Accepting request 599593 from home:weberho:branches:security

- Updated to version 0.10.3.1. Changelog:
  https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog
  * fixed JSON serialization for the set-object within dump into database (gh-2103).
- Updated to version 0.10.3. Changelog:
  https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog
- Fixes
  * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060);
  * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048);
  * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069;
  * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
    - fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064);
  * `filter.d/sshd.conf`:
    - failregex got an optional space in order to match new log-format (see gh-2061);
    - fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062);
    - fixed root login refused regex (optional port before preauth, gh-2080);
    - avoid banning of legitimate users when pam_unix used in combination with other password method, so
      bypass pam_unix failures if accepted available for this user gh-2070;
    - amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly);
    - mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode
      it counts failure on closing connection within preauth-stage (gh-2085);
  * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101);
  * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059);
  * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066);
  * (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054);
- New Features
  * several stability and performance optimizations, more effective filter parsing, etc;
  * stable runnable within python versions 3.6 (as well as within 3.7-dev);
- Enhancements
  * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097);
  * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073);
  * date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029);
  * possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038);
    the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line,
    e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line.
  * badips.py now uses https instead of plain http when requesting badips.com (gh-2057);
  * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
  * Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG):
    Usage `logtarget = target[padding=on|off]`

OBS-URL: https://build.opensuse.org/request/show/599593
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=90
This commit is contained in:
Johannes Weberhofer 2018-04-21 11:24:52 +00:00 committed by Git OBS Bridge
parent 68abb5fa88
commit a495133311
4 changed files with 52 additions and 5 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1c1a969137c56f7e8b90e5f14d78b80214d34d67209787bfddc8d5804ceb29cc
size 474624

3
fail2ban-0.10.3.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7ee3fd0e94d58c94298718b25e6bcfa96932712b7aa683580e162403f68d40c8
size 485803

View File

@ -1,3 +1,50 @@
-------------------------------------------------------------------
Sat Apr 21 06:02:12 UTC 2018 - jweberhofer@weberhofer.at
- Updated to version 0.10.3.1. Changelog:
https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog
* fixed JSON serialization for the set-object within dump into database (gh-2103).
- Updated to version 0.10.3. Changelog:
https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog
- Fixes
* `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060);
* `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048);
* `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069;
* `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
- fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064);
* `filter.d/sshd.conf`:
- failregex got an optional space in order to match new log-format (see gh-2061);
- fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062);
- fixed root login refused regex (optional port before preauth, gh-2080);
- avoid banning of legitimate users when pam_unix used in combination with other password method, so
bypass pam_unix failures if accepted available for this user gh-2070;
- amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly);
- mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode
it counts failure on closing connection within preauth-stage (gh-2085);
* `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101);
* `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059);
* `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066);
* (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054);
- New Features
* several stability and performance optimizations, more effective filter parsing, etc;
* stable runnable within python versions 3.6 (as well as within 3.7-dev);
- Enhancements
* `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097);
* `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073);
* date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029);
* possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038);
the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line,
e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line.
* badips.py now uses https instead of plain http when requesting badips.com (gh-2057);
* add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
* Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG):
Usage `logtarget = target[padding=on|off]`
-------------------------------------------------------------------
Tue Feb 20 08:19:07 UTC 2018 - jweberhofer@weberhofer.at

View File

@ -23,10 +23,10 @@
%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
Name: fail2ban
Version: 0.10.2
Version: 0.10.3.1
Release: 0
Summary: Bans IP addresses that make too many authentication failures
License: GPL-2.0+
License: GPL-2.0-or-later
Group: Productivity/Networking/Security
Url: http://www.fail2ban.org/
Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz