SHA256
1
0
forked from pool/fail2ban
Stephan Kulow 2015-09-24 04:16:01 +00:00 committed by Git OBS Bridge
commit ca370fae5a
4 changed files with 136 additions and 100 deletions

View File

@ -1,86 +0,0 @@
diff -ur fail2ban-0.9.3-orig/fail2ban/tests/actiontestcase.py fail2ban-0.9.3/fail2ban/tests/actiontestcase.py
--- fail2ban-0.9.3-orig/fail2ban/tests/actiontestcase.py 2015-08-01 03:32:13.000000000 +0200
+++ fail2ban-0.9.3/fail2ban/tests/actiontestcase.py 2015-09-07 08:37:30.842249270 +0200
@@ -204,44 +204,44 @@
or self._is_logged('sleep 60 -- timed out after 3 seconds'))
self.assertTrue(self._is_logged('sleep 60 -- killed with SIGTERM'))
- def testExecuteTimeoutWithNastyChildren(self):
- # temporary file for a nasty kid shell script
- tmpFilename = tempfile.mktemp(".sh", "fail2ban_")
- # Create a nasty script which would hang there for a while
- with open(tmpFilename, 'w') as f:
- f.write("""#!/bin/bash
- trap : HUP EXIT TERM
-
- echo "$$" > %s.pid
- echo "my pid $$ . sleeping lo-o-o-ong"
- sleep 10000
- """ % tmpFilename)
-
- def getnastypid():
- with open(tmpFilename + '.pid') as f:
- return int(f.read())
-
- # First test if can kill the bastard
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
- # Verify that the proccess itself got killed
- self.assertFalse(pid_exists(getnastypid())) # process should have been killed
- self.assertTrue(self._is_logged('timed out'))
- self.assertTrue(self._is_logged('killed with SIGTERM'))
-
- # A bit evolved case even though, previous test already tests killing children processes
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
- timeout=.2)
- # Verify that the proccess itself got killed
- self.assertFalse(pid_exists(getnastypid()))
- self.assertTrue(self._is_logged('timed out'))
- self.assertTrue(self._is_logged('killed with SIGTERM'))
-
- os.unlink(tmpFilename)
- os.unlink(tmpFilename + '.pid')
-
-
+# def testExecuteTimeoutWithNastyChildren(self):
+# # temporary file for a nasty kid shell script
+# tmpFilename = tempfile.mktemp(".sh", "fail2ban_")
+# # Create a nasty script which would hang there for a while
+# with open(tmpFilename, 'w') as f:
+# f.write("""#!/bin/bash
+# trap : HUP EXIT TERM
+#
+# echo "$$" > %s.pid
+# echo "my pid $$ . sleeping lo-o-o-ong"
+# sleep 10000
+# """ % tmpFilename)
+#
+# def getnastypid():
+# with open(tmpFilename + '.pid') as f:
+# return int(f.read())
+#
+# # First test if can kill the bastard
+# self.assertRaises(
+# RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
+# # Verify that the proccess itself got killed
+# self.assertFalse(pid_exists(getnastypid())) # process should have been killed
+# self.assertTrue(self._is_logged('timed out'))
+# self.assertTrue(self._is_logged('killed with SIGTERM'))
+#
+# # A bit evolved case even though, previous test already tests killing children processes
+# self.assertRaises(
+# RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
+# timeout=.2)
+# # Verify that the proccess itself got killed
+# self.assertFalse(pid_exists(getnastypid()))
+# self.assertTrue(self._is_logged('timed out'))
+# self.assertTrue(self._is_logged('killed with SIGTERM'))
+#
+# os.unlink(tmpFilename)
+# os.unlink(tmpFilename + '.pid')
+#
+#
def testCaptureStdOutErr(self):
CommandAction.executeCmd('echo "How now brown cow"')
self.assertTrue(self._is_logged("'How now brown cow\\n'"))

View File

@ -0,0 +1,120 @@
Only in fail2ban-0.9.3/: ChangeLog.orig
diff -ur fail2ban-0.9.3.orig/fail2ban/server/action.py fail2ban-0.9.3/fail2ban/server/action.py
--- fail2ban-0.9.3.orig/fail2ban/server/action.py 2015-08-01 03:32:13.000000000 +0200
+++ fail2ban-0.9.3/fail2ban/server/action.py 2015-09-23 11:54:38.066927465 +0200
@@ -560,32 +560,33 @@
return True
_cmd_lock.acquire()
- try: # Try wrapped within another try needed for python version < 2.5
+ try:
+ retcode = None # to guarantee being defined upon early except
stdout = tempfile.TemporaryFile(suffix=".stdout", prefix="fai2ban_")
stderr = tempfile.TemporaryFile(suffix=".stderr", prefix="fai2ban_")
- try:
- popen = subprocess.Popen(
- realCmd, stdout=stdout, stderr=stderr, shell=True,
- preexec_fn=os.setsid # so that killpg does not kill our process
- )
- stime = time.time()
+
+ popen = subprocess.Popen(
+ realCmd, stdout=stdout, stderr=stderr, shell=True,
+ preexec_fn=os.setsid # so that killpg does not kill our process
+ )
+ stime = time.time()
+ retcode = popen.poll()
+ while time.time() - stime <= timeout and retcode is None:
+ time.sleep(0.1)
retcode = popen.poll()
- while time.time() - stime <= timeout and retcode is None:
- time.sleep(0.1)
- retcode = popen.poll()
- if retcode is None:
- logSys.error("%s -- timed out after %i seconds." %
- (realCmd, timeout))
- pgid = os.getpgid(popen.pid)
- os.killpg(pgid, signal.SIGTERM) # Terminate the process
+ if retcode is None:
+ logSys.error("%s -- timed out after %i seconds." %
+ (realCmd, timeout))
+ pgid = os.getpgid(popen.pid)
+ os.killpg(pgid, signal.SIGTERM) # Terminate the process
+ time.sleep(0.1)
+ retcode = popen.poll()
+ if retcode is None: # Still going...
+ os.killpg(pgid, signal.SIGKILL) # Kill the process
time.sleep(0.1)
retcode = popen.poll()
- if retcode is None: # Still going...
- os.killpg(pgid, signal.SIGKILL) # Kill the process
- time.sleep(0.1)
- retcode = popen.poll()
- except OSError, e:
- logSys.error("%s -- failed with %s" % (realCmd, e))
+ except OSError as e:
+ logSys.error("%s -- failed with %s" % (realCmd, e))
finally:
_cmd_lock.release()
@@ -603,15 +604,16 @@
return True
elif retcode is None:
logSys.error("%s -- unable to kill PID %i" % (realCmd, popen.pid))
- elif retcode < 0:
- logSys.error("%s -- killed with %s" %
- (realCmd, signame.get(-retcode, "signal %i" % -retcode)))
+ elif retcode < 0 or retcode > 128:
+ # dash would return negative while bash 128 + n
+ sigcode = -retcode if retcode < 0 else retcode - 128
+ logSys.error("%s -- killed with %s (return code: %s)" %
+ (realCmd, signame.get(sigcode, "signal %i" % sigcode), retcode))
else:
msg = _RETCODE_HINTS.get(retcode, None)
logSys.error("%s -- returned %i" % (realCmd, retcode))
if msg:
logSys.info("HINT on %i: %s"
% (retcode, msg % locals()))
- return False
- raise RuntimeError("Command execution failed: %s" % realCmd)
+ return False
diff -ur fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py fail2ban-0.9.3/fail2ban/tests/actiontestcase.py
--- fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py 2015-08-01 03:32:13.000000000 +0200
+++ fail2ban-0.9.3/fail2ban/tests/actiontestcase.py 2015-09-23 11:54:38.074927626 +0200
@@ -196,11 +196,10 @@
def testExecuteTimeout(self):
stime = time.time()
# Should take a minute
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'sleep 60', timeout=2)
+ self.assertFalse(CommandAction.executeCmd('sleep 60', timeout=2))
# give a test still 1 second, because system could be too busy
self.assertTrue(time.time() >= stime + 2 and time.time() <= stime + 3)
- self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds')
+ self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds')
or self._is_logged('sleep 60 -- timed out after 3 seconds'))
self.assertTrue(self._is_logged('sleep 60 -- killed with SIGTERM'))
@@ -222,17 +221,16 @@
return int(f.read())
# First test if can kill the bastard
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
+ self.assertFalse(CommandAction.executeCmd(
+ 'bash %s' % tmpFilename, timeout=.1))
# Verify that the proccess itself got killed
self.assertFalse(pid_exists(getnastypid())) # process should have been killed
self.assertTrue(self._is_logged('timed out'))
self.assertTrue(self._is_logged('killed with SIGTERM'))
# A bit evolved case even though, previous test already tests killing children processes
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
- timeout=.2)
+ self.assertFalse(CommandAction.executeCmd(
+ 'out=`bash %s`; echo ALRIGHT' % tmpFilename, timeout=.2))
# Verify that the proccess itself got killed
self.assertFalse(pid_exists(getnastypid()))
self.assertTrue(self._is_logged('timed out'))

