Revert "fail2ban: add new package"

net/fail2ban/Makefile

@@ -1,80 +0,0 @@
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=fail2ban
-PKG_VERSION:=0.11.2
-PKG_RELEASE:=$(AUTORELEASE)
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/fail2ban/fail2ban/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=383108e5f8644cefb288537950923b7520f642e7e114efb843f6e7ea9268b1e0
-
-PKG_MAINTAINER:=Gerald Kerma <gandalf@gk2.net>
-PKG_LICENSE:=GPL-2.0-or-later
-PKG_LICENSE_FILES:=COPYING
-
-include $(INCLUDE_DIR)/package.mk
-include ../../lang/python/python3-package.mk
-
-define Package/fail2ban
-  SECTION:=net
-  CATEGORY:=Network
-  TITLE:=ban hosts that cause multiple authentication errors
-  URL:=https://www.fail2ban.org/
-  DEPENDS:= \
-  +iptables \
-  +python3-light \
-  +python3-ctypes \
-  +python3-distutils \
-  +python3-email \
-  +python3-logging \
-  +python3-sqlite3 \
-  +python3-urllib \
-  +python3-pkg-resources
-endef
-
-define Package/fail2ban/description
-  Fail2Ban scans log files like /var/log/auth.log and bans IP addresses conducting too many failed login attempts.
-endef
-
-define Package/fail2ban/conffiles
-/etc/fail2ban/
-/etc/config/fail2ban
-endef
-
-define Py3Package/fail2ban/filespec
-+|$(PYTHON3_PKG_DIR)
--|$(PYTHON3_PKG_DIR)/fail2ban/tests
-endef
-
-define Py3Package/fail2ban/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fail2ban-server $(1)/usr/bin/
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fail2ban-client $(1)/usr/bin/
-	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/fail2ban-regex $(1)/usr/bin/
-
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_CONF) ./files/fail2ban.config $(1)/etc/config/fail2ban
-	$(INSTALL_BIN) ./files/firewall.fail2ban $(1)/etc/firewall.fail2ban
-
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/fail2ban.init $(1)/etc/init.d/fail2ban
-
-	$(INSTALL_DIR) $(1)/etc/fail2ban/
-	$(CP) $(PKG_BUILD_DIR)/config/* $(1)/etc/fail2ban/
-
-	$(INSTALL_DIR) $(1)/etc/fail2ban/fail2ban.d
-	$(INSTALL_DATA) ./files/db.conf $(1)/etc/fail2ban/fail2ban.d/db.conf
-	$(INSTALL_DATA) ./files/uci.conf $(1)/etc/fail2ban/fail2ban.d/uci.conf
-
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN) ./files/fail2ban.defaults $(1)/etc/uci-defaults/99_fail2ban
-endef
-
-$(eval $(call Py3Package,fail2ban))
-$(eval $(call BuildPackage,fail2ban))
-$(eval $(call BuildPackage,fail2ban-src))

net/fail2ban/files/db.conf

@@ -1,2 +0,0 @@
-[DEFAULT]
-dbpurgeage = 10d

net/fail2ban/files/fail2ban.config

@@ -1,2 +0,0 @@
-config fail2ban 'fail2ban'
-	option dbfile '/var/lib/fail2ban/fail2ban.sqlite3'

net/fail2ban/files/fail2ban.defaults

@@ -1,13 +0,0 @@
-#!/bin/sh
-
-# unfortunately, UCI doesn't provide a nice way to add an anonymous section only if it doesn't already exist
-if ! uci show firewall | grep -q firewall.fail2ban; then
-  name="$(uci add firewall include)"
-  uci set "firewall.${name}.path=/etc/firewall.fail2ban"
-  uci set "firewall.${name}.enabled=1"
-  uci set "firewall.${name}.reload=1"
-  echo -e "Adding the following UCI config:\n $(uci changes)"
-  uci commit
-fi
-
-exit 0

net/fail2ban/files/fail2ban.init

@@ -1,57 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2020 Martin Pecka, 3-clause BSD license (see LICENSE file)
-
-START=95
-
-USE_PROCD=1
-
-RUNDIR=/var/run/fail2ban
-CONFDIR=/etc/fail2ban
-RUNCONFDIR=/var/etc/fail2ban
-RUNCONF="${RUNCONFDIR}/fail2ban.conf"
-
-service_triggers() {
-	procd_add_reload_trigger fail2ban
-}
-
-init_config() {
-	mkdir -m 0755 -p "${RUNCONFDIR}"
-
-	rm -f "${RUNCONF}"
-
-	config_load fail2ban
-	config_get dbfile fail2ban dbfile /var/lib/fail2ban/fail2ban.sqlite3
-
-	echo "[Definition]" > "${RUNCONF}"
-	echo -n "dbfile = " >> "${RUNCONF}"
-	echo $dbfile >> "${RUNCONF}"
-}
-
-start_service() {
-	init_config
-
-	mkdir -m 0755 -p "${RUNDIR}"
-
-	procd_open_instance
-
-	procd_set_param file ${CONFDIR}/action.d/*.conf
-	procd_set_param file ${CONFDIR}/action.d/*.local
-	procd_set_param file ${CONFDIR}/filter.d/*.conf
-	procd_set_param file ${CONFDIR}/filter.d/*.local
-	procd_set_param file ${CONFDIR}/jail.d/*.conf
-	procd_set_param file ${CONFDIR}/jail.d/*.local
-	procd_set_param file ${CONFDIR}/fail2ban.d/*.conf
-	procd_set_param file ${CONFDIR}/fail2ban.d/*.local
-	procd_set_param file ${CONFDIR}/*.conf
-	procd_set_param file ${CONFDIR}/*.local
-
-	procd_set_param command /usr/bin/fail2ban-server -xf -p "${RUNDIR}/fail2ban.pid" -s "${RUNDIR}/fail2ban.sock" start
-	procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
-	procd_close_instance
-}
-
-reload_service()
-{
-	stop
-	start
-}

