Accepting request 599594 from security

OBS-URL: https://build.opensuse.org/request/show/599594
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/fail2ban?expand=0&rev=53

fail2ban-0.10.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1c1a969137c56f7e8b90e5f14d78b80214d34d67209787bfddc8d5804ceb29cc
-size 474624

fail2ban-0.10.3.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7ee3fd0e94d58c94298718b25e6bcfa96932712b7aa683580e162403f68d40c8
+size 485803

fail2ban.changes

@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Sat Apr 21 06:02:12 UTC 2018 - jweberhofer@weberhofer.at
+
+- Updated to version 0.10.3.1. Changelog:
+  https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog
+
+  * fixed JSON serialization for the set-object within dump into database (gh-2103).
+
+- Updated to version 0.10.3. Changelog:
+  https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog
+
+- Fixes
+  * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060);
+  * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048);
+  * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069;
+  * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
+    - fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064);
+  * `filter.d/sshd.conf`:
+    - failregex got an optional space in order to match new log-format (see gh-2061);
+    - fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062);
+    - fixed root login refused regex (optional port before preauth, gh-2080);
+    - avoid banning of legitimate users when pam_unix used in combination with other password method, so
+      bypass pam_unix failures if accepted available for this user gh-2070;
+    - amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly);
+    - mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode
+      it counts failure on closing connection within preauth-stage (gh-2085);
+  * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101);
+  * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059);
+  * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066);
+  * (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054);
+
+- New Features
+  * several stability and performance optimizations, more effective filter parsing, etc;
+  * stable runnable within python versions 3.6 (as well as within 3.7-dev);
+
+- Enhancements
+  * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097);
+  * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073);
+  * date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029);
+  * possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038);
+    the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line,
+    e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line.
+  * badips.py now uses https instead of plain http when requesting badips.com (gh-2057);
+  * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
+  * Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG):
+    Usage `logtarget = target[padding=on|off]`
+
 -------------------------------------------------------------------
 Tue Feb 20 08:19:07 UTC 2018 - jweberhofer@weberhofer.at
 

fail2ban.spec

@@ -23,10 +23,10 @@
 
 %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:           fail2ban
-Version:        0.10.2
+Version:        0.10.3.1
 Release:        0
 Summary:        Bans IP addresses that make too many authentication failures
-License:        GPL-2.0+
+License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            http://www.fail2ban.org/
 Source0:        https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz