summary refs log tree commit diff
diff options
context:
space:
mode:
authormuradm <mail@muradm.net>2022-07-17 05:30:40 +0300
committerLudovic Courtès <ludo@gnu.org>2022-08-01 17:20:27 +0200
commitd7e7494bc4d69de9db49488ee812e572c3250211 (patch)
treef8ea83e950b0d55685793554e8b4c1afedc79c0d
parent18d998ffdb8a64478f984bac479734e3fcc90cc3 (diff)
downloadguix-d7e7494bc4d69de9db49488ee812e572c3250211.tar.gz
gnu: Add fail2ban.
* gnu/packages/admin.scm (fail2ban): New variable.
* gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch,
gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch,
gnu/packages/patches/fail2ban-paths-guix-conf.patch,
gnu/packages/patches/fail2ban-python310-server-action.patch,
gnu/packages/patches/fail2ban-python310-server-actions.patch,
gnu/packages/patches/fail2ban-python310-server-jails.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--gnu/local.mk7
-rw-r--r--gnu/packages/admin.scm217
-rw-r--r--gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch155
-rw-r--r--gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch64
-rw-r--r--gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch48
-rw-r--r--gnu/packages/patches/fail2ban-paths-guix-conf.patch32
-rw-r--r--gnu/packages/patches/fail2ban-python310-server-action.patch27
-rw-r--r--gnu/packages/patches/fail2ban-python310-server-actions.patch25
-rw-r--r--gnu/packages/patches/fail2ban-python310-server-jails.patch25
9 files changed, 600 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index bba9f08bbe..10c3192ade 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1049,6 +1049,13 @@ dist_patch_DATA =						\
   %D%/packages/patches/exercism-disable-self-update.patch	\
   %D%/packages/patches/extempore-unbundle-external-dependencies.patch	\
   %D%/packages/patches/extundelete-e2fsprogs-1.44.patch		\
+  %D%/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch	\
+  %D%/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch	\
+  %D%/packages/patches/fail2ban-0.11.2_fix-test-suite.patch	\
+  %D%/packages/patches/fail2ban-paths-guix-conf.patch		\
+  %D%/packages/patches/fail2ban-python310-server-action.patch	\
+  %D%/packages/patches/fail2ban-python310-server-actions.patch	\
+  %D%/packages/patches/fail2ban-python310-server-jails.patch	\
   %D%/packages/patches/farstream-gupnp.patch                         \
   %D%/packages/patches/farstream-make.patch                          \
   %D%/packages/patches/fastcap-mulGlobal.patch			\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 571271b5ab..146423d068 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -100,6 +100,7 @@
   #:use-module (gnu packages cross-base)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages cryptsetup)
+  #:use-module (gnu packages curl)
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages dns)
   #:use-module (gnu packages elf)
@@ -134,6 +135,7 @@
   #:use-module (gnu packages mcrypt)
   #:use-module (gnu packages mpi)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages networking)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages patchutils)
   #:use-module (gnu packages pciutils)
@@ -152,6 +154,7 @@
   #:use-module (gnu packages ruby)
   #:use-module (gnu packages selinux)
   #:use-module (gnu packages serialization)
+  #:use-module (gnu packages sqlite)
   #:use-module (gnu packages ssh)
   #:use-module (gnu packages sphinx)
   #:use-module (gnu packages tcl)
@@ -5230,3 +5233,217 @@ allows applications to use whatever seat management is available.")
 mediate access to shared devices, such as graphics and input, for applications
 that require it.")
     (license license:expat)))
+
+(define-public fail2ban
+  (package
+    (name "fail2ban")
+    (version "0.11.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/fail2ban/fail2ban")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  ;; Get rid of absolute file names.
+                  (substitute* "setup.py"
+                    (("/etc/fail2ban")
+                     "etc/fail2ban")
+                    (("/var/lib/fail2ban")
+                     "var/lib/fail2ban")
+                    (("\"/usr/bin/\"")
+                     "\"usr/bin/\"")
+                    (("\"/usr/lib/fail2ban/\"")
+                     "\"usr/lib/fail2ban/\"")
+                    (("'/usr/share/doc/fail2ban'")
+                     "'usr/share/doc/fail2ban'"))
+                  ;; disable tests performing unacceptable side-effects
+                  (let ((make-suite (lambda (t)
+                                      (string-append
+                                       "tests.addTest.unittest.makeSuite."
