meta-security: subtree update:6053e8b8e2..9504d02694

Armin Kuster (19):
      softhsm: drop pkg as meta-oe has it
      apparmor: Inherit python3targetconfig
      python3-suricata-update: Inherit python3targetconfig
      openscap: Inherit python3targetconfig
      scap-security-guide: Inherit python3targetconfig
      nikito: Update common-licenses references to match new names
      kas-security-base.yml: build setting updates
      kas-security-base.yml: drop DL_DIR
      arpwatch: upgrade 3.0 -> 3.1
      checksec: upgrade 2.1.0 -> 2.4.0
      ding-libs: upgrade 0.5.0 -> 0.6.1
      fscryptctl: upgrade 0.1.0 -> 1.0.0
      libseccomp: upgrade 2.5.0 -> 2.5.1
      python3-privacyidea: upgrade 3.3 -> 3.5.1
      python3-scapy: upgrade 2.4.3 -> 2.4.4
      samhain: update to 4.4.3
      opendnssec: update to 2.1.8
      suricata: update to 4.10.0
      python3-fail2ban: update to 0.11.2

Jate Sujjavanich (1):
      scap-security-guide: Fix openembedded platform tests and build

Ming Liu (9):
      ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
      initramfs-framework-ima: fix a wrong path
      ima-evm-keys: add recipe
      initramfs-framework-ima: RDEPENDS on ima-evm-keys
      meta: refactor IMA/EVM sign rootfs
      README.md: update according to the refactoring in ima-evm-rootfs.bbclass
      initramfs-framework-ima: let ima_enabled return 0
      ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
      ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic

Yi Zhao (1):
      ibmswtpm2: disable camellia algorithm

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml
index 94188c8..fca0ebe 100644
--- a/meta-security/kas/kas-security-base.yml
+++ b/meta-security/kas/kas-security-base.yml
@@ -34,12 +34,19 @@
     CONF_VERSION = "1"
     SOURCE_MIRROR_URL = "http://downloads.yoctoproject.org/mirror/sources/"
     SSTATE_MIRRORS = "file://.* http://sstate.yoctoproject.org/dev/PATH;downloadfilename=PATH \n"
-    DL_DIR = "/home/srv/downloads/master"
     BB_HASHSERVE = "auto"
     BB_SIGNATURE_HANDLER = "OEEquivHash"
     INHERIT += "buildstats buildstats-summary buildhistory"
     INHERIT += "report-error"
     INHERIT += "testimage"
+    INHERIT += "rm_work"
+    BB_NUMBER_THREADS="24"
+    BB_NUMBER_PARSE_THREADS="12"
+    PARALLEL_MAKE="-j 8"
+    BB_TASK_NICE_LEVEL = '5'
+    BB_TASK_NICE_LEVEL_task-testimage = '0'
+    BB_TASK_IONICE_LEVEL = '2.7'
+    BB_TASK_IONICE_LEVEL_task-testimage = '2.1'
     TEST_QEMUBOOT_TIMEOUT = "1500"
     EXTRA_IMAGE_FEATURES ?= "debug-tweaks"
     PACKAGE_CLASSES = "package_ipk"
diff --git a/meta-security/meta-integrity/README.md b/meta-security/meta-integrity/README.md
index 4607948..5048fba 100644
--- a/meta-security/meta-integrity/README.md
+++ b/meta-security/meta-integrity/README.md
@@ -73,8 +73,10 @@
 compilation of the Linux kernel. To also activate it when building
 the image, enable image signing in the local.conf like this:
 
-    INHERIT += "ima-evm-rootfs"
+    IMAGE_CLASSES += "ima-evm-rootfs"
     IMA_EVM_KEY_DIR = "${INTEGRITY_BASE}/data/debug-keys"
+    IMA_EVM_PRIVKEY = "${IMA_EVM_KEY_DIR}/privkey_ima.pem"
+    IMA_EVM_X509 = "${IMA_EVM_KEY_DIR}/x509_ima.der"
 
 This uses the default keys provided in the "data" directory of the layer.
 Because everyone has access to these private keys, such an image
diff --git a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
index d6ade3b..0acd6e7 100644
--- a/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
+++ b/meta-security/meta-integrity/classes/ima-evm-rootfs.bbclass
@@ -28,6 +28,9 @@
 # the iversion flags (needed by IMA when allowing writing).
 IMA_EVM_ROOTFS_IVERSION ?= ""
 
+# Avoid re-generating fstab when ima is enabled.
+WIC_CREATE_EXTRA_ARGS_append = "${@bb.utils.contains('DISTRO_FEATURES', 'ima', ' --no-fstab-update', '', d)}"
+
 ima_evm_sign_rootfs () {
     cd ${IMAGE_ROOTFS}
 
@@ -37,15 +40,6 @@
     # reasons (including a change of the signing keys) without also
     # re-running do_rootfs.
 
-    # Copy file(s) which must be on the device. Note that
-    # evmctl uses x509_evm.der also for "ima_verify", which is probably
-    # a bug (should default to x509_ima.der). Does not matter for us
-    # because we use the same key for both.
-    install -d ./${sysconfdir}/keys
-    rm -f ./${sysconfdir}/keys/x509_evm.der
-    install "${IMA_EVM_X509}" ./${sysconfdir}/keys/x509_evm.der
-    ln -sf x509_evm.der ./${sysconfdir}/keys/x509_ima.der
-
     # Fix /etc/fstab: it must include the "i_version" mount option for
     # those file systems where writing files is allowed, otherwise
     # these changes will not get detected at runtime.
@@ -80,13 +74,16 @@
 }
 
 # Signing must run as late as possible in the do_rootfs task.
-# IMAGE_PREPROCESS_COMMAND runs after ROOTFS_POSTPROCESS_COMMAND, so
-# append (not prepend!) to IMAGE_PREPROCESS_COMMAND, and do it with
-# _append instead of += because _append gets evaluated later. In
-# particular, we must run after prelink_image in
-# IMAGE_PREPROCESS_COMMAND, because prelinking changes executables.
+# To guarantee that, we append it to IMAGE_PREPROCESS_COMMAND in
+# RecipePreFinalise event handler, this ensures it's the last
+# function in IMAGE_PREPROCESS_COMMAND.
+python ima_evm_sign_handler () {
+    if not e.data or 'ima' not in e.data.getVar('DISTRO_FEATURES').split():
+        return
 
-IMAGE_PREPROCESS_COMMAND_append = " ima_evm_sign_rootfs ; "
-
-# evmctl must have been installed first.
-do_rootfs[depends] += "ima-evm-utils-native:do_populate_sysroot"
+    e.data.appendVar('IMAGE_PREPROCESS_COMMAND', ' ima_evm_sign_rootfs; ')
+    e.data.appendVar('IMAGE_INSTALL', ' ima-evm-keys')
+    e.data.appendVarFlag('do_rootfs', 'depends', ' ima-evm-utils-native:do_populate_sysroot')
+}
+addhandler ima_evm_sign_handler
+ima_evm_sign_handler[eventmask] = "bb.event.RecipePreFinalise"
diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
index dacdc8b..77f6f7c 100644
--- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
+++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima.bb
@@ -27,5 +27,5 @@
 
 FILES_${PN} = "/init.d ${sysconfdir}"
 
-RDEPENDS_${PN} = "keyutils ${IMA_POLICY}"
+RDEPENDS_${PN} = "keyutils ima-evm-keys ${IMA_POLICY}"
 RDEPENDS_${PN} += "initramfs-framework-base"
diff --git a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
index 8616f99..cff26a3 100644
--- a/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
+++ b/meta-security/meta-integrity/recipes-core/initrdscripts/initramfs-framework-ima/ima
@@ -6,6 +6,7 @@
     if [ "$bootparam_no_ima" = "true" ]; then
         return 1
     fi
+    return 0
 }
 
 ima_run() {
@@ -46,7 +47,7 @@
     # ("[Linux-ima-user] IMA policy loading via cat") and we get better error reporting when
     # checking the write of each line. To minimize the risk of policy loading going wrong we
     # also remove comments and blank lines ourselves.
-    if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) </etc/ima-policy >/sys/kernel/security/ima/policy; then
+    if ! (set -e; while read i; do if echo "$i" | grep -q -e '^#' -e '^ *$'; then debug "Skipping IMA policy: $i"; else debug "Writing IMA policy: $i"; if echo $i; then sleep ${bootparam_ima_delay:-0}; else fatal "Invalid line in IMA policy: $i"; exit 1; fi; fi; done) </etc/ima/ima-policy >/sys/kernel/security/ima/policy; then
         fatal "Could not load IMA policy."
     fi
 }
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
new file mode 100644
index 0000000..62685bb
--- /dev/null
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -0,0 +1,16 @@
+SUMMARY = "IMA/EMV public keys"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+
+inherit features_check
+REQUIRED_DISTRO_FEATURES = "ima"
+
+ALLOW_EMPTY_${PN} = "1"
+
+do_install () {
+    if [ -e "${IMA_EVM_X509}" ]; then
+        install -d ${D}/${sysconfdir}/keys
+        install "${IMA_EVM_X509}" ${D}${sysconfdir}/keys/x509_evm.der
+        lnr ${D}${sysconfdir}/keys/x509_evm.der ${D}${sysconfdir}/keys/x509_ima.der
+    fi
+}
diff --git a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
index 7f649c2..bd85583 100644
--- a/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-security/meta-integrity/recipes-security/ima-evm-utils/ima-evm-utils_git.bb
@@ -26,6 +26,7 @@
 inherit pkgconfig autotools features_check
 
 REQUIRED_DISTRO_FEATURES = "ima"
+REQUIRED_DISTRO_FEATURES_class-native = ""
 
 EXTRA_OECONF_append_class-target = " --with-kernel-headers=${STAGING_KERNEL_BUILDDIR}"
 
diff --git a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
index 7f89c8d..4d9e4ca 100644
--- a/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
+++ b/meta-security/meta-integrity/recipes-security/ima_policy_hashed/files/ima_policy_hashed
@@ -53,6 +53,9 @@
 # CGROUP_SUPER_MAGIC
 dont_appraise fsmagic=0x27e0eb
 dont_measure fsmagic=0x27e0eb
+# CGROUP2_SUPER_MAGIC
+dont_appraise fsmagic=0x63677270
+dont_measure fsmagic=0x63677270
 # EFIVARFS_MAGIC
 dont_appraise fsmagic=0xde5e81e4
 dont_measure fsmagic=0xde5e81e4
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index afa576a..812ea9f 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -11,7 +11,7 @@
 
 S = "${WORKDIR}/git"
 
-inherit cmake pkgconfig python3native perlnative
+inherit cmake pkgconfig python3native python3targetconfig perlnative
 
 PACKAGECONFIG ?= "python3 rpm perl gcrypt ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
 PACKAGECONFIG[python3] = "-DENABLE_PYTHON3=ON, ,python3, python3"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch
new file mode 100644
index 0000000..60664a3
--- /dev/null
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch
@@ -0,0 +1,46 @@
+From 2beb4bc83a157b21edb1a3fef295cd4cced467df Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich <jatedev@gmail.com>
+Date: Thu, 7 Jan 2021 18:10:01 -0500
+Subject: [PATCH 1/3] Fix platform spec, file check, tests in installed OS
+ detect for openembedded
+
+Change platform to multi in openembedded installed check matching others
+and allowing compile of xml into oval
+---
+ shared/checks/oval/installed_OS_is_openembedded.xml | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/shared/checks/oval/installed_OS_is_openembedded.xml b/shared/checks/oval/installed_OS_is_openembedded.xml
+index 763d17bcb..01df16b43 100644
+--- a/shared/checks/oval/installed_OS_is_openembedded.xml
++++ b/shared/checks/oval/installed_OS_is_openembedded.xml
+@@ -1,11 +1,9 @@
+-</def-group>
+-
+ <def-group>
+   <definition class="inventory" id="installed_OS_is_openembedded" version="2">
+     <metadata>
+       <title>OpenEmbedded</title>
+       <affected family="unix">
+-        <platform>OPENEMBEDDED</platform>
++        <platform>multi_platform_all</platform>
+       </affected>
+       <reference ref_id="cpe:/o:openembedded:openembedded:0"
+       source="CPE" />
+@@ -20,8 +18,11 @@
+     </criteria>
+   </definition>
+ 
+-  <ind:textfilecontent54_object id="test_openembedded" version="1" comment="Check OPenEmbedded version">
+-    <ind:filepath>/etc/os-release/ind:filepath>
++  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check OpenEmbedded version" id="test_openembedded" version="1">
++    <ind:object object_ref="obj_openembedded" />
++  </ind:textfilecontent54_test>
++  <ind:textfilecontent54_object id="obj_openembedded" version="1" comment="Check OpenEmbedded version">
++    <ind:filepath>/etc/os-release</ind:filepath>
+     <ind:pattern operation="pattern match">^VERSION_ID=\"nodistro\.[0-9].$</ind:pattern>
+     <ind:instance datatype="int">1</ind:instance>
+   </ind:textfilecontent54_object>
+-- 
+2.24.3 (Apple Git-128)
+
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch
new file mode 100644
index 0000000..1e712f6
--- /dev/null
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/files/0002-Fix-missing-openembedded-from-ssg-constants.py.patch
@@ -0,0 +1,34 @@
+From 037a12301968a56f0c7e492ea4a05d2eecbd4cc6 Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich <jatedev@gmail.com>
+Date: Fri, 8 Jan 2021 20:18:00 -0500
+Subject: [PATCH 2/3] Fix missing openembedded from ssg/constants.py
+
+---
+ ssg/constants.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ssg/constants.py b/ssg/constants.py
+index fab7cda5d..2ca289f84 100644
+--- a/ssg/constants.py
++++ b/ssg/constants.py
+@@ -234,7 +234,8 @@ PRODUCT_TO_CPE_MAPPING = {
+ }
+ 
+ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
+-                       "wrlinux", "opensuse", "sle", "ol", "ocp", "example"]
++                       "wrlinux", "opensuse", "sle", "ol", "ocp", "example",
++                       "openembedded"]
+ 
+ MULTI_PLATFORM_MAPPING = {
+     "multi_platform_debian": ["debian8"],
+@@ -249,6 +250,7 @@ MULTI_PLATFORM_MAPPING = {
+     "multi_platform_sle": ["sle11", "sle12"],
+     "multi_platform_ubuntu": ["ubuntu1404", "ubuntu1604", "ubuntu1804"],
+     "multi_platform_wrlinux": ["wrlinux"],
++    "multi_platform_openembedded": ["openembedded"],
+ }
+ 
+ RHEL_CENTOS_CPE_MAPPING = {
+-- 
+2.24.3 (Apple Git-128)
+
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
index 32fce0f..d1a9511 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide.inc
@@ -10,7 +10,7 @@
 
 S = "${WORKDIR}/git"
 
-inherit cmake pkgconfig python3native
+inherit cmake pkgconfig python3native python3targetconfig
 
 STAGING_OSCAP_BUILDDIR = "${TMPDIR}/work-shared/openscap/oscap-build-artifacts"
 export OSCAP_CPE_PATH="${STAGING_OSCAP_BUILDDIR}${datadir_native}/openscap/cpe"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
index 6e7180f..0617c56 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
+++ b/meta-security/meta-security-compliance/recipes-openscap/scap-security-guide/scap-security-guide_git.bb
@@ -7,6 +7,8 @@
            file://0001-fix-deprecated-instance-of-element.getchildren.patch \
            file://0002-fix-deprecated-getiterator-function.patch \
            file://0003-fix-remaining-getchildren-and-getiterator-functions.patch \
+           file://0001-Fix-platform-spec-file-check-tests-in-installed-OS-d.patch \
+           file://0002-Fix-missing-openembedded-from-ssg-constants.py.patch \
           "
 PV = "0.1.44+git${SRCPV}"
 
diff --git a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
index 32afd37..301980d 100644
--- a/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
+++ b/meta-security/meta-tpm/recipes-tpm2/ibmswtpm2/ibmswtpm2_1637.bb
@@ -27,7 +27,7 @@
 
 S = "${WORKDIR}/src"
 
-CFLAGS += "-Wno-error=maybe-uninitialized"
+CFLAGS += "-Wno-error=maybe-uninitialized -DALG_CAMELLIA=ALG_NO"
 
 do_compile () {
    make CC='${CC}'
diff --git a/meta-security/recipes-ids/samhain/samhain.inc b/meta-security/recipes-ids/samhain/samhain.inc
index 3b4aab9..6a2eb08 100644
--- a/meta-security/recipes-ids/samhain/samhain.inc
+++ b/meta-security/recipes-ids/samhain/samhain.inc
@@ -3,7 +3,7 @@
 LICENSE     = "GPLv2"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
 
-PV = "4.4.2"
+PV = "4.4.3"
 
 SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
            file://${INITSCRIPT_NAME}.init \
@@ -20,7 +20,7 @@
            file://fix-build-with-new-version-attr.patch \
            "
 
-SRC_URI[sha256sum] = "2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff"
+SRC_URI[sha256sum] = "3e57574036d5055e9557ec5095818b419ea6c4365370fc2ccce1e9f87f9fad08"
 
 UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
 UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"
diff --git a/meta-security/recipes-ids/suricata/libhtp_0.5.35.bb b/meta-security/recipes-ids/suricata/libhtp_0.5.36.bb
similarity index 100%
rename from meta-security/recipes-ids/suricata/libhtp_0.5.35.bb
rename to meta-security/recipes-ids/suricata/libhtp_0.5.36.bb
diff --git a/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb b/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
index 0070b5b..732ca9a 100644
--- a/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
+++ b/meta-security/recipes-ids/suricata/python3-suricata-update_1.1.1.bb
@@ -10,6 +10,6 @@
 
 S = "${WORKDIR}/git"
 
-inherit python3native setuptools3
+inherit python3native python3targetconfig setuptools3
 
 RDEPENDS_${PN} = "python3-pyyaml"
diff --git a/meta-security/recipes-ids/suricata/suricata.inc b/meta-security/recipes-ids/suricata/suricata.inc
index b94285f..1ce0d74 100644
--- a/meta-security/recipes-ids/suricata/suricata.inc
+++ b/meta-security/recipes-ids/suricata/suricata.inc
@@ -2,7 +2,7 @@
 SECTION = "security Monitor/Admin"
 LICENSE = "GPLv2"
 
-VER = "4.1.9"
+VER = "4.1.10"
 SRC_URI = "http://www.openinfosecfoundation.org/download/suricata-${VER}.tar.gz"
 
-SRC_URI[sha256sum] = "3440cd1065b1b3999dc101a37c49321fab2791b38f16e2f7fe27369dd007eea7"
+SRC_URI[sha256sum] = "4013cb13a2f3f7854328cf072319bba41896fad86d6b85b1cff4004f82aa7276"
diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.9.bb b/meta-security/recipes-ids/suricata/suricata_4.1.10.bb
similarity index 100%
rename from meta-security/recipes-ids/suricata/suricata_4.1.9.bb
rename to meta-security/recipes-ids/suricata/suricata_4.1.10.bb
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb
index 35e95a0..015205d 100644
--- a/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb
+++ b/meta-security/recipes-mac/AppArmor/apparmor_3.0.bb
@@ -39,7 +39,7 @@
 
 COMPATIBLE_MACHINE_mips64 = "(!.*mips64).*"
 
-inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative cpan systemd features_check bash-completion
+inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion
 
 REQUIRED_DISTRO_FEATURES = "apparmor"
 
diff --git a/meta-security/recipes-scanners/arpwatch/arpwatch_3.0.bb b/meta-security/recipes-scanners/arpwatch/arpwatch_3.1.bb
similarity index 93%
rename from meta-security/recipes-scanners/arpwatch/arpwatch_3.0.bb
rename to meta-security/recipes-scanners/arpwatch/arpwatch_3.1.bb
index 9be319a..44aeca0 100644
--- a/meta-security/recipes-scanners/arpwatch/arpwatch_3.0.bb
+++ b/meta-security/recipes-scanners/arpwatch/arpwatch_3.1.bb
@@ -1,7 +1,7 @@
 SUMARRY = "The ethernet monitor program; for keeping track of ethernet/ip address pairings"
 LICENSE = "BSD-4-Clause"
 HOME_PAGE = "http://ee.lbl.gov/"
-LIC_FILES_CHKSUM = "file://configure;md5=212742e55562cf47527d31c2a492411a"
+LIC_FILES_CHKSUM = "file://configure;md5=74ca964ed34fda7b46c6fe3e50bded9d"
 
 DEPENDS += "libpcap postfix"
 
@@ -12,7 +12,7 @@
            file://postfix_workaround.patch \
            file://host_contam_fix.patch "
 
-SRC_URI[sha256sum] = "82e137e104aca8b1280f5cca0ebe61b978f10eadcbb4c4802c181522ad02b25b"
+SRC_URI[sha256sum] = "ee1d15d9a07952c0c017908b9dbfd5ac988fed0058c3cc4fa6c13e0be36f3a9f"
 
 inherit  autotools-brokensep update-rc.d useradd
 
diff --git a/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb b/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb
index 179eeda..20a1fb0 100644
--- a/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb
+++ b/meta-security/recipes-scanners/buck-security/buck-security_0.7.bb
@@ -3,7 +3,7 @@
 system. This enables you to quickly overview the security status of your Linux system."
 SECTION = "security"
 LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
 SRC_URI = "http://sourceforge.net/projects/buck-security/files/buck-security/buck-security_${PV}/${BPN}_${PV}.tar.gz"
 
diff --git a/meta-security/recipes-scanners/checksec/checksec_2.1.0.bb b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb
similarity index 78%
rename from meta-security/recipes-scanners/checksec/checksec_2.1.0.bb
rename to meta-security/recipes-scanners/checksec/checksec_2.4.0.bb
index b67c98b..52bcf7c 100644
--- a/meta-security/recipes-scanners/checksec/checksec_2.1.0.bb
+++ b/meta-security/recipes-scanners/checksec/checksec_2.4.0.bb
@@ -4,9 +4,9 @@
 LICENSE = "BSD"
 HOMEPAGE="https://github.com/slimm609/checksec.sh"
 
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=93fddcca19f6c897871f9b5f9a035f4a"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8d90285f711cf1f378e2c024457066d8"
 
-SRCREV = "04582bad41589ad479ca8b1f0170ed317475b5a5"
+SRCREV = "c3754e45e04f9104db93b2048afd094427102d48"
 SRC_URI = "git://github.com/slimm609/checksec.sh"
 
