gentoo auto-resync : 29:08:2024 - 12:00:47

4 files changed, 206 insertions, 0 deletions

diff --git a/net-analyzer/fail2ban/Manifest b/net-analyzer/fail2ban/Manifest
index f447748e1a18..0d23535b4146 100644
--- a/net-analyzer/fail2ban/Manifest
+++ b/net-analyzer/fail2ban/Manifest
@@ -1,11 +1,14 @@
 AUX fail2ban-0.11.2-adjust-apache-logs-paths.patch 893 BLAKE2B 5b80b81488a5245d9d9d15a1b0205a1d86f132e3faa5ea3e5cf91d55082b2d264e558dca4b7fbe62f643601b3315ac31cae387c433c2d90b670965abfa744f87 SHA512 dddff4858431170f5a24daab2d3cedcdcd7a1194b8ecbbcd794dfe00dcaee4af410afef102d3a25f86f541267d7be63e3e1d239c879e95d20cef9f0dacdcdc4c
 AUX fail2ban-1.0.2-configreader-warning.patch 844 BLAKE2B 3dca580b50c7fa425765ee28fd07d033e738e81ac08f1b66a9b328c7fdf24227c0dca81927e61933c3c3d0c7b6895aed797642f15b449bb6485c8bef6c2315a7 SHA512 119f6b06c099f1dd147859408714fdfe3c73e254ad0d4bf04e535a1f6cbaf08ba368f3e616df792579528e5b6e26bd1be5408258a807d7e2ba36020b211d8e9e
 AUX fail2ban-1.0.2-umask-tests.patch 1329 BLAKE2B a7535b515e5d3be56d6e842b34e37cc6786338c1874827ff82c58251ecab63917b54d3c1de6fb4047112deade46195c168b5783922dec8895a13f7751f2c64a7 SHA512 bfffcaa54e74c34e87f4a1205573ac9fb8a66dbcc8534f9b42574be699e21ee92ce153204a7dfc63aedfe319a34d9ac3e656ff29cc054fcaf3b4709b0d56b24b
+AUX fail2ban-1.1.0-openrc-nftables.patch 869 BLAKE2B 0fe00777f1c10d9c405d395c4c7e4c55ecca494242a2a42ab4a894863cc0bb4e981a6997533e864d0d4a9445e0e72746a440dcbc68d02517efda9e46ec728587 SHA512 d7a9f1aaac3631d3328891d7a0be1ec779dc03fa0fef0faf6a9fee83233a09869a537e6175ca18cb35ad02fc6d2a444b5e967f3e9200c6c7f5949dbf62cd4d2d
+AUX fail2ban-1.1.0-openssh-9.8-fixups.patch 1324 BLAKE2B 5ae79dbacc19e9936f81313a3d3fc06ab90530cdfae502b17fa4493848f63f6ce84a52209a0388aff1e4e5758024a8deadc3e9fe47b0b0de0f1b4b8e1769340b SHA512 ddb31d9c013e353717a1c05bd5f4e33d7e19209d0d2ef163a88a9fa07f3c637567cbd4c7365cae3cd90eecd6c746a1f9ca31ccc6d02b1dbe6dc8533bcf2bd822
 AUX fail2ban-1.1.0-openssh-9.8.patch 2482 BLAKE2B 5ca3d572332470131ec93330a14676a988f85e7177d44441c36c25ecd3095d8c0ea34cf9535c64df258d211cddf22306119f4a055c8ec5fc19c49d4b5d2281b5 SHA512 c26efa8e4929ed8a3973e4176a8adb0ca3d34fdac550376b3b5da6788f8f0f0afffc7a9031b118e6ce70052af590ff4669ea191b09d34f97636abf3515fc548e
 DIST fail2ban-1.0.2.tar.gz 583295 BLAKE2B 84eb5e3487c4db734f4f0a36af142d520e1cc53c2960893ee2f05ff4e78133860be59ed9580fa0d972509a03c17e5d9458b8e3f6b470a4c3154f10911f94691e SHA512 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb
 DIST fail2ban-1.1.0.tar.gz 603854 BLAKE2B f7c2d3a1e5b5cdca1f26d92cefe75958bb61b87ad1cf316380b91527c96f3261e5665478c5fbb053f6419956dda934c8ef3ce837af2819b1b1c8d162246fc15f SHA512 9bff7b9c41e58a953901800468e5c4153c9db6af01c7eb18111ad8620b40d03a0771020472fb759b2809d250e2bb45471e6c7e8283e72ea48290ecf7bf921821
 EBUILD fail2ban-1.0.2-r3.ebuild 3817 BLAKE2B 350ebf2c9d0523009ed9f390548132367805742b20014c719fa396f3edf8df188b531374237922324b591238f4e8df5ff5fdade2505c32444e301a9b3f3d533b SHA512 9b42311a494d88f0f9ac71ed85ad1cc47917824f54858a13857176674c3ccaee66ff88b1f4fa63245556563274bcb0de891c8777f925deef3b4156e02f1c5c32