+                                       t ".."))))
+                    (substitute* "fail2ban/tests/utils.py"
+                      (((make-suite "actiontestcase.CommandActionTest"))
+                       "")
+                      (((make-suite "misctestcase.SetupTest"))
+                       "")
+                      (((make-suite
+                         "filtertestcase.DNSUtilsNetworkTests"))
+                       "")
+                      (((make-suite "filtertestcase.IgnoreIPDNS"))
+                       "")
+                      (((make-suite "filtertestcase.GetFailures"))
+                       "")
+                      (((make-suite
+                         "fail2banclienttestcase.Fail2banServerTest"))
+                       "")
+                      (((make-suite
+                         "servertestcase.ServerConfigReaderTests"))
+                       "")))))
+              (patches (search-patches
+                        "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
+                        "fail2ban-python310-server-action.patch"
+                        "fail2ban-python310-server-actions.patch"
+                        "fail2ban-python310-server-jails.patch"
+                        "fail2ban-0.11.2_fix-test-suite.patch"
+                        "fail2ban-0.11.2_CVE-2021-32749.patch"
+                        "fail2ban-paths-guix-conf.patch"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'build 'invoke-2to3
+                    (lambda _
+                      (invoke "./fail2ban-2to3")))
+                  (add-before 'install 'fix-default-config
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (substitute* '("config/paths-common.conf"
+                                     "fail2ban/tests/utils.py"
+                                     "fail2ban/client/configreader.py"
+                                     "fail2ban/client/fail2bancmdline.py"
+                                     "fail2ban/client/fail2banregex.py")
+                        (("/etc/fail2ban")
+                         (string-append (assoc-ref outputs "out")
+                                        "/etc/fail2ban")))))
+                  (add-after 'fix-default-config 'set-action-dependencies
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      ;; deleting things that are not feasible to fix
+                      ;; or won't be used any way
+                      (with-directory-excursion "config"
+                        (for-each delete-file
+                                  '("paths-arch.conf"
+                                    "paths-debian.conf"
+                                    "paths-fedora.conf"
+                                    "paths-freebsd.conf"
+                                    "paths-opensuse.conf"
+                                    "paths-osx.conf")))
+                      (with-directory-excursion "config/action.d"
+                        (for-each delete-file
+                                  '("apf.conf"
+                                    "bsd-ipfw.conf"
+                                    "dshield.conf"
+                                    "ipfilter.conf"
+                                    "ipfw.conf"
+                                    "firewallcmd-allports.conf"
+                                    "firewallcmd-common.conf"
+                                    "firewallcmd-ipset.conf"
+                                    "firewallcmd-multiport.conf"
+                                    "firewallcmd-new.conf"
+                                    "firewallcmd-rich-logging.conf"
+                                    "firewallcmd-rich-rules.conf"
+                                    "osx-afctl.conf"
+                                    "osx-ipfw.conf"
+                                    "pf.conf"
+                                    "nginx-block-map.conf"
+                                    "npf.conf"
+                                    "shorewall.conf"
+                                    "shorewall-ipset-proto6.conf"
+                                    "ufw.conf")))
+                      (let* ((lookup-cmd (lambda (i)
+                                           (search-input-file inputs i)))
+                             (bin (lambda (i)
+                                    (lookup-cmd (string-append "/bin/" i))))
+                             (sbin (lambda (i)
+                                     (lookup-cmd (string-append "/sbin/" i))))
+                             (ip (sbin "ip"))
+                             (sendmail (sbin "sendmail")))
+                        (substitute* (find-files "config/action.d" "\\.conf$")
+                          ;; TODO: deal with geoiplookup ..