 S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb b/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
index 204123d..0161b4c 100644
--- a/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
+++ b/meta-security/recipes-scanners/checksecurity/checksecurity_2.0.15.bb
@@ -2,7 +2,7 @@
 DESCRIPTION = "checksecurity is a simple package which will scan your system for several simple security holes."
 SECTION = "security"
 LICENSE = "GPL-2.0"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
 SRC_URI = "http://ftp.de.debian.org/debian/pool/main/c/checksecurity/checksecurity_${PV}.tar.gz \
            file://setuid-log-folder.patch \
diff --git a/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch b/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch
deleted file mode 100644
index ee872ec..0000000
--- a/meta-security/recipes-security/fail2ban/files/0001-python3-fail2ban-2-3-conversion.patch
+++ /dev/null
@@ -1,2527 +0,0 @@
-From abaa20435bac7decffa69e6f965aac9ce29aff6a Mon Sep 17 00:00:00 2001
-From: Armin Kuster <akuster808@gmail.com>
-Date: Wed, 12 Feb 2020 17:19:15 +0000
-Subject: [PATCH] python3-fail2ban: 2-3 conversion
-
-Upstream-Status: OE specific.
-
-fail2ban handles py3 via a 2-3 conversion utility.
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
----
- fail2ban/client/actionreader.py               |   4 +-
- fail2ban/client/configparserinc.py            |  10 +-
- fail2ban/client/configreader.py               |   4 +-
- fail2ban/client/csocket.py                    |   4 +-
- fail2ban/client/fail2banclient.py             |   4 +-
- fail2ban/client/fail2banregex.py              |  20 +-
- fail2ban/client/filterreader.py               |   2 +-
- fail2ban/client/jailreader.py                 |   4 +-
- fail2ban/helpers.py                           |  15 +-
- fail2ban/server/action.py                     |  19 +-
- fail2ban/server/actions.py                    |  24 +-
- fail2ban/server/asyncserver.py                |   4 +-
- fail2ban/server/banmanager.py                 |  18 +-
- fail2ban/server/database.py                   |   6 +-
- fail2ban/server/failmanager.py                |   8 +-
- fail2ban/server/failregex.py                  |   9 +-
- fail2ban/server/filter.py                     |  12 +-
- fail2ban/server/filterpoll.py                 |   2 +-
- fail2ban/server/filterpyinotify.py            |   6 +-
- fail2ban/server/ipdns.py                      |  16 +-
- fail2ban/server/jail.py                       |  14 +-
- fail2ban/server/mytime.py                     |   2 +-
- fail2ban/server/server.py                     |  18 +-
- fail2ban/server/strptime.py                   |   6 +-
- fail2ban/server/ticket.py                     |  14 +-
- fail2ban/server/transmitter.py                |   2 +-
- fail2ban/server/utils.py                      |   6 +-
- fail2ban/tests/action_d/test_badips.py        |   2 +-
- fail2ban/tests/actiontestcase.py              |   4 +-
- fail2ban/tests/clientreadertestcase.py        |   4 +-
- fail2ban/tests/databasetestcase.py            |  16 +-
- fail2ban/tests/datedetectortestcase.py        |   6 +-
- fail2ban/tests/fail2banclienttestcase.py      |   8 +-
- fail2ban/tests/failmanagertestcase.py         |  10 +-
- .../tests/files/config/apache-auth/digest.py  |  20 +-
- fail2ban/tests/filtertestcase.py              |  92 ++---
- fail2ban/tests/misctestcase.py                |  22 +-
- fail2ban/tests/observertestcase.py            |  34 +-
- fail2ban/tests/samplestestcase.py             |   8 +-
- fail2ban/tests/servertestcase.py              |  28 +-
- fail2ban/tests/sockettestcase.py              |   2 +-
- fail2ban/tests/utils.py                       |  22 +-
- setup.py                                      | 326 ------------------
- 43 files changed, 264 insertions(+), 593 deletions(-)
- delete mode 100755 setup.py
-
-diff --git a/fail2ban/client/actionreader.py b/fail2ban/client/actionreader.py
-index 80617a50..ecf323c5 100644
---- a/fail2ban/client/actionreader.py
-+++ b/fail2ban/client/actionreader.py
-@@ -90,11 +90,11 @@ class ActionReader(DefinitionInitConfigReader):
- 		stream = list()
- 		stream.append(head + ["addaction", self._name])
- 		multi = []
--		for opt, optval in opts.iteritems():
-+		for opt, optval in opts.items():
- 			if opt in self._configOpts and not opt.startswith('known/'):
- 				multi.append([opt, optval])
- 		if self._initOpts:
--			for opt, optval in self._initOpts.iteritems():
-+			for opt, optval in self._initOpts.items():
- 				if opt not in self._configOpts and not opt.startswith('known/'):
- 					multi.append([opt, optval])
- 		if len(multi) > 1:
-diff --git a/fail2ban/client/configparserinc.py b/fail2ban/client/configparserinc.py
-index e0f39579..45c77437 100644
---- a/fail2ban/client/configparserinc.py
-+++ b/fail2ban/client/configparserinc.py
-@@ -62,7 +62,7 @@ if sys.version_info >= (3,2):
- 					parser, option, accum, rest, section, map, *args, **kwargs)
- 
- else: # pragma: no cover
--	from ConfigParser import SafeConfigParser, \
-+	from configparser import SafeConfigParser, \
- 		InterpolationMissingOptionError, NoOptionError, NoSectionError
- 
- 	# Interpolate missing known/option as option from default section
-@@ -327,7 +327,7 @@ after = 1.conf
- 			# mix it with defaults:
- 			return set(opts.keys()) | set(self._defaults)
- 		# only own option names:
--		return opts.keys()
-+		return list(opts.keys())
- 
- 	def read(self, filenames, get_includes=True):
- 		if not isinstance(filenames, list):
-@@ -356,7 +356,7 @@ after = 1.conf
- 					ret += i
- 					# merge defaults and all sections to self:
- 					alld.update(cfg.get_defaults())
--					for n, s in cfg.get_sections().iteritems():
-+					for n, s in cfg.get_sections().items():
- 						# conditional sections
- 						cond = SafeConfigParserWithIncludes.CONDITIONAL_RE.match(n)
- 						if cond:
-@@ -366,7 +366,7 @@ after = 1.conf
- 								del(s['__name__'])
- 							except KeyError:
- 								pass
--							for k in s.keys():
-+							for k in list(s.keys()):
- 								v = s.pop(k)
- 								s[k + cond] = v
- 						s2 = alls.get(n)
-@@ -399,7 +399,7 @@ after = 1.conf
- 			sec.update(options)
- 			return
- 		sk = {}
--		for k, v in options.iteritems():
-+		for k, v in options.items():
- 			if not k.startswith(pref) and k != '__name__':
- 				sk[pref+k] = v
- 		sec.update(sk)
-diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
-index 20709b72..b5167409 100644
---- a/fail2ban/client/configreader.py
-+++ b/fail2ban/client/configreader.py
-@@ -26,7 +26,7 @@ __license__ = "GPL"
- 
- import glob
- import os
--from ConfigParser import NoOptionError, NoSectionError
-+from configparser import NoOptionError, NoSectionError
- 
- from .configparserinc import sys, SafeConfigParserWithIncludes, logLevel
- from ..helpers import getLogger, _as_bool, _merge_dicts, substituteRecursiveTags
-@@ -197,7 +197,7 @@ class ConfigReaderUnshared(SafeConfigParserWithIncludes):
- 		config_files += sorted(glob.glob('%s/*.local' % config_dir))
- 
- 		# choose only existing ones
--		config_files = filter(os.path.exists, config_files)
-+		config_files = list(filter(os.path.exists, config_files))
- 
- 		if len(config_files):
- 			# at least one config exists and accessible
-diff --git a/fail2ban/client/csocket.py b/fail2ban/client/csocket.py
-index ab3e294b..9417cde9 100644
---- a/fail2ban/client/csocket.py
-+++ b/fail2ban/client/csocket.py
-@@ -47,7 +47,7 @@ class CSocket:
- 	
- 	def send(self, msg, nonblocking=False, timeout=None):
- 		# Convert every list member to string
--		obj = dumps(map(CSocket.convert, msg), HIGHEST_PROTOCOL)
-+		obj = dumps(list(map(CSocket.convert, msg)), HIGHEST_PROTOCOL)
- 		self.__csock.send(obj + CSPROTO.END)
- 		return self.receive(self.__csock, nonblocking, timeout)
- 
-@@ -71,7 +71,7 @@ class CSocket:
- 	@staticmethod
- 	def convert(m):
- 		"""Convert every "unexpected" member of message to string"""
--		if isinstance(m, (basestring, bool, int, float, list, dict, set)):
-+		if isinstance(m, (str, bool, int, float, list, dict, set)):
- 			return m
- 		else: # pragma: no cover
- 			return str(m)
-diff --git a/fail2ban/client/fail2banclient.py b/fail2ban/client/fail2banclient.py
-index 7c90ca40..7eb11684 100755
---- a/fail2ban/client/fail2banclient.py
-+++ b/fail2ban/client/fail2banclient.py
-@@ -45,7 +45,7 @@ def _thread_name():
- 	return threading.current_thread().__class__.__name__
- 
- def input_command(): # pragma: no cover
--	return raw_input(PROMPT)
-+	return input(PROMPT)
- 
- ##
- #
-@@ -444,7 +444,7 @@ class Fail2banClient(Fail2banCmdLine, Thread):
- 			return False
- 		finally:
- 			self._alive = False
--			for s, sh in _prev_signals.iteritems():
-+			for s, sh in _prev_signals.items():
- 				signal.signal(s, sh)
- 
- 
-diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
-index 513b765d..4a71b3c0 100644
---- a/fail2ban/client/fail2banregex.py
-+++ b/fail2ban/client/fail2banregex.py
-@@ -41,10 +41,10 @@ import shlex
- import sys
- import time
- import time
--import urllib
-+import urllib.request, urllib.parse, urllib.error
- from optparse import OptionParser, Option
- 
--from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
-+from configparser import NoOptionError, NoSectionError, MissingSectionHeaderError
- 
- try: # pragma: no cover
- 	from ..server.filtersystemd import FilterSystemd
-@@ -68,7 +68,7 @@ def debuggexURL(sample, regex, multiline=False, useDns="yes"):
- 		'flavor': 'python'
- 	}
- 	if multiline: args['flags'] = 'm'
--	return 'https://www.debuggex.com/?' + urllib.urlencode(args)
-+	return 'https://www.debuggex.com/?' + urllib.parse.urlencode(args)
- 
- def output(args): # pragma: no cover (overriden in test-cases)
- 	print(args)
-@@ -244,7 +244,7 @@ class Fail2banRegex(object):
- 
- 	def __init__(self, opts):
- 		# set local protected members from given options:
--		self.__dict__.update(dict(('_'+o,v) for o,v in opts.__dict__.iteritems()))
-+		self.__dict__.update(dict(('_'+o,v) for o,v in opts.__dict__.items()))
- 		self._opts = opts
- 		self._maxlines_set = False		  # so we allow to override maxlines in cmdline
- 		self._datepattern_set = False
-@@ -304,7 +304,7 @@ class Fail2banRegex(object):
- 		realopts = {}
- 		combopts = reader.getCombined()
- 		# output all options that are specified in filter-argument as well as some special (mostly interested):
--		for k in ['logtype', 'datepattern'] + fltOpt.keys():
-+		for k in ['logtype', 'datepattern'] + list(fltOpt.keys()):
- 			# combined options win, but they contain only a sub-set in filter expected keys,
- 			# so get the rest from definition section:
- 			try:
-@@ -424,7 +424,7 @@ class Fail2banRegex(object):
- 			self.output( "Use %11s line : %s" % (regex, shortstr(value)) )
- 			regex_values = {regextype: [RegexStat(value)]}
- 
--		for regextype, regex_values in regex_values.iteritems():
-+		for regextype, regex_values in regex_values.items():
- 			regex = regextype + 'regex'
- 			setattr(self, "_" + regex, regex_values)
- 			for regex in regex_values:
-@@ -523,10 +523,10 @@ class Fail2banRegex(object):
- 							output(ret[1])
- 					elif self._opts.out == 'msg':
- 						for ret in ret:
--							output('\n'.join(map(lambda v:''.join(v for v in v), ret[3].get('matches'))))
-+							output('\n'.join([''.join(v for v in v) for v in ret[3].get('matches')]))
- 					elif self._opts.out == 'row':
- 						for ret in ret:
--							output('[%r,\t%r,\t%r],' % (ret[1],ret[2],dict((k,v) for k, v in ret[3].iteritems() if k != 'matches')))
-+							output('[%r,\t%r,\t%r],' % (ret[1],ret[2],dict((k,v) for k, v in ret[3].items() if k != 'matches')))
- 					else:
- 						for ret in ret:
- 							output(ret[3].get(self._opts.out))
-@@ -565,9 +565,9 @@ class Fail2banRegex(object):
- 					ans = [[]]
- 					for arg in [l, regexlist]:
- 						ans = [ x + [y] for x in ans for y in arg ]
--					b = map(lambda a: a[0] +  ' | ' + a[1].getFailRegex() + ' |  ' + 
-+					b = [a[0] +  ' | ' + a[1].getFailRegex() + ' |  ' + 
- 						debuggexURL(self.encode_line(a[0]), a[1].getFailRegex(), 
--							multiline, self._opts.usedns), ans)
-+							multiline, self._opts.usedns) for a in ans]
- 					pprint_list([x.rstrip() for x in b], header)
- 				else:
- 					output( "%s too many to print.  Use --print-all-%s " \
-diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py
-index 413f125e..4f0cc4cf 100644
---- a/fail2ban/client/filterreader.py
-+++ b/fail2ban/client/filterreader.py
-@@ -71,7 +71,7 @@ class FilterReader(DefinitionInitConfigReader):
- 	@staticmethod
- 	def _fillStream(stream, opts, jailName):
- 		prio0idx = 0
--		for opt, value in opts.iteritems():
-+		for opt, value in opts.items():
- 			if opt in ("failregex", "ignoreregex"):
- 				if value is None: continue
- 				multi = []
-diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
-index 50c1d047..969d0bc0 100644
---- a/fail2ban/client/jailreader.py
-+++ b/fail2ban/client/jailreader.py
-@@ -117,7 +117,7 @@ class JailReader(ConfigReader):
- 	}
- 	_configOpts.update(FilterReader._configOpts)
- 
--	_ignoreOpts = set(['action', 'filter', 'enabled'] + FilterReader._configOpts.keys())
-+	_ignoreOpts = set(['action', 'filter', 'enabled'] + list(FilterReader._configOpts.keys()))
- 
- 	def getOptions(self):
- 
-@@ -236,7 +236,7 @@ class JailReader(ConfigReader):
- 			stream.extend(self.__filter.convert())
- 		# and using options from jail:
- 		FilterReader._fillStream(stream, self.__opts, self.__name)
--		for opt, value in self.__opts.iteritems():
-+		for opt, value in self.__opts.items():
- 			if opt == "logpath":
- 				if self.__opts.get('backend', '').startswith("systemd"): continue
- 				found_files = 0
-diff --git a/fail2ban/helpers.py b/fail2ban/helpers.py
-index 6f2bcdd7..7e563696 100644
---- a/fail2ban/helpers.py
-+++ b/fail2ban/helpers.py
-@@ -31,6 +31,7 @@ import traceback
- from threading import Lock
- 
- from .server.mytime import MyTime
-+import importlib
- 
- try:
- 	import ctypes
-@@ -63,7 +64,7 @@ if sys.version_info < (3,): # pragma: 3.x no cover
- 					from imp import load_dynamic as __ldm
- 					_sys = __ldm('_sys', 'sys')
- 				except ImportError: # pragma: no cover - only if load_dynamic fails
--					reload(sys)
-+					importlib.reload(sys)
- 					_sys = sys
- 			if hasattr(_sys, "setdefaultencoding"):
- 				_sys.setdefaultencoding(encoding)
-@@ -101,7 +102,7 @@ if sys.version_info >= (3,): # pragma: 2.x no cover
- else: # pragma: 3.x no cover
- 	def uni_decode(x, enc=PREFER_ENC, errors='strict'):
- 		try:
--			if isinstance(x, unicode):
-+			if isinstance(x, str):
- 				return x.encode(enc, errors)
- 			return x
- 		except (UnicodeDecodeError, UnicodeEncodeError): # pragma: no cover - unsure if reachable
-@@ -110,7 +111,7 @@ else: # pragma: 3.x no cover
- 			return x.encode(enc, 'replace')
- 	if sys.getdefaultencoding().upper() != 'UTF-8': # pragma: no cover - utf-8 is default encoding now
- 		def uni_string(x):
--			if not isinstance(x, unicode):
-+			if not isinstance(x, str):
- 				return str(x)
- 			return x.encode(PREFER_ENC, 'replace')
- 	else:
-@@ -118,7 +119,7 @@ else: # pragma: 3.x no cover
- 
- 
- def _as_bool(val):
--	return bool(val) if not isinstance(val, basestring) \
-+	return bool(val) if not isinstance(val, str) \
- 		else val.lower() in ('1', 'on', 'true', 'yes')
- 
- 
-@@ -326,7 +327,7 @@ def splitwords(s):
- 	"""
- 	if not s:
- 		return []
--	return filter(bool, map(lambda v: v.strip(), re.split('[ ,\n]+', s)))
-+	return list(filter(bool, [v.strip() for v in re.split('[ ,\n]+', s)]))
- 
- if sys.version_info >= (3,5):
- 	eval(compile(r'''if 1:
-@@ -436,7 +437,7 @@ def substituteRecursiveTags(inptags, conditional='',
- 	while True:
- 		repFlag = False
- 		# substitute each value:
--		for tag in tags.iterkeys():
-+		for tag in tags.keys():
- 			# ignore escaped or already done (or in ignore list):
- 			if tag in ignore or tag in done: continue
- 			# ignore replacing callable items from calling map - should be converted on demand only (by get):
-@@ -476,7 +477,7 @@ def substituteRecursiveTags(inptags, conditional='',
- 					m = tre_search(value, m.end())
- 					continue
- 				# if calling map - be sure we've string:
--				if not isinstance(repl, basestring): repl = uni_string(repl)
-+				if not isinstance(repl, str): repl = uni_string(repl)
- 				value = value.replace('<%s>' % rtag, repl)
- 				#logSys.log(5, 'value now: %s' % value)
- 				# increment reference count:
-diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
-index 5c817fc0..81d50689 100644
---- a/fail2ban/server/action.py
-+++ b/fail2ban/server/action.py
-@@ -111,9 +111,9 @@ class CallingMap(MutableMapping, object):
- 	def _asdict(self, calculated=False, checker=None):
- 		d = dict(self.data, **self.storage)
- 		if not calculated:
--			return dict((n,v) for n,v in d.iteritems() \
-+			return dict((n,v) for n,v in d.items() \
- 				if not callable(v) or n in self.CM_REPR_ITEMS)
--		for n,v in d.items():
-+		for n,v in list(d.items()):
- 			if callable(v):
- 				try:
- 					# calculate:
-@@ -179,7 +179,7 @@ class CallingMap(MutableMapping, object):
- 		return self.__class__(_merge_copy_dicts(self.data, self.storage))
- 
- 
--class ActionBase(object):
-+class ActionBase(object, metaclass=ABCMeta):
- 	"""An abstract base class for actions in Fail2Ban.
- 
- 	Action Base is a base definition of what methods need to be in
-@@ -209,7 +209,6 @@ class ActionBase(object):
- 	Any additional arguments specified in `jail.conf` or passed
- 	via `fail2ban-client` will be passed as keyword arguments.
- 	"""
--	__metaclass__ = ABCMeta
- 
- 	@classmethod
- 	def __subclasshook__(cls, C):
-@@ -420,7 +419,7 @@ class CommandAction(ActionBase):
- 			if not callable(family): # pragma: no cover
- 				return self.__substCache.get(key, {}).get(family)
- 			# family as expression - use it to filter values:
--			return [v for f, v in self.__substCache.get(key, {}).iteritems() if family(f)]
-+			return [v for f, v in self.__substCache.get(key, {}).items() if family(f)]
- 		cmd = args[0]
- 		if cmd: # set:
- 			try:
-@@ -432,7 +431,7 @@ class CommandAction(ActionBase):
- 			try:
- 				famd = self.__substCache[key]
- 				cmd = famd.pop(family)
--				for family, v in famd.items():
-+				for family, v in list(famd.items()):
- 					if v == cmd:
- 						del famd[family]
- 			except KeyError: # pragma: no cover
-@@ -448,7 +447,7 @@ class CommandAction(ActionBase):
- 		res = True
- 		err = 'Script error'
- 		if not family: # all started:
--			family = [famoper for (famoper,v) in self.__started.iteritems() if v]
-+			family = [famoper for (famoper,v) in self.__started.items() if v]
- 		for famoper in family:
- 			try:
- 				cmd = self._getOperation(tag, famoper)
-@@ -617,7 +616,7 @@ class CommandAction(ActionBase):
- 		and executes the resulting command.
- 		"""
- 		# collect started families, may be started on demand (conditional):
--		family = [f for (f,v) in self.__started.iteritems() if v & 3 == 3]; # started and contains items
-+		family = [f for (f,v) in self.__started.items() if v & 3 == 3]; # started and contains items
- 		# if nothing contains items:
- 		if not family: return True
- 		# flush:
-@@ -642,7 +641,7 @@ class CommandAction(ActionBase):
- 		"""
- 		# collect started families, if started on demand (conditional):
- 		if family is None:
--			family = [f for (f,v) in self.__started.iteritems() if v]
-+			family = [f for (f,v) in self.__started.items() if v]
- 			# if no started (on demand) actions:
- 			if not family: return True
- 			self.__started = {}
-@@ -676,7 +675,7 @@ class CommandAction(ActionBase):
- 		ret = True
- 		# for each started family:
- 		if self.actioncheck:
--			for (family, started) in self.__started.items():
-+			for (family, started) in list(self.__started.items()):
- 				if started and not self._invariantCheck(family, beforeRepair):
- 					# reset started flag and command of executed operation:
- 					self.__started[family] = 0
-diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
-index 24fea838..94b9c3ed 100644
---- a/fail2ban/server/actions.py
-+++ b/fail2ban/server/actions.py
-@@ -156,11 +156,11 @@ class Actions(JailThread, Mapping):
- 		else:
- 			if hasattr(self, '_reload_actions'):
- 				# reload actions after all parameters set via stream:
--				for name, initOpts in self._reload_actions.iteritems():
-+				for name, initOpts in self._reload_actions.items():
- 					if name in self._actions:
- 						self._actions[name].reload(**(initOpts if initOpts else {}))
