Accepting request 452855 from home:computersalat:devel:security

update to 0.9.6

OBS-URL: https://build.opensuse.org/request/show/452855
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=75

fail2ban.changes

@@ -1,3 +1,78 @@
+-------------------------------------------------------------------
+Thu Jan 26 23:16:49 UTC 2017 - chris@computersalat.de
+
+- Update to 0.9.6 (2016/12/10)
+
+### Fixes
+* Misleading add resp. enable of (already available) jail in database, that
+  induced a subsequent error: last position of log file will be never retrieved (gh-795)
+* Fixed a distribution related bug within testReadStockJailConfForceEnabled
+  (e.g. test-cases faults on Fedora, see gh-1353)
+* Fixed pythonic filters and test scripts (running via wrong python version,
+  uses "fail2ban-python" now);
+* Fixed test case "testSetupInstallRoot" for not default python version (also
+  using direct call, out of virtualenv);
+* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
+* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
+* Monit config: scripting is not supported in path (gh-1556)
+* `filter.d/apache-modsecurity.conf`
+    - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all
+      replaced for safer match, unneeded catch-all anchoring removed, non-capturing
+* `filter.d/asterisk.conf`
+    - Fixed to match different asterisk log prefix (source file: method:)
+* `filter.d/dovecot.conf`
+    - Fixed failregex ignores failures through some not relevant info (gh-1623)
+* `filter.d/ignorecommands/apache-fakegooglebot`
+    - Fixed error within apache-fakegooglebot, that will be called
+      with wrong python version (gh-1506)
+* `filter.d/assp.conf`
+    - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
+* `filter.d/postfix-sasl.conf`
+    - Allow for having no trailing space after 'failed:' (gh-1497)
+* `filter.d/vsftpd.conf`
+    - Optional reason part in message after FAIL LOGIN (gh-1543)
+* `filter.d/sendmail-reject.conf`
+    - removed mandatory double space (if dns-host available, gh-1579)
+* filter.d/sshd.conf
+    - recognized "Failed publickey for" (gh-1477);
+    - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
+    - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
+    - optional port part after host (see gh-1533, gh-1581)
+
+### New Features
+* New Actions:
+    - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
+* New Filters:
+    - `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine)
+      (gh-1586, gh-1606 and gh-1607)
+
+### Enhancements
+* DateTemplate regexp extended with the word-end boundary, additionally to
+  word-start boundary
+* Introduces new command "fail2ban-python", as automatically created symlink to
+  python executable, where fail2ban currently installed (resp. its modules are located):
+    - allows to use the same version, fail2ban currently running, e.g. in
+      external scripts just via replace python with fail2ban-python:
+      ```diff
+      -#!/usr/bin/env python
+      +#!/usr/bin/env fail2ban-python
+      ```
+    - always the same pickle protocol
+    - the same (and also guaranteed available) fail2ban modules
+    - simplified stand-alone install, resp. stand-alone installation possibility
+      via setup (like gh-1487) is getting closer
+* Several test cases rewritten using new methods assertIn, assertNotIn
+* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
+  Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged
+  are test covered now
+* Jail configuration extended with new syntax to pass options to the backend (see gh-1408),
+  examples:
+    - `backend = systemd[journalpath=/run/log/journal/machine-1]`
+    - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
+    - `backend = systemd[journalflags=2]`
+
+- rebase fail2ban-opensuse-locations.patch, fail2ban-opensuse-service.patch
+
 -------------------------------------------------------------------
 Mon Jul 25 13:43:18 UTC 2016 - jweberhofer@weberhofer.at