Accepting request 333139 from security
1 OBS-URL: https://build.opensuse.org/request/show/333139 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=41
This commit is contained in:
commit
ca370fae5a
@ -1,86 +0,0 @@
|
||||
diff -ur fail2ban-0.9.3-orig/fail2ban/tests/actiontestcase.py fail2ban-0.9.3/fail2ban/tests/actiontestcase.py
|
||||
--- fail2ban-0.9.3-orig/fail2ban/tests/actiontestcase.py 2015-08-01 03:32:13.000000000 +0200
|
||||
+++ fail2ban-0.9.3/fail2ban/tests/actiontestcase.py 2015-09-07 08:37:30.842249270 +0200
|
||||
@@ -204,44 +204,44 @@
|
||||
or self._is_logged('sleep 60 -- timed out after 3 seconds'))
|
||||
self.assertTrue(self._is_logged('sleep 60 -- killed with SIGTERM'))
|
||||
|
||||
- def testExecuteTimeoutWithNastyChildren(self):
|
||||
- # temporary file for a nasty kid shell script
|
||||
- tmpFilename = tempfile.mktemp(".sh", "fail2ban_")
|
||||
- # Create a nasty script which would hang there for a while
|
||||
- with open(tmpFilename, 'w') as f:
|
||||
- f.write("""#!/bin/bash
|
||||
- trap : HUP EXIT TERM
|
||||
-
|
||||
- echo "$$" > %s.pid
|
||||
- echo "my pid $$ . sleeping lo-o-o-ong"
|
||||
- sleep 10000
|
||||
- """ % tmpFilename)
|
||||
-
|
||||
- def getnastypid():
|
||||
- with open(tmpFilename + '.pid') as f:
|
||||
- return int(f.read())
|
||||
-
|
||||
- # First test if can kill the bastard
|
||||
- self.assertRaises(
|
||||
- RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
|
||||
- # Verify that the proccess itself got killed
|
||||
- self.assertFalse(pid_exists(getnastypid())) # process should have been killed
|
||||
- self.assertTrue(self._is_logged('timed out'))
|
||||
- self.assertTrue(self._is_logged('killed with SIGTERM'))
|
||||
-
|
||||
- # A bit evolved case even though, previous test already tests killing children processes
|
||||
- self.assertRaises(
|
||||
- RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
|
||||
- timeout=.2)
|
||||
- # Verify that the proccess itself got killed
|
||||
- self.assertFalse(pid_exists(getnastypid()))
|
||||
- self.assertTrue(self._is_logged('timed out'))
|
||||
- self.assertTrue(self._is_logged('killed with SIGTERM'))
|
||||
-
|
||||
- os.unlink(tmpFilename)
|
||||
- os.unlink(tmpFilename + '.pid')
|
||||
-
|
||||
-
|
||||
+# def testExecuteTimeoutWithNastyChildren(self):
|
||||
+# # temporary file for a nasty kid shell script
|
||||
+# tmpFilename = tempfile.mktemp(".sh", "fail2ban_")
|
||||
+# # Create a nasty script which would hang there for a while
|
||||
+# with open(tmpFilename, 'w') as f:
|
||||
+# f.write("""#!/bin/bash
|
||||
+# trap : HUP EXIT TERM
|
||||
+#
|
||||
+# echo "$$" > %s.pid
|
||||
+# echo "my pid $$ . sleeping lo-o-o-ong"
|
||||
+# sleep 10000
|
||||
+# """ % tmpFilename)
|
||||
+#
|
||||
+# def getnastypid():
|
||||
+# with open(tmpFilename + '.pid') as f:
|
||||
+# return int(f.read())
|
||||
+#
|
||||
+# # First test if can kill the bastard
|
||||
+# self.assertRaises(
|
||||
+# RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
|
||||
+# # Verify that the proccess itself got killed
|
||||
+# self.assertFalse(pid_exists(getnastypid())) # process should have been killed
|
||||
+# self.assertTrue(self._is_logged('timed out'))
|
||||
+# self.assertTrue(self._is_logged('killed with SIGTERM'))
|
||||
+#
|
||||
+# # A bit evolved case even though, previous test already tests killing children processes
|
||||
+# self.assertRaises(
|
||||
+# RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
|
||||
+# timeout=.2)
|
||||
+# # Verify that the proccess itself got killed
|
||||
+# self.assertFalse(pid_exists(getnastypid()))
|
||||
+# self.assertTrue(self._is_logged('timed out'))
|
||||
+# self.assertTrue(self._is_logged('killed with SIGTERM'))
|
||||
+#
|
||||
+# os.unlink(tmpFilename)
|
||||
+# os.unlink(tmpFilename + '.pid')
|
||||
+#
|
||||
+#
|
||||
def testCaptureStdOutErr(self):
|
||||
CommandAction.executeCmd('echo "How now brown cow"')
|
||||
self.assertTrue(self._is_logged("'How now brown cow\\n'"))
|
120
fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
Normal file
120
fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
Normal file
@ -0,0 +1,120 @@
|
||||
Only in fail2ban-0.9.3/: ChangeLog.orig