- 				# remove obsolete actions (untouched by reload process):
--				delacts = OrderedDict((name, action) for name, action in self._actions.iteritems()
-+				delacts = OrderedDict((name, action) for name, action in self._actions.items()
- 					if name not in self._reload_actions)
- 				if len(delacts):
- 					# unban all tickets using removed actions only:
-@@ -289,7 +289,7 @@ class Actions(JailThread, Mapping):
- 		"""
- 		if actions is None:
- 			actions = self._actions
--		revactions = actions.items()
-+		revactions = list(actions.items())
- 		revactions.reverse()
- 		for name, action in revactions:
- 			try:
-@@ -314,7 +314,7 @@ class Actions(JailThread, Mapping):
- 			True when the thread exits nicely.
- 		"""
- 		cnt = 0
--		for name, action in self._actions.iteritems():
-+		for name, action in self._actions.items():
- 			try:
- 				action.start()
- 			except Exception as e:
-@@ -474,7 +474,7 @@ class Actions(JailThread, Mapping):
- 					Observers.Main.add('banFound', bTicket, self._jail, btime)
- 				logSys.notice("[%s] %sBan %s", self._jail.name, ('' if not bTicket.restored else 'Restore '), ip)
- 				# do actions :
--				for name, action in self._actions.iteritems():
-+				for name, action in self._actions.items():
- 					try:
- 						if ticket.restored and getattr(action, 'norestored', False):
- 							continue
-@@ -511,13 +511,13 @@ class Actions(JailThread, Mapping):
- 					if bTicket.banEpoch == self.banEpoch and diftm > 3:
- 						# avoid too often checks:
- 						if not rebanacts and MyTime.time() > self.__lastConsistencyCheckTM + 3:
--							for action in self._actions.itervalues():
-+							for action in self._actions.values():
- 								action.consistencyCheck()
- 							self.__lastConsistencyCheckTM = MyTime.time()
- 					# check epoch in order to reban it:
- 					if bTicket.banEpoch < self.banEpoch:
- 						if not rebanacts: rebanacts = dict(
--							(name, action) for name, action in self._actions.iteritems()
-+							(name, action) for name, action in self._actions.items()
- 								if action.banEpoch > bTicket.banEpoch)
- 						cnt += self.__reBan(bTicket, actions=rebanacts)
- 				else: # pragma: no cover - unexpected: ticket is not banned for some reasons - reban using all actions:
-@@ -542,8 +542,8 @@ class Actions(JailThread, Mapping):
- 		ip = ticket.getIP()
- 		aInfo = self.__getActionInfo(ticket)
- 		if log:
--			logSys.notice("[%s] Reban %s%s", self._jail.name, aInfo["ip"], (', action %r' % actions.keys()[0] if len(actions) == 1 else ''))
--		for name, action in actions.iteritems():
-+			logSys.notice("[%s] Reban %s%s", self._jail.name, aInfo["ip"], (', action %r' % list(actions.keys())[0] if len(actions) == 1 else ''))
-+		for name, action in actions.items():
- 			try:
- 				logSys.debug("[%s] action %r: reban %s", self._jail.name, name, ip)
- 				if not aInfo.immutable: aInfo.reset()
-@@ -567,7 +567,7 @@ class Actions(JailThread, Mapping):
- 		if not self.__banManager._inBanList(ticket): return
- 		# do actions :
- 		aInfo = None
--		for name, action in self._actions.iteritems():
-+		for name, action in self._actions.items():
- 			try:
- 				if ticket.restored and getattr(action, 'norestored', False):
- 					continue
-@@ -616,7 +616,7 @@ class Actions(JailThread, Mapping):
- 		cnt = 0
- 		# first we'll execute flush for actions supporting this operation:
- 		unbactions = {}
--		for name, action in (actions if actions is not None else self._actions).iteritems():
-+		for name, action in (actions if actions is not None else self._actions).items():
- 			try:
- 				if hasattr(action, 'flush') and (not isinstance(action, CommandAction) or action.actionflush):
- 					logSys.notice("[%s] Flush ticket(s) with %s", self._jail.name, name)
-@@ -671,7 +671,7 @@ class Actions(JailThread, Mapping):
- 		aInfo = self.__getActionInfo(ticket)
- 		if log:
- 			logSys.notice("[%s] Unban %s", self._jail.name, aInfo["ip"])
--		for name, action in unbactions.iteritems():
-+		for name, action in unbactions.items():
- 			try:
- 				logSys.debug("[%s] action %r: unban %s", self._jail.name, name, ip)
- 				if not aInfo.immutable: aInfo.reset()
-diff --git a/fail2ban/server/asyncserver.py b/fail2ban/server/asyncserver.py
-index e3400737..f5f9740b 100644
---- a/fail2ban/server/asyncserver.py
-+++ b/fail2ban/server/asyncserver.py
-@@ -178,7 +178,7 @@ def loop(active, timeout=None, use_poll=False, err_count=None):
- 			elif err_count['listen'] > 100: # pragma: no cover - normally unreachable
- 				if (
- 					   e.args[0] == errno.EMFILE # [Errno 24] Too many open files
--					or sum(err_count.itervalues()) > 1000
-+					or sum(err_count.values()) > 1000
- 				):
- 					logSys.critical("Too many errors - critical count reached %r", err_count)
- 					break
-@@ -220,7 +220,7 @@ class AsyncServer(asyncore.dispatcher):
- 			elif self.__errCount['accept'] > 100:
- 				if (
- 					  (isinstance(e, socket.error) and e.args[0] == errno.EMFILE) # [Errno 24] Too many open files
--					or sum(self.__errCount.itervalues()) > 1000
-+					or sum(self.__errCount.values()) > 1000
- 				):
- 					logSys.critical("Too many errors - critical count reached %r", self.__errCount)
- 					self.stop()
-diff --git a/fail2ban/server/banmanager.py b/fail2ban/server/banmanager.py
-index 5770bfd7..9bb44971 100644
---- a/fail2ban/server/banmanager.py
-+++ b/fail2ban/server/banmanager.py
-@@ -105,9 +105,9 @@ class BanManager:
- 	def getBanList(self, ordered=False, withTime=False):
- 		with self.__lock:
- 			if not ordered:
--				return self.__banList.keys()
-+				return list(self.__banList.keys())
- 			lst = []
--			for ticket in self.__banList.itervalues():
-+			for ticket in self.__banList.values():
- 				eob = ticket.getEndOfBanTime(self.__banTime)
- 				lst.append((ticket,eob))
- 			lst.sort(key=lambda t: t[1])
-@@ -126,7 +126,7 @@ class BanManager:
- 	
- 	def __iter__(self):
- 		with self.__lock:
--			return self.__banList.itervalues()
-+			return iter(self.__banList.values())
- 
- 	##
- 	# Returns normalized value
-@@ -165,7 +165,7 @@ class BanManager:
- 				return return_dict
- 		# get ips in lock:
- 		with self.__lock:
--			banIPs = [banData.getIP() for banData in self.__banList.values()]
-+			banIPs = [banData.getIP() for banData in list(self.__banList.values())]
- 		# get cymru info:
- 		try:
- 			for ip in banIPs:
-@@ -341,7 +341,7 @@ class BanManager:
- 			# Gets the list of ticket to remove (thereby correct next unban time).
- 			unBanList = {}
- 			nextUnbanTime = BanTicket.MAX_TIME
--			for fid,ticket in self.__banList.iteritems():
-+			for fid,ticket in self.__banList.items():
- 				# current time greater as end of ban - timed out:
- 				eob = ticket.getEndOfBanTime(self.__banTime)
- 				if time > eob:
-@@ -357,15 +357,15 @@ class BanManager:
- 			if len(unBanList):
- 				if len(unBanList) / 2.0 <= len(self.__banList) / 3.0:
- 					# few as 2/3 should be removed - remove particular items:
--					for fid in unBanList.iterkeys():
-+					for fid in unBanList.keys():
- 						del self.__banList[fid]
- 				else:
- 					# create new dictionary without items to be deleted:
--					self.__banList = dict((fid,ticket) for fid,ticket in self.__banList.iteritems() \
-+					self.__banList = dict((fid,ticket) for fid,ticket in self.__banList.items() \
- 						if fid not in unBanList)
- 						
- 			# return list of tickets:
--			return unBanList.values()
-+			return list(unBanList.values())
- 
- 	##
- 	# Flush the ban list.
-@@ -375,7 +375,7 @@ class BanManager:
- 	
- 	def flushBanList(self):
- 		with self.__lock:
--			uBList = self.__banList.values()
-+			uBList = list(self.__banList.values())
- 			self.__banList = dict()
- 			return uBList
- 
-diff --git a/fail2ban/server/database.py b/fail2ban/server/database.py
-index ed736a7a..0e8c9aec 100644
---- a/fail2ban/server/database.py
-+++ b/fail2ban/server/database.py
-@@ -67,13 +67,13 @@ if sys.version_info >= (3,): # pragma: 2.x no cover
- else: # pragma: 3.x no cover
- 	def _normalize(x):
- 		if isinstance(x, dict):
--			return dict((_normalize(k), _normalize(v)) for k, v in x.iteritems())
-+			return dict((_normalize(k), _normalize(v)) for k, v in x.items())
- 		elif isinstance(x, (list, set)):
- 			return [_normalize(element) for element in x]
--		elif isinstance(x, unicode):
-+		elif isinstance(x, str):
- 			# in 2.x default text_factory is unicode - so return proper unicode here:
- 			return x.encode(PREFER_ENC, 'replace').decode(PREFER_ENC)
--		elif isinstance(x, basestring):
-+		elif isinstance(x, str):
- 			return x.decode(PREFER_ENC, 'replace')
- 		return x
- 
-diff --git a/fail2ban/server/failmanager.py b/fail2ban/server/failmanager.py
-index 93c028fb..a9c6b5f6 100644
---- a/fail2ban/server/failmanager.py
-+++ b/fail2ban/server/failmanager.py
-@@ -57,7 +57,7 @@ class FailManager:
- 	def getFailCount(self):
- 		# may be slow on large list of failures, should be used for test purposes only...
- 		with self.__lock:
--			return len(self.__failList), sum([f.getRetry() for f in self.__failList.values()])
-+			return len(self.__failList), sum([f.getRetry() for f in list(self.__failList.values())])
- 
- 	def getFailTotal(self):
- 		with self.__lock:
-@@ -125,7 +125,7 @@ class FailManager:
- 				# in case of having many active failures, it should be ran only
- 				# if debug level is "low" enough
- 				failures_summary = ', '.join(['%s:%d' % (k, v.getRetry())
--											  for k,v in  self.__failList.iteritems()])
-+											  for k,v in  self.__failList.items()])
- 				logSys.log(logLevel, "Total # of detected failures: %d. Current failures from %d IPs (IP:count): %s"
- 							 % (self.__failTotal, len(self.__failList), failures_summary))
- 
-@@ -138,7 +138,7 @@ class FailManager:
- 	
- 	def cleanup(self, time):
- 		with self.__lock:
--			todelete = [fid for fid,item in self.__failList.iteritems() \
-+			todelete = [fid for fid,item in self.__failList.items() \
- 				if item.getLastTime() + self.__maxTime <= time]
- 			if len(todelete) == len(self.__failList):
- 				# remove all:
-@@ -152,7 +152,7 @@ class FailManager:
- 					del self.__failList[fid]
- 			else:
- 				# create new dictionary without items to be deleted:
--				self.__failList = dict((fid,item) for fid,item in self.__failList.iteritems() \
-+				self.__failList = dict((fid,item) for fid,item in self.__failList.items() \
- 					if item.getLastTime() + self.__maxTime > time)
- 		self.__bgSvc.service()
- 	
-diff --git a/fail2ban/server/failregex.py b/fail2ban/server/failregex.py
-index f7dafbef..fb75187d 100644
---- a/fail2ban/server/failregex.py
-+++ b/fail2ban/server/failregex.py
-@@ -128,10 +128,7 @@ class Regex:
- 			self._regexObj = re.compile(regex, re.MULTILINE if multiline else 0)
- 			self._regex = regex
- 			self._altValues = {}
--			for k in filter(
--				lambda k: len(k) > len(ALTNAME_PRE) and k.startswith(ALTNAME_PRE),
--				self._regexObj.groupindex
--			):
-+			for k in [k for k in self._regexObj.groupindex if len(k) > len(ALTNAME_PRE) and k.startswith(ALTNAME_PRE)]:
- 				n = ALTNAME_CRE.match(k).group(1)
- 				self._altValues[k] = n
- 			self._altValues = list(self._altValues.items()) if len(self._altValues) else None
-@@ -211,7 +208,7 @@ class Regex:
- 	#
- 	@staticmethod
- 	def _tupleLinesBuf(tupleLines):
--		return "\n".join(map(lambda v: "".join(v[::2]), tupleLines)) + "\n"
-+		return "\n".join(["".join(v[::2]) for v in tupleLines]) + "\n"
- 
- 	##
- 	# Searches the regular expression.
-@@ -223,7 +220,7 @@ class Regex:
- 	
- 	def search(self, tupleLines, orgLines=None):
- 		buf = tupleLines
--		if not isinstance(tupleLines, basestring):
-+		if not isinstance(tupleLines, str):
- 			buf = Regex._tupleLinesBuf(tupleLines)
- 		self._matchCache = self._regexObj.search(buf)
- 		if self._matchCache:
-diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py
-index 998fe298..d181fd38 100644
---- a/fail2ban/server/filter.py
-+++ b/fail2ban/server/filter.py
-@@ -292,7 +292,7 @@ class Filter(JailThread):
- 			dd = DateDetector()
- 			dd.default_tz = self.__logtimezone
- 			if not isinstance(pattern, (list, tuple)):
--				pattern = filter(bool, map(str.strip, re.split('\n+', pattern)))
-+				pattern = list(filter(bool, list(map(str.strip, re.split('\n+', pattern)))))
- 			for pattern in pattern:
- 				dd.appendTemplate(pattern)
- 			self.dateDetector = dd
-@@ -987,7 +987,7 @@ class FileFilter(Filter):
- 	# @return log paths
- 
- 	def getLogPaths(self):
--		return self.__logs.keys()
-+		return list(self.__logs.keys())
- 
- 	##
- 	# Get the log containers
-@@ -995,7 +995,7 @@ class FileFilter(Filter):
- 	# @return log containers
- 
- 	def getLogs(self):
--		return self.__logs.values()
-+		return list(self.__logs.values())
- 
- 	##
- 	# Get the count of log containers
-@@ -1021,7 +1021,7 @@ class FileFilter(Filter):
- 
- 	def setLogEncoding(self, encoding):
- 		encoding = super(FileFilter, self).setLogEncoding(encoding)
--		for log in self.__logs.itervalues():
-+		for log in self.__logs.values():
- 			log.setEncoding(encoding)
- 
- 	def getLog(self, path):
-@@ -1183,7 +1183,7 @@ class FileFilter(Filter):
- 		"""Status of Filter plus files being monitored.
- 		"""
- 		ret = super(FileFilter, self).status(flavor=flavor)
--		path = self.__logs.keys()
-+		path = list(self.__logs.keys())
- 		ret.append(("File list", path))
- 		return ret
- 
-@@ -1191,7 +1191,7 @@ class FileFilter(Filter):
- 		"""Stop monitoring of log-file(s)
- 		"""
- 		# stop files monitoring:
--		for path in self.__logs.keys():
-+		for path in list(self.__logs.keys()):
- 			self.delLogPath(path)
- 		# stop thread:
- 		super(Filter, self).stop()
-diff --git a/fail2ban/server/filterpoll.py b/fail2ban/server/filterpoll.py
-index 228a2c8b..d49315cc 100644
---- a/fail2ban/server/filterpoll.py
-+++ b/fail2ban/server/filterpoll.py
-@@ -176,4 +176,4 @@ class FilterPoll(FileFilter):
- 			return False
- 
- 	def getPendingPaths(self):
--		return self.__file404Cnt.keys()
-+		return list(self.__file404Cnt.keys())
-diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py
-index ca6b253f..b683b860 100644
---- a/fail2ban/server/filterpyinotify.py
-+++ b/fail2ban/server/filterpyinotify.py
-@@ -158,7 +158,7 @@ class FilterPyinotify(FileFilter):
- 		except KeyError: pass
- 
- 	def getPendingPaths(self):
--		return self.__pending.keys()
-+		return list(self.__pending.keys())
- 
- 	def _checkPending(self):
- 		if not self.__pending:
-@@ -168,7 +168,7 @@ class FilterPyinotify(FileFilter):
- 			return
- 		found = {}
- 		minTime = 60
--		for path, (retardTM, isDir) in self.__pending.iteritems():
-+		for path, (retardTM, isDir) in self.__pending.items():
- 			if ntm - self.__pendingChkTime < retardTM:
- 				if minTime > retardTM: minTime = retardTM
- 				continue
-@@ -184,7 +184,7 @@ class FilterPyinotify(FileFilter):
- 		self.__pendingChkTime = time.time()
- 		self.__pendingMinTime = minTime
- 		# process now because we've missed it in monitoring:
--		for path, isDir in found.iteritems():
-+		for path, isDir in found.items():
- 			self._delPending(path)
- 			# refresh monitoring of this:
- 			self._refreshWatcher(path, isDir=isDir)
-diff --git a/fail2ban/server/ipdns.py b/fail2ban/server/ipdns.py
-index 6648dac6..fe8f8db8 100644
---- a/fail2ban/server/ipdns.py
-+++ b/fail2ban/server/ipdns.py
-@@ -275,7 +275,7 @@ class IPAddr(object):
- 			raise ValueError("invalid ipstr %r, too many plen representation" % (ipstr,))
- 		if "." in s[1] or ":" in s[1]: # 255.255.255.0 resp. ffff:: style mask
- 			s[1] = IPAddr.masktoplen(s[1])
--		s[1] = long(s[1])
-+		s[1] = int(s[1])
- 		return s
- 		
- 	def __init(self, ipstr, cidr=CIDR_UNSPEC):
-@@ -309,7 +309,7 @@ class IPAddr(object):
- 
- 				# mask out host portion if prefix length is supplied
- 				if cidr is not None and cidr >= 0:
--					mask = ~(0xFFFFFFFFL >> cidr)
-+					mask = ~(0xFFFFFFFF >> cidr)
- 					self._addr &= mask
- 					self._plen = cidr
- 
-@@ -321,13 +321,13 @@ class IPAddr(object):
- 
- 				# mask out host portion if prefix length is supplied
- 				if cidr is not None and cidr >= 0:
--					mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL >> cidr)
-+					mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> cidr)
- 					self._addr &= mask
- 					self._plen = cidr
- 
- 				# if IPv6 address is a IPv4-compatible, make instance a IPv4
- 				elif self.isInNet(IPAddr.IP6_4COMPAT):
--					self._addr = lo & 0xFFFFFFFFL
-+					self._addr = lo & 0xFFFFFFFF
- 					self._family = socket.AF_INET
- 					self._plen = 32
- 		else:
-@@ -445,7 +445,7 @@ class IPAddr(object):
- 		elif self.isIPv6:
- 			# convert network to host byte order
- 			hi = self._addr >> 64
--			lo = self._addr & 0xFFFFFFFFFFFFFFFFL
-+			lo = self._addr & 0xFFFFFFFFFFFFFFFF
- 			binary = struct.pack("!QQ", hi, lo)
- 			if self._plen and self._plen < 128:
- 				add = "/%d" % self._plen
-@@ -503,9 +503,9 @@ class IPAddr(object):
- 		if self.family != net.family:
- 			return False
- 		if self.isIPv4:
--			mask = ~(0xFFFFFFFFL >> net.plen)
-+			mask = ~(0xFFFFFFFF >> net.plen)
- 		elif self.isIPv6:
--			mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL >> net.plen)
-+			mask = ~(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF >> net.plen)
- 		else:
- 			return False
- 		
-@@ -517,7 +517,7 @@ class IPAddr(object):
- 		m4 = (1 << 32)-1
- 		mmap = {m6: 128, m4: 32, 0: 0}
- 		m = 0
--		for i in xrange(0, 128):
-+		for i in range(0, 128):
- 			m |= 1 << i
- 			if i < 32:
- 				mmap[m ^ m4] = 32-1-i
-diff --git a/fail2ban/server/jail.py b/fail2ban/server/jail.py
-index ce9968a8..5fa5ef10 100644
---- a/fail2ban/server/jail.py
-+++ b/fail2ban/server/jail.py
-@@ -26,7 +26,7 @@ __license__ = "GPL"
- import logging
- import math
- import random
--import Queue
-+import queue
- 
- from .actions import Actions
- from ..helpers import getLogger, _as_bool, extractOptions, MyTime
-@@ -76,7 +76,7 @@ class Jail(object):
- 							"might not function correctly. Please shorten"
- 							% name)
- 		self.__name = name
--		self.__queue = Queue.Queue()
-+		self.__queue = queue.Queue()
- 		self.__filter = None
- 		# Extra parameters for increase ban time
- 		self._banExtra = {};
-@@ -127,25 +127,25 @@ class Jail(object):
- 			"Failed to initialize any backend for Jail %r" % self.name)
- 
- 	def _initPolling(self, **kwargs):
--		from filterpoll import FilterPoll
-+		from .filterpoll import FilterPoll
- 		logSys.info("Jail '%s' uses poller %r" % (self.name, kwargs))
- 		self.__filter = FilterPoll(self, **kwargs)
- 
- 	def _initGamin(self, **kwargs):
- 		# Try to import gamin
--		from filtergamin import FilterGamin
-+		from .filtergamin import FilterGamin
- 		logSys.info("Jail '%s' uses Gamin %r" % (self.name, kwargs))
- 		self.__filter = FilterGamin(self, **kwargs)
- 
- 	def _initPyinotify(self, **kwargs):
- 		# Try to import pyinotify
--		from filterpyinotify import FilterPyinotify
-+		from .filterpyinotify import FilterPyinotify
- 		logSys.info("Jail '%s' uses pyinotify %r" % (self.name, kwargs))
- 		self.__filter = FilterPyinotify(self, **kwargs)
- 
- 	def _initSystemd(self, **kwargs): # pragma: systemd no cover
- 		# Try to import systemd
--		from filtersystemd import FilterSystemd
-+		from .filtersystemd import FilterSystemd
- 		logSys.info("Jail '%s' uses systemd %r" % (self.name, kwargs))
- 		self.__filter = FilterSystemd(self, **kwargs)
- 
-@@ -213,7 +213,7 @@ class Jail(object):
- 		try:
- 			ticket = self.__queue.get(False)
- 			return ticket
--		except Queue.Empty:
-+		except queue.Empty:
- 			return False
- 
- 	def setBanTimeExtra(self, opt, value):
-diff --git a/fail2ban/server/mytime.py b/fail2ban/server/mytime.py
-index 98b69bd4..24bba5cf 100644
---- a/fail2ban/server/mytime.py
-+++ b/fail2ban/server/mytime.py
-@@ -162,7 +162,7 @@ class MyTime:
- 		
- 		@returns number (calculated seconds from expression "val")
- 		"""
--		if isinstance(val, (int, long, float, complex)):
-+		if isinstance(val, (int, float, complex)):
- 			return val
- 		# replace together standing abbreviations, example '1d12h' -> '1d 12h':
- 		val = MyTime._str2sec_prep.sub(r" \1", val)
-diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py
-index 159f6506..fc948e8c 100644
---- a/fail2ban/server/server.py
-+++ b/fail2ban/server/server.py
-@@ -97,7 +97,7 @@ class Server:
- 
- 	def start(self, sock, pidfile, force=False, observer=True, conf={}):
- 		# First set the mask to only allow access to owner
--		os.umask(0077)
-+		os.umask(0o077)
- 		# Second daemonize before logging etc, because it will close all handles:
