diff options
Diffstat (limited to 'meta-security/recipes-security')
14 files changed, 36 insertions, 2672 deletions
diff --git a/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch b/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch deleted file mode 100644 index ee872ec41..000000000 --- a/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch +++ /dev/null @@ -1,2527 +0,0 @@ -From abaa20435bac7decffa69e6f965aac9ce29aff6a Mon Sep 17 00:00:00 2001 -From: Armin Kuster <akuster808@gmail.com> -Date: Wed, 12 Feb 2020 17:19:15 +0000 -Subject: [PATCH] python3-fail2ban: 2-3 conversion - -Upstream-Status: OE specific. - -fail2ban handles py3 via a 2-3 conversion utility. - -Signed-off-by: Armin Kuster <akuster808@gmail.com> ---- - fail2ban/client/actionreader.py | 4 +- - fail2ban/client/configparserinc.py | 10 +- - fail2ban/client/configreader.py | 4 +- - fail2ban/client/csocket.py | 4 +- - fail2ban/client/fail2banclient.py | 4 +- - fail2ban/client/fail2banregex.py | 20 +- - fail2ban/client/filterreader.py | 2 +- - fail2ban/client/jailreader.py | 4 +- - fail2ban/helpers.py | 15 +- - fail2ban/server/action.py | 19 +- - fail2ban/server/actions.py | 24 +- - fail2ban/server/asyncserver.py | 4 +- - fail2ban/server/banmanager.py | 18 +- - fail2ban/server/database.py | 6 +- - fail2ban/server/failmanager.py | 8 +- - fail2ban/server/failregex.py | 9 +- - fail2ban/server/filter.py | 12 +- - fail2ban/server/filterpoll.py | 2 +- - fail2ban/server/filterpyinotify.py | 6 +- - fail2ban/server/ipdns.py | 16 +- - fail2ban/server/jail.py | 14 +- - fail2ban/server/mytime.py | 2 +- - fail2ban/server/server.py | 18 +- - fail2ban/server/strptime.py | 6 +- - fail2ban/server/ticket.py | 14 +- - fail2ban/server/transmitter.py | 2 +- - fail2ban/server/utils.py | 6 +- - fail2ban/tests/action_d/test_badips.py | 2 +- - fail2ban/tests/actiontestcase.py | 4 +- - fail2ban/tests/clientreadertestcase.py | 4 +- - fail2ban/tests/databasetestcase.py | 16 +- - fail2ban/tests/datedetectortestcase.py | 6 +- - fail2ban/tests/fail2banclienttestcase.py | 8 +- - fail2ban/tests/failmanagertestcase.py | 10 +- - .../tests/files/config/apache-auth/digest.py | 20 +- - fail2ban/tests/filtertestcase.py | 92 ++--- - fail2ban/tests/misctestcase.py | 22 +- - fail2ban/tests/observertestcase.py | 34 +- - fail2ban/tests/samplestestcase.py | 8 +- - fail2ban/tests/servertestcase.py | 28 +- - fail2ban/tests/sockettestcase.py | 2 +- - fail2ban/tests/utils.py | 22 +- - setup.py | 326 ------------------ - 43 files changed, 264 insertions(+), 593 deletions(-) - delete mode 100755 setup.py - -diff --git a/fail2ban/client/actionreader.py b/fail2ban/client/actionreader.py -index 80617a50..ecf323c5 100644 ---- a/fail2ban/client/actionreader.py -+++ b/fail2ban/client/actionreader.py -@@ -90,11 +90,11 @@ class ActionReader(DefinitionInitConfigReader): - stream = list() - stream.append(head + ["addaction", self._name]) - multi = [] -- for opt, optval in opts.iteritems(): -+ for opt, optval in opts.items(): - if opt in self._configOpts and not opt.startswith('known/'): - multi.append([opt, optval]) - if self._initOpts: -- for opt, optval in self._initOpts.iteritems(): -+ for opt, optval in self._initOpts.items(): - if opt not in self._configOpts and not opt.startswith('known/'): - multi.append([opt, optval]) - if len(multi) > 1: -diff --git a/fail2ban/client/configparserinc.py b/fail2ban/client/configparserinc.py -index e0f39579..45c77437 100644 ---- a/fail2ban/client/configparserinc.py -+++ b/fail2ban/client/configparserinc.py -@@ -62,7 +62,7 @@ if sys.version_info >= (3,2): - parser, option, accum, rest, section, map, *args, **kwargs) - - else: # pragma: no cover -- from ConfigParser import SafeConfigParser, \ -+ from configparser import SafeConfigParser, \ - InterpolationMissingOptionError, NoOptionError, NoSectionError - - # Interpolate missing known/option as option from default section -@@ -327,7 +327,7 @@ after = 1.conf - # mix it with defaults: - return set(opts.keys()) | set(self._defaults) - # only own option names: -- return opts.keys() -+ return list(opts.keys()) - - def read(self, filenames, get_includes=True): - if not isinstance(filenames, list): -@@ -356,7 +356,7 @@ after = 1.conf - ret += i - # merge defaults and all sections to self: - alld.update(cfg.get_defaults()) -- for n, s in cfg.get_sections().iteritems(): -+ for n, s in cfg.get_sections().items(): - # conditional sections - cond = SafeConfigParserWithIncludes.CONDITIONAL_RE.match(n) - if cond: -@@ -366,7 +366,7 @@ after = 1.conf - del(s['__name__']) - except KeyError: - pass -- for k in s.keys(): -+ for k in list(s.keys()): - v = s.pop(k) - s[k + cond] = v - s2 = alls.get(n) -@@ -399,7 +399,7 @@ after = 1.conf - sec.update(options) - return - sk = {} -- for k, v in options.iteritems(): -+ for k, v in options.items(): - if not k.startswith(pref) and k != '__name__': - sk[pref+k] = v - sec.update(sk) -diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py -index 20709b72..b5167409 100644 ---- a/fail2ban/client/configreader.py -+++ b/fail2ban/client/configreader.py -@@ -26,7 +26,7 @@ __license__ = "GPL" - - import glob - import os --from ConfigParser import NoOptionError, NoSectionError -+from configparser import NoOptionError, NoSectionError - - from .configparserinc import sys, SafeConfigParserWithIncludes, logLevel - from ..helpers import getLogger, _as_bool, _merge_dicts, substituteRecursiveTags -@@ -197,7 +197,7 @@ class ConfigReaderUnshared(SafeConfigParserWithIncludes): - config_files += sorted(glob.glob('%s/*.local' % config_dir)) - - # choose only existing ones -- config_files = filter(os.path.exists, config_files) -+ config_files = list(filter(os.path.exists, config_files)) - - if len(config_files): - # at least one config exists and accessible -diff --git a/fail2ban/client/csocket.py b/fail2ban/client/csocket.py -index ab3e294b..9417cde9 100644 ---- a/fail2ban/client/csocket.py -+++ b/fail2ban/client/csocket.py -@@ -47,7 +47,7 @@ class CSocket: - - def send(self, msg, nonblocking=False, timeout=None): - # Convert every list member to string -- obj = dumps(map(CSocket.convert, msg), HIGHEST_PROTOCOL) -+ obj = dumps(list(map(CSocket.convert, msg)), HIGHEST_PROTOCOL) - self.__csock.send(obj + CSPROTO.END) - return self.receive(self.__csock, nonblocking, timeout) - -@@ -71,7 +71,7 @@ class CSocket: - @staticmethod - def convert(m): - """Convert every "unexpected" member of message to string""" -- if isinstance(m, (basestring, bool, int, float, list, dict, set)): -+ if isinstance(m, (str, bool, int, float, list, dict, set)): - return m - else: # pragma: no cover - return str(m) -diff --git a/fail2ban/client/fail2banclient.py b/fail2ban/client/fail2banclient.py -index 7c90ca40..7eb11684 100755 ---- a/fail2ban/client/fail2banclient.py -+++ b/fail2ban/client/fail2banclient.py -@@ -45,7 +45,7 @@ def _thread_name(): - return threading.current_thread().__class__.__name__ - - def input_command(): # pragma: no cover -- return raw_input(PROMPT) -+ return input(PROMPT) - - ## - # -@@ -444,7 +444,7 @@ class Fail2banClient(Fail2banCmdLine, Thread): - return False - finally: - self._alive = False -- for s, sh in _prev_signals.iteritems(): -+ for s, sh in _prev_signals.items(): - signal.signal(s, sh) - - -diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py -index 513b765d..4a71b3c0 100644 ---- a/fail2ban/client/fail2banregex.py -+++ b/fail2ban/client/fail2banregex.py -@@ -41,10 +41,10 @@ import shlex - import sys - import time - import time --import urllib -+import urllib.request, urllib.parse, urllib.error - from optparse import OptionParser, Option - --from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError -+from configparser import NoOptionError, NoSectionError, MissingSectionHeaderError - - try: # pragma: no cover - from ..server.filtersystemd import FilterSystemd -@@ -68,7 +68,7 @@ def debuggexURL(sample, regex, multiline=False, useDns="yes"): - 'flavor': 'python' - } - if multiline: args['flags'] = 'm' -- return 'https://www.debuggex.com/?' + urllib.urlencode(args) -+ return 'https://www.debuggex.com/?' + urllib.parse.urlencode(args) - - def output(args): # pragma: no cover (overriden in test-cases) - print(args) -@@ -244,7 +244,7 @@ class Fail2banRegex(object): - - def __init__(self, opts): - # set local protected members from given options: -- self.__dict__.update(dict(('_'+o,v) for o,v in opts.__dict__.iteritems())) -+ self.__dict__.update(dict(('_'+o,v) for o,v in opts.__dict__.items())) - self._opts = opts - self._maxlines_set = False # so we allow to override maxlines in cmdline - self._datepattern_set = False -@@ -304,7 +304,7 @@ class Fail2banRegex(object): - realopts = {} - combopts = reader.getCombined() - # output all options that are specified in filter-argument as well as some special (mostly interested): -- for k in ['logtype', 'datepattern'] + fltOpt.keys(): -+ for k in ['logtype', 'datepattern'] + list(fltOpt.keys()): - # combined options win, but they contain only a sub-set in filter expected keys, - # so get the rest from definition section: - try: -@@ -424,7 +424,7 @@ class Fail2banRegex(object): - self.output( "Use %11s line : %s" % (regex, shortstr(value)) ) - regex_values = {regextype: [RegexStat(value)]} - -- for regextype, regex_values in regex_values.iteritems(): -+ for regextype, regex_values in regex_values.items(): - regex = regextype + 'regex' - setattr(self, "_" + regex, regex_values) - for regex in regex_values: -@@ -523,10 +523,10 @@ class Fail2banRegex(object): - output(ret[1]) - elif self._opts.out == 'msg': - for ret in ret: -- output('\n'.join(map(lambda v:''.join(v for v in v), ret[3].get('matches')))) -+ output('\n'.join([''.join(v for v in v) for v in ret[3].get('matches')])) - elif self._opts.out == 'row': - for ret in ret: -- output('[%r,\t%r,\t%r],' % (ret[1],ret[2],dict((k,v) for k, v in ret[3].iteritems() if k != 'matches'))) -+ output('[%r,\t%r,\t%r],' % (ret[1],ret[2],dict((k,v) for k, v in ret[3].items() if k != 'matches'))) - else: - for ret in ret: - output(ret[3].get(self._opts.out)) -@@ -565,9 +565,9 @@ class Fail2banRegex(object): - ans = [[]] - for arg in [l, regexlist]: - ans = [ x + [y] for x in ans for y in arg ] -- b = map(lambda a: a[0] + ' | ' + a[1].getFailRegex() + ' | ' + -+ b = [a[0] + ' | ' + a[1].getFailRegex() + ' | ' + - debuggexURL(self.encode_line(a[0]), a[1].getFailRegex(), -- multiline, self._opts.usedns), ans) -+ multiline, self._opts.usedns) for a in ans] - pprint_list([x.rstrip() for x in b], header) - else: - output( "%s too many to print. Use --print-all-%s " \ -diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py -index 413f125e..4f0cc4cf 100644 ---- a/fail2ban/client/filterreader.py -+++ b/fail2ban/client/filterreader.py -@@ -71,7 +71,7 @@ class FilterReader(DefinitionInitConfigReader): - @staticmethod - def _fillStream(stream, opts, jailName): - prio0idx = 0 -- for opt, value in opts.iteritems(): -+ for opt, value in opts.items(): - if opt in ("failregex", "ignoreregex"): - if value is None: continue - multi = [] -diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py -index 50c1d047..969d0bc0 100644 ---- a/fail2ban/client/jailreader.py -+++ b/fail2ban/client/jailreader.py -@@ -117,7 +117,7 @@ class JailReader(ConfigReader): - } - _configOpts.update(FilterReader._configOpts) - -- _ignoreOpts = set(['action', 'filter', 'enabled'] + FilterReader._configOpts.keys()) -+ _ignoreOpts = set(['action', 'filter', 'enabled'] + list(FilterReader._configOpts.keys())) - - def getOptions(self): - -@@ -236,7 +236,7 @@ class JailReader(ConfigReader): - stream.extend(self.__filter.convert()) - # and using options from jail: - FilterReader._fillStream(stream, self.__opts, self.__name) -- for opt, value in self.__opts.iteritems(): -+ for opt, value in self.__opts.items(): - if opt == "logpath": - if self.__opts.get('backend', '').startswith("systemd"): continue - found_files = 0 -diff --git a/fail2ban/helpers.py b/fail2ban/helpers.py -index 6f2bcdd7..7e563696 100644 ---- a/fail2ban/helpers.py -+++ b/fail2ban/helpers.py -@@ -31,6 +31,7 @@ import traceback - from threading import Lock - - from .server.mytime import MyTime -+import importlib - - try: - import ctypes -@@ -63,7 +64,7 @@ if sys.version_info < (3,): # pragma: 3.x no cover - from imp import load_dynamic as __ldm - _sys = __ldm('_sys', 'sys') - except ImportError: # pragma: no cover - only if load_dynamic fails -- reload(sys) -+ importlib.reload(sys) - _sys = sys - if hasattr(_sys, "setdefaultencoding"): - _sys.setdefaultencoding(encoding) -@@ -101,7 +102,7 @@ if sys.version_info >= (3,): # pragma: 2.x no cover - else: # pragma: 3.x no cover - def uni_decode(x, enc=PREFER_ENC, errors='strict'): - try: -- if isinstance(x, unicode): -+ if isinstance(x, str): - return x.encode(enc, errors) - return x - except (UnicodeDecodeError, UnicodeEncodeError): # pragma: no cover - unsure if reachable -@@ -110,7 +111,7 @@ else: # pragma: 3.x no cover - return x.encode(enc, 'replace') - if sys.getdefaultencoding().upper() != 'UTF-8': # pragma: no cover - utf-8 is default encoding now - def uni_string(x): -- if not isinstance(x, unicode): -+ if not isinstance(x, str): - return str(x) - return x.encode(PREFER_ENC, 'replace') - else: -@@ -118,7 +119,7 @@ else: # pragma: 3.x no cover - - - def _as_bool(val): -- return bool(val) if not isinstance(val, basestring) \ -+ return bool(val) if not isinstance(val, str) \ - else val.lower() in ('1', 'on', 'true', 'yes') - - -@@ -326,7 +327,7 @@ def splitwords(s): - """ - if not s: - return [] -- return filter(bool, map(lambda v: v.strip(), re.split('[ ,\n]+', s))) -+ return list(filter(bool, [v.strip() for v in re.split('[ ,\n]+', s)])) - - if sys.version_info >= (3,5): - eval(compile(r'''if 1: -@@ -436,7 +437,7 @@ def substituteRecursiveTags(inptags, conditional='', - while True: - repFlag = False - # substitute each value: -- for tag in tags.iterkeys(): -+ for tag in tags.keys(): - # ignore escaped or already done (or in ignore list): - if tag in ignore or tag in done: continue - # ignore replacing callable items from calling map - should be converted on demand only (by get): -@@ -476,7 +477,7 @@ def substituteRecursiveTags(inptags, conditional='', - m = tre_search(value, m.end()) - continue - # if calling map - be sure we've string: -- if not isinstance(repl, basestring): repl = uni_string(repl) -+ if not isinstance(repl, str): repl = uni_string(repl) - value = value.replace('<%s>' % rtag, repl) - #logSys.log(5, 'value now: %s' % value) - # increment reference count: -diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py -index 5c817fc0..81d50689 100644 ---- a/fail2ban/server/action.py -+++ b/fail2ban/server/action.py -@@ -111,9 +111,9 @@ class CallingMap(MutableMapping, object): - def _asdict(self, calculated=False, checker=None): - d = dict(self.data, **self.storage) - if not calculated: -- return dict((n,v) for n,v in d.iteritems() \ -+ return dict((n,v) for n,v in d.items() \ - if not callable(v) or n in self.CM_REPR_ITEMS) -- for n,v in d.items(): -+ for n,v in list(d.items()): - if callable(v): - try: - # calculate: -@@ -179,7 +179,7 @@ class CallingMap(MutableMapping, object): - return self.