3 files changed, 256 insertions, 1 deletions
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch
new file mode 100644
index 0000000..73014ab
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch
@@ -0,0 +1,210 @@
+From 5b6c13f0aae79a23d94570bacd1b5796e57f088d Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Thu, 30 Jan 2025 01:05:30 +0100
+Subject: [PATCH] example.com changes the IPs, again... additionally it got
+ more IPs, which look unstable now (depends on resolver), so replaced with
+ fail2ban.org, that seems to resolve to single IPv4 and IPv6 (can be adjusted
+ later for something more persistent)
+Upstream-Status: Backport
+[https://github.com/fail2ban/fail2ban/commit/5b6c13f0aae79a23d94570bacd1b5796e57f088d]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ .../tests/files/logs/apache-fakegooglebot     |  6 +-
+ fail2ban/tests/files/testcase-usedns.log      |  4 +-
+ fail2ban/tests/filtertestcase.py              | 58 +++++++++----------
+ fail2ban/tests/utils.py                       |  4 +-
+ 4 files changed, 36 insertions(+), 36 deletions(-)
+diff --git a/fail2ban/tests/files/logs/apache-fakegooglebot b/fail2ban/tests/files/logs/apache-fakegooglebot
+index b77a1a6b..024842fd 100644
+--- a/fail2ban/tests/files/logs/apache-fakegooglebot
+++ b/fail2ban/tests/files/logs/apache-fakegooglebot
+@@ -1,5 +1,5 @@
+ # Apache 2.2
+ # failJSON: { "time": "2015-01-31T14:29:44", "match": true, "host": "66.249.66.1" }
+-66.249.66.1 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
+-# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "93.184.215.14" }
+-93.184.215.14 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
+66.249.66.1 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
+# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "51.159.55.100" }
+51.159.55.100 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
+diff --git a/fail2ban/tests/files/testcase-usedns.log b/fail2ban/tests/files/testcase-usedns.log
+index eea6eb44..3e7b36bb 100644
+--- a/fail2ban/tests/files/testcase-usedns.log
+++ b/fail2ban/tests/files/testcase-usedns.log
+@@ -1,2 +1,2 @@
+-Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2
+-Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2
+Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2
+Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2
+diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
+index 20945b78..26961a1b 100644
+--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
+@@ -587,14 +587,14 @@ class IgnoreIP(LogCaptureTestCase):
+                                self.assertNotLogged("returned successfully")
+ 
+        def testIgnoreCauseOK(self):
+-               ip = "93.184.215.14"
+               ip = "51.159.55.100"
+                for ignore_source in ["dns", "ip", "command"]:
+                        self.filter.logIgnoreIp(ip, True, ignore_source=ignore_source)
+                        self.assertLogged("[%s] Ignore %s by %s" % (self.jail.name, ip, ignore_source))
+ 
+        def testIgnoreCauseNOK(self):
+-               self.filter.logIgnoreIp("example.com", False, ignore_source="NOT_LOGGED")
+-               self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "example.com", "NOT_LOGGED"))
+               self.filter.logIgnoreIp("fail2ban.org", False, ignore_source="NOT_LOGGED")
+               self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "fail2ban.org", "NOT_LOGGED"))
+ 
+ 
+ class IgnoreIPDNS(LogCaptureTestCase):
+@@ -607,7 +607,7 @@ class IgnoreIPDNS(LogCaptureTestCase):
+                self.filter = FileFilter(self.jail)
+ 
+        def testIgnoreIPDNS(self):
+-               for dns in ("www.epfl.ch", "example.com"):
+               for dns in ("www.epfl.ch", "fail2ban.org"):
+                        self.filter.addIgnoreIP(dns)
+                        ips = DNSUtils.dnsToIp(dns)
+                        self.assertTrue(len(ips) > 0)
+@@ -1892,22 +1892,22 @@ class GetFailures(LogCaptureTestCase):
+                #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+                # We should still catch failures with usedns = no ;-)
+                output_yes = (
+-                       ('93.184.215.14', 1, 1124013299.0,
+-                         ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
+                       ('51.159.55.100', 1, 1124013299.0,
+                         ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
+                        ),
+-                       ('93.184.215.14', 1, 1124013539.0,
+-                         ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
+                       ('51.159.55.100', 1, 1124013539.0,
+                         ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
+                        ),
+-                       ('2606:2800:21f:cb07:6820:80da:af6b:8b2c', 1, 1124013299.0,
+-                         ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
+                       ('2001:bc8:1200:6:208:a2ff:fe0c:61f8', 1, 1124013299.0,
+                         ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
+                        ),
+                )
+                if not unittest.F2B.no_network and not DNSUtils.IPv6IsAllowed():
+                        output_yes = output_yes[0:2]
+ 
+                output_no = (
+-                       ('93.184.215.14', 1, 1124013539.0,
+-                         ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
+                       ('51.159.55.100', 1, 1124013539.0,
+                         ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
+                        )
+                )
+ 
+@@ -2098,10 +2098,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+                super(DNSUtilsNetworkTests, self).setUp()
+                #unittest.F2B.SkipIfNoNetwork()
+ 
+-       ## example.com IPs considering IPv6 support (without network it is simulated via cache in utils).
+       ## fail2ban.org IPs considering IPv6 support (without network it is simulated via cache in utils).
+        EXAMPLE_ADDRS = (
+-               ['93.184.215.14', '2606:2800:21f:cb07:6820:80da:af6b:8b2c'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
+-               ['93.184.215.14']
+               ['51.159.55.100', '2001:bc8:1200:6:208:a2ff:fe0c:61f8'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
+               ['51.159.55.100']
+        )
+ 
+        def test_IPAddr(self):
+@@ -2163,13 +2163,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+                self.assertTrue(r < ip6)
+ 
+        def testUseDns(self):
+-               res = DNSUtils.textToIp('www.example.com', 'no')
+               res = DNSUtils.textToIp('www.fail2ban.org', 'no')
+                self.assertSortedEqual(res, [])
+                #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+-               res = DNSUtils.textToIp('www.example.com', 'warn')
+               res = DNSUtils.textToIp('www.fail2ban.org', 'warn')
+                # sort ipaddr, IPv4 is always smaller as IPv6
+                self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
+-               res = DNSUtils.textToIp('www.example.com', 'yes')
+               res = DNSUtils.textToIp('www.fail2ban.org', 'yes')
+                # sort ipaddr, IPv4 is always smaller as IPv6
+                self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
+ 
+@@ -2177,13 +2177,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+                #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+                # Test hostnames
+                hostnames = [
+-                       'www.example.com',
+                       'www.fail2ban.org',
+                        'doh1.2.3.4.buga.xxxxx.yyy.invalid',
+                        '1.2.3.4.buga.xxxxx.yyy.invalid',
+                        ]
+                for s in hostnames:
+                        res = DNSUtils.textToIp(s, 'yes')
+-                       if s == 'www.example.com':
+                       if s == 'www.fail2ban.org':
+                                # sort ipaddr, IPv4 is always smaller as IPv6
+                                self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
+                        else:
+@@ -2234,8 +2234,8 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 
+                self.assertEqual(IPAddr('192.0.2.0').getPTR(), '0.2.0.192.in-addr.arpa.')
+                self.assertEqual(IPAddr('192.0.2.1').getPTR(), '1.2.0.192.in-addr.arpa.')
+-               self.assertEqual(IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c').getPTR(), 
+-                       'c.2.b.8.b.6.f.a.a.d.0.8.0.2.8.6.7.0.b.c.f.1.2.0.0.0.8.2.6.0.6.2.ip6.arpa.')
+               self.assertEqual(IPAddr('2001:db8::1').getPTR(), 
+                       '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.')
