Accepting request 807912 from home:polslinux:branches:security

- Update to 0.11.1:
  * Increment ban time (+ observer) functionality introduced.
  * Database functionality extended with bad ips.
  * New tags (usable in actions):
    - `<bancount>` - ban count of this offender if known as bad
      (started by 1 for unknown)
    - `<bantime>` - current ban-time of the ticket
      (prolongation can be retarded up to 10 sec.)
  * Introduced new action command `actionprolong` to prolong ban-time
    (e. g. set new timeout if expected);
  * algorithm of restore current bans after restart changed:
    update the restored ban-time (and therefore 
    end of ban) of the ticket with ban-time of jail (as maximum),
    for all tickets with ban-time greater (or persistent)
  * added new setup-option `--without-tests` to skip building
    and installing of tests files (gh-2287).
  * added new command `fail2ban-client get <JAIL> banip ?sep-char|--with-time?`
    to get the banned ip addresses (gh-1916).
  * purge database will be executed now (within observer).
   restoring currently banned ip after service restart fixed
    (now < timeofban + bantime), ignore old log failures (already banned)
  * upgrade database: update new created table `bips` with entries
    from table `bans` (allows restore current bans after
    upgrade from version <= 0.10)

OBS-URL: https://build.opensuse.org/request/show/807912
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=100

fail2ban-0.10.4.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d6ca1bbc7e7944f7acb2ba7c1065953cd9837680bc4d175f30ed155c6a372449
-size 493064

fail2ban-0.10.4.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAlu15V0ACgkQaDvxvr0K
-iCwh/gf+ITCZism2CR8z/G1tFNxIsvlGMvNKUEflbdoap+WzFQSiwSbY1YzAg5+j
-ZfcCsVPF/1Rob6TomVTQPM39lKNwD135KfsqwG/YoAKHc+2fYQVLKycIgfxyvf2C
-Z4UQQ8Ko++oBc2Iun8Gh9x3F1RNcH1hrhtDr1WxtpY9JJzy7QlEWuXbn3q/bHT6T
-NQgxsZ74F7b3KCZcduGy17h5c0hWarSAZ1f8W7YWRNJuC7Bw4r1esQQIt0+IYn/d
-f9islqxN01Baq6gWNYllqq4kkQCT/KxfzVsAO1RfHt0mIGcpaCkprgwUDyUhjdvP
-3Cv2NtggXIOjVNLXOi0seDXhneFtAA==
-=2jk9
------END PGP SIGNATURE-----

fail2ban-0.11.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:71d2a52b66bb0f87ac3812246bdd3819ec561913cd44afd39130a342f043aa6d
+size 538660

fail2ban-0.11.1.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAl4Z0VwACgkQaDvxvr0K
+iCwvyQf/WMmE8sJLQYA/mfKkVIRA/2GAsvq44hQD+/DghIU/My5RKfWtjSZO+/II
+Tg31w63CQ619PLtf/IKLa2CpckKs5v1IIB6nunjU4Q/jKjruA6kOALAgwMlA0Ymf
+HnaFIW4AheXk+DGErLOPwPHWtk2skZI9hAjzuqYc6Ig4Z30dSqmBgxb7UmVRxjba
+J8n5DWA2W4VAAb9gBiL6RsBVBPRNPZhiw1Y+ejUWzqD3mqnc0tgJnVfpb5GvG+Xc
+4kUEiZb822Phw/vwyBycAhYthNAcVEWI5BIoEFbkYmCe7z7TWsQGLpuJNIT2heSC
+mzGOdU0MCwxNCy9/RGSAdctlAi+cFg==
+=6cDo
+-----END PGP SIGNATURE-----

fail2ban-opensuse-service.patch

@@ -1,21 +1,23 @@
-diff -ur fail2ban-0.10.4-orig/files/fail2ban.service.in fail2ban-0.10.4/files/fail2ban.service.in
---- fail2ban-0.10.4-orig/files/fail2ban.service.in	2018-10-04 11:26:22.000000000 +0200
-+++ fail2ban-0.10.4/files/fail2ban.service.in	2019-08-12 11:17:34.929129813 +0200
-@@ -6,12 +6,13 @@
+--- a/files/fail2ban.service.in	2020-01-11 11:01:00.000000000 +0100
++++ b/files/fail2ban.service.in	2020-05-21 09:48:12.049645909 +0200
+@@ -6,13 +6,14 @@
  
  [Service]
  Type=simple
-+EnvironmentFile=-/etc/sysconfig/fail2ban
- ExecStartPre=/bin/mkdir -p /var/run/fail2ban
+-ExecStartPre=/bin/mkdir -p /run/fail2ban
 -ExecStart=@BINDIR@/fail2ban-server -xf start
++EnvironmentFile=-/etc/sysconfig/fail2ban
++ExecStartPre=/bin/mkdir -p /var/run/fail2ban
 +ExecStart=/usr/bin/fail2ban-server -xf $FAIL2BAN_OPTIONS start
  # if should be logged in systemd journal, use following line or set logtarget to sysout in fail2ban.local
 -# ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=sysout start
 -ExecStop=@BINDIR@/fail2ban-client stop
 -ExecReload=@BINDIR@/fail2ban-client reload
+-PIDFile=/run/fail2ban/fail2ban.pid
 +# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
 +ExecStop=/usr/bin/fail2ban-client stop
 +ExecReload=/usr/bin/fail2ban-client reload
- PIDFile=/var/run/fail2ban/fail2ban.pid
++PIDFile=/var/run/fail2ban/fail2ban.pid
  Restart=on-failure
  RestartPreventExitStatus=0 255
+ 

fail2ban.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Thu May 21 07:49:38 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 0.11.1:
+  * Increment ban time (+ observer) functionality introduced.
+  * Database functionality extended with bad ips.
+  * New tags (usable in actions):
+    - `<bancount>` - ban count of this offender if known as bad
+      (started by 1 for unknown)
+    - `<bantime>` - current ban-time of the ticket
+      (prolongation can be retarded up to 10 sec.)
+  * Introduced new action command `actionprolong` to prolong ban-time
+    (e. g. set new timeout if expected);
+  * algorithm of restore current bans after restart changed:
+    update the restored ban-time (and therefore 
+    end of ban) of the ticket with ban-time of jail (as maximum),
+    for all tickets with ban-time greater (or persistent)
+  * added new setup-option `--without-tests` to skip building
+    and installing of tests files (gh-2287).
+  * added new command `fail2ban-client get <JAIL> banip ?sep-char|--with-time?`
+    to get the banned ip addresses (gh-1916).
+  * purge database will be executed now (within observer).
+   restoring currently banned ip after service restart fixed
+    (now < timeofban + bantime), ignore old log failures (already banned)
+  * upgrade database: update new created table `bips` with entries
+    from table `bans` (allows restore current bans after
+    upgrade from version <= 0.10)
+
 -------------------------------------------------------------------
 Thu Jan  9 14:06:14 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
 

fail2ban.spec

@@ -22,7 +22,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           fail2ban
-Version:        0.10.4
+Version:        0.11.1
 Release:        0
 Summary:        Bans IP addresses that make too many authentication failures
 License:        GPL-2.0-or-later