__class__(_merge_copy_dicts(self.data, self.storage)) - - --class ActionBase(object): -+class ActionBase(object, metaclass=ABCMeta): - """An abstract base class for actions in Fail2Ban. - - Action Base is a base definition of what methods need to be in -@@ -209,7 +209,6 @@ class ActionBase(object): - Any additional arguments specified in `jail.conf` or passed - via `fail2ban-client` will be passed as keyword arguments. - """ -- __metaclass__ = ABCMeta - - @classmethod - def __subclasshook__(cls, C): -@@ -420,7 +419,7 @@ class CommandAction(ActionBase): - if not callable(family): # pragma: no cover - return self.__substCache.get(key, {}).get(family) - # family as expression - use it to filter values: -- return [v for f, v in self.__substCache.get(key, {}).iteritems() if family(f)] -+ return [v for f, v in self.__substCache.get(key, {}).items() if family(f)] - cmd = args[0] - if cmd: # set: - try: -@@ -432,7 +431,7 @@ class CommandAction(ActionBase): - try: - famd = self.__substCache[key] - cmd = famd.pop(family) -- for family, v in famd.items(): -+ for family, v in list(famd.items()): - if v == cmd: - del famd[family] - except KeyError: # pragma: no cover -@@ -448,7 +447,7 @@ class CommandAction(ActionBase): - res = True - err = 'Script error' - if not family: # all started: -- family = [famoper for (famoper,v) in self.__started.iteritems() if v] -+ family = [famoper for (famoper,v) in self.__started.items() if v] - for famoper in family: - try: - cmd = self._getOperation(tag, famoper) -@@ -617,7 +616,7 @@ class CommandAction(ActionBase): - and executes the resulting command. - """ - # collect started families, may be started on demand (conditional): -- family = [f for (f,v) in self.__started.iteritems() if v & 3 == 3]; # started and contains items -+ family = [f for (f,v) in self.__started.items() if v & 3 == 3]; # started and contains items - # if nothing contains items: - if not family: return True - # flush: -@@ -642,7 +641,7 @@ class CommandAction(ActionBase): - """ - # collect started families, if started on demand (conditional): - if family is None: -- family = [f for (f,v) in self.__started.iteritems() if v] -+ family = [f for (f,v) in self.__started.items() if v] - # if no started (on demand) actions: - if not family: return True - self.__started = {} -@@ -676,7 +675,7 @@ class CommandAction(ActionBase): - ret = True - # for each started family: - if self.actioncheck: -- for (family, started) in self.__started.items(): -+ for (family, started) in list(self.__started.items()): - if started and not self._invariantCheck(family, beforeRepair): - # reset started flag and command of executed operation: - self.__started[family] = 0 -diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py -index 24fea838..94b9c3ed 100644 ---- a/fail2ban/server/actions.py -+++ b/fail2ban/server/actions.py -@@ -156,11 +156,11 @@ class Actions(JailThread, Mapping): - else: - if hasattr(self, '_reload_actions'): - # reload actions after all parameters set via stream: -- for name, initOpts in self._reload_actions.iteritems(): -+ for name, initOpts in self._reload_actions.items(): - if name in self._actions: - self._actions[name].reload(**(initOpts if initOpts else {})) - # remove obsolete actions (untouched by reload process): -- delacts = OrderedDict((name, action) for name, action in self._actions.iteritems() -+ delacts = OrderedDict((name, action) for name, action in self._actions.items() - if name not in self._reload_actions) - if len(delacts): - # unban all tickets using removed actions only: -@@ -289,7 +289,7 @@ class Actions(JailThread, Mapping): - """ - if actions is None: - actions = self._actions -- revactions = actions.items() -+ revactions = list(actions.items()) - revactions.reverse() - for name, action in revactions: - try: -@@ -314,7 +314,7 @@ class Actions(JailThread, Mapping): - True when the thread exits nicely. - """ - cnt = 0 -- for name, action in self._actions.iteritems(): -+ for name, action in self._actions.items(): - try: - action.start() - except Exception as e: -@@ -474,7 +474,7 @@ class Actions(JailThread, Mapping): - Observers.Main.add('banFound', bTicket, self._jail, btime) - logSys.notice("[%s] %sBan %s", self._jail.name, ('' if not bTicket.restored else 'Restore '), ip) - # do actions : -- for name, action in self._actions.iteritems(): -+ for name, action in self._actions.items(): - try: - if ticket.restored and getattr(action, 'norestored', False): - continue -@@ -511,13 +511,13 @@ class Actions(JailThread, Mapping): - if bTicket.banEpoch == self.banEpoch and diftm > 3: - # avoid too often checks: - if not rebanacts and MyTime.time() > self.__lastConsistencyCheckTM + 3: -- for action in self._actions.itervalues(): -+ for action in self._actions.values(): - action.consistencyCheck() - self.__lastConsistencyCheckTM = MyTime.time() - # check epoch in order to reban it: - if bTicket.banEpoch < self.banEpoch: - if not rebanacts: rebanacts = dict( -- (name, action) for name, action in self._actions.iteritems() -+ (name, action) for name, action in self._actions.items() - if action.banEpoch > bTicket.banEpoch) - cnt += self.__reBan(bTicket, actions=rebanacts) - else: # pragma: no cover - unexpected: ticket is not banned for some reasons - reban using all actions: -@@ -542,8 +542,8 @@ class Actions(JailThread, Mapping): - ip = ticket.getIP() - aInfo = self.__getActionInfo(ticket) - if log: -- logSys.notice("[%s] Reban %s%s", self._jail.name, aInfo["ip"], (', action %r' % actions.keys()[0] if len(actions) == 1 else '')) -- for name, action in actions.iteritems(): -+ logSys.notice("[%s] Reban %s%s", self._jail.name, aInfo["ip"], (', action %r' % list(actions.keys())[0] if len(actions) == 1 else '')) -+ for name, action in actions.items(): - try: - logSys.debug("[%s] action %r: reban %s", self._jail.name, name, ip) - if not aInfo.immutable: aInfo.reset() -@@ -567,7 +567,7 @@ class Actions(JailThread, Mapping): - if not self.__banManager._inBanList(ticket): return - # do actions : - aInfo = None -- for name, action in self._actions.iteritems(): -+ for name, action in self._actions.items(): - try: - if ticket.restored and getattr(action, 'norestored', False): - continue -@@ -616,7 +616,7 @@ class Actions(JailThread, Mapping): - cnt = 0 - # first we'll execute flush for actions supporting this operation: - unbactions = {} -- for name, action in (actions if actions is not None else self._actions).iteritems(): -+ for name, action in (actions if actions is not None else self._actions).items(): - try: - if hasattr(action, 'flush') and (not isinstance(action, CommandAction) or action.actionflush): - logSys.notice("[%s] Flush ticket(s) with %s", self._jail.name, name) -@@ -671,7 +671,7 @@ class Actions(JailThread, Mapping): - aInfo = self.__getActionInfo(ticket) - if log: - logSys.notice("[%s] Unban %s", self._jail.name, aInfo["ip"]) -- for name, action in unbactions.iteritems(): -+ for name, action in unbactions.items(): - try: - logSys.debug("[%s] action %r: unban %s", self._jail.name, name, ip) - if not aInfo.immutable: aInfo.reset() -diff --git a/fail2ban/server/asyncserver.py b/fail2ban/server/asyncserver.py -index e3400737..f5f9740b 100644 ---- a/fail2ban/server/asyncserver.py -+++ b/fail2ban/server/asyncserver.py -@@ -178,7 +178,7 @@ def loop(active, timeout=None, use_poll=False, err_count=None): - elif err_count['listen'] > 100: # pragma: no cover - normally unreachable - if ( - e.args[0] == errno.EMFILE # [Errno 24] Too many open files -- or sum(err_count.itervalues()) > 1000 -+ or sum(err_count.values()) > 1000 - ): - logSys.critical("Too many errors - critical count reached %r", err_count) - break -@@ -220,7 +220,7 @@ class AsyncServer(asyncore.dispatcher): - elif self.__errCount['accept'] > 100: - if ( - (isinstance(e, socket.error) and e.args[0] == errno.EMFILE) # [Errno 24] Too many open files -- or sum(self.__errCount.itervalues()) > 1000 -+ or sum(self.__errCount.values()) > 1000 - ): - logSys.critical("Too many errors - critical count reached %r", self.__errCount) - self.stop() -diff --git a/fail2ban/server/banmanager.py b/fail2ban/server/banmanager.py -index 5770bfd7..9bb44971 100644 ---- a/fail2ban/server/banmanager.py -+++ b/fail2ban/server/banmanager.py -@@ -105,9 +105,9 @@ class BanManager: - def getBanList(self, ordered=False, withTime=False): - with self.__lock: - if not ordered: -- return self.__banList.keys() -+ return list(self.__banList.keys()) - lst = [] -- for ticket in self.__banList.itervalues(): -+ for ticket in self.__banList.values(): - eob = ticket.getEndOfBanTime(self.__banTime) - lst.append((ticket,eob)) - lst.sort(key=lambda t: t[1]) -@@ -126,7 +126,7 @@ class BanManager: - - def __iter__(self): - with self.__lock: -- return self.__banList.itervalues() -+ return iter(self.__banList.values()) - - ## - # Returns normalized value -@@ -165,7 +165,7 @@ class BanManager: - return return_dict - # get ips in lock: - with self.__lock: -- banIPs = [banData.getIP() for banData in self.__banList.values()] -+ banIPs = [banData.getIP() for banData in list(self.__banList.values())] - # get cymru info: - try: - for ip in banIPs: -@@ -341,7 +341,7 @@ class BanManager: - # Gets the list of ticket to remove (thereby correct next unban time). - unBanList = {} - nextUnbanTime = BanTicket.MAX_TIME -- for fid,ticket in self.__banList.iteritems(): -+ for fid,ticket in self.__banList.items(): - # current time greater as end of ban - timed out: - eob = ticket.getEndOfBanTime(self.__banTime) - if time > eob: -@@ -357,15 +357,15 @@ class BanManager: - if len(unBanList): - if len(unBanList) / 2.0 <= len(self.__banList) / 3.0: - # few as 2/3 should be removed - remove particular items: -- for fid in unBanList.iterkeys(): -+ for fid in unBanList.keys(): - del self.__banList[fid] - else: - # create new dictionary without items to be deleted: -- self.__banList = dict((fid,ticket) for fid,ticket in self.__banList.iteritems() \ -+ self.__banList = dict((fid,ticket) for fid,ticket in self.__banList.items() \ - if fid not in unBanList) - - # return list of tickets: -- return unBanList.values() -+ return list(unBanList.values()) - - ## - # Flush the ban list. -@@ -375,7 +375,7 @@ class BanManager: - - def flushBanList(self): - with self.__lock: -- uBList = self.__banList.values() -+ uBList = list(self.__banList.values()) - self.__banList = dict() - return uBList - -diff --git a/fail2ban/server/database.py b/fail2ban/server/database.py -index ed736a7a..0e8c9aec 100644 ---- a/fail2ban/server/database.py -+++ b/fail2ban/server/database.py -@@ -67,13 +67,13 @@ if sys.version_info >= (3,): # pragma: 2.x no cover - else: # pragma: 3.x no cover - def _normalize(x): - if isinstance(x, dict): -- return dict((_normalize(k), _normalize(v)) for k, v in x.iteritems()) -+ return dict((_normalize(k), _normalize(v)) for k, v in x.items()) - elif isinstance(x, (list, set)): - return [_normalize(element) for element in x] -- elif isinstance(x, unicode): -+ elif isinstance(x, str): - # in 2.x default text_factory is unicode - so return proper unicode here: - return x.encode(PREFER_ENC, 'replace').decode(PREFER_ENC) -- elif isinstance(x, basestring): -+ elif isinstance(x, str): - return x.decode(PREFER_ENC, 'replace') - return x - -diff --git a/fail2ban/server/failmanager.py b/fail2ban/server/failmanager.py -index 93c028fb..a9c6b5f6 100644 ---- a/fail2ban/server/failmanager.py -+++ b/fail2ban/server/failmanager.py -@@ -57,7 +57,7 @@ class FailManager: - def getFailCount(self): - # may be slow on large list of failures, should be used for test purposes only... - with self.__lock: -- return len(self.__failList), sum([f.getRetry() for f in self.__failList.values()]) -+ return len(self.__failList), sum([f.getRetry() for f in list(self.__failList.values())]) - - def getFailTotal(self): - with self.__lock: -@@ -125,7 +125,7 @@ class FailManager: - # in case of having many active failures, it should be ran only - # if debug level is "low" enough - failures_summary = ', '.join(['%s:%d' % (k, v.getRetry()) -- for k,v in self.