meta-security: subtree update:6053e8b8e2..9504d02694
Armin Kuster (19):
softhsm: drop pkg as meta-oe has it
apparmor: Inherit python3targetconfig
python3-suricata-update: Inherit python3targetconfig
openscap: Inherit python3targetconfig
scap-security-guide: Inherit python3targetconfig
nikito: Update common-licenses references to match new names
kas-security-base.yml: build setting updates
kas-security-base.yml: drop DL_DIR
arpwatch: upgrade 3.0 -> 3.1
checksec: upgrade 2.1.0 -> 2.4.0
ding-libs: upgrade 0.5.0 -> 0.6.1
fscryptctl: upgrade 0.1.0 -> 1.0.0
libseccomp: upgrade 2.5.0 -> 2.5.1
python3-privacyidea: upgrade 3.3 -> 3.5.1
python3-scapy: upgrade 2.4.3 -> 2.4.4
samhain: update to 4.4.3
opendnssec: update to 2.1.8
suricata: update to 4.10.0
python3-fail2ban: update to 0.11.2
Jate Sujjavanich (1):
scap-security-guide: Fix openembedded platform tests and build
Ming Liu (9):
ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
initramfs-framework-ima: fix a wrong path
ima-evm-keys: add recipe
initramfs-framework-ima: RDEPENDS on ima-evm-keys
meta: refactor IMA/EVM sign rootfs
README.md: update according to the refactoring in ima-evm-rootfs.bbclass
initramfs-framework-ima: let ima_enabled return 0
ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic
Yi Zhao (1):
ibmswtpm2: disable camellia algorithm
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml
index 94188c8..fca0ebe 100644
--- a/meta-security/kas/kas-security-base.yml
+++ b/meta-security/kas/kas-security-base.yml
@@ -34,12 +34,19 @@
CONF_VERSION = "1"
SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/"
SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n"
- DL_DIR = "/home/srv/downloads/master"
BB_HASHSERVE = "auto"
BB_SIGNATURE_HANDLER = "OEEquivHash"
INHERIT += "buildstats buildstats-summary buildhistory"
INHERIT += "report-error"
INHERIT += "testimage"
+ INHERIT += "rm_work"
+ BB_NUMBER_THREADS="24"
+ BB_NUMBER_PARSE_THREADS="12"
+ PARALLEL_MAKE="-j 8"
+ BB_TASK_NICE_LEVEL = '5'
+ BB_TASK_NICE_LEVEL_task-testimage = '0'
+ BB_TASK_IONICE_LEVEL = '2.7'
+ BB_TASK_IONICE_LEVEL_task-testimage = '2.1'
TEST_QEMUBOOT_TIMEOUT = "1500"
EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
PACKAGE_CLASSES = "package_ipk"
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md
index 4607948..5048fba 100644
--- a/meta-security/meta-integrity/README.md
+++ b/meta-security/meta-integrity/README.md
@@ -73,8 +73,10 @@
compilation of the Linux kernel. To also activate it when building
the image, enable image signing in the local.conf like this:
- INHERIT += "ima-evm-rootfs"
+ IMAGE_CLASSES += "ima-evm-rootfs"
IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+ IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+ IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der"
This uses the default keys provided in the "data" directory of the layer.
Because everyone has access to these private keys, such an image
diff --git a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
index d6ade3b..0acd6e7 100644
--- a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -28,6 +28,9 @@
# the iversion flags (needed by IMA when allowing writing).
IMA_EVM_ROOTFS_IVERSION ?= ""
+# Avoid re-generating fstab when ima is enabled.
+WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
+
ima_evm_sign_rootfs () {
cd ${IMAGE_ROOTFS}
@@ -37,15 +40,6 @@
# reasons (including a change of the signing keys) without also
# re-running do_rootfs.
- # Copy file(s) which must be on the device. Note that
- # evmctl uses x509_evm.der also for "ima_verify", which is probably
- # a bug (should default to x509_ima.der). Does not matter for us
- # because we use the same key for both.
- install -d ./${sysconfdir}/keys
- rm -f ./${sysconfdir}/keys/x509_evm.der
- install "${IMA_EVM_X509}" ./${sysconfdir}/keys/x509_evm.der
- ln -sf x509_evm.der ./${sysconfdir}/keys/x509_ima.der
-
# Fix /etc/fstab: it must include the "i_version" mount option for
# those file systems where writing files is allowed, otherwise
# these changes will not get detected at runtime.
@@ -80,13 +74,16 @@
}
# Signing must run as late as possible in the do_rootfs task.
-# IMAGE_PREPROCESS_COMMAND runs after ROOTFS_POSTPROCESS_COMMAND, so
-# append (not prepend!) to IMAGE_PREPROCESS_COMMAND, and do it with
-# _append instead of += because _append gets evaluated later. In
-# particular, we must run after prelink_image in
-# IMAGE_PREPROCESS_COMMAND, because prelinking changes executables.
+# To guarantee that, we append it to IMAGE_PREPROCESS_COMMAND in
+# RecipePreFinalise event handler, this ensures it's the last
+# function in IMAGE_PREPROCESS_COMMAND.
+python ima_evm_sign_handler () {
+ if not e.data or 'ima' not in e.data.getVar('DISTRO_FEATURES').split():
+ return
-IMAGE_PREPROCESS_COMMAND_append = " ima_evm_sign_rootfs ; "
-
-# evmctl must have been installed first.
-do_rootfs[depends] += "ima-evm-utils-native:do_populate_sysroot"
+ e.data.appendVar('IMAGE_PREPROCESS_COMMAND', ' ima_evm_sign_rootfs; ')
+ e.data.appendVar('IMAGE_INSTALL', ' ima-evm-keys')
+ e.data.appendVarFlag('do_rootfs', 'depends', ' ima-evm-utils-native:do_populate_sysroot')
+}
+addhandler ima_evm_sign_handler
+ima_evm_sign_handler[eventmask] = "bb.event.RecipePreFinalise"
diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index dacdc8b..77f6f7c 100644
--- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -27,5 +27,5 @@
FILES_${PN} = "/init.d ${sysconfdir}"
-RDEPENDS_${PN} = "keyutils ${IMA_POLICY}"
+RDEPENDS_${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
RDEPENDS_${PN} += "initramfs-framework-base"
diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
index 8616f99..cff26a3 100644
--- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
+++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
@@ -6,6 +6,7 @@
if [ "$bootparam_no_ima" = "true" ]; then
return 1
fi
+ return 0
}
ima_run() {
@@ -46,7 +47,7 @@
# ("[Linux-ima-user] IMA policy loading via cat") and we get better error reporting when
# checking the write of each line. To minimize the risk of policy loading going wrong we
# also remove comments and blank lines ourselves.
- if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) </etc/ima-policy >/sys/kernel/security/ima/policy; then
+ if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) </etc/ima/ima-policy >/sys/kernel/security/ima/policy; then
fatal "Could not load IMA policy."
fi
}
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
new file mode 100644
index 0000000..62685bb
--- /dev/null
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -0,0 +1,16 @@
+SUMMARY = "IMA/EMV public keys"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "ima"
+
+ALLOW_EMPTY_${PN} = "1"
+
+do_install () {
+ if [ -e "${IMA_EVM_X509}" ]; then
+ install -d ${D}/${sysconfdir}/keys
+ install "${IMA_EVM_X509}" ${D}${sysconfdir}/keys/x509_evm.der
+ lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der
+ fi
+}
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index 7f649c2..bd85583 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -26,6 +26,7 @@
inherit pkgconfig autotools features_check
REQUIRED_DISTRO_FEATURES = "ima"
+REQUIRED_DISTRO_FEATURES_class-native = ""
EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
index 7f89c8d..4d9e4ca 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
@@ -53,6 +53,9 @@
# CGROUP_SUPER_MAGIC
dont_appraise fsmagic=0x27e0eb
dont_measure fsmagic=0x27e0eb
+# CGROUP2_SUPER_MAGIC
+dont_appraise fsmagic=0x63677270
+dont_measure fsmagic=0x63677270
# EFIVARFS_MAGIC
dont_appraise fsmagic=0xde5e81e4
dont_measure fsmagic=0xde5e81e4
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index afa576a..812ea9f 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -11,7 +11,7 @@
S = "${WORKDIR}/git"
-inherit cmake pkgconfig python3native perlnative
+inherit cmake pkgconfig python3native python3targetconfig perlnative
PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch
new file mode 100644
index 0000000..60664a3
--- /dev/null
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch
@@ -0,0 +1,46 @@
+From 2beb4bc83a157b21edb1a3fef295cd4cced467df Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich <jatedev@gmail.com>
+Date: Thu, 7 Jan 2021 18:10:01 -0500
+Subject: [PATCH 1/3] Fix platform spec, file check, tests in installed OS
+ detect for openembedded
+
+Change platform to multi in openembedded installed check matching others
+and allowing compile of xml into oval
+---
+ shared/checks/oval/installed_OS_is_openembedded.xml | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml b/shared/checks/oval/installed_OS_is_openembedded.xml
+index 763d17bcb..01df16b43 100644
+--- a/shared/checks/oval/installed_OS_is_openembedded.xml
++++ b/shared/checks/oval/installed_OS_is_openembedded.xml
+@@ -1,11 +1,9 @@
+-</def-group>
+-
+ <def-group>
+ <definition class="inventory" id="installed_OS_is_openembedded" version="2">
+ <metadata>
+ <title>OpenEmbedded</title>
+ <affected family="unix">
+- <platform>OPENEMBEDDED</platform>
++ <platform>multi_platform_all</platform>
+ </affected>
+ <reference ref_id="cpe:/o:openembedded:openembedded:0"
+ source="CPE" />
+@@ -20,8 +18,11 @@
+ </criteria>
+ </definition>
+
+- <ind:textfilecontent54_object id="test_openembedded" version="1" comment="Check OPenEmbedded version">
+- <ind:filepath>/etc/os-release/ind:filepath>
++ <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check OpenEmbedded version" id="test_openembedded" version="1">
++ <ind:object object_ref="obj_openembedded" />
++ </ind:textfilecontent54_test>
++ <ind:textfilecontent54_object id="obj_openembedded" version="1" comment="Check OpenEmbedded version">
++ <ind:filepath>/etc/os-release</ind:filepath>
+ <ind:pattern operation="pattern match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern>
+ <ind:instance datatype="int">1</ind:instance>
+ </ind:textfilecontent54_object>
+--
+2.24.3 (Apple Git-128)
+
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch
new file mode 100644
index 0000000..1e712f6
--- /dev/null
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch
@@ -0,0 +1,34 @@
+From 037a12301968a56f0c7e492ea4a05d2eecbd4cc6 Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich <jatedev@gmail.com>
+Date: Fri, 8 Jan 2021 20:18:00 -0500
+Subject: [PATCH 2/3] Fix missing openembedded from ssg/constants.py
+
+---
+ ssg/constants.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ssg/constants.py b/ssg/constants.py
+index fab7cda5d..2ca289f84 100644
+--- a/ssg/constants.py
++++ b/ssg/constants.py
+@@ -234,7 +234,8 @@ PRODUCT_TO_CPE_MAPPING = {
+ }
+
+ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
+- "wrlinux", "opensuse", "sle", "ol", "ocp", "example"]
++ "wrlinux", "opensuse", "sle", "ol", "ocp", "example",
++ "openembedded"]
+
+ MULTI_PLATFORM_MAPPING = {
+ "multi_platform_debian": ["debian8"],
+@@ -249,6 +250,7 @@ MULTI_PLATFORM_MAPPING = {
+ "multi_platform_sle": ["sle11", "sle12"],
+ "multi_platform_ubuntu": ["ubuntu1404", "ubuntu1604", "ubuntu1804"],
+ "multi_platform_wrlinux": ["wrlinux"],
++ "multi_platform_openembedded": ["openembedded"],
+ }
+
+ RHEL_CENTOS_CPE_MAPPING = {
+--
+2.24.3 (Apple Git-128)
+
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
index 32fce0f..d1a9511 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
@@ -10,7 +10,7 @@
S = "${WORKDIR}/git"
-inherit cmake pkgconfig python3native
+inherit cmake pkgconfig python3native python3targetconfig
STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 6e7180f..0617c56 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -7,6 +7,8 @@
file://0001-fix-deprecated-instance-of-element.getchildren.patch \
file://0002-fix-deprecated-getiterator-function.patch \
file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
+ file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \
+ file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \
"
PV = "0.1.44+git${SRCPV}"
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
index 32afd37..301980d 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
@@ -27,7 +27,7 @@
S = "${WORKDIR}/src"
-CFLAGS += "-Wno-error=maybe-uninitialized"
+CFLAGS += "-Wno-error=maybe-uninitialized -DALG_CAMELLIA=ALG_NO"
do_compile () {
make CC='${CC}'
diff --git a/meta-security/recipes-ids/samhain/samhain.inc b/meta-security/recipes-ids/samhain/samhain.inc
index 3b4aab9..6a2eb085 100644
--- a/meta-security/recipes-ids/samhain/samhain.inc
+++ b/meta-security/recipes-ids/samhain/samhain.inc
@@ -3,7 +3,7 @@
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
-PV = "4.4.2"
+PV = "4.4.3"
SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://${INITSCRIPT_NAME}.init \
@@ -20,7 +20,7 @@
file://fix-build-with-new-version-attr.patch \
"
-SRC_URI[sha256sum] = "2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff"
+SRC_URI[sha256sum] = "3e57574036d5055e9557ec5095818b419ea6c4365370fc2ccce1e9f87f9fad08"
UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"
diff --git a/meta-security/recipes-ids/suricata/libhtp_0.5.35.bb b/meta-security/recipes-ids/suricata/libhtp_0.5.36.bb
similarity index 100%
rename from meta-security/recipes-ids/suricata/libhtp_0.5.35.bb
rename to meta-security/recipes-ids/suricata/libhtp_0.5.36.bb
diff --git a/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb b/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
index 0070b5b..732ca9a 100644
--- a/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
+++ b/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
@@ -10,6 +10,6 @@
S = "${WORKDIR}/git"
-inherit python3native setuptools3
+inherit python3native python3targetconfig setuptools3
RDEPENDS_${PN} = "python3-pyyaml"
diff --git a/meta-security/recipes-ids/suricata/suricata.inc b/meta-security/recipes-ids/suricata/suricata.inc
index b94285f..1ce0d74 100644
--- a/meta-security/recipes-ids/suricata/suricata.inc
+++ b/meta-security/recipes-ids/suricata/suricata.inc
@@ -2,7 +2,7 @@
SECTION = "security Monitor/Admin"
LICENSE = "GPLv2"
-VER = "4.1.9"
+VER = "4.1.10"
SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz"
-SRC_URI[sha256sum] = "3440cd1065b1b3999dc101a37c49321fab2791b38f16e2f7fe27369dd007eea7"
+SRC_URI[sha256sum] = "4013cb13a2f3f7854328cf072319bba41896fad86d6b85b1cff4004f82aa7276"
diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.9.bb b/meta-security/recipes-ids/suricata/suricata_4.1.10.bb
similarity index 100%
rename from meta-security/recipes-ids/suricata/suricata_4.1.9.bb
rename to meta-security/recipes-ids/suricata/suricata_4.1.10.bb
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb
index 35e95a0..015205d 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb
@@ -39,7 +39,7 @@
COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*"
-inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative cpan systemd features_check bash-completion
+inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion
REQUIRED_DISTRO_FEATURES = "apparmor"
diff --git a/meta-security/recipes-scanners/arpwatch/arpwatch_3.0.bb b/meta-security/recipes-scanners/arpwatch/arpwatch_3.1.bb
similarity index 93%
rename from meta-security/recipes-scanners/arpwatch/arpwatch_3.0.bb
rename to meta-security/recipes-scanners/arpwatch/arpwatch_3.1.bb
index 9be319a..44aeca0 100644
--- a/meta-security/recipes-scanners/arpwatch/arpwatch_3.0.bb
+++ b/meta-security/recipes-scanners/arpwatch/arpwatch_3.1.bb
@@ -1,7 +1,7 @@
SUMARRY = "The ethernet monitor program; for keeping track of ethernet/ip address pairings"
LICENSE = "BSD-4-Clause"
HOME_PAGE = "http://ee.lbl.gov/"
-LIC_FILES_CHKSUM = "file://configure;md5=212742e55562cf47527d31c2a492411a"
+LIC_FILES_CHKSUM = "file://configure;md5=74ca964ed34fda7b46c6fe3e50bded9d"
DEPENDS += "libpcap postfix"
@@ -12,7 +12,7 @@
file://postfix_workaround.patch \
file://host_contam_fix.patch "
-SRC_URI[sha256sum] = "82e137e104aca8b1280f5cca0ebe61b978f10eadcbb4c4802c181522ad02b25b"
+SRC_URI[sha256sum] = "ee1d15d9a07952c0c017908b9dbfd5ac988fed0058c3cc4fa6c13e0be36f3a9f"
inherit autotools-brokensep update-rc.d useradd
diff --git a/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb b/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb
index 179eeda..20a1fb0 100644
--- a/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb
+++ b/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb
@@ -3,7 +3,7 @@
system. This enables you to quickly overview the security status of your Linux system."