+                          (("(awk|curl|dig|jq)" all cmd)
+                           (bin cmd))
+                          (("(cat|echo|grep|head|printf|wc) " all
+                            cmd)
+                           (string-append (bin cmd) " "))
+                          ((" (date|rm|sed|tail|touch|tr) " all
+                            cmd)
+                           (string-append " "
+                                          (bin cmd) " "))
+                          (("cut -d")
+                           (string-append (bin "cut") " -d"))
+                          (("`date`")
+                           (string-append "`"
+                                          (bin "date") "`"))
+                          (("id -")
+                           (string-append (bin "id") " -"))
+                          (("ip -([46]) addr" all ver)
+                           (string-append ip " -" ver " addr"))
+                          (("ip route")
+                           (string-append ip " route"))
+                          (("ipset ")
+                           (string-append (sbin "ipset") " "))
+                          (("(iptables|ip6tables) <" all cmd)
+                           (string-append (sbin cmd) " <"))
+                          (("/usr/bin/nsupdate")
+                           (bin "nsupdate"))
+                          (("mail -E")
+                           (string-append sendmail " -E"))
+                          (("nftables = nft")
+                           (string-append "nftables = " (sbin "nft")))
+                          (("perl -e")
+                           (string-append (bin "perl") " -e"))
+                          (("/usr/sbin/sendmail")
+                           sendmail)
+                          (("test -e")
+                           (string-append (bin "test") " -e"))
+                          (("_whois = whois")
+                           (string-append "_whois = " (bin "whois")))))
+                      (substitute* "config/jail.conf"
+                        (("before = paths-debian.conf")
+                         "before = paths-guix.conf"))))
+                  (add-after 'install 'copy-man-pages
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((man (string-append (assoc-ref outputs "out")
+                                                 "/man"))
+                             (install-man (lambda (m)
+                                            (lambda (f)
+                                              (install-file (string-append f
+                                                             "." m)
+                                                            (string-append man
+                                                             "/man" m)))))
+                             (install-man1 (install-man "1"))
+                             (install-man5 (install-man "5")))
+                        (with-directory-excursion "man"
+                          (for-each install-man1
+                                    '("fail2ban"
+                                      "fail2ban-client"
+                                      "fail2ban-python"
+                                      "fail2ban-regex"
+                                      "fail2ban-server"
+                                      "fail2ban-testcases"))
+                          (for-each install-man5
+                                    '("jail.conf")))))))))
+    (inputs (list gawk
+                  coreutils-minimal
+                  curl
+                  grep
+                  jq
+                  iproute
+                  ipset
+                  iptables
+                  `(,isc-bind "utils")
+                  nftables
+                  perl
+                  python-pyinotify
+                  sed
+                  sendmail
+                  sqlite
+                  whois))
+    (home-page "http://www.fail2ban.org")
+    (synopsis "Daemon to ban hosts that cause multiple authentication errors")
+    (description
+     "Fail2Ban scans log files like @file{/var/log/auth.log} and bans IP
+addresses conducting too many failed login attempts.  It does this by updating
+system firewall rules to reject new connections from those IP addresses, for a
+configurable amount of time.  Fail2Ban comes out-of-the-box ready to read many
+standard log files, such as those for sshd and Apache, and is easily
+configured to read any log file of your choosing, for any error you wish.
+
+Though Fail2Ban is able to reduce the rate of incorrect authentication
+attempts, it cannot eliminate the risk presented by weak authentication.  Set
+up services to use only two factor, or public/private authentication
+mechanisms if you really want to protect services.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
new file mode 100644
index 0000000000..d3c677918c
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
@@ -0,0 +1,155 @@
+From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
+From: sebres <serg.brester@sebres.de>
+Date: Mon, 21 Jun 2021 17:12:53 +0200
+Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
+ (default tilde) stops consider "~" char after new-line as composing escape
+ sequence
+
+---
+ config/action.d/complain.conf         | 2 +-