__failList.iteritems()]) -+ for k,v in self.__failList.items()]) - logSys.log(logLevel, "Total # of detected failures: %d. Current failures from %d IPs (IP:count): %s" - % (self.__failTotal, len(self.__failList), failures_summary)) - -@@ -138,7 +138,7 @@ class FailManager: - - def cleanup(self, time): - with self.__lock: -- todelete = [fid for fid,item in self.__failList.iteritems() \ -+ todelete = [fid for fid,item in self.__failList.items() \ - if item.getLastTime() + self.__maxTime <= time] - if len(todelete) == len(self.__failList): - # remove all: -@@ -152,7 +152,7 @@ class FailManager: - del self.__failList[fid] - else: - # create new dictionary without items to be deleted: -- self.__failList = dict((fid,item) for fid,item in self.__failList.iteritems() \ -+ self.__failList = dict((fid,item) for fid,item in self.__failList.items() \ - if item.getLastTime() + self.__maxTime > time) - self.__bgSvc.service() - -diff --git a/fail2ban/server/failregex.py b/fail2ban/server/failregex.py -index f7dafbef..fb75187d 100644 ---- a/fail2ban/server/failregex.py -+++ b/fail2ban/server/failregex.py -@@ -128,10 +128,7 @@ class Regex: - self._regexObj = re.compile(regex, re.MULTILINE if multiline else 0) - self._regex = regex - self._altValues = {} -- for k in filter( -- lambda k: len(k) > len(ALTNAME_PRE) and k.startswith(ALTNAME_PRE), -- self._regexObj.groupindex -- ): -+ for k in [k for k in self._regexObj.groupindex if len(k) > len(ALTNAME_PRE) and k.startswith(ALTNAME_PRE)]: - n = ALTNAME_CRE.match(k).group(1) - self._altValues[k] = n - self._altValues = list(self._altValues.items()) if len(self._altValues) else None -@@ -211,7 +208,7 @@ class Regex: - # - @staticmethod - def _tupleLinesBuf(tupleLines): -- return "\n".join(map(lambda v: "".join(v[::2]), tupleLines)) + "\n" -+ return "\n".join(["".join(v[::2]) for v in tupleLines]) + "\n" - - ## - # Searches the regular expression. -@@ -223,7 +220,7 @@ class Regex: - - def search(self, tupleLines, orgLines=None): - buf = tupleLines -- if not isinstance(tupleLines, basestring): -+ if not isinstance(tupleLines, str): - buf = Regex._tupleLinesBuf(tupleLines) - self._matchCache = self._regexObj.search(buf) - if self._matchCache: -diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py -index 998fe298..d181fd38 100644 ---- a/fail2ban/server/filter.py -+++ b/fail2ban/server/filter.py -@@ -292,7 +292,7 @@ class Filter(JailThread): - dd = DateDetector() - dd.default_tz = self.__logtimezone - if not isinstance(pattern, (list, tuple)): -- pattern = filter(bool, map(str.strip, re.split('\n+', pattern))) -+ pattern = list(filter(bool, list(map(str.strip, re.split('\n+', pattern))))) - for pattern in pattern: - dd.appendTemplate(pattern) - self.dateDetector = dd -@@ -987,7 +987,7 @@ class FileFilter(Filter): - # @return log paths - - def getLogPaths(self): -- return self.__logs.keys() -+ return list(self.__logs.keys()) - - ## - # Get the log containers -@@ -995,7 +995,7 @@ class FileFilter(Filter): - # @return log containers - - def getLogs(self): -- return self.__logs.values() -+ return list(self.__logs.values()) - - ## - # Get the count of log containers -@@ -1021,7 +1021,7 @@ class FileFilter(Filter): - - def setLogEncoding(self, encoding): - encoding = super(FileFilter, self).setLogEncoding(encoding) -- for log in self.__logs.itervalues(): -+ for log in self.__logs.values(): - log.setEncoding(encoding) - - def getLog(self, path): -@@ -1183,7 +1183,7 @@ class FileFilter(Filter): - """Status of Filter plus files being monitored. - """ - ret = super(FileFilter, self).status(flavor=flavor) -- path = self.__logs.keys() -+ path = list(self.__logs.keys()) - ret.append(("File list", path)) - return ret - -@@ -1191,7 +1191,7 @@ class FileFilter(Filter): - """Stop monitoring of log-file(s) - """ - # stop files monitoring: -- for path in self.__logs.keys(): -+ for path in list(self.__logs.keys()): - self.delLogPath(path) - # stop thread: - super(Filter, self).stop() -diff --git a/fail2ban/server/filterpoll.py b/fail2ban/server/filterpoll.py -index 228a2c8b..d49315cc 100644 ---- a/fail2ban/server/filterpoll.py -+++ b/fail2ban/server/filterpoll.py -@@ -176,4 +176,4 @@ class FilterPoll(FileFilter): - return False - - def getPendingPaths(self): -- return self.__file404Cnt.keys() -+ return list(self.__file404Cnt.keys()) -diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py -index ca6b253f..b683b860 100644 ---- a/fail2ban/server/filterpyinotify.py -+++ b/fail2ban/server/filterpyinotify.py -@@ -158,7 +158,7 @@ class FilterPyinotify(FileFilter): - except KeyError: pass - - def getPendingPaths(self): -- return self.__pending.keys() -+ return list(self.__pending.keys()) - - def _checkPending(self): - if not self.__pending: -@@ -168,7 +168,7 @@ class FilterPyinotify(FileFilter): - return - found = {} - minTime = 60 -- for path, (retardTM, isDir) in self.__pending.iteritems(): -+ for path, (retardTM, isDir) in self.__pending.items(): - if ntm - self.__pendingChkTime < retardTM: - if minTime > retardTM: minTime = retardTM - continue -@@ -184,7 +184,7 @@ class FilterPyinotify(FileFilter): - self.__pendingChkTime = time.time() - self.__pendingMinTime = minTime - # process now because we've missed it in monitoring: -- for path, isDir in found.iteritems(): -+ for path, isDir in found.items(): - self._delPending(path) - # refresh monitoring of this: - self._refreshWatcher(path, isDir=isDir) -diff --git a/fail2ban/server/ipdns.py b/fail2ban/server/ipdns.py -index 6648dac6..fe8f8db8 100644 ---- a/fail2ban/server/ipdns.py -+++ b/fail2ban/server/ipdns.py -@@ -275,7 +275,7 @@ class IPAddr(object): - raise ValueError("invalid ipstr %r, too many plen representation" % (ipstr,)) - if "." in s[1] or ":" in s[1]: # 255.255.255.0 resp. ffff:: style mask - s[1] = IPAddr.masktoplen(s[1]) -- s[1] = long(s[1]) -+ s[1] = int(s[1]) - return s - - def __init(self, ipstr, cidr=CIDR_UNSPEC): -@@ -309,7 +309,7 @@ class IPAddr(object): - - # mask out host portion if prefix length is supplied - if cidr is not None and cidr >= 0: -- mask = ~(0xFFFFFFFFL >> cidr) -+ mask = ~(0xFFFFFFFF >> cidr) - self._addr &= mask - self._plen = cidr - -@@ -321,13 +321,13 @@ class IPAddr(object): - - # mask out host portion if prefix length is supplied - if cidr is not None and cidr >= 0: -- mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL >> cidr) -+ mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> cidr) - self._addr &= mask - self._plen = cidr - - # if IPv6 address is a IPv4-compatible, make instance a IPv4 - elif self.isInNet(IPAddr.IP6_4COMPAT): -- self._addr = lo & 0xFFFFFFFFL -+ self._addr = lo & 0xFFFFFFFF - self._family = socket.AF_INET - self._plen = 32 - else: -@@ -445,7 +445,7 @@ class IPAddr(object): - elif self.isIPv6: - # convert network to host byte order - hi = self._addr >> 64 -- lo = self._addr & 0xFFFFFFFFFFFFFFFFL -+ lo = self._addr & 0xFFFFFFFFFFFFFFFF - binary = struct.pack("!QQ", hi, lo) - if self._plen and self._plen < 128: - add = "/%d" % self._plen -@@ -503,9 +503,9 @@ class IPAddr(object): - if self.family != net.family: - return False - if self.isIPv4: -- mask = ~(0xFFFFFFFFL >> net.plen) -+ mask = ~(0xFFFFFFFF >> net.plen) - elif self.isIPv6: -- mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL >> net.plen) -+ mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> net.plen) - else: - return False - -@@ -517,7 +517,7 @@ class IPAddr(object): - m4 = (1 << 32)-1 - mmap = {m6: 128, m4: 32, 0: 0} - m = 0 -- for i in xrange(0, 128): -+ for i in range(0, 128): - m |= 1 << i - if i < 32: - mmap[m ^ m4] = 32-1-i -diff --git a/fail2ban/server/jail.py b/fail2ban/server/jail.py -index ce9968a8..5fa5ef10 100644 ---- a/fail2ban/server/jail.py -+++ b/fail2ban/server/jail.py -@@ -26,7 +26,7 @@ __license__ = "GPL" - import logging - import math - import random --import Queue -+import queue - - from .actions import Actions - from ..helpers import getLogger, _as_bool, extractOptions, MyTime -@@ -76,7 +76,7 @@ class Jail(object): - "might not function correctly. Please shorten" - % name) - self.__name = name -- self.__queue = Queue.Queue() -+ self.__queue = queue.Queue() - self.__filter = None - # Extra parameters for increase ban time - self._banExtra = {}; -@@ -127,25 +127,25 @@ class Jail(object): - "Failed to initialize any backend for Jail %r" % self.name) - - def _initPolling(self, **kwargs): -- from filterpoll import FilterPoll -+ from .filterpoll import FilterPoll - logSys.info("Jail '%s' uses poller %r" % (self.name, kwargs)) - self.__filter = FilterPoll(self, **kwargs) - - def _initGamin(self, **kwargs): - # Try to import gamin -- from filtergamin import FilterGamin -+ from .filtergamin import FilterGamin - logSys.info("Jail '%s' uses Gamin %r" % (self.name, kwargs)) - self.__filter = FilterGamin(self, **kwargs) - - def _initPyinotify(self, **kwargs): - # Try to import pyinotify -- from filterpyinotify import FilterPyinotify -+ from .filterpyinotify import FilterPyinotify - logSys.info("Jail '%s' uses pyinotify %r" % (self.name, kwargs)) - self.__filter = FilterPyinotify(self, **kwargs) - - def _initSystemd(self, **kwargs): # pragma: systemd no cover - # Try to import systemd -- from filtersystemd import FilterSystemd -+ from .filtersystemd import FilterSystemd - logSys.info("Jail '%s' uses systemd %r" % (self.name, kwargs)) - self.__filter = FilterSystemd(self, **kwargs) - -@@ -213,7 +213,7 @@ class Jail(object): - try: - ticket = self.__queue.get(False) - return ticket -- except Queue.Empty: -+ except queue.Empty: - return False - - def setBanTimeExtra(self, opt, value): -diff --git a/fail2ban/server/mytime.py b/fail2ban/server/mytime.py -index 98b69bd4..24bba5cf 100644 ---- a/fail2ban/server/mytime.py -+++ b/fail2ban/server/mytime.py -@@ -162,7 +162,7 @@ class MyTime: - - @returns number (calculated seconds from expression "val") - """ -- if isinstance(val, (int, long, float, complex)): -+ if isinstance(val, (int, float, complex)): - return val - # replace together standing abbreviations, example '1d12h' -> '1d 12h': - val = MyTime._str2sec_prep.sub(r" \1", val) -diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py -index 159f6506..fc948e8c 100644 ---- a/fail2ban/server/server.py -+++ b/fail2ban/server/server.py -@@ -97,7 +97,7 @@ class Server: - - def start(self, sock, pidfile, force=False, observer=True, conf={}): - # First set the mask to only allow access to owner -- os.umask(0077) -+ os.umask(0o077) - # Second daemonize before logging etc, because it will close all handles: - if self.__daemon: # pragma: no cover - logSys.info("Starting in daemon mode") -@@ -190,7 +190,7 @@ class Server: - - # Restore default signal handlers: - if _thread_name() == '_MainThread': -- for s, sh in self.__prev_signals.iteritems(): -+ for s, sh in self.__prev_signals.items(): - signal.signal(s, sh) - - # Give observer a small chance to complete its work before exit -@@ -268,10 +268,10 @@ class Server: - logSys.info("Stopping all jails") - with self.__lock: - # 1st stop all jails (signal and stop actions/filter thread): -- for name in self.__jails.keys(): -+ for name in list(self.__jails.keys()): - self.delJail(name, stop=True, join=False) - # 2nd wait for end and delete jails: -- for name in self.__jails.keys(): -+ for name in list(self.__jails.keys()): - self.delJail(name, stop=False, join=True) - - def reloadJails(self, name, opts, begin): -@@ -302,7 +302,7 @@ class Server: - if "--restart" in opts: - self.stopAllJail() - # first set all affected jail(s) to idle and reset filter regex and other lists/dicts: -- for jn, jail in self.__jails.iteritems(): -+ for jn, jail in self.__jails.items(): - if name == '--all' or jn == name: - jail.idle = True - self.__reload_state[jn] = jail -@@ -313,7 +313,7 @@ class Server: - # end reload, all affected (or new) jails have already all new parameters (via stream) and (re)started: - with self.__lock: - deljails = [] -- for jn, jail in self.__jails.iteritems(): -+ for jn, jail in self.__jails.items(): - # still in reload state: - if jn in self.__reload_state: - # remove jails that are not reloaded (untouched, so not in new configuration) -@@ -513,7 +513,7 @@ class Server: - jails = [self.__jails[name]] - else: - # in all jails: -- jails = self.__jails.values() -+ jails = list(self.__jails.values()) - # unban given or all (if value is None): - cnt = 0 - ifexists |= (name is None) -@@ -551,7 +551,7 @@ class Server: - def isAlive(self, jailnum=None): - if jailnum is not None and len(self.__jails) != jailnum: - return 0 -- for jail in self.__jails.values(): -+ for jail in list(self.