[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#56579] [PATCH v2] gnu: admin: Add fail2ban 0.11.2.
From: |
muradm |
Subject: |
[bug#56579] [PATCH v2] gnu: admin: Add fail2ban 0.11.2. |
Date: |
Fri, 15 Jul 2022 22:02:46 +0300 |
* gnu/packages/admin.scm (fail2ban): New variable.
---
gnu/packages/admin.scm | 181 ++++++++++++++++++
.../fail2ban-0.11.2_CVE-2021-32749.patch | 155 +++++++++++++++
...2ban-0.11.2_fix-setuptools-drop-2to3.patch | 64 +++++++
.../fail2ban-0.11.2_fix-test-suite.patch | 48 +++++
.../patches/fail2ban-paths-guix-conf.patch | 32 ++++
.../fail2ban-python310-server-action.patch | 27 +++
.../fail2ban-python310-server-actions.patch | 25 +++
.../fail2ban-python310-server-jails.patch | 25 +++
8 files changed, 557 insertions(+)
create mode 100644 gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
create mode 100644
gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
create mode 100644 gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
create mode 100644 gnu/packages/patches/fail2ban-paths-guix-conf.patch
create mode 100644 gnu/packages/patches/fail2ban-python310-server-action.patch
create mode 100644 gnu/packages/patches/fail2ban-python310-server-actions.patch
create mode 100644 gnu/packages/patches/fail2ban-python310-server-jails.patch
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 88cb8fded9..183d0a0cb5 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -100,6 +100,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages cross-base)
#:use-module (gnu packages crypto)
#:use-module (gnu packages cryptsetup)
+ #:use-module (gnu packages curl)
#:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages dns)
#:use-module (gnu packages elf)
@@ -134,6 +135,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages mcrypt)
#:use-module (gnu packages mpi)
#:use-module (gnu packages ncurses)
+ #:use-module (gnu packages networking)
#:use-module (gnu packages openldap)
#:use-module (gnu packages patchutils)
#:use-module (gnu packages pciutils)
@@ -152,6 +154,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages ruby)
#:use-module (gnu packages selinux)
#:use-module (gnu packages serialization)
+ #:use-module (gnu packages sqlite)
#:use-module (gnu packages ssh)
#:use-module (gnu packages sphinx)
#:use-module (gnu packages tcl)
@@ -5231,3 +5234,181 @@ (define-public seatd
mediate access to shared devices, such as graphics and input, for applications
that require it.")
(license license:expat)))
+
+(define-public fail2ban
+ (package
+ (name "fail2ban")
+ (version "0.11.2")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/fail2ban/fail2ban")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "00d9q8m284q2wy6q462nipzszplfbvrs9fhgn0y3imwsc24kv1db"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; get rid of absolute paths
+ (substitute* "setup.py"
+ (("/etc/fail2ban") "etc/fail2ban")
+ (("/var/lib/fail2ban") "var/lib/fail2ban")
+ (("\"/usr/bin/\"") "\"usr/bin/\"")
+ (("\"/usr/lib/fail2ban/\"") "\"usr/lib/fail2ban/\"")
+ (("'/usr/share/doc/fail2ban'") "'usr/share/doc/fail2ban'"))
+ ;; disable tests performing unacceptable side-effects
+ (substitute* "fail2ban/tests/utils.py"
+
(("tests.addTest.unittest.makeSuite.actiontestcase.CommandActionTest..") "")
+ (("tests.addTest.unittest.makeSuite.misctestcase.SetupTest..") "")
+
(("tests.addTest.unittest.makeSuite.filtertestcase.DNSUtilsNetworkTests..") "")
+
(("tests.addTest.unittest.makeSuite.filtertestcase.IgnoreIPDNS..") "")
+
(("tests.addTest.unittest.makeSuite.filtertestcase.GetFailures..") "")
+
(("tests.addTest.unittest.makeSuite.fail2banclienttestcase.Fail2banServerTest..")
"")
+
(("tests.addTest.unittest.makeSuite.servertestcase.ServerConfigReaderTests..")
