security/py-fail2ban: Remove systemd filter

Fixes:		c98813ccb078
MFH:		2025Q2

security/py-fail2ban: Install bsd-sshd-session.conf in correct path

Reported by:	Adam McDougall <mcdouga9@egr.msu.edu>
Fixes:		c98813ccb078
MFH		2025Q2

security/py-fail2ban: fix typo in pkg-message

Approved by:	portmgr (blanket)

security/py-fail2ban: Add support for sshd-session

Now that sshd has been split into sshd and sshd-session, sshd-session
is now the producer of syslog messages. We cannot replace the existing
*sshd.conf files because this port must also run on older systems with
older OpenSSH. Therefore we add new filters to support both.

Reported by:	sef (private email)
MFH:		2025Q1

python: bump all USE_PYTHON=distutils consumers after RUN_DEPENDS removal

Any missed ports, feel free to bump.

Any ports that need setuptools at runtime can have the devel/py-setuptools
manually added back to RUN_DEPENDS, but understand that this practice
is deprecated; see CHANGES for details.

security/py-fail2ban: Update 1.0.2 --> 1.1.0

security/py-fail2ban: Sanitize MANPREFIX

Approved by:    portmgr (blanket)

all: remove explicit versions in USES=python for "3.x+"

The logic in USES=python will automatically convert this to 3.8+ by
itself.

Adjust two ports that only had Python 3.7 mentioned but build fine
on Python 3.8 too.

finance/quickfix: mark BROKEN with PYTHON

libtool: compile:  c++ -DHAVE_CONFIG_H -I. -I../.. -I -I. -I.. -I../.. -I../C++
-DLIBICONV_PLUG -DPYTHON_MAJOR_VERSION=3 -Wno-unused-variable
-Wno-maybe-uninitialized -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong
-fno-strict-aliasing -DLIBICONV_PLUG -Wall -ansi
-Wno-unused-command-line-argument -Wpointer-arith -Wwrite-strings
-Wno-overloaded-virtual -Wno-deprecated-declarations -Wno-deprecated -std=c++0x
-MT _quickfix_la-QuickfixPython.lo -MD -MP -MF
.deps/_quickfix_la-QuickfixPython.Tpo -c QuickfixPython.cpp  -fPIC -DPIC -o
.libs/_quickfix_la-QuickfixPython.o
warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean
'-Wno-uninitialized'? [-Wunknown-warning-option]
QuickfixPython.cpp:175:11: fatal error: 'Python.h' file not found
          ^~~~~~~~~~
1 warning and 1 error generated.

Reviewed by:	portmgr, vishwin, yuri
Differential Revision:	<https://reviews.freebsd.org/D40568>

security/py-fail2ban: Fix FAIL2BAN_DBDIR

FAIL2BAN_DBDIR is a user set option. Unfortunately plist is not updated
resulting in plist errors.

PR:	271972
MFH:	2023Q2

security/py-fail2ban: Update to 1.0.2

Update to 1.0.2. This update includes the fix for upstream gh-issue-3370,
which is now removed from our patches.

Reported by:	Ken <mayhem30@gmail.com>

security/py-fail2ban: Import fix for upsteam issue gh-3370

Fix dovecot jail causes 100% CPU usage (upstream GH issue 3370).

Reported by:	Michael Grimm <trashcan@ellael.org>
		Roger Marquis <marquis@roble.com>
Obtained from:	https://github.com/fail2ban/fail2ban/issues/3370
		Upstream commit ca2b94c5
MFH		2022Q4

security/py-fail2ban: Fix build

Fixes:		4650a958fe57

security/py-fail2ban: Add ipfilter ippool action

Rather than add a block rule for each banned IP, add a blanket block rule
that references an ipfilter ippool named fail2ban. Maintain the IPs in
the ippool reducing the need to search a large list of rules. An ipfilter
tree pool is used.

security/py-fail2ban: Python is used at runtime

Register the fact that python is also used at runtime.

security/py-fail2ban: Update to 1.0.1

This major release of fail2ban includes many bugfixes and features.
See https://github.com/fail2ban/fail2ban/releases for more information.

Add comment about "build" being performed in post-patch.

Assume maintainership.