__jails.values()): - if not jail.isAlive(): - return 0 - return 1 -@@ -759,7 +759,7 @@ class Server: - return "flushed" - - def setThreadOptions(self, value): -- for o, v in value.iteritems(): -+ for o, v in value.items(): - if o == 'stacksize': - threading.stack_size(int(v)*1024) - else: # pragma: no cover -diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py -index 498d284b..a5579fdc 100644 ---- a/fail2ban/server/strptime.py -+++ b/fail2ban/server/strptime.py -@@ -79,7 +79,7 @@ timeRE['ExY'] = r"(?P<Y>%s\d)" % _getYearCentRE(cent=(0,3), distance=3) - timeRE['Exy'] = r"(?P<y>%s\d)" % _getYearCentRE(cent=(2,3), distance=3) - - def getTimePatternRE(): -- keys = timeRE.keys() -+ keys = list(timeRE.keys()) - patt = (r"%%(%%|%s|[%s])" % ( - "|".join([k for k in keys if len(k) > 1]), - "".join([k for k in keys if len(k) == 1]), -@@ -134,7 +134,7 @@ def zone2offset(tz, dt): - """ - if isinstance(tz, int): - return tz -- if isinstance(tz, basestring): -+ if isinstance(tz, str): - return validateTimeZone(tz) - tz, tzo = tz - if tzo is None or tzo == '': # without offset -@@ -171,7 +171,7 @@ def reGroupDictStrptime(found_dict, msec=False, default_tz=None): - year = month = day = hour = minute = tzoffset = \ - weekday = julian = week_of_year = None - second = fraction = 0 -- for key, val in found_dict.iteritems(): -+ for key, val in found_dict.items(): - if val is None: continue - # Directives not explicitly handled below: - # c, x, X -diff --git a/fail2ban/server/ticket.py b/fail2ban/server/ticket.py -index f67e0d23..f0b727c2 100644 ---- a/fail2ban/server/ticket.py -+++ b/fail2ban/server/ticket.py -@@ -55,7 +55,7 @@ class Ticket(object): - self._time = time if time is not None else MyTime.time() - self._data = {'matches': matches or [], 'failures': 0} - if data is not None: -- for k,v in data.iteritems(): -+ for k,v in data.items(): - if v is not None: - self._data[k] = v - if ticket: -@@ -89,7 +89,7 @@ class Ticket(object): - - def setIP(self, value): - # guarantee using IPAddr instead of unicode, str for the IP -- if isinstance(value, basestring): -+ if isinstance(value, str): - value = IPAddr(value) - self._ip = value - -@@ -181,7 +181,7 @@ class Ticket(object): - if len(args) == 1: - # todo: if support >= 2.7 only: - # self._data = {k:v for k,v in args[0].iteritems() if v is not None} -- self._data = dict([(k,v) for k,v in args[0].iteritems() if v is not None]) -+ self._data = dict([(k,v) for k,v in args[0].items() if v is not None]) - # add k,v list or dict (merge): - elif len(args) == 2: - self._data.update((args,)) -@@ -192,7 +192,7 @@ class Ticket(object): - # filter (delete) None values: - # todo: if support >= 2.7 only: - # self._data = {k:v for k,v in self._data.iteritems() if v is not None} -- self._data = dict([(k,v) for k,v in self._data.iteritems() if v is not None]) -+ self._data = dict([(k,v) for k,v in self._data.items() if v is not None]) - - def getData(self, key=None, default=None): - # return whole data dict: -@@ -201,17 +201,17 @@ class Ticket(object): - # return default if not exists: - if not self._data: - return default -- if not isinstance(key,(str,unicode,type(None),int,float,bool,complex)): -+ if not isinstance(key,(str,type(None),int,float,bool,complex)): - # return filtered by lambda/function: - if callable(key): - # todo: if support >= 2.7 only: - # return {k:v for k,v in self._data.iteritems() if key(k)} -- return dict([(k,v) for k,v in self._data.iteritems() if key(k)]) -+ return dict([(k,v) for k,v in self._data.items() if key(k)]) - # return filtered by keys: - if hasattr(key, '__iter__'): - # todo: if support >= 2.7 only: - # return {k:v for k,v in self._data.iteritems() if k in key} -- return dict([(k,v) for k,v in self._data.iteritems() if k in key]) -+ return dict([(k,v) for k,v in self._data.items() if k in key]) - # return single value of data: - return self._data.get(key, default) - -diff --git a/fail2ban/server/transmitter.py b/fail2ban/server/transmitter.py -index f83e9d5f..80726cb4 100644 ---- a/fail2ban/server/transmitter.py -+++ b/fail2ban/server/transmitter.py -@@ -475,7 +475,7 @@ class Transmitter: - opt = command[1][len("bantime."):] - return self.__server.getBanTimeExtra(name, opt) - elif command[1] == "actions": -- return self.__server.getActions(name).keys() -+ return list(self.__server.getActions(name).keys()) - elif command[1] == "action": - actionname = command[2] - actionvalue = command[3] -diff --git a/fail2ban/server/utils.py b/fail2ban/server/utils.py -index d4461a7d..13c24e76 100644 ---- a/fail2ban/server/utils.py -+++ b/fail2ban/server/utils.py -@@ -57,7 +57,7 @@ _RETCODE_HINTS = { - - # Dictionary to lookup signal name from number - signame = dict((num, name) -- for name, num in signal.__dict__.iteritems() if name.startswith("SIG")) -+ for name, num in signal.__dict__.items() if name.startswith("SIG")) - - class Utils(): - """Utilities provide diverse static methods like executes OS shell commands, etc. -@@ -109,7 +109,7 @@ class Utils(): - break - else: # pragma: 3.x no cover (dict is in 2.6 only) - remlst = [] -- for (ck, cv) in cache.iteritems(): -+ for (ck, cv) in cache.items(): - # if expired: - if cv[1] <= t: - remlst.append(ck) -@@ -152,7 +152,7 @@ class Utils(): - if not isinstance(realCmd, list): - realCmd = [realCmd] - i = len(realCmd)-1 -- for k, v in varsDict.iteritems(): -+ for k, v in varsDict.items(): - varsStat += "%s=$%s " % (k, i) - realCmd.append(v) - i += 1 -diff --git a/fail2ban/tests/action_d/test_badips.py b/fail2ban/tests/action_d/test_badips.py -index 013c0fdb..3c35e4d7 100644 ---- a/fail2ban/tests/action_d/test_badips.py -+++ b/fail2ban/tests/action_d/test_badips.py -@@ -32,7 +32,7 @@ from ..utils import LogCaptureTestCase, CONFIG_DIR - if sys.version_info >= (3, ): # pragma: 2.x no cover - from urllib.error import HTTPError, URLError - else: # pragma: 3.x no cover -- from urllib2 import HTTPError, URLError -+ from urllib.error import HTTPError, URLError - - def skip_if_not_available(f): - """Helper to decorate tests to skip in case of timeout/http-errors like "502 bad gateway". -diff --git a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py -index 1a00c040..ecd09246 100644 ---- a/fail2ban/tests/actiontestcase.py -+++ b/fail2ban/tests/actiontestcase.py -@@ -244,14 +244,14 @@ class CommandActionTest(LogCaptureTestCase): - setattr(self.__action, 'ab', "<ac>") - setattr(self.__action, 'x?family=inet6', "") - # produce self-referencing properties except: -- self.assertRaisesRegexp(ValueError, r"properties contain self referencing definitions", -+ self.assertRaisesRegex(ValueError, r"properties contain self referencing definitions", - lambda: self.__action.replaceTag("<a><b>", - self.__action._properties, conditional="family=inet4") - ) - # remore self-referencing in props: - delattr(self.__action, 'ac') - # produce self-referencing query except: -- self.assertRaisesRegexp(ValueError, r"possible self referencing definitions in query", -+ self.assertRaisesRegex(ValueError, r"possible self referencing definitions in query", - lambda: self.__action.replaceTag("<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x>>>>>>>>>>>>>>>>>>>>>", - self.__action._properties, conditional="family=inet6") - ) -diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py -index 2c1d0a0e..aa7908c4 100644 ---- a/fail2ban/tests/clientreadertestcase.py -+++ b/fail2ban/tests/clientreadertestcase.py -@@ -390,7 +390,7 @@ class JailReaderTest(LogCaptureTestCase): - # And multiple groups (`][` instead of `,`) - result = extractOptions(option.replace(',', '][')) - expected2 = (expected[0], -- dict((k, v.replace(',', '][')) for k, v in expected[1].iteritems()) -+ dict((k, v.replace(',', '][')) for k, v in expected[1].items()) - ) - self.assertEqual(expected2, result) - -@@ -975,7 +975,7 @@ filter = testfilter1 - self.assertEqual(add_actions[-1][-1], "{}") - - def testLogPathFileFilterBackend(self): -- self.assertRaisesRegexp(ValueError, r"Have not found any log file for .* jail", -+ self.assertRaisesRegex(ValueError, r"Have not found any log file for .* jail", - self._testLogPath, backend='polling') - - def testLogPathSystemdBackend(self): -diff --git a/fail2ban/tests/databasetestcase.py b/fail2ban/tests/databasetestcase.py -index 9a5e9fa1..562461a6 100644 ---- a/fail2ban/tests/databasetestcase.py -+++ b/fail2ban/tests/databasetestcase.py -@@ -67,7 +67,7 @@ class DatabaseTest(LogCaptureTestCase): - - @property - def db(self): -- if isinstance(self._db, basestring) and self._db == ':auto-create-in-memory:': -+ if isinstance(self._db, str) and self._db == ':auto-create-in-memory:': - self._db = getFail2BanDb(self.dbFilename) - return self._db - @db.setter -@@ -159,7 +159,7 @@ class DatabaseTest(LogCaptureTestCase): - self.db = Fail2BanDb(self.dbFilename) - self.assertEqual(self.db.getJailNames(), set(['DummyJail #29162448 with 0 tickets'])) - self.assertEqual(self.db.getLogPaths(), set(['/tmp/Fail2BanDb_pUlZJh.log'])) -- ticket = FailTicket("127.0.0.1", 1388009242.26, [u"abc\n"]) -+ ticket = FailTicket("127.0.0.1", 1388009242.26, ["abc\n"]) - self.assertEqual(self.db.getBans()[0], ticket) - - self.assertEqual(self.db.updateDb(Fail2BanDb.__version__), Fail2BanDb.__version__) -@@ -185,9 +185,9 @@ class DatabaseTest(LogCaptureTestCase): - self.assertEqual(len(bans), 2) - # compare first ticket completely: - ticket = FailTicket("1.2.3.7", 1417595494, [ -- u'Dec 3 09:31:08 f2btest test:auth[27658]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7', -- u'Dec 3 09:31:32 f2btest test:auth[27671]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7', -- u'Dec 3 09:31:34 f2btest test:auth[27673]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7' -+ 'Dec 3 09:31:08 f2btest test:auth[27658]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7', -+ 'Dec 3 09:31:32 f2btest test:auth[27671]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7', -+ 'Dec 3 09:31:34 f2btest test:auth[27673]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7' - ]) - ticket.setAttempt(3) - self.assertEqual(bans[0], ticket) -@@ -286,11 +286,11 @@ class DatabaseTest(LogCaptureTestCase): - # invalid + valid, invalid + valid unicode, invalid + valid dual converted (like in filter:readline by fallback) ... - tickets = [ - FailTicket("127.0.0.1", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']), -- FailTicket("127.0.0.2", 0, ['user "test"', u'user "\xd1\xe2\xe5\xf2\xe0"', u'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']), -+ FailTicket("127.0.0.2", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']), - FailTicket("127.0.0.3", 0, ['user "test"', b'user "\xd1\xe2\xe5\xf2\xe0"', b'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']), -- FailTicket("127.0.0.4", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', u'user "\xe4\xf6\xfc\xdf"']), -+ FailTicket("127.0.0.4", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xe4\xf6\xfc\xdf"']), - FailTicket("127.0.0.5", 0, ['user "test"', 'unterminated \xcf']), -- FailTicket("127.0.0.6", 0, ['user "test"', u'unterminated \xcf']), -+ FailTicket("127.0.0.6", 0, ['user "test"', 'unterminated \xcf']), - FailTicket("127.0.0.7", 0, ['user "test"', b'unterminated \xcf']) - ] - for ticket in tickets: -diff --git a/fail2ban/tests/datedetectortestcase.py b/fail2ban/tests/datedetectortestcase.py -index 458f76ef..49ada60d 100644 ---- a/fail2ban/tests/datedetectortestcase.py -+++ b/fail2ban/tests/datedetectortestcase.py -@@ -279,7 +279,7 @@ class DateDetectorTest(LogCaptureTestCase): - self.assertEqual(logTime, mu) - self.assertEqual(logMatch.group(1), '2012/10/11 02:37:17') - # confuse it with year being at the end -- for i in xrange(10): -+ for i in range(10): - ( logTime, logMatch ) = self.datedetector.getTime('11/10/2012 02:37:17 [error] 18434#0') - self.assertEqual(logTime, mu) - self.assertEqual(logMatch.group(1), '11/10/2012 02:37:17') -@@ -505,7 +505,7 @@ class CustomDateFormatsTest(unittest.TestCase): - date = dd.getTime(line) - if matched: - self.assertTrue(date) -- if isinstance(matched, basestring): -+ if isinstance(matched, str): - self.assertEqual(matched, date[1].group(1)) - else: - self.assertEqual(matched, date[0]) -@@ -537,7 +537,7 @@ class CustomDateFormatsTest(unittest.TestCase): - date = dd.getTime(line) - if matched: - self.assertTrue(date) -- if isinstance(matched, basestring): # pragma: no cover -+ if isinstance(matched, str): # pragma: no cover - self.assertEqual(matched, date[1].group(1)) - else: - self.assertEqual(matched, date[0]) -diff --git a/fail2ban/tests/fail2banclienttestcase.py b/fail2ban/tests/fail2banclienttestcase.py -index 95f73ed3..bba354fa 100644 ---- a/fail2ban/tests/fail2banclienttestcase.py -+++ b/fail2ban/tests/fail2banclienttestcase.py -@@ -367,10 +367,10 @@ def with_foreground_server_thread(startextra={}): - # several commands to server in body of decorated function: - return f(self, tmp, startparams, *args, **kwargs) - except Exception as e: # pragma: no cover -- print('=== Catch an exception: %s' % e) -+ print(('=== Catch an exception: %s' % e)) - log = self.getLog() - if log: -- print('=== Error of server, log: ===\n%s===' % log) -+ print(('=== Error of server, log: ===\n%s===' % log)) - self.pruneLog() - raise - finally: -@@ -440,7 +440,7 @@ class Fail2banClientServerBase(LogCaptureTestCase): - ) - except: # pragma: no cover - if _inherited_log(startparams): -- print('=== Error by wait fot server, log: ===\n%s===' % self.getLog()) -+ print(('=== Error by wait fot server, log: ===\n%s===' % self.getLog())) - self.pruneLog() - log = pjoin(tmp, "f2b.log") - if isfile(log): -@@ -1610,6 +1610,6 @@ class Fail2banServerTest(Fail2banClientServerBase): - self.stopAndWaitForServerEnd(SUCCESS) - - def testServerStartStop(self): -- for i in xrange(2000): -+ for i in range(2000): - self._testServerStartStop() - -diff --git a/fail2ban/tests/failmanagertestcase.py b/fail2ban/tests/failmanagertestcase.py -index a5425286..2a94cc82 100644 ---- a/fail2ban/tests/failmanagertestcase.py -+++ b/fail2ban/tests/failmanagertestcase.py -@@ -45,11 +45,11 @@ class AddFailure(unittest.TestCase): - super(AddFailure, self).tearDown() - - def _addDefItems(self): -- self.__items = [[u'193.168.0.128', 1167605999.0], -- [u'193.168.0.128', 1167605999.0], -- [u'193.168.0.128', 1167605999.0], -- [u'193.168.0.128', 1167605999.0], -- [u'193.168.0.128', 1167605999.0], -+ self.