Accepting request 1217267 from security

- update to 1.1.0: * circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438) * avoid sporadic error in pyinotify backend if pending file deleted in other thread, e. g. by flushing logs (gh-3635) * `action.d/cloudflare-token.conf` - fixes gh-3479, url-encode args by unban * `action.d/*ipset*`: make `maxelem` ipset option configurable through banaction arguments (gh-3564) * `filter.d/apache-common.conf` - accepts remote besides client (gh-3622) * `filter.d/mysqld-auth.conf` - matches also if no suffix in message (mariadb 10.3 log format, gh-3603) * `filter.d/nginx-*.conf` - nginx error-log filters extended with support of journal format (gh-3646) * `filter.d/postfix.conf`: - "rejected" rule extended to match "Access denied" too - avoid double counting ('lost connection after AUTH' together with message 'disconnect ...', gh-3505) - add Sender address rejected: Malformed DNS server reply - add to postfix syslog daemon format (gh-3690) - change journalmatch postfix, allow sub-units with postfix@-.service (gh-3692) * `filter.d/recidive.conf`: support for systemd-journal, conditional RE depending on logtype (for file or journal, gh-3693) * `filter.d/slapd.conf` - filter rewritten for single-line processing, matches errored result without `text=...` (gh-3604) * supports python 3.12 and 3.13 (gh-3487) OBS-URL: https://build.opensuse.org/request/show/1217267 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=70
2024-10-23 19:11:23 +00:00 · 2024-10-23 19:11:23 +00:00 · 2e5142b6d5
commit 2e5142b6d5
parent b292e6fd31 1224d30dd2
7 changed files with 122 additions and 93 deletions
--- a/fail2ban-1.0.2.tar.gz
+++ b/fail2ban-1.0.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae8b0b41f27a7be12d40488789d6c258029b23a01168e3c0d347ee80b325ac23
-size 583295
--- a/fail2ban-1.0.2.tar.gz.asc
+++ b/fail2ban-1.0.2.tar.gz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAmNr0KgACgkQaDvxvr0K
-iCyG4Af/eP5ZQvTiGjo/f1oOuBH8wOo7ARlFOcQIbdhXy10vk3bqDjYHVWzXh12Q
-EdfyJVMXFI3XnDQkdXulOjnhX6YK3qYruudl0oDE7jyIWbHETFUpY7y00uxjTD+A
-aBk4XqBym67BtBR/5dfnhXOBYZ9EXcbopvEQXq1Lm4jRSurSQCiVpMY44psW60Rb
-dt1fdIg/GTjhsYNWO2L6DCObV1qdJcdk8Zw7rvk9aHe7iZ+PZW7htG8erTzzV9LV
-Lq6Bcwz6tEFInTvDBZXIhBimYrquWp97qwEC3d1cNbv9pjN69czgLtRaq5EiVu4R
-e8+y9LLToHFjKeji436S6985hBQnEA==
-=jGOy
-----END PGP SIGNATURE-----
--- a/fail2ban-1.1.0.tar.gz
+++ b/fail2ban-1.1.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:474fcc25afdaf929c74329d1e4d24420caabeea1ef2e041a267ce19269570bae
+size 603854
--- a/fail2ban-1.1.0.tar.gz.asc
+++ b/fail2ban-1.1.0.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAmYqzEoACgkQaDvxvr0K
+iCwMfQf9GcxsuVs/LiHeDYmmvFOxCmS2zO4K5pzDuX1JmtSzKCj9HbPSxUWbIZIc
+yJv+x8t6QNBPBMnxI70TP+RcxKpCO4Fc2WRcrYS5B6gDTKy9Ty0fHorHlA4QQthu
+ywoqxf1eddQKcwlk+lw/wI1QPwZ1xA93BkasJht/bTnhAvXJBeN1Tgf+jZ23bHHf
+9FIGV8zt8fvaAIG8lB22AD/+PhSYEkp1TRuRx9VEuBbkH00u1i054I0cHTrsu3Fr
+jTIljf5TgpmFyXHBCA6JT6nnGn0jsaNDT/lBNxUmw5BmMxGWUTv4SlKbcjKjgXRH
+MTZipOHHYPx/7IyKJJvB1p1gvmOxyg==
+=qvry
+-----END PGP SIGNATURE-----
--- a/fail2ban-disable-iptables-w-option.patch
+++ b/fail2ban-disable-iptables-w-option.patch
@ -1,14 +0,0 @@
--- fail2ban-1.0.1/config/action.d/iptables.conf.orig	2022-10-12 11:35:25.789327341 +0200
-+++ fail2ban-1.0.1/config/action.d/iptables.conf	2022-10-12 11:35:40.585449861 +0200
-@@ -138,8 +138,10 @@
- #          running concurrently and causing irratic behavior.  -w was introduced
- #          in iptables 1.4.20, so might be absent on older systems
- #          See https://github.com/fail2ban/fail2ban/issues/1122
-+#          The default option "-w" can be used for openSUSE versions 13.2+ and
-+#          for updated versions of openSUSE 13.1; SLE 12 supports this option.
- # Values:  STRING
-lockingopt = -w
-+lockingopt =
- 
- # Option:  iptables
- # Notes.:  Actual command to be executed, including common to all calls options
--- a/fail2ban.changes
+++ b/fail2ban.changes
@ -1,3 +1,56 @@
+-------------------------------------------------------------------
+Wed Oct 23 09:08:23 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.1.0:
+  * circumvent SEGFAULT in a python's socket module by
+    getaddrinfo with disabled IPv6 (gh-3438)
+  * avoid sporadic error in pyinotify backend if pending file
+    deleted in other thread, e. g. by flushing logs (gh-3635)
+  * `action.d/cloudflare-token.conf` - fixes gh-3479, url-encode
+    args by unban
+  * `action.d/*ipset*`: make `maxelem` ipset option configurable
+    through banaction arguments (gh-3564)
+  * `filter.d/apache-common.conf` - accepts remote besides client
+    (gh-3622)
+  * `filter.d/mysqld-auth.conf` - matches also if no suffix in
+    message (mariadb 10.3 log format, gh-3603)
+  * `filter.d/nginx-*.conf` - nginx error-log filters extended
+    with support of journal format (gh-3646)
+  * `filter.d/postfix.conf`:
+    - "rejected" rule extended to match "Access denied" too
+    - avoid double counting ('lost connection after AUTH'
+      together with message 'disconnect ...', gh-3505)
+    - add Sender address rejected: Malformed DNS server reply
+    - add to postfix syslog daemon format (gh-3690)
+    - change journalmatch postfix, allow sub-units with
+      postfix@-.service (gh-3692)
+  * `filter.d/recidive.conf`: support for systemd-journal,
+    conditional RE depending on logtype (for file or journal,
+    gh-3693)
+  * `filter.d/slapd.conf` - filter rewritten for single-line
+    processing, matches errored result without `text=...`
+    (gh-3604)
+  * supports python 3.12 and 3.13 (gh-3487)
+  * bundling async modules removed in python 3.12+ (fallback to
+    local libraries pyasyncore/pyasynchat if import would miss
+    them, gh-3487)
+  * `fail2ban-client` extended (gh-2975):
+    - `fail2ban-client status --all [flavor]` - returns status
+      of fail2ban and all jails in usual form
+    - `fail2ban-client stats` - returns statistic in form of
+      table (jail, backend, found and banned counts)
+    - `fail2ban-client statistic` or `fail2ban-client
+      statistics` - same as `fail2ban-client stats` (aliases for
+      stats)
+    - `fail2ban-client status --all stats` - (undocumented,
+      flavor "stats") returns statistic of all jails in form of
+      python dict
+  * `fail2ban-regex` extended to load settings from jail (by
+     simple name it'd prefer jail to the filter now, gh-2655);
+- drop fail2ban-disable-iptables-w-option.patch: only needed for
+  sle10 and older, which is no longer supported (is now python >=
+  3.5)
+
 -------------------------------------------------------------------
 Wed Sep  4 07:54:06 UTC 2024 - Marcus Meissner <meissner@suse.com>

