From 7eac4ac06fb03b8fce9b5d8bd368493482a1efe7 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Fri, 11 Feb 2022 21:11:29 +0100
Subject: [PATCH 1/2] fail2ban-regex: accepts filter parameters with new-line

---
 fail2ban/client/fail2banregex.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
index 90e178f9..8c03b2dd 100644
--- a/fail2ban/client/fail2banregex.py
+++ b/fail2ban/client/fail2banregex.py
@@ -334,7 +334,7 @@ class Fail2banRegex(object):
 		fltFile = None
 		fltOpt = {}
 		if regextype == 'fail':
-			if re.search(r'^/{0,3}[\w/_\-.]+(?:\[.*\])?$', value):
+			if re.search(r'^(?ms)/{0,3}[\w/_\-.]+(?:\[.*\])?$', value):
 				try:
 					fltName, fltOpt = extractOptions(value)
 					if "." in fltName[~5:]:

From e2d50f38a6ef2511fee6b49f42b98f6d867625b2 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Thu, 3 Mar 2022 15:04:34 +0100
Subject: [PATCH 2/2] amend to #2279: ensure that `<F-MLFGAINED>` match would
 reset all pending multi-line failures

---
 fail2ban/server/filter.py               |  2 ++
 fail2ban/tests/fail2banregextestcase.py | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py
index f8417d2d..041773ab 100644
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@@ -793,6 +793,8 @@ class Filter(JailThread):
 			# be sure we've correct current state ('nofail' and 'mlfgained' only from last failure)
 			if mlfidGroups.pop('nofail', None): nfflgs |= 4
 			if mlfidGroups.pop('mlfgained', None): nfflgs |= 4
+			# gained resets all pending failures (retaining users to check it later)
+			if nfflgs & 8: mlfidGroups.pop('mlfpending', None)
 			# if we had no pending failures then clear the matches (they are already provided):
 			if (nfflgs & 4) == 0 and not mlfidGroups.get('mlfpending', 0):
 				mlfidGroups.pop("matches", None)
diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py
index 1c55e227..00808ddd 100644
--- a/fail2ban/tests/fail2banregextestcase.py
+++ b/fail2ban/tests/fail2banregextestcase.py
@@ -440,6 +440,27 @@ class Fail2banRegexTest(LogCaptureTestCase):
 			'192.0.2.1, git, '+lines[-1],
 			all=True)
 
+	def testOutputNoPendingFailuresAfterGained(self):
+		unittest.F2B.SkipIfCfgMissing(stock=True)
+		# connect finished without authorization must generate a failure, because
+		# connect started will produce pending failure which gets reset by gained
+		# connect authorized.
+		self.assertTrue(_test_exec('-o', 'failure from == <ip> ==',
+			'-c', CONFIG_DIR, '-d', '{NONE}',
+			'svc[1] connect started 192.0.2.3\n'
+			'svc[1] connect finished 192.0.2.3\n'
+			'svc[2] connect started 192.0.2.4\n'
+			'svc[2] connect authorized 192.0.2.4\n'
+			'svc[2] connect finished 192.0.2.4\n',
+			'common[prefregex="^svc\[<F-MLFID>\d+</F-MLFID>\] connect <F-CONTENT>.+</F-CONTENT>$"'
+			', failregex="'
+			'^started\n'
+			'^<F-NOFAIL><F-MLFFORGET>finished</F-MLFFORGET></F-NOFAIL> <ADDR>\n'
+			'^<F-MLFGAINED>authorized</F-MLFGAINED> <ADDR>'
+			'", maxlines=1]'
+		))
+		self.assertLogged('failure from == 192.0.2.3 ==')
+		self.assertNotLogged('failure from == 192.0.2.4 ==')
 
 	def testWrongFilterFile(self):
 		# use test log as filter file to cover eror cases...