""))))
+ (patches
+ (search-patches
+ "fail2ban-0.11.2_fix-setuptools-drop-2to3.patch"
+ "fail2ban-python310-server-action.patch"
+ "fail2ban-python310-server-actions.patch"
+ "fail2ban-python310-server-jails.patch"
+ "fail2ban-0.11.2_fix-test-suite.patch"
+ "fail2ban-0.11.2_CVE-2021-32749.patch"
+ "fail2ban-paths-guix-conf.patch"))))
+ (build-system python-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (add-before 'build 'invoke-2to3
+ (lambda _
+ (invoke "./fail2ban-2to3")))
+ (add-before 'install 'set-action-dependencies
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; deleting things that are not feasible to fix
+ ;; or won't be used any way
+ (for-each delete-file
+ '("config/paths-arch.conf"
+ "config/paths-debian.conf"
+ "config/paths-fedora.conf"
+ "config/paths-freebsd.conf"
+ "config/paths-opensuse.conf"
+ "config/paths-osx.conf"
+ "config/action.d/apf.conf"
+ "config/action.d/bsd-ipfw.conf"
+ "config/action.d/dshield.conf"
+ "config/action.d/ipfilter.conf"
+ "config/action.d/ipfw.conf"
+ "config/action.d/firewallcmd-allports.conf"
+ "config/action.d/firewallcmd-common.conf"
+ "config/action.d/firewallcmd-ipset.conf"
+ "config/action.d/firewallcmd-multiport.conf"
+ "config/action.d/firewallcmd-new.conf"
+
"config/action.d/firewallcmd-rich-logging.conf"
+ "config/action.d/firewallcmd-rich-rules.conf"
+ "config/action.d/osx-afctl.conf"
+ "config/action.d/osx-ipfw.conf"
+ "config/action.d/pf.conf"
+ "config/action.d/nginx-block-map.conf"
+ "config/action.d/npf.conf"
+ "config/action.d/shorewall.conf"
+ "config/action.d/shorewall-ipset-proto6.conf"
+ "config/action.d/ufw.conf"))
+ (let* ((awk (search-input-file inputs "/bin/awk"))
+ (cat (search-input-file inputs "/bin/cat"))
+ (curl (search-input-file inputs "/bin/curl"))
+ (cut (search-input-file inputs "/bin/cut"))
+ (date (search-input-file inputs "/bin/date"))
+ (dig (search-input-file inputs "/bin/dig"))
+ (echo (search-input-file inputs "/bin/echo"))
+ (grep (search-input-file inputs "/bin/grep"))
+ (head (search-input-file inputs "/bin/head"))
+ (id (search-input-file inputs "/bin/id"))
+ (ip (search-input-file inputs "/sbin/ip"))
+ (ipset (search-input-file inputs "/sbin/ipset"))
+ (ip6tables (search-input-file inputs
"/sbin/ip6tables"))
+ (iptables (search-input-file inputs
"/sbin/iptables"))
+ (jq (search-input-file inputs "/bin/jq"))
+ (nft (search-input-file inputs "/sbin/nft"))
+ (nsupdate (search-input-file inputs
"/bin/nsupdate"))
+ (perl (search-input-file inputs "/bin/perl"))
+ (printf (search-input-file inputs "/bin/printf"))
+ (rm (search-input-file inputs "/bin/rm"))
+ (sed (search-input-file inputs "/bin/sed"))
+ (sendmail (search-input-file inputs
"/sbin/sendmail"))
+ (tail (search-input-file inputs "/bin/tail"))
+ (test (search-input-file inputs "/bin/test"))
+ (touch (search-input-file inputs "/bin/touch"))
+ (tr (search-input-file inputs "/bin/tr"))
+ (truncate (search-input-file inputs
"/bin/truncate"))
+ (wc (search-input-file inputs "/bin/wc"))
+ (whois (search-input-file inputs "/bin/whois")))
+ (for-each
+ (lambda (f)
+ (substitute* f
+ ;; TODO: deal with geoiplookup ..
