From 3394de9dad34f7488a2195c054127049948508484260de15f0a3a2c8f1fa866f Mon Sep 17 00:00:00 2001 From: Johannes Weberhofer Date: Thu, 6 Dec 2012 16:46:44 +0000 Subject: [PATCH] Accepting request 144432 from home:weberho:branches:security Upgraded to version 0.8.8 OBS-URL: https://build.opensuse.org/request/show/144432 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=27 --- fail2ban.changes | 38 ++++++++++++++++++++++++++++++++++++ fail2ban.spec | 2 +- fail2ban_0.8.7.1.orig.tar.gz | 3 --- fail2ban_0.8.8.orig.tar.gz | 3 +++ 4 files changed, 42 insertions(+), 4 deletions(-) delete mode 100644 fail2ban_0.8.7.1.orig.tar.gz create mode 100644 fail2ban_0.8.8.orig.tar.gz diff --git a/fail2ban.changes b/fail2ban.changes index 5c42d84..f6413ac 100644 --- a/fail2ban.changes +++ b/fail2ban.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Thu Dec 6 15:32:02 UTC 2012 - jweberhofer@weberhofer.at + +One of the important changes is escaping of the content -- so if you +crafted some custom action which uses it -- you must upgrade, or you +would be at a significant security risk. + +- Fixes: + Alan Jenkins + * [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid + banning due to misconfigured DNS. Close gh-64 + Yaroslav Halchenko + * [83109bc] IMPORTANT: escape the content of (if used in + custom action files) since its value could contain arbitrary + symbols. Thanks for discovery go to the NBS System security + team + * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close gh-83 + * [b159eab] do not enable pyinotify backend if pyinotify < 0.8.3 + * [37a2e59] store IP as a base, non-unicode str to avoid spurious messages + in the console. Close gh-91 + +- New features: + David Engeset + * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching + the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86 + +- Enhancements: + * [2d66f31] replaced uninformative "Invalid command" message with warning log + exception why command actually failed + * [958a1b0] improved failregex to "support" auth.backend = "htdigest" + * [9e7a3b7] until we make it proper module -- adjusted sys.path only if + system-wide run + * [f52ba99] downgraded "already banned" from WARN to INFO level. Closes gh-79 + * [f105379] added hints into the log on some failure return codes (e.g. 0x7f00 + for this gh-87) + * Various others: travis-ci integration, script to run tests + against all available Python versions, etc + ------------------------------------------------------------------- Mon Dec 3 16:06:56 UTC 2012 - jweberhofer@weberhofer.at diff --git a/fail2ban.spec b/fail2ban.spec index a25de6e..d3f128e 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -30,7 +30,7 @@ Requires: python-gamin %endif BuildRequires: python-devel PreReq: %fillup_prereq -Version: 0.8.7.1 +Version: 0.8.8 Release: 0 Url: http://www.fail2ban.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build diff --git a/fail2ban_0.8.7.1.orig.tar.gz b/fail2ban_0.8.7.1.orig.tar.gz deleted file mode 100644 index ccfb470..0000000 --- a/fail2ban_0.8.7.1.orig.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6805a6df1a4feee2ae6a04c6f41e7258f1ab2bccccb99c3e580a30de927df4f9 -size 121292 diff --git a/fail2ban_0.8.8.orig.tar.gz b/fail2ban_0.8.8.orig.tar.gz new file mode 100644 index 0000000..1007865 --- /dev/null +++ b/fail2ban_0.8.8.orig.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9e2aa437c4ef08bf2453877b3fc175722f263a6175ee25274d46425d510b1291 +size 124158