updated 2 packages

bind-9.11.20-2

fail2ban-0.11.1-1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@12425 ec354946-7b23-47d6-9f5a-488ba84defc7

b/bind/bind-vl.spec

@@ -1,3 +1,5 @@
+%bcond_with systemd
+
 %bcond_with python
 %define python_executable %{__python}
 
@@ -24,7 +26,7 @@ Summary(ja): DNS (Domain Name System) サーバ
 Name: %{pname}
 Epoch: %{bind_epoch}
 Version: %{pversion}
-Release: 1%{?_dist_release}
+Release: 2%{?_dist_release}%{?with_systemd:.systemd}
 Group: System Environment/Daemons
 Vendor: Project Vine
 Distribution: Vine Linux
@@ -38,6 +40,12 @@ Source2: named.sysconfig
 Source3: named.init
 Source4: named.logrotate
 Source5: keygen.c
+Source100: named.service
+Source101: named-setup-rndc.service
+Source102: named.sysconfig.systemd
+Source103: bind.tmpfiles.d
+Source104: named.conf
+
 Patch1: bind-9.11.5-rndckey.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
@@ -52,12 +60,17 @@ BuildRequires: libcap-devel
 %if %{with readline}
 BuildRequires: readline-devel
 %endif
+Requires: %{pname}-libs = %{bind_epoch}:%{version}-%{release}
 Requires(pre): %{pname}-utils = %{bind_epoch}:%{version}-%{release}
 Requires(pre): shadow-utils
-Requires: %{pname}-libs = %{bind_epoch}:%{version}-%{release}
 Requires(post): %{pname}-utils = %{bind_epoch}:%{version}-%{release}
-Requires(post): coreutils, chkconfig
-Requires(preun): initscripts, chkconfig
+Requires(post): coreutils
+%if %{with systemd}
+%{?systemd_requires}
+%else
+Requires(post): chkconfig
+Requires(preun): chkconfig
+%endif
 Conflicts: bind9 <= 9.2.1-0vl5, bind-current
 Obsoletes: bind9 <= 9.2.1-0vl5
 Obsoletes: bind-current < 1:9.9.4-1
@@ -161,32 +174,45 @@ autoconf
 make %{?_smp_mflags}
 
 %install
-rm -rf $RPM_BUILD_ROOT
-mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{rc.d/init.d,logrotate.d}
-mkdir -p ${RPM_BUILD_ROOT}/usr/{bin,lib,sbin,include}
-mkdir -p ${RPM_BUILD_ROOT}/var/named
-mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/{man1,man5,man8}
-mkdir -p ${RPM_BUILD_ROOT}/var/run/named
-
-make DESTDIR=$RPM_BUILD_ROOT install
-install -c -m 640 bin/rndc/rndc.conf $RPM_BUILD_ROOT/etc
-install -c -m 755 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/named
-install -c -m 644 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/named
-touch $RPM_BUILD_ROOT%{_sysconfdir}/rndc.key
-gcc $RPM_OPT_FLAGS -o $RPM_BUILD_ROOT/usr/sbin/dns-keygen %{SOURCE5}
-cd $RPM_BUILD_ROOT%{_mandir}
+rm -rf %{buildroot}
+mkdir -p %{buildroot}%{_sysconfdir}/{logrotate.d,sysconfig}
+mkdir -p %{buildroot}/usr/{bin,lib,sbin,include}
+mkdir -p %{buildroot}/var/named/data
+mkdir -p %{buildroot}%{_mandir}/{man1,man5,man8}
+mkdir -p %{buildroot}/var/run/named
+
+make DESTDIR=%{buildroot} install
+install -c -m 640 bin/rndc/rndc.conf %{buildroot}/etc
+install -c -m 644 %SOURCE4 %{buildroot}%{_sysconfdir}/logrotate.d/named
+touch %{buildroot}%{_sysconfdir}/rndc.key
+gcc %{optflags} -o %{buildroot}/usr/sbin/dns-keygen %{SOURCE5}
+cd %{buildroot}%{_mandir}
 tar xjf %{SOURCE1}
 # newer version is contained in source
 rm -f man5/named.conf.5.gz
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
-cp %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/named
 
-chmod +x $RPM_BUILD_ROOT%{_libdir}/*.so.*
+install -m 644 %{SOURCE104} %{buildroot}%{_sysconfdir}/named.conf
+
+%if %{with systemd}
+# Systemd unit files
+mkdir -p %{buildroot}%{_unitdir}
+install -m 644 %{SOURCE100} %{buildroot}%{_unitdir}
+install -m 644 %{SOURCE101} %{buildroot}%{_unitdir}
+install -m 644 %{SOURCE102} %{buildroot}%{_sysconfdir}/sysconfig/named
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 644 %{SOURCE103} %{buildroot}%{_tmpfilesdir}/named.conf
+%else
+mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d
+install -c -m 755 %SOURCE3 %{buildroot}%{_sysconfdir}/rc.d/init.d/named
+cp %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/named
+%endif
+
+chmod +x %{buildroot}%{_libdir}/*.so.*
 
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+rm -f %{buildroot}%{_libdir}/*.la
 
 %clean
-rm -rf $RPM_BUILD_ROOT ${RPM_BUILD_DIR}/%{name}-%{version}
+rm -rf %{buildroot} ${RPM_BUILD_DIR}/%{name}-%{version}
 
 
 %pre
@@ -198,7 +224,6 @@ fi;
 
 %post
 /sbin/ldconfig
-/sbin/chkconfig --add named
 if [ "$1" -eq 1 ]; then
   if [ ! -e /etc/rndc.key ]; then
     /usr/sbin/rndc-confgen -a > /dev/null 2>&1
@@ -216,20 +241,38 @@ if [ "$1" -eq 1 ]; then
         /dev/null 2>&1
   fi;
 fi
+%if %{with systemd}
+%systemd_post named.service
+%else
+if [ "$1" -eq 1 ]; then
+  /sbin/chkconfig --add named
+fi
+%endif
 :;
 
 %preun
-if [ "$1" -eq 0 ]; then
+%if %{with systemd}
+# Package removal, not upgrade
+%systemd_preun named.service
+%else
+if [ "$1" -eq 0 -o -x /sbin/systemctl ]; then
    /sbin/service named stop >/dev/null 2>&1 || :
    /sbin/chkconfig --del named ||:
 fi
+%endif
 exit 0
 
 %postun
+/sbin/ldconfig
+%if %{with systemd}
+# Package upgrade, not uninstall
+%systemd_postun_with_restart named.service
+%else
 if [ "$1" -ge 1 ]; then
         %{_sysconfdir}/rc.d/init.d/named condrestart >/dev/null 2>&1 || :
 fi
-/sbin/ldconfig
+%endif
+exit 0
 
 %triggerpostun -- bind < 8.2.2_P5-15
 /sbin/chkconfig --add named
@@ -249,13 +292,24 @@ fi
 %license COPYRIGHT
 %doc CHANGES README*
 %doc doc/arm doc/misc
+%config(noreplace) %{_sysconfdir}/named.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/named
+%if %{with systemd}
+%{_unitdir}/named.service
+%{_unitdir}/named-setup-rndc.service
+%{_tmpfilesdir}/named.conf
+%else
 %config %{_sysconfdir}/rc.d/init.d/named
+%attr(-,named,named) %dir %{_var}/run/named
+%endif
 %config(noreplace) %{_sysconfdir}/sysconfig/named
 %config(noreplace) %attr(0640,root,named) %{_sysconfdir}/rndc.conf
 %config(noreplace) %attr(0640,root,named) %{_sysconfdir}/rndc.key
 %config(noreplace) %attr(0640,root,named) %{_sysconfdir}/bind.keys
 
+%attr(-,named,named) %dir %{_var}/named
+%attr(-,named,named) %dir %{_var}/named/data
+
 %{_sbindir}/dnssec*
 %{_sbindir}/lwresd
 %{_sbindir}/named
@@ -294,10 +348,6 @@ fi
 %{_mandir}/man8/nsec3hash.8*
 %{_mandir}/man8/tsig-keygen.8*
 