__items = [['193.168.0.128', 1167605999.0], -+ ['193.168.0.128', 1167605999.0], -+ ['193.168.0.128', 1167605999.0], -+ ['193.168.0.128', 1167605999.0], -+ ['193.168.0.128', 1167605999.0], - ['87.142.124.10', 1167605999.0], - ['87.142.124.10', 1167605999.0], - ['87.142.124.10', 1167605999.0], -diff --git a/fail2ban/tests/files/config/apache-auth/digest.py b/fail2ban/tests/files/config/apache-auth/digest.py -index 03588594..e2297ab3 100755 ---- a/fail2ban/tests/files/config/apache-auth/digest.py -+++ b/fail2ban/tests/files/config/apache-auth/digest.py -@@ -41,7 +41,7 @@ def auth(v): - response="%s" - """ % ( username, algorithm, realm, url, nonce, qop, response ) - # opaque="%s", -- print(p.method, p.url, p.headers) -+ print((p.method, p.url, p.headers)) - s = requests.Session() - return s.send(p) - -@@ -76,18 +76,18 @@ r = auth(v) - - # [Sun Jul 28 21:41:20 2013] [error] [client 127.0.0.1] Digest: unknown algorithm `super funky chicken' received: /digest/ - --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) - v['algorithm'] = algorithm - - - r = auth(v) --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) - - nonce = v['nonce'] - v['nonce']=v['nonce'][5:-5] - - r = auth(v) --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) - - # [Sun Jul 28 21:05:31.178340 2013] [auth_digest:error] [pid 24224:tid 139895539455744] [client 127.0.0.1:56906] AH01793: invalid qop `auth' received: /digest/qop_none/ - -@@ -95,7 +95,7 @@ print(r.status_code,r.headers, r.text) - v['nonce']=nonce[0:11] + 'ZZZ' + nonce[14:] - - r = auth(v) --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) - - #[Sun Jul 28 21:18:11.769228 2013] [auth_digest:error] [pid 24752:tid 139895505884928] [client 127.0.0.1:56964] AH01776: invalid nonce b9YAiJDiBAZZZ1b1abe02d20063ea3b16b544ea1b0d981c1bafe received - hash is not d42d824dee7aaf50c3ba0a7c6290bd453e3dd35b - -@@ -107,7 +107,7 @@ import time - time.sleep(1) - - r = auth(v) --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) - - # Obtained by putting the following code in modules/aaa/mod_auth_digest.c - # in the function initialize_secret -@@ -137,7 +137,7 @@ s = sha.sha(apachesecret) - - v=preauth() - --print(v['nonce']) -+print((v['nonce'])) - realm = v['Digest realm'][1:-1] - - (t,) = struct.unpack('l',base64.b64decode(v['nonce'][1:13])) -@@ -156,13 +156,13 @@ print(v) - - r = auth(v) - #[Mon Jul 29 02:12:55.539813 2013] [auth_digest:error] [pid 9647:tid 139895522670336] [client 127.0.0.1:58474] AH01777: invalid nonce 59QJppTiBAA=b08983fd166ade9840407df1b0f75b9e6e07d88d received - user attempted time travel --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) - - url='/digest_onetime/' - v=preauth() - - # Need opaque header handling in auth - r = auth(v) --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) - r = auth(v) --print(r.status_code,r.headers, r.text) -+print((r.status_code,r.headers, r.text)) -diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py -index 35785a58..8eeb6902 100644 ---- a/fail2ban/tests/filtertestcase.py -+++ b/fail2ban/tests/filtertestcase.py -@@ -22,7 +22,7 @@ - __copyright__ = "Copyright (c) 2004 Cyril Jaquier; 2012 Yaroslav Halchenko" - __license__ = "GPL" - --from __builtin__ import open as fopen -+from builtins import open as fopen - import unittest - import os - import re -@@ -204,7 +204,7 @@ def _copy_lines_between_files(in_, fout, n=None, skip=0, mode='a', terminal_line - else: - fin = in_ - # Skip -- for i in xrange(skip): -+ for i in range(skip): - fin.readline() - # Read - i = 0 -@@ -244,7 +244,7 @@ def _copy_lines_to_journal(in_, fields={},n=None, skip=0, terminal_line=""): # p - # Required for filtering - fields.update(TEST_JOURNAL_FIELDS) - # Skip -- for i in xrange(skip): -+ for i in range(skip): - fin.readline() - # Read/Write - i = 0 -@@ -306,18 +306,18 @@ class BasicFilter(unittest.TestCase): - def testTest_tm(self): - unittest.F2B.SkipIfFast() - ## test function "_tm" works correct (returns the same as slow strftime): -- for i in xrange(1417512352, (1417512352 // 3600 + 3) * 3600): -+ for i in range(1417512352, (1417512352 // 3600 + 3) * 3600): - tm = MyTime.time2str(i) - if _tm(i) != tm: # pragma: no cover - never reachable - self.assertEqual((_tm(i), i), (tm, i)) - - def testWrongCharInTupleLine(self): - ## line tuple has different types (ascii after ascii / unicode): -- for a1 in ('', u'', b''): -- for a2 in ('2016-09-05T20:18:56', u'2016-09-05T20:18:56', b'2016-09-05T20:18:56'): -+ for a1 in ('', '', b''): -+ for a2 in ('2016-09-05T20:18:56', '2016-09-05T20:18:56', b'2016-09-05T20:18:56'): - for a3 in ( - 'Fail for "g\xc3\xb6ran" from 192.0.2.1', -- u'Fail for "g\xc3\xb6ran" from 192.0.2.1', -+ 'Fail for "g\xc3\xb6ran" from 192.0.2.1', - b'Fail for "g\xc3\xb6ran" from 192.0.2.1' - ): - # join should work if all arguments have the same type: -@@ -435,7 +435,7 @@ class IgnoreIP(LogCaptureTestCase): - - def testAddAttempt(self): - self.filter.setMaxRetry(3) -- for i in xrange(1, 1+3): -+ for i in range(1, 1+3): - self.filter.addAttempt('192.0.2.1') - self.assertLogged('Attempt 192.0.2.1', '192.0.2.1:%d' % i, all=True, wait=True) - self.jail.actions._Actions__checkBan() -@@ -472,7 +472,7 @@ class IgnoreIP(LogCaptureTestCase): - # like both test-cases above, just cached (so once per key)... - self.filter.ignoreCache = {"key":"<ip>"} - self.filter.ignoreCommand = 'if [ "<ip>" = "10.0.0.1" ]; then exit 0; fi; exit 1' -- for i in xrange(5): -+ for i in range(5): - self.pruneLog() - self.assertTrue(self.filter.inIgnoreIPList("10.0.0.1")) - self.assertFalse(self.filter.inIgnoreIPList("10.0.0.0")) -@@ -483,7 +483,7 @@ class IgnoreIP(LogCaptureTestCase): - # by host of IP: - self.filter.ignoreCache = {"key":"<ip-host>"} - self.filter.ignoreCommand = 'if [ "<ip-host>" = "test-host" ]; then exit 0; fi; exit 1' -- for i in xrange(5): -+ for i in range(5): - self.pruneLog() - self.assertTrue(self.filter.inIgnoreIPList(FailTicket("2001:db8::1"))) - self.assertFalse(self.filter.inIgnoreIPList(FailTicket("2001:db8::ffff"))) -@@ -495,7 +495,7 @@ class IgnoreIP(LogCaptureTestCase): - self.filter.ignoreCache = {"key":"<F-USER>", "max-count":"10", "max-time":"1h"} - self.assertEqual(self.filter.ignoreCache, ["<F-USER>", 10, 60*60]) - self.filter.ignoreCommand = 'if [ "<F-USER>" = "tester" ]; then exit 0; fi; exit 1' -- for i in xrange(5): -+ for i in range(5): - self.pruneLog() - self.assertTrue(self.filter.inIgnoreIPList(FailTicket("tester", data={'user': 'tester'}))) - self.assertFalse(self.filter.inIgnoreIPList(FailTicket("root", data={'user': 'root'}))) -@@ -644,7 +644,7 @@ class LogFileFilterPoll(unittest.TestCase): - fc = FileContainer(fname, self.filter.getLogEncoding()) - fc.open() - # no time - nothing should be found : -- for i in xrange(10): -+ for i in range(10): - f.write("[sshd] error: PAM: failure len 1\n") - f.flush() - fc.setPos(0); self.filter.seekToTime(fc, time) -@@ -718,14 +718,14 @@ class LogFileFilterPoll(unittest.TestCase): - # variable length of file (ca 45K or 450K before and hereafter): - # write lines with smaller as search time: - t = time - count - 1 -- for i in xrange(count): -+ for i in range(count): - f.write("%s [sshd] error: PAM: failure\n" % _tm(t)) - t += 1 - f.flush() - fc.setPos(0); self.filter.seekToTime(fc, time) - self.assertEqual(fc.getPos(), 47*count) - # write lines with exact search time: -- for i in xrange(10): -+ for i in range(10): - f.write("%s [sshd] error: PAM: failure\n" % _tm(time)) - f.flush() - fc.setPos(0); self.filter.seekToTime(fc, time) -@@ -734,8 +734,8 @@ class LogFileFilterPoll(unittest.TestCase): - self.assertEqual(fc.getPos(), 47*count) - # write lines with greater as search time: - t = time+1 -- for i in xrange(count//500): -- for j in xrange(500): -+ for i in range(count//500): -+ for j in range(500): - f.write("%s [sshd] error: PAM: failure\n" % _tm(t)) - t += 1 - f.flush() -@@ -1488,10 +1488,10 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover - # Add direct utf, unicode, blob: - for l in ( - "error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1", -- u"error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1", -+ "error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1", - b"error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1".decode('utf-8', 'replace'), - "error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2", -- u"error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2", -+ "error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2", - b"error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2".decode('utf-8', 'replace') - ): - fields = self.journal_fields -@@ -1520,7 +1520,7 @@ class GetFailures(LogCaptureTestCase): - - # so that they could be reused by other tests - FAILURES_01 = ('193.168.0.128', 3, 1124013599.0, -- [u'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128']*3) -+ ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128']*3) - - def setUp(self): - """Call before every test case.""" -@@ -1595,8 +1595,8 @@ class GetFailures(LogCaptureTestCase): - - def testGetFailures02(self): - output = ('141.3.81.106', 4, 1124013539.0, -- [u'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2' -- % m for m in 53, 54, 57, 58]) -+ ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2' -+ % m for m in (53, 54, 57, 58)]) - - self.filter.addLogPath(GetFailures.FILENAME_02, autoSeek=0) - self.filter.addFailRegex(r"Failed .* from <HOST>") -@@ -1691,17 +1691,17 @@ class GetFailures(LogCaptureTestCase): - # We should still catch failures with usedns = no ;-) - output_yes = ( - ('93.184.216.34', 2, 1124013539.0, -- [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2', -- u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2'] -+ ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2', -+ 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2'] - ), - ('2606:2800:220:1:248:1893:25c8:1946', 1, 1124013299.0, -- [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2'] -+ ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2'] - ), - ) - - output_no = ( - ('93.184.216.34', 1, 1124013539.0, -- [u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2'] -+ ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2'] - ) - ) - -@@ -1807,9 +1807,9 @@ class DNSUtilsTests(unittest.TestCase): - self.assertTrue(c.get('a') is None) - self.assertEqual(c.get('a', 'test'), 'test') - # exact 5 elements : -- for i in xrange(5): -+ for i in range(5): - c.set(i, i) -- for i in xrange(5): -+ for i in range(5): - self.assertEqual(c.get(i), i) - # remove unavailable key: - c.unset('a'); c.unset('a') -@@ -1817,30 +1817,30 @@ class DNSUtilsTests(unittest.TestCase): - def testCacheMaxSize(self): - c = Utils.Cache(maxCount=5, maxTime=60) - # exact 5 elements : -- for i in xrange(5): -+ for i in range(5): - c.set(i, i) -- self.assertEqual([c.get(i) for i in xrange(5)], [i for i in xrange(5)]) -- self.assertNotIn(-1, (c.get(i, -1) for i in xrange(5))) -+ self.assertEqual([c.get(i) for i in range(5)], [i for i in range(5)]) -+ self.assertNotIn(-1, (c.get(i, -1) for i in range(5))) - # add one - too many: - c.set(10, i) - # one element should be removed : -- self.assertIn(-1, (c.get(i, -1) for i in xrange(5))) -+ self.assertIn(-1, (c.get(i, -1) for i in range(5))) - # test max size (not expired): -- for i in xrange(10): -+ for i in range(10): - c.set(i, 1) - self.assertEqual(len(c), 5) - - def testCacheMaxTime(self): - # test max time (expired, timeout reached) : - c = Utils.Cache(maxCount=5, maxTime=0.0005) -- for i in xrange(10): -+ for i in range(10): - c.set(i, 1) - st = time.time() - self.assertTrue(Utils.wait_for(lambda: time.time() >= st + 0.0005, 1)) - # we have still 5 elements (or fewer if too slow test mashine): - self.assertTrue(len(c) <= 5) - # but all that are expiered also: -- for i in xrange(10): -+ for i in range(10): - self.assertTrue(c.get(i) is None) - # here the whole cache should be empty: - self.assertEqual(len(c), 0) -@@ -1861,7 +1861,7 @@ class DNSUtilsTests(unittest.TestCase): - c = count - while c: - c -= 1 -- s = xrange(0, 256, 1) if forw else xrange(255, -1, -1) -+ s = range(0, 256, 1) if forw else range(255, -1, -1) - if random: shuffle([i for i in s]) - for i in s: - IPAddr('192.0.2.'