- 		if self.__daemon: # pragma: no cover
- 			logSys.info("Starting in daemon mode")
-@@ -190,7 +190,7 @@ class Server:
- 
- 		# Restore default signal handlers:
- 		if _thread_name() == '_MainThread':
--			for s, sh in self.__prev_signals.iteritems():
-+			for s, sh in self.__prev_signals.items():
- 				signal.signal(s, sh)
- 
- 		# Give observer a small chance to complete its work before exit
-@@ -268,10 +268,10 @@ class Server:
- 		logSys.info("Stopping all jails")
- 		with self.__lock:
- 			# 1st stop all jails (signal and stop actions/filter thread):
--			for name in self.__jails.keys():
-+			for name in list(self.__jails.keys()):
- 				self.delJail(name, stop=True, join=False)
- 			# 2nd wait for end and delete jails:
--			for name in self.__jails.keys():
-+			for name in list(self.__jails.keys()):
- 				self.delJail(name, stop=False, join=True)
- 
- 	def reloadJails(self, name, opts, begin):
-@@ -302,7 +302,7 @@ class Server:
- 					if "--restart" in opts:
- 						self.stopAllJail()
- 				# first set all affected jail(s) to idle and reset filter regex and other lists/dicts:
--				for jn, jail in self.__jails.iteritems():
-+				for jn, jail in self.__jails.items():
- 					if name == '--all' or jn == name:
- 						jail.idle = True
- 						self.__reload_state[jn] = jail
-@@ -313,7 +313,7 @@ class Server:
- 			# end reload, all affected (or new) jails have already all new parameters (via stream) and (re)started:
- 			with self.__lock:
- 				deljails = []
--				for jn, jail in self.__jails.iteritems():
-+				for jn, jail in self.__jails.items():
- 					# still in reload state:
- 					if jn in self.__reload_state:
- 						# remove jails that are not reloaded (untouched, so not in new configuration)
-@@ -513,7 +513,7 @@ class Server:
- 			jails = [self.__jails[name]]
- 		else:
- 			# in all jails:
--			jails = self.__jails.values()
-+			jails = list(self.__jails.values())
- 		# unban given or all (if value is None):
- 		cnt = 0
- 		ifexists |= (name is None)
-@@ -551,7 +551,7 @@ class Server:
- 	def isAlive(self, jailnum=None):
- 		if jailnum is not None and len(self.__jails) != jailnum:
- 			return 0
--		for jail in self.__jails.values():
-+		for jail in list(self.__jails.values()):
- 			if not jail.isAlive():
- 				return 0
- 		return 1
-@@ -759,7 +759,7 @@ class Server:
- 			return "flushed"
- 			
- 	def setThreadOptions(self, value):
--		for o, v in value.iteritems():
-+		for o, v in value.items():
- 			if o == 'stacksize':
- 				threading.stack_size(int(v)*1024)
- 			else: # pragma: no cover
-diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
-index 498d284b..a5579fdc 100644
---- a/fail2ban/server/strptime.py
-+++ b/fail2ban/server/strptime.py
-@@ -79,7 +79,7 @@ timeRE['ExY'] = r"(?P<Y>%s\d)" % _getYearCentRE(cent=(0,3), distance=3)
- timeRE['Exy'] = r"(?P<y>%s\d)" % _getYearCentRE(cent=(2,3), distance=3)
- 
- def getTimePatternRE():
--	keys = timeRE.keys()
-+	keys = list(timeRE.keys())
- 	patt = (r"%%(%%|%s|[%s])" % (
- 		"|".join([k for k in keys if len(k) > 1]),
- 		"".join([k for k in keys if len(k) == 1]),
-@@ -134,7 +134,7 @@ def zone2offset(tz, dt):
- 	"""
- 	if isinstance(tz, int):
- 		return tz
--	if isinstance(tz, basestring):
-+	if isinstance(tz, str):
- 		return validateTimeZone(tz)
- 	tz, tzo = tz
- 	if tzo is None or tzo == '': # without offset
-@@ -171,7 +171,7 @@ def reGroupDictStrptime(found_dict, msec=False, default_tz=None):
- 	year = month = day = hour = minute = tzoffset = \
- 	weekday = julian = week_of_year = None
- 	second = fraction = 0
--	for key, val in found_dict.iteritems():
-+	for key, val in found_dict.items():
- 		if val is None: continue
- 		# Directives not explicitly handled below:
- 		#   c, x, X
-diff --git a/fail2ban/server/ticket.py b/fail2ban/server/ticket.py
-index f67e0d23..f0b727c2 100644
---- a/fail2ban/server/ticket.py
-+++ b/fail2ban/server/ticket.py
-@@ -55,7 +55,7 @@ class Ticket(object):
- 		self._time = time if time is not None else MyTime.time()
- 		self._data = {'matches': matches or [], 'failures': 0}
- 		if data is not None:
--			for k,v in data.iteritems():
-+			for k,v in data.items():
- 				if v is not None:
- 					self._data[k] = v
- 		if ticket:
-@@ -89,7 +89,7 @@ class Ticket(object):
- 
- 	def setIP(self, value):
- 		# guarantee using IPAddr instead of unicode, str for the IP
--		if isinstance(value, basestring):
-+		if isinstance(value, str):
- 			value = IPAddr(value)
- 		self._ip = value
- 	
-@@ -181,7 +181,7 @@ class Ticket(object):
- 		if len(args) == 1:
- 			# todo: if support >= 2.7 only:
- 			# self._data = {k:v for k,v in args[0].iteritems() if v is not None}
--			self._data = dict([(k,v) for k,v in args[0].iteritems() if v is not None])
-+			self._data = dict([(k,v) for k,v in args[0].items() if v is not None])
- 		# add k,v list or dict (merge):
- 		elif len(args) == 2:
- 			self._data.update((args,))
-@@ -192,7 +192,7 @@ class Ticket(object):
- 		# filter (delete) None values:
- 		# todo: if support >= 2.7 only:
- 		# self._data = {k:v for k,v in self._data.iteritems() if v is not None}
--		self._data = dict([(k,v) for k,v in self._data.iteritems() if v is not None])
-+		self._data = dict([(k,v) for k,v in self._data.items() if v is not None])
- 	
- 	def getData(self, key=None, default=None):
- 		# return whole data dict:
-@@ -201,17 +201,17 @@ class Ticket(object):
- 		# return default if not exists:
- 		if not self._data:
- 			return default
--		if not isinstance(key,(str,unicode,type(None),int,float,bool,complex)):
-+		if not isinstance(key,(str,type(None),int,float,bool,complex)):
- 			# return filtered by lambda/function:
- 			if callable(key):
- 				# todo: if support >= 2.7 only:
- 				# return {k:v for k,v in self._data.iteritems() if key(k)}
--				return dict([(k,v) for k,v in self._data.iteritems() if key(k)])
-+				return dict([(k,v) for k,v in self._data.items() if key(k)])
- 			# return filtered by keys:
- 			if hasattr(key, '__iter__'):
- 				# todo: if support >= 2.7 only:
- 				# return {k:v for k,v in self._data.iteritems() if k in key}
--				return dict([(k,v) for k,v in self._data.iteritems() if k in key])
-+				return dict([(k,v) for k,v in self._data.items() if k in key])
- 		# return single value of data:
- 		return self._data.get(key, default)
- 
-diff --git a/fail2ban/server/transmitter.py b/fail2ban/server/transmitter.py
-index f83e9d5f..80726cb4 100644
---- a/fail2ban/server/transmitter.py
-+++ b/fail2ban/server/transmitter.py
-@@ -475,7 +475,7 @@ class Transmitter:
- 			opt = command[1][len("bantime."):]
- 			return self.__server.getBanTimeExtra(name, opt)
- 		elif command[1] == "actions":
--			return self.__server.getActions(name).keys()
-+			return list(self.__server.getActions(name).keys())
- 		elif command[1] == "action":
- 			actionname = command[2]
- 			actionvalue = command[3]
-diff --git a/fail2ban/server/utils.py b/fail2ban/server/utils.py
-index d4461a7d..13c24e76 100644
---- a/fail2ban/server/utils.py
-+++ b/fail2ban/server/utils.py
-@@ -57,7 +57,7 @@ _RETCODE_HINTS = {
- 
- # Dictionary to lookup signal name from number
- signame = dict((num, name)
--	for name, num in signal.__dict__.iteritems() if name.startswith("SIG"))
-+	for name, num in signal.__dict__.items() if name.startswith("SIG"))
- 
- class Utils():
- 	"""Utilities provide diverse static methods like executes OS shell commands, etc.
-@@ -109,7 +109,7 @@ class Utils():
- 								break
- 					else: # pragma: 3.x no cover (dict is in 2.6 only)
- 						remlst = []
--						for (ck, cv) in cache.iteritems():
-+						for (ck, cv) in cache.items():
- 							# if expired:
- 							if cv[1] <= t:
- 								remlst.append(ck)
-@@ -152,7 +152,7 @@ class Utils():
- 		if not isinstance(realCmd, list):
- 			realCmd = [realCmd]
- 		i = len(realCmd)-1
--		for k, v in varsDict.iteritems():
-+		for k, v in varsDict.items():
- 			varsStat += "%s=$%s " % (k, i)
- 			realCmd.append(v)
- 			i += 1
-diff --git a/fail2ban/tests/action_d/test_badips.py b/fail2ban/tests/action_d/test_badips.py
-index 013c0fdb..3c35e4d7 100644
---- a/fail2ban/tests/action_d/test_badips.py
-+++ b/fail2ban/tests/action_d/test_badips.py
-@@ -32,7 +32,7 @@ from ..utils import LogCaptureTestCase, CONFIG_DIR
- if sys.version_info >= (3, ): # pragma: 2.x no cover
- 	from urllib.error import HTTPError, URLError
- else: # pragma: 3.x no cover
--	from urllib2 import HTTPError, URLError
-+	from urllib.error import HTTPError, URLError
- 
- def skip_if_not_available(f):
- 	"""Helper to decorate tests to skip in case of timeout/http-errors like "502 bad gateway".
-diff --git a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py
-index 1a00c040..ecd09246 100644
---- a/fail2ban/tests/actiontestcase.py
-+++ b/fail2ban/tests/actiontestcase.py
-@@ -244,14 +244,14 @@ class CommandActionTest(LogCaptureTestCase):
- 		setattr(self.__action, 'ab', "<ac>")
- 		setattr(self.__action, 'x?family=inet6', "")
- 		# produce self-referencing properties except:
--		self.assertRaisesRegexp(ValueError, r"properties contain self referencing definitions",
-+		self.assertRaisesRegex(ValueError, r"properties contain self referencing definitions",
- 			lambda: self.__action.replaceTag("<a><b>", 
- 				self.__action._properties, conditional="family=inet4")
- 		)
- 		# remore self-referencing in props:
- 		delattr(self.__action, 'ac')
- 		# produce self-referencing query except:
--		self.assertRaisesRegexp(ValueError, r"possible self referencing definitions in query",
-+		self.assertRaisesRegex(ValueError, r"possible self referencing definitions in query",
- 			lambda: self.__action.replaceTag("<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x<x>>>>>>>>>>>>>>>>>>>>>", 
- 				self.__action._properties, conditional="family=inet6")
- 		)
-diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
-index 2c1d0a0e..aa7908c4 100644
---- a/fail2ban/tests/clientreadertestcase.py
-+++ b/fail2ban/tests/clientreadertestcase.py
-@@ -390,7 +390,7 @@ class JailReaderTest(LogCaptureTestCase):
- 		# And multiple groups (`][` instead of `,`)
- 		result = extractOptions(option.replace(',', ']['))
- 		expected2 = (expected[0],
--		 dict((k, v.replace(',', '][')) for k, v in expected[1].iteritems())
-+		 dict((k, v.replace(',', '][')) for k, v in expected[1].items())
- 		)
- 		self.assertEqual(expected2, result)
- 
-@@ -975,7 +975,7 @@ filter = testfilter1
- 		self.assertEqual(add_actions[-1][-1], "{}")
- 
- 	def testLogPathFileFilterBackend(self):
--		self.assertRaisesRegexp(ValueError, r"Have not found any log file for .* jail", 
-+		self.assertRaisesRegex(ValueError, r"Have not found any log file for .* jail", 
- 			self._testLogPath, backend='polling')
- 
- 	def testLogPathSystemdBackend(self):
-diff --git a/fail2ban/tests/databasetestcase.py b/fail2ban/tests/databasetestcase.py
-index 9a5e9fa1..562461a6 100644
---- a/fail2ban/tests/databasetestcase.py
-+++ b/fail2ban/tests/databasetestcase.py
-@@ -67,7 +67,7 @@ class DatabaseTest(LogCaptureTestCase):
- 
- 	@property
- 	def db(self):
--		if isinstance(self._db, basestring) and self._db == ':auto-create-in-memory:':
-+		if isinstance(self._db, str) and self._db == ':auto-create-in-memory:':
- 			self._db = getFail2BanDb(self.dbFilename)
- 		return self._db
- 	@db.setter
-@@ -159,7 +159,7 @@ class DatabaseTest(LogCaptureTestCase):
- 			self.db = Fail2BanDb(self.dbFilename)
- 			self.assertEqual(self.db.getJailNames(), set(['DummyJail #29162448 with 0 tickets']))
- 			self.assertEqual(self.db.getLogPaths(), set(['/tmp/Fail2BanDb_pUlZJh.log']))
--			ticket = FailTicket("127.0.0.1", 1388009242.26, [u"abc\n"])
-+			ticket = FailTicket("127.0.0.1", 1388009242.26, ["abc\n"])
- 			self.assertEqual(self.db.getBans()[0], ticket)
- 
- 			self.assertEqual(self.db.updateDb(Fail2BanDb.__version__), Fail2BanDb.__version__)
-@@ -185,9 +185,9 @@ class DatabaseTest(LogCaptureTestCase):
- 		self.assertEqual(len(bans), 2)
- 		# compare first ticket completely:
- 		ticket = FailTicket("1.2.3.7", 1417595494, [
--			u'Dec  3 09:31:08 f2btest test:auth[27658]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
--			u'Dec  3 09:31:32 f2btest test:auth[27671]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
--			u'Dec  3 09:31:34 f2btest test:auth[27673]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7'
-+			'Dec  3 09:31:08 f2btest test:auth[27658]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
-+			'Dec  3 09:31:32 f2btest test:auth[27671]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7',
-+			'Dec  3 09:31:34 f2btest test:auth[27673]: pam_unix(test:auth): authentication failure; logname= uid=0 euid=0 tty=test ruser= rhost=1.2.3.7'
- 		])
- 		ticket.setAttempt(3)
- 		self.assertEqual(bans[0], ticket)
-@@ -286,11 +286,11 @@ class DatabaseTest(LogCaptureTestCase):
- 		# invalid + valid, invalid + valid unicode, invalid + valid dual converted (like in filter:readline by fallback) ...
- 		tickets = [
- 		  FailTicket("127.0.0.1", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
--		  FailTicket("127.0.0.2", 0, ['user "test"', u'user "\xd1\xe2\xe5\xf2\xe0"', u'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
-+		  FailTicket("127.0.0.2", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
- 		  FailTicket("127.0.0.3", 0, ['user "test"', b'user "\xd1\xe2\xe5\xf2\xe0"', b'user "\xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f"']),
--		  FailTicket("127.0.0.4", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', u'user "\xe4\xf6\xfc\xdf"']),
-+		  FailTicket("127.0.0.4", 0, ['user "test"', 'user "\xd1\xe2\xe5\xf2\xe0"', 'user "\xe4\xf6\xfc\xdf"']),
- 		  FailTicket("127.0.0.5", 0, ['user "test"', 'unterminated \xcf']),
--		  FailTicket("127.0.0.6", 0, ['user "test"', u'unterminated \xcf']),
-+		  FailTicket("127.0.0.6", 0, ['user "test"', 'unterminated \xcf']),
- 		  FailTicket("127.0.0.7", 0, ['user "test"', b'unterminated \xcf'])
- 		]
- 		for ticket in tickets:
-diff --git a/fail2ban/tests/datedetectortestcase.py b/fail2ban/tests/datedetectortestcase.py
-index 458f76ef..49ada60d 100644
---- a/fail2ban/tests/datedetectortestcase.py
-+++ b/fail2ban/tests/datedetectortestcase.py
-@@ -279,7 +279,7 @@ class DateDetectorTest(LogCaptureTestCase):
- 		self.assertEqual(logTime, mu)
- 		self.assertEqual(logMatch.group(1), '2012/10/11 02:37:17')
- 		# confuse it with year being at the end
--		for i in xrange(10):
-+		for i in range(10):
- 			( logTime, logMatch ) =	self.datedetector.getTime('11/10/2012 02:37:17 [error] 18434#0')
- 			self.assertEqual(logTime, mu)
- 			self.assertEqual(logMatch.group(1), '11/10/2012 02:37:17')
-@@ -505,7 +505,7 @@ class CustomDateFormatsTest(unittest.TestCase):
- 			date = dd.getTime(line)
- 			if matched:
- 				self.assertTrue(date)
--				if isinstance(matched, basestring):
-+				if isinstance(matched, str):
- 					self.assertEqual(matched, date[1].group(1))
- 				else:
- 					self.assertEqual(matched, date[0])
-@@ -537,7 +537,7 @@ class CustomDateFormatsTest(unittest.TestCase):
- 			date = dd.getTime(line)
- 			if matched:
- 				self.assertTrue(date)
--				if isinstance(matched, basestring): # pragma: no cover
-+				if isinstance(matched, str): # pragma: no cover
- 					self.assertEqual(matched, date[1].group(1))
- 				else:
- 					self.assertEqual(matched, date[0])
-diff --git a/fail2ban/tests/fail2banclienttestcase.py b/fail2ban/tests/fail2banclienttestcase.py
-index 95f73ed3..bba354fa 100644
---- a/fail2ban/tests/fail2banclienttestcase.py
-+++ b/fail2ban/tests/fail2banclienttestcase.py
-@@ -367,10 +367,10 @@ def with_foreground_server_thread(startextra={}):
- 				# several commands to server in body of decorated function:
- 				return f(self, tmp, startparams, *args, **kwargs)
- 			except Exception as e: # pragma: no cover
--				print('=== Catch an exception: %s' % e)
-+				print(('=== Catch an exception: %s' % e))
- 				log = self.getLog()
- 				if log:
--					print('=== Error of server, log: ===\n%s===' % log)
-+					print(('=== Error of server, log: ===\n%s===' % log))
- 					self.pruneLog()
- 				raise
- 			finally:
-@@ -440,7 +440,7 @@ class Fail2banClientServerBase(LogCaptureTestCase):
- 					)
- 		except:  # pragma: no cover
- 			if _inherited_log(startparams):
--				print('=== Error by wait fot server, log: ===\n%s===' % self.getLog())
-+				print(('=== Error by wait fot server, log: ===\n%s===' % self.getLog()))
- 				self.pruneLog()
- 			log = pjoin(tmp, "f2b.log")
- 			if isfile(log):
-@@ -1610,6 +1610,6 @@ class Fail2banServerTest(Fail2banClientServerBase):
- 			self.stopAndWaitForServerEnd(SUCCESS)
- 
- 		def testServerStartStop(self):
--			for i in xrange(2000):
-+			for i in range(2000):
- 				self._testServerStartStop()
- 
-diff --git a/fail2ban/tests/failmanagertestcase.py b/fail2ban/tests/failmanagertestcase.py
-index a5425286..2a94cc82 100644
---- a/fail2ban/tests/failmanagertestcase.py
-+++ b/fail2ban/tests/failmanagertestcase.py
-@@ -45,11 +45,11 @@ class AddFailure(unittest.TestCase):
- 		super(AddFailure, self).tearDown()
- 		
- 	def _addDefItems(self):
--		self.__items = [[u'193.168.0.128', 1167605999.0],
--					    [u'193.168.0.128', 1167605999.0],
--					    [u'193.168.0.128', 1167605999.0],
--					    [u'193.168.0.128', 1167605999.0],
--					    [u'193.168.0.128', 1167605999.0],
-+		self.__items = [['193.168.0.128', 1167605999.0],
-+					    ['193.168.0.128', 1167605999.0],
-+					    ['193.168.0.128', 1167605999.0],
-+					    ['193.168.0.128', 1167605999.0],
-+					    ['193.168.0.128', 1167605999.0],
- 					    ['87.142.124.10', 1167605999.0],
- 					    ['87.142.124.10', 1167605999.0],
- 					    ['87.142.124.10', 1167605999.0],
-diff --git a/fail2ban/tests/files/config/apache-auth/digest.py b/fail2ban/tests/files/config/apache-auth/digest.py
-index 03588594..e2297ab3 100755
---- a/fail2ban/tests/files/config/apache-auth/digest.py
-+++ b/fail2ban/tests/files/config/apache-auth/digest.py
-@@ -41,7 +41,7 @@ def auth(v):
-         response="%s"
-     """ % ( username, algorithm, realm, url, nonce, qop, response )
- #        opaque="%s",
--    print(p.method, p.url, p.headers)
-+    print((p.method, p.url, p.headers))
-     s =  requests.Session()
-     return s.send(p)
- 
-@@ -76,18 +76,18 @@ r = auth(v)
- 
- # [Sun Jul 28 21:41:20 2013] [error] [client 127.0.0.1] Digest: unknown algorithm `super funky chicken' received: /digest/
- 
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- v['algorithm'] = algorithm
- 
- 
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- 
- nonce = v['nonce']
- v['nonce']=v['nonce'][5:-5]
- 
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- 
- # [Sun Jul 28 21:05:31.178340 2013] [auth_digest:error] [pid 24224:tid 139895539455744] [client 127.0.0.1:56906] AH01793: invalid qop `auth' received: /digest/qop_none/
- 
-@@ -95,7 +95,7 @@ print(r.status_code,r.headers, r.text)
- v['nonce']=nonce[0:11] + 'ZZZ' + nonce[14:]
- 
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- 
- #[Sun Jul 28 21:18:11.769228 2013] [auth_digest:error] [pid 24752:tid 139895505884928] [client 127.0.0.1:56964] AH01776: invalid nonce b9YAiJDiBAZZZ1b1abe02d20063ea3b16b544ea1b0d981c1bafe received - hash is not d42d824dee7aaf50c3ba0a7c6290bd453e3dd35b
- 
-@@ -107,7 +107,7 @@ import time
- time.sleep(1)
- 
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- 
- # Obtained by putting the following code in modules/aaa/mod_auth_digest.c
- # in the function initialize_secret
-@@ -137,7 +137,7 @@ s = sha.sha(apachesecret)
- 
- v=preauth()
- 
--print(v['nonce'])
-+print((v['nonce']))
- realm = v['Digest realm'][1:-1]
- 
- (t,) = struct.unpack('l',base64.b64decode(v['nonce'][1:13]))
-@@ -156,13 +156,13 @@ print(v)
- 
- r = auth(v)
- #[Mon Jul 29 02:12:55.539813 2013] [auth_digest:error] [pid 9647:tid 139895522670336] [client 127.0.0.1:58474] AH01777: invalid nonce 59QJppTiBAA=b08983fd166ade9840407df1b0f75b9e6e07d88d received - user attempted time travel
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- 
- url='/digest_onetime/'
- v=preauth()
- 
- # Need opaque header handling in auth
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
- r = auth(v)
--print(r.status_code,r.headers, r.text)
-+print((r.status_code,r.headers, r.text))
-diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
-index 35785a58..8eeb6902 100644
---- a/fail2ban/tests/filtertestcase.py
-+++ b/fail2ban/tests/filtertestcase.py
-@@ -22,7 +22,7 @@
- __copyright__ = "Copyright (c) 2004 Cyril Jaquier; 2012 Yaroslav Halchenko"
- __license__ = "GPL"
- 
--from __builtin__ import open as fopen