-%attr(-,named,named) %dir %{_var}/named
-%attr(-,named,named) %dir %{_var}/run/named
-
-
 %files libs
 %defattr(-,root,root)
 %{_libdir}/*.so.*
@@ -333,6 +383,9 @@ fi
 %{_bindir}/isc-config.sh
 
 %changelog
+* Fri Jul 10 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.11.20-2
+- added systemd support (disabled as default).
+
 * Thu Jul 02 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 9.11.20-1
 - updated to 9.11.20.
 

f/fail2ban/fail2ban-vl.spec

@@ -0,0 +1,293 @@
+%bcond_with systemd
+%bcond_with tests
+
+%global py2to3 /usr/bin/2to3-3.5
+
+Summary: Ban IPs that make too many password failures
+Name: fail2ban
+Version: 0.11.1
+Release: 1%{?_dist_release}%{?with_systemd:.systemd}
+Group: System Environment/Daemons
+Vendor: Project Vine
+Distribution: Vine Linux
+
+License: GPLv2+
+URL: https://github.com/fail2ban/fail2ban
+Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1: fail2ban-logrotate
+
+# Fix nginx-block-map
+Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
+# testIPAddr_CompareDNS: add missing network constraint
+Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
+# Fix test thread stack size on aarch64
+Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch
+# Fix handling of journal in tests
+Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
+# Fix test install
+Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch
+# Patch for Python 3.9
+# https://bugzilla.redhat.com/show_bug.cgi?id=1808347
+#Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch
+#Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+BuildRequires: python3-devel
+BuildRequires: python3-rpm-macros
+BuildRequires: python3-setuptools
+BuildArch: noarch
+Requires: iptables, tcp_wrappers
+Requires: python3-inotify
+%if %{with systemd}
+%{?systemd_requires}
+%else
+Requires: initscripts
+Requires(post): /sbin/chkconfig
+Requires(preun): /sbin/chkconfig
+Requires(preun): /sbin/service
+%endif
+
+%description
+Fail2ban scans log files like /var/log/pwdfail or
+/var/log/apache/error_log and bans IP that makes too many password
+failures. It updates firewall rules to reject the IP address.
+
+
+%prep
+%setup -q
+%autosetup -p1
+
+%{py2to3} --write --nobackups .
+find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
+
+
+%build
+%{py3_build}
+
+
+%install
+rm -rf %{buildroot}
+%{py3_install}
+
+%if %{with systemd}
+mkdir -p %{buildroot}%{_unitdir}
+install -p -m 0644 build/fail2ban.service %{buildroot}%{_unitdir}/
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
+install -d -m 0755 %{buildroot}/run/fail2ban/
+install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
+# systemd journal configuration
+cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
+# This file is part of the fail2ban-systemd package to configure the use of
+# the systemd journal as the default backend.  You can remove this package
+# (along with the empty fail2ban meta-package) if you do not want to use the
+# journal backend
+[DEFAULT]
+backend=systemd
+EOF
+%else
+mkdir -p %{buildroot}%{_initddir}
+install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
+%endif
+mkdir -p %{buildroot}%{_mandir}/man{1,5}
+install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
+install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
+mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
+install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
+install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
+install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
+
+rm -rf %{buildroot}%{_docdir}/fail2ban
+
+# Remove non-Linux actions
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
+
+
+%if %{with tests}
+%check
+export LANG=ja_JP.UTF-8
+%{__python3} bin/fail2ban-testcases --verbosity=2 --no-network
+%endif
+
+%clean
+rm -rf %{buildroot}
+
+
+%post
+%if %{with systemd}
+%systemd_post fail2ban.service
+%else
+/sbin/chkconfig --add %{name}
+%endif
+
+%preun
+%if %{with systemd}
+%systemd_preun fail2ban.service
+%else
+if [ $1 = 0 -o -x /bin/systemctl ]; then
+  /sbin/service %{name} stop > /dev/null 2>&1
+  /sbin/chkconfig --del %{name}
+fi
+%endif
+
+%if %{with systemd}
+%postun
+%systemd_postun_with_restart fail2ban.service
+%endif
+
+
+%files
+%defattr(-,root,root,-)
+%license COPYING
+%doc ChangeLog DEVELOP FILTERS README.md THANKS TODO doc/*.txt
+#doc config/fail2ban.conf*
+%{_bindir}/fail2ban-python
+%{_bindir}/fail2ban-server
+%{_bindir}/fail2ban-client
+%{_bindir}/fail2ban-regex
+%{_bindir}/fail2ban-testcases
+#%{_datadir}/fail2ban
+%{python3_sitelib}/fail2ban*
+%{_mandir}/man1/*.1*
+%{_mandir}/man5/*.5*
+%dir %{_sysconfdir}/fail2ban
+%dir %{_sysconfdir}/fail2ban/action.d
+%dir %{_sysconfdir}/fail2ban/filter.d