+ (("awk") awk)
+ (("cat ") (string-append cat " "))
+ (("curl") curl)
+ (("cut -d") (string-append cut " -d"))
+ ((" date ") (string-append " " date " "))
+ (("`date`") (string-append "`" date "`"))
+ (("dig") dig)
+ (("echo ") (string-append echo " "))
+ (("grep ") (string-append grep " "))
+ (("head ") (string-append head " "))
+ (("id -") (string-append id " -"))
+ (("ip -4 addr") (string-append ip " -4 addr"))
+ (("ip -6 addr") (string-append ip " -6 addr"))
+ (("ip route") (string-append ip " route"))
+ (("ipset ") (string-append ipset " "))
+ (("iptables <") (string-append iptables " <"))
+ (("ip6tables <") (string-append ip6tables " <"))
+ (("jq") jq)
+ (("/usr/bin/nsupdate") nsupdate)
+ (("mail -E") (string-append sendmail " -E"))
+ (("nftables = nft") (string-append "nftables = "
nft))
+ (("perl -e") (string-append perl " -e"))
+ (("printf ") (string-append printf " "))
+ ((" rm ") (string-append " " rm " "))
+ ((" sed ") (string-append " " sed " "))
+ (("/usr/sbin/sendmail") sendmail)
+ ((" tail ") (string-append " " tail " "))
+ (("test -e") (string-append test " -e"))
+ ((" touch ") (string-append " " touch " "))
+ ((" tr ") (string-append " " tr " "))
+ (("wc ") (string-append wc " "))
+ (("_whois = whois") (string-append "_whois = "
whois))))
+ (find-files "config/action.d" "\\.conf$")))
+ (substitute* "config/jail.conf"
+ (("before = paths-debian.conf") "before =
paths-guix.conf")))))))
+ (inputs (list
+ gawk
+ coreutils
+ curl
+ grep
+ jq
+ iproute
+ ipset
+ iptables
+ `(,isc-bind "utils")
+ nftables
+ perl
+ python-pyinotify
+ sed
+ sendmail
+ sqlite
+ whois))
+ (home-page "http://www.fail2ban.org")
+ (synopsis "Daemon to ban hosts that cause multiple authentication errors")
+ (description "Fail2Ban scans log files like /var/log/auth.log and bans IP
+addresses conducting too many failed login attempts. It does this by updating
+system firewall rules to reject new connections from those IP addresses, for
+a configurable amount of time. Fail2Ban comes out-of-the-box ready to read
+many standard log files, such as those for sshd and Apache, and is easily
+configured to read any log file of your choosing, for any error you wish.
+
+Though Fail2Ban is able to reduce the rate of incorrect authentication
+attempts, it cannot eliminate the risk presented by weak authentication. Set
+up services to use only two factor, or public/private authentication
+mechanisms if you really want to protect services.")
+ (license license:gpl2)))
diff --git a/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
new file mode 100644
index 0000000000..d3c677918c
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_CVE-2021-32749.patch
@@ -0,0 +1,155 @@
+From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
+From: sebres <serg.brester@sebres.de>
+Date: Mon, 21 Jun 2021 17:12:53 +0200
+Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
+ (default tilde) stops consider "~" char after new-line as composing escape
+ sequence
+
+---
+ config/action.d/complain.conf | 2 +-
+ config/action.d/dshield.conf | 2 +-
+ config/action.d/mail-buffered.conf | 8 ++++----
+ config/action.d/mail-whois-lines.conf | 2 +-
+ config/action.d/mail-whois.conf | 6 +++---
+ config/action.d/mail.conf | 6 +++---
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
+index 3a5f882c9f..4d73b05859 100644
+--- a/config/action.d/complain.conf
++++ b/config/action.d/complain.conf
+@@ -102,7 +102,7 @@ logpath = /dev/null
+ # Notes.: Your system mail command. Is passed 2 args: subject and recipient
+ # Values: CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+
+ # Option: mailargs
+ # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
+index c128bef348..3d5a7a53a9 100644
+--- a/config/action.d/dshield.conf
++++ b/config/action.d/dshield.conf
+@@ -179,7 +179,7 @@ tcpflags =
+ # Notes.: Your system mail command. Is passed 2 args: subject and recipient
+ # Values: CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+
+ # Option: mailargs
+ # Notes.: Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/mail-buffered.conf
b/config/action.d/mail-buffered.conf
+index 325f185b2f..79b841049c 100644
+--- a/config/action.d/mail-buffered.conf
++++ b/config/action.d/mail-buffered.conf
+@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
+ The jail <name> has been started successfully.\n
+ Output will be buffered until <lines> lines are available.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started
on <fq-hostname>" <dest>
+
+ # Option: actionstop
+ # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -28,13 +28,13 @@ actionstop = if [ -f <tmpfile> ]; then
+ These hosts have been banned by Fail2Ban.\n
+ `cat <tmpfile>`
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary from
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>:
Summary from <fq-hostname>" <dest>
+ rm <tmpfile>
+ fi
+ printf %%b "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on
<fq-hostname>" <dest>
+
+ # Option: actioncheck
+ # Notes.: command executed once before each actionban command
+@@ -55,7 +55,7 @@ actionban = printf %%b "`date`: <ip> (<failures>
failures)\n" >> <tmpfile>
+ These hosts have been banned by Fail2Ban.\n
+ `cat <tmpfile>`
+ \nRegards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: Summary" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>:
Summary" <dest>
+ rm <tmpfile>
+ fi
+
+diff --git a/config/action.d/mail-whois-lines.conf
b/config/action.d/mail-whois-lines.conf
+index 3a3e56b2c7..d2818cb9b9 100644
+--- a/config/action.d/mail-whois-lines.conf
++++ b/config/action.d/mail-whois-lines.conf
+@@ -72,7 +72,7 @@ actionunban =
+ # Notes.: Your system mail command. Is passed 2 args: subject and recipient
+ # Values: CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+
+ # Default name of the chain
+ #
+diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
+index 7fea34c40d..ab33b616dc 100644
+--- a/config/action.d/mail-whois.conf
++++ b/config/action.d/mail-whois.conf
+@@ -20,7 +20,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+ The jail <name> has been started successfully.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started
on <fq-hostname>" <dest>
+
+ # Option: actionstop
+ # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on
<fq-hostname>" <dest>
+
+ # Option: actioncheck
+ # Notes.: command executed once before each actionban command
+@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
+ Here is more information about <ip> :\n
+ `%(_whois_command)s`\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip>
from <fq-hostname>" <dest>
+
+ # Option: actionunban
+ # Notes.: command executed when unbanning an IP. Take care that the
+diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
+index 5d8c0e154c..f4838ddcb6 100644
+--- a/config/action.d/mail.conf
++++ b/config/action.d/mail.conf
+@@ -16,7 +16,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+ The jail <name> has been started successfully.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: started on
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: started
on <fq-hostname>" <dest>
+
+ # Option: actionstop
+ # Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+ The jail <name> has been stopped.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped on <fq-hostname>"
<dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: stopped on
<fq-hostname>" <dest>
+
+ # Option: actioncheck
+ # Notes.: command executed once before each actionban command
+@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
+ The IP <ip> has just been banned by Fail2Ban after
+ <failures> attempts against <name>.\n
+ Regards,\n
+- Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from
<fq-hostname>" <dest>
++ Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] <name>: banned <ip>
from <fq-hostname>" <dest>
+
+ # Option: actionunban
+ # Notes.: command executed when unbanning an IP. Take care that the
diff --git
a/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
new file mode 100644
index 0000000000..b0b14364b1
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-setuptools-drop-2to3.patch
@@ -0,0 +1,64 @@
+From 5ac303df8a171f748330d4c645ccbf1c2c7f3497 Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Sun, 19 Sep 2021 18:49:18 +0200
+Subject: [PATCH] fix gh-3098: build fails with error in fail2ban setup