-+from builtins import open as fopen
- import unittest
- import os
- import re
-@@ -204,7 +204,7 @@ def _copy_lines_between_files(in_, fout, n=None, skip=0, mode='a', terminal_line
- 	else:
- 		fin = in_
- 	# Skip
--	for i in xrange(skip):
-+	for i in range(skip):
- 		fin.readline()
- 	# Read
- 	i = 0
-@@ -244,7 +244,7 @@ def _copy_lines_to_journal(in_, fields={},n=None, skip=0, terminal_line=""): # p
- 	# Required for filtering
- 	fields.update(TEST_JOURNAL_FIELDS)
- 	# Skip
--	for i in xrange(skip):
-+	for i in range(skip):
- 		fin.readline()
- 	# Read/Write
- 	i = 0
-@@ -306,18 +306,18 @@ class BasicFilter(unittest.TestCase):
- 	def testTest_tm(self):
- 		unittest.F2B.SkipIfFast()
- 		## test function "_tm" works correct (returns the same as slow strftime):
--		for i in xrange(1417512352, (1417512352 // 3600 + 3) * 3600):
-+		for i in range(1417512352, (1417512352 // 3600 + 3) * 3600):
- 			tm = MyTime.time2str(i)
- 			if _tm(i) != tm: # pragma: no cover - never reachable
- 				self.assertEqual((_tm(i), i), (tm, i))
- 
- 	def testWrongCharInTupleLine(self):
- 		## line tuple has different types (ascii after ascii / unicode):
--		for a1 in ('', u'', b''):
--			for a2 in ('2016-09-05T20:18:56', u'2016-09-05T20:18:56', b'2016-09-05T20:18:56'):
-+		for a1 in ('', '', b''):
-+			for a2 in ('2016-09-05T20:18:56', '2016-09-05T20:18:56', b'2016-09-05T20:18:56'):
- 				for a3 in (
- 					'Fail for "g\xc3\xb6ran" from 192.0.2.1', 
--					u'Fail for "g\xc3\xb6ran" from 192.0.2.1',
-+					'Fail for "g\xc3\xb6ran" from 192.0.2.1',
- 					b'Fail for "g\xc3\xb6ran" from 192.0.2.1'
- 				):
- 					# join should work if all arguments have the same type:
-@@ -435,7 +435,7 @@ class IgnoreIP(LogCaptureTestCase):
- 
- 	def testAddAttempt(self):
- 		self.filter.setMaxRetry(3)
--		for i in xrange(1, 1+3):
-+		for i in range(1, 1+3):
- 			self.filter.addAttempt('192.0.2.1')
- 			self.assertLogged('Attempt 192.0.2.1', '192.0.2.1:%d' % i, all=True, wait=True)
- 		self.jail.actions._Actions__checkBan()
-@@ -472,7 +472,7 @@ class IgnoreIP(LogCaptureTestCase):
- 		# like both test-cases above, just cached (so once per key)...
- 		self.filter.ignoreCache = {"key":"<ip>"}
- 		self.filter.ignoreCommand = 'if [ "<ip>" = "10.0.0.1" ]; then exit 0; fi; exit 1'
--		for i in xrange(5):
-+		for i in range(5):
- 			self.pruneLog()
- 			self.assertTrue(self.filter.inIgnoreIPList("10.0.0.1"))
- 			self.assertFalse(self.filter.inIgnoreIPList("10.0.0.0"))
-@@ -483,7 +483,7 @@ class IgnoreIP(LogCaptureTestCase):
- 		# by host of IP:
- 		self.filter.ignoreCache = {"key":"<ip-host>"}
- 		self.filter.ignoreCommand = 'if [ "<ip-host>" = "test-host" ]; then exit 0; fi; exit 1'
--		for i in xrange(5):
-+		for i in range(5):
- 			self.pruneLog()
- 			self.assertTrue(self.filter.inIgnoreIPList(FailTicket("2001:db8::1")))
- 			self.assertFalse(self.filter.inIgnoreIPList(FailTicket("2001:db8::ffff")))
-@@ -495,7 +495,7 @@ class IgnoreIP(LogCaptureTestCase):
- 		self.filter.ignoreCache = {"key":"<F-USER>", "max-count":"10", "max-time":"1h"}
- 		self.assertEqual(self.filter.ignoreCache, ["<F-USER>", 10, 60*60])
- 		self.filter.ignoreCommand = 'if [ "<F-USER>" = "tester" ]; then exit 0; fi; exit 1'
--		for i in xrange(5):
-+		for i in range(5):
- 			self.pruneLog()
- 			self.assertTrue(self.filter.inIgnoreIPList(FailTicket("tester", data={'user': 'tester'})))
- 			self.assertFalse(self.filter.inIgnoreIPList(FailTicket("root", data={'user': 'root'})))
-@@ -644,7 +644,7 @@ class LogFileFilterPoll(unittest.TestCase):
- 			fc = FileContainer(fname, self.filter.getLogEncoding())
- 			fc.open()
- 			# no time - nothing should be found :
--			for i in xrange(10):
-+			for i in range(10):
- 				f.write("[sshd] error: PAM: failure len 1\n")
- 				f.flush()
- 				fc.setPos(0); self.filter.seekToTime(fc, time)
-@@ -718,14 +718,14 @@ class LogFileFilterPoll(unittest.TestCase):
- 			# variable length of file (ca 45K or 450K before and hereafter):
- 			# write lines with smaller as search time:
- 			t = time - count - 1
--			for i in xrange(count):
-+			for i in range(count):
- 				f.write("%s [sshd] error: PAM: failure\n" % _tm(t))
- 				t += 1
- 			f.flush()
- 			fc.setPos(0); self.filter.seekToTime(fc, time)
- 			self.assertEqual(fc.getPos(), 47*count)
- 			# write lines with exact search time:
--			for i in xrange(10):
-+			for i in range(10):
- 				f.write("%s [sshd] error: PAM: failure\n" % _tm(time))
- 			f.flush()
- 			fc.setPos(0); self.filter.seekToTime(fc, time)
-@@ -734,8 +734,8 @@ class LogFileFilterPoll(unittest.TestCase):
- 			self.assertEqual(fc.getPos(), 47*count)
- 			# write lines with greater as search time:
- 			t = time+1
--			for i in xrange(count//500):
--				for j in xrange(500):
-+			for i in range(count//500):
-+				for j in range(500):
- 					f.write("%s [sshd] error: PAM: failure\n" % _tm(t))
- 					t += 1
- 				f.flush()
-@@ -1488,10 +1488,10 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover
- 			# Add direct utf, unicode, blob:
- 			for l in (
- 		    "error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1",
--		   u"error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1",
-+		   "error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1",
- 		   b"error: PAM: Authentication failure for \xe4\xf6\xfc\xdf from 192.0.2.1".decode('utf-8', 'replace'),
- 		    "error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2",
--		   u"error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2",
-+		   "error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2",
- 		   b"error: PAM: Authentication failure for \xc3\xa4\xc3\xb6\xc3\xbc\xc3\x9f from 192.0.2.2".decode('utf-8', 'replace')
- 			):
- 				fields = self.journal_fields
-@@ -1520,7 +1520,7 @@ class GetFailures(LogCaptureTestCase):
- 
- 	# so that they could be reused by other tests
- 	FAILURES_01 = ('193.168.0.128', 3, 1124013599.0,
--				  [u'Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128']*3)
-+				  ['Aug 14 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 193.168.0.128']*3)
- 
- 	def setUp(self):
- 		"""Call before every test case."""
-@@ -1595,8 +1595,8 @@ class GetFailures(LogCaptureTestCase):
- 
- 	def testGetFailures02(self):
- 		output = ('141.3.81.106', 4, 1124013539.0,
--				  [u'Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2'
--				   % m for m in 53, 54, 57, 58])
-+				  ['Aug 14 11:%d:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.3.81.106 port 51332 ssh2'
-+				   % m for m in (53, 54, 57, 58)])
- 
- 		self.filter.addLogPath(GetFailures.FILENAME_02, autoSeek=0)
- 		self.filter.addFailRegex(r"Failed .* from <HOST>")
-@@ -1691,17 +1691,17 @@ class GetFailures(LogCaptureTestCase):
- 		# We should still catch failures with usedns = no ;-)
- 		output_yes = (
- 			('93.184.216.34', 2, 1124013539.0,
--			  [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2',
--			   u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
-+			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2',
-+			   'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
- 			),
- 			('2606:2800:220:1:248:1893:25c8:1946', 1, 1124013299.0,
--			  [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
-+			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
- 			),
- 		)
- 
- 		output_no = (
- 			('93.184.216.34', 1, 1124013539.0,
--			  [u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
-+			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2']
- 			)
- 		)
- 
-@@ -1807,9 +1807,9 @@ class DNSUtilsTests(unittest.TestCase):
- 		self.assertTrue(c.get('a') is None)
- 		self.assertEqual(c.get('a', 'test'), 'test')
- 		# exact 5 elements :
--		for i in xrange(5):
-+		for i in range(5):
- 			c.set(i, i)
--		for i in xrange(5):
-+		for i in range(5):
- 			self.assertEqual(c.get(i), i)
- 		# remove unavailable key:
- 		c.unset('a'); c.unset('a')
-@@ -1817,30 +1817,30 @@ class DNSUtilsTests(unittest.TestCase):
- 	def testCacheMaxSize(self):
- 		c = Utils.Cache(maxCount=5, maxTime=60)
- 		# exact 5 elements :
--		for i in xrange(5):
-+		for i in range(5):
- 			c.set(i, i)
--		self.assertEqual([c.get(i) for i in xrange(5)], [i for i in xrange(5)])
--		self.assertNotIn(-1, (c.get(i, -1) for i in xrange(5)))
-+		self.assertEqual([c.get(i) for i in range(5)], [i for i in range(5)])
-+		self.assertNotIn(-1, (c.get(i, -1) for i in range(5)))
- 		# add one - too many:
- 		c.set(10, i)
- 		# one element should be removed :
--		self.assertIn(-1, (c.get(i, -1) for i in xrange(5)))
-+		self.assertIn(-1, (c.get(i, -1) for i in range(5)))
- 		# test max size (not expired):
--		for i in xrange(10):
-+		for i in range(10):
- 			c.set(i, 1)
- 		self.assertEqual(len(c), 5)
- 
- 	def testCacheMaxTime(self):
- 		# test max time (expired, timeout reached) :
- 		c = Utils.Cache(maxCount=5, maxTime=0.0005)
--		for i in xrange(10):
-+		for i in range(10):
- 			c.set(i, 1)
- 		st = time.time()
- 		self.assertTrue(Utils.wait_for(lambda: time.time() >= st + 0.0005, 1))
- 		# we have still 5 elements (or fewer if too slow test mashine):
- 		self.assertTrue(len(c) <= 5)
- 		# but all that are expiered also:
--		for i in xrange(10):
-+		for i in range(10):
- 			self.assertTrue(c.get(i) is None)
- 		# here the whole cache should be empty:
- 		self.assertEqual(len(c), 0)
-@@ -1861,7 +1861,7 @@ class DNSUtilsTests(unittest.TestCase):
- 					c = count
- 					while c:
- 						c -= 1
--						s = xrange(0, 256, 1) if forw else xrange(255, -1, -1)
-+						s = range(0, 256, 1) if forw else range(255, -1, -1)
- 						if random: shuffle([i for i in s])
- 						for i in s:
- 							IPAddr('192.0.2.'+str(i), IPAddr.FAM_IPv4)
-@@ -1983,15 +1983,15 @@ class DNSUtilsNetworkTests(unittest.TestCase):
- 
- 	def testAddr2bin(self):
- 		res = IPAddr('10.0.0.0')
--		self.assertEqual(res.addr, 167772160L)
-+		self.assertEqual(res.addr, 167772160)
- 		res = IPAddr('10.0.0.0', cidr=None)
--		self.assertEqual(res.addr, 167772160L)
--		res = IPAddr('10.0.0.0', cidr=32L)
--		self.assertEqual(res.addr, 167772160L)
--		res = IPAddr('10.0.0.1', cidr=32L)
--		self.assertEqual(res.addr, 167772161L)
--		res = IPAddr('10.0.0.1', cidr=31L)
--		self.assertEqual(res.addr, 167772160L)
-+		self.assertEqual(res.addr, 167772160)
-+		res = IPAddr('10.0.0.0', cidr=32)
-+		self.assertEqual(res.addr, 167772160)
-+		res = IPAddr('10.0.0.1', cidr=32)
-+		self.assertEqual(res.addr, 167772161)
-+		res = IPAddr('10.0.0.1', cidr=31)
-+		self.assertEqual(res.addr, 167772160)
- 
- 		self.assertEqual(IPAddr('10.0.0.0').hexdump, '0a000000')
- 		self.assertEqual(IPAddr('1::2').hexdump, '00010000000000000000000000000002')
-@@ -2067,9 +2067,9 @@ class DNSUtilsNetworkTests(unittest.TestCase):
- 			'93.184.216.34': 'ip4-test', 
- 			'2606:2800:220:1:248:1893:25c8:1946': 'ip6-test'
- 		}
--		d2 = dict([(IPAddr(k), v) for k, v in d.iteritems()])
--		self.assertTrue(isinstance(d.keys()[0], basestring))
--		self.assertTrue(isinstance(d2.keys()[0], IPAddr))
-+		d2 = dict([(IPAddr(k), v) for k, v in d.items()])
-+		self.assertTrue(isinstance(list(d.keys())[0], str))
-+		self.assertTrue(isinstance(list(d2.keys())[0], IPAddr))
- 		self.assertEqual(d.get(ip4[2], ''), 'ip4-test')
- 		self.assertEqual(d.get(ip6[2], ''), 'ip6-test')
- 		self.assertEqual(d2.get(str(ip4[2]), ''), 'ip4-test')
-diff --git a/fail2ban/tests/misctestcase.py b/fail2ban/tests/misctestcase.py
-index 9b986f53..94f7a8de 100644
---- a/fail2ban/tests/misctestcase.py
-+++ b/fail2ban/tests/misctestcase.py
-@@ -29,9 +29,9 @@ import tempfile
- import shutil
- import fnmatch
- from glob import glob
--from StringIO import StringIO
-+from io import StringIO
- 
--from utils import LogCaptureTestCase, logSys as DefLogSys
-+from .utils import LogCaptureTestCase, logSys as DefLogSys
- 
- from ..helpers import formatExceptionInfo, mbasename, TraceBack, FormatterWithTraceBack, getLogger, \
- 	splitwords, uni_decode, uni_string
-@@ -67,7 +67,7 @@ class HelpersTest(unittest.TestCase):
- 		self.assertEqual(splitwords(' 1\n  2'), ['1', '2'])
- 		self.assertEqual(splitwords(' 1\n  2, 3'), ['1', '2', '3'])
- 		# string as unicode:
--		self.assertEqual(splitwords(u' 1\n  2, 3'), ['1', '2', '3'])
-+		self.assertEqual(splitwords(' 1\n  2, 3'), ['1', '2', '3'])
- 
- 
- if sys.version_info >= (2,7):
-@@ -197,11 +197,11 @@ class TestsUtilsTest(LogCaptureTestCase):
- 
- 	def testUniConverters(self):
- 		self.assertRaises(Exception, uni_decode, 
--			(b'test' if sys.version_info >= (3,) else u'test'), 'f2b-test::non-existing-encoding')
--		uni_decode((b'test\xcf' if sys.version_info >= (3,) else u'test\xcf'))
-+			(b'test' if sys.version_info >= (3,) else 'test'), 'f2b-test::non-existing-encoding')
-+		uni_decode((b'test\xcf' if sys.version_info >= (3,) else 'test\xcf'))
- 		uni_string(b'test\xcf')
- 		uni_string('test\xcf')
--		uni_string(u'test\xcf')
-+		uni_string('test\xcf')
- 
- 	def testSafeLogging(self):
- 		# logging should be exception-safe, to avoid possible errors (concat, str. conversion, representation failures, etc)
-@@ -213,7 +213,7 @@ class TestsUtilsTest(LogCaptureTestCase):
- 				if self.err:
- 					raise Exception('no represenation for test!')
- 				else:
--					return u'conv-error (\xf2\xf0\xe5\xf2\xe8\xe9), unterminated utf \xcf'
-+					return 'conv-error (\xf2\xf0\xe5\xf2\xe8\xe9), unterminated utf \xcf'
- 		test = Test()
- 		logSys.log(logging.NOTICE, "test 1a: %r", test)
- 		self.assertLogged("Traceback", "no represenation for test!")
-@@ -261,7 +261,7 @@ class TestsUtilsTest(LogCaptureTestCase):
- 					func_raise()
- 
- 			try:
--				print deep_function(3)
-+				print(deep_function(3))
- 			except ValueError:
- 				s = tb()
- 
-@@ -278,7 +278,7 @@ class TestsUtilsTest(LogCaptureTestCase):
- 			self.assertIn(':', s)
- 
- 	def _testAssertionErrorRE(self, regexp, fun, *args, **kwargs):
--		self.assertRaisesRegexp(AssertionError, regexp, fun, *args, **kwargs)
-+		self.assertRaisesRegex(AssertionError, regexp, fun, *args, **kwargs)
- 	
- 	def testExtendedAssertRaisesRE(self):
- 		## test _testAssertionErrorRE several fail cases:
-@@ -316,13 +316,13 @@ class TestsUtilsTest(LogCaptureTestCase):
- 		self._testAssertionErrorRE(r"'a' unexpectedly found in 'cba'",
- 			self.assertNotIn, 'a', 'cba')
- 		self._testAssertionErrorRE(r"1 unexpectedly found in \[0, 1, 2\]",
--			self.assertNotIn, 1, xrange(3))
-+			self.assertNotIn, 1, range(3))
- 		self._testAssertionErrorRE(r"'A' unexpectedly found in \['C', 'A'\]",
- 			self.assertNotIn, 'A', (c.upper() for c in 'cba' if c != 'b'))
- 		self._testAssertionErrorRE(r"'a' was not found in 'xyz'",
- 			self.assertIn, 'a', 'xyz')
- 		self._testAssertionErrorRE(r"5 was not found in \[0, 1, 2\]",
--			self.assertIn, 5, xrange(3))
-+			self.assertIn, 5, range(3))
- 		self._testAssertionErrorRE(r"'A' was not found in \['C', 'B'\]",
- 			self.assertIn, 'A', (c.upper() for c in 'cba' if c != 'a'))
- 		## assertLogged, assertNotLogged positive case:
-diff --git a/fail2ban/tests/observertestcase.py b/fail2ban/tests/observertestcase.py
-index 8e944454..ed520286 100644
---- a/fail2ban/tests/observertestcase.py
-+++ b/fail2ban/tests/observertestcase.py
-@@ -69,7 +69,7 @@ class BanTimeIncr(LogCaptureTestCase):
- 		a.setBanTimeExtra('multipliers', multipliers)
- 		# test algorithm and max time 24 hours :
- 		self.assertEqual(
--			[a.calcBanTime(600, i) for i in xrange(1, 11)],
-+			[a.calcBanTime(600, i) for i in range(1, 11)],
- 			[1200, 2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400]
- 		)
- 		# with extra large max time (30 days):
-@@ -81,38 +81,38 @@ class BanTimeIncr(LogCaptureTestCase):
- 			if multcnt < 11:
- 				arr = arr[0:multcnt-1] + ([arr[multcnt-2]] * (11-multcnt))
- 		self.assertEqual(
--			[a.calcBanTime(600, i) for i in xrange(1, 11)],
-+			[a.calcBanTime(600, i) for i in range(1, 11)],
- 			arr
- 		)
- 		a.setBanTimeExtra('maxtime', '1d')
- 		# change factor :
- 		a.setBanTimeExtra('factor', '2');
- 		self.assertEqual(
--			[a.calcBanTime(600, i) for i in xrange(1, 11)],
-+			[a.calcBanTime(600, i) for i in range(1, 11)],
- 			[2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400, 86400]
- 		)
- 		# factor is float :
- 		a.setBanTimeExtra('factor', '1.33');
- 		self.assertEqual(
--			[int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+			[int(a.calcBanTime(600, i)) for i in range(1, 11)],
- 			[1596, 3192, 6384, 12768, 25536, 51072, 86400, 86400, 86400, 86400]
- 		)
- 		a.setBanTimeExtra('factor', None);
- 		# change max time :
- 		a.setBanTimeExtra('maxtime', '12h')
- 		self.assertEqual(
--			[a.calcBanTime(600, i) for i in xrange(1, 11)],
-+			[a.calcBanTime(600, i) for i in range(1, 11)],
- 			[1200, 2400, 4800, 9600, 19200, 38400, 43200, 43200, 43200, 43200]
- 		)
- 		a.setBanTimeExtra('maxtime', '24h')
- 		## test randomization - not possibe all 10 times we have random = 0:
- 		a.setBanTimeExtra('rndtime', '5m')
- 		self.assertTrue(
--			False in [1200 in [a.calcBanTime(600, 1) for i in xrange(10)] for c in xrange(10)]
-+			False in [1200 in [a.calcBanTime(600, 1) for i in range(10)] for c in range(10)]
- 		)
- 		a.setBanTimeExtra('rndtime', None)
- 		self.assertFalse(
--			False in [1200 in [a.calcBanTime(600, 1) for i in xrange(10)] for c in xrange(10)]
-+			False in [1200 in [a.calcBanTime(600, 1) for i in range(10)] for c in range(10)]
- 		)
- 		# restore default:
- 		a.setBanTimeExtra('multipliers', None)
-@@ -124,7 +124,7 @@ class BanTimeIncr(LogCaptureTestCase):
- 		# this multipliers has the same values as default formula, we test stop growing after count 9:
- 		self.testDefault('1 2 4 8 16 32 64 128 256')
- 		# this multipliers has exactly the same values as default formula, test endless growing (stops by count 31 only):
--		self.testDefault(' '.join([str(1<<i) for i in xrange(31)]))
-+		self.testDefault(' '.join([str(1<<i) for i in range(31)]))
- 
- 	def testFormula(self):
- 		a = self.__jail;
-@@ -136,38 +136,38 @@ class BanTimeIncr(LogCaptureTestCase):
- 		a.setBanTimeExtra('multipliers', None)
- 		# test algorithm and max time 24 hours :
- 		self.assertEqual(
--			[int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+			[int(a.calcBanTime(600, i)) for i in range(1, 11)],
- 			[1200, 2400, 4800, 9600, 19200, 38400, 76800, 86400, 86400, 86400]
- 		)
- 		# with extra large max time (30 days):
- 		a.setBanTimeExtra('maxtime', '30d')
- 		self.assertEqual(
--			[int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+			[int(a.calcBanTime(600, i)) for i in range(1, 11)],
- 			[1200, 2400, 4800, 9600, 19200, 38400, 76800, 153601, 307203, 614407]
- 		)
- 		a.setBanTimeExtra('maxtime', '24h')
- 		# change factor :
- 		a.setBanTimeExtra('factor', '1');
- 		self.assertEqual(
--			[int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+			[int(a.calcBanTime(600, i)) for i in range(1, 11)],
- 			[1630, 4433, 12051, 32758, 86400, 86400, 86400, 86400, 86400, 86400]
- 		)
- 		a.setBanTimeExtra('factor', '2.0 / 2.885385')
- 		# change max time :
- 		a.setBanTimeExtra('maxtime', '12h')
- 		self.assertEqual(
--			[int(a.calcBanTime(600, i)) for i in xrange(1, 11)],
-+			[int(a.calcBanTime(600, i)) for i in range(1, 11)],
- 			[1200, 2400, 4800, 9600, 19200, 38400, 43200, 43200, 43200, 43200]
- 		)
- 		a.setBanTimeExtra('maxtime', '24h')
- 		## test randomization - not possibe all 10 times we have random = 0:
- 		a.setBanTimeExtra('rndtime', '5m')
- 		self.assertTrue(
--			False in [1200 in [int(a.calcBanTime(600, 1)) for i in xrange(10)] for c in xrange(10)]
-+			False in [1200 in [int(a.calcBanTime(600, 1)) for i in range(10)] for c in range(10)]
- 		)
- 		a.setBanTimeExtra('rndtime', None)
- 		self.assertFalse(
--			False in [1200 in [int(a.calcBanTime(600, 1)) for i in xrange(10)] for c in xrange(10)]
-+			False in [1200 in [int(a.calcBanTime(600, 1)) for i in range(10)] for c in range(10)]
- 		)
- 		# restore default:
- 		a.setBanTimeExtra('factor', None);
-@@ -230,7 +230,7 @@ class BanTimeIncrDB(LogCaptureTestCase):
- 		ticket = FailTicket(ip, stime, [])
- 		# test ticket not yet found
- 		self.assertEqual(
--			[self.incrBanTime(ticket, 10) for i in xrange(3)], 
-+			[self.incrBanTime(ticket, 10) for i in range(3)], 
- 			[10, 10, 10]
- 		)
- 		# add a ticket banned
-@@ -285,7 +285,7 @@ class BanTimeIncrDB(LogCaptureTestCase):
- 		)
- 		# increase ban multiple times:
- 		lastBanTime = 20
--		for i in xrange(10):
-+		for i in range(10):
- 			ticket.setTime(stime + lastBanTime + 5)
- 			banTime = self.incrBanTime(ticket, 10)
- 			self.assertEqual(banTime, lastBanTime * 2)