+str(i), IPAddr.FAM_IPv4) -@@ -1983,15 +1983,15 @@ class DNSUtilsNetworkTests(unittest.TestCase): - - def testAddr2bin(self): - res = IPAddr('10.0.0.0') -- self.assertEqual(res.addr, 167772160L) -+ self.assertEqual(res.addr, 167772160) - res = IPAddr('10.0.0.0', cidr=None) -- self.assertEqual(res.addr, 167772160L) -- res = IPAddr('10.0.0.0', cidr=32L) -- self.assertEqual(res.addr, 167772160L) -- res = IPAddr('10.0.0.1', cidr=32L) -- self.assertEqual(res.addr, 167772161L) -- res = IPAddr('10.0.0.1', cidr=31L) -- self.assertEqual(res.addr, 167772160L) -+ self.assertEqual(res.addr, 167772160) -+ res = IPAddr('10.0.0.0', cidr=32) -+ self.assertEqual(res.addr, 167772160) -+ res = IPAddr('10.0.0.1', cidr=32) -+ self.assertEqual(res.addr, 167772161) -+ res = IPAddr('10.0.0.1', cidr=31) -+ self.assertEqual(res.addr, 167772160) - - self.assertEqual(IPAddr('10.0.0.0').hexdump, '0a000000') - self.assertEqual(IPAddr('1::2').hexdump, '00010000000000000000000000000002') -@@ -2067,9 +2067,9 @@ class DNSUtilsNetworkTests(unittest.TestCase): - '93.184.216.34': 'ip4-test', - '2606:2800:220:1:248:1893:25c8:1946': 'ip6-test' - } -- d2 = dict([(IPAddr(k), v) for k, v in d.iteritems()]) -- self.assertTrue(isinstance(d.keys()[0], basestring)) -- self.assertTrue(isinstance(d2.keys()[0], IPAddr)) -+ d2 = dict([(IPAddr(k), v) for k, v in d.items()]) -+ self.assertTrue(isinstance(list(d.keys())[0], str)) -+ self.assertTrue(isinstance(list(d2.keys())[0], IPAddr)) - self.assertEqual(d.get(ip4[2], ''), 'ip4-test') - self.assertEqual(d.get(ip6[2], ''), 'ip6-test') - self.assertEqual(d2.get(str(ip4[2]), ''), 'ip4-test') -diff --git a/fail2ban/tests/misctestcase.py b/fail2ban/tests/misctestcase.py -index 9b986f53..94f7a8de 100644 ---- a/fail2ban/tests/misctestcase.py -+++ b/fail2ban/tests/misctestcase.py -@@ -29,9 +29,9 @@ import tempfile - import shutil - import fnmatch - from glob import glob --from StringIO import StringIO -+from io import StringIO - --from utils import LogCaptureTestCase, logSys as DefLogSys -+from .utils import LogCaptureTestCase, logSys as DefLogSys - - from ..helpers import formatExceptionInfo, mbasename, TraceBack, FormatterWithTraceBack, getLogger, \ - splitwords, uni_decode, uni_string -@@ -67,7 +67,7 @@ class HelpersTest(unittest.TestCase): - self.assertEqual(splitwords(' 1\n 2'), ['1', '2']) - self.assertEqual(splitwords(' 1\n 2, 3'), ['1', '2', '3']) - # string as unicode: -- self.assertEqual(splitwords(u' 1\n 2, 3'), ['1', '2', '3']) -+ self.assertEqual(splitwords(' 1\n 2, 3'), ['1', '2', '3']) - - - if sys.version_info >= (2,7): -@@ -197,11 +197,11 @@ class TestsUtilsTest(LogCaptureTestCase): - - def testUniConverters(self): - self.assertRaises(Exception, uni_decode, -- (b'test' if sys.version_info >= (3,) else u'test'), 'f2b-test::non-existing-encoding') -- uni_decode((b'test\xcf' if sys.version_info >= (3,) else u'test\xcf')) -+ (b'test' if sys.version_info >= (3,) else 'test'), 'f2b-test::non-existing-encoding') -+ uni_decode((b'test\xcf' if sys.version_info >= (3,) else 'test\xcf')) - uni_string(b'test\xcf') - uni_string('test\xcf') -- uni_string(u'test\xcf') -+ uni_string('test\xcf') - - def testSafeLogging(self): - # logging should be exception-safe, to avoid possible errors (concat, str. conversion, representation failures, etc) -@@ -213,7 +213,7 @@ class TestsUtilsTest(LogCaptureTestCase): - if self.err: - raise Exception('no represenation for test!') - else: -- return u'conv-error (\xf2\xf0\xe5\xf2\xe8\xe9), unterminated utf \xcf' -+ return 'conv-error (\xf2\xf0\xe5\xf2\xe8\xe9), unterminated utf \xcf' - test = Test() - logSys.log(logging.NOTICE, "test 1a: %r", test) - self.assertLogged("Traceback", "no represenation for test!") -@@ -261,7 +261,7 @@ class TestsUtilsTest(LogCaptureTestCase): - func_raise() - - try: -- print deep_function(3) -+ print(deep_function(3)) - except ValueError: - s = tb() - -@@ -278,7 +278,7 @@ class TestsUtilsTest(LogCaptureTestCase): - self.assertIn(':', s) - - def _testAssertionErrorRE(self, regexp, fun, *args, **kwargs): -- self.assertRaisesRegexp(AssertionError, regexp, fun, *args, **kwargs) -+ self.assertRaisesRegex(AssertionError, regexp, fun, *args, **kwargs) - - def testExtendedAssertRaisesRE(self): - ## test _testAssertionErrorRE several fail cases: -@@ -316,13 +316,13 @@ class TestsUtilsTest(LogCaptureTestCase): - self._testAssertionErrorRE(r"'a' unexpectedly found in 'cba'", - self.assertNotIn, 'a', 'cba') - self._testAssertionErrorRE(r"1 unexpectedly found in \[0, 1, 2\]", -- self.assertNotIn, 1, xrange(3)) -+ self.assertNotIn, 1, range(3)) - self._testAssertionErrorRE(r"'A' unexpectedly found in \['C', 'A'\]", - self.assertNotIn, 'A', (c.upper() for c in 'cba' if c != 'b')) - self._testAssertionErrorRE(r"'a' was not found in 'xyz'", - self.assertIn, 'a', 'xyz') - self._testAssertionErrorRE(r"5 was not found in \[0, 1, 2\]", -- self.assertIn, 5, xrange(3)) -+ self.assertIn, 5, range(3)) - self._testAssertionErrorRE(r"'A' was not found in \['C', 'B'\]", - self.assertIn, 'A', (c.upper() for c in 'cba' if c != 'a')) - ## assertLogged, assertNotLogged positive case: -diff --git a/fail2ban/tests/observertestcase.py b/fail2ban/tests/observertestcase.py -index 8e944454..ed520286 100644 ---- a/fail2ban/tests/observertestcase.py -+++ b/fail2ban/tests/observertestcase.py -@@ -69,7 +69,7 @@ class BanTimeIncr(LogCaptureTestCase): - a.setBanTimeExtra('multipliers', multipliers) - # test algorithm and max time 24 hours : - self.assertEqual( -- [a.calcBanTime(600, i) for i in xrange(1, 11)], -+ [a.calcBanTime(600, i) for i in range(1, 11)], - [1200, 2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400] - ) - # with extra large max time (30 days): -@@ -81,38 +81,38 @@ class BanTimeIncr(LogCaptureTestCase): - if multcnt < 11: - arr = arr[0:multcnt-1] + ([arr[multcnt-2]] * (11-multcnt)) - self.assertEqual( -- [a.calcBanTime(600, i) for i in xrange(1, 11)], -+ [a.calcBanTime(600, i) for i in range(1, 11)], - arr - ) - a.setBanTimeExtra('maxtime', '1d') - # change factor : - a.setBanTimeExtra('factor', '2'); - self.assertEqual( -- [a.calcBanTime(600, i) for i in xrange(1, 11)], -+ [a.calcBanTime(600, i) for i in range(1, 11)], - [2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400, 86400] - ) - # factor is float : - a.setBanTimeExtra('factor', '1.33'); - self.assertEqual( -- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)], -+ [int(a.calcBanTime(600, i)) for i in range(1, 11)], - [1596, 3192, 6384, 12768, 25536, 51072, 86400, 86400, 86400, 86400] - ) - a.setBanTimeExtra('factor', None); - # change max time : - a.setBanTimeExtra('maxtime', '12h') - self.assertEqual( -- [a.calcBanTime(600, i) for i in xrange(1, 11)], -+ [a.calcBanTime(600, i) for i in range(1, 11)], - [1200, 2400, 4800, 9600, 19200, 38400, 43200, 43200, 43200, 43200] - ) - a.setBanTimeExtra('maxtime', '24h') - ## test randomization - not possibe all 10 times we have random = 0: - a.setBanTimeExtra('rndtime', '5m') - self.assertTrue( -- False in [1200 in [a.calcBanTime(600, 1) for i in xrange(10)] for c in xrange(10)] -+ False in [1200 in [a.calcBanTime(600, 1) for i in range(10)] for c in range(10)] - ) - a.setBanTimeExtra('rndtime', None) - self.assertFalse( -- False in [1200 in [a.calcBanTime(600, 1) for i in xrange(10)] for c in xrange(10)] -+ False in [1200 in [a.calcBanTime(600, 1) for i in range(10)] for c in range(10)] - ) - # restore default: - a.setBanTimeExtra('multipliers', None) -@@ -124,7 +124,7 @@ class BanTimeIncr(LogCaptureTestCase): - # this multipliers has the same values as default formula, we test stop growing after count 9: - self.testDefault('1 2 4 8 16 32 64 128 256') - # this multipliers has exactly the same values as default formula, test endless growing (stops by count 31 only): -- self.testDefault(' '.join([str(1<<i) for i in xrange(31)])) -+ self.testDefault(' '.join([str(1<<i) for i in range(31)])) - - def testFormula(self): - a = self.__jail; -@@ -136,38 +136,38 @@ class BanTimeIncr(LogCaptureTestCase): - a.setBanTimeExtra('multipliers', None) - # test algorithm and max time 24 hours : - self.assertEqual( -- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)], -+ [int(a.calcBanTime(600, i)) for i in range(1, 11)], - [1200, 2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400] - ) - # with extra large max time (30 days): - a.setBanTimeExtra('maxtime', '30d') - self.assertEqual( -- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)], -+ [int(a.calcBanTime(600, i)) for i in range(1, 11)], - [1200, 2400, 4800, 9600, 19200, 38400, 76800, 153601, 307203, 614407] - ) - a.setBanTimeExtra('maxtime', '24h') - # change factor : - a.setBanTimeExtra('factor', '1'); - self.assertEqual( -- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)], -+ [int(a.calcBanTime(600, i)) for i in range(1, 11)], - [1630, 4433, 12051, 32758, 86400, 86400, 86400, 86400, 86400, 86400] - ) - a.setBanTimeExtra('factor', '2.0 / 2.885385') - # change max time : - a.setBanTimeExtra('maxtime', '12h') - self.assertEqual( -- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)], -+ [int(a.calcBanTime(600, i)) for i in range(1, 11)], - [1200, 2400, 4800, 9600, 19200, 38400, 43200, 43200, 43200, 43200] - ) - a.setBanTimeExtra('maxtime', '24h') - ## test randomization - not possibe all 10 times we have random = 0: - a.setBanTimeExtra('rndtime', '5m') - self.assertTrue( -- False in [1200 in [int(a.calcBanTime(600, 1)) for i in xrange(10)] for c in xrange(10)] -+ False in [1200 in [int(a.calcBanTime(600, 1)) for i in range(10)] for c in range(10)] - ) - a.setBanTimeExtra('rndtime', None) - self.assertFalse( -- False in [1200 in [int(a.calcBanTime(600, 1)) for i in xrange(10)] for c in xrange(10)] -+ False in [1200 in [int(a.calcBanTime(600, 1)) for i in range(10)] for c in range(10)] - ) - # restore default: - a.setBanTimeExtra('factor', None); -@@ -230,7 +230,7 @@ class BanTimeIncrDB(LogCaptureTestCase): - ticket = FailTicket(ip, stime, []) - # test ticket not yet found - self.assertEqual( -- [self.incrBanTime(ticket, 10) for i in xrange(3)], -+ [self.incrBanTime(ticket, 10) for i in range(3)], - [10, 10, 10] - ) - # add a ticket banned -@@ -285,7 +285,7 @@ class BanTimeIncrDB(LogCaptureTestCase): - ) - # increase ban multiple times: - lastBanTime = 20 -- for i in xrange(10): -+ for i in range(10): - ticket.setTime(stime + lastBanTime + 5) - banTime = self.incrBanTime(ticket, 10) - self.assertEqual(banTime, lastBanTime * 2) -@@ -481,7 +481,7 @@ class BanTimeIncrDB(LogCaptureTestCase): - ticket = FailTicket(ip, stime-120, []) - failManager = FailManager() - failManager.setMaxRetry(3) -- for i in xrange(3): -+ for i in range(3): - failManager.addFailure(ticket) - obs.add('failureFound', failManager, jail, ticket) - obs.wait_empty(5) -diff --git a/fail2ban/tests/samplestestcase.py b/fail2ban/tests/samplestestcase.py -index 0bbd05f5..479b564a 100644 ---- a/fail2ban/tests/samplestestcase.py -+++ b/fail2ban/tests/samplestestcase.py -@@ -138,7 +138,7 @@ class FilterSamplesRegex(unittest.TestCase): - - @staticmethod - def _filterOptions(opts): -- return dict((k, v) for k, v in opts.iteritems() if not k.startswith('test.')) -+ return dict((k, v) for k, v in opts.items() if not k.startswith('test.')) - - def testSampleRegexsFactory(name, basedir): - def testFilter(self): -@@ -249,10 +249,10 @@ def testSampleRegexsFactory(name, basedir): - self.assertTrue(faildata.get('match', False), - "Line matched when shouldn't have") - self.assertEqual(len(ret), 1, -- "Multiple regexs matched %r" % (map(lambda x: x[0], ret))) -+ "Multiple regexs matched %r" % ([x[0] for x in ret])) - - # Verify match captures (at least fid/host) and timestamp as expected -- for k, v in faildata.iteritems(): -+ for k, v in faildata.items(): - if k not in ("time", "match", "desc", "filter"): - fv = fail.get(k, None) - if fv is None: -@@ -294,7 +294,7 @@ def testSampleRegexsFactory(name, basedir): - '\n'.join(pprint.pformat(fail).splitlines()))) - - # check missing samples for regex using each filter-options combination: -- for fltName, flt in self._filters.iteritems(): -+ for fltName, flt in self._filters.items(): - flt, regexsUsedIdx = flt - regexList = flt.getFailRegex() - for failRegexIndex, failRegex in enumerate(regexList): -diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py -index 55e72455..7925ab1e 100644 ---- a/fail2ban/tests/servertestcase.py -+++ b/fail2ban/tests/servertestcase.py -@@ -124,14 +124,14 @@ class TransmitterBase(LogCaptureTestCase): - self.transm.proceed(["get", jail, cmd]), (0, [])) - for n, value in enumerate(values): - ret = self.transm.proceed(["set", jail, cmdAdd, value]) -- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[:n+1])), level=2) -+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[:n+1]))), level=2) - ret = self.transm.proceed(["get", jail, cmd]) -- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[:n+1])), level=2) -+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[:n+1]))), level=2) - for n, value in enumerate(values): - ret = self.transm.proceed(["set", jail, cmdDel, value]) -- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[n+1:])), level=2) -+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[n+1:]))), level=2) - ret = self.transm.proceed(["get", jail, cmd]) -- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[n+1:])), level=2) -+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[n+1:]))), level=2) - - def jailAddDelRegexTest(self, cmd, inValues, outValues, jail): - cmdAdd = "add" + cmd -@@ -930,7 +930,7 @@ class TransmitterLogging(TransmitterBase): - - def testLogTarget(self): - logTargets = [] -- for _ in xrange(3): -+ for _ in range(3): - tmpFile = tempfile.mkstemp("fail2ban", "transmitter") - logTargets.append(tmpFile[1]) - os.close(tmpFile[0]) -@@ -1003,26 +1003,26 @@ class TransmitterLogging(TransmitterBase): - self.assertEqual(self.transm.proceed(["flushlogs"]), (0, "rolled over")) - l.warning("After flushlogs") - with open(fn2,'r') as f: -- line1 = f.next() -+ line1 = next(f) - if line1.find('Changed logging target to') >= 0: -- line1 = f.next() -+ line1 = next(f) - self.assertTrue(line1.endswith("Before file moved\n")) -- line2 = f.next() -+ line2 = next(f) - self.assertTrue(line2.endswith("After file moved\n")) - try: -- n = f.next() -+ n = next(f) - if n.find("Command: ['flushlogs']") >=0: -- self.assertRaises(StopIteration, f.next) -+ self.assertRaises(StopIteration, f.__next__) - else: - self.fail("Exception StopIteration or Command: ['flushlogs'] expected. Got: %s" % n) - except StopIteration: - pass # on higher debugging levels this is expected - with open(fn,'r') as f: -- line1 = f.next() -+ line1 = next(f) - if line1.find('rollover performed on') >= 0: -- line1 = f.next() -+ line1 = next(f) - self.assertTrue(line1.endswith("After flushlogs\n")) -- self.assertRaises(StopIteration, f.next) -+ self.assertRaises(StopIteration, f.