+ command: use_2to3 is invalid (setuptools 58+)
+
+---
+ setup.py | 16 +---------------
+ 1 file changed, 1 insertion(+), 15 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index f4c2550f6f..98413273c5 100755
+--- a/setup.py
++++ b/setup.py
+@@ -48,7 +48,7 @@
+ from glob import glob
+
+ from fail2ban.setup import updatePyExec
+-
++from fail2ban.version import version
+
+ source_dir = os.path.realpath(os.path.dirname(
+ # __file__ seems to be overwritten sometimes on some python versions
(e.g. bug of 2.6 by running under cProfile, etc.):
+@@ -112,22 +112,12 @@ def update_scripts(self, dry_run=False):
+ # Wrapper to specify fail2ban own options:
+ class install_command_f2b(install):
+ user_options = install.user_options + [
+- ('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the
install runs from fail2ban test-cases.'),
+ ('without-tests', None, 'without tests files installation'),
+ ]
+ def initialize_options(self):
+- self.disable_2to3 = None
+ self.without_tests = not with_tests
+ install.initialize_options(self)
+ def finalize_options(self):
+- global _2to3
+- ## in the test cases 2to3 should be already done
(fail2ban-2to3):
+- if self.disable_2to3:
+- _2to3 = False
+- if _2to3:
+- cmdclass = self.distribution.cmdclass
+- cmdclass['build_py'] = build_py_2to3
+- cmdclass['build_scripts'] = build_scripts_2to3
+ if self.without_tests:
+
self.distribution.scripts.remove('bin/fail2ban-testcases')
+
+@@ -178,7 +168,6 @@ def run(self):
+ if setuptools:
+ setup_extra = {
+ 'test_suite': "fail2ban.tests.utils.gatherTests",
+- 'use_2to3': True,
+ }
+ else:
+ setup_extra = {}
+@@ -202,9 +191,6 @@ def run(self):
+ ('/usr/share/doc/fail2ban', doc_files)
+ )
+
+-# Get version number, avoiding importing fail2ban.
+-# This is due to tests not functioning for python3 as 2to3 takes place later
+-exec(open(join("fail2ban", "version.py")).read())
+
+ setup(
+ name = "fail2ban",
diff --git a/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
new file mode 100644
index 0000000000..91d973e72e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-0.11.2_fix-test-suite.patch
@@ -0,0 +1,48 @@
+From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
+From: sebres <info@sebres.de>
+Date: Mon, 4 Jan 2021 02:42:38 +0100
+Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
+ tests, considering interval from 2005 (alternate now) to now; + better
+ grouping algorithm for resulting century RE
+
+---
+ fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
+index 1464a96d1f..39fc795865 100644
+--- a/fail2ban/server/strptime.py
++++ b/fail2ban/server/strptime.py
+@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3,
now=(MyTime.now(), MyTime.alternateNo
+ Thereby respect possible run in the test-cases (alternate date used
there)
+ """
+ cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
++ def grp(exprset):
++ c = None
++ if len(exprset) > 1:
++ for i in exprset:
++ if c is None or i[0:-1] == c:
++ c = i[0:-1]
++ else:
++ c = None
++ break
++ if not c:
++ for i in exprset:
++ if c is None or i[0] == c:
++ c = i[0]
++ else:
++ c = None
++ break
++ if c:
++ return "%s%s" % (c, grp([i[len(c):] for i in
exprset]))
++ return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1
else "[%s]" % "".join(exprset)) \
++ if len(exprset) > 1 else "".join(exprset)
+ exprset = set( cent(now[0].year + i) for i in (-1, distance) )
+ if len(now) and now[1]:
+- exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
+- return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else
"".join(exprset)
++ exprset |= set( cent(now[1].year + i) for i in xrange(-1,
now[0].year-now[1].year+1, distance) )
++ return grp(sorted(list(exprset)))
+
+ timeRE = TimeRE()
+
diff --git a/gnu/packages/patches/fail2ban-paths-guix-conf.patch
b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
new file mode 100644
index 0000000000..8c2a5747ba
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-paths-guix-conf.patch
@@ -0,0 +1,32 @@
+From ef28dcf7a5bdbfd8ba586bb066d5ec53188a6bf9 Mon Sep 17 00:00:00 2001
+From: muradm <mail@muradm.net>
+Date: Fri, 15 Jul 2022 20:08:14 +0300
+Subject: [PATCH] Add paths-guix.conf file.