SECTION = "security"
LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_${PV}/${BPN}_${PV}.tar.gz"
diff --git a/meta-security/recipes-scanners/checksec/checksec_2.1.0.bb b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb
similarity index 78%
rename from meta-security/recipes-scanners/checksec/checksec_2.1.0.bb
rename to meta-security/recipes-scanners/checksec/checksec_2.4.0.bb
index b67c98b..52bcf7c 100644
--- a/meta-security/recipes-scanners/checksec/checksec_2.1.0.bb
+++ b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb
@@ -4,9 +4,9 @@
LICENSE = "BSD"
HOMEPAGE="https://github.com/slimm609/checksec.sh"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=93fddcca19f6c897871f9b5f9a035f4a"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8"
-SRCREV = "04582bad41589ad479ca8b1f0170ed317475b5a5"
+SRCREV = "c3754e45e04f9104db93b2048afd094427102d48"
SRC_URI = "git://github.com/slimm609/checksec.sh"
S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb b/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
index 204123d..0161b4c 100644
--- a/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
+++ b/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
@@ -2,7 +2,7 @@
DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes."
SECTION = "security"
LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \
file://setuid-log-folder.patch \
diff --git a/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch b/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch
deleted file mode 100644
index ee872ec..0000000
--- a/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch
+++ /dev/null
@@ -1,2527 +0,0 @@
-From abaa20435bac7decffa69e6f965aac9ce29aff6a Mon Sep 17 00:00:00 2001
-From: Armin Kuster <akuster808@gmail.com>
-Date: Wed, 12 Feb 2020 17:19:15 +0000
-Subject: [PATCH] python3-fail2ban: 2-3 conversion
-
-Upstream-Status: OE specific.
-
-fail2ban handles py3 via a 2-3 conversion utility.
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
----
- fail2ban/client/actionreader.py | 4 +-
- fail2ban/client/configparserinc.py | 10 +-
- fail2ban/client/configreader.py | 4 +-
- fail2ban/client/csocket.py | 4 +-
- fail2ban/client/fail2banclient.py | 4 +-
- fail2ban/client/fail2banregex.py | 20 +-
- fail2ban/client/filterreader.py | 2 +-
- fail2ban/client/jailreader.py | 4 +-
- fail2ban/helpers.py | 15 +-
- fail2ban/server/action.py | 19 +-
- fail2ban/server/actions.py | 24 +-
- fail2ban/server/asyncserver.py | 4 +-
- fail2ban/server/banmanager.py | 18 +-
- fail2ban/server/database.py | 6 +-
- fail2ban/server/failmanager.py | 8 +-
- fail2ban/server/failregex.py | 9 +-
- fail2ban/server/filter.py | 12 +-
- fail2ban/server/filterpoll.py | 2 +-
- fail2ban/server/filterpyinotify.py | 6 +-
- fail2ban/server/ipdns.py | 16 +-
- fail2ban/server/jail.py | 14 +-
- fail2ban/server/mytime.py | 2 +-
- fail2ban/server/server.py | 18 +-
- fail2ban/server/strptime.py | 6 +-
- fail2ban/server/ticket.py | 14 +-
- fail2ban/server/transmitter.py | 2 +-
- fail2ban/server/utils.py | 6 +-
- fail2ban/tests/action_d/test_badips.py | 2 +-
- fail2ban/tests/actiontestcase.py | 4 +-
- fail2ban/tests/clientreadertestcase.py | 4 +-
- fail2ban/tests/databasetestcase.py | 16 +-
- fail2ban/tests/datedetectortestcase.py | 6 +-
- fail2ban/tests/fail2banclienttestcase.py | 8 +-
- fail2ban/tests/failmanagertestcase.py | 10 +-
- .../tests/files/config/apache-auth/digest.py | 20 +-
- fail2ban/tests/filtertestcase.py | 92 ++---
- fail2ban/tests/misctestcase.py | 22 +-
- fail2ban/tests/observertestcase.py | 34 +-
- fail2ban/tests/samplestestcase.py | 8 +-
- fail2ban/tests/servertestcase.py | 28 +-
- fail2ban/tests/sockettestcase.py | 2 +-
- fail2ban/tests/utils.py | 22 +-
- setup.py | 326 ------------------
- 43 files changed, 264 insertions(+), 593 deletions(-)
- delete mode 100755 setup.py
-
-diff --git a/fail2ban/client/actionreader.py b/fail2ban/client/actionreader.py
-index 80617a50..ecf323c5 100644
---- a/fail2ban/client/actionreader.py
-+++ b/fail2ban/client/actionreader.py
-@@ -90,11 +90,11 @@ class ActionReader(DefinitionInitConfigReader):
- stream = list()
- stream.append(head + ["addaction", self._name])
- multi = []
-- for opt, optval in opts.iteritems():
-+ for opt, optval in opts.items():
- if opt in self._configOpts and not opt.startswith('known/'):
- multi.append([opt, optval])
- if self._initOpts:
-- for opt, optval in self._initOpts.iteritems():
-+ for opt, optval in self._initOpts.items():
- if opt not in self._configOpts and not opt.startswith('known/'):
- multi.append([opt, optval])
- if len(multi) > 1:
-diff --git a/fail2ban/client/configparserinc.py b/fail2ban/client/configparserinc.py
-index e0f39579..45c77437 100644
---- a/fail2ban/client/configparserinc.py
-+++ b/fail2ban/client/configparserinc.py
-@@ -62,7 +62,7 @@ if sys.version_info >= (3,2):
- parser, option, accum, rest, section, map, *args, **kwargs)
-
- else: # pragma: no cover
-- from ConfigParser import SafeConfigParser, \
-+ from configparser import SafeConfigParser, \
- InterpolationMissingOptionError, NoOptionError, NoSectionError
-
- # Interpolate missing known/option as option from default section
-@@ -327,7 +327,7 @@ after = 1.conf
- # mix it with defaults:
- return set(opts.keys()) | set(self._defaults)
- # only own option names:
-- return opts.keys()
-+ return list(opts.keys())
-
- def read(self, filenames, get_includes=True):
- if not isinstance(filenames, list):
-@@ -356,7 +356,7 @@ after = 1.conf
- ret += i
- # merge defaults and all sections to self:
- alld.update(cfg.get_defaults())
-- for n, s in cfg.get_sections().iteritems():
-+ for n, s in cfg.get_sections().items():
- # conditional sections
- cond = SafeConfigParserWithIncludes.CONDITIONAL_RE.match(n)
- if cond:
-@@ -366,7 +366,7 @@ after = 1.conf
- del(s['__name__'])
- except KeyError:
- pass
-- for k in s.keys():
-+ for k in list(s.keys()):
- v = s.pop(k)
- s[k + cond] = v
- s2 = alls.get(n)
-@@ -399,7 +399,7 @@ after = 1.conf
- sec.update(options)
- return
- sk = {}
-- for k, v in options.iteritems():
-+ for k, v in options.items():
- if not k.startswith(pref) and k != '__name__':
- sk[pref+k] = v
- sec.update(sk)
-diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
-index 20709b72..b5167409 100644
---- a/fail2ban/client/configreader.py
-+++ b/fail2ban/client/configreader.py
-@@ -26,7 +26,7 @@ __license__ = "GPL"
-
- import glob
- import os
--from ConfigParser import NoOptionError, NoSectionError
-+from configparser import NoOptionError, NoSectionError
-
- from .configparserinc import sys, SafeConfigParserWithIncludes, logLevel
- from ..helpers import getLogger, _as_bool, _merge_dicts, substituteRecursiveTags
-@@ -197,7 +197,7 @@ class ConfigReaderUnshared(SafeConfigParserWithIncludes):
- config_files += sorted(glob.glob('%s/*.local' % config_dir))
-
- # choose only existing ones
-- config_files = filter(os.path.exists, config_files)
-+ config_files = list(filter(os.path.exists, config_files))
-
- if len(config_files):
- # at least one config exists and accessible
-diff --git a/fail2ban/client/csocket.py b/fail2ban/client/csocket.py
-index ab3e294b..9417cde9 100644
---- a/fail2ban/client/csocket.py
-+++ b/fail2ban/client/csocket.py
-@@ -47,7 +47,7 @@ class CSocket:
-
- def send(self, msg, nonblocking=False, timeout=None):
- # Convert every list member to string
-- obj = dumps(map(CSocket.convert, msg), HIGHEST_PROTOCOL)
-+ obj = dumps(list(map(CSocket.convert, msg)), HIGHEST_PROTOCOL)
- self.__csock.send(obj + CSPROTO.END)
- return self.receive(self.__csock, nonblocking, timeout)
-
-@@ -71,7 +71,7 @@ class CSocket:
- @staticmethod
- def convert(m):
- """Convert every "unexpected" member of message to string"""
-- if isinstance(m, (basestring, bool, int, float, list, dict, set)):
-+ if isinstance(m, (str, bool, int, float, list, dict, set)):
- return m
- else: # pragma: no cover
- return str(m)
-diff --git a/fail2ban/client/fail2banclient.py b/fail2ban/client/fail2banclient.py
-index 7c90ca40..7eb11684 100755
---- a/fail2ban/client/fail2banclient.py
-+++ b/fail2ban/client/fail2banclient.py
-@@ -45,7 +45,7 @@ def _thread_name():
- return threading.current_thread().__class__.__name__
-
- def input_command(): # pragma: no cover
-- return raw_input(PROMPT)
-+ return input(PROMPT)
-
- ##
- #
-@@ -444,7 +444,7 @@ class Fail2banClient(Fail2banCmdLine, Thread):
- return False
- finally:
- self._alive = False
-- for s, sh in _prev_signals.iteritems():
-+ for s, sh in _prev_signals.items():
- signal.signal(s, sh)
-
-
-diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
-index 513b765d..4a71b3c0 100644
---- a/fail2ban/client/fail2banregex.py
-+++ b/fail2ban/client/fail2banregex.py
-@@ -41,10 +41,10 @@ import shlex
- import sys
- import time
- import time
--import urllib
-+import urllib.request, urllib.parse, urllib.error
- from optparse import OptionParser, Option
-
--from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
-+from configparser import NoOptionError, NoSectionError, MissingSectionHeaderError
-
- try: # pragma: no cover
- from ..server.filtersystemd import FilterSystemd
-@@ -68,7 +68,7 @@ def debuggexURL(sample, regex, multiline=False, useDns="yes"):
- 'flavor': 'python'
- }
- if multiline: args['flags'] = 'm'
-- return 'https://www.debuggex.com/?' + urllib.urlencode(args)
-+ return 'https://www.debuggex.com/?' + urllib.parse.urlencode(args)
-
- def output(args): # pragma: no cover (overriden in test-cases)
- print(args)
-@@ -244,7 +244,7 @@ class Fail2banRegex(object):
-
- def __init__(self, opts):
- # set local protected members from given options:
-- self.__dict__.update(dict(('_'+o,v) for o,v in opts.__dict__.iteritems()))
-+ self.__dict__.update(dict(('_'+o,v) for o,v in opts.__dict__.items()))
- self._opts = opts
- self._maxlines_set = False # so we allow to override maxlines in cmdline
- self._datepattern_set = False
-@@ -304,7 +304,7 @@ class Fail2banRegex(object):
- realopts = {}
- combopts = reader.getCombined()
- # output all options that are specified in filter-argument as well as some special (mostly interested):
-- for k in ['logtype', 'datepattern'] + fltOpt.keys():
-+ for k in ['logtype', 'datepattern'] + list(fltOpt.keys()):
- # combined options win, but they contain only a sub-set in filter expected keys,
- # so get the rest from definition section:
- try:
-@@ -424,7 +424,7 @@ class Fail2banRegex(object):
- self.output( "Use %11s line : %s" % (regex, shortstr(value)) )
- regex_values = {regextype: [RegexStat(value)]}
-
-- for regextype, regex_values in regex_values.iteritems():
-+ for regextype, regex_values in regex_values.items():
- regex = regextype + 'regex'
- setattr(self, "_" + regex, regex_values)
- for regex in regex_values:
-@@ -523,10 +523,10 @@ class Fail2banRegex(object):
- output(ret[1])
- elif self._opts.out == 'msg':
- for ret in ret:
-- output('\n'.join(map(lambda v:''.join(v for v in v), ret[3].get('matches'))))
-+ output('\n'.join([''.join(v for v in v) for v in ret[3].get('matches')]))
- elif self._opts.out == 'row':
- for ret in ret:
-- output('[%r,\t%r,\t%r],' % (ret[1],ret[2],dict((k,v) for k, v in ret[3].iteritems() if k != 'matches')))
-+ output('[%r,\t%r,\t%r],' % (ret[1],ret[2],dict((k,v) for k, v in ret[3].items() if k != 'matches')))
- else:
- for ret in ret:
- output(ret[3].get(self._opts.out))
-@@ -565,9 +565,9 @@ class Fail2banRegex(object):
- ans = [[]]
- for arg in [l, regexlist]:
- ans = [ x + [y] for x in ans for y in arg ]
-- b = map(lambda a: a[0] + ' | ' + a[1].getFailRegex() + ' | ' +
-+ b = [a[0] + ' | ' + a[1].getFailRegex() + ' | ' +
- debuggexURL(self.encode_line(a[0]), a[1].getFailRegex(),
-- multiline, self._opts.usedns), ans)
-+ multiline, self._opts.usedns) for a in ans]
- pprint_list([x.rstrip() for x in b], header)
- else:
- output( "%s too many to print. Use --print-all-%s " \
-diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py
-index 413f125e..4f0cc4cf 100644
---- a/fail2ban/client/filterreader.py
-+++ b/fail2ban/client/filterreader.py
-@@ -71,7 +71,7 @@ class FilterReader(DefinitionInitConfigReader):
- @staticmethod
- def _fillStream(stream, opts, jailName):
- prio0idx = 0
-- for opt, value in opts.iteritems():
-+ for opt, value in opts.items():
- if opt in ("failregex", "ignoreregex"):
- if value is None: continue
- multi = []
-diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
-index 50c1d047..969d0bc0 100644
---- a/fail2ban/client/jailreader.py
-+++ b/fail2ban/client/jailreader.py
-@@ -117,7 +117,7 @@ class JailReader(ConfigReader):
- }
- _configOpts.update(FilterReader._configOpts)
-
-- _ignoreOpts = set(['action', 'filter', 'enabled'] + FilterReader._configOpts.keys())
-+ _ignoreOpts = set(['action', 'filter', 'enabled'] + list(FilterReader._configOpts.keys()))
-
- def getOptions(self):
-
-@@ -236,7 +236,7 @@ class JailReader(ConfigReader):
- stream.extend(self.__filter.convert())
- # and using options from jail:
- FilterReader._fillStream(stream, self.__opts, self.__name)
-- for opt, value in self.__opts.iteritems():
-+ for opt, value in self.__opts.items():
- if opt == "logpath":
- if self.__opts.get('backend', '').startswith("systemd"): continue
- found_files = 0
-diff --git a/fail2ban/helpers.py b/fail2ban/helpers.py
-index 6f2bcdd7..7e563696 100644
---- a/fail2ban/helpers.py
-+++ b/fail2ban/helpers.py
-@@ -31,6 +31,7 @@ import traceback
- from threading import Lock
-
- from .server.mytime import MyTime
-+import importlib
-
- try:
- import ctypes
-@@ -63,7 +64,7 @@ if sys.version_info < (3,): # pragma: 3.x no cover
- from imp import load_dynamic as __ldm
- _sys = __ldm('_sys', 'sys')
- except ImportError: # pragma: no cover - only if load_dynamic fails
-- reload(sys)
-+ importlib.reload(sys)
- _sys = sys
- if hasattr(_sys, "setdefaultencoding"):
- _sys.setdefaultencoding(encoding)
-@@ -101,7 +102,7 @@ if sys.version_info >= (3,): # pragma: 2.x no cover
- else: # pragma: 3.x no cover
- def uni_decode(x, enc=PREFER_ENC, errors='strict'):
- try:
-- if isinstance(x, unicode):
-+ if isinstance(x, str):
- return x.encode(enc, errors)
- return x
- except (UnicodeDecodeError, UnicodeEncodeError): # pragma: no cover - unsure if reachable
-@@ -110,7 +111,7 @@ else: # pragma: 3.x no cover
- return x.encode(enc, 'replace')
- if sys.getdefaultencoding().upper() != 'UTF-8': # pragma: no cover - utf-8 is default encoding now
- def uni_string(x):
-- if not isinstance(x, unicode):
-+ if not isinstance(x, str):
- return str(x)
- return x.encode(PREFER_ENC, 'replace')
- else:
-@@ -118,7 +119,7 @@ else: # pragma: 3.x no cover
-
-
- def _as_bool(val):
-- return bool(val) if not isinstance(val, basestring) \
-+ return bool(val) if not isinstance(val, str) \
- else val.lower() in ('1', 'on', 'true', 'yes')
-
-
-@@ -326,7 +327,7 @@ def splitwords(s):
- """
- if not s:
- return []
-- return filter(bool, map(lambda v: v.strip(), re.split('[ ,\n]+', s)))
-+ return list(filter(bool, [v.strip() for v in re.split('[ ,\n]+', s)]))
-
- if sys.version_info >= (3,5):
- eval(compile(r'''if 1:
-@@ -436,7 +437,7 @@ def substituteRecursiveTags(inptags, conditional='',
- while True:
- repFlag = False
- # substitute each value:
-- for tag in tags.iterkeys():
-+ for tag in tags.keys():
- # ignore escaped or already done (or in ignore list):
- if tag in ignore or tag in done: continue
- # ignore replacing callable items from calling map - should be converted on demand only (by get):
-@@ -476,7 +477,7 @@ def substituteRecursiveTags(inptags, conditional='',
- m = tre_search(value, m.end())
- continue
- # if calling map - be sure we've string:
-- if not isinstance(repl, basestring): repl = uni_string(repl)
-+ if not isinstance(repl, str): repl = uni_string(repl)
- value = value.replace('<%s>' % rtag, repl)
- #logSys.log(5, 'value now: %s' % value)
- # increment reference count:
-diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
-index 5c817fc0..81d50689 100644
---- a/fail2ban/server/action.py
-+++ b/fail2ban/server/action.py
-@@ -111,9 +111,9 @@ class CallingMap(MutableMapping, object):
- def _asdict(self, calculated=False, checker=None):
- d = dict(self.data, **self.storage)
- if not calculated:
-- return dict((n,v) for n,v in d.iteritems() \
-+ return dict((n,v) for n,v in d.items() \
- if not callable(v) or n in self.CM_REPR_ITEMS)
-- for n,v in d.items():
-+ for n,v in list(d.items()):
- if callable(v):
- try:
- # calculate:
-@@ -179,7 +179,7 @@ class CallingMap(MutableMapping, object):
- return self.__class__(_merge_copy_dicts(self.data, self.storage))
-
-
--class ActionBase(object):
-+class ActionBase(object, metaclass=ABCMeta):
- """An abstract base class for actions in Fail2Ban.