__next__) - f.close() - finally: - os.remove(fn2) -@@ -1185,7 +1185,7 @@ class LoggingTests(LogCaptureTestCase): - os.remove(f) - - --from clientreadertestcase import ActionReader, JailsReader, CONFIG_DIR -+from .clientreadertestcase import ActionReader, JailsReader, CONFIG_DIR - - class ServerConfigReaderTests(LogCaptureTestCase): - -diff --git a/fail2ban/tests/sockettestcase.py b/fail2ban/tests/sockettestcase.py -index 69bf8d8b..60f49e57 100644 ---- a/fail2ban/tests/sockettestcase.py -+++ b/fail2ban/tests/sockettestcase.py -@@ -153,7 +153,7 @@ class Socket(LogCaptureTestCase): - org_handler = RequestHandler.found_terminator - try: - RequestHandler.found_terminator = lambda self: self.close() -- self.assertRaisesRegexp(RuntimeError, r"socket connection broken", -+ self.assertRaisesRegex(RuntimeError, r"socket connection broken", - lambda: client.send(testMessage, timeout=unittest.F2B.maxWaitTime(10))) - finally: - RequestHandler.found_terminator = org_handler -diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py -index fcfddba7..cb234e0d 100644 ---- a/fail2ban/tests/utils.py -+++ b/fail2ban/tests/utils.py -@@ -35,7 +35,7 @@ import time - import threading - import unittest - --from cStringIO import StringIO -+from io import StringIO - from functools import wraps - - from ..helpers import getLogger, str2LogLevel, getVerbosityFormat, uni_decode -@@ -174,8 +174,8 @@ def initProcess(opts): - - # Let know the version - if opts.verbosity != 0: -- print("Fail2ban %s test suite. Python %s. Please wait..." \ -- % (version, str(sys.version).replace('\n', ''))) -+ print(("Fail2ban %s test suite. Python %s. Please wait..." \ -+ % (version, str(sys.version).replace('\n', '')))) - - return opts; - -@@ -322,7 +322,7 @@ def initTests(opts): - c = DNSUtils.CACHE_ipToName - # increase max count and max time (too many entries, long time testing): - c.setOptions(maxCount=10000, maxTime=5*60) -- for i in xrange(256): -+ for i in range(256): - c.set('192.0.2.%s' % i, None) - c.set('198.51.100.%s' % i, None) - c.set('203.0.113.%s' % i, None) -@@ -541,8 +541,8 @@ def gatherTests(regexps=None, opts=None): - import difflib, pprint - if not hasattr(unittest.TestCase, 'assertDictEqual'): - def assertDictEqual(self, d1, d2, msg=None): -- self.assert_(isinstance(d1, dict), 'First argument is not a dictionary') -- self.assert_(isinstance(d2, dict), 'Second argument is not a dictionary') -+ self.assertTrue(isinstance(d1, dict), 'First argument is not a dictionary') -+ self.assertTrue(isinstance(d2, dict), 'Second argument is not a dictionary') - if d1 != d2: - standardMsg = '%r != %r' % (d1, d2) - diff = ('\n' + '\n'.join(difflib.ndiff( -@@ -560,7 +560,7 @@ def assertSortedEqual(self, a, b, level=1, nestedOnly=True, key=repr, msg=None): - # used to recognize having element as nested dict, list or tuple: - def _is_nested(v): - if isinstance(v, dict): -- return any(isinstance(v, (dict, list, tuple)) for v in v.itervalues()) -+ return any(isinstance(v, (dict, list, tuple)) for v in v.values()) - return any(isinstance(v, (dict, list, tuple)) for v in v) - # level comparison routine: - def _assertSortedEqual(a, b, level, nestedOnly, key): -@@ -573,7 +573,7 @@ def assertSortedEqual(self, a, b, level=1, nestedOnly=True, key=repr, msg=None): - return - raise ValueError('%r != %r' % (a, b)) - if isinstance(a, dict) and isinstance(b, dict): # compare dict's: -- for k, v1 in a.iteritems(): -+ for k, v1 in a.items(): - v2 = b[k] - if isinstance(v1, (dict, list, tuple)) and isinstance(v2, (dict, list, tuple)): - _assertSortedEqual(v1, v2, level-1 if level != 0 else 0, nestedOnly, key) -@@ -608,14 +608,14 @@ if not hasattr(unittest.TestCase, 'assertRaisesRegexp'): - self.fail('\"%s\" does not match \"%s\"' % (regexp, e)) - else: - self.fail('%s not raised' % getattr(exccls, '__name__')) -- unittest.TestCase.assertRaisesRegexp = assertRaisesRegexp -+ unittest.TestCase.assertRaisesRegex = assertRaisesRegexp - - # always custom following methods, because we use atm better version of both (support generators) - if True: ## if not hasattr(unittest.TestCase, 'assertIn'): - def assertIn(self, a, b, msg=None): - bb = b - wrap = False -- if msg is None and hasattr(b, '__iter__') and not isinstance(b, basestring): -+ if msg is None and hasattr(b, '__iter__') and not isinstance(b, str): - b, bb = itertools.tee(b) - wrap = True - if a not in b: -@@ -626,7 +626,7 @@ if True: ## if not hasattr(unittest.TestCase, 'assertIn'): - def assertNotIn(self, a, b, msg=None): - bb = b - wrap = False -- if msg is None and hasattr(b, '__iter__') and not isinstance(b, basestring): -+ if msg is None and hasattr(b, '__iter__') and not isinstance(b, str): - b, bb = itertools.tee(b) - wrap = True - if a in b: -diff --git a/setup.py b/setup.py -deleted file mode 100755 -index ce1eedf6..00000000 ---- a/setup.py -+++ /dev/null -@@ -1,326 +0,0 @@ --#!/usr/bin/env python --# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- --# vi: set ft=python sts=4 ts=4 sw=4 noet : -- --# This file is part of Fail2Ban. --# --# Fail2Ban is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 2 of the License, or --# (at your option) any later version. --# --# Fail2Ban is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with Fail2Ban; if not, write to the Free Software --# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -- --__author__ = "Cyril Jaquier, Steven Hiscocks, Yaroslav Halchenko" --__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2008-2016 Fail2Ban Contributors" --__license__ = "GPL" -- --import platform -- --try: -- import setuptools -- from setuptools import setup -- from setuptools.command.install import install -- from setuptools.command.install_scripts import install_scripts --except ImportError: -- setuptools = None -- from distutils.core import setup -- --# all versions --from distutils.command.build_py import build_py --from distutils.command.build_scripts import build_scripts --if setuptools is None: -- from distutils.command.install import install -- from distutils.command.install_scripts import install_scripts --try: -- # python 3.x -- from distutils.command.build_py import build_py_2to3 -- from distutils.command.build_scripts import build_scripts_2to3 -- _2to3 = True --except ImportError: -- # python 2.x -- _2to3 = False -- --import os --from os.path import isfile, join, isdir, realpath --import re --import sys --import warnings --from glob import glob -- --from fail2ban.setup import updatePyExec -- -- --source_dir = os.path.realpath(os.path.dirname( -- # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.): -- sys.argv[0] if os.path.basename(sys.argv[0]) == 'setup.py' else __file__ --)) -- --# Wrapper to install python binding (to current python version): --class install_scripts_f2b(install_scripts): -- -- def get_outputs(self): -- outputs = install_scripts.get_outputs(self) -- # setup.py --dry-run install: -- dry_run = not outputs -- self.update_scripts(dry_run) -- if dry_run: -- #bindir = self.install_dir -- bindir = self.build_dir -- print('creating fail2ban-python binding -> %s (dry-run, real path can be different)' % (bindir,)) -- print('Copying content of %s to %s' % (self.build_dir, self.install_dir)); -- return outputs -- fn = None -- for fn in outputs: -- if os.path.basename(fn) == 'fail2ban-server': -- break -- bindir = os.path.dirname(fn) -- print('creating fail2ban-python binding -> %s' % (bindir,)) -- updatePyExec(bindir) -- return outputs -- -- def update_scripts(self, dry_run=False): -- buildroot = os.path.dirname(self.build_dir) -- install_dir = self.install_dir -- try: -- # remove root-base from install scripts path: -- root = self.distribution.command_options['install']['root'][1] -- if install_dir.startswith(root): -- install_dir = install_dir[len(root):] -- except: # pragma: no cover -- print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".') -- print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir)) -- with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn: -- lines = fn.readlines() -- fn = None -- if not dry_run: -- fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w') -- try: -- for ln in lines: -- ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln) -- if dry_run: -- sys.stdout.write(' | ' + ln) -- continue -- fn.write(ln) -- finally: -- if fn: fn.close() -- if dry_run: -- print(' `') -- -- --# Wrapper to specify fail2ban own options: --class install_command_f2b(install): -- user_options = install.user_options + [ -- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'), -- ('without-tests', None, 'without tests files installation'), -- ] -- def initialize_options(self): -- self.disable_2to3 = None -- self.without_tests = None -- install.initialize_options(self) -- def finalize_options(self): -- global _2to3 -- ## in the test cases 2to3 should be already done (fail2ban-2to3): -- if self.disable_2to3: -- _2to3 = False -- if _2to3: -- cmdclass = self.distribution.cmdclass -- cmdclass['build_py'] = build_py_2to3 -- cmdclass['build_scripts'] = build_scripts_2to3 -- if self.without_tests: -- self.distribution.scripts.remove('bin/fail2ban-testcases') -- -- self.distribution.packages.remove('fail2ban.tests') -- self.distribution.packages.remove('fail2ban.tests.action_d') -- -- del self.distribution.package_data['fail2ban.tests'] -- install.finalize_options(self) -- def run(self): -- install.run(self) -- -- --# Update fail2ban-python env to current python version (where f2b-modules located/installed) --updatePyExec(os.path.join(source_dir, 'bin')) -- --if setuptools and "test" in sys.argv: -- import logging -- logSys = logging.getLogger("fail2ban") -- hdlr = logging.StreamHandler(sys.stdout) -- fmt = logging.Formatter("%(asctime)-15s %(message)s") -- hdlr.setFormatter(fmt) -- logSys.addHandler(hdlr) -- if set(["-q", "--quiet"]) & set(sys.argv): -- logSys.setLevel(logging.CRITICAL) -- warnings.simplefilter("ignore") -- sys.warnoptions.append("ignore") -- elif set(["-v", "--verbose"]) & set(sys.argv): -- logSys.setLevel(logging.DEBUG) -- else: -- logSys.setLevel(logging.INFO) --elif "test" in sys.argv: -- print("python distribute required to execute fail2ban tests") -- print("") -- --longdesc = ''' --Fail2Ban scans log files like /var/log/pwdfail or --/var/log/apache/error_log and bans IP that makes --too many password failures. It updates firewall rules --to reject the IP address or executes user defined --commands.''' -- --if setuptools: -- setup_extra = { -- 'test_suite': "fail2ban.tests.utils.gatherTests", -- 'use_2to3': True, -- } --else: -- setup_extra = {} -- --data_files_extra = [] --if os.path.exists('/var/run'): -- # if we are on the system with /var/run -- we are to use it for having fail2ban/ -- # directory there for socket file etc. -- # realpath is used to possibly resolve /var/run -> /run symlink -- data_files_extra += [(realpath('/var/run/fail2ban'), '')] -- --# Installing documentation files only under Linux or other GNU/ systems --# (e.g. GNU/kFreeBSD), since others might have protective mechanisms forbidding --# installation there (see e.g. #1233) --platform_system = platform.system().lower() --doc_files = ['README.md', 'DEVELOP', 'FILTERS', 'doc/run-rootless.txt'] --if platform_system in ('solaris', 'sunos'): -- doc_files.append('README.Solaris') --if platform_system in ('linux', 'solaris', 'sunos') or platform_system.startswith('gnu'): -- data_files_extra.append( -- ('/usr/share/doc/fail2ban', doc_files) -- ) -- --# Get version number, avoiding importing fail2ban. --# This is due to tests not functioning for python3 as 2to3 takes place later --exec(open(join("fail2ban", "version.py")).read()) -- --setup( -- name = "fail2ban", -- version = version, -- description = "Ban IPs that make too many password failures", -- long_description = longdesc, -- author = "Cyril Jaquier & Fail2Ban Contributors", -- author_email = "cyril.jaquier@fail2ban.org", -- url = "http://www.fail2ban.org", -- license = "GPL", -- platforms = "Posix", -- cmdclass = { -- 'build_py': build_py, 'build_scripts': build_scripts, -- 'install_scripts': install_scripts_f2b, 'install': install_command_f2b -- }, -- scripts = [ -- 'bin/fail2ban-client', -- 'bin/fail2ban-server', -- 'bin/fail2ban-regex', -- 'bin/fail2ban-testcases', -- # 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper -- ], -- packages = [ -- 'fail2ban', -- 'fail2ban.client', -- 'fail2ban.server', -- 'fail2ban.tests', -- 'fail2ban.tests.action_d', -- ], -- package_data = { -- 'fail2ban.tests': -- [ join(w[0], f).replace("fail2ban/tests/", "", 1) -- for w in os.walk('fail2ban/tests/files') -- for f in w[2]] + -- [ join(w[0], f).replace("fail2ban/tests/", "", 1) -- for w in os.walk('fail2ban/tests/config') -- for f in w[2]] + -- [ join(w[0], f).replace("fail2ban/tests/", "", 1) -- for w in os.walk('fail2ban/tests/action_d') -- for f in w[2]] -- }, -- data_files = [ -- ('/etc/fail2ban', -- glob("config/*.conf") -- ), -- ('/etc/fail2ban/filter.d', -- glob("config/filter.d/*.conf") -- ), -- ('/etc/fail2ban/filter.d/ignorecommands', -- [p for p in glob("config/filter.d/ignorecommands/*") if isfile(p)] -- ), -- ('/etc/fail2ban/action.d', -- glob("config/action.d/*.conf") + -- glob("config/action.d/*.py") -- ), -- ('/etc/fail2ban/fail2ban.d', -- '' -- ), -- ('/etc/fail2ban/jail.d', -- '' -- ), -- ('/var/lib/fail2ban', -- '' -- ), -- ] + data_files_extra, -- **setup_extra --) -- --# Do some checks after installation --# Search for obsolete files. --obsoleteFiles = [] --elements = { -- "/etc/": -- [ -- "fail2ban.conf" -- ], -- "/usr/bin/": -- [ -- "fail2ban.py" -- ], -- "/usr/lib/fail2ban/": -- [ -- "version.py", -- "protocol.py" -- ] --} -- --for directory in elements: -- for f in elements[directory]: -- path = join(directory, f) -- if isfile(path): -- obsoleteFiles.append(path) -- --if obsoleteFiles: -- print("") -- print("Obsolete files from previous Fail2Ban versions were found on " -- "your system.") -- print("Please delete them:") -- print("") -- for f in obsoleteFiles: -- print("\t" + f) -- print("") -- --if isdir("/usr/lib/fail2ban"): -- print("") -- print("Fail2ban is not installed under /usr/lib anymore. The new " -- "location is under /usr/share. Please remove the directory " -- "/usr/lib/fail2ban and everything under this directory.") -- print("") -- --# Update config file --if sys.argv[1] == "install": -- print("") -- print("Please do not forget to update your configuration files.") -- print("They are in \"/etc/fail2ban/\".") -- print("") -- print("You can also install systemd service-unit file from \"build/fail2ban.service\"") -- print("resp. corresponding init script from \"files/*-initd\".") -- print("") --- -2.17.1 - diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb index e737f502a..6767d80cf 100644 --- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb +++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb @@ -9,12 +9,11 @@ HOMEPAGE = "http://www.fail2ban.org" LICENSE = "GPL-2.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f" -SRCREV ="3befbb177017957869425c81a560edb8e27db75a" +SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46" SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \ file://initd \ file://fail2ban_setup.py \ file://run-ptest \ - file://0001-python3-fail2ban-2-3-conversion.patch \ " inherit update-rc.d ptest setuptools3 @@ -23,6 +22,8 @@ S = "${WORKDIR}/git" do_compile_prepend () { cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py + cd ${S} + ./fail2ban-2to3 } do_install_append () { @@ -35,7 +36,7 @@ do_install_append () { do_install_ptest_append () { install -d ${D}${PTEST_PATH} sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest - install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH} + install -D ${S}/fail2ban-testcases-all-python3 ${D}${PTEST_PATH} } FILES_${PN} += "/run" diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb index 8847a0fc4..440b4e34c 100644 --- a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb +++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb @@ -9,7 +9,7 @@ SECTION = "base" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" -SRCREV = "142326810eb19d6794793db6d24d0775a15aa8e5" +SRCREV = "56b898c896240328adef7407090215abbe9ee03d" SRC_URI = "git://github.com/google/fscryptctl.git" S = "${WORKDIR}/git" diff --git a/meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb b/meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb index 9db66e86f..6046fa0b1 100644 --- a/meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb +++ b/meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb @@ -9,5 +9,4 @@ SRC_URI = "https://fedorahosted.org/released/${BPN}/${BP}.tar.gz" inherit autotools pkgconfig -SRC_URI[md5sum] = "786f2880d30136a61df02e5d740ddc6e" -SRC_URI[sha256sum] = "dab937537a05d7a7cbe605fdb9b3809080d67b124ac97eb321255b35f5b172fd" +SRC_URI[sha256sum] = "a319a327deb81f2dfab9ce4a4926e80e1dac5dcfc89f4c7e548cec2645af27c1" diff --git a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch b/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch deleted file mode 100644 index 7d17a038a..000000000 --- a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch +++ /dev/null @@ -1,49 +0,0 @@ -Backport patch to fix cross compile error for mips: - -| syscalls.h:44:6: error: expected identifier or '(' before numeric constant -| 44 | int mips; -| | ^~~~ - -Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/279/commits/04c519e5] - -Signed-off-by: Kai Kang <kai.kang@windriver.com> - -From 04c519e5b1de53592e98307813e5c6db7418f91b Mon Sep 17 00:00:00 2001 -From: Paul Moore <paul@paul-moore.com> -Date: Sun, 2 Aug 2020 09:57:39 -0400 -Subject: [PATCH] build: undefine "mips" to prevent build problems for MIPS - targets - -It turns out that the MIPS GCC compiler defines a "mips" cpp macro -which was resulting in build failures on MIPS so we need to -undefine the "mips" macro during build. As this should be safe -to do in all architectures, just add it to the compiler flags by -default. - -This was reported in the following GH issue: -* https://github.com/seccomp/libseccomp/issues/274 - -Reported-by: Rongwei Zhang <pudh4418@gmail.com> -Suggested-by: Rongwei Zhang <pudh4418@gmail.com> -Signed-off-by: Paul Moore <paul@paul-moore.com> ---- - configure.ac | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 40d9dcbb..3e877348 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -65,9 +65,11 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) - - dnl #### - dnl build flags -+dnl NOTE: the '-Umips' is here because MIPS GCC compilers "helpfully" define it -+dnl for us which wreaks havoc on the build - dnl #### - AM_CPPFLAGS="-I\${top_srcdir}/include -I\${top_builddir}/include" --AM_CFLAGS="-Wall" -+AM_CFLAGS="-Wall -Umips" - AM_LDFLAGS="-Wl,-z -Wl,relro" - AC_SUBST([AM_CPPFLAGS]) - AC_SUBST([AM_CFLAGS]) diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb index 0cf2d70b8..40ac1a890 100644 --- a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb +++ b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb @@ -6,12 +6,11 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357c DEPENDS += "gperf-native" -SRCREV = "f13f58efc690493fe7aa69f54cb52a118f3769c1" +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7" SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \ file://run-ptest \ - file://fix-mips-build-failure.patch \ -" + " COMPATIBLE_HOST_riscv32 = "null" diff --git a/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb index eb6b7eb33..fb8441192 100644 --- a/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb +++ b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb @@ -6,7 +6,7 @@ LICENSE = "AGPL-3.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55" PYPI_PACKAGE = "privacyIDEA" -SRC_URI[sha256sum] = "55fbdd0fdc8957f7fc5b8900453fd9dc294860bae218e53e7fe394d93f982518" +SRC_URI[sha256sum] = "c10f8e9ec681af4cb42fde70864c2b9a4b47e2bcccfc1290f83c1283748772c6" inherit pypi setuptools3 diff --git a/meta-security/recipes-security/nikto/nikto_2.1.6.bb b/meta-security/recipes-security/nikto/nikto_2.1.6.bb index 2d2c46ca1..615cc30b9 100644 --- a/meta-security/recipes-security/nikto/nikto_2.1.6.bb +++ b/meta-security/recipes-security/nikto/nikto_2.1.6.bb @@ -4,7 +4,7 @@ SECTION = "security" HOMEPAGE = "https://cirt.net/Nikto2" LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79" SRC_URI = "git://github.com/sullo/nikto.git \ diff --git a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch b/meta-security/recipes-security/opendnssec/files/fix_fprint.patch deleted file mode 100644 index da0bcfe74..000000000 --- a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch +++ /dev/null @@ -1,25 +0,0 @@ -format not a string literal and no format arguments - -missing module_str in call - -Upstream-Status: Pending -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security] -| 192 | ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds); -| | ^~~~~~~~~~~~~~~~~~~~~~~~ - - -Index: git/enforcer/src/keystate/keystate_ds.c -=================================================================== ---- git.orig/enforcer/src/keystate/keystate_ds.c -+++ git/enforcer/src/keystate/keystate_ds.c -@@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw - status = 0; - } - else { -- ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds); -+ ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds); - status = 7; - } - } diff --git a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch index 126e197f3..31d7252dc 100644 --- a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch +++ b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch @@ -4,14 +4,29 @@ Upstream-Status: OE specific Signed-off-by: Armin Kuster <akuster808@gmail.com> -Index: opendnssec-2.1.6/m4/acx_ldns.m4 +Index: opendnssec-2.1.8/configure.ac =================================================================== ---- opendnssec-2.1.6.orig/m4/acx_ldns.m4 -+++ opendnssec-2.1.6/m4/acx_ldns.m4 -@@ -1,128 +1,65 @@ +--- opendnssec-2.1.8.orig/configure.ac ++++ opendnssec-2.1.8/configure.ac +@@ -133,9 +133,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_ + + # common dependencies + ACX_LIBXML2 +-ACX_LDNS(1,6,17) +-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html]) +-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html]) ++ACX_LDNS(1.6.17) + ACX_PKCS11_MODULES + ACX_RT + ACX_LIBC +Index: opendnssec-2.1.8/m4/acx_ldns.m4 +=================================================================== +--- opendnssec-2.1.8.orig/m4/acx_ldns.m4 ++++ opendnssec-2.1.8/m4/acx_ldns.m4 +@@ -1,128 +1,63 @@ -AC_DEFUN([ACX_LDNS],[ - AC_ARG_WITH(ldns, -- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], +- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], - [ - LDNS_PATH="$withval" - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin) @@ -70,8 +85,7 @@ Index: opendnssec-2.1.6/m4/acx_ldns.m4 - AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)]) - ],[]) - AC_LANG_POP([C]) -+#serial 11 - +- - CPPFLAGS=$tmp_CPPFLAGS - - AC_SUBST(LDNS_INCLUDES) @@ -81,7 +95,7 @@ Index: opendnssec-2.1.6/m4/acx_ldns.m4 - -AC_DEFUN([ACX_LDNS_NOT],[ - AC_ARG_WITH(ldns, -- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], +- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])], - [ - LDNS_PATH="$withval" - AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin) @@ -200,18 +214,3 @@ Index: opendnssec-2.1.6/m4/acx_ldns.m4 + AC_SUBST([LDNS_LIBS]) + AC_SUBST([LDNS_LDFLAGS]) ]) -Index: opendnssec-2.1.6/configure.ac -=================================================================== ---- opendnssec-2.1.6.orig/configure.ac -+++ opendnssec-2.1.6/configure.ac -@@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_ - - # common dependencies - ACX_LIBXML2 --ACX_LDNS(1,6,17) --ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html]) --ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html]) -+ACX_LDNS(1.6.17) - ACX_PKCS11_MODULES - ACX_RT - ACX_LIBC diff --git a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb index 5e42ca8f7..cf6bdbdab 100644 --- a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb +++ b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb @@ -5,18 +5,15 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b041dbe2da80d4efd951393fbba90937" DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml " -SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \ +SRC_URI = "https://dist.opendnssec.org/source/opendnssec-${PV}.tar.gz \ file://libxml2_conf.patch \ file://libdns_conf_fix.patch \ - file://fix_fprint.patch \ " -SRCREV = "5876bccb38428790e2e9afc806ca68b029879874" +SRC_URI[sha256sum] = "900a213103ff19a405e446327fbfcea9ec13e405283d87b6ffc24a10d9a268f5" inherit autotools pkgconfig perlnative -S = "${WORKDIR}/git" - EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \ --with-ssl=${STAGING_DIR_HOST}/usr " diff --git a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb index 56f734cb3..0d70dc6ee 100644 --- a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb +++ b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb @@ -2,7 +2,7 @@ SUMMARY = "redhat security tools" DESCRIPTION = "Tools used by redhat linux distribution for security checks" SECTION = "security" LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6" SRC_URI = "file://find-chroot-py.sh \ file://find-chroot.sh \ diff --git a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb b/meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb index 925f188cd..8d81ed15d 100644 --- a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb +++ b/meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263" S = "${WORKDIR}/git" -SRCREV = "3047580162a9407ef05fe981983cacfa698f1159" +SRCREV = "95ba5b8504152a1f820bbe679ccf03668cb5118f" SRC_URI = "git://github.com/secdev/scapy.git \ file://run-ptest" diff --git a/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb b/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb deleted file mode 100644 index 74e837aa5..000000000 --- a/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb +++ /dev/null @@ -1,30 +0,0 @@ -SUMMARY = "SoftHSM is an implementation of a cryptographic store accessible through a PKCS #11 interface." -HOMEPAGE = "www.opendnssec.org" - -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210" - -DEPENDS = "sqlite3" - -SRC_URI = "https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz" -SRC_URI[sha256sum] = "61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2" - -inherit autotools pkgconfig siteinfo - -EXTRA_OECONF += " --with-sqlite3=${STAGING_DIR_HOST}/usr" -EXTRA_OECONF += "${@oe.utils.conditional('SITEINFO_BITS', '64', ' --enable-64bit', '', d)}" - -PACKAGECONFIG ?= "pk11 openssl" - -PACKAGECONFIG[npm] = ",--disable-non-paged-memory" -PACKAGECONFIG[ecc] = "--enable-ecc,--disable-ecc" -PACKAGECONFIG[gost] = "--enable-gost,--disable-gost" -PACKAGECONFIG[eddsa] = "--enable-eddsa, --disable-eddsa" -PACKAGECONFIG[fips] = "--enable-fips, --disable-fips" -PACKAGECONFIG[notvisable] = "--disable-visibility" -PACKAGECONFIG[openssl] = "--with-openssl=${STAGING_DIR_HOST}/usr --with-crypto-backend=openssl, --without-openssl, openssl, openssl" -PACKAGECONFIG[botan] = "--with-botan=${STAGING_DIR_HOST}/usr --with-crypto-backend=botan, --without-botan, botan" -PACKAGECONFIG[migrate] = "--with-migrate" -PACKAGECONFIG[pk11] = "--enable-p11-kit --with-p11-kit==${STAGING_DIR_HOST}/usr, --without-p11-kit, p11-kit, p11-kit" - -RDEPENDS_${PN} = "sqlite3" |