+ 
+        def testIPAddr_Equal6(self):
+                self.assertEqual(
+@@ -2365,10 +2365,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+ 
+        def testIPAddr_CompareDNS(self):
+                #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
+-               ips = IPAddr('example.com')
+-               self.assertTrue(IPAddr("93.184.215.14").isInNet(ips))
+-               self.assertEqual(IPAddr("2606:2800:21f:cb07:6820:80da:af6b:8b2c").isInNet(ips),
+-                                       "2606:2800:21f:cb07:6820:80da:af6b:8b2c" in self.EXAMPLE_ADDRS)
+               ips = IPAddr('fail2ban.org')
+               self.assertTrue(IPAddr("51.159.55.100").isInNet(ips))
+               self.assertEqual(IPAddr("2001:bc8:1200:6:208:a2ff:fe0c:61f8").isInNet(ips),
+                                       "2001:bc8:1200:6:208:a2ff:fe0c:61f8" in self.EXAMPLE_ADDRS)
+ 
+        def testIPAddr_wrongDNS_IP(self):
+                unittest.F2B.SkipIfNoNetwork()
+@@ -2376,11 +2376,11 @@ class DNSUtilsNetworkTests(unittest.TestCase):
+                DNSUtils.ipToName('*')
+ 
+        def testIPAddr_Cached(self):
+-               ips = [DNSUtils.dnsToIp('example.com'), DNSUtils.dnsToIp('example.com')]
+               ips = [DNSUtils.dnsToIp('fail2ban.org'), DNSUtils.dnsToIp('fail2ban.org')]
+                for ip1, ip2 in zip(ips, ips):
+                        self.assertEqual(id(ip1), id(ip2))
+-               ip1 = IPAddr('93.184.215.14'); ip2 = IPAddr('93.184.215.14'); self.assertEqual(id(ip1), id(ip2))
+-               ip1 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); ip2 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); self.assertEqual(id(ip1), id(ip2))
+               ip1 = IPAddr('51.159.55.100'); ip2 = IPAddr('51.159.55.100'); self.assertEqual(id(ip1), id(ip2))
+               ip1 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); ip2 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); self.assertEqual(id(ip1), id(ip2))
+ 
+        def test_NetworkInterfacesAddrs(self):
+                for withMask in (False, True):
+diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
+index f71ba60a..e6ef54f3 100644
+--- a/fail2ban/tests/utils.py
+++ b/fail2ban/tests/utils.py
+@@ -326,8 +326,8 @@ def initTests(opts):
+                        ('failed.dns.ch', set()),
+                        ('doh1.2.3.4.buga.xxxxx.yyy.invalid', set()),
+                        ('1.2.3.4.buga.xxxxx.yyy.invalid', set()),
+-                       ('example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
+-                       ('www.example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
+                       ('fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
+                       ('www.fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
+                ):
+                        c.set(*i)
+                # if fast - precache all host names as localhost addresses (speed-up getSelfIPs/ignoreself):
+-- 
+2.34.1
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch
new file mode 100644
index 0000000..a60b0fd
--- /dev/null
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch
@@ -0,0 +1,35 @@
+From 9f26da3cf854e48b7939c2a9baa0cb3ffbee5994 Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Thu, 11 Sep 2025 22:36:07 +0800
+Subject: [PATCH] clientreadertestcase.py: set correct config dir for
+ testReadStockJailFilterComplete
+In test case testReadStockJailFilterComplete, set configuration
+directory to CONFIG_DIR (/etc/fail2ban/filter.d on the target) instead
+of the hardcoded "config" directory. Otherwise, the config files will
+not be found during runtime testing.
+Upstream-Status: Backport
+[https://github.com/fail2ban/fail2ban/commit/9f26da3cf854e48b7939c2a9baa0cb3ffbee5994]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ fail2ban/tests/clientreadertestcase.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
+index e6a2806c..b8ebbbc7 100644
+--- a/fail2ban/tests/clientreadertestcase.py
+++ b/fail2ban/tests/clientreadertestcase.py
+@@ -878,7 +878,7 @@ class JailsReaderTest(LogCaptureTestCase):
+                self.assertTrue(jails.getOptions())       # reads fine
+                # grab all filter names
+                filters = set(os.path.splitext(os.path.split(a)[1])[0]
+-                       for a in glob.glob(os.path.join('config', 'filter.d', '*.conf'))
+                       for a in glob.glob(os.path.join(CONFIG_DIR, 'filter.d', '*.conf'))
+                                if not (a.endswith('common.conf') or a.endswith('-aggressive.conf')))
+                # get filters of all jails (filter names without options inside filter[...])