-
- Action Base is a base definition of what methods need to be in
-@@ -209,7 +209,6 @@ class ActionBase(object):
- Any additional arguments specified in `jail.conf` or passed
- via `fail2ban-client` will be passed as keyword arguments.
- """
-- __metaclass__ = ABCMeta
-
- @classmethod
- def __subclasshook__(cls, C):
-@@ -420,7 +419,7 @@ class CommandAction(ActionBase):
- if not callable(family): # pragma: no cover
- return self.__substCache.get(key, {}).get(family)
- # family as expression - use it to filter values:
-- return [v for f, v in self.__substCache.get(key, {}).iteritems() if family(f)]
-+ return [v for f, v in self.__substCache.get(key, {}).items() if family(f)]
- cmd = args[0]
- if cmd: # set:
- try:
-@@ -432,7 +431,7 @@ class CommandAction(ActionBase):
- try:
- famd = self.__substCache[key]
- cmd = famd.pop(family)
-- for family, v in famd.items():
-+ for family, v in list(famd.items()):
- if v == cmd:
- del famd[family]
- except KeyError: # pragma: no cover
-@@ -448,7 +447,7 @@ class CommandAction(ActionBase):
- res = True
- err = 'Script error'
- if not family: # all started:
-- family = [famoper for (famoper,v) in self.__started.iteritems() if v]
-+ family = [famoper for (famoper,v) in self.__started.items() if v]
- for famoper in family:
- try:
- cmd = self._getOperation(tag, famoper)
-@@ -617,7 +616,7 @@ class CommandAction(ActionBase):
- and executes the resulting command.
- """
- # collect started families, may be started on demand (conditional):
-- family = [f for (f,v) in self.__started.iteritems() if v & 3 == 3]; # started and contains items
-+ family = [f for (f,v) in self.__started.items() if v & 3 == 3]; # started and contains items
- # if nothing contains items:
- if not family: return True
- # flush:
-@@ -642,7 +641,7 @@ class CommandAction(ActionBase):
- """
- # collect started families, if started on demand (conditional):
- if family is None:
-- family = [f for (f,v) in self.__started.iteritems() if v]
-+ family = [f for (f,v) in self.__started.items() if v]
- # if no started (on demand) actions:
- if not family: return True
- self.__started = {}
-@@ -676,7 +675,7 @@ class CommandAction(ActionBase):
- ret = True
- # for each started family:
- if self.actioncheck:
-- for (family, started) in self.__started.items():
-+ for (family, started) in list(self.__started.items()):
- if started and not self._invariantCheck(family, beforeRepair):
- # reset started flag and command of executed operation:
- self.__started[family] = 0
-diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
-index 24fea838..94b9c3ed 100644
---- a/fail2ban/server/actions.py
-+++ b/fail2ban/server/actions.py
-@@ -156,11 +156,11 @@ class Actions(JailThread, Mapping):
- else:
- if hasattr(self, '_reload_actions'):
- # reload actions after all parameters set via stream:
-- for name, initOpts in self._reload_actions.iteritems():
-+ for name, initOpts in self._reload_actions.items():
- if name in self._actions:
- self._actions[name].reload(**(initOpts if initOpts else {}))
- # remove obsolete actions (untouched by reload process):
-- delacts = OrderedDict((name, action) for name, action in self._actions.iteritems()
-+ delacts = OrderedDict((name, action) for name, action in self._actions.items()
- if name not in self._reload_actions)
- if len(delacts):
- # unban all tickets using removed actions only:
-@@ -289,7 +289,7 @@ class Actions(JailThread, Mapping):
- """
- if actions is None:
- actions = self._actions
-- revactions = actions.items()
-+ revactions = list(actions.items())
- revactions.reverse()
- for name, action in revactions:
- try:
-@@ -314,7 +314,7 @@ class Actions(JailThread, Mapping):
- True when the thread exits nicely.
- """
- cnt = 0
-- for name, action in self._actions.iteritems():
-+ for name, action in self._actions.items():
- try:
- action.start()
- except Exception as e:
-@@ -474,7 +474,7 @@ class Actions(JailThread, Mapping):
- Observers.Main.add('banFound', bTicket, self._jail, btime)
- logSys.notice("[%s] %sBan %s", self._jail.name, ('' if not bTicket.restored else 'Restore '), ip)
- # do actions :
-- for name, action in self._actions.iteritems():
-+ for name, action in self._actions.items():
- try:
- if ticket.restored and getattr(action, 'norestored', False):
- continue
-@@ -511,13 +511,13 @@ class Actions(JailThread, Mapping):
- if bTicket.banEpoch == self.banEpoch and diftm > 3:
- # avoid too often checks:
- if not rebanacts and MyTime.time() > self.__lastConsistencyCheckTM + 3:
-- for action in self._actions.itervalues():
-+ for action in self._actions.values():
- action.consistencyCheck()
- self.__lastConsistencyCheckTM = MyTime.time()
- # check epoch in order to reban it:
- if bTicket.banEpoch < self.banEpoch:
- if not rebanacts: rebanacts = dict(
-- (name, action) for name, action in self._actions.iteritems()
-+ (name, action) for name, action in self._actions.items()
- if action.banEpoch > bTicket.banEpoch)
- cnt += self.__reBan(bTicket, actions=rebanacts)
- else: # pragma: no cover - unexpected: ticket is not banned for some reasons - reban using all actions:
-@@ -542,8 +542,8 @@ class Actions(JailThread, Mapping):
- ip = ticket.getIP()
- aInfo = self.__getActionInfo(ticket)
- if log:
-- logSys.notice("[%s] Reban %s%s", self._jail.name, aInfo["ip"], (', action %r' % actions.keys()[0] if len(actions) == 1 else ''))
-- for name, action in actions.iteritems():
-+ logSys.notice("[%s] Reban %s%s", self._jail.name, aInfo["ip"], (', action %r' % list(actions.keys())[0] if len(actions) == 1 else ''))
-+ for name, action in actions.items():
- try:
- logSys.debug("[%s] action %r: reban %s", self._jail.name, name, ip)
- if not aInfo.immutable: aInfo.reset()
-@@ -567,7 +567,7 @@ class Actions(JailThread, Mapping):
- if not self.__banManager._inBanList(ticket): return
- # do actions :
- aInfo = None
-- for name, action in self._actions.iteritems():
-+ for name, action in self._actions.items():
- try:
- if ticket.restored and getattr(action, 'norestored', False):
- continue
-@@ -616,7 +616,7 @@ class Actions(JailThread, Mapping):
- cnt = 0
- # first we'll execute flush for actions supporting this operation:
- unbactions = {}
-- for name, action in (actions if actions is not None else self._actions).iteritems():
-+ for name, action in (actions if actions is not None else self._actions).items():
- try:
- if hasattr(action, 'flush') and (not isinstance(action, CommandAction) or action.actionflush):
- logSys.notice("[%s] Flush ticket(s) with %s", self._jail.name, name)
-@@ -671,7 +671,7 @@ class Actions(JailThread, Mapping):
- aInfo = self.__getActionInfo(ticket)
- if log:
- logSys.notice("[%s] Unban %s", self._jail.name, aInfo["ip"])
-- for name, action in unbactions.iteritems():
-+ for name, action in unbactions.items():
- try:
- logSys.debug("[%s] action %r: unban %s", self._jail.name, name, ip)
- if not aInfo.immutable: aInfo.reset()
-diff --git a/fail2ban/server/asyncserver.py b/fail2ban/server/asyncserver.py
-index e3400737..f5f9740b 100644
---- a/fail2ban/server/asyncserver.py
-+++ b/fail2ban/server/asyncserver.py
-@@ -178,7 +178,7 @@ def loop(active, timeout=None, use_poll=False, err_count=None):
- elif err_count['listen'] > 100: # pragma: no cover - normally unreachable
- if (
- e.args[0] == errno.EMFILE # [Errno 24] Too many open files
-- or sum(err_count.itervalues()) > 1000
-+ or sum(err_count.values()) > 1000
- ):
- logSys.critical("Too many errors - critical count reached %r", err_count)
- break
-@@ -220,7 +220,7 @@ class AsyncServer(asyncore.dispatcher):
- elif self.__errCount['accept'] > 100:
- if (
- (isinstance(e, socket.error) and e.args[0] == errno.EMFILE) # [Errno 24] Too many open files
-- or sum(self.__errCount.itervalues()) > 1000
-+ or sum(self.__errCount.values()) > 1000
- ):
- logSys.critical("Too many errors - critical count reached %r", self.__errCount)
- self.stop()
-diff --git a/fail2ban/server/banmanager.py b/fail2ban/server/banmanager.py
-index 5770bfd7..9bb44971 100644
---- a/fail2ban/server/banmanager.py
-+++ b/fail2ban/server/banmanager.py
-@@ -105,9 +105,9 @@ class BanManager:
- def getBanList(self, ordered=False, withTime=False):
- with self.__lock:
- if not ordered:
-- return self.__banList.keys()
-+ return list(self.__banList.keys())
- lst = []
-- for ticket in self.__banList.itervalues():
-+ for ticket in self.__banList.values():
- eob = ticket.getEndOfBanTime(self.__banTime)
- lst.append((ticket,eob))
- lst.sort(key=lambda t: t[1])
-@@ -126,7 +126,7 @@ class BanManager:
-
- def __iter__(self):
- with self.__lock:
-- return self.__banList.itervalues()
-+ return iter(self.__banList.values())
-
- ##
- # Returns normalized value
-@@ -165,7 +165,7 @@ class BanManager:
- return return_dict
- # get ips in lock:
- with self.__lock:
-- banIPs = [banData.getIP() for banData in self.__banList.values()]
-+ banIPs = [banData.getIP() for banData in list(self.__banList.values())]
- # get cymru info:
- try:
- for ip in banIPs:
-@@ -341,7 +341,7 @@ class BanManager:
- # Gets the list of ticket to remove (thereby correct next unban time).
- unBanList = {}
- nextUnbanTime = BanTicket.MAX_TIME
-- for fid,ticket in self.__banList.iteritems():
-+ for fid,ticket in self.__banList.items():
- # current time greater as end of ban - timed out:
- eob = ticket.getEndOfBanTime(self.__banTime)
- if time > eob:
-@@ -357,15 +357,15 @@ class BanManager:
- if len(unBanList):
- if len(unBanList) / 2.0 <= len(self.__banList) / 3.0:
- # few as 2/3 should be removed - remove particular items:
-- for fid in unBanList.iterkeys():
-+ for fid in unBanList.keys():
- del self.__banList[fid]
- else:
- # create new dictionary without items to be deleted:
-- self.__banList = dict((fid,ticket) for fid,ticket in self.__banList.iteritems() \
-+ self.__banList = dict((fid,ticket) for fid,ticket in self.__banList.items() \
- if fid not in unBanList)
-
- # return list of tickets:
-- return unBanList.values()
-+ return list(unBanList.values())
-
- ##
- # Flush the ban list.
-@@ -375,7 +375,7 @@ class BanManager:
-
- def flushBanList(self):
- with self.__lock:
-- uBList = self.__banList.values()
-+ uBList = list(self.__banList.values())
- self.__banList = dict()
- return uBList
-
-diff --git a/fail2ban/server/database.py b/fail2ban/server/database.py
-index ed736a7a..0e8c9aec 100644
---- a/fail2ban/server/database.py
-+++ b/fail2ban/server/database.py
-@@ -67,13 +67,13 @@ if sys.version_info >= (3,): # pragma: 2.x no cover
- else: # pragma: 3.x no cover
- def _normalize(x):
- if isinstance(x, dict):
-- return dict((_normalize(k), _normalize(v)) for k, v in x.iteritems())
-+ return dict((_normalize(k), _normalize(v)) for k, v in x.items())
- elif isinstance(x, (list, set)):
- return [_normalize(element) for element in x]
-- elif isinstance(x, unicode):
-+ elif isinstance(x, str):
- # in 2.x default text_factory is unicode - so return proper unicode here:
- return x.encode(PREFER_ENC, 'replace').decode(PREFER_ENC)
-- elif isinstance(x, basestring):
-+ elif isinstance(x, str):
- return x.decode(PREFER_ENC, 'replace')
- return x
-
-diff --git a/fail2ban/server/failmanager.py b/fail2ban/server/failmanager.py
-index 93c028fb..a9c6b5f6 100644
---- a/fail2ban/server/failmanager.py
-+++ b/fail2ban/server/failmanager.py
-@@ -57,7 +57,7 @@ class FailManager:
- def getFailCount(self):
- # may be slow on large list of failures, should be used for test purposes only...
- with self.__lock:
-- return len(self.__failList), sum([f.getRetry() for f in self.__failList.values()])
-+ return len(self.__failList), sum([f.getRetry() for f in list(self.__failList.values())])
-
- def getFailTotal(self):
- with self.__lock:
-@@ -125,7 +125,7 @@ class FailManager:
- # in case of having many active failures, it should be ran only
- # if debug level is "low" enough
- failures_summary = ', '.join(['%s:%d' % (k, v.getRetry())
-- for k,v in self.__failList.iteritems()])
-+ for k,v in self.__failList.items()])
- logSys.log(logLevel, "Total # of detected failures: %d. Current failures from %d IPs (IP:count): %s"
- % (self.__failTotal, len(self.__failList), failures_summary))
-
-@@ -138,7 +138,7 @@ class FailManager:
-
- def cleanup(self, time):
- with self.__lock:
-- todelete = [fid for fid,item in self.__failList.iteritems() \
-+ todelete = [fid for fid,item in self.__failList.items() \
- if item.getLastTime() + self.__maxTime <= time]
- if len(todelete) == len(self.__failList):
- # remove all:
-@@ -152,7 +152,7 @@ class FailManager:
- del self.__failList[fid]
- else:
- # create new dictionary without items to be deleted:
-- self.__failList = dict((fid,item) for fid,item in self.__failList.iteritems() \
-+ self.__failList = dict((fid,item) for fid,item in self.__failList.items() \
- if item.getLastTime() + self.__maxTime > time)
- self.__bgSvc.service()
-
-diff --git a/fail2ban/server/failregex.py b/fail2ban/server/failregex.py
-index f7dafbef..fb75187d 100644
---- a/fail2ban/server/failregex.py
-+++ b/fail2ban/server/failregex.py
-@@ -128,10 +128,7 @@ class Regex:
- self._regexObj = re.compile(regex, re.MULTILINE if multiline else 0)
- self._regex = regex
- self._altValues = {}
-- for k in filter(
-- lambda k: len(k) > len(ALTNAME_PRE) and k.startswith(ALTNAME_PRE),
-- self._regexObj.groupindex
-- ):
-+ for k in [k for k in self._regexObj.groupindex if len(k) > len(ALTNAME_PRE) and k.startswith(ALTNAME_PRE)]:
- n = ALTNAME_CRE.match(k).group(1)
- self._altValues[k] = n
- self._altValues = list(self._altValues.items()) if len(self._altValues) else None
-@@ -211,7 +208,7 @@ class Regex:
- #
- @staticmethod
- def _tupleLinesBuf(tupleLines):
-- return "\n".join(map(lambda v: "".join(v[::2]), tupleLines)) + "\n"
-+ return "\n".join(["".join(v[::2]) for v in tupleLines]) + "\n"
-
- ##
- # Searches the regular expression.
-@@ -223,7 +220,7 @@ class Regex:
-
- def search(self, tupleLines, orgLines=None):
- buf = tupleLines
-- if not isinstance(tupleLines, basestring):
-+ if not isinstance(tupleLines, str):
- buf = Regex._tupleLinesBuf(tupleLines)
- self._matchCache = self._regexObj.search(buf)
- if self._matchCache:
-diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py
-index 998fe298..d181fd38 100644
---- a/fail2ban/server/filter.py
-+++ b/fail2ban/server/filter.py
-@@ -292,7 +292,7 @@ class Filter(JailThread):
- dd = DateDetector()
- dd.default_tz = self.__logtimezone
- if not isinstance(pattern, (list, tuple)):
-- pattern = filter(bool, map(str.strip, re.split('\n+', pattern)))
-+ pattern = list(filter(bool, list(map(str.strip, re.split('\n+', pattern)))))
- for pattern in pattern:
- dd.appendTemplate(pattern)
- self.dateDetector = dd
-@@ -987,7 +987,7 @@ class FileFilter(Filter):
- # @return log paths
-
- def getLogPaths(self):
-- return self.__logs.keys()
-+ return list(self.__logs.keys())
-
- ##
- # Get the log containers
-@@ -995,7 +995,7 @@ class FileFilter(Filter):
- # @return log containers
-
- def getLogs(self):
-- return self.__logs.values()
-+ return list(self.__logs.values())
-
- ##
- # Get the count of log containers
-@@ -1021,7 +1021,7 @@ class FileFilter(Filter):
-
- def setLogEncoding(self, encoding):
- encoding = super(FileFilter, self).setLogEncoding(encoding)
-- for log in self.__logs.itervalues():
-+ for log in self.__logs.values():
- log.setEncoding(encoding)
-
- def getLog(self, path):
-@@ -1183,7 +1183,7 @@ class FileFilter(Filter):
- """Status of Filter plus files being monitored.
