From d4e0fc4a34c85f4c3ffa83e5dd7b8c1aa67dcc1a Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue, 6 Nov 2007 17:44:27 -0500
Subject: [PATCH] * Propagated "Fixed removal of host in hosts.deny" from
 0.7.6, to prevent   possible DoS

---
 debian/changelog                   |  2 ++
 debian/patches/00_hostsdeny.dpatch | 32 ++++++++++++++++++++++++++++++
 debian/patches/00list              |  1 +
 3 files changed, 35 insertions(+)
 create mode 100755 debian/patches/00_hostsdeny.dpatch

diff --git a/debian/changelog b/debian/changelog
index ee5c87f2..eded95db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ fail2ban (0.7.5-2etch1~pre3) stable-security; urgency=low
     never was hit by any Debian user yet
   * Added patch 00_numeric_iptables-L to avoid possible DoS attacks
     (introduced upstream in 0.7.6)
+  * Propagated "Fixed removal of host in hosts.deny" from 0.7.6, to prevent
+    possible DoS
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 01 May 2007 22:18:03 -0400
 
diff --git a/debian/patches/00_hostsdeny.dpatch b/debian/patches/00_hostsdeny.dpatch
new file mode 100755
index 00000000..badddaf7
--- /dev/null
+++ b/debian/patches/00_hostsdeny.dpatch
@@ -0,0 +1,32 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_hostsdeny.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fail2ban~/config/action.d/hostsdeny.conf fail2ban/config/action.d/hostsdeny.conf
+--- fail2ban~/config/action.d/hostsdeny.conf	2007-11-06 16:19:12.000000000 -0500
++++ fail2ban/config/action.d/hostsdeny.conf	2007-11-06 16:19:56.000000000 -0500
+@@ -44,9 +44,7 @@
+ #          <time>  unix timestamp of the ban time
+ # Values:  CMD
+ #
+-actionunban = IP=<ip> &&
+-              grep -v "ALL: $IP" <file> > <tmpfile> &&
+-              mv <tmpfile> <file>
++actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
+ 
+ [Init]
+ 
+@@ -55,10 +53,3 @@
+ # Values:  STR  Default:  /etc/hosts.deny
+ #
+ file = /etc/hosts.deny
+-
+-# Option:  file
+-# Notes.:  hosts.deny temporary file path.
+-# Values:  STR  Default:  /etc/hostsdeny.failban
+-#
+-tmpfile = /tmp/hosts.deny.tmp
+-
diff --git a/debian/patches/00list b/debian/patches/00list
index 1f81dbce..e4298495 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -8,3 +8,4 @@ X00_rigid_python24
 10_wuftpd_section
 00_mail-whois-lines
 s00_asctime-0.7.8
+00_hostsdeny