+
+---
+ config/paths-guix.conf | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+ create mode 100644 config/paths-guix.conf
+
+diff --git a/config/paths-guix.conf b/config/paths-guix.conf
+new file mode 100644
+index 00000000..b4a2e9f5
+--- /dev/null
++++ b/config/paths-guix.conf
+@@ -0,0 +1,13 @@
++# Guix
++
++[INCLUDES]
++
++before = paths-common.conf
++after = paths-overrides.local
++
++
++[DEFAULT]
++
++syslog_authpriv = /var/log/secure
++syslog_mail = /var/log/maillog
++syslog_mail_warn = /var/log/maillog
+--
+2.36.1
+
diff --git a/gnu/packages/patches/fail2ban-python310-server-action.patch
b/gnu/packages/patches/fail2ban-python310-server-action.patch
new file mode 100644
index 0000000000..723d7f7aa6
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-action.patch
@@ -0,0 +1,27 @@
+From 2b6bb2c1bed8f7009631e8f8c306fa3160324a49 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:19:24 +0100
+Subject: [PATCH] follow bpo-37324: :ref:`collections-abstract-base-classes`
+ moved to the :mod:`collections.abc` module
+
+(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
+---
+ fail2ban/server/action.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
+index 3bc48fe046..f0f1e6f59a 100644
+--- a/fail2ban/server/action.py
++++ b/fail2ban/server/action.py
+@@ -30,7 +30,10 @@
+ import threading
+ import time
+ from abc import ABCMeta
+-from collections import MutableMapping
++try:
++ from collections.abc import MutableMapping
++except ImportError:
++ from collections import MutableMapping
+
+ from .failregex import mapTag2Opt
+ from .ipdns import DNSUtils
diff --git a/gnu/packages/patches/fail2ban-python310-server-actions.patch
b/gnu/packages/patches/fail2ban-python310-server-actions.patch
new file mode 100644
index 0000000000..e31316d28b
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-actions.patch
@@ -0,0 +1,25 @@
+From 42dee38ad2ac5c3f23bdf297d824022923270dd9 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:25:45 +0100
+Subject: [PATCH] amend for `Mapping`
+
+---
+ fail2ban/server/actions.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
+index b7b95b445a..897d907c1a 100644
+--- a/fail2ban/server/actions.py
++++ b/fail2ban/server/actions.py
+@@ -28,7 +28,10 @@
+ import os
+ import sys
+ import time
+-from collections import Mapping
++try:
++ from collections.abc import Mapping
++except ImportError:
++ from collections import Mapping
+ try:
+ from collections import OrderedDict
+ except ImportError:
diff --git a/gnu/packages/patches/fail2ban-python310-server-jails.patch
b/gnu/packages/patches/fail2ban-python310-server-jails.patch
new file mode 100644
index 0000000000..e5873c415e
--- /dev/null
+++ b/gnu/packages/patches/fail2ban-python310-server-jails.patch
@@ -0,0 +1,25 @@
+From 9f1d1f4fbd0804695a976beb191f2c49a2739834 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" <serg.brester@sebres.de>
+Date: Mon, 8 Feb 2021 17:35:59 +0100
+Subject: [PATCH] amend for `Mapping` (jails)
+
+---
+ fail2ban/server/jails.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py
+index 972a8c4bd2..27e12ddf65 100644
+--- a/fail2ban/server/jails.py
++++ b/fail2ban/server/jails.py
+@@ -22,7 +22,10 @@
+ __license__ = "GPL"
+
+ from threading import Lock
+-from collections import Mapping
++try:
++ from collections.abc import Mapping
++except ImportError:
++ from collections import Mapping
+
+ from ..exceptions import DuplicateJailException, UnknownJailException
+ from .jail import Jail
--
2.36.1