|
||||
diff -ur fail2ban-0.9.3.orig/fail2ban/server/action.py fail2ban-0.9.3/fail2ban/server/action.py
|
||||
--- fail2ban-0.9.3.orig/fail2ban/server/action.py 2015-08-01 03:32:13.000000000 +0200
|
||||
+++ fail2ban-0.9.3/fail2ban/server/action.py 2015-09-23 11:54:38.066927465 +0200
|
||||
@@ -560,32 +560,33 @@
|
||||
return True
|
||||
|
||||
_cmd_lock.acquire()
|
||||
- try: # Try wrapped within another try needed for python version < 2.5
|
||||
+ try:
|
||||
+ retcode = None # to guarantee being defined upon early except
|
||||
stdout = tempfile.TemporaryFile(suffix=".stdout", prefix="fai2ban_")
|
||||
stderr = tempfile.TemporaryFile(suffix=".stderr", prefix="fai2ban_")
|
||||
- try:
|
||||
- popen = subprocess.Popen(
|
||||
- realCmd, stdout=stdout, stderr=stderr, shell=True,
|
||||
- preexec_fn=os.setsid # so that killpg does not kill our process
|
||||
- )
|
||||
- stime = time.time()
|
||||
+
|
||||
+ popen = subprocess.Popen(
|
||||
+ realCmd, stdout=stdout, stderr=stderr, shell=True,
|
||||
+ preexec_fn=os.setsid # so that killpg does not kill our process
|
||||
+ )
|
||||
+ stime = time.time()
|
||||
+ retcode = popen.poll()
|
||||
+ while time.time() - stime <= timeout and retcode is None:
|
||||
+ time.sleep(0.1)
|
||||
retcode = popen.poll()
|
||||
- while time.time() - stime <= timeout and retcode is None:
|
||||
- time.sleep(0.1)
|
||||
- retcode = popen.poll()
|
||||
- if retcode is None:
|
||||
- logSys.error("%s -- timed out after %i seconds." %
|
||||
- (realCmd, timeout))
|
||||
- pgid = os.getpgid(popen.pid)
|
||||
- os.killpg(pgid, signal.SIGTERM) # Terminate the process
|
||||
+ if retcode is None:
|
||||
+ logSys.error("%s -- timed out after %i seconds." %
|
||||
+ (realCmd, timeout))
|
||||
+ pgid = os.getpgid(popen.pid)
|
||||
+ os.killpg(pgid, signal.SIGTERM) # Terminate the process
|
||||
+ time.sleep(0.1)
|
||||
+ retcode = popen.poll()
|
||||
+ if retcode is None: # Still going...
|
||||
+ os.killpg(pgid, signal.SIGKILL) # Kill the process
|
||||
time.sleep(0.1)
|
||||
retcode = popen.poll()
|
||||
- if retcode is None: # Still going...
|
||||
- os.killpg(pgid, signal.SIGKILL) # Kill the process
|
||||
- time.sleep(0.1)
|
||||
- retcode = popen.poll()
|
||||
- except OSError, e:
|
||||
- logSys.error("%s -- failed with %s" % (realCmd, e))
|
||||
+ except OSError as e:
|
||||
+ logSys.error("%s -- failed with %s" % (realCmd, e))
|
||||
finally:
|
||||
_cmd_lock.release()
|
||||
|
||||
@@ -603,15 +604,16 @@
|
||||
return True
|
||||
elif retcode is None:
|
||||
logSys.error("%s -- unable to kill PID %i" % (realCmd, popen.pid))
|
||||
- elif retcode < 0:
|
||||
- logSys.error("%s -- killed with %s" %
|
||||
- (realCmd, signame.get(-retcode, "signal %i" % -retcode)))
|
||||
+ elif retcode < 0 or retcode > 128:
|
||||
+ # dash would return negative while bash 128 + n
|
||||
+ sigcode = -retcode if retcode < 0 else retcode - 128
|
||||
+ logSys.error("%s -- killed with %s (return code: %s)" %
|
||||
+ (realCmd, signame.get(sigcode, "signal %i" % sigcode), retcode))
|
||||
else:
|
||||
msg = _RETCODE_HINTS.get(retcode, None)
|
||||
logSys.error("%s -- returned %i" % (realCmd, retcode))
|
||||
if msg:
|
||||
logSys.info("HINT on %i: %s"
|
||||
% (retcode, msg % locals()))
|
||||
- return False
|
||||
- raise RuntimeError("Command execution failed: %s" % realCmd)
|
||||
+ return False
|
||||
|
||||
diff -ur fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py fail2ban-0.9.3/fail2ban/tests/actiontestcase.py
|
||||
--- fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py 2015-08-01 03:32:13.000000000 +0200
|
||||
+++ fail2ban-0.9.3/fail2ban/tests/actiontestcase.py 2015-09-23 11:54:38.074927626 +0200
|
||||
@@ -196,11 +196,10 @@
|
||||
def testExecuteTimeout(self):
|
||||
stime = time.time()
|
||||
# Should take a minute
|
||||
- self.assertRaises(
|
||||
- RuntimeError, CommandAction.executeCmd, 'sleep 60', timeout=2)
|
||||
+ self.assertFalse(CommandAction.executeCmd('sleep 60', timeout=2))
|
||||
# give a test still 1 second, because system could be too busy
|
||||
self.assertTrue(time.time() >= stime + 2 and time.time() <= stime + 3)
|
||||
- self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds')
|
||||
+ self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds')
|
||||
or self._is_logged('sleep 60 -- timed out after 3 seconds'))
|
||||
self.assertTrue(self._is_logged('sleep 60 -- killed with SIGTERM'))
|
||||
|
||||
@@ -222,17 +221,16 @@
|
||||
return int(f.read())
|
||||
|
||||
# First test if can kill the bastard
|
||||
- self.assertRaises(
|
||||
- RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
|
||||
+ self.assertFalse(CommandAction.executeCmd(
|
||||
+ 'bash %s' % tmpFilename, timeout=.1))
|
||||
# Verify that the proccess itself got killed
|
||||
self.assertFalse(pid_exists(getnastypid())) # process should have been killed
|
||||
self.assertTrue(self._is_logged('timed out'))
|
||||
self.assertTrue(self._is_logged('killed with SIGTERM'))
|
||||
|
||||
# A bit evolved case even though, previous test already tests killing children processes
|
||||
- self.assertRaises(
|
||||
- RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
|
||||
- timeout=.2)
|
||||
+ self.assertFalse(CommandAction.executeCmd(
|
||||
+ 'out=`bash %s`; echo ALRIGHT' % tmpFilename, timeout=.2))
|
||||
# Verify that the proccess itself got killed
|
||||
self.assertFalse(pid_exists(getnastypid()))
|
||||
self.assertTrue(self._is_logged('timed out'))
|
@ -1,3 +1,13 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 23 10:10:17 UTC 2015 - jweberhofer@weberhofer.at
|
||||
|
||||
- Added fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
|
||||
to fix the former failing test and removed
|
||||
fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch
|
||||
|
||||
- Do not longer create test-package. Developers should not use the packaged
|
||||
version of fail2ban.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 7 09:45:56 UTC 2015 - jweberhofer@weberhofer.at
|
||||
|
||||
|
@ -37,8 +37,8 @@ Source200: %{name}-rpmlintrc
|
||||
Patch100: fail2ban-opensuse-locations.patch
|
||||
# PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file
|
||||
Patch101: fail2ban-opensuse-service.patch
|
||||
# PATCH-FIX-OPENSUSE fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch jweberhofer@weberhofer.at -- disable test which currently fails on some systems
|
||||
Patch102: fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch
|
||||
# PATCH-FIX-UPSTREAM fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch jweberhofer@weberhofer.at -- fix failing test
|
||||
Patch102: fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
|
||||
# PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
|
||||
Patch200: fail2ban-disable-iptables-w-option.patch
|
||||
# PATCH-FIX-OPENSUSE fail2ban-exclude-dev-log-tests.patch jweberhofer@weberhofer.at -- remove tests that can't work on opensuse < 13.3
|
||||
@ -82,13 +82,6 @@ reject the IP address, can send e-mails, or set host.deny entries. These rules
|
||||
can be defined by the user. Fail2Ban can read multiple log files such as sshd
|
||||
or Apache web server ones.
|
||||
|
||||
%package tests
|
||||
Summary: Test-cases for fail2ban
|
||||
Group: System/Monitoring
|
||||
|
||||
%description tests
|
||||
This package contains fail2ban's testcases
|
||||
|
||||
%package -n SuSEfirewall2-fail2ban
|
||||
Summary: Files for integrating fail2ban into SuSEfirewall2 via systemd
|
||||
Group: Productivity/Networking/Security
|
||||
@ -265,6 +258,10 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/%{name}.conf
|
||||
%{_mandir}/man5/*
|
||||
%doc README.md TODO ChangeLog COPYING doc/*.txt
|
||||
|
||||
# do not include tests as they are executed during the build process
|
||||
%exclude %{_bindir}/fail2ban-testcases
|
||||
%exclude %{python_sitelib}/%{name}/tests
|
||||
|
||||
%if 0%{?_unitdir:1}
|
||||
%files -n SuSEfirewall2-fail2ban
|
||||
%defattr(-,root,root)
|
||||
@ -272,11 +269,6 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/%{name}.conf
|
||||
%{_unitdir}/fail2ban.service.d
|
||||
%endif
|
||||
|
||||
%files tests
|
||||
%defattr(-,root,root)
|
||||
%{_bindir}/fail2ban-testcases
|
||||
%{python_sitelib}/%{name}/tests
|
||||
|
||||
%files -n nagios-plugins-fail2ban
|
||||
%defattr(-,root,root)
|
||||
%doc files/nagios/README COPYING
|
||||
|
Loading…
Reference in New Issue
Block a user