rpm/fail2ban
SHA256
1
0
Fork 0
forked from pool/fail2ban
Code Pull Requests Activity
db67cbee5d
fail2ban/fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
Johannes Weberhofer c876389bbe Accepting request 333138 from home:weberho:branches:security 
- Added fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
  to fix the former failing test and removed
  fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch
- Do not longer create test-package. Developers should not use the packaged
  version of fail2ban.

OBS-URL: https://build.opensuse.org/request/show/333138
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=65
2015-09-23 10:21:57 +00:00

121 lines
5.0 KiB
Diff
Raw Blame History

Only in fail2ban-0.9.3/: ChangeLog.orig
diff -ur fail2ban-0.9.3.orig/fail2ban/server/action.py fail2ban-0.9.3/fail2ban/server/action.py
--- fail2ban-0.9.3.orig/fail2ban/server/action.py 2015-08-01 03:32:13.000000000 +0200
+++ fail2ban-0.9.3/fail2ban/server/action.py 2015-09-23 11:54:38.066927465 +0200
@@ -560,32 +560,33 @@
return True
_cmd_lock.acquire()
- try: # Try wrapped within another try needed for python version < 2.5
+ try:
+ retcode = None # to guarantee being defined upon early except
stdout = tempfile.TemporaryFile(suffix=".stdout", prefix="fai2ban_")
stderr = tempfile.TemporaryFile(suffix=".stderr", prefix="fai2ban_")
- try:
- popen = subprocess.Popen(
- realCmd, stdout=stdout, stderr=stderr, shell=True,
- preexec_fn=os.setsid # so that killpg does not kill our process
- )
- stime = time.time()
+
+ popen = subprocess.Popen(
+ realCmd, stdout=stdout, stderr=stderr, shell=True,
+ preexec_fn=os.setsid # so that killpg does not kill our process
+ )
+ stime = time.time()
+ retcode = popen.poll()
+ while time.time() - stime <= timeout and retcode is None:
+ time.sleep(0.1)
retcode = popen.poll()
- while time.time() - stime <= timeout and retcode is None:
- time.sleep(0.1)
- retcode = popen.poll()
- if retcode is None:
- logSys.error("%s -- timed out after %i seconds." %
- (realCmd, timeout))
- pgid = os.getpgid(popen.pid)
- os.killpg(pgid, signal.SIGTERM) # Terminate the process
+ if retcode is None:
+ logSys.error("%s -- timed out after %i seconds." %
+ (realCmd, timeout))
+ pgid = os.getpgid(popen.pid)
+ os.killpg(pgid, signal.SIGTERM) # Terminate the process
+ time.sleep(0.1)
+ retcode = popen.poll()
+ if retcode is None: # Still going...
+ os.killpg(pgid, signal.SIGKILL) # Kill the process
time.sleep(0.1)
retcode = popen.poll()
- if retcode is None: # Still going...
- os.killpg(pgid, signal.SIGKILL) # Kill the process
- time.sleep(0.1)
- retcode = popen.poll()
- except OSError, e:
- logSys.error("%s -- failed with %s" % (realCmd, e))
+ except OSError as e:
+ logSys.error("%s -- failed with %s" % (realCmd, e))
finally:
_cmd_lock.release()
@@ -603,15 +604,16 @@
return True
elif retcode is None:
logSys.error("%s -- unable to kill PID %i" % (realCmd, popen.pid))
- elif retcode < 0:
- logSys.error("%s -- killed with %s" %
- (realCmd, signame.get(-retcode, "signal %i" % -retcode)))
+ elif retcode < 0 or retcode > 128:
+ # dash would return negative while bash 128 + n
+ sigcode = -retcode if retcode < 0 else retcode - 128
+ logSys.error("%s -- killed with %s (return code: %s)" %
+ (realCmd, signame.get(sigcode, "signal %i" % sigcode), retcode))
else:
msg = _RETCODE_HINTS.get(retcode, None)
logSys.error("%s -- returned %i" % (realCmd, retcode))
if msg:
logSys.info("HINT on %i: %s"
% (retcode, msg % locals()))
- return False
- raise RuntimeError("Command execution failed: %s" % realCmd)
+ return False
diff -ur fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py fail2ban-0.9.3/fail2ban/tests/actiontestcase.py
--- fail2ban-0.9.3.orig/fail2ban/tests/actiontestcase.py 2015-08-01 03:32:13.000000000 +0200
+++ fail2ban-0.9.3/fail2ban/tests/actiontestcase.py 2015-09-23 11:54:38.074927626 +0200
@@ -196,11 +196,10 @@
def testExecuteTimeout(self):
stime = time.time()
# Should take a minute
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'sleep 60', timeout=2)
+ self.assertFalse(CommandAction.executeCmd('sleep 60', timeout=2))
# give a test still 1 second, because system could be too busy
self.assertTrue(time.time() >= stime + 2 and time.time() <= stime + 3)
- self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds')
+ self.assertTrue(self._is_logged('sleep 60 -- timed out after 2 seconds')
or self._is_logged('sleep 60 -- timed out after 3 seconds'))
self.assertTrue(self._is_logged('sleep 60 -- killed with SIGTERM'))
@@ -222,17 +221,16 @@
return int(f.read())
# First test if can kill the bastard
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
+ self.assertFalse(CommandAction.executeCmd(
+ 'bash %s' % tmpFilename, timeout=.1))
# Verify that the proccess itself got killed
self.assertFalse(pid_exists(getnastypid())) # process should have been killed
self.assertTrue(self._is_logged('timed out'))
self.assertTrue(self._is_logged('killed with SIGTERM'))
# A bit evolved case even though, previous test already tests killing children processes
- self.assertRaises(
- RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
- timeout=.2)
+ self.assertFalse(CommandAction.executeCmd(
+ 'out=`bash %s`; echo ALRIGHT' % tmpFilename, timeout=.2))
# Verify that the proccess itself got killed
self.assertFalse(pid_exists(getnastypid()))
self.assertTrue(self._is_logged('timed out'))
View Git Blame Copy Permalink