-@@ -481,7 +481,7 @@ class BanTimeIncrDB(LogCaptureTestCase):
- 		ticket = FailTicket(ip, stime-120, [])
- 		failManager = FailManager()
- 		failManager.setMaxRetry(3)
--		for i in xrange(3):
-+		for i in range(3):
- 			failManager.addFailure(ticket)
- 			obs.add('failureFound', failManager, jail, ticket)
- 		obs.wait_empty(5)
-diff --git a/fail2ban/tests/samplestestcase.py b/fail2ban/tests/samplestestcase.py
-index 0bbd05f5..479b564a 100644
---- a/fail2ban/tests/samplestestcase.py
-+++ b/fail2ban/tests/samplestestcase.py
-@@ -138,7 +138,7 @@ class FilterSamplesRegex(unittest.TestCase):
- 
- 	@staticmethod
- 	def _filterOptions(opts):
--				return dict((k, v) for k, v in opts.iteritems() if not k.startswith('test.'))
-+				return dict((k, v) for k, v in opts.items() if not k.startswith('test.'))
- 		
- def testSampleRegexsFactory(name, basedir):
- 	def testFilter(self):
-@@ -249,10 +249,10 @@ def testSampleRegexsFactory(name, basedir):
- 						self.assertTrue(faildata.get('match', False), 
- 							"Line matched when shouldn't have")
- 						self.assertEqual(len(ret), 1,
--							"Multiple regexs matched %r" % (map(lambda x: x[0], ret)))
-+							"Multiple regexs matched %r" % ([x[0] for x in ret]))
- 
- 						# Verify match captures (at least fid/host) and timestamp as expected
--						for k, v in faildata.iteritems():
-+						for k, v in faildata.items():
- 							if k not in ("time", "match", "desc", "filter"):
- 								fv = fail.get(k, None)
- 								if fv is None:
-@@ -294,7 +294,7 @@ def testSampleRegexsFactory(name, basedir):
- 								'\n'.join(pprint.pformat(fail).splitlines())))
- 
- 		# check missing samples for regex using each filter-options combination:
--		for fltName, flt in self._filters.iteritems():
-+		for fltName, flt in self._filters.items():
- 			flt, regexsUsedIdx = flt
- 			regexList = flt.getFailRegex()
- 			for failRegexIndex, failRegex in enumerate(regexList):
-diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
-index 55e72455..7925ab1e 100644
---- a/fail2ban/tests/servertestcase.py
-+++ b/fail2ban/tests/servertestcase.py
-@@ -124,14 +124,14 @@ class TransmitterBase(LogCaptureTestCase):
- 			self.transm.proceed(["get", jail, cmd]), (0, []))
- 		for n, value in enumerate(values):
- 			ret = self.transm.proceed(["set", jail, cmdAdd, value])
--			self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[:n+1])), level=2)
-+			self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[:n+1]))), level=2)
- 			ret = self.transm.proceed(["get", jail, cmd])
--			self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[:n+1])), level=2)
-+			self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[:n+1]))), level=2)
- 		for n, value in enumerate(values):
- 			ret = self.transm.proceed(["set", jail, cmdDel, value])
--			self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[n+1:])), level=2)
-+			self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[n+1:]))), level=2)
- 			ret = self.transm.proceed(["get", jail, cmd])
--			self.assertSortedEqual((ret[0], map(str, ret[1])), (0, map(str, values[n+1:])), level=2)
-+			self.assertSortedEqual((ret[0], list(map(str, ret[1]))), (0, list(map(str, values[n+1:]))), level=2)
- 
- 	def jailAddDelRegexTest(self, cmd, inValues, outValues, jail):
- 		cmdAdd = "add" + cmd
-@@ -930,7 +930,7 @@ class TransmitterLogging(TransmitterBase):
- 
- 	def testLogTarget(self):
- 		logTargets = []
--		for _ in xrange(3):
-+		for _ in range(3):
- 			tmpFile = tempfile.mkstemp("fail2ban", "transmitter")
- 			logTargets.append(tmpFile[1])
- 			os.close(tmpFile[0])
-@@ -1003,26 +1003,26 @@ class TransmitterLogging(TransmitterBase):
- 				self.assertEqual(self.transm.proceed(["flushlogs"]), (0, "rolled over"))
- 				l.warning("After flushlogs")
- 				with open(fn2,'r') as f:
--					line1 = f.next()
-+					line1 = next(f)
- 					if line1.find('Changed logging target to') >= 0:
--						line1 = f.next()
-+						line1 = next(f)
- 					self.assertTrue(line1.endswith("Before file moved\n"))
--					line2 = f.next()
-+					line2 = next(f)
- 					self.assertTrue(line2.endswith("After file moved\n"))
- 					try:
--						n = f.next()
-+						n = next(f)
- 						if n.find("Command: ['flushlogs']") >=0:
--							self.assertRaises(StopIteration, f.next)
-+							self.assertRaises(StopIteration, f.__next__)
- 						else:
- 							self.fail("Exception StopIteration or Command: ['flushlogs'] expected. Got: %s" % n)
- 					except StopIteration:
- 						pass # on higher debugging levels this is expected
- 				with open(fn,'r') as f:
--					line1 = f.next()
-+					line1 = next(f)
- 					if line1.find('rollover performed on') >= 0:
--						line1 = f.next()
-+						line1 = next(f)
- 					self.assertTrue(line1.endswith("After flushlogs\n"))
--					self.assertRaises(StopIteration, f.next)
-+					self.assertRaises(StopIteration, f.__next__)
- 					f.close()
- 			finally:
- 				os.remove(fn2)
-@@ -1185,7 +1185,7 @@ class LoggingTests(LogCaptureTestCase):
- 					os.remove(f)
- 
- 
--from clientreadertestcase import ActionReader, JailsReader, CONFIG_DIR
-+from .clientreadertestcase import ActionReader, JailsReader, CONFIG_DIR
- 
- class ServerConfigReaderTests(LogCaptureTestCase):
- 
-diff --git a/fail2ban/tests/sockettestcase.py b/fail2ban/tests/sockettestcase.py
-index 69bf8d8b..60f49e57 100644
---- a/fail2ban/tests/sockettestcase.py
-+++ b/fail2ban/tests/sockettestcase.py
-@@ -153,7 +153,7 @@ class Socket(LogCaptureTestCase):
- 		org_handler = RequestHandler.found_terminator
- 		try:
- 			RequestHandler.found_terminator = lambda self: self.close()
--			self.assertRaisesRegexp(RuntimeError, r"socket connection broken", 
-+			self.assertRaisesRegex(RuntimeError, r"socket connection broken", 
- 				lambda: client.send(testMessage, timeout=unittest.F2B.maxWaitTime(10)))
- 		finally:
- 			RequestHandler.found_terminator = org_handler
-diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
-index fcfddba7..cb234e0d 100644
---- a/fail2ban/tests/utils.py
-+++ b/fail2ban/tests/utils.py
-@@ -35,7 +35,7 @@ import time
- import threading
- import unittest
- 
--from cStringIO import StringIO
-+from io import StringIO
- from functools import wraps
- 
- from ..helpers import getLogger, str2LogLevel, getVerbosityFormat, uni_decode
-@@ -174,8 +174,8 @@ def initProcess(opts):
- 
- 	# Let know the version
- 	if opts.verbosity != 0:
--		print("Fail2ban %s test suite. Python %s. Please wait..." \
--				% (version, str(sys.version).replace('\n', '')))
-+		print(("Fail2ban %s test suite. Python %s. Please wait..." \
-+				% (version, str(sys.version).replace('\n', ''))))
- 
- 	return opts;
- 
-@@ -322,7 +322,7 @@ def initTests(opts):
- 	c = DNSUtils.CACHE_ipToName
- 	# increase max count and max time (too many entries, long time testing):
- 	c.setOptions(maxCount=10000, maxTime=5*60)
--	for i in xrange(256):
-+	for i in range(256):
- 		c.set('192.0.2.%s' % i, None)
- 		c.set('198.51.100.%s' % i, None)
- 		c.set('203.0.113.%s' % i, None)
-@@ -541,8 +541,8 @@ def gatherTests(regexps=None, opts=None):
- import difflib, pprint
- if not hasattr(unittest.TestCase, 'assertDictEqual'):
- 	def assertDictEqual(self, d1, d2, msg=None):
--		self.assert_(isinstance(d1, dict), 'First argument is not a dictionary')
--		self.assert_(isinstance(d2, dict), 'Second argument is not a dictionary')
-+		self.assertTrue(isinstance(d1, dict), 'First argument is not a dictionary')
-+		self.assertTrue(isinstance(d2, dict), 'Second argument is not a dictionary')
- 		if d1 != d2:
- 			standardMsg = '%r != %r' % (d1, d2)
- 			diff = ('\n' + '\n'.join(difflib.ndiff(
-@@ -560,7 +560,7 @@ def assertSortedEqual(self, a, b, level=1, nestedOnly=True, key=repr, msg=None):
- 	# used to recognize having element as nested dict, list or tuple:
- 	def _is_nested(v):
- 		if isinstance(v, dict):
--			return any(isinstance(v, (dict, list, tuple)) for v in v.itervalues())
-+			return any(isinstance(v, (dict, list, tuple)) for v in v.values())
- 		return any(isinstance(v, (dict, list, tuple)) for v in v)
- 	# level comparison routine:
- 	def _assertSortedEqual(a, b, level, nestedOnly, key):
-@@ -573,7 +573,7 @@ def assertSortedEqual(self, a, b, level=1, nestedOnly=True, key=repr, msg=None):
- 				return
- 			raise ValueError('%r != %r' % (a, b))
- 		if isinstance(a, dict) and isinstance(b, dict): # compare dict's:
--			for k, v1 in a.iteritems():
-+			for k, v1 in a.items():
- 				v2 = b[k]
- 				if isinstance(v1, (dict, list, tuple)) and isinstance(v2, (dict, list, tuple)):
- 					_assertSortedEqual(v1, v2, level-1 if level != 0 else 0, nestedOnly, key)
-@@ -608,14 +608,14 @@ if not hasattr(unittest.TestCase, 'assertRaisesRegexp'):
- 				self.fail('\"%s\" does not match \"%s\"' % (regexp, e))
- 		else:
- 			self.fail('%s not raised' % getattr(exccls, '__name__'))
--	unittest.TestCase.assertRaisesRegexp = assertRaisesRegexp
-+	unittest.TestCase.assertRaisesRegex = assertRaisesRegexp
- 
- # always custom following methods, because we use atm better version of both (support generators)
- if True: ## if not hasattr(unittest.TestCase, 'assertIn'):
- 	def assertIn(self, a, b, msg=None):
- 		bb = b
- 		wrap = False
--		if msg is None and hasattr(b, '__iter__') and not isinstance(b, basestring):
-+		if msg is None and hasattr(b, '__iter__') and not isinstance(b, str):
- 			b, bb = itertools.tee(b)
- 			wrap = True
- 		if a not in b:
-@@ -626,7 +626,7 @@ if True: ## if not hasattr(unittest.TestCase, 'assertIn'):
- 	def assertNotIn(self, a, b, msg=None):
- 		bb = b
- 		wrap = False
--		if msg is None and hasattr(b, '__iter__') and not isinstance(b, basestring):
-+		if msg is None and hasattr(b, '__iter__') and not isinstance(b, str):
- 			b, bb = itertools.tee(b)
- 			wrap = True
- 		if a in b:
-diff --git a/setup.py b/setup.py
-deleted file mode 100755
-index ce1eedf6..00000000
---- a/setup.py
-+++ /dev/null
-@@ -1,326 +0,0 @@
--#!/usr/bin/env python
--# emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*-
--# vi: set ft=python sts=4 ts=4 sw=4 noet :
--
--# This file is part of Fail2Ban.
--#
--# Fail2Ban is free software; you can redistribute it and/or modify
--# it under the terms of the GNU General Public License as published by
--# the Free Software Foundation; either version 2 of the License, or
--# (at your option) any later version.
--#
--# Fail2Ban is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with Fail2Ban; if not, write to the Free Software
--# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
--
--__author__ = "Cyril Jaquier, Steven Hiscocks, Yaroslav Halchenko"
--__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2008-2016 Fail2Ban Contributors"
--__license__ = "GPL"
--
--import platform
--
--try:
--	import setuptools
--	from setuptools import setup
--	from setuptools.command.install import install
--	from setuptools.command.install_scripts import install_scripts
--except ImportError:
--	setuptools = None
--	from distutils.core import setup
--
--# all versions
--from distutils.command.build_py import build_py
--from distutils.command.build_scripts import build_scripts
--if setuptools is None:
--	from distutils.command.install import install
--	from distutils.command.install_scripts import install_scripts
--try:
--	# python 3.x
--	from distutils.command.build_py import build_py_2to3
--	from distutils.command.build_scripts import build_scripts_2to3
--	_2to3 = True
--except ImportError:
--	# python 2.x
--	_2to3 = False
--
--import os
--from os.path import isfile, join, isdir, realpath
--import re
--import sys
--import warnings
--from glob import glob
--
--from fail2ban.setup import updatePyExec
--
--
--source_dir = os.path.realpath(os.path.dirname(
--	# __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
--	sys.argv[0] if os.path.basename(sys.argv[0]) == 'setup.py' else __file__
--))
--
--# Wrapper to install python binding (to current python version):
--class install_scripts_f2b(install_scripts):
--
--	def get_outputs(self):
--		outputs = install_scripts.get_outputs(self)
--		# setup.py --dry-run install:
--		dry_run = not outputs
--		self.update_scripts(dry_run)
--		if dry_run:
--			#bindir = self.install_dir
--			bindir = self.build_dir
--			print('creating fail2ban-python binding -> %s (dry-run, real path can be different)' % (bindir,))
--			print('Copying content of %s to %s' % (self.build_dir, self.install_dir));
--			return outputs
--		fn = None
--		for fn in outputs:
--			if os.path.basename(fn) == 'fail2ban-server':
--				break
--		bindir = os.path.dirname(fn)
--		print('creating fail2ban-python binding -> %s' % (bindir,))
--		updatePyExec(bindir)
--		return outputs
--
--	def update_scripts(self, dry_run=False):
--		buildroot = os.path.dirname(self.build_dir)
--		install_dir = self.install_dir
--		try:
--			# remove root-base from install scripts path:
--			root = self.distribution.command_options['install']['root'][1]
--			if install_dir.startswith(root):
--				install_dir = install_dir[len(root):]
--		except: # pragma: no cover
--			print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".')
--		print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir))
--		with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn:
--			lines = fn.readlines()
--		fn = None
--		if not dry_run:
--			fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w')
--		try:
--			for ln in lines:
--				ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
--				if dry_run:
--					sys.stdout.write(' | ' + ln)
--					continue
--				fn.write(ln)
--		finally:
--			if fn: fn.close()
--		if dry_run:
--			print(' `')
--
--
--# Wrapper to specify fail2ban own options:
--class install_command_f2b(install):
--	user_options = install.user_options + [
--		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
--		('without-tests', None, 'without tests files installation'),
--	]
--	def initialize_options(self):
--		self.disable_2to3 = None
--		self.without_tests = None
--		install.initialize_options(self)
--	def finalize_options(self):
--		global _2to3
--		## in the test cases 2to3 should be already done (fail2ban-2to3):
--		if self.disable_2to3:
--			_2to3 = False
--		if _2to3:
--			cmdclass = self.distribution.cmdclass
--			cmdclass['build_py'] = build_py_2to3
--			cmdclass['build_scripts'] = build_scripts_2to3
--		if self.without_tests:
--			self.distribution.scripts.remove('bin/fail2ban-testcases')
--
--			self.distribution.packages.remove('fail2ban.tests')
--			self.distribution.packages.remove('fail2ban.tests.action_d')
--
--			del self.distribution.package_data['fail2ban.tests']
--		install.finalize_options(self)
--	def run(self):
--		install.run(self)
--
--
--# Update fail2ban-python env to current python version (where f2b-modules located/installed)
--updatePyExec(os.path.join(source_dir, 'bin'))
--
--if setuptools and "test" in sys.argv:
--	import logging
--	logSys = logging.getLogger("fail2ban")
--	hdlr = logging.StreamHandler(sys.stdout)
--	fmt = logging.Formatter("%(asctime)-15s %(message)s")
--	hdlr.setFormatter(fmt)
--	logSys.addHandler(hdlr)
--	if set(["-q", "--quiet"]) & set(sys.argv):
--		logSys.setLevel(logging.CRITICAL)
--		warnings.simplefilter("ignore")
--		sys.warnoptions.append("ignore")
--	elif set(["-v", "--verbose"]) & set(sys.argv):
--		logSys.setLevel(logging.DEBUG)
--	else:
--		logSys.setLevel(logging.INFO)
--elif "test" in sys.argv:
--	print("python distribute required to execute fail2ban tests")
--	print("")
--
--longdesc = '''
--Fail2Ban scans log files like /var/log/pwdfail or
--/var/log/apache/error_log and bans IP that makes
--too many password failures. It updates firewall rules
--to reject the IP address or executes user defined
--commands.'''
--
--if setuptools:
--	setup_extra = {
--		'test_suite': "fail2ban.tests.utils.gatherTests",
--		'use_2to3': True,
--	}
--else:
--	setup_extra = {}
--
--data_files_extra = []
--if os.path.exists('/var/run'):
--	# if we are on the system with /var/run -- we are to use it for having fail2ban/
--	# directory there for socket file etc.
--	# realpath is used to possibly resolve /var/run -> /run symlink
--	data_files_extra += [(realpath('/var/run/fail2ban'), '')]
--
--# Installing documentation files only under Linux or other GNU/ systems
--# (e.g. GNU/kFreeBSD), since others might have protective mechanisms forbidding
--# installation there (see e.g. #1233)
--platform_system = platform.system().lower()
--doc_files = ['README.md', 'DEVELOP', 'FILTERS', 'doc/run-rootless.txt']
--if platform_system in ('solaris', 'sunos'):
--	doc_files.append('README.Solaris')
--if platform_system in ('linux', 'solaris', 'sunos') or platform_system.startswith('gnu'):
--	data_files_extra.append(
--		('/usr/share/doc/fail2ban', doc_files)
--	)
--
--# Get version number, avoiding importing fail2ban.
--# This is due to tests not functioning for python3 as 2to3 takes place later
--exec(open(join("fail2ban", "version.py")).read())
--
--setup(
--	name = "fail2ban",
--	version = version,
--	description = "Ban IPs that make too many password failures",
--	long_description = longdesc,
--	author = "Cyril Jaquier & Fail2Ban Contributors",
--	author_email = "cyril.jaquier@fail2ban.org",
--	url = "http://www.fail2ban.org",
--	license = "GPL",
--	platforms = "Posix",
--	cmdclass = {
--		'build_py': build_py, 'build_scripts': build_scripts,
--		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
--	},
--	scripts = [
--		'bin/fail2ban-client',
--		'bin/fail2ban-server',
--		'bin/fail2ban-regex',
--		'bin/fail2ban-testcases',
--		# 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper
--	],
--	packages = [
--		'fail2ban',
--		'fail2ban.client',
--		'fail2ban.server',
--		'fail2ban.tests',
--		'fail2ban.tests.action_d',
--	],
--	package_data = {
--		'fail2ban.tests':
--			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
--				for w in os.walk('fail2ban/tests/files')
--				for f in w[2]] +
--			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
--				for w in os.walk('fail2ban/tests/config')
--				for f in w[2]] +
--			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
--				for w in os.walk('fail2ban/tests/action_d')
--				for f in w[2]]
--	},
--	data_files = [
--		('/etc/fail2ban',
--			glob("config/*.conf")
--		),
--		('/etc/fail2ban/filter.d',
--			glob("config/filter.d/*.conf")
--		),
--		('/etc/fail2ban/filter.d/ignorecommands',
--			[p for p in glob("config/filter.d/ignorecommands/*") if isfile(p)]
--		),
--		('/etc/fail2ban/action.d',
--			glob("config/action.d/*.conf") +
--			glob("config/action.d/*.py")
--		),
--		('/etc/fail2ban/fail2ban.d',
--			''
--		),
--		('/etc/fail2ban/jail.d',
--			''
--		),
--		('/var/lib/fail2ban',
--			''
--		),
--	] + data_files_extra,
--	**setup_extra
--)
--
--# Do some checks after installation
--# Search for obsolete files.
--obsoleteFiles = []
--elements = {
--	"/etc/":
--		[
--			"fail2ban.conf"
--		],
--	"/usr/bin/":
--		[
--			"fail2ban.py"
--		],
--	"/usr/lib/fail2ban/":
--		[
--			"version.py",
--			"protocol.py"
--		]
--}
--
--for directory in elements:
--	for f in elements[directory]:
--		path = join(directory, f)
--		if isfile(path):
--			obsoleteFiles.append(path)
--
--if obsoleteFiles:
--	print("")
--	print("Obsolete files from previous Fail2Ban versions were found on "
--		  "your system.")
--	print("Please delete them:")
--	print("")
--	for f in obsoleteFiles:
--		print("\t" + f)
--	print("")
--
--if isdir("/usr/lib/fail2ban"):
--	print("")
--	print("Fail2ban is not installed under /usr/lib anymore. The new "
--		  "location is under /usr/share. Please remove the directory "
--		  "/usr/lib/fail2ban and everything under this directory.")
--	print("")
--
--# Update config file
--if sys.argv[1] == "install":
--	print("")
--	print("Please do not forget to update your configuration files.")
--	print("They are in \"/etc/fail2ban/\".")
--	print("")
--	print("You can also install systemd service-unit file from \"build/fail2ban.service\"")
--	print("resp. corresponding init script from \"files/*-initd\".")
--	print("")
--- 
-2.17.1
-
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
similarity index 90%
rename from meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb
rename to meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index e737f50..6767d80 100644
--- a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.10.4.0.bb
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -9,12 +9,11 @@
 LICENSE = "GPL-2.0"
 LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
 