--- a/fail2ban.spec
+++ b/fail2ban.spec
@ -22,7 +22,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           fail2ban
-Version:        1.0.2
+Version:        1.1.0
 Release:        0
 Summary:        Bans IP addresses that make too many authentication failures
 License:        GPL-2.0-or-later
@ -42,8 +42,6 @@ Source200:      fail2ban.keyring
 Patch100:       %{name}-opensuse-locations.patch
 # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberhofer@weberhofer.at -- openSUSE modifications to the service file
 Patch101:       %{name}-opensuse-service.patch
-# PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
-Patch200:       %{name}-disable-iptables-w-option.patch
 # PATCH-FIX-OPENSUSE fail2ban-0.10.4-env-script-interpreter.patch jweberhofer@weberhofer.at -- use exact path to define interpretor
 Patch201:       %{name}-0.10.4-env-script-interpreter.patch
 # PATCH-FEATURE-OPENSUSE fail2ban-opensuse-service-sfw.patch jweberhofer@weberhofer.at -- start after SuSEfirewall2 only for older distributions
@ -62,11 +60,9 @@ Requires:       cron
 Requires:       ed
 Requires:       iptables
 Requires:       logrotate
-Requires:       python3 >= 3.2
+Requires:       python3 >= 3.5
 Requires:       whois
-%if 0%{?suse_version} != 1110
 BuildArch:      noarch
-%endif
 %if 0%{?suse_version} >= 1230
 # systemd
 BuildRequires:  python3-systemd
@ -79,7 +75,7 @@ Requires:       systemd > 204
 Requires:       lsof
 Requires:       syslog
 %endif
-%if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010  && 0%{?suse_version} != 1110 && 0%{?suse_version} != 1315
+%if 0%{?suse_version} >= 1500
 BuildRequires:  python3-pyinotify >= 0.8.3
 Requires:       python3-pyinotify >= 0.8.3
 %endif
@ -134,9 +130,6 @@ sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf

 %patch -P 100 -p1
 %patch -P 101 -p1
-%if 0%{?suse_version} < 1310
-%patch -P 200 -p1
-%endif
 %patch -P 201 -p1
 %if !0%{?suse_version} > 1500
 %patch -P 300 -p1
@ -160,7 +153,6 @@ sed -i -e 's|^\([^_]*_backend = systemd\)|#\1|' config/paths-opensuse.conf

 %build
 export CFLAGS="%{optflags}"
-./fail2ban-2to3
 python3 setup.py build
 gzip man/*.{1,5}

@ -229,10 +221,8 @@ rm -r %{buildroot}%{_docdir}/%{name}
 %fdupes -s %{buildroot}%{python3_sitelib}

 %check
-#stat /dev/log
-#python -c "import platform; print(platform.system())"
 # tests require python-pyinotify to be installed, so don't run them on older versions
-%if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010  && 0%{?suse_version} != 1110 && 0%{?suse_version} != 1315
+%if 0%{?suse_version} >= 1500
 # Need a UTF-8 locale to work
 export LANG=en_US.UTF-8
 ./fail2ban-testcases-all --no-network || true