- """
- ret = super(FileFilter, self).status(flavor=flavor)
-- path = self.__logs.keys()
-+ path = list(self.__logs.keys())
- ret.append(("File list", path))
- return ret
-
-@@ -1191,7 +1191,7 @@ class FileFilter(Filter):
- """Stop monitoring of log-file(s)
- """
- # stop files monitoring:
-- for path in self.__logs.keys():
-+ for path in list(self.__logs.keys()):
- self.delLogPath(path)
- # stop thread:
- super(Filter, self).stop()
-diff --git a/fail2ban/server/filterpoll.py b/fail2ban/server/filterpoll.py
-index 228a2c8b..d49315cc 100644
---- a/fail2ban/server/filterpoll.py
-+++ b/fail2ban/server/filterpoll.py
-@@ -176,4 +176,4 @@ class FilterPoll(FileFilter):
- return False
-
- def getPendingPaths(self):
-- return self.__file404Cnt.keys()
-+ return list(self.__file404Cnt.keys())
-diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py
-index ca6b253f..b683b860 100644
---- a/fail2ban/server/filterpyinotify.py
-+++ b/fail2ban/server/filterpyinotify.py
-@@ -158,7 +158,7 @@ class FilterPyinotify(FileFilter):
- except KeyError: pass
-
- def getPendingPaths(self):
-- return self.__pending.keys()
-+ return list(self.__pending.keys())
-
- def _checkPending(self):
- if not self.__pending:
-@@ -168,7 +168,7 @@ class FilterPyinotify(FileFilter):
- return
- found = {}
- minTime = 60
-- for path, (retardTM, isDir) in self.__pending.iteritems():
-+ for path, (retardTM, isDir) in self.__pending.items():
- if ntm - self.__pendingChkTime < retardTM:
- if minTime > retardTM: minTime = retardTM
- continue
-@@ -184,7 +184,7 @@ class FilterPyinotify(FileFilter):
- self.__pendingChkTime = time.time()
- self.__pendingMinTime = minTime
- # process now because we've missed it in monitoring:
-- for path, isDir in found.iteritems():
-+ for path, isDir in found.items():
- self._delPending(path)
- # refresh monitoring of this:
- self._refreshWatcher(path, isDir=isDir)
-diff --git a/fail2ban/server/ipdns.py b/fail2ban/server/ipdns.py
-index 6648dac6..fe8f8db8 100644
---- a/fail2ban/server/ipdns.py
-+++ b/fail2ban/server/ipdns.py
-@@ -275,7 +275,7 @@ class IPAddr(object):
- raise ValueError("invalid ipstr %r, too many plen representation" % (ipstr,))
- if "." in s[1] or ":" in s[1]: # 255.255.255.0 resp. ffff:: style mask
- s[1] = IPAddr.masktoplen(s[1])
-- s[1] = long(s[1])
-+ s[1] = int(s[1])
- return s
-
- def __init(self, ipstr, cidr=CIDR_UNSPEC):
-@@ -309,7 +309,7 @@ class IPAddr(object):
-
- # mask out host portion if prefix length is supplied
- if cidr is not None and cidr >= 0:
-- mask = ~(0xFFFFFFFFL >> cidr)
-+ mask = ~(0xFFFFFFFF >> cidr)
- self._addr &= mask
- self._plen = cidr
-
-@@ -321,13 +321,13 @@ class IPAddr(object):
-
- # mask out host portion if prefix length is supplied
- if cidr is not None and cidr >= 0:
-- mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL >> cidr)
-+ mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> cidr)
- self._addr &= mask
- self._plen = cidr
-
- # if IPv6 address is a IPv4-compatible, make instance a IPv4
- elif self.isInNet(IPAddr.IP6_4COMPAT):
-- self._addr = lo & 0xFFFFFFFFL
-+ self._addr = lo & 0xFFFFFFFF
- self._family = socket.AF_INET
- self._plen = 32
- else:
-@@ -445,7 +445,7 @@ class IPAddr(object):
- elif self.isIPv6:
- # convert network to host byte order
- hi = self._addr >> 64
-- lo = self._addr & 0xFFFFFFFFFFFFFFFFL
-+ lo = self._addr & 0xFFFFFFFFFFFFFFFF
- binary = struct.pack("!QQ", hi, lo)
- if self._plen and self._plen < 128:
- add = "/%d" % self._plen
-@@ -503,9 +503,9 @@ class IPAddr(object):
- if self.family != net.family:
- return False
- if self.isIPv4:
-- mask = ~(0xFFFFFFFFL >> net.plen)
-+ mask = ~(0xFFFFFFFF >> net.plen)
- elif self.isIPv6:
-- mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL >> net.plen)
-+ mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> net.plen)
- else:
- return False
-
-@@ -517,7 +517,7 @@ class IPAddr(object):
- m4 = (1 << 32)-1
- mmap = {m6: 128, m4: 32, 0: 0}
- m = 0
-- for i in xrange(0, 128):
-+ for i in range(0, 128):
- m |= 1 << i
- if i < 32:
- mmap[m ^ m4] = 32-1-i
-diff --git a/fail2ban/server/jail.py b/fail2ban/server/jail.py
-index ce9968a8..5fa5ef10 100644
---- a/fail2ban/server/jail.py
-+++ b/fail2ban/server/jail.py
-@@ -26,7 +26,7 @@ __license__ = "GPL"
- import logging
- import math
- import random
--import Queue
-+import queue
-
- from .actions import Actions
- from ..helpers import getLogger, _as_bool, extractOptions, MyTime
-@@ -76,7 +76,7 @@ class Jail(object):
- "might not function correctly. Please shorten"
- % name)
- self.__name = name
-- self.__queue = Queue.Queue()
-+ self.__queue = queue.Queue()
- self.__filter = None
- # Extra parameters for increase ban time
- self._banExtra = {};
-@@ -127,25 +127,25 @@ class Jail(object):
- "Failed to initialize any backend for Jail %r" % self.name)
-
- def _initPolling(self, **kwargs):
-- from filterpoll import FilterPoll
-+ from .filterpoll import FilterPoll
- logSys.info("Jail '%s' uses poller %r" % (self.name, kwargs))
- self.__filter = FilterPoll(self, **kwargs)
-
- def _initGamin(self, **kwargs):
- # Try to import gamin
-- from filtergamin import FilterGamin
-+ from .filtergamin import FilterGamin
- logSys.info("Jail '%s' uses Gamin %r" % (self.name, kwargs))
- self.__filter = FilterGamin(self, **kwargs)
-
- def _initPyinotify(self, **kwargs):
- # Try to import pyinotify
-- from filterpyinotify import FilterPyinotify
-+ from .filterpyinotify import FilterPyinotify
- logSys.info("Jail '%s' uses pyinotify %r" % (self.name, kwargs))
- self.__filter = FilterPyinotify(self, **kwargs)
-
- def _initSystemd(self, **kwargs): # pragma: systemd no cover
- # Try to import systemd
-- from filtersystemd import FilterSystemd
-+ from .filtersystemd import FilterSystemd
- logSys.info("Jail '%s' uses systemd %r" % (self.name, kwargs))
- self.__filter = FilterSystemd(self, **kwargs)
-
-@@ -213,7 +213,7 @@ class Jail(object):
- try:
- ticket = self.__queue.get(False)
- return ticket
-- except Queue.Empty:
-+ except queue.Empty:
- return False
-
- def setBanTimeExtra(self, opt, value):
-diff --git a/fail2ban/server/mytime.py b/fail2ban/server/mytime.py
-index 98b69bd4..24bba5cf 100644
---- a/fail2ban/server/mytime.py
-+++ b/fail2ban/server/mytime.py
-@@ -162,7 +162,7 @@ class MyTime:
-
- @returns number (calculated seconds from expression "val")
- """
-- if isinstance(val, (int, long, float, complex)):
-+ if isinstance(val, (int, float, complex)):
- return val
- # replace together standing abbreviations, example '1d12h' -> '1d 12h':
- val = MyTime._str2sec_prep.sub(r" \1", val)
-diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py
-index 159f6506..fc948e8c 100644
---- a/fail2ban/server/server.py
-+++ b/fail2ban/server/server.py
-@@ -97,7 +97,7 @@ class Server:
-
- def start(self, sock, pidfile, force=False, observer=True, conf={}):
- # First set the mask to only allow access to owner
-- os.umask(0077)
-+ os.umask(0o077)
- # Second daemonize before logging etc, because it will close all handles:
- if self.__daemon: # pragma: no cover
- logSys.info("Starting in daemon mode")
-@@ -190,7 +190,7 @@ class Server:
-
- # Restore default signal handlers:
- if _thread_name() == '_MainThread':
-- for s, sh in self.__prev_signals.iteritems():
-+ for s, sh in self.__prev_signals.items():
- signal.signal(s, sh)
-
- # Give observer a small chance to complete its work before exit
-@@ -268,10 +268,10 @@ class Server:
- logSys.info("Stopping all jails")
- with self.__lock:
- # 1st stop all jails (signal and stop actions/filter thread):
-- for name in self.__jails.keys():
-+ for name in list(self.__jails.keys()):
- self.delJail(name, stop=True, join=False)
- # 2nd wait for end and delete jails:
-- for name in self.__jails.keys():
-+ for name in list(self.__jails.keys()):
- self.delJail(name, stop=False, join=True)
-
- def reloadJails(self, name, opts, begin):
-@@ -302,7 +302,7 @@ class Server:
- if "--restart" in opts:
- self.stopAllJail()
- # first set all affected jail(s) to idle and reset filter regex and other lists/dicts:
-- for jn, jail in self.__jails.iteritems():
-+ for jn, jail in self.__jails.items():
- if name == '--all' or jn == name:
- jail.idle = True
- self.__reload_state[jn] = jail
-@@ -313,7 +313,7 @@ class Server:
- # end reload, all affected (or new) jails have already all new parameters (via stream) and (re)started:
- with self.__lock:
- deljails = []
-- for jn, jail in self.__jails.iteritems():
-+ for jn, jail in self.__jails.items():
- # still in reload state:
- if jn in self.__reload_state:
- # remove jails that are not reloaded (untouched, so not in new configuration)
-@@ -513,7 +513,7 @@ class Server:
- jails = [self.__jails[name]]
- else:
- # in all jails:
-- jails = self.__jails.values()
-+ jails = list(self.__jails.values())
- # unban given or all (if value is None):
- cnt = 0
- ifexists |= (name is None)
-@@ -551,7 +551,7 @@ class Server:
- def isAlive(self, jailnum=None):
- if jailnum is not None and len(self.__jails) != jailnum:
- return 0
-- for jail in self.__jails.values():
-+ for jail in list(self.__jails.values()):
- if not jail.isAlive():
- return 0
- return 1
-@@ -759,7 +759,7 @@ class Server:
- return "flushed"
-
- def setThreadOptions(self, value):
-- for o, v in value.iteritems():
-+ for o, v in value.items():
- if o == 'stacksize':
- threading.stack_size(int(v)*1024)
- else: # pragma: no cover
-diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
-index 498d284b..a5579fdc 100644
---- a/fail2ban/server/strptime.py
-+++ b/fail2ban/server/strptime.py
-@@ -79,7 +79,7 @@ timeRE['ExY'] = r"(?P<Y>%s\d)" % _getYearCentRE(cent=(0,3), distance=3)
- timeRE['Exy'] = r"(?P<y>%s\d)" % _getYearCentRE(cent=(2,3), distance=3)
-
- def getTimePatternRE():
-- keys = timeRE.keys()
-+ keys = list(timeRE.keys())
- patt = (r"%%(%%|%s|[%s])" % (
- "|".join([k for k in keys if len(k) > 1]),
- "".join([k for k in keys if len(k) == 1]),
-@@ -134,7 +134,7 @@ def zone2offset(tz, dt):
- """
- if isinstance(tz, int):
- return tz
-- if isinstance(tz, basestring):
-+ if isinstance(tz, str):
- return validateTimeZone(tz)
- tz, tzo = tz
- if tzo is None or tzo == '': # without offset
-@@ -171,7 +171,7 @@ def reGroupDictStrptime(found_dict, msec=False, default_tz=None):
- year = month = day = hour = minute = tzoffset = \
- weekday = julian = week_of_year = None
- second = fraction = 0
-- for key, val in found_dict.iteritems():
-+ for key, val in found_dict.items():
- if val is None: continue
- # Directives not explicitly handled below:
- # c, x, X
-diff --git a/fail2ban/server/ticket.py b/fail2ban/server/ticket.py
-index f67e0d23..f0b727c2 100644
---- a/fail2ban/server/ticket.py
-+++ b/fail2ban/server/ticket.py
-@@ -55,7 +55,7 @@ class Ticket(object):
- self._time = time if time is not None else MyTime.time()
- self._data = {'matches': matches or [], 'failures': 0}
- if data is not None:
-- for k,v in data.iteritems():
-+ for k,v in data.items():
- if v is not None:
- self._data[k] = v
- if ticket:
-@@ -89,7 +89,7 @@ class Ticket(object):
-
- def setIP(self, value):
- # guarantee using IPAddr instead of unicode, str for the IP
-- if isinstance(value, basestring):
-+ if isinstance(value, str):
- value = IPAddr(value)
- self._ip = value
-
-@@ -181,7 +181,7 @@ class Ticket(object):
- if len(args) == 1:
- # todo: if support >= 2.7 only:
- # self._data = {k:v for k,v in args[0].iteritems() if v is not None}
-- self._data = dict([(k,v) for k,v in args[0].iteritems() if v is not None])
-+ self._data = dict([(k,v) for k,v in args[0].items() if v is not None])
- # add k,v list or dict (merge):
- elif len(args) == 2:
- self._data.update((args,))
-@@ -192,7 +192,7 @@ class Ticket(object):
- # filter (delete) None values:
- # todo: if support >= 2.7 only:
- # self._data = {k:v for k,v in self._data.iteritems() if v is not None}
-- self._data = dict([(k,v) for k,v in self._data.iteritems() if v is not None])
-+ self._data = dict([(k,v) for k,v in self._data.items() if v is not None])
-
- def getData(self, key=None, default=None):
- # return whole data dict:
-@@ -201,17 +201,17 @@ class Ticket(object):
- # return default if not exists:
- if not self._data:
- return default
-- if not isinstance(key,(str,unicode,type(None),int,float,bool,complex)):
-+ if not isinstance(key,(str,type(None),int,float,bool,complex)):
- # return filtered by lambda/function:
- if callable(key):
- # todo: if support >= 2.7 only:
- # return {k:v for k,v in self._data.iteritems() if key(k)}
-- return dict([(k,v) for k,v in self._data.iteritems() if key(k)])
-+ return dict([(k,v) for k,v in self._data.items() if key(k)])
- # return filtered by keys:
- if hasattr(key, '__iter__'):
- # todo: if support >= 2.7 only:
- # return {k:v for k,v in self._data.iteritems() if k in key}
-- return dict([(k,v) for k,v in self._data.iteritems() if k in key])
-+ return dict([(k,v) for k,v in self._data.items() if k in key])
- # return single value of data:
- return self._data.get(key, default)
-
-diff --git a/fail2ban/server/transmitter.py b/fail2ban/server/transmitter.py
-index f83e9d5f..80726cb4 100644
---- a/fail2ban/server/transmitter.py
-+++ b/fail2ban/server/transmitter.py
-@@ -475,7 +475,7 @@ class Transmitter:
- opt = command[1][len("bantime."):]
- return self.__server.getBanTimeExtra(name, opt)
- elif command[1] == "actions":
-- return self.__server.getActions(name).keys()
-+ return list(self.__server.getActions(name).keys())
- elif command[1] == "action":
- actionname = command[2]
- actionvalue = command[3]
-diff --git a/fail2ban/server/utils.py b/fail2ban/server/utils.py
-index d4461a7d..13c24e76 100644
---- a/fail2ban/server/utils.py
-+++ b/fail2ban/server/utils.py
-@@ -57,7 +57,7 @@ _RETCODE_HINTS = {
-
- # Dictionary to lookup signal name from number
- signame = dict((num, name)
-- for name, num in signal.__dict__.iteritems() if name.startswith("SIG"))
-+ for name, num in signal.__dict__.items() if name.startswith("SIG"))
-
- class Utils():
- """Utilities provide diverse static methods like executes OS shell commands, etc.
-@@ -109,7 +109,7 @@ class Utils():
- break
- else: # pragma: 3.x no cover (dict is in 2.6 only)
- remlst = []
-- for (ck, cv) in cache.iteritems():
-+ for (ck, cv) in cache.items():
- # if expired:
- if cv[1] <= t:
- remlst.append(ck)
-@@ -152,7 +152,7 @@ class Utils():
- if not isinstance(realCmd, list):
- realCmd = [realCmd]
- i = len(realCmd)-1
-- for k, v in varsDict.iteritems():
-+ for k, v in varsDict.items():
- varsStat += "%s=$%s " % (k, i)
- realCmd.append(v)
- i += 1
-diff --git a/fail2ban/tests/action_d/test_badips.py b/fail2ban/tests/action_d/test_badips.py
-index 013c0fdb..3c35e4d7 100644
---- a/fail2ban/tests/action_d/test_badips.py
-+++ b/fail2ban/tests/action_d/test_badips.py
-@@ -32,7 +32,7 @@ from ..utils import LogCaptureTestCase, CONFIG_DIR
- if sys.version_info >= (3, ): # pragma: 2.x no cover
- from urllib.error import HTTPError, URLError
- else: # pragma: 3.x no cover
-- from urllib2 import HTTPError, URLError
-+ from urllib.error import HTTPError, URLError
-
- def skip_if_not_available(f):
- """Helper to decorate tests to skip in case of timeout/http-errors like "502 bad gateway".
-diff --git a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py
-index 1a00c040..ecd09246 100644
---- a/fail2ban/tests/actiontestcase.py
-+++ b/fail2ban/tests/actiontestcase.py
-@@ -244,14 +244,14 @@ class CommandActionTest(LogCaptureTestCase):
- setattr(self.__action, 'ab', "<ac>")
- setattr(self.__action, 'x?family=inet6', "")
- # produce self-referencing properties except:
-- self.assertRaisesRegexp(ValueError, r"properties contain self referencing definitions",
-+ self.assertRaisesRegex(ValueError, r"properties contain self referencing definitions",
- lambda: self.__action.replaceTag("<a><b>",
- self.__action._properties, conditional="family=inet4")
- )
- # remore self-referencing in props:
- delattr(self.__action, 'ac')
- # produce self-referencing query except:
-- self.assertRaisesRegexp(ValueError, r"possible self referencing definitions in query",
-+ self.assertRaisesRegex(ValueError, r"possible self referencing definitions in query",
- lambda: self.__action.replaceTag("<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x>>>>>>>>>>>>>>>>>>>>>",
- self.__action._properties, conditional="family=inet6")
- )
-diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
-index 2c1d0a0e..aa7908c4 100644
---- a/fail2ban/tests/clientreadertestcase.py
-+++ b/fail2ban/tests/clientreadertestcase.py
-@@ -390,7 +390,7 @@ class JailReaderTest(LogCaptureTestCase):
- # And multiple groups (`][` instead of `,`)
- result = extractOptions(option.replace(',', ']['))
- expected2 = (expected[0],
-- dict((k, v.replace(',', '][')) for k, v in expected[1].iteritems())
-+ dict((k, v.replace(',', '][')) for k, v in expected[1].items())
- )
- self.assertEqual(expected2, result)
-
-@@ -975,7 +975,7 @@ filter = testfilter1
- self.assertEqual(add_actions[-1][-1], "{}")
-
- def testLogPathFileFilterBackend(self):
-- self.assertRaisesRegexp(ValueError, r"Have not found any log file for .* jail",
-+ self.assertRaisesRegex(ValueError, r"Have not found any log file for .* jail",
- self._testLogPath, backend='polling')
-
- def testLogPathSystemdBackend(self):
-diff --git a/fail2ban/tests/databasetestcase.py b/fail2ban/tests/databasetestcase.py
-index 9a5e9fa1..562461a6 100644
---- a/fail2ban/tests/databasetestcase.py
-+++ b/fail2ban/tests/databasetestcase.py
-@@ -67,7 +67,7 @@ class DatabaseTest(LogCaptureTestCase):
-
- @property
- def db(self):
-- if isinstance(self._db, basestring) and self._db == ':auto-create-in-memory:':
-+ if isinstance(self._db, str) and self._db == ':auto-create-in-memory:':
- self._db = getFail2BanDb(self.dbFilename)
- return self._db
- @db.setter
-@@ -159,7 +159,7 @@ class DatabaseTest(LogCaptureTestCase):
- self.db = Fail2BanDb(self.dbFilename)
- self.assertEqual(self.db.getJailNames(), set(['DummyJail #29162448 with 0 tickets']))
- self.assertEqual(self.db.getLogPaths(), set(['/tmp/Fail2BanDb_pUlZJh.log']))
-- ticket = FailTicket("127.0.0.1", 1388009242.26, [u"abc\n"])
-+ ticket = FailTicket("127.0.0.1", 1388009242.26, ["abc\n"])
- self.assertEqual(self.db.getBans()[0], ticket)
-
- self.assertEqual(self.db.updateDb(Fail2BanDb.__version__), Fail2BanDb.__version__)
-@@ -185,9 +185,9 @@ class DatabaseTest(LogCaptureTestCase):
- self.assertEqual(len(bans), 2)
- # compare first ticket completely:
- ticket = FailTicket("1.2.3.7", 1417595494, [
-- u'Dec 3 09:31:08 f2btest test:auth[27658]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
-- u'Dec 3 09:31:32 f2btest test:auth[27671]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
-- u'Dec 3 09:31:34 f2btest test:auth[27673]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7'
-+ 'Dec 3 09:31:08 f2btest test:auth[27658]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
-+ 'Dec 3 09:31:32 f2btest test:auth[27671]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
-+ 'Dec 3 09:31:34 f2btest test:auth[27673]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7'
- ])
- ticket.setAttempt(3)
- self.assertEqual(bans[0], ticket)
-@@ -286,11 +286,11 @@ class DatabaseTest(LogCaptureTestCase):
- # invalid + valid, invalid + valid unicode, invalid + valid dual converted (like in filter:readline by fallback) ...
- tickets = [
- FailTicket("127.0.0.1", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
-- FailTicket("127.0.0.2", 0, ['user "test"', u'user "\xd1\xe2\xe5\xf2\xe0"', u'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
-+ FailTicket("127.0.0.2", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
- FailTicket("127.0.0.3", 0, ['user "test"', b'user "\xd1\xe2\xe5\xf2\xe0"', b'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
-- FailTicket("127.0.0.4", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', u'user "\xe4\xf6\xfc\xdf"']),
-+ FailTicket("127.0.0.4", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xe4\xf6\xfc\xdf"']),
- FailTicket("127.0.0.5", 0, ['user "test"', 'unterminated \xcf']),
-- FailTicket("127.0.0.6", 0, ['user "test"', u'unterminated \xcf']),
-+ FailTicket("127.0.0.6", 0, ['user "test"', 'unterminated \xcf']),
- FailTicket("127.0.0.7", 0, ['user "test"', b'unterminated \xcf'])
- ]
- for ticket in tickets:
-diff --git a/fail2ban/tests/datedetectortestcase.py b/fail2ban/tests/datedetectortestcase.py
-index 458f76ef..49ada60d 100644
---- a/fail2ban/tests/datedetectortestcase.py
-+++ b/fail2ban/tests/datedetectortestcase.py
-@@ -279,7 +279,7 @@ class DateDetectorTest(LogCaptureTestCase):
- self.assertEqual(logTime, mu)
- self.assertEqual(logMatch.group(1), '2012/10/11 02:37:17')
- # confuse it with year being at the end
-- for i in xrange(10):
-+ for i in range(10):
- ( logTime, logMatch ) = self.datedetector.getTime('11/10/2012 02:37:17 [error] 18434#0')
- self.assertEqual(logTime, mu)
- self.assertEqual(logMatch.group(1), '11/10/2012 02:37:17')
-@@ -505,7 +505,7 @@ class CustomDateFormatsTest(unittest.TestCase):
- date = dd.getTime(line)
- if matched:
- self.assertTrue(date)
-- if isinstance(matched, basestring):
-+ if isinstance(matched, str):
- self.assertEqual(matched, date[1].group(1))
- else:
- self.assertEqual(matched, date[0])
-@@ -537,7 +537,7 @@ class CustomDateFormatsTest(unittest.TestCase):
- date = dd.getTime(line)
- if matched:
- self.assertTrue(date)
-- if isinstance(matched, basestring): # pragma: no cover
-+ if isinstance(matched, str): # pragma: no cover
- self.assertEqual(matched, date[1].group(1))
- else:
- self.assertEqual(matched, date[0])
-diff --git a/fail2ban/tests/fail2banclienttestcase.py b/fail2ban/tests/fail2banclienttestcase.py
-index 95f73ed3..bba354fa 100644
---- a/fail2ban/tests/fail2banclienttestcase.py
-+++ b/fail2ban/tests/fail2banclienttestcase.py
-@@ -367,10 +367,10 @@ def with_foreground_server_thread(startextra={}):
- # several commands to server in body of decorated function:
- return f(self, tmp, startparams, *args, **kwargs)
- except Exception as e: # pragma: no cover
-- print('=== Catch an exception: %s' % e)
-+ print(('=== Catch an exception: %s' % e))
- log = self.getLog()
- if log:
-- print('=== Error of server, log: ===\n%s===' % log)
-+ print(('=== Error of server, log: ===\n%s===' % log))
- self.pruneLog()
- raise
- finally:
-@@ -440,7 +440,7 @@ class Fail2banClientServerBase(LogCaptureTestCase):
- )
- except: # pragma: no cover
- if _inherited_log(startparams):
-- print('=== Error by wait fot server, log: ===\n%s===' % self.getLog())
-+ print(('=== Error by wait fot server, log: ===\n%s===' % self.getLog()))
- self.pruneLog()
- log = pjoin(tmp, "f2b.log")
- if isfile(log):
-@@ -1610,6 +1610,6 @@ class Fail2banServerTest(Fail2banClientServerBase):
- self.stopAndWaitForServerEnd(SUCCESS)
-
- def testServerStartStop(self):
-- for i in xrange(2000):
-+ for i in range(2000):
- self._testServerStartStop()
-
-diff --git a/fail2ban/tests/failmanagertestcase.py b/fail2ban/tests/failmanagertestcase.py
-index a5425286..2a94cc82 100644
---- a/fail2ban/tests/failmanagertestcase.py
-+++ b/fail2ban/tests/failmanagertestcase.py
-@@ -45,11 +45,11 @@ class AddFailure(unittest.TestCase):
- super(AddFailure, self).tearDown()
-
- def _addDefItems(self):
-- self.__items = [[u'193.168.0.128', 1167605999.0],
-- [u'193.168.0.128', 1167605999.0],
-- [u'193.168.0.128', 1167605999.0],
-- [u'193.168.0.128', 1167605999.0],
-- [u'193.168.0.128', 1167605999.0],
-+ self.__items = [['193.168.0.128', 1167605999.0],
-+ ['193.168.0.128', 1167605999.0],
-+ ['193.168.0.128', 1167605999.0],
-+ ['193.168.0.128', 1167605999.0],
-+ ['193.168.0.128', 1167605999.0],
- ['87.142.124.10', 1167605999.0],
- ['87.142.124.10', 1167605999.0],
- ['87.142.124.10', 1167605999.0],
-diff --git a/fail2ban/tests/files/config/apache-auth/digest.py b/fail2ban/tests/files/config/apache-auth/digest.py
-index 03588594..e2297ab3 100755
---- a/fail2ban/tests/files/config/apache-auth/digest.py
-+++ b/fail2ban/tests/files/config/apache-auth/digest.py
-@@ -41,7 +41,7 @@ def auth(v):
- response="%s"
- """ % ( username, algorithm, realm, url, nonce, qop, response )
- # opaque="%s",
-- print(p.method, p.url, p.headers)
-+ print((p.method, p.url, p.headers))
- s = requests.Session()
- return s.send(p)
-
-@@ -76,18 +76,18 @@ r = auth(v)
-
- # [Sun Jul 28 21:41:20 2013] [error] [client 127.0.0.1] Digest: unknown algorithm `super funky chicken' received: /digest/
-
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- v['algorithm'] = algorithm
-
-
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
-
- nonce = v['nonce']
- v['nonce']=v['nonce'][5:-5]
-
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
-
- # [Sun Jul 28 21:05:31.178340 2013] [auth_digest:error] [pid 24224:tid 139895539455744] [client 127.0.0.1:56906] AH01793: invalid qop `auth' received: /digest/qop_none/
-
-@@ -95,7 +95,7 @@ print(r.status_code,r.headers, r.text)
- v['nonce']=nonce[0:11] + 'ZZZ' + nonce[14:]
-
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
-
- #[Sun Jul 28 21:18:11.769228 2013] [auth_digest:error] [pid 24752:tid 139895505884928] [client 127.0.0.1:56964] AH01776: invalid nonce b9YAiJDiBAZZZ1b1abe02d20063ea3b16b544ea1b0d981c1bafe received - hash is not d42d824dee7aaf50c3ba0a7c6290bd453e3dd35b
-
-@@ -107,7 +107,7 @@ import time
- time.sleep(1)
-
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
-
- # Obtained by putting the following code in modules/aaa/mod_auth_digest.c
- # in the function initialize_secret
-@@ -137,7 +137,7 @@ s = sha.sha(apachesecret)
-
- v=preauth()
-
--print(v['nonce'])
-+print((v['nonce']))
- realm = v['Digest realm'][1:-1]
-
- (t,) = struct.unpack('l',base64.b64decode(v['nonce'][1:13]))
-@@ -156,13 +156,13 @@ print(v)
-
- r = auth(v)
- #[Mon Jul 29 02:12:55.539813 2013] [auth_digest:error] [pid 9647:tid 139895522670336] [client 127.0.0.1:58474] AH01777: invalid nonce 59QJppTiBAA=b08983fd166ade9840407df1b0f75b9e6e07d88d received - user attempted time travel
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
-
- url='/digest_onetime/'
- v=preauth()
-
- # Need opaque header handling in auth
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
-diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
-index 35785a58..8eeb6902 100644
---- a/fail2ban/tests/filtertestcase.py
-+++ b/fail2ban/tests/filtertestcase.py
-@@ -22,7 +22,7 @@
- __copyright__ = "Copyright (c) 2004 Cyril Jaquier; 2012 Yaroslav Halchenko"
- __license__ = "GPL"
-
--from __builtin__ import open as fopen
-+from builtins import open as fopen
- import unittest
- import os
- import re
-@@ -204,7 +204,7 @@ def _copy_lines_between_files(in_, fout, n=None, skip=0, mode='a', terminal_line
- else:
- fin = in_
- # Skip
-- for i in xrange(skip):
-+ for i in range(skip):
- fin.readline()
- # Read
- i = 0
-@@ -244,7 +244,7 @@ def _copy_lines_to_journal(in_, fields={},n=None, skip=0, terminal_line=""): # p
- # Required for filtering
- fields.update(TEST_JOURNAL_FIELDS)
- # Skip
-- for i in xrange(skip):
-+ for i in range(skip):
- fin.readline()
- # Read/Write
- i = 0
-@@ -306,18 +306,18 @@ class BasicFilter(unittest.TestCase):
- def testTest_tm(self):
- unittest.F2B.SkipIfFast()
- ## test function "_tm" works correct (returns the same as slow strftime):
-- for i in xrange(1417512352, (1417512352 // 3600 + 3) * 3600):
-+ for i in range(1417512352, (1417512352 // 3600 + 3) * 3600):
- tm = MyTime.time2str(i)
- if _tm(i) != tm: # pragma: no cover - never reachable
- self.assertEqual((_tm(i), i), (tm, i))
-
- def testWrongCharInTupleLine(self):
- ## line tuple has different types (ascii after ascii / unicode):
-- for a1 in ('', u'', b''):
-- for a2 in ('2016-09-05T20:18:56', u'2016-09-05T20:18:56', b'2016-09-05T20:18:56'):
-+ for a1 in ('', '', b''):
-+ for a2 in ('2016-09-05T20:18:56', '2016-09-05T20:18:56', b'2016-09-05T20:18:56'):
- for a3 in (
- 'Fail for "g\xc3\xb6ran" from 192.0.2.1',
-- u'Fail for "g\xc3\xb6ran" from 192.0.2.1',
-+ 'Fail for "g\xc3\xb6ran" from 192.0.2.1',
- b'Fail for "g\xc3\xb6ran" from 192.0.2.1'
- ):
- # join should work if all arguments have the same type:
-@@ -435,7 +435,7 @@ class IgnoreIP(LogCaptureTestCase):
-
- def testAddAttempt(self):
- self.filter.setMaxRetry(3)
-- for i in xrange(1, 1+3):
-+ for i in range(1, 1+3):
- self.filter.addAttempt('192.0.2.1')
- self.assertLogged('Attempt 192.0.2.1', '192.0.2.1:%d' % i, all=True, wait=True)
- self.jail.actions._Actions__checkBan()
-@@ -472,7 +472,7 @@ class IgnoreIP(LogCaptureTestCase):
- # like both test-cases above, just cached (so once per key)...