-SRCREV ="3befbb177017957869425c81a560edb8e27db75a"
+SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46"
 SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
         file://initd \
         file://fail2ban_setup.py \
         file://run-ptest \
-        file://0001-python3-fail2ban-2-3-conversion.patch \
 "
 
 inherit update-rc.d ptest setuptools3
@@ -23,6 +22,8 @@
 
 do_compile_prepend () {
     cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py
+    cd ${S}
+    ./fail2ban-2to3
 }
 
 do_install_append () {
@@ -35,7 +36,7 @@
 do_install_ptest_append () {
     install -d ${D}${PTEST_PATH}
     sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
-    install -D ${S}/bin/fail2ban-testcases ${D}${PTEST_PATH}
+    install -D ${S}/fail2ban-testcases-all-python3 ${D}${PTEST_PATH}
 }
 
 FILES_${PN} += "/run"
diff --git a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
similarity index 94%
rename from meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
rename to meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
index 8847a0f..440b4e3 100644
--- a/meta-security/recipes-security/fscryptctl/fscryptctl_0.1.0.bb
+++ b/meta-security/recipes-security/fscryptctl/fscryptctl_1.0.0.bb
@@ -9,7 +9,7 @@
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
-SRCREV = "142326810eb19d6794793db6d24d0775a15aa8e5"
+SRCREV = "56b898c896240328adef7407090215abbe9ee03d"
 SRC_URI = "git://github.com/google/fscryptctl.git"
 
 S = "${WORKDIR}/git"
diff --git a/meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb b/meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb
similarity index 71%
rename from meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb
rename to meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb
index 9db66e8..6046fa0 100644
--- a/meta-security/recipes-security/libdhash/ding-libs_0.5.0.bb
+++ b/meta-security/recipes-security/libdhash/ding-libs_0.6.1.bb
@@ -9,5 +9,4 @@
 
 inherit autotools pkgconfig
 
-SRC_URI[md5sum] = "786f2880d30136a61df02e5d740ddc6e"
-SRC_URI[sha256sum] = "dab937537a05d7a7cbe605fdb9b3809080d67b124ac97eb321255b35f5b172fd"
+SRC_URI[sha256sum] = "a319a327deb81f2dfab9ce4a4926e80e1dac5dcfc89f4c7e548cec2645af27c1"
diff --git a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch b/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
deleted file mode 100644
index 7d17a03..0000000
--- a/meta-security/recipes-security/libseccomp/files/fix-mips-build-failure.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Backport patch to fix cross compile error for mips:
-
-| syscalls.h:44:6: error: expected identifier or '(' before numeric constant
-|    44 |  int mips;
-|       |      ^~~~
-
-Upstream-Status: Submitted [https://github.com/seccomp/libseccomp/pull/279/commits/04c519e5]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 04c519e5b1de53592e98307813e5c6db7418f91b Mon Sep 17 00:00:00 2001
-From: Paul Moore <paul@paul-moore.com>
-Date: Sun, 2 Aug 2020 09:57:39 -0400
-Subject: [PATCH] build: undefine "mips" to prevent build problems for MIPS
- targets
-
-It turns out that the MIPS GCC compiler defines a "mips" cpp macro
-which was resulting in build failures on MIPS so we need to
-undefine the "mips" macro during build.  As this should be safe
-to do in all architectures, just add it to the compiler flags by
-default.
-
-This was reported in the following GH issue:
-* https://github.com/seccomp/libseccomp/issues/274
-
-Reported-by: Rongwei Zhang <pudh4418@gmail.com>
-Suggested-by: Rongwei Zhang <pudh4418@gmail.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
----
- configure.ac | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 40d9dcbb..3e877348 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -65,9 +65,11 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
- 
- dnl ####
- dnl build flags
-+dnl NOTE: the '-Umips' is here because MIPS GCC compilers "helpfully" define it
-+dnl       for us which wreaks havoc on the build
- dnl ####
- AM_CPPFLAGS="-I\${top_srcdir}/include -I\${top_builddir}/include"
--AM_CFLAGS="-Wall"
-+AM_CFLAGS="-Wall -Umips"
- AM_LDFLAGS="-Wl,-z -Wl,relro"
- AC_SUBST([AM_CPPFLAGS])
- AC_SUBST([AM_CFLAGS])
diff --git a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
similarity index 92%
rename from meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
rename to meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
index 0cf2d70..40ac1a8 100644
--- a/meta-security/recipes-security/libseccomp/libseccomp_2.5.0.bb
+++ b/meta-security/recipes-security/libseccomp/libseccomp_2.5.1.bb
@@ -6,12 +6,11 @@
 
 DEPENDS += "gperf-native"
 
-SRCREV = "f13f58efc690493fe7aa69f54cb52a118f3769c1"
+SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
 
 SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
            file://run-ptest \
-           file://fix-mips-build-failure.patch \
-"
+           "
 
 COMPATIBLE_HOST_riscv32 = "null"
 
diff --git a/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb
similarity index 96%
rename from meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb
rename to meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb
index eb6b7eb..fb84411 100644
--- a/meta-security/recipes-security/mfa/python3-privacyidea_3.3.bb
+++ b/meta-security/recipes-security/mfa/python3-privacyidea_3.5.1.bb
@@ -6,7 +6,7 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
 
 PYPI_PACKAGE = "privacyIDEA"
-SRC_URI[sha256sum] = "55fbdd0fdc8957f7fc5b8900453fd9dc294860bae218e53e7fe394d93f982518"
+SRC_URI[sha256sum] = "c10f8e9ec681af4cb42fde70864c2b9a4b47e2bcccfc1290f83c1283748772c6"
 
 inherit pypi setuptools3
 
diff --git a/meta-security/recipes-security/nikto/nikto_2.1.6.bb b/meta-security/recipes-security/nikto/nikto_2.1.6.bb
index 2d2c46c..615cc30 100644
--- a/meta-security/recipes-security/nikto/nikto_2.1.6.bb
+++ b/meta-security/recipes-security/nikto/nikto_2.1.6.bb
@@ -4,7 +4,7 @@
 HOMEPAGE = "https://cirt.net/Nikto2"
 
 LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
 SRCREV = "f1bbd1a8756c076c8fd4f4dd0bc34a8ef215ae79"
 SRC_URI = "git://github.com/sullo/nikto.git \
diff --git a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch b/meta-security/recipes-security/opendnssec/files/fix_fprint.patch
deleted file mode 100644
index da0bcfe..0000000
--- a/meta-security/recipes-security/opendnssec/files/fix_fprint.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-format not a string literal and no format arguments
-
-missing module_str in call
-
-Upstream-Status: Pending
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-../../../git/enforcer/src/keystate/keystate_ds.c:192:7: error: format not a string literal and no format arguments [-Werror=format-security]
-|   192 |       ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
-|       |       ^~~~~~~~~~~~~~~~~~~~~~~~
-
-
-Index: git/enforcer/src/keystate/keystate_ds.c
-===================================================================
---- git.orig/enforcer/src/keystate/keystate_ds.c
-+++ git/enforcer/src/keystate/keystate_ds.c
-@@ -189,7 +189,7 @@ exec_dnskey_by_id(int sockfd, struct dbw
- 						status = 0;
- 					}
- 					else {
--						ods_log_error_and_printf(sockfd, "Failed to run %s", cp_ds);
-+						ods_log_error_and_printf(sockfd, module_str, "Failed to run %s", cp_ds);
-                                                 status = 7;
- 					}
- 				}
diff --git a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
index 126e197..31d7252 100644
--- a/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
+++ b/meta-security/recipes-security/opendnssec/files/libdns_conf_fix.patch
@@ -4,14 +4,29 @@
 
 Signed-off-by: Armin Kuster <akuster808@gmail.com>
 
-Index: opendnssec-2.1.6/m4/acx_ldns.m4
+Index: opendnssec-2.1.8/configure.ac
 ===================================================================
---- opendnssec-2.1.6.orig/m4/acx_ldns.m4
-+++ opendnssec-2.1.6/m4/acx_ldns.m4
-@@ -1,128 +1,65 @@
+--- opendnssec-2.1.8.orig/configure.ac
++++ opendnssec-2.1.8/configure.ac
+@@ -133,9 +133,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
+ 
+ # common dependencies
+ ACX_LIBXML2
+-ACX_LDNS(1,6,17)
+-ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
+-ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
++ACX_LDNS(1.6.17)
+ ACX_PKCS11_MODULES
+ ACX_RT
+ ACX_LIBC
+Index: opendnssec-2.1.8/m4/acx_ldns.m4
+===================================================================
+--- opendnssec-2.1.8.orig/m4/acx_ldns.m4
++++ opendnssec-2.1.8/m4/acx_ldns.m4
+@@ -1,128 +1,63 @@
 -AC_DEFUN([ACX_LDNS],[
 -	AC_ARG_WITH(ldns, 
--		[AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+-		[AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
 -        	[
 -			LDNS_PATH="$withval"
 -			AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
@@ -70,8 +85,7 @@
 -		AC_MSG_ERROR([ldns library too old ($1.$2.$3 or later required)])
 -	],[])
 -	AC_LANG_POP([C])
-+#serial 11
- 
+-
 -	CPPFLAGS=$tmp_CPPFLAGS
 -
 -	AC_SUBST(LDNS_INCLUDES)
@@ -81,7 +95,7 @@
 -
 -AC_DEFUN([ACX_LDNS_NOT],[
 -	AC_ARG_WITH(ldns, 
--		[AC_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
+-		[AS_HELP_STRING([--with-ldns=PATH],[specify prefix of path of ldns library to use])],
 -        	[
 -			LDNS_PATH="$withval"
 -			AC_PATH_PROGS(LDNS_CONFIG, ldns-config, ldns-config, $LDNS_PATH/bin)
@@ -200,18 +214,3 @@
 +    AC_SUBST([LDNS_LIBS])
 +    AC_SUBST([LDNS_LDFLAGS])
  ])
-Index: opendnssec-2.1.6/configure.ac
-===================================================================
---- opendnssec-2.1.6.orig/configure.ac
-+++ opendnssec-2.1.6/configure.ac
-@@ -138,9 +138,7 @@ AC_CHECK_MEMBER([struct sockaddr_un.sun_
- 
- # common dependencies
- ACX_LIBXML2
--ACX_LDNS(1,6,17)
--ACX_LDNS_NOT(1,6,14, [binary incompatibility, see http://open.nlnetlabs.nl/pipermail/ldns-users/2012-October/000564.html])
--ACX_LDNS_NOT(1,6,15, [fail to create NSEC3 bitmap for empty non-terminals, see http://www.nlnetlabs.nl/pipermail/ldns-users/2012-November/000565.html])
-+ACX_LDNS(1.6.17)
- ACX_PKCS11_MODULES
- ACX_RT
- ACX_LIBC
diff --git a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb
similarity index 85%
rename from meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb
rename to meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb
index 5e42ca8..cf6bdbd 100644
--- a/meta-security/recipes-security/opendnssec/opendnssec_2.1.6.bb
+++ b/meta-security/recipes-security/opendnssec/opendnssec_2.1.8.bb
@@ -5,18 +5,15 @@
 
 DEPENDS = "libxml2 openssl ldns libmicrohttpd jansson libyaml "
 
-SRC_URI = "git://github.com/opendnssec/opendnssec;branch=develop \
+SRC_URI = "https://dist.opendnssec.org/source/opendnssec-${PV}.tar.gz \
            file://libxml2_conf.patch \
            file://libdns_conf_fix.patch \
-           file://fix_fprint.patch \
            "
 
-SRCREV = "5876bccb38428790e2e9afc806ca68b029879874"
+SRC_URI[sha256sum] = "900a213103ff19a405e446327fbfcea9ec13e405283d87b6ffc24a10d9a268f5"
 
 inherit autotools pkgconfig perlnative
 
-S = "${WORKDIR}/git"
-
 EXTRA_OECONF = " --with-libxml2=${STAGING_DIR_HOST}/usr --with-ldns=${STAGING_DIR_HOST}/usr \
                  --with-ssl=${STAGING_DIR_HOST}/usr  "
 
diff --git a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb
index 56f734c..0d70dc6 100644
--- a/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb
+++ b/meta-security/recipes-security/redhat-security/redhat-security_1.0.bb
@@ -2,7 +2,7 @@
 DESCRIPTION = "Tools used by redhat linux distribution for security checks"
 SECTION = "security"
 LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
 SRC_URI = "file://find-chroot-py.sh \
            file://find-chroot.sh \
diff --git a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb b/meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb
similarity index 96%
rename from meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb
rename to meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb
index 925f188..8d81ed1 100644
--- a/meta-security/recipes-security/scapy/python3-scapy_2.4.3.bb
+++ b/meta-security/recipes-security/scapy/python3-scapy_2.4.4.bb
@@ -7,7 +7,7 @@
 
 S = "${WORKDIR}/git"
 
-SRCREV = "3047580162a9407ef05fe981983cacfa698f1159"
+SRCREV = "95ba5b8504152a1f820bbe679ccf03668cb5118f"
 SRC_URI = "git://github.com/secdev/scapy.git \
            file://run-ptest"
 
diff --git a/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb b/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb
deleted file mode 100644
index 74e837a..0000000
--- a/meta-security/recipes-security/softHSM/softhsm_2.6.1.bb
+++ /dev/null
@@ -1,30 +0,0 @@
-SUMMARY = "SoftHSM is an implementation of a cryptographic store accessible through a PKCS #11 interface."
-HOMEPAGE = "www.opendnssec.org"
-
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=ef3f77a3507c3d91e75b9f2bdaee4210"
-
-DEPENDS = "sqlite3"
-
-SRC_URI = "https://dist.opendnssec.org/source/softhsm-2.6.1.tar.gz"
-SRC_URI[sha256sum] = "61249473054bcd1811519ef9a989a880a7bdcc36d317c9c25457fc614df475f2"
-
-inherit autotools pkgconfig siteinfo
-
-EXTRA_OECONF += " --with-sqlite3=${STAGING_DIR_HOST}/usr"
-EXTRA_OECONF += "${@oe.utils.conditional('SITEINFO_BITS', '64', ' --enable-64bit', '', d)}"
-
-PACKAGECONFIG ?= "pk11 openssl"
-
-PACKAGECONFIG[npm] = ",--disable-non-paged-memory"
-PACKAGECONFIG[ecc] = "--enable-ecc,--disable-ecc"
-PACKAGECONFIG[gost] = "--enable-gost,--disable-gost"
-PACKAGECONFIG[eddsa] = "--enable-eddsa, --disable-eddsa"
-PACKAGECONFIG[fips] = "--enable-fips, --disable-fips"
-PACKAGECONFIG[notvisable] = "--disable-visibility"
-PACKAGECONFIG[openssl] = "--with-openssl=${STAGING_DIR_HOST}/usr --with-crypto-backend=openssl, --without-openssl, openssl, openssl"
-PACKAGECONFIG[botan] = "--with-botan=${STAGING_DIR_HOST}/usr --with-crypto-backend=botan, --without-botan, botan"
-PACKAGECONFIG[migrate] = "--with-migrate"
-PACKAGECONFIG[pk11] = "--enable-p11-kit --with-p11-kit==${STAGING_DIR_HOST}/usr, --without-p11-kit, p11-kit, p11-kit"
-
-RDEPENDS_${PN} = "sqlite3"