+                filters_jail = set(
+-- 
+2.34.1
diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
index 7312bf8..b0b65de 100644
--- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
+++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
@@ -13,6 +13,8 @@ DEPENDS = "python3-native"
 SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78"
 SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \
+           file://0001-example.com-changes-the-IPs-again.-additionally-it-g.patch \
+           file://0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch \
           file://initd \
           file://run-ptest \
           "
@@ -47,8 +49,16 @@ do_install_ptest:append () {
    sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest
    install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
    rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
-}
+    for i in checklogtype.conf zzz-generic-example.conf zzz-sshd-obsolete-multiline.conf; do
+        sed -i -e 's|^before =.*|before = ${sysconfdir}/fail2ban/filter.d/common.conf|g' \
+            ${D}${PYTHON_SITEPACKAGES_DIR}/fail2ban/tests/config/filter.d/${i}
+    done
+    install -m 0644 ${S}/README.md ${D}${PTEST_PATH}
+    sed -i -e 's|^logpath = README.md|logpath = ${PTEST_PATH}/README.md|g' \
+            ${D}${PYTHON_SITEPACKAGES_DIR}/fail2ban/tests/config/jail.conf
+}
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME = "fail2ban-server"

diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch new file mode 100644 index 0000000..73014ab --- /dev/null +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0001-example.com-changes-the-IPs-again.-additionally-it-g.patch
@@ -0,0 +1,210 @@
		1	From 5b6c13f0aae79a23d94570bacd1b5796e57f088d Mon Sep 17 00:00:00 2001
		2	From: sebres <info@sebres.de>
		3	Date: Thu, 30 Jan 2025 01:05:30 +0100
		4	Subject: [PATCH] example.com changes the IPs, again... additionally it got
		5	more IPs, which look unstable now (depends on resolver), so replaced with
		6	fail2ban.org, that seems to resolve to single IPv4 and IPv6 (can be adjusted
		7	later for something more persistent)
		8
		9
		10	Upstream-Status: Backport
		11	[https://github.com/fail2ban/fail2ban/commit/5b6c13f0aae79a23d94570bacd1b5796e57f088d]
		12
		13	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		14	---
		15	.../tests/files/logs/apache-fakegooglebot \| 6 +-
		16	fail2ban/tests/files/testcase-usedns.log \| 4 +-
		17	fail2ban/tests/filtertestcase.py \| 58 +++++++++----------
		18	fail2ban/tests/utils.py \| 4 +-
		19	4 files changed, 36 insertions(+), 36 deletions(-)
		20
		21	diff --git a/fail2ban/tests/files/logs/apache-fakegooglebot b/fail2ban/tests/files/logs/apache-fakegooglebot
		22	index b77a1a6b..024842fd 100644
		23	--- a/fail2ban/tests/files/logs/apache-fakegooglebot
		24	+++ b/fail2ban/tests/files/logs/apache-fakegooglebot
		25	@@ -1,5 +1,5 @@
		26	# Apache 2.2
		27	# failJSON: { "time": "2015-01-31T14:29:44", "match": true, "host": "66.249.66.1" }
		28	-66.249.66.1 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
		29	-# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "93.184.215.14" }
		30	-93.184.215.14 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
		31	+66.249.66.1 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
		32	+# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "51.159.55.100" }
		33	+51.159.55.100 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
		34	diff --git a/fail2ban/tests/files/testcase-usedns.log b/fail2ban/tests/files/testcase-usedns.log
		35	index eea6eb44..3e7b36bb 100644
		36	--- a/fail2ban/tests/files/testcase-usedns.log
		37	+++ b/fail2ban/tests/files/testcase-usedns.log
		38	@@ -1,2 +1,2 @@
		39	-Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2
		40	-Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2
		41	+Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2
		42	+Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2
		43	diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
		44	index 20945b78..26961a1b 100644
		45	--- a/fail2ban/tests/filtertestcase.py
		46	+++ b/fail2ban/tests/filtertestcase.py
		47	@@ -587,14 +587,14 @@ class IgnoreIP(LogCaptureTestCase):
		48	self.assertNotLogged("returned successfully")
		49
		50	def testIgnoreCauseOK(self):
		51	- ip = "93.184.215.14"
		52	+ ip = "51.159.55.100"
		53	for ignore_source in ["dns", "ip", "command"]:
		54	self.filter.logIgnoreIp(ip, True, ignore_source=ignore_source)