- self.filter.ignoreCache = {"key":"<ip>"}
- self.filter.ignoreCommand = 'if [ "<ip>" = "10.0.0.1" ]; then exit 0; fi; exit 1'
-- for i in xrange(5):
-+ for i in range(5):
- self.pruneLog()
- self.assertTrue(self.filter.inIgnoreIPList("10.0.0.1"))
- self.assertFalse(self.filter.inIgnoreIPList("10.0.0.0"))
-@@ -483,7 +483,7 @@ class IgnoreIP(LogCaptureTestCase):
- # by host of IP:
- self.filter.ignoreCache = {"key":"<ip-host>"}
- self.filter.ignoreCommand = 'if [ "<ip-host>" = "test-host" ]; then exit 0; fi; exit 1'
-- for i in xrange(5):
-+ for i in range(5):
- self.pruneLog()
- self.assertTrue(self.filter.inIgnoreIPList(FailTicket("2001:db8::1")))
- self.assertFalse(self.filter.inIgnoreIPList(FailTicket("2001:db8::ffff")))
-@@ -495,7 +495,7 @@ class IgnoreIP(LogCaptureTestCase):
- self.filter.ignoreCache = {"key":"<F-USER>", "max-count":"10", "max-time":"1h"}
- self.assertEqual(self.filter.ignoreCache, ["<F-USER>", 10, 60*60])
- self.filter.ignoreCommand = 'if [ "<F-USER>" = "tester" ]; then exit 0; fi; exit 1'
-- for i in xrange(5):
-+ for i in range(5):
- self.pruneLog()
- self.assertTrue(self.filter.inIgnoreIPList(FailTicket("tester", data={'user': 'tester'})))
- self.assertFalse(self.filter.inIgnoreIPList(FailTicket("root", data={'user': 'root'})))
-@@ -644,7 +644,7 @@ class LogFileFilterPoll(unittest.TestCase):
- fc = FileContainer(fname, self.filter.getLogEncoding())
- fc.open()
- # no time - nothing should be found :
-- for i in xrange(10):
-+ for i in range(10):
- f.write("[sshd] error: PAM: failure len 1\n")
- f.flush()
- fc.setPos(0); self.filter.seekToTime(fc, time)
-@@ -718,14 +718,14 @@ class LogFileFilterPoll(unittest.TestCase):
- # variable length of file (ca 45K or 450K before and hereafter):
- # write lines with smaller as search time:
- t = time - count - 1
-- for i in xrange(count):
-+ for i in range(count):
- f.write("%s [sshd] error: PAM: failure\n" % _tm(t))
- t += 1
- f.flush()
- fc.setPos(0); self.filter.seekToTime(fc, time)
- self.assertEqual(fc.getPos(), 47*count)
- # write lines with exact search time:
-- for i in xrange(10):
-+ for i in range(10):
- f.write("%s [sshd] error: PAM: failure\n" % _tm(time))
- f.flush()
- fc.setPos(0); self.filter.seekToTime(fc, time)
-@@ -734,8 +734,8 @@ class LogFileFilterPoll(unittest.TestCase):
- self.assertEqual(fc.getPos(), 47*count)
- # write lines with greater as search time:
- t = time+1
-- for i in xrange(count//500):
-- for j in xrange(500):
-+ for i in range(count//500):
-+ for j in range(500):
- f.write("%s [sshd] error: PAM: failure\n" % _tm(t))
- t += 1
- f.flush()
-@@ -1488,10 +1488,10 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover
- # Add direct utf, unicode, blob:
- for l in (
- "error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1",
-- u"error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1",
-+ "error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1",
- b"error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1".decode('utf-8', 'replace'),
- "error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2",
-- u"error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2",
-+ "error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2",
- b"error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2".decode('utf-8', 'replace')
- ):
- fields = self.journal_fields
-@@ -1520,7 +1520,7 @@ class GetFailures(LogCaptureTestCase):
-
- # so that they could be reused by other tests
- FAILURES_01 = ('193.168.0.128', 3, 1124013599.0,
-- [u'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128']*3)
-+ ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128']*3)
-
- def setUp(self):
- """Call before every test case."""
-@@ -1595,8 +1595,8 @@ class GetFailures(LogCaptureTestCase):
-
- def testGetFailures02(self):
- output = ('141.3.81.106', 4, 1124013539.0,
-- [u'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2'
-- % m for m in 53, 54, 57, 58])
-+ ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2'
-+ % m for m in (53, 54, 57, 58)])
-
- self.filter.addLogPath(GetFailures.FILENAME_02, autoSeek=0)
- self.filter.addFailRegex(r"Failed .* from <HOST>")
-@@ -1691,17 +1691,17 @@ class GetFailures(LogCaptureTestCase):
- # We should still catch failures with usedns = no ;-)
- output_yes = (
- ('93.184.216.34', 2, 1124013539.0,
-- [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2',
-- u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
-+ ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2',
-+ 'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
- ),
- ('2606:2800:220:1:248:1893:25c8:1946', 1, 1124013299.0,
-- [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
-+ ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
- ),
- )
-
- output_no = (
- ('93.184.216.34', 1, 1124013539.0,
-- [u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
-+ ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
- )
- )
-
-@@ -1807,9 +1807,9 @@ class DNSUtilsTests(unittest.TestCase):
- self.assertTrue(c.get('a') is None)
- self.assertEqual(c.get('a', 'test'), 'test')
- # exact 5 elements :
-- for i in xrange(5):
-+ for i in range(5):
- c.set(i, i)
-- for i in xrange(5):
-+ for i in range(5):
- self.assertEqual(c.get(i), i)
- # remove unavailable key:
- c.unset('a'); c.unset('a')
-@@ -1817,30 +1817,30 @@ class DNSUtilsTests(unittest.TestCase):
- def testCacheMaxSize(self):
- c = Utils.Cache(maxCount=5, maxTime=60)
- # exact 5 elements :
-- for i in xrange(5):
-+ for i in range(5):
- c.set(i, i)
-- self.assertEqual([c.get(i) for i in xrange(5)], [i for i in xrange(5)])
-- self.assertNotIn(-1, (c.get(i, -1) for i in xrange(5)))
-+ self.assertEqual([c.get(i) for i in range(5)], [i for i in range(5)])
-+ self.assertNotIn(-1, (c.get(i, -1) for i in range(5)))
- # add one - too many:
- c.set(10, i)
- # one element should be removed :
-- self.assertIn(-1, (c.get(i, -1) for i in xrange(5)))
-+ self.assertIn(-1, (c.get(i, -1) for i in range(5)))
- # test max size (not expired):
-- for i in xrange(10):
-+ for i in range(10):
- c.set(i, 1)
- self.assertEqual(len(c), 5)
-
- def testCacheMaxTime(self):
- # test max time (expired, timeout reached) :
- c = Utils.Cache(maxCount=5, maxTime=0.0005)
-- for i in xrange(10):
-+ for i in range(10):
- c.set(i, 1)
- st = time.time()
- self.assertTrue(Utils.wait_for(lambda: time.time() >= st + 0.0005, 1))
- # we have still 5 elements (or fewer if too slow test mashine):
- self.assertTrue(len(c) <= 5)
- # but all that are expiered also:
-- for i in xrange(10):
-+ for i in range(10):
- self.assertTrue(c.get(i) is None)
- # here the whole cache should be empty:
- self.assertEqual(len(c), 0)
-@@ -1861,7 +1861,7 @@ class DNSUtilsTests(unittest.TestCase):
- c = count
- while c:
- c -= 1
-- s = xrange(0, 256, 1) if forw else xrange(255, -1, -1)
-+ s = range(0, 256, 1) if forw else range(255, -1, -1)
- if random: shuffle([i for i in s])
- for i in s:
- IPAddr('192.0.2.'+str(i), IPAddr.FAM_IPv4)
-@@ -1983,15 +1983,15 @@ class DNSUtilsNetworkTests(unittest.TestCase):
-
- def testAddr2bin(self):
- res = IPAddr('10.0.0.0')
-- self.assertEqual(res.addr, 167772160L)
-+ self.assertEqual(res.addr, 167772160)
- res = IPAddr('10.0.0.0', cidr=None)
-- self.assertEqual(res.addr, 167772160L)
-- res = IPAddr('10.0.0.0', cidr=32L)
-- self.assertEqual(res.addr, 167772160L)
-- res = IPAddr('10.0.0.1', cidr=32L)
-- self.assertEqual(res.addr, 167772161L)
-- res = IPAddr('10.0.0.1', cidr=31L)
-- self.assertEqual(res.addr, 167772160L)
-+ self.assertEqual(res.addr, 167772160)
-+ res = IPAddr('10.0.0.0', cidr=32)
-+ self.assertEqual(res.addr, 167772160)
-+ res = IPAddr('10.0.0.1', cidr=32)
-+ self.assertEqual(res.addr, 167772161)
-+ res = IPAddr('10.0.0.1', cidr=31)
-+ self.assertEqual(res.addr, 167772160)
-
- self.assertEqual(IPAddr('10.0.0.0').hexdump, '0a000000')
- self.assertEqual(IPAddr('1::2').hexdump, '00010000000000000000000000000002')
-@@ -2067,9 +2067,9 @@ class DNSUtilsNetworkTests(unittest.TestCase):
- '93.184.216.34': 'ip4-test',
- '2606:2800:220:1:248:1893:25c8:1946': 'ip6-test'
- }
-- d2 = dict([(IPAddr(k), v) for k, v in d.iteritems()])
-- self.assertTrue(isinstance(d.keys()[0], basestring))
-- self.assertTrue(isinstance(d2.keys()[0], IPAddr))
-+ d2 = dict([(IPAddr(k), v) for k, v in d.items()])
-+ self.assertTrue(isinstance(list(d.keys())[0], str))
-+ self.assertTrue(isinstance(list(d2.keys())[0], IPAddr))
- self.assertEqual(d.get(ip4[2], ''), 'ip4-test')
- self.assertEqual(d.get(ip6[2], ''), 'ip6-test')
- self.assertEqual(d2.get(str(ip4[2]), ''), 'ip4-test')
-diff --git a/fail2ban/tests/misctestcase.py b/fail2ban/tests/misctestcase.py
-index 9b986f53..94f7a8de 100644
---- a/fail2ban/tests/misctestcase.py
-+++ b/fail2ban/tests/misctestcase.py
-@@ -29,9 +29,9 @@ import tempfile
- import shutil
- import fnmatch
- from glob import glob
--from StringIO import StringIO
-+from io import StringIO
-
--from utils import LogCaptureTestCase, logSys as DefLogSys
-+from .utils import LogCaptureTestCase, logSys as DefLogSys
-
- from ..helpers import formatExceptionInfo, mbasename, TraceBack, FormatterWithTraceBack, getLogger, \
- splitwords, uni_decode, uni_string
-@@ -67,7 +67,7 @@ class HelpersTest(unittest.TestCase):
- self.assertEqual(splitwords(' 1\n 2'), ['1', '2'])
- self.assertEqual(splitwords(' 1\n 2, 3'), ['1', '2', '3'])
- # string as unicode:
-- self.assertEqual(splitwords(u' 1\n 2, 3'), ['1', '2', '3'])
-+ self.assertEqual(splitwords(' 1\n 2, 3'), ['1', '2', '3'])
-
-
- if sys.version_info >= (2,7):
-@@ -197,11 +197,11 @@ class TestsUtilsTest(LogCaptureTestCase):
-
- def testUniConverters(self):
- self.assertRaises(Exception, uni_decode,
-- (b'test' if sys.version_info >= (3,) else u'test'), 'f2b-test::non-existing-encoding')
-- uni_decode((b'test\xcf' if sys.version_info >= (3,) else u'test\xcf'))
-+ (b'test' if sys.version_info >= (3,) else 'test'), 'f2b-test::non-existing-encoding')
-+ uni_decode((b'test\xcf' if sys.version_info >= (3,) else 'test\xcf'))
- uni_string(b'test\xcf')
- uni_string('test\xcf')
-- uni_string(u'test\xcf')
-+ uni_string('test\xcf')
-
- def testSafeLogging(self):
- # logging should be exception-safe, to avoid possible errors (concat, str. conversion, representation failures, etc)
-@@ -213,7 +213,7 @@ class TestsUtilsTest(LogCaptureTestCase):
- if self.err:
- raise Exception('no represenation for test!')
- else:
-- return u'conv-error (\xf2\xf0\xe5\xf2\xe8\xe9), unterminated utf \xcf'
-+ return 'conv-error (\xf2\xf0\xe5\xf2\xe8\xe9), unterminated utf \xcf'
- test = Test()
- logSys.log(logging.NOTICE, "test 1a: %r", test)
- self.assertLogged("Traceback", "no represenation for test!")
-@@ -261,7 +261,7 @@ class TestsUtilsTest(LogCaptureTestCase):
- func_raise()
-
- try:
-- print deep_function(3)
-+ print(deep_function(3))
- except ValueError:
- s = tb()
-
-@@ -278,7 +278,7 @@ class TestsUtilsTest(LogCaptureTestCase):
- self.assertIn(':', s)
-
- def _testAssertionErrorRE(self, regexp, fun, *args, **kwargs):
-- self.assertRaisesRegexp(AssertionError, regexp, fun, *args, **kwargs)
-+ self.assertRaisesRegex(AssertionError, regexp, fun, *args, **kwargs)
-
- def testExtendedAssertRaisesRE(self):
- ## test _testAssertionErrorRE several fail cases:
-@@ -316,13 +316,13 @@ class TestsUtilsTest(LogCaptureTestCase):
- self._testAssertionErrorRE(r"'a' unexpectedly found in 'cba'",
- self.assertNotIn, 'a', 'cba')
- self._testAssertionErrorRE(r"1 unexpectedly found in \[0, 1, 2\]",
-- self.assertNotIn, 1, xrange(3))
-+ self.assertNotIn, 1, range(3))
- self._testAssertionErrorRE(r"'A' unexpectedly found in \['C', 'A'\]",
- self.assertNotIn, 'A', (c.upper() for c in 'cba' if c != 'b'))
- self._testAssertionErrorRE(r"'a' was not found in 'xyz'",
- self.assertIn, 'a', 'xyz')
- self._testAssertionErrorRE(r"5 was not found in \[0, 1, 2\]",
-- self.assertIn, 5, xrange(3))
-+ self.assertIn, 5, range(3))
- self._testAssertionErrorRE(r"'A' was not found in \['C', 'B'\]",
- self.assertIn, 'A', (c.upper() for c in 'cba' if c != 'a'))
- ## assertLogged, assertNotLogged positive case:
-diff --git a/fail2ban/tests/observertestcase.py b/fail2ban/tests/observertestcase.py
-index 8e944454..ed520286 100644
---- a/fail2ban/tests/observertestcase.py
-+++ b/fail2ban/tests/observertestcase.py
-@@ -69,7 +69,7 @@ class BanTimeIncr(LogCaptureTestCase):
- a.setBanTimeExtra('multipliers', multipliers)
- # test algorithm and max time 24 hours :
- self.assertEqual(
-- [a.calcBanTime(600, i) for i in xrange(1, 11)],
-+ [a.calcBanTime(600, i) for i in range(1, 11)],
- [1200, 2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400]
- )
- # with extra large max time (30 days):
-@@ -81,38 +81,38 @@ class BanTimeIncr(LogCaptureTestCase):
- if multcnt < 11:
- arr = arr[0:multcnt-1] + ([arr[multcnt-2]] * (11-multcnt))
- self.assertEqual(
-- [a.calcBanTime(600, i) for i in xrange(1, 11)],
-+ [a.calcBanTime(600, i) for i in range(1, 11)],
- arr
- )
- a.setBanTimeExtra('maxtime', '1d')
- # change factor :
- a.setBanTimeExtra('factor', '2');
- self.assertEqual(
-- [a.calcBanTime(600, i) for i in xrange(1, 11)],
-+ [a.calcBanTime(600, i) for i in range(1, 11)],
- [2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400, 86400]
- )
- # factor is float :
- a.setBanTimeExtra('factor', '1.33');
- self.assertEqual(
-- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+ [int(a.calcBanTime(600, i)) for i in range(1, 11)],
- [1596, 3192, 6384, 12768, 25536, 51072, 86400, 86400, 86400, 86400]
- )
- a.setBanTimeExtra('factor', None);
- # change max time :
- a.setBanTimeExtra('maxtime', '12h')
- self.assertEqual(
-- [a.calcBanTime(600, i) for i in xrange(1, 11)],
-+ [a.calcBanTime(600, i) for i in range(1, 11)],
- [1200, 2400, 4800, 9600, 19200, 38400, 43200, 43200, 43200, 43200]
- )
- a.setBanTimeExtra('maxtime', '24h')
- ## test randomization - not possibe all 10 times we have random = 0:
- a.setBanTimeExtra('rndtime', '5m')
- self.assertTrue(
-- False in [1200 in [a.calcBanTime(600, 1) for i in xrange(10)] for c in xrange(10)]
-+ False in [1200 in [a.calcBanTime(600, 1) for i in range(10)] for c in range(10)]
- )
- a.setBanTimeExtra('rndtime', None)
- self.assertFalse(
-- False in [1200 in [a.calcBanTime(600, 1) for i in xrange(10)] for c in xrange(10)]
-+ False in [1200 in [a.calcBanTime(600, 1) for i in range(10)] for c in range(10)]
- )
- # restore default:
- a.setBanTimeExtra('multipliers', None)
-@@ -124,7 +124,7 @@ class BanTimeIncr(LogCaptureTestCase):
- # this multipliers has the same values as default formula, we test stop growing after count 9:
- self.testDefault('1 2 4 8 16 32 64 128 256')
- # this multipliers has exactly the same values as default formula, test endless growing (stops by count 31 only):
-- self.testDefault(' '.join([str(1<<i) for i in xrange(31)]))
-+ self.testDefault(' '.join([str(1<<i) for i in range(31)]))
-
- def testFormula(self):
- a = self.__jail;
-@@ -136,38 +136,38 @@ class BanTimeIncr(LogCaptureTestCase):
- a.setBanTimeExtra('multipliers', None)
- # test algorithm and max time 24 hours :
- self.assertEqual(
-- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+ [int(a.calcBanTime(600, i)) for i in range(1, 11)],
- [1200, 2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400]
- )
- # with extra large max time (30 days):
- a.setBanTimeExtra('maxtime', '30d')
- self.assertEqual(
-- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+ [int(a.calcBanTime(600, i)) for i in range(1, 11)],
- [1200, 2400, 4800, 9600, 19200, 38400, 76800, 153601, 307203, 614407]
- )
- a.setBanTimeExtra('maxtime', '24h')
- # change factor :
- a.setBanTimeExtra('factor', '1');
- self.assertEqual(
-- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+ [int(a.calcBanTime(600, i)) for i in range(1, 11)],
- [1630, 4433, 12051, 32758, 86400, 86400, 86400, 86400, 86400, 86400]
- )
- a.setBanTimeExtra('factor', '2.0 / 2.885385')
- # change max time :
- a.setBanTimeExtra('maxtime', '12h')
- self.assertEqual(
-- [int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+ [int(a.calcBanTime(600, i)) for i in range(1, 11)],
- [1200, 2400, 4800, 9600, 19200, 38400, 43200, 43200, 43200, 43200]
- )
- a.setBanTimeExtra('maxtime', '24h')
- ## test randomization - not possibe all 10 times we have random = 0:
- a.setBanTimeExtra('rndtime', '5m')
- self.assertTrue(
-- False in [1200 in [int(a.calcBanTime(600, 1)) for i in xrange(10)] for c in xrange(10)]
-+ False in [1200 in [int(a.calcBanTime(600, 1)) for i in range(10)] for c in range(10)]
- )
- a.setBanTimeExtra('rndtime', None)
- self.assertFalse(
-- False in [1200 in [int(a.calcBanTime(600, 1)) for i in xrange(10)] for c in xrange(10)]
-+ False in [1200 in [int(a.calcBanTime(600, 1)) for i in range(10)] for c in range(10)]
- )
- # restore default:
- a.setBanTimeExtra('factor', None);
-@@ -230,7 +230,7 @@ class BanTimeIncrDB(LogCaptureTestCase):
- ticket = FailTicket(ip, stime, [])
- # test ticket not yet found
- self.assertEqual(
-- [self.incrBanTime(ticket, 10) for i in xrange(3)],
-+ [self.incrBanTime(ticket, 10) for i in range(3)],
- [10, 10, 10]
- )
- # add a ticket banned
-@@ -285,7 +285,7 @@ class BanTimeIncrDB(LogCaptureTestCase):
- )
- # increase ban multiple times:
- lastBanTime = 20
-- for i in xrange(10):
-+ for i in range(10):
- ticket.setTime(stime + lastBanTime + 5)
- banTime = self.incrBanTime(ticket, 10)
- self.assertEqual(banTime, lastBanTime * 2)
-@@ -481,7 +481,7 @@ class BanTimeIncrDB(LogCaptureTestCase):
- ticket = FailTicket(ip, stime-120, [])
- failManager = FailManager()
- failManager.setMaxRetry(3)
-- for i in xrange(3):
-+ for i in range(3):
- failManager.addFailure(ticket)
- obs.add('failureFound', failManager, jail, ticket)
- obs.wait_empty(5)
-diff --git a/fail2ban/tests/samplestestcase.py b/fail2ban/tests/samplestestcase.py
-index 0bbd05f5..479b564a 100644
---- a/fail2ban/tests/samplestestcase.py
-+++ b/fail2ban/tests/samplestestcase.py
-@@ -138,7 +138,7 @@ class FilterSamplesRegex(unittest.TestCase):
-
- @staticmethod
- def _filterOptions(opts):
-- return dict((k, v) for k, v in opts.iteritems() if not k.startswith('test.'))