net/fail2ban/files/firewall.fail2ban

@@ -1,3 +0,0 @@
-#!/bin/sh
-/etc/init.d/fail2ban enabled && /etc/init.d/fail2ban restart
-exit 0

net/fail2ban/files/uci.conf

@@ -1,2 +0,0 @@
-[INCLUDES]
-after = /var/etc/fail2ban/fail2ban.conf

net/fail2ban/patches/001-fail2ban-fix-python3-script.patch

@@ -1,8 +0,0 @@
---- a/config/filter.d/ignorecommands/apache-fakegooglebot
-+++ b/config/filter.d/ignorecommands/apache-fakegooglebot
-@@ -1,4 +1,4 @@
--#!/usr/bin/env fail2ban-python
-+#!/usr/bin/env python3
- # Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
- #
- # Written in Python to reuse built-in Python batteries and not depend on

net/fail2ban/patches/CVE-2021-32749.patch

@@ -1,143 +0,0 @@
-From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
-From: sebres <serg.brester@sebres.de>
-Date: Mon, 21 Jun 2021 17:12:53 +0200
-Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
- (default tilde) stops consider "~" char after new-line as composing escape
- sequence
-
----
- config/action.d/complain.conf         | 2 +-
- config/action.d/dshield.conf          | 2 +-
- config/action.d/mail-buffered.conf    | 8 ++++----
- config/action.d/mail-whois-lines.conf | 2 +-
- config/action.d/mail-whois.conf       | 6 +++---
- config/action.d/mail.conf             | 6 +++---
- 6 files changed, 13 insertions(+), 13 deletions(-)
-
---- a/config/action.d/complain.conf
-+++ b/config/action.d/complain.conf
-@@ -102,7 +102,7 @@ logpath = /dev/null
- # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
- # Values:  CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
- 
- # Option:  mailargs
- # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
---- a/config/action.d/dshield.conf
-+++ b/config/action.d/dshield.conf
-@@ -179,7 +179,7 @@ tcpflags =
- # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
- # Values:  CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
- 
- # Option:  mailargs
- # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
---- a/config/action.d/mail-buffered.conf
-+++ b/config/action.d/mail-buffered.conf
-@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
-               The jail <name> has been started successfully.\n
-               Output will be buffered until <lines> lines are available.\n
-               Regards,\n
--              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
- 
- # Option:  actionstop
- # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
-                  These hosts have been banned by Fail2Ban.\n
-                  `cat <tmpfile>`
-                  Regards,\n
--                 Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
-+                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
-                  rm <tmpfile>
-              fi
-              printf %%b "Hi,\n
-              The jail <name> has been stopped.\n
-              Regards,\n
--             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
- 
- # Option:  actioncheck
- # Notes.:  command executed once before each actionban command
-@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<f
-                 These hosts have been banned by Fail2Ban.\n
-                 `cat <tmpfile>`
-                 \nRegards,\n
--                Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
-+                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
-                 rm <tmpfile>
-             fi
- 
---- a/config/action.d/mail-whois-lines.conf
-+++ b/config/action.d/mail-whois-lines.conf
-@@ -72,7 +72,7 @@ actionunban =
- # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
- # Values:  CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
- 
- # Default name of the chain
- #
---- a/config/action.d/mail-whois.conf
-+++ b/config/action.d/mail-whois.conf
-@@ -20,7 +20,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
-               The jail <name> has been started successfully.\n
-               Regards,\n
--              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
-+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
- 
- # Option:  actionstop
- # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
-              The jail <name> has been stopped.\n
-              Regards,\n
--             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
- 
- # Option:  actioncheck
- # Notes.:  command executed once before each actionban command
-@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
-             Here is more information about <ip> :\n
-             `%(_whois_command)s`\n
-             Regards,\n
--            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
- 
- # Option:  actionunban
- # Notes.:  command executed when unbanning an IP. Take care that the
---- a/config/action.d/mail.conf
-+++ b/config/action.d/mail.conf
-@@ -16,7 +16,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
-               The jail <name> has been started successfully.\n
-               Regards,\n
--              Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
-+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
- 
- # Option:  actionstop
- # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
-              The jail <name> has been stopped.\n
-              Regards,\n
--             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
-+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
- 
- # Option:  actioncheck
- # Notes.:  command executed once before each actionban command
-@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
-             The IP <ip> has just been banned by Fail2Ban after
-             <failures> attempts against <name>.\n
-             Regards,\n
--            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
-+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
- 
- # Option:  actionunban
- # Notes.:  command executed when unbanning an IP. Take care that the