		55	self.assertLogged("[%s] Ignore %s by %s" % (self.jail.name, ip, ignore_source))
		56
		57	def testIgnoreCauseNOK(self):
		58	- self.filter.logIgnoreIp("example.com", False, ignore_source="NOT_LOGGED")
		59	- self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "example.com", "NOT_LOGGED"))
		60	+ self.filter.logIgnoreIp("fail2ban.org", False, ignore_source="NOT_LOGGED")
		61	+ self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "fail2ban.org", "NOT_LOGGED"))
		62
		63
		64	class IgnoreIPDNS(LogCaptureTestCase):
		65	@@ -607,7 +607,7 @@ class IgnoreIPDNS(LogCaptureTestCase):
		66	self.filter = FileFilter(self.jail)
		67
		68	def testIgnoreIPDNS(self):
		69	- for dns in ("www.epfl.ch", "example.com"):
		70	+ for dns in ("www.epfl.ch", "fail2ban.org"):
		71	self.filter.addIgnoreIP(dns)
		72	ips = DNSUtils.dnsToIp(dns)
		73	self.assertTrue(len(ips) > 0)
		74	@@ -1892,22 +1892,22 @@ class GetFailures(LogCaptureTestCase):
		75	#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
		76	# We should still catch failures with usedns = no ;-)
		77	output_yes = (
		78	- ('93.184.215.14', 1, 1124013299.0,
		79	- ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
		80	+ ('51.159.55.100', 1, 1124013299.0,
		81	+ ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
		82	),
		83	- ('93.184.215.14', 1, 1124013539.0,
		84	- ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
		85	+ ('51.159.55.100', 1, 1124013539.0,
		86	+ ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
		87	),
		88	- ('2606:2800:21f:cb07:6820:80da:af6b:8b2c', 1, 1124013299.0,
		89	- ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
		90	+ ('2001:bc8:1200:6:208:a2ff:fe0c:61f8', 1, 1124013299.0,
		91	+ ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
		92	),
		93	)
		94	if not unittest.F2B.no_network and not DNSUtils.IPv6IsAllowed():
		95	output_yes = output_yes[0:2]
		96
		97	output_no = (
		98	- ('93.184.215.14', 1, 1124013539.0,
		99	- ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
		100	+ ('51.159.55.100', 1, 1124013539.0,
		101	+ ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
		102	)
		103	)
		104
		105	@@ -2098,10 +2098,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
		106	super(DNSUtilsNetworkTests, self).setUp()
		107	#unittest.F2B.SkipIfNoNetwork()
		108
		109	- ## example.com IPs considering IPv6 support (without network it is simulated via cache in utils).
		110	+ ## fail2ban.org IPs considering IPv6 support (without network it is simulated via cache in utils).
		111	EXAMPLE_ADDRS = (
		112	- ['93.184.215.14', '2606:2800:21f:cb07:6820:80da:af6b:8b2c'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
		113	- ['93.184.215.14']
		114	+ ['51.159.55.100', '2001:bc8:1200:6:208:a2ff:fe0c:61f8'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
		115	+ ['51.159.55.100']
		116	)
		117
		118	def test_IPAddr(self):
		119	@@ -2163,13 +2163,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
		120	self.assertTrue(r < ip6)
		121
		122	def testUseDns(self):
		123	- res = DNSUtils.textToIp('www.example.com', 'no')
		124	+ res = DNSUtils.textToIp('www.fail2ban.org', 'no')
		125	self.assertSortedEqual(res, [])
		126	#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
		127	- res = DNSUtils.textToIp('www.example.com', 'warn')
		128	+ res = DNSUtils.textToIp('www.fail2ban.org', 'warn')
		129	# sort ipaddr, IPv4 is always smaller as IPv6
		130	self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
		131	- res = DNSUtils.textToIp('www.example.com', 'yes')
		132	+ res = DNSUtils.textToIp('www.fail2ban.org', 'yes')
		133	# sort ipaddr, IPv4 is always smaller as IPv6
		134	self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
		135
		136	@@ -2177,13 +2177,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
		137	#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
		138	# Test hostnames
		139	hostnames = [
		140	- 'www.example.com',
		141	+ 'www.fail2ban.org',
		142	'doh1.2.3.4.buga.xxxxx.yyy.invalid',
		143	'1.2.3.4.buga.xxxxx.yyy.invalid',
		144	]
		145	for s in hostnames:
		146	res = DNSUtils.textToIp(s, 'yes')
		147	- if s == 'www.example.com':
		148	+ if s == 'www.fail2ban.org':
		149	# sort ipaddr, IPv4 is always smaller as IPv6
		150	self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
		151	else:
		152	@@ -2234,8 +2234,8 @@ class DNSUtilsNetworkTests(unittest.TestCase):
		153
		154	self.assertEqual(IPAddr('192.0.2.0').getPTR(), '0.2.0.192.in-addr.arpa.')