+ config/action.d/dshield.conf          | 2 +-
+ config/action.d/mail-buffered.conf    | 8 ++++----
+ config/action.d/mail-whois-lines.conf | 2 +-
+ config/action.d/mail-whois.conf       | 6 +++---
+ config/action.d/mail.conf             | 6 +++---
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
+index 3a5f882c9f..4d73b05859 100644
+--- a/config/action.d/complain.conf
++++ b/config/action.d/complain.conf
+@@ -102,7 +102,7 @@ logpath = /dev/null
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
+index c128bef348..3d5a7a53a9 100644
+--- a/config/action.d/dshield.conf
++++ b/config/action.d/dshield.conf
+@@ -179,7 +179,7 @@ tcpflags =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
+index 325f185b2f..79b841049c 100644
+--- a/config/action.d/mail-buffered.conf
++++ b/config/action.d/mail-buffered.conf
+@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Output will be buffered until <lines> lines are available.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
+                  These hosts have been banned by Fail2Ban.\n
+                  `cat <tmpfile>`
+                  Regards,\n
+-                 Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
++                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary from <fq-hostname>" <dest>
+                  rm <tmpfile>
+              fi
+              printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures> failures)\n" >> <tmpfile>
+                 These hosts have been banned by Fail2Ban.\n
+                 `cat <tmpfile>`
+                 \nRegards,\n
+-                Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
++                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: Summary" <dest>
+                 rm <tmpfile>
+             fi
+ 
+diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
+index 3a3e56b2c7..d2818cb9b9 100644
+--- a/config/action.d/mail-whois-lines.conf
++++ b/config/action.d/mail-whois-lines.conf
+@@ -72,7 +72,7 @@ actionunban =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Default name of the chain
+ #
+diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
+index 7fea34c40d..ab33b616dc 100644
+--- a/config/action.d/mail-whois.conf
++++ b/config/action.d/mail-whois.conf
+@@ -20,7 +20,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
+             Here is more information about <ip> :\n
+             `%(_whois_command)s`\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
++            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
+index 5d8c0e154c..f4838ddcb6 100644
+--- a/config/action.d/mail.conf
++++ b/config/action.d/mail.conf
+@@ -16,7 +16,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail <name> has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started  on <fq-hostname>" <dest>
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail <name> has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on <fq-hostname>" <dest>
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
+             The IP <ip> has just been banned by Fail2Ban after
+             <failures> attempts against <name>.\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
++            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip> from <fq-hostname>" <dest>
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
new file mode 100644
index 0000000000..b0b14364b1
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
@@ -0,0 +1,64 @@
+From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 19 Sep 2021 18:49:18 +0200
+Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
+ command: use_2to3 is invalid (setuptools 58+)
+
+---
+ setup.py | 16 +---------------
+ 1 file changed, 1 insertion(+), 15 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index f4c2550f6f..98413273c5 100755
+--- a/setup.py
++++ b/setup.py
+@@ -48,7 +48,7 @@
+ from glob import glob
+ 
+ from fail2ban.setup import updatePyExec
+-
++from fail2ban.version import version
+ 
+ source_dir = os.path.realpath(os.path.dirname(
+ 	# __file__ seems to be overwritten sometimes on some python versions (e.g. bug of 2.6 by running under cProfile, etc.):
+@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
+ # Wrapper to specify fail2ban own options:
+ class install_command_f2b(install):
+ 	user_options = install.user_options + [
+-		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
+ 		('without-tests', None, 'without tests files installation'),
+ 	]
+ 	def initialize_options(self):
+-		self.disable_2to3 = None
+ 		self.without_tests = not with_tests
+ 		install.initialize_options(self)
+ 	def finalize_options(self):
+-		global _2to3
+-		## in the test cases 2to3 should be already done (fail2ban-2to3):
+-		if self.disable_2to3:
+-			_2to3 = False
+-		if _2to3:
+-			cmdclass = self.distribution.cmdclass
+-			cmdclass['build_py'] = build_py_2to3
+-			cmdclass['build_scripts'] = build_scripts_2to3
+ 		if self.without_tests:
+ 			self.distribution.scripts.remove('bin/fail2ban-testcases')
+ 
+@@ -178,7 +168,6 @@ def run(self):
+ if setuptools:
+ 	setup_extra = {
+ 		'test_suite': "fail2ban.tests.utils.gatherTests",
+-		'use_2to3': True,
+ 	}
+ else:
+ 	setup_extra = {}
+@@ -202,9 +191,6 @@ def run(self):
+ 		('/usr/share/doc/fail2ban', doc_files)
+ 	)
+ 
+-# Get version number, avoiding importing fail2ban.