PR:		266810
Approved by:	MAINTAINER (theis@gmx.at)

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security/py-fail2ban: Fix build with setuptools 58.0.0+

With  hat:	python

security/py-fail2ban: Add upstream patch to fix possible RCE vulnerability

* Switch to DISTVERSION
* Pet portclippy
* Reformat Makefile with portfmt

PR:		259297
Approved by:	maintainer
Obtained
from:	https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844
MFH:		2021Q4
Security:	CVE-2021-32749
Security:	https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
Differential Revision:	https://reviews.freebsd.org/D32576

security/py-fail2ban: Add CPE information

Approved by:	portmgr (blanket)

security/py-fail2ban: Add upstream patches to fix runtime error with Python 3.10

PR:		257784
Approved by:	theis AT gmx DOT at (maintainer)

security/py-fail2ban: Create required start dir

Reported at https://github.com/fail2ban/fail2ban/issues/2634
fail2ban should check and, if necessary create, the required directory.

It is still up to the user to ensure that configuration in fail2ban's
conf files and FreeBSD's /etc/rc.conf are in sync and that both, pidfile
and socket reside in the same directory.

PR:		244092
Approved by:	maintainer
MFH:		2021Q2

One more small cleanup, forgotten yesterday.
Reported by:	lwhsu

Remove # $FreeBSD$ from Makefiles.

Simplify some ports using PYTHON_MAJOR_VER and Python 3.6+

Drop python 2.7 support from a few ports

With hat:	portmgr

- Update fail2ban to 0.11.2
- Remove patches now included in the upstream code
- Adapt option to not install test files

PR:		251341
Submitted by:	theis@gmx.at (maintainer)

security/py-fail2ban: Fix runtime error with Python 3.9

PR:		250356
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Approved by:	theis@gmx.at (maintainer)
Obtained from:	https://bugzilla.redhat.com/show_bug.cgi?id=1808347
Obtained from:	https://github.com/fail2ban/fail2ban/issues/2646
Obtained from:	https://github.com/fail2ban/fail2ban/pull/2651

security/py-fail2ban: add missing paths to rc script

PR:		249578
Submitted by:	Laszlo Karolyi <laszlo@karolyi.hu>
Approved by:	theis@gmx.at (maintainer)

Add new regexp to match invalid users to bsd-ssh filter.

I have observed a regression where the old expression was not
working. Looks like the regression was caused by the migration to
python 3.

As far as I can see the quarterly branch is not affected.

PR:		245097
Approved by: portmgr (blanket: run-time bugfix)

security/py-fail2ban: Update to 0.11.1

PR:		243325
Submitted by:	maintainer
Relnotes:	https://github.com/fail2ban/fail2ban/blob/0.11.1/ChangeLog
Sponsored by:	HAW international

Convert to UCL & cleanup pkg-message (categories s)

security/py-fail2ban: Add support for devel/py-pyinotify

* Enable support for devel/py-pyinotify that itself uses devel/libinotify to
  monitor changes in the filesystem. [1]

* Also introduce the new dependency as an additional default option INOTIFY
  while I'm here because it's not a hard requirement for runtime. [2]

PR:		238427
Submitted by:	Dmitry Wagin <dmitry.wagin@ya.ru> [1]
Approved by:	theis@gmx.at (maintainer) [1] [2]

security/py-fail2ban: Fix rc script

The rc.d script evaluates fail2ban_pidfile before rc.conf is read.

This change moves those evaluations to the corect place allowing
users to override the values via /etc/rc.conf as expected.

PR:		236017
Reported by:	<epopen gmail com>, Dmitry Wagin <dmitry.wagin ya ru>
Submitted by:	<theis gmx at> (maintainer)
MFH:		2019Q2

security/py-fail2ban: Update to 0.10.4

PR:		231947
Submitted by:	theis@gmx.at (maintainer)

security/py-fail2ban: Fix writing /etc/hosts.deny entries

PR:		227577
Submitted by:	theis@gmx.at (maintainer)
Reported by:	Niels Bakker <niels=freebsd@bakker.net>

Use PY_FLAVOR for dependencies.

FLAVOR is the current port's flavor, it should not be used outside of
this scope.

Sponsored by:	Absolight

security/py-fail2ban: Update to 0.10.3.1

Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog

PR:		227424
Submitted by:	theis@gmx.at (maintainer)

security/py-fail2ban: Update to 0.10.3

Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog

PR:		227389
Submitted by:	theis@gmx.at (maintainer)

Fix build with Python != 2.7

Pointy hat:	pi
Sponsored by:	Absolight

security/py-fail2ban: update 0.10.1 -> 0.10.2

- many fixes from upstream for bugs in the 0.10.x version
- automatic upgrade of python code to python3, if that is used

PR:		225317
Submitted by:	theis@gmx.at (maintainer)
Changes:	https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog

Convert Python ports to FLAVORS.

  Ports using USE_PYTHON=distutils are now flavored.  They will
  automatically get flavors (py27, py34, py35, py36) depending on what
  versions they support.

  There is also a USE_PYTHON=flavors for ports that do not use distutils
  but need FLAVORS to be set.  A USE_PYTHON=noflavors can be set if
  using distutils but flavors are not wanted.

  A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
  added to cope with Python ports that did not have the Python
  PKGNAMEPREFIX but are flavored.

  USES=python now also exports a PY_FLAVOR variable that contains the

- Patch for user of pf

PR:		223069
Submitted by:	theis@gmx.at(maintainer)

- Update to 0.10.1

PR:		223022
Submitted by:	theis@gmx.at(maintainer)

- Update t0 0.10
- Update pkg-message

PR:		221442
Submitted by:	theis@gmx.at(maintainer)

Update to 0.9.7 [1]

- Fix shebang line of fail2ban-python in apache-fakegooglebot [2]
- While I'm here:
  - Add missing OPTIONS_DEFINE=DOCS
  - Use SHEBANG_LANG
  - Convert to options target helper

Changes:	https://github.com/fail2ban/fail2ban/blob/0.9/ChangeLog
PR:		219733 [1], 219419 [2]
Submitted by:	<theis@gmx.at> (maintainer) [1], Lukasz Wasikowski
<lukasz@wasikowski.net> [2]

Update fail2ban to version 0.9.6

PR:		215239
Submitted by:	John W. O'Brien <john@saltant.com>
Reviewed by:	matthew
Approved by:	theis@gmx.at (maintainer), matthew (mentor)
Differential Revision:	https://reviews.freebsd.org/D8917

Update to version 0.9.5

PR:		211262
Submitted by:	maintainer

- Fix trailing whitespace in pkg-messages

Approved by:	portmgr blanket

security/py-fail2ban: Fix for Bug #1417 / #1419

For details see https://github.com/fail2ban/fail2ban/pull/1419

PR:		209494
Submitted by:	theis@gmx.at (maintainer)

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

Update to upstream version 0.9.4

PR:		207886
Submitted by:	theis@gmx.at (maintainer)

security/py-fail2ban: Modernize and cleanup

- Use autoplist, update pkg-plist accordingly, deprecate py3kplist
- Remove unnecessary PYDISTUTILS_PKGVERSION and --install-purelib args
- Cleanup a REINPLACE to be more explicit
- Add do-test target
- Regenerate patches (makepatch compatible)
- Add NO_ARCH
- Sort and group USE{S,_*} entries

PR:		204373
Approved by:	maintainer <theis gmx at>

security/py-fail2ban: update 0.9.2 -> 0.9.3

- Add LICENSE_FILE

PR:		202026
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- Fix shebangs

Approved by:	portmgr blanket
MFH:		2015Q3 (blanket)

Update ports in the s* categores to not use GH_COMMIT.

With minor cleanups to make things simpler.

With hat:	portmgr
Sponsored by:	Absolight

Remove deprecated GH_COMMIT (DEVELOPER=yes warning)

Update fail2ban to version 0.9.2

PR:     200002
Submitted by:   theis@gmx.at (maintainer update)

- Fix build with python3*
- Do not silence installation message

PR:		196336
Submitted by:	Kevin Zheng <kevinz5000@gmail.com>
Approved by:	<theis@gmx.at> (maintainer)

- Update to 0.9.1

PR:		194815
Submitted by:	theis@gmx.at(maintainer)

- Convert ports of science/ and security to new USES=python

Approved by:	portmgr (implicit)

Fix recidive jail.
Add a patch for the recidive jail from upstream.

PR:     193751
Submitted by:   theis@gmx.at (maintainer update)

- Patch a script to use the right syslogd socket (/var/run/log)
- Remove .keep_me files because pkg can handle empty directories

PR:		193621
Submitted by:	theis@gmx.at (maintainer)

Formally create the /var/run/fail2ban directory

Install manpages [1] and create /var/{run,db} directories [2]

PR:		ports/189781 [1], ports/189376 [2]
Approved by:	maintainer

- Update to 0.9.0
- While I'm here:
  - Move RUN_DEPENDS upwards
  - Fix space/tab

Changes:	https://github.com/fail2ban/fail2ban/blob/master/ChangeLog
PR:		ports/188426
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

Remove unnecessary inclusion of bsd.port.options.mk.

- Update to 0.8.12

Changes:	https://github.com/fail2ban/fail2ban/releases
PR:		ports/186683
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

Python cleanup:
- USE_PYTHON* = 2.X -> USE_PYTHON* = 2
- USE_PYTHON* = 2.X+ -> USE_PYTHON* = yes
Reviewed by:	python (mva, rm)
Approved by:	portmgr-lurkers (mat)

- Fix PLIST
- Bump PORTREVISION for package change

PR:		ports/184336
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- Update to 0.8.11

Changes:	https://github.com/fail2ban/fail2ban/releases
PR:		ports/184213
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

- Update to 0.8.10

Changes:        https://raw.github.com/fail2ban/fail2ban/master/ChangeLog
PR:             ports/179528
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

- Remove MAKE_JOBS_SAFE variable

Approved by:	portmgr (bdrewery)

- Update to 0.8.9 [1]
- Make additional documentation installation conditional
  (note: run-rootless.txt not installed as not relevant for FreeBSD)

Changes:        https://raw.github.com/fail2ban/fail2ban/master/ChangeLog
PR:             ports/179426 [1]
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

Remove patch unneded in 0.8.8

PR:     176426
Submitted by:   Christoph Theis <theis@gmx.at> [maintainer]

- Update to 0.8.8

Changes:        https://raw.github.com/fail2ban/fail2ban/master/ChangeLog
PR:             ports/176368
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

- do not hardcode path to grep utility

PR:		176058
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- Fix all cases of 'No newline at end of file' in ports tree

Approved by: portmgr (bapt)

Minor enhancements:

1) Add a fix for https://github.com/fail2ban/fail2ban/issues/91 (Spurious
UTF8 in SYSLOG is not fully fixed)
2) Add a filter for sendmail, the default mailer on FreeBSD
3) Make the ipfw table used in the action bsd-ipfw configurable

PR:		ports/173956
Submitted by:	Christoph Theis <theis@gmx.at> (maintainer)

- correct displaying of pkg-message

while here:
- use one space in Created by:
- some whitespace aligning
- correct python versions in USE_PYTHON
- use PYDISTUTILS_PKGVERSION to set correct package version instead of crafting
  full PYDISTUTILS_EGGINFO
- remove trailin whitespace in pkg-descr and unneded newlines in pkg-message

PR:		174044
Submitted by:	Sayetsky Anton <vsjcfm@gmail.com>
Approved by:	Christoph Theis <theis@gmx.at> (maintainer)
Feature safe:	yes

- Update to 0.8.7.1
- Fix installation so it doesn't overwrite your config files every time you
  upgrade the port
- Fix some space/tab issues to make portlint happy
- Use dirrmtry in a few places because some people have their own custom
  filters, actions, etc.

PR:		ports/171708
Submitted by:	Mark Felder <feld@feld.me>
Approved by:	Christoph Theis <theis@gmx.at> (maintainer)
Feature safe:	yes

- Update to 0.8.6

PR:             ports/164829
Submitted by:   Christoph Theis <theis@gmx.at> (maintainer)

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

- fix reg. expression in filter.d/common.conf
- over to new maintainer

PR:             ports/157979
Submitted by:   Christoph Theis <theis _at_ gmx.at> (new maintainer)

- Include configuration file for pf.
- Add patch for supporting syslogd -v or -vv.

PR:             ports/157318
Submitted by:   Nick Hilliard <nick@foobar.org>
Approved by:    maintainer timeout

Expand the range of supported Python versions and
pacify portlint(1).

PR:             ports/154374
Submitted by:   Jase Thew <freebsd@beardz.net>
Approved by:    maintainer timeout

- Assign to new volunteer

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

- Update to 0.8.4

PR:             ports/143020
Submitted by:   Kevin Kobb <kkobb@skylinecorp.com>

- rc.d fix [2]
- broken on 2.6, 2.3 is gone, and 2.4 is gone soon, so only 2.5 [1]

PR:             ports/142849 [2]
Submitted by:   Krzysztof Stryjek <admin@bsdserwis.com> [1], miwi [2]

- sort pkg-list

- Update to 0.84
- Install sample jail.conf and fail2ban.conf files so that when users
   modify the fail2ban.conf and jail.conf files they are not removed.
- Add an IPFW example using IPFW tables
- Created freebsd sshd and ftp example conf files.

Submitted by:   Ken Menzel <kmenzel@whisolutions.com> (via e-mail)

- Switch SourceForge ports to the new File Release System: categories starting
with P,R,S

- Correct regex for the defaults in FreeBSD

Submitted by:   "Bakker, Johan" <johan_bakker@epson.eu>

Fix a few "bad example" problems in the rc.d scripts that have been
propogated by copy and paste.

1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).

No PORTREVISION bumps because all of these changes are noops.

- Add an rc.d script

Submitted by:   sd@mostnet.ru (via e-mail)

- Mark most of my ports MAKE_JOBS_SAFE=yes

Tested by: several builds in P6 TB

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log
and bans IP that makes too many password failures. It updates
firewall rules to reject the IP address.

WWW: http://www.fail2ban.org/wiki/index.php/Main_Page