		155	self.assertEqual(IPAddr('192.0.2.1').getPTR(), '1.2.0.192.in-addr.arpa.')
		156	- self.assertEqual(IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c').getPTR(),
		157	- 'c.2.b.8.b.6.f.a.a.d.0.8.0.2.8.6.7.0.b.c.f.1.2.0.0.0.8.2.6.0.6.2.ip6.arpa.')
		158	+ self.assertEqual(IPAddr('2001:db8::1').getPTR(),
		159	+ '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.')
		160
		161	def testIPAddr_Equal6(self):
		162	self.assertEqual(
		163	@@ -2365,10 +2365,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
		164
		165	def testIPAddr_CompareDNS(self):
		166	#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
		167	- ips = IPAddr('example.com')
		168	- self.assertTrue(IPAddr("93.184.215.14").isInNet(ips))
		169	- self.assertEqual(IPAddr("2606:2800:21f:cb07:6820:80da:af6b:8b2c").isInNet(ips),
		170	- "2606:2800:21f:cb07:6820:80da:af6b:8b2c" in self.EXAMPLE_ADDRS)
		171	+ ips = IPAddr('fail2ban.org')
		172	+ self.assertTrue(IPAddr("51.159.55.100").isInNet(ips))
		173	+ self.assertEqual(IPAddr("2001:bc8:1200:6:208:a2ff:fe0c:61f8").isInNet(ips),
		174	+ "2001:bc8:1200:6:208:a2ff:fe0c:61f8" in self.EXAMPLE_ADDRS)
		175
		176	def testIPAddr_wrongDNS_IP(self):
		177	unittest.F2B.SkipIfNoNetwork()
		178	@@ -2376,11 +2376,11 @@ class DNSUtilsNetworkTests(unittest.TestCase):
		179	DNSUtils.ipToName('*')
		180
		181	def testIPAddr_Cached(self):
		182	- ips = [DNSUtils.dnsToIp('example.com'), DNSUtils.dnsToIp('example.com')]
		183	+ ips = [DNSUtils.dnsToIp('fail2ban.org'), DNSUtils.dnsToIp('fail2ban.org')]
		184	for ip1, ip2 in zip(ips, ips):
		185	self.assertEqual(id(ip1), id(ip2))
		186	- ip1 = IPAddr('93.184.215.14'); ip2 = IPAddr('93.184.215.14'); self.assertEqual(id(ip1), id(ip2))
		187	- ip1 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); ip2 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); self.assertEqual(id(ip1), id(ip2))
		188	+ ip1 = IPAddr('51.159.55.100'); ip2 = IPAddr('51.159.55.100'); self.assertEqual(id(ip1), id(ip2))
		189	+ ip1 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); ip2 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); self.assertEqual(id(ip1), id(ip2))
		190
		191	def test_NetworkInterfacesAddrs(self):
		192	for withMask in (False, True):
		193	diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
		194	index f71ba60a..e6ef54f3 100644
		195	--- a/fail2ban/tests/utils.py
		196	+++ b/fail2ban/tests/utils.py
		197	@@ -326,8 +326,8 @@ def initTests(opts):
		198	('failed.dns.ch', set()),
		199	('doh1.2.3.4.buga.xxxxx.yyy.invalid', set()),
		200	('1.2.3.4.buga.xxxxx.yyy.invalid', set()),
		201	- ('example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
		202	- ('www.example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
		203	+ ('fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
		204	+ ('www.fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
		205	):
		206	c.set(*i)
		207	# if fast - precache all host names as localhost addresses (speed-up getSelfIPs/ignoreself):
		208	--
		209	2.34.1
		210


diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch new file mode 100644 index 0000000..a60b0fd --- /dev/null +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/files/0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch
@@ -0,0 +1,35 @@
		1	From 9f26da3cf854e48b7939c2a9baa0cb3ffbee5994 Mon Sep 17 00:00:00 2001
		2	From: Yi Zhao <yi.zhao@windriver.com>
		3	Date: Thu, 11 Sep 2025 22:36:07 +0800
		4	Subject: [PATCH] clientreadertestcase.py: set correct config dir for
		5	testReadStockJailFilterComplete
		6
		7	In test case testReadStockJailFilterComplete, set configuration
		8	directory to CONFIG_DIR (/etc/fail2ban/filter.d on the target) instead
		9	of the hardcoded "config" directory. Otherwise, the config files will
		10	not be found during runtime testing.
		11
		12	Upstream-Status: Backport
		13	[https://github.com/fail2ban/fail2ban/commit/9f26da3cf854e48b7939c2a9baa0cb3ffbee5994]
		14
		15	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		16	---
		17	fail2ban/tests/clientreadertestcase.py \| 2 +-
		18	1 file changed, 1 insertion(+), 1 deletion(-)
		19
		20	diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
		21	index e6a2806c..b8ebbbc7 100644
		22	--- a/fail2ban/tests/clientreadertestcase.py
		23	+++ b/fail2ban/tests/clientreadertestcase.py
		24	@@ -878,7 +878,7 @@ class JailsReaderTest(LogCaptureTestCase):
		25	self.assertTrue(jails.getOptions()) # reads fine
		26	# grab all filter names
		27	filters = set(os.path.splitext(os.path.split(a)[1])[0]
		28	- for a in glob.glob(os.path.join('config', 'filter.d', '*.conf'))
		29	+ for a in glob.glob(os.path.join(CONFIG_DIR, 'filter.d', '*.conf'))
		30	if not (a.endswith('common.conf') or a.endswith('-aggressive.conf')))
		31	# get filters of all jails (filter names without options inside filter[...])
		32	filters_jail = set(
		33	--
		34	2.34.1
		35


diff --git a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb index 7312bf8..b0b65de 100644 --- a/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb +++ b/dynamic-layers/meta-python/recipes-security/fail2ban/python3-fail2ban_git.bb
@@ -13,6 +13,8 @@ DEPENDS = "python3-native"
13		13
14	SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78"	14	SRCREV = "ac62658c10f492911f8a0037a0bcf97c8521cd78"
15	SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \	15	SRC_URI = "git://github.com/fail2ban/fail2ban.git;branch=master;protocol=https \
		16	file://0001-example.com-changes-the-IPs-again.-additionally-it-g.patch \
		17	file://0002-clientreadertestcase.py-set-correct-config-dir-for-t.patch \
16	file://initd \	18	file://initd \
17	file://run-ptest \	19	file://run-ptest \
18	"	20	"
@@ -47,8 +49,16 @@ do_install_ptest:append () {
47	sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest	49	sed -i -e 's/##PYTHON##/python3/g' ${D}${PTEST_PATH}/run-ptest
48	install -D ${S}/bin/* ${D}${PTEST_PATH}/bin	50	install -D ${S}/bin/* ${D}${PTEST_PATH}/bin
49	rm -f ${D}${PTEST_PATH}/bin/fail2ban-python	51	rm -f ${D}${PTEST_PATH}/bin/fail2ban-python
50	}
51		52
		53	for i in checklogtype.conf zzz-generic-example.conf zzz-sshd-obsolete-multiline.conf; do
		54	sed -i -e 's\|^before =.*\|before = ${sysconfdir}/fail2ban/filter.d/common.conf\|g' \
		55	${D}${PYTHON_SITEPACKAGES_DIR}/fail2ban/tests/config/filter.d/${i}
		56	done
		57
		58	install -m 0644 ${S}/README.md ${D}${PTEST_PATH}
		59	sed -i -e 's\|^logpath = README.md\|logpath = ${PTEST_PATH}/README.md\|g' \
		60	${D}${PYTHON_SITEPACKAGES_DIR}/fail2ban/tests/config/jail.conf
		61	}
52		62
53	INITSCRIPT_PACKAGES = "${PN}"	63	INITSCRIPT_PACKAGES = "${PN}"
54	INITSCRIPT_NAME = "fail2ban-server"	64	INITSCRIPT_NAME = "fail2ban-server"