From 262720ee8f83d22cf436a4221dd099ec3ad47047 Mon Sep 17 00:00:00 2001
From: Tim Biermann <tbier@posteo.de>
Date: Wed, 17 Jul 2024 21:00:46 +0200
Subject: [PATCH] fail2ban: cherry picked openssh 9.8 support, fixed default
 dovecot path

---
 fail2ban/.signature                           |  8 ++++---
 ...408c05ac5206b490368d94599869bd6a056d.patch | 22 +++++++++++++++++++
 ...131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch | 22 +++++++++++++++++++
 fail2ban/Pkgfile                              |  6 ++++-
 fail2ban/paths-crux.conf                      | 10 +++------
 5 files changed, 57 insertions(+), 11 deletions(-)
 create mode 100644 fail2ban/2fed408c05ac5206b490368d94599869bd6a056d.patch
 create mode 100644 fail2ban/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch

diff --git a/fail2ban/.signature b/fail2ban/.signature
index ad46e33d3..9172e6d71 100644
--- a/fail2ban/.signature
+++ b/fail2ban/.signature
@@ -1,7 +1,9 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF33o9DDq2YFji6O8kFa1yGvguKAZMuFNtL4zaYbPqV3/4xWZTjOeXBYRZUVfRMGQqrj4zlSUWZMZZLxfTTeBUDQA=
-SHA256 (Pkgfile) = 8374f641deb4de9fe2c3bf1d99e0f7338a72d11c2ade7c5acecd4bf5e6c26127
+RWSagIOpLGJF3xFFFJKXR0GoJGIw/MMwGPQXStLZGdxab+yvW+pR8kU9qMPu/yTIolUu6HiJ+59R2BjFZwZj9VdwrEwi3YM7ngA=
+SHA256 (Pkgfile) = c28eb3eb6c8af0cdcc8e978f6594d1dc17d19920eb25b518893bcbe9263e40ae
 SHA256 (.footprint) = 820f8ec11bd2570df5ff505cc059a5f46e8aa7a24956065289cbb0bf543a64c7
 SHA256 (fail2ban-1.1.0.tar.gz) = 474fcc25afdaf929c74329d1e4d24420caabeea1ef2e041a267ce19269570bae
+SHA256 (2fed408c05ac5206b490368d94599869bd6a056d.patch) = 1a1a251de039cf567ac81be76ab2b516a44a68751b4432145159fe3b3a59a24a
+SHA256 (50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch) = b959a99fcdf1aa9966e33845fa7522cdf2cc256e98d5230ac47b28057ca70690
 SHA256 (fail2ban.rc) = 2ce3ca9c641dcaa29028909b4f9a2d7f22533ac9d3be9aba45a8362fcb4e36b0
-SHA256 (paths-crux.conf) = 41e6c077c568d7e2fe600e893aa70d7912dcd0316a88f5a695f5ff0d558c8f82
+SHA256 (paths-crux.conf) = 7362f8bfadb65a670ccaf5fe6d318776c7f08dd065f8c772da5c825354674e7e
diff --git a/fail2ban/2fed408c05ac5206b490368d94599869bd6a056d.patch b/fail2ban/2fed408c05ac5206b490368d94599869bd6a056d.patch
new file mode 100644
index 000000000..7117ce21b
--- /dev/null
+++ b/fail2ban/2fed408c05ac5206b490368d94599869bd6a056d.patch
@@ -0,0 +1,22 @@
+From 2fed408c05ac5206b490368d94599869bd6a056d Mon Sep 17 00:00:00 2001
+From: Fabian Dellwing <fabian.dellwing@mbconnectline.de>
+Date: Tue, 2 Jul 2024 07:54:15 +0200
+Subject: [PATCH] Adjust sshd filter for OpenSSH 9.8 new daemon name
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index 1c8a02deb5..a1fd749aed 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+ 
+ [DEFAULT]
+ 
+-_daemon = sshd
++_daemon = (?:sshd(?:-session)?)
+ 
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
diff --git a/fail2ban/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch b/fail2ban/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
new file mode 100644
index 000000000..0f061d94b
--- /dev/null
+++ b/fail2ban/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
@@ -0,0 +1,22 @@
+From 50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Wed, 3 Jul 2024 19:35:28 +0200
+Subject: [PATCH] filter.d/sshd.conf: ungroup (unneeded for _daemon)
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index a1fd749aed..3a84b1ba52 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+ 
+ [DEFAULT]
+ 
+-_daemon = (?:sshd(?:-session)?)
++_daemon = sshd(?:-session)?
+ 
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
diff --git a/fail2ban/Pkgfile b/fail2ban/Pkgfile
index c0dc532c8..2146e0556 100644
--- a/fail2ban/Pkgfile
+++ b/fail2ban/Pkgfile
@@ -6,14 +6,18 @@
 
 name=fail2ban
 version=1.1.0
-release=1
+release=2
 source=(https://github.com/fail2ban/$name/archive/$version/$name-$version.tar.gz
+  2fed408c05ac5206b490368d94599869bd6a056d.patch
+  50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
   fail2ban.rc
   paths-crux.conf)
 
 build() {
   cd $name-$version
 
+  patch -Np1 -i $SRC/2fed408c05ac5206b490368d94599869bd6a056d.patch
+  patch -Np1 -i $SRC/50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a.patch
   /usr/bin/python3 setup.py build
   /usr/bin/python3 setup.py install --root=$PKG --prefix=/usr --skip-build
   /usr/bin/python3 -mcompileall $PKG
diff --git a/fail2ban/paths-crux.conf b/fail2ban/paths-crux.conf
index 8e12b6b79..fa253027e 100644
--- a/fail2ban/paths-crux.conf
+++ b/fail2ban/paths-crux.conf
@@ -7,8 +7,8 @@ syslog_local0 = /var/log/messages
 syslog_authpriv = /var/log/auth.log
 syslog_daemon  = %(syslog_local0)s
 syslog_ftp = %(syslog_local0)s
-syslog_mail =
-syslog_mail_warn =
+syslog_mail = /var/log/mail
+syslog_mail_warn = %(syslog_mail)s
 syslog_user = %(syslog_local0)s
 
 # Set the default syslog backend target to default_backend
@@ -48,12 +48,8 @@ vsftpd_log = /var/log/vsftpd.log
 postfix_log = %(syslog_mail_warn)s
 postfix_backend = %(default_backend)s
 
-dovecot_log = /var/log/dovecot
+dovecot_log = %(syslog_mail_warn)s
 dovecot_backend = %(default_backend)s
 
-# todo
-#mysql_log = 
-#mysql_backend = %(default_backend)s
-
 # Directory with ignorecommand scripts
 ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands