Accepting request 245601 from home:weberho:BACKPORTS:webserver

Updated patch information in the .changes and the spec file

OBS-URL: https://build.opensuse.org/request/show/245601
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=47

0.8.14.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2d579d9f403eb95064781ffb28aca2b258ca55d7a2ba056a8fa2b3e6b79721f2
+size 228121

fail2ban-0.8.13.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f709a6a180553bbb20b7c27d686703d930d50ea99aeed47e70df427b6de494d3
-size 188068

fail2ban-opensuse-locations.patch

@@ -0,0 +1,256 @@
+diff -ur fail2ban-0.8.14.orig/config/jail.conf fail2ban-0.8.14/config/jail.conf
+--- fail2ban-0.8.14.orig/config/jail.conf	2014-08-19 22:23:33.000000000 +0200
++++ fail2ban-0.8.14/config/jail.conf	2014-08-20 17:39:21.428256837 +0200
+@@ -80,7 +80,7 @@
+ enabled = false
+ filter  = pam-generic
+ action  = iptables-allports[name=pam,protocol=all]
+-logpath = /var/log/secure
++logpath =  /var/log/messages
+ 
+ 
+ [xinetd-fail]
+@@ -97,7 +97,7 @@
+ filter   = sshd
+ action   = iptables[name=SSH, port=ssh, protocol=tcp]
+            sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/messages
+ maxretry = 5
+ 
+ 
+@@ -106,7 +106,7 @@
+ enabled  = false
+ filter   = sshd-ddos
+ action   = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
+-logpath  = /var/log/sshd.log
++logpath  =  /var/log/messages
+ maxretry = 2
+ 
+ 
+@@ -135,7 +135,7 @@
+ filter   = gssftpd
+ action   = iptables[name=GSSFTPd, port=ftp, protocol=tcp]
+            sendmail-whois[name=GSSFTPd, dest=you@example.com]
+-logpath  = /var/log/daemon.log
++logpath  = /var/log/messages
+ maxretry = 6
+ 
+ 
+@@ -144,7 +144,7 @@
+ enabled  = false
+ filter   = pure-ftpd
+ action   = iptables[name=pureftpd, port=ftp, protocol=tcp]
+-logpath  = /var/log/pureftpd.log
++logpath  = /var/log/messages
+ maxretry = 6
+ 
+ 
+@@ -153,7 +153,7 @@
+ enabled  = false
+ filter   = wuftpd
+ action   = iptables[name=wuftpd, port=ftp, protocol=tcp]
+-logpath  = /var/log/daemon.log
++logpath  = /var/log/messages
+ maxretry = 6
+ 
+ 
+@@ -162,7 +162,7 @@
+ enabled  = false
+ filter   = sendmail-auth
+ action   = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
+-logpath  = /var/log/mail.log
++logpath  = /var/log/mail
+ 
+ 
+ [sendmail-reject]
+@@ -170,7 +170,7 @@
+ enabled  = false
+ filter   = sendmail-reject
+ action   = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
+-logpath  = /var/log/mail.log
++logpath  = /var/log/mail
+ 
+ 
+ # This jail forces the backend to "polling".
+@@ -181,7 +181,7 @@
+ backend  = polling
+ action   = iptables[name=sasl, port=smtp, protocol=tcp]
+            sendmail-whois[name=sasl, dest=you@example.com]
+-logpath  = /var/log/mail.log
++logpath  = /var/log/mail
+ 
+ 
+ # ASSP SMTP Proxy Jail
+@@ -202,7 +202,7 @@
+ action      = hostsdeny[daemon_list=sshd]
+               sendmail-whois[name=SSH, dest=you@example.com]
+ ignoreregex = for myuser from
+-logpath     = /var/log/sshd.log
++logpath     = /var/log/messages
+ 
+ 
+ # Here we use blackhole routes for not requiring any additional kernel support
+@@ -212,7 +212,7 @@
+ enabled  = false
+ filter   = sshd
+ action   = route
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/messages
+ maxretry = 5
+ 
+ 
+@@ -226,7 +226,7 @@
+ enabled  = false
+ filter   = sshd
+ action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/messages
+ maxretry = 5
+ 
+ 
+@@ -235,7 +235,7 @@
+ enabled  = false
+ filter   = sshd
+ action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/messages
+ maxretry = 5
+ 
+ 
+@@ -329,7 +329,7 @@
+ enabled = false
+ filter  = cyrus-imap
+ action  = iptables-multiport[name=cyrus-imap,port="143,993"]
+-logpath = /var/log/mail*log
++logpath = /var/log/mail
+ 
+ 
+ [courierlogin]
+@@ -337,7 +337,7 @@
+ enabled = false
+ filter  = courierlogin
+ action  = iptables-multiport[name=courierlogin,port="25,110,143,465,587,993,995"]
+-logpath = /var/log/mail*log
++logpath = /var/log/mail
+ 
+ 
+ [couriersmtp]
+@@ -345,7 +345,7 @@
+ enabled = false
+ filter  = couriersmtp
+ action  = iptables-multiport[name=couriersmtp,port="25,465,587"]
+-logpath = /var/log/mail*log
++logpath = /var/log/mail
+ 
+ 
+ [qmail-rbl]
+@@ -361,7 +361,7 @@
+ enabled = false
+ filter  = sieve
+ action  = iptables-multiport[name=sieve,port="25,465,587"]
+-logpath = /var/log/mail*log
++logpath = /var/log/mail
+ 
+ 
+ # Do not ban anybody. Just report information about the remote host.
+@@ -396,7 +396,8 @@
+ filter   = apache-badbots
+ action   = iptables-multiport[name=BadBots, port="http,https"]
+            sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
+-logpath  = /var/www/*/logs/access_log
++logpath  = /var/log/apache/access_log
++           /var/log/apache2/*/access_log
+ bantime  = 172800
+ maxretry = 1
+ 
+@@ -466,7 +467,7 @@
+ enabled  = false
+ action   = iptables-multiport[name=php-url-open, port="http,https"]
+ filter   = php-url-fopen
+-logpath  = /var/www/*/logs/access_log
++logpath  = /var/log/apache/access_log
+ maxretry = 1
+ 
+ 
+@@ -500,7 +501,7 @@
+ filter   = sshd
+ action   = ipfw[localhost=192.168.0.1]
+            sendmail-whois[name="SSH,IPFW", dest=you@example.com]
+-logpath  = /var/log/auth.log
++logpath  = /var/log/messages
+ ignoreip = 168.192.0.1
+ 
+ 
+@@ -531,7 +532,7 @@
+ filter   = named-refused
+ action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
+            sendmail-whois[name=Named, dest=you@example.com]
+-logpath  = /var/log/named/security.log
++logpath  = /var/lib/named/log/security.log
+ ignoreip = 168.192.0.1
+ 
+ 
+@@ -601,7 +602,7 @@
+ filter   = mysqld-auth
+ action   = iptables[name=mysql, port=3306, protocol=tcp]
+            sendmail-whois[name=MySQL, dest=root, sender=fail2ban@example.com]
+-logpath  = /var/log/mysqld.log
++logpath  = /var/log/mysql/mysqld.log
+ maxretry = 5
+ 
+ 
+@@ -610,7 +611,7 @@
+ enabled  = false
+ filter   = mysqld-auth
+ action   = iptables[name=mysql, port=3306, protocol=tcp]
+-logpath  = /var/log/daemon.log
++logpath  = /var/log/mysql/mysqld.log
+ maxretry = 5
+ 
+ 
+@@ -637,7 +638,7 @@
+ enabled  = false
+ filter   = sshd
+ action   = pf
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/messages
+ maxretry = 5
+ 
+ 
+@@ -723,7 +724,7 @@
+ enabled = false
+ filter  = dovecot
+ action  = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
+-logpath = /var/log/mail.log
++logpath = /var/log/mail
+ 
+ 
+ [dovecot-auth]
+@@ -731,7 +732,7 @@
+ enabled = false
+ filter  = dovecot
+ action  = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
+-logpath = /var/log/secure
++logpath = /var/log/mail
+ 
+ 
+ [solid-pop3d]
+@@ -739,7 +740,7 @@
+ enabled = false
+ filter  = solid-pop3d
+ action  = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
+-logpath = /var/log/mail.log
++logpath = /var/log/mail
+ 
+ 
+ [selinux-ssh]
+@@ -761,7 +762,7 @@
+ action   = iptables[name=SSH, port=ssh, protocol=tcp]
+            sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
+            blocklist_de[email="fail2ban@example.com", apikey="xxxxxx", service=%(filter)s]
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/messages
+ maxretry = 20
+ 
+ 

fail2ban.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Aug 20 15:44:54 UTC 2014 - jweberhofer@weberhofer.at
+
+- update to 0.8.14
+  * minor fixes for claimed Python 2.4 and 2.5 compatibility
+  * Handle case when inotify watch is auto deleted on file deletion to stop
+    error messages
+  * tests - fixed few "leaky" file descriptors when files were not closed while
+    being removed physically
+  * grep in mail*-whois-lines.conf now also matches end of line to work with
+    the recidive filter
+- add fail2ban-opensuse-locations.patch to fix default locations as suggested
+  in bnc#878028
+
 -------------------------------------------------------------------
 Wed Jun 25 15:13:37 UTC 2014 - lars@linux-schulserver.de
 

fail2ban.spec

@@ -17,14 +17,14 @@
 
 
 Name:           fail2ban
-Version:        0.8.13
+Version:        0.8.14
 Release:        0
 Url:            http://www.fail2ban.org/
 Summary:        Bans IP addresses that make too many authentication failures
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 
-Source0:        https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2
+Source0:        https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz
 %if 0%{?suse_version} < 1230
 # the init-script requires lsof
 Requires:       lsof
@@ -36,6 +36,8 @@ Source4:        %{name}.service
 Source5:        %{name}.tmpfiles
 Source6:        sfw-fail2ban.conf
 Source7:        f2b-restart.conf
+# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 jweberhofer@weberhoferat -- update default locations for logfiles
+Patch100:       fail2ban-opensuse-locations.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %if 0%{?suse_version} >= 1230
@@ -92,6 +94,7 @@ Just have to run the following command:
 
 %prep
 %setup
+%patch100 -p1
 # correct doc-path
 sed -i -e 's|/usr/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py