 EBUILD fail2ban-1.1.0-r1.ebuild 3737 BLAKE2B d281459ba8bff2bd7cc661294bf681ef203116bfd207eef2a86b8e8aee05367a3a4ecb9f2e047d0709a10a13734d8d92a427ee7096af1f1a685ba8752abbe773 SHA512 26e2f016396a43f521b26720be1b9a46a1e734478e123a5541a135e1b7d0be78bc1f15946a1bbb78d695ef19618315034164b69b0c889a799997c828a0c41656
+EBUILD fail2ban-1.1.0-r2.ebuild 3832 BLAKE2B b5cac819ec37c544d933caa6602802ce7a7888dedf393bf012269fcfa364f4617aef425e9a220f9d865597bb544c24ac52569282149112e2478209c4490b08e2 SHA512 085c6cd52e45c90161d4f6d336cb5fc34739bca80d13a8c01466741dca625d375c9d56d1a826ce9439147f716fac13d4efbfa142b881697abf19fe7066c2f2a6
 EBUILD fail2ban-1.1.0.ebuild 3692 BLAKE2B 0185481423dd83d1ebbd22f249e483852a496f22208084840c59e67d86978452e956f66da4e8021cb9fe9322513bc9316b29ab412ed3c50ba3f8e14512355e0b SHA512 bd8c84d5976a2b6d7cb823f6090a5f4ab88b2a9588f1368d8a736ed62224ef72c803a308b5e23184d667ac93966763f4c1255a5b51423bb9f0091797bb5f1743
 EBUILD fail2ban-9999.ebuild 3692 BLAKE2B b0ad9a842e3e4b623f48b5f7e69bd8c61c1828dd53e90cee72966b736561dd3105e692d9cbcb4318fa5af7f40a63dbb3c4eae46cb15c4bd09140a50e2da76080 SHA512 6bc8b3092090abffcbbc7594df86d48ca1503fcbd52f97a12495a7a290015de987bd4ea42c80dfa982bfd9f0716b2d22e7071bd53deb557a64f2cdfaea3f966f
 MISC metadata.xml 357 BLAKE2B a5dee8c760b80bbfad6bca9a7adae797eda34b9db80716db8842c6813b4ed25ed4707290756dc869a7db4163de1ff6114c1995fcc2c485df1bcc6cad9c9a8f14 SHA512 9877a507bd3617c33351036317c5dc7855a1024d8f04f76a57edb93bd80e62b2b7c4f35784f447e94497305eab33246ae5913ba36ea001aa9068d1f91aeee9f0
diff --git a/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild b/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild
new file mode 100644
index 000000000000..aa1a5b054c52
--- /dev/null
+++ b/net-analyzer/fail2ban/fail2ban-1.1.0-r2.ebuild
@@ -0,0 +1,138 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_SINGLE_IMPL=1
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit bash-completion-r1 distutils-r1 systemd tmpfiles
+
+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
+HOMEPAGE="https://www.fail2ban.org/"
+
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
+	inherit git-r3
+else
+	SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~alpha amd64 arm arm64 ~loong ppc ppc64 ~riscv ~sparc x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="selinux systemd test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	$(python_gen_cond_dep '
+		dev-python/pyasyncore[${PYTHON_USEDEP}]
+		dev-python/pyasynchat[${PYTHON_USEDEP}]
+	' 3.12)
+	virtual/logger
+	virtual/mta
+	selinux? ( sec-policy/selinux-fail2ban )
+	systemd? (
+		$(python_gen_cond_dep '
+			dev-python/python-systemd[${PYTHON_USEDEP}]
+		')
+	)
+"
+BDEPEND="
+	test? (
+		$(python_gen_cond_dep '
+			dev-python/aiosmtpd[${PYTHON_USEDEP}]
+		')
+	)
+"
+
+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
+	"${FILESDIR}"/${PN}-1.0.2-umask-tests.patch
+	"${FILESDIR}"/${PN}-1.1.0-openssh-9.8.patch
+	"${FILESDIR}"/${PN}-1.1.0-openssh-9.8-fixups.patch
+	"${FILESDIR}"/${PN}-1.1.0-openrc-nftables.patch
+)
+
+python_prepare_all() {
+	distutils-r1_python_prepare_all
+
+	# Replace /var/run with /run, but not in the top source directory
+	find . -mindepth 2 -type f -exec \
+		sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
+}
+
+python_test() {
+	# Skip testRepairDb for bug #907348 (didn't always fail..)
+	# https://github.com/fail2ban/fail2ban/issues/3586
+	bin/fail2ban-testcases \
+		--no-network \
+		--ignore databasetestcase.DatabaseTest.testRepairDb \
+		--verbosity=4 || die "Tests failed with ${EPYTHON}"
+
+	# Workaround for bug #790251
+	rm -rf fail2ban.egg-info || die
+}
+
+python_install_all() {
+	distutils-r1_python_install_all
+
+	rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
+
+	newconfd files/fail2ban-openrc.conf ${PN}
+
+	# These two are placed in the ${BUILD_DIR} after being "built"
+	# in install_scripts().
+	newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
+	systemd_dounit "${BUILD_DIR}/${PN}.service"
+
+	dotmpfiles files/${PN}-tmpfiles.conf
+
+	doman man/*.{1,5}
+
+	# Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
+	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
+	insinto /etc/logrotate.d
+	newins files/${PN}-logrotate ${PN}
+
+	keepdir /var/lib/${PN}
+
+	newbashcomp files/bash-completion ${PN}-client
+	bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
+}
+
+pkg_preinst() {
+	has_version "<${CATEGORY}/${PN}-0.7"
+	previous_less_than_0_7=$?
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}-tmpfiles.conf
+
+	if [[ ${previous_less_than_0_7} == 0 ]] ; then
+		elog
+		elog "Configuration files are now in /etc/fail2ban/"
+		elog "You probably have to manually update your configuration"
+		elog "files before restarting Fail2Ban!"
+		elog
+		elog "Fail2Ban is not installed under /usr/lib anymore. The"
+		elog "new location is under /usr/share."
+		elog
+		elog "You are upgrading from version 0.6.x, please see:"
+		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
+	fi
+
+	if ! has_version dev-python/pyinotify ; then
+		elog "For most jail.conf configurations, it is recommended you install"
+		elog "dev-python/pyinotify to control how log file modifications are detected"
+	fi
+
+	if ! has_version dev-lang/python[sqlite] ; then
+		elog "If you want to use ${PN}'s persistent database, then reinstall"
+		elog "dev-lang/python with USE=sqlite. If you do not use the"
+		elog "persistent database feature, then you should set"
+		elog "dbfile = :memory: in fail2ban.conf accordingly."
+	fi
+}
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch
new file mode 100644
index 000000000000..844be1cedd34
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openrc-nftables.patch
@@ -0,0 +1,25 @@
+https://github.com/fail2ban/fail2ban/commit/9e31cfc1f10e8304dc0b5adf0a429d57fcb598a3
+
+From 9e31cfc1f10e8304dc0b5adf0a429d57fcb598a3 Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 24 Aug 2024 11:59:59 -0400
+Subject: [PATCH] files/fail2ban-openrc.init.in: start after nftables
+
+The "after iptables" clause in the OpenRC service script's depend()
+function causes fail2ban to start after iptables, if iptables is
+scheduled to start. Here we add "after nftables" as well: nftables is
+the successor to iptables, and fail2ban supports it out-of-the-box.
+If nftables is scheduled to start, we want to wait until it's done
+before starting fail2ban.
+--- a/files/fail2ban-openrc.init.in
++++ b/files/fail2ban-openrc.init.in
+@@ -44,7 +44,7 @@ retry="30"
+ 
+ depend() {
+ 	use logger
+-	after iptables
++	after iptables nftables
+ }
+ 
+ checkconfig() {
+
diff --git a/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch
new file mode 100644
index 000000000000..06ff07bd0599
--- /dev/null
+++ b/net-analyzer/fail2ban/files/fail2ban-1.1.0-openssh-9.8-fixups.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/936838
+https://github.com/fail2ban/fail2ban/commit/c769046a1f729880cc53efdff4b52ac96010752f
+https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c479d9d9bf19a4
+
+From c769046a1f729880cc53efdff4b52ac96010752f Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 11 Aug 2024 11:55:39 +0200
+Subject: [PATCH] Revert "`filterd./sshd.conf`: fixed journalmatch
+ (sshd.service seems to be renamed to ssh.service)" - it'd patched in debian
+ branch. This reverts commit 6fce23e7baa484c7d1f9b0c9a11986f3916c41dd.
+
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -126,7 +126,7 @@ ignoreregex =
+ 
+ maxlines = 1
+ 
+-journalmatch = _SYSTEMD_UNIT=ssh.service + _COMM=sshd
++journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
+ 
+ # DEV Notes:
+ #
+
+From 54c0effceb998b73545073ac59c479d9d9bf19a4 Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 11 Aug 2024 12:10:12 +0200
+Subject: [PATCH] filter.d/sshd.conf: amend to #3747/#3812 (new ssh version
+ would log with `_COMM=sshd-session`)
+
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -126,7 +126,7 @@ ignoreregex =
+ 
+ maxlines = 1
+ 
+-journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
++journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd + _COMM=sshd-session
+ 
+ # DEV Notes:
+ #