-+ return dict((k, v) for k, v in opts.items() if not k.startswith('test.'))
-
- def testSampleRegexsFactory(name, basedir):
- def testFilter(self):
-@@ -249,10 +249,10 @@ def testSampleRegexsFactory(name, basedir):
- self.assertTrue(faildata.get('match', False),
- "Line matched when shouldn't have")
- self.assertEqual(len(ret), 1,
-- "Multiple regexs matched %r" % (map(lambda x: x[0], ret)))
-+ "Multiple regexs matched %r" % ([x[0] for x in ret]))
-
- # Verify match captures (at least fid/host) and timestamp as expected
-- for k, v in faildata.iteritems():
-+ for k, v in faildata.items():
- if k not in ("time", "match", "desc", "filter"):
- fv = fail.get(k, None)
- if fv is None:
-@@ -294,7 +294,7 @@ def testSampleRegexsFactory(name, basedir):
- '\n'.join(pprint.pformat(fail).splitlines())))
-
- # check missing samples for regex using each filter-options combination:
-- for fltName, flt in self._filters.iteritems():
-+ for fltName, flt in self._filters.items():
- flt, regexsUsedIdx = flt
- regexList = flt.getFailRegex()
- for failRegexIndex, failRegex in enumerate(regexList):
-diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
-index 55e72455..7925ab1e 100644
---- a/fail2ban/tests/servertestcase.py
-+++ b/fail2ban/tests/servertestcase.py
-@@ -124,14 +124,14 @@ class TransmitterBase(LogCaptureTestCase):
- self.transm.proceed(["get", jail, cmd]), (0, []))
- for n, value in enumerate(values):
- ret = self.transm.proceed(["set", jail, cmdAdd, value])
-- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[:n+1])), level=2)
-+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[:n+1]))), level=2)
- ret = self.transm.proceed(["get", jail, cmd])
-- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[:n+1])), level=2)
-+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[:n+1]))), level=2)
- for n, value in enumerate(values):
- ret = self.transm.proceed(["set", jail, cmdDel, value])
-- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[n+1:])), level=2)
-+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[n+1:]))), level=2)
- ret = self.transm.proceed(["get", jail, cmd])
-- self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[n+1:])), level=2)
-+ self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[n+1:]))), level=2)
-
- def jailAddDelRegexTest(self, cmd, inValues, outValues, jail):
- cmdAdd = "add" + cmd
-@@ -930,7 +930,7 @@ class TransmitterLogging(TransmitterBase):
-
- def testLogTarget(self):
- logTargets = []
-- for _ in xrange(3):
-+ for _ in range(3):
- tmpFile = tempfile.mkstemp("fail2ban", "transmitter")
- logTargets.append(tmpFile[1])
- os.close(tmpFile[0])
-@@ -1003,26 +1003,26 @@ class TransmitterLogging(TransmitterBase):
- self.assertEqual(self.transm.proceed(["flushlogs"]), (0, "rolled over"))
- l.warning("After flushlogs")
- with open(fn2,'r') as f:
-- line1 = f.next()
-+ line1 = next(f)
- if line1.find('Changed logging target to') >= 0:
-- line1 = f.next()
-+ line1 = next(f)
- self.assertTrue(line1.endswith("Before file moved\n"))
-- line2 = f.next()
-+ line2 = next(f)
- self.assertTrue(line2.endswith("After file moved\n"))
- try:
-- n = f.next()
-+ n = next(f)
- if n.find("Command: ['flushlogs']") >=0:
-- self.assertRaises(StopIteration, f.next)
-+ self.assertRaises(StopIteration, f.__next__)
- else:
- self.fail("Exception StopIteration or Command: ['flushlogs'] expected. Got: %s" % n)
- except StopIteration:
- pass # on higher debugging levels this is expected
- with open(fn,'r') as f:
-- line1 = f.next()
-+ line1 = next(f)
- if line1.find('rollover performed on') >= 0:
-- line1 = f.next()
-+ line1 = next(f)
- self.assertTrue(line1.endswith("After flushlogs\n"))
-- self.assertRaises(StopIteration, f.next)
-+ self.assertRaises(StopIteration, f.__next__)
- f.close()
- finally:
- os.remove(fn2)
-@@ -1185,7 +1185,7 @@ class LoggingTests(LogCaptureTestCase):
- os.remove(f)
-
-
--from clientreadertestcase import ActionReader, JailsReader, CONFIG_DIR
-+from .clientreadertestcase import ActionReader, JailsReader, CONFIG_DIR
-
- class ServerConfigReaderTests(LogCaptureTestCase):
-
-diff --git a/fail2ban/tests/sockettestcase.py b/fail2ban/tests/sockettestcase.py
-index 69bf8d8b..60f49e57 100644
---- a/fail2ban/tests/sockettestcase.py
-+++ b/fail2ban/tests/sockettestcase.py
-@@ -153,7 +153,7 @@ class Socket(LogCaptureTestCase):
- org_handler = RequestHandler.found_terminator
- try:
- RequestHandler.found_terminator = lambda self: self.close()
-- self.assertRaisesRegexp(RuntimeError, r"socket connection broken",
-+ self.assertRaisesRegex(RuntimeError, r"socket connection broken",
- lambda: client.send(testMessage, timeout=unittest.F2B.maxWaitTime(10)))
- finally:
- RequestHandler.found_terminator = org_handler
-diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
-index fcfddba7..cb234e0d 100644
---- a/fail2ban/tests/utils.py
-+++ b/fail2ban/tests/utils.py
-@@ -35,7 +35,7 @@ import time
- import threading
- import unittest
-
--from cStringIO import StringIO
-+from io import StringIO
- from functools import wraps
-
- from ..helpers import getLogger, str2LogLevel, getVerbosityFormat, uni_decode
-@@ -174,8 +174,8 @@ def initProcess(opts):
-
- # Let know the version
- if opts.verbosity != 0:
-- print("Fail2ban %s test suite. Python %s. Please wait..." \
-- % (version, str(sys.version).replace('\n', '')))
-+ print(("Fail2ban %s test suite. Python %s. Please wait..." \
-+ % (version, str(sys.version).replace('\n', ''))))
-
- return opts;
-
-@@ -322,7 +322,7 @@ def initTests(opts):
- c = DNSUtils.CACHE_ipToName
- # increase max count and max time (too many entries, long time testing):
- c.setOptions(maxCount=10000, maxTime=5*60)
-- for i in xrange(256):
-+ for i in range(256):
- c.set('192.0.2.%s' % i, None)
- c.set('198.51.100.%s' % i, None)
- c.set('203.0.113.%s' % i, None)
-@@ -541,8 +541,8 @@ def gatherTests(regexps=None, opts=None):
- import difflib, pprint
- if not hasattr(unittest.TestCase, 'assertDictEqual'):
- def assertDictEqual(self, d1, d2, msg=None):
-- self.assert_(isinstance(d1, dict), 'First argument is not a dictionary')
-- self.assert_(isinstance(d2, dict), 'Second argument is not a dictionary')
-+ self.assertTrue(isinstance(d1, dict), 'First argument is not a dictionary')
-+ self.assertTrue(isinstance(d2, dict), 'Second argument is not a dictionary')
- if d1 != d2:
- standardMsg = '%r != %r' % (d1, d2)
- diff = ('\n' + '\n'.join(difflib.ndiff(
-@@ -560,7 +560,7 @@ def assertSortedEqual(self, a, b, level=1, nestedOnly=True, key=repr, msg=None):
- # used to recognize having element as nested dict, list or tuple:
- def _is_nested(v):
- if isinstance(v, dict):
-- return any(isinstance(v, (dict, list, tuple)) for v in v.itervalues())
-+ return any(isinstance(v, (dict, list, tuple)) for v in v.values())
- return any(isinstance(v, (dict, list, tuple)) for v in v)
- # level comparison routine:
- def _assertSortedEqual(a, b, level, nestedOnly, key):
-@@ -573,7 +573,7 @@ def assertSortedEqual(self, a, b, level=1, nestedOnly=True, key=repr, msg=None):
- return
- raise ValueError('%r != %r' % (a, b))
- if isinstance(a, dict) and isinstance(b, dict): # compare dict's:
-- for k, v1 in a.iteritems():
-+ for k, v1 in a.items():
- v2 = b[k]
- if isinstance(v1, (dict, list, tuple)) and isinstance(v2, (dict, list, tuple)):
- _assertSortedEqual(v1, v2, level-1 if level != 0 else 0, nestedOnly, key)
-@@ -608,14 +608,14 @@ if not hasattr(unittest.TestCase, 'assertRaisesRegexp'):
- self.fail('\"%s\" does not match \"%s\"' % (regexp, e))
- else:
- self.fail('%s not raised' % getattr(exccls, '__name__'))
-- unittest.TestCase.assertRaisesRegexp = assertRaisesRegexp
-+ unittest.TestCase.assertRaisesRegex = assertRaisesRegexp
-
- # always custom following methods, because we use atm better version of both (support generators)
- if True: ## if not hasattr(unittest.TestCase, 'assertIn'):
- def assertIn(self, a, b, msg=None):
- bb = b
- wrap = False
-- if msg is None and hasattr(b, '__iter__') and not isinstance(b, basestring):
-+ if msg is None and hasattr(b, '__iter__') and not isinstance(b, str):
- b, bb = itertools.tee(b)
- wrap = True
- if a not in b:
-@@ -626,7 +626,7 @@ if True: ## if not hasattr(unittest.TestCase, 'assertIn'):
- def assertNotIn(self, a, b, msg=None):
- bb = b
- wrap = False
-- if msg is None and hasattr(b, '__iter__') and not isinstance(b, basestring):
-+ if msg is None and hasattr(b, '__iter__') and not isinstance(b, str):
- b, bb = itertools.tee(b)
- wrap = True
- if a in b:
-diff --git a/setup.py b/setup.py
-deleted file mode 100755
-index ce1eedf6..00000000
---- a/setup.py
-+++ /dev/null
-@@ -1,326 +0,0 @@
--#!/usr/bin/env python
--# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
--# vi: set ft=python sts=4 ts=4 sw=4 noet :
--
--# This file is part of Fail2Ban.
--#
--# Fail2Ban is free software; you can redistribute it and/or modify
--# it under the terms of the GNU General Public License as published by
--# the Free Software Foundation; either version 2 of the License, or
--# (at your option) any later version.
--#
--# Fail2Ban is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with Fail2Ban; if not, write to the Free Software
--# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
--
--__author__ = "Cyril Jaquier, Steven Hiscocks, Yaroslav Halchenko"
--__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2008-2016 Fail2Ban Contributors"
--__license__ = "GPL"
--
--import platform
--
--try:
-- import setuptools
-- from setuptools import setup
-- from setuptools.command.install import install
-- from setuptools.command.install_scripts import install_scripts
--except ImportError:
-- setuptools = None
-- from distutils.core import setup
--
--# all versions
--from distutils.command.build_py import build_py
--from distutils.command.build_scripts import build_scripts
--if setuptools is None:
-- from distutils.command.install import install
-- from distutils.command.install_scripts import install_scripts
--try:
-- # python 3.x
-- from distutils.command.build_py import build_py_2to3
-- from distutils.command.build_scripts import build_scripts_2to3
-- _2to3 = True
--except ImportError:
-- # python 2.x
-- _2to3 = False
--
--import os
--from os.path import isfile, join, isdir, realpath
--import re
--import sys
--import warnings
--from glob import glob
--
--from fail2ban.setup import updatePyExec
--
--
--source_dir = os.path.realpath(os.path.dirname(
-- # __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
-- sys.argv[0] if os.path.basename(sys.argv[0]) == 'setup.py' else __file__
--))
--
--# Wrapper to install python binding (to current python version):
--class install_scripts_f2b(install_scripts):
--
-- def get_outputs(self):
-- outputs = install_scripts.get_outputs(self)
-- # setup.py --dry-run install:
-- dry_run = not outputs
-- self.update_scripts(dry_run)
-- if dry_run:
-- #bindir = self.install_dir
-- bindir = self.build_dir
-- print('creating fail2ban-python binding -> %s (dry-run, real path can be different)' % (bindir,))
-- print('Copying content of %s to %s' % (self.build_dir, self.install_dir));
-- return outputs
-- fn = None
-- for fn in outputs:
-- if os.path.basename(fn) == 'fail2ban-server':
-- break
-- bindir = os.path.dirname(fn)
-- print('creating fail2ban-python binding -> %s' % (bindir,))
-- updatePyExec(bindir)
-- return outputs
--
-- def update_scripts(self, dry_run=False):
-- buildroot = os.path.dirname(self.build_dir)
-- install_dir = self.install_dir
-- try:
-- # remove root-base from install scripts path:
-- root = self.distribution.command_options['install']['root'][1]
-- if install_dir.startswith(root):
-- install_dir = install_dir[len(root):]
-- except: # pragma: no cover
-- print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".')
-- print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir))
-- with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn:
-- lines = fn.readlines()
-- fn = None
-- if not dry_run:
-- fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w')
-- try:
-- for ln in lines:
-- ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
-- if dry_run:
-- sys.stdout.write(' | ' + ln)
-- continue
-- fn.write(ln)
-- finally:
-- if fn: fn.close()
-- if dry_run:
-- print(' `')
--
--
--# Wrapper to specify fail2ban own options:
--class install_command_f2b(install):
-- user_options = install.user_options + [
-- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
-- ('without-tests', None, 'without tests files installation'),
-- ]
-- def initialize_options(self):
-- self.disable_2to3 = None
-- self.without_tests = None
-- install.initialize_options(self)
-- def finalize_options(self):
-- global _2to3
-- ## in the test cases 2to3 should be already done (fail2ban-2to3):
-- if self.disable_2to3:
-- _2to3 = False
-- if _2to3:
-- cmdclass = self.distribution.cmdclass
-- cmdclass['build_py'] = build_py_2to3
-- cmdclass['build_scripts'] = build_scripts_2to3
-- if self.without_tests:
-- self.distribution.scripts.remove('bin/fail2ban-testcases')
--
-- self.distribution.packages.remove('fail2ban.tests')
-- self.distribution.packages.remove('fail2ban.tests.action_d')
--
-- del self.distribution.package_data['fail2ban.tests']
-- install.finalize_options(self)
-- def run(self):
-- install.run(self)
--
--
--# Update fail2ban-python env to current python version (where f2b-modules located/installed)
--updatePyExec(os.path.join(source_dir, 'bin'))
--
--if setuptools and "test" in sys.argv:
-- import logging
-- logSys = logging.getLogger("fail2ban")
-- hdlr = logging.StreamHandler(sys.stdout)
-- fmt = logging.Formatter("%(asctime)-15s %(message)s")
-- hdlr.setFormatter(fmt)
-- logSys.addHandler(hdlr)
-- if set(["-q", "--quiet"]) & set(sys.argv):
-- logSys.setLevel(logging.CRITICAL)
-- warnings.simplefilter("ignore")
-- sys.warnoptions.append("ignore")
-- elif set(["-v", "--verbose"]) & set(sys.argv):
-- logSys.setLevel(logging.DEBUG)
-- else:
-- logSys.setLevel(logging.INFO)
--elif "test" in sys.argv:
-- print("python distribute required to execute fail2ban tests")
-- print("")
--
--longdesc = '''
--Fail2Ban scans log files like /var/log/pwdfail or
--/var/log/apache/error_log and bans IP that makes
--too many password failures. It updates firewall rules
--to reject the IP address or executes user defined
--commands.'''
--
--if setuptools:
-- setup_extra = {
-- 'test_suite': "fail2ban.tests.utils.gatherTests",
-- 'use_2to3': True,
-- }
--else:
-- setup_extra = {}
--
--data_files_extra = []
--if os.path.exists('/var/run'):
-- # if we are on the system with /var/run -- we are to use it for having fail2ban/
-- # directory there for socket file etc.
-- # realpath is used to possibly resolve /var/run -> /run symlink
-- data_files_extra += [(realpath('/var/run/fail2ban'), '')]
--
--# Installing documentation files only under Linux or other GNU/ systems
--# (e.g. GNU/kFreeBSD), since others might have protective mechanisms forbidding
--# installation there (see e.g. #1233)
--platform_system = platform.system().lower()
--doc_files = ['README.md', 'DEVELOP', 'FILTERS', 'doc/run-rootless.txt']
--if platform_system in ('solaris', 'sunos'):
-- doc_files.append('README.Solaris')
--if platform_system in ('linux', 'solaris', 'sunos') or platform_system.startswith('gnu'):
-- data_files_extra.append(
-- ('/usr/share/doc/fail2ban', doc_files)
-- )
--
--# Get version number, avoiding importing fail2ban.
--# This is due to tests not functioning for python3 as 2to3 takes place later
--exec(open(join("fail2ban", "version.py")).read())
--
--setup(
-- name = "fail2ban",
-- version = version,
-- description = "Ban IPs that make too many password failures",
-- long_description = longdesc,
-- author = "Cyril Jaquier & Fail2Ban Contributors",
-- author_email = "cyril.jaquier@fail2ban.org",
-- url = "http://www.fail2ban.org",
-- license = "GPL",
-- platforms = "Posix",
-- cmdclass = {
-- 'build_py': build_py, 'build_scripts': build_scripts,
-- 'install_scripts': install_scripts_f2b, 'install': install_command_f2b
-- },
-- scripts = [
-- 'bin/fail2ban-client',
-- 'bin/fail2ban-server',
-- 'bin/fail2ban-regex',
-- 'bin/fail2ban-testcases',
-- # 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper
-- ],
-- packages = [
-- 'fail2ban',
-- 'fail2ban.client',
-- 'fail2ban.server',
-- 'fail2ban.tests',
-- 'fail2ban.tests.action_d',
-- ],
-- package_data = {
-- 'fail2ban.tests':
-- [ join(w[0], f).replace("fail2ban/tests/", "", 1)
-- for w in os.walk('fail2ban/tests/files')
-- for f in w[2]] +
-- [ join(w[0], f).replace("fail2ban/tests/", "", 1)
-- for w in os.walk('fail2ban/tests/config')
-- for f in w[2]] +
-- [ join(w[0], f).replace("fail2ban/tests/", "", 1)
-- for w in os.walk('fail2ban/tests/action_d')
-- for f in w[2]]
-- },
-- data_files = [
-- ('/etc/fail2ban',
-- glob("config/*.conf")
-- ),
-- ('/etc/fail2ban/filter.d',
-- glob("config/filter.d/*.conf")
-- ),
-- ('/etc/fail2ban/filter.d/ignorecommands',
-- [p for p in glob("config/filter.d/ignorecommands/*") if isfile(p)]
-- ),
-- ('/etc/fail2ban/action.d',
-- glob("config/action.d/*.conf") +
-- glob("config/action.d/*.py")
-- ),
-- ('/etc/fail2ban/fail2ban.d',
-- ''
-- ),
-- ('/etc/fail2ban/jail.d',
-- ''
-- ),
-- ('/var/lib/fail2ban',
-- ''
-- ),
-- ] + data_files_extra,
-- **setup_extra
--)
--
--# Do some checks after installation
--# Search for obsolete files.
--obsoleteFiles = []
--elements = {
-- "/etc/":
-- [
-- "fail2ban.conf"
-- ],
-- "/usr/bin/":
-- [
-- "fail2ban.py"
-- ],
-- "/usr/lib/fail2ban/":
-- [
-- "version.py",
-- "protocol.py"
-- ]
--}
--
--for directory in elements:
-- for f in elements[directory]:
-- path = join(directory, f)
-- if isfile(path):
-- obsoleteFiles.append(path)
--
--if obsoleteFiles:
-- print("")
-- print("Obsolete files from previous Fail2Ban versions were found on "
-- "your system.")
-- print("Please delete them:")
-- print("")
-- for f in obsoleteFiles:
-- print("\t" + f)
-- print("")
--
--if isdir("/usr/lib/fail2ban"):
-- print("")
-- print("Fail2ban is not installed under /usr/lib anymore. The new "
-- "location is under /usr/share. Please remove the directory "
-- "/usr/lib/fail2ban and everything under this directory.")
-- print("")
--
--# Update config file
--if sys.argv[1] == "install":
-- print("")
-- print("Please do not forget to update your configuration files.")
-- print("They are in \"/etc/fail2ban/\".")
-- print("")
-- print("You can also install systemd service-unit file from \"build/fail2ban.service\"")
-- print("resp. corresponding init script from \"files/*-initd\".")
-- print("")
---
-2.17.1
-
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
similarity index 90%
rename from meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb
rename to meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index e737f50..6767d80 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -9,12 +9,11 @@
LICENSE = "GPL-2.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
-SRCREV ="3befbb177017957869425c81a560edb8e27db75a"
+SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46"
SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
file://initd \
file://fail2ban_setup.py \
file://run-ptest \
- file://0001-python3-fail2ban-2-3-conversion.patch \
"
inherit update-rc.d ptest setuptools3
@@ -23,6 +22,8 @@
do_compile_prepend () {
cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py
+ cd ${S}
+ ./fail2ban-2to3
}
do_install_append () {
@@ -35,7 +36,7 @@
do_install_ptest_append () {
install -d ${D}${PTEST_PATH}
sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
- install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH}
+ install -D ${S}/fail2ban-testcases-all-python3 ${D}${PTEST_PATH}
}
FILES_${PN} += "/run"
diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
similarity index 94%
rename from meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
rename to meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 8847a0f..440b4e3 100644
--- a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
+++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -9,7 +9,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRCREV = "142326810eb19d6794793db6d24d0775a15aa8e5"
+SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
SRC_URI = "git://github.com/google/fscryptctl.git"
S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb b/meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb
similarity index 71%
rename from meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb
rename to meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb
index 9db66e8..6046fa0 100644
--- a/meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb
+++ b/meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb
@@ -9,5 +9,4 @@
inherit autotools pkgconfig
-SRC_URI[md5sum] = "786f2880d30136a61df02e5d740ddc6e"
-SRC_URI[sha256sum] = "dab937537a05d7a7cbe605fdb9b3809080d67b124ac97eb321255b35f5b172fd"
+SRC_URI[sha256sum] = "a319a327deb81f2dfab9ce4a4926e80e1dac5dcfc89f4c7e548cec2645af27c1"
diff --git a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch b/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
deleted file mode 100644
index 7d17a03..0000000
--- a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Backport patch to fix cross compile error for mips:
-
-| syscalls.h:44:6: error: expected identifier or '(' before numeric constant
-| 44 | int mips;
-| | ^~~~
-
-Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/279/commits/04c519e5]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 04c519e5b1de53592e98307813e5c6db7418f91b Mon Sep 17 00:00:00 2001
-From: Paul Moore <paul@paul-moore.com>
-Date: Sun, 2 Aug 2020 09:57:39 -0400
-Subject: [PATCH] build: undefine "mips" to prevent build problems for MIPS
- targets
-
-It turns out that the MIPS GCC compiler defines a "mips" cpp macro
-which was resulting in build failures on MIPS so we need to
-undefine the "mips" macro during build. As this should be safe
-to do in all architectures, just add it to the compiler flags by
-default.
-
-This was reported in the following GH issue:
-* https://github.com/seccomp/libseccomp/issues/274
-
-Reported-by: Rongwei Zhang <pudh4418@gmail.com>
-Suggested-by: Rongwei Zhang <pudh4418@gmail.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
----
- configure.ac | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 40d9dcbb..3e877348 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -65,9 +65,11 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
-
- dnl ####
- dnl build flags
-+dnl NOTE: the '-Umips' is here because MIPS GCC compilers "helpfully" define it
-+dnl for us which wreaks havoc on the build
- dnl ####
- AM_CPPFLAGS="-I\${top_srcdir}/include -I\${top_builddir}/include"
--AM_CFLAGS="-Wall"
-+AM_CFLAGS="-Wall -Umips"
- AM_LDFLAGS="-Wl,-z -Wl,relro"
- AC_SUBST([AM_CPPFLAGS])
- AC_SUBST([AM_CFLAGS])
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
similarity index 92%
rename from meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
rename to meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
index 0cf2d70..40ac1a8 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
@@ -6,12 +6,11 @@
DEPENDS += "gperf-native"
-SRCREV = "f13f58efc690493fe7aa69f54cb52a118f3769c1"
+SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
file://run-ptest \
- file://fix-mips-build-failure.patch \
-"
+ "
COMPATIBLE_HOST_riscv32 = "null"
diff --git a/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb
similarity index 96%
rename from meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb
rename to meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb
index eb6b7eb..fb84411 100644
--- a/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb
+++ b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb
@@ -6,7 +6,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
PYPI_PACKAGE = "privacyIDEA"
-SRC_URI[sha256sum] = "55fbdd0fdc8957f7fc5b8900453fd9dc294860bae218e53e7fe394d93f982518"
+SRC_URI[sha256sum] = "c10f8e9ec681af4cb42fde70864c2b9a4b47e2bcccfc1290f83c1283748772c6"
inherit pypi setuptools3
diff --git a/meta-security/recipes-security/nikto/nikto_2.1.6.bb b/meta-security/recipes-security/nikto/nikto_2.1.6.bb
index 2d2c46c..615cc30 100644
--- a/meta-security/recipes-security/nikto/nikto_2.1.6.bb
+++ b/meta-security/recipes-security/nikto/nikto_2.1.6.bb
@@ -4,7 +4,7 @@
HOMEPAGE = "https://cirt.net/Nikto2"
LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
SRC_URI = "git://github.com/sullo/nikto.git \
diff --git a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch b/meta-security/recipes-security/opendnssec/files/fix_fprint.patch
deleted file mode 100644
index da0bcfe..0000000
--- a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-format not a string literal and no format arguments
-
-missing module_str in call
-
-Upstream-Status: Pending
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security]
-| 192 | ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
-| | ^~~~~~~~~~~~~~~~~~~~~~~~
-
-
-Index: git/enforcer/src/keystate/keystate_ds.c
-===================================================================
---- git.orig/enforcer/src/keystate/keystate_ds.c
-+++ git/enforcer/src/keystate/keystate_ds.c
-@@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw
- status = 0;
- }
- else {
-- ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
-+ ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds);
- status = 7;
- }
- }
diff --git a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
index 126e197..31d7252 100644
--- a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
+++ b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
@@ -4,14 +4,29 @@
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-Index: opendnssec-2.1.6/m4/acx_ldns.m4
+Index: opendnssec-2.1.8/configure.ac
===================================================================
---- opendnssec-2.1.6.orig/m4/acx_ldns.m4
-+++ opendnssec-2.1.6/m4/acx_ldns.m4
-@@ -1,128 +1,65 @@
+--- opendnssec-2.1.8.orig/configure.ac
++++ opendnssec-2.1.8/configure.ac
+@@ -133,9 +133,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
+
+ # common dependencies
+ ACX_LIBXML2
+-ACX_LDNS(1,6,17)
+-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
+-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
++ACX_LDNS(1.6.17)
+ ACX_PKCS11_MODULES
+ ACX_RT
+ ACX_LIBC
+Index: opendnssec-2.1.8/m4/acx_ldns.m4
+===================================================================
+--- opendnssec-2.1.8.orig/m4/acx_ldns.m4
++++ opendnssec-2.1.8/m4/acx_ldns.m4
+@@ -1,128 +1,63 @@
-AC_DEFUN([ACX_LDNS],[
- AC_ARG_WITH(ldns,
-- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
- [
- LDNS_PATH="$withval"
- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
@@ -70,8 +85,7 @@
- AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)])
- ],[])
- AC_LANG_POP([C])
-+#serial 11
-
+-
- CPPFLAGS=$tmp_CPPFLAGS
-
- AC_SUBST(LDNS_INCLUDES)
@@ -81,7 +95,7 @@
-
-AC_DEFUN([ACX_LDNS_NOT],[
- AC_ARG_WITH(ldns,
-- [AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+- [AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
- [
- LDNS_PATH="$withval"
- AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
@@ -200,18 +214,3 @@
+ AC_SUBST([LDNS_LIBS])
+ AC_SUBST([LDNS_LDFLAGS])
])
-Index: opendnssec-2.1.6/configure.ac
-===================================================================
---- opendnssec-2.1.6.orig/configure.ac
-+++ opendnssec-2.1.6/configure.ac
-@@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
-
- # common dependencies
- ACX_LIBXML2
--ACX_LDNS(1,6,17)
--ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
--ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
-+ACX_LDNS(1.6.17)
- ACX_PKCS11_MODULES
- ACX_RT
- ACX_LIBC
diff --git a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb
similarity index 85%
rename from meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb
rename to meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb
index 5e42ca8..cf6bdbd 100644
--- a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb
+++ b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb
@@ -5,18 +5,15 @@
DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml "
-SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \
+SRC_URI = "https://dist.opendnssec.org/source/opendnssec-${PV}.tar.gz \
file://libxml2_conf.patch \
file://libdns_conf_fix.patch \
- file://fix_fprint.patch \
"
-SRCREV = "5876bccb38428790e2e9afc806ca68b029879874"
+SRC_URI[sha256sum] = "900a213103ff19a405e446327fbfcea9ec13e405283d87b6ffc24a10d9a268f5"
inherit autotools pkgconfig perlnative
-S = "${WORKDIR}/git"
-
EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \
--with-ssl=${STAGING_DIR_HOST}/usr "
diff --git a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb
index 56f734c..0d70dc6 100644
--- a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb
+++ b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb
@@ -2,7 +2,7 @@
DESCRIPTION = "Tools used by redhat linux distribution for security checks"
SECTION = "security"
LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
SRC_URI = "file://find-chroot-py.sh \
file://find-chroot.sh \
diff --git a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb b/meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb
similarity index 96%
rename from meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb
rename to meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb
index 925f188..8d81ed1 100644
--- a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb
+++ b/meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb
@@ -7,7 +7,7 @@
S = "${WORKDIR}/git"
-SRCREV = "3047580162a9407ef05fe981983cacfa698f1159"
+SRCREV = "95ba5b8504152a1f820bbe679ccf03668cb5118f"
SRC_URI = "git://github.com/secdev/scapy.git \
file://run-ptest"
diff --git a/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb b/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb
deleted file mode 100644
index 74e837a..0000000
--- a/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "SoftHSM is an implementation of a cryptographic store accessible through a PKCS #11 interface."
-HOMEPAGE = "www.opendnssec.org"
-
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210"
-
-DEPENDS = "sqlite3"
-
-SRC_URI = "https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz"
-SRC_URI[sha256sum] = "61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2"
-
-inherit autotools pkgconfig siteinfo
-
-EXTRA_OECONF += " --with-sqlite3=${STAGING_DIR_HOST}/usr"
-EXTRA_OECONF += "${@oe.utils.conditional('SITEINFO_BITS', '64', ' --enable-64bit', '', d)}"
-
-PACKAGECONFIG ?= "pk11 openssl"
-
-PACKAGECONFIG[npm] = ",--disable-non-paged-memory"
-PACKAGECONFIG[ecc] = "--enable-ecc,--disable-ecc"
-PACKAGECONFIG[gost] = "--enable-gost,--disable-gost"
-PACKAGECONFIG[eddsa] = "--enable-eddsa, --disable-eddsa"
-PACKAGECONFIG[fips] = "--enable-fips, --disable-fips"
-PACKAGECONFIG[notvisable] = "--disable-visibility"
-PACKAGECONFIG[openssl] = "--with-openssl=${STAGING_DIR_HOST}/usr --with-crypto-backend=openssl, --without-openssl, openssl, openssl"
-PACKAGECONFIG[botan] = "--with-botan=${STAGING_DIR_HOST}/usr --with-crypto-backend=botan, --without-botan, botan"
-PACKAGECONFIG[migrate] = "--with-migrate"
-PACKAGECONFIG[pk11] = "--enable-p11-kit --with-p11-kit==${STAGING_DIR_HOST}/usr, --without-p11-kit, p11-kit, p11-kit"
-
-RDEPENDS_${PN} = "sqlite3"