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Sep 23 10:10:17 UTC 2015 - jweberhofer@weberhofer.at
- Added fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
to fix the former failing test and removed
fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch
- Do not longer create test-package. Developers should not use the packaged
version of fail2ban.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 7 09:45:56 UTC 2015 - jweberhofer@weberhofer.at Mon Sep 7 09:45:56 UTC 2015 - jweberhofer@weberhofer.at

View File

@ -37,8 +37,8 @@ Source200: %{name}-rpmlintrc
Patch100: fail2ban-opensuse-locations.patch Patch100: fail2ban-opensuse-locations.patch
# PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file
Patch101: fail2ban-opensuse-service.patch Patch101: fail2ban-opensuse-service.patch
# PATCH-FIX-OPENSUSE fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch jweberhofer@weberhofer.at -- disable test which currently fails on some systems # PATCH-FIX-UPSTREAM fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch jweberhofer@weberhofer.at -- fix failing test
Patch102: fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch Patch102: fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
# PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
Patch200: fail2ban-disable-iptables-w-option.patch Patch200: fail2ban-disable-iptables-w-option.patch
# PATCH-FIX-OPENSUSE fail2ban-exclude-dev-log-tests.patch jweberhofer@weberhofer.at -- remove tests that can't work on opensuse < 13.3 # PATCH-FIX-OPENSUSE fail2ban-exclude-dev-log-tests.patch jweberhofer@weberhofer.at -- remove tests that can't work on opensuse < 13.3
@ -82,13 +82,6 @@ reject the IP address, can send e-mails, or set host.deny entries. These rules
can be defined by the user. Fail2Ban can read multiple log files such as sshd can be defined by the user. Fail2Ban can read multiple log files such as sshd
or Apache web server ones. or Apache web server ones.
%package tests
Summary: Test-cases for fail2ban
Group: System/Monitoring
%description tests
This package contains fail2ban's testcases
%package -n SuSEfirewall2-fail2ban %package -n SuSEfirewall2-fail2ban
Summary: Files for integrating fail2ban into SuSEfirewall2 via systemd Summary: Files for integrating fail2ban into SuSEfirewall2 via systemd
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
@ -265,6 +258,10 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/%{name}.conf
%{_mandir}/man5/* %{_mandir}/man5/*
%doc README.md TODO ChangeLog COPYING doc/*.txt %doc README.md TODO ChangeLog COPYING doc/*.txt
# do not include tests as they are executed during the build process
%exclude %{_bindir}/fail2ban-testcases
%exclude %{python_sitelib}/%{name}/tests
%if 0%{?_unitdir:1} %if 0%{?_unitdir:1}
%files -n SuSEfirewall2-fail2ban %files -n SuSEfirewall2-fail2ban
%defattr(-,root,root) %defattr(-,root,root)
@ -272,11 +269,6 @@ systemd-tmpfiles --create %{_libexecdir}/tmpfiles.d/%{name}.conf
%{_unitdir}/fail2ban.service.d %{_unitdir}/fail2ban.service.d
%endif %endif
%files tests
%defattr(-,root,root)
%{_bindir}/fail2ban-testcases
%{python_sitelib}/%{name}/tests
%files -n nagios-plugins-fail2ban %files -n nagios-plugins-fail2ban
%defattr(-,root,root) %defattr(-,root,root)
%doc files/nagios/README COPYING %doc files/nagios/README COPYING