+%dir %{_sysconfdir}/fail2ban/filter.d/ignorecommands
+%dir %{_sysconfdir}/fail2ban/jail.d
+%config(noreplace) %{_sysconfdir}/fail2ban/*.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/*
+%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/ignorecommands/*
+%config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
+%dir %{_localstatedir}/lib/fail2ban/
+%if %{with systemd}
+%{_unitdir}/*
+%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/*
+%config(noreplace) %{_tmpfilesdir}/fail2ban.conf
+%dir /run/%{name}/
+%ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
+%else
+%{_initddir}/fail2ban
+%dir %{_localstatedir}/run/fail2ban/
+%endif
+
+
+%changelog
+* Fri May 01 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.11.1-1
+- new upstream release.
+- added systemd support (disabled as default).
+
+* Tue Aug 27 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.4-1
+- new upstream release.
+- switched to python3.
+
+* Sat Dec 30 2017 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.10.1-1
+- new upstream release.
+
+* Fri Jun  3 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.9.4-1
+- new upstream release.
+
+* Sun Feb  8 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.14-1
+- new upstream release.
+
+* Mon Jun 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.9-1
+- new upstream release.
+
+* Thu Oct 18 2012 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 0.8.7.1-2
+- initial build on Vine Linux.
+
+* Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1
+- Update to 0.8.7.1
+- Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
+- Rebase sshd and notmp patches
+- Use _initddir macro
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Sat Apr  9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27
+- Move tmp files to /var/lib (suggested by Phil Anderson).
+- Enable inotify support (by Jonathan Underwood).
+- Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584.
+
+* Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
+- Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
+  cloexec another fd leak.
+
+* Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
+- update to 0.8.4.
+
+* Wed Sep  2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22
+- Update to a newer svn snapshot to fix python 2.6 issue.
+
+* Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21
+- Log to syslog (RH bug #491983). Also deals with RH bug #515116.
+- Check inodes of log files (RH bug #503852).
+
+* Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18
+- Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
+
+* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17
+- Rebuild for Python 2.6
+
+* Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16
+- Update to 0.8.3.
+
+* Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15
+- fix license tag
+
+* Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14
+- Close on exec fixes by Jonathan Underwood.
+
+* Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13
+- Add %%{_localstatedir}/run/fail2ban (David Rees).
+
+* Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12
+- Update to 0.8.2.
+
+* Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11
+- Move socket file from /tmp to /var/run to prevent SElinux from stopping
+  fail2ban from starting (BZ #429281)
+- Change logic in init file to start with -x to remove the socket file in case
+  of unclean shutdown
+
+* Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
+- Update to 0.8.1.
+- Remove patch fixing CVE-2007-4321 (upstream).
+- Remove AllowUsers patch (upstream).
+- Add dependency to gamin-python.
+
+* Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
+- Fix remote log injection (no CVE assignment yet).
+
+* Sun Jun  3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
+- Also trigger on non-AllowUsers failures (Jonathan Underwood
+  <jonathan.underwood@gmail.com>).
+
+* Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
+- logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
+- send mail to root; logrotate (Jonathan Underwood
+  <jonathan.underwood@gmail.com>)
+
+* Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
+- Update to 0.8.0.
+- enable ssh by default, fix log file for ssh scanning, adjust python
+  dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
+
+* Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
+- Remove forgotten condrestart.
+
+* Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
+- Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
+- Don't default chkconfig to enabled.
+- Add dependencies on service/chkconfig.
+- Use example iptables/ssh config as default config.
+
+* Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
+- Initial build.