+-# This is due to tests not functioning for python3 as 2to3 takes place later
+-exec(open(join("fail2ban", "version.py")).read())
+ 
+ setup(
+ 	name = "fail2ban",
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
new file mode 100644
index 0000000000..91d973e72e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
@@ -0,0 +1,48 @@
+From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Mon, 4 Jan 2021 02:42:38 +0100
+Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
+ tests, considering interval from 2005 (alternate now) to now; + better
+ grouping algorithm for resulting century RE
+
+---
+ fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
+index 1464a96d1f..39fc795865 100644
+--- a/fail2ban/server/strptime.py
++++ b/fail2ban/server/strptime.py
+@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
+ 	Thereby respect possible run in the test-cases (alternate date used there)
+ 	"""
+ 	cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
++	def grp(exprset):
++		c = None
++		if len(exprset) > 1:
++			for i in exprset:
++				if c is None or i[0:-1] == c:
++					c = i[0:-1]
++				else:
++					c = None
++					break
++			if not c:
++				for i in exprset:
++					if c is None or i[0] == c:
++						c = i[0]
++					else:
++						c = None
++						break
++			if c:
++				return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
++		return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
++			if len(exprset) > 1 else "".join(exprset)
+ 	exprset = set( cent(now[0].year + i) for i in (-1, distance) )
+ 	if len(now) and now[1]:
+-		exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
+-	return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
++		exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
++	return grp(sorted(list(exprset)))
+ 
+ timeRE = TimeRE()
+ 
diff --git a/gnu/packages/patches/fail2ban-paths-guix-conf.patch b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
new file mode 100644
index 0000000000..8c2a5747ba
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
@@ -0,0 +1,32 @@
+From ef28dcf7a5bdbfd8ba586bb066d5ec53188a6bf9 Mon Sep 17 00:00:00 2001
+From: muradm <mail@muradm.net>
+Date: Fri, 15 Jul 2022 20:08:14 +0300
+Subject: [PATCH] Add paths-guix.conf file.
+
+---
+ config/paths-guix.conf | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+ create mode 100644 config/paths-guix.conf
+
+diff --git a/config/paths-guix.conf b/config/paths-guix.conf
+new file mode 100644
+index 00000000..b4a2e9f5
+--- /dev/null
++++ b/config/paths-guix.conf
+@@ -0,0 +1,13 @@
++# Guix
++
++[INCLUDES]
++
++before = paths-common.conf
++after = paths-overrides.local
++
++
++[DEFAULT]
++
++syslog_authpriv = /var/log/secure
++syslog_mail = /var/log/maillog
++syslog_mail_warn = /var/log/maillog
+-- 
+2.36.1
+
diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch b/gnu/packages/patches/fail2ban-python310-server-action.patch
new file mode 100644
index 0000000000..723d7f7aa6
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-action.patch
@@ -0,0 +1,27 @@
+From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:19:24 +0100
+Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
+ moved to the :mod:`collections.abc` module
+
+(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
+---
+ fail2ban/server/action.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
+index 3bc48fe046..f0f1e6f59a 100644
+--- a/fail2ban/server/action.py
++++ b/fail2ban/server/action.py
+@@ -30,7 +30,10 @@
+ import threading
+ import time
+ from abc import ABCMeta
+-from collections import MutableMapping
++try:
++	from collections.abc import MutableMapping
++except ImportError:
++	from collections import MutableMapping
+ 
+ from .failregex import mapTag2Opt
+ from .ipdns import DNSUtils
diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch b/gnu/packages/patches/fail2ban-python310-server-actions.patch
new file mode 100644
index 0000000000..e31316d28b
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-actions.patch
@@ -0,0 +1,25 @@
+From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:25:45 +0100
+Subject: [PATCH] amend for `Mapping`
+
+---
+ fail2ban/server/actions.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
+index b7b95b445a..897d907c1a 100644
+--- a/fail2ban/server/actions.py
++++ b/fail2ban/server/actions.py
+@@ -28,7 +28,10 @@
+ import os
+ import sys
+ import time
+-from collections import Mapping
++try:
++	from collections.abc import Mapping
++except ImportError:
++	from collections import Mapping
+ try:
+ 	from collections import OrderedDict
+ except ImportError:
diff --git a/gnu/packages/patches/fail2ban-python310-server-jails.patch b/gnu/packages/patches/fail2ban-python310-server-jails.patch
new file mode 100644
index 0000000000..e5873c415e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-jails.patch
@@ -0,0 +1,25 @@
+From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:35:59 +0100
+Subject: [PATCH] amend for `Mapping` (jails)
+
+---
+ fail2ban/server/jails.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py
+index 972a8c4bd2..27e12ddf65 100644
+--- a/fail2ban/server/jails.py
++++ b/fail2ban/server/jails.py
+@@ -22,7 +22,10 @@
+ __license__ = "GPL"
+ 
+ from threading import Lock
+-from collections import Mapping
++try:
++	from collections.abc import Mapping
++except ImportError:
++	from collections import Mapping
+ 
+ from ..exceptions import DuplicateJailException, UnknownJailException
+ from .jail import Jail