98cad01..000000000000 --- a/security/py-fail2ban/files/patch-ISSUE-3370 +++ /dev/null @@ -1,87 +0,0 @@ -From ca2b94c5229bd474f612b57b67d796252a4aab7a Mon Sep 17 00:00:00 2001 -From: sebres -Date: Tue, 4 Oct 2022 14:03:07 +0200 -Subject: [PATCH] fixes gh-3370: resolve extremely long search by repeated - apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following - branches (it may be extremely slow up to infinite search depending on - message); added new regression tests amend to gh-3210: fixes regression and - matches new format in aggressive mode too - ---- - ChangeLog | 4 ++++ - config/filter.d/dovecot.conf | 8 +++++--- - fail2ban/tests/files/logs/dovecot | 22 ++++++++++++++++++++++ - 3 files changed, 31 insertions(+), 3 deletions(-) - -diff --git config/filter.d/dovecot.conf config/filter.d/dovecot.conf -index 0415ecb4..dc3ebbcd 100644 ---- config/filter.d/dovecot.conf -+++ config/filter.d/dovecot.conf -@@ -7,19 +7,21 @@ before = common.conf - - [Definition] - -+_daemon = (?:dovecot(?:-auth)?|auth) -+ - _auth_worker = (?:dovecot: )?auth(?:-worker)? - _auth_worker_info = (?:conn \w+:auth(?:-worker)? \([^\)]+\): auth(?:-worker)?<\d+>: )? --_daemon = (?:dovecot(?:-auth)?|auth) -+_bypass_reject_reason = (?:: (?:\w+\([^\):]*\) \w+|[^\(]+))* - - prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap|managesieve|submission)-login: )?(?:Info: )?%(_auth_worker_info)s.+$ - - failregex = ^authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=(?:\s+user=\S*)?\s*$ -- ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?:: (?:[^\(]+|\w+\([^\)]*\))+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$ -+ ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$ - ^pam\(\S+,(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$ - ^[a-z\-]{3,15}\(\S*,(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch) - > - --mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?::(?: [^ \(]+)+)? \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$ -+mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$ - - mdre-normal = - -diff --git fail2ban/tests/files/logs/dovecot fail2ban/tests/files/logs/dovecot -index 75934c37..0e332961 100644 ---- fail2ban/tests/files/logs/dovecot -+++ fail2ban/tests/files/logs/dovecot -@@ -115,6 +115,17 @@ Aug 28 06:38:51 s166-62-100-187 dovecot: imap-login: Disconnected (auth failed, - # failJSON: { "time": "2004-08-28T06:38:52", "match": true , "host": "192.0.2.4", "desc": "open parenthesis in optional part between Disconnected and (auth failed ...), gh-3210" } - Aug 28 06:38:52 s166-62-100-187 dovecot: imap-login: Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=, rip=192.0.2.4, lip=127.0.0.19, session= - -+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer -+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number -+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1 -+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1 -+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol -+ - # failJSON: { "time": "2004-08-29T03:17:18", "match": true , "host": "192.0.2.133" } - Aug 29 03:17:18 server dovecot: submission-login: Client has quit the connection (auth failed, 1 attempts in 2 secs): user=, method=LOGIN, rip=192.0.2.133, lip=0.0.0.0 - # failJSON: { "time": "2004-08-29T03:53:52", "match": true , "host": "192.0.2.169" } -@@ -128,6 +139,17 @@ Aug 29 15:33:53 server dovecot: managesieve-login: Disconnected: Too many invali - - # filterOptions: [{"mode": "aggressive"}] - -+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer -+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number -+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1 -+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1 -+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" } -+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol -+ - # failJSON: { "time": "2004-08-29T16:06:58", "match": true , "host": "192.0.2.5" } - Aug 29 16:06:58 s166-62-100-187 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.0.2.5, lip=192.168.1.2, TLS handshaking: SSL_accept() syscall failed: Connection reset by peer - # failJSON: { "time": "2004-08-31T16:15:10", "match": true , "host": "192.0.2.6" } --- -2.38.0 -