Accepting request 676713 from home:computersalat:devel:security

Update to 0.10.4

OBS-URL: https://build.opensuse.org/request/show/676713
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=92

fail2ban-0.10.3.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7ee3fd0e94d58c94298718b25e6bcfa96932712b7aa683580e162403f68d40c8
-size 485803

fail2ban-0.10.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d6ca1bbc7e7944f7acb2ba7c1065953cd9837680bc4d175f30ed155c6a372449
+size 493064

fail2ban-0.10.4.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAlu15V0ACgkQaDvxvr0K
+iCwh/gf+ITCZism2CR8z/G1tFNxIsvlGMvNKUEflbdoap+WzFQSiwSbY1YzAg5+j
+ZfcCsVPF/1Rob6TomVTQPM39lKNwD135KfsqwG/YoAKHc+2fYQVLKycIgfxyvf2C
+Z4UQQ8Ko++oBc2Iun8Gh9x3F1RNcH1hrhtDr1WxtpY9JJzy7QlEWuXbn3q/bHT6T
+NQgxsZ74F7b3KCZcduGy17h5c0hWarSAZ1f8W7YWRNJuC7Bw4r1esQQIt0+IYn/d
+f9islqxN01Baq6gWNYllqq4kkQCT/KxfzVsAO1RfHt0mIGcpaCkprgwUDyUhjdvP
+3Cv2NtggXIOjVNLXOi0seDXhneFtAA==
+=2jk9
+-----END PGP SIGNATURE-----

fail2ban-opensuse-locations.patch

@@ -2,7 +2,7 @@ Index: config/jail.conf
 ===================================================================
 --- config/jail.conf.orig
 +++ config/jail.conf
-@@ -670,7 +670,7 @@ backend = %(syslog_backend)s
+@@ -688,7 +688,7 @@ backend = %(syslog_backend)s
  # filter   = named-refused
  # port     = domain,953
  # protocol = udp
@@ -11,7 +11,7 @@ Index: config/jail.conf
  
  # IMPORTANT: see filter.d/named-refused for instructions to enable logging
  # This jail blocks TCP traffic for DNS requests.
-@@ -678,7 +678,7 @@ backend = %(syslog_backend)s
+@@ -696,7 +696,7 @@ backend = %(syslog_backend)s
  [named-refused]
  
  port     = domain,953
@@ -24,7 +24,7 @@ Index: config/paths-common.conf
 ===================================================================
 --- config/paths-common.conf.orig
 +++ config/paths-common.conf
-@@ -75,7 +75,7 @@ solidpop3d_log = %(syslog_local0)s
+@@ -90,7 +90,7 @@ solidpop3d_log = %(syslog_local0)s
  mysql_log = %(syslog_daemon)s
  mysql_backend = %(default_backend)s
  

fail2ban-opensuse-service.patch

@@ -1,6 +1,7 @@
-diff -ur fail2ban-0.10.2-orig/files/fail2ban.service.in fail2ban-0.10.2/files/fail2ban.service.in
---- fail2ban-0.10.2-orig/files/fail2ban.service.in	2018-01-18 14:49:01.000000000 +0100
-+++ fail2ban-0.10.2/files/fail2ban.service.in	2018-02-20 09:35:36.759476111 +0100
+Index: files/fail2ban.service.in
+===================================================================
+--- files/fail2ban.service.in.orig
++++ files/fail2ban.service.in
 @@ -1,17 +1,18 @@
  [Unit]
  Description=Fail2Ban Service

fail2ban.changes

@@ -1,3 +1,53 @@
+-------------------------------------------------------------------
+Sat Feb 16 22:28:49 UTC 2019 - chris@computersalat.de
+
+- ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four
+  * https://github.com/fail2ban/fail2ban/blob/0.10.4/ChangeLog
+
+- Fixes
+  * `filter.d/dovecot.conf`: 
+    - failregex enhancement to catch sql password mismatch errors (gh-2153);
+    - disconnected with "proxy dest auth failed" (gh-2184);
+  * `filter.d/freeswitch.conf`:
+    - provide compatibility for log-format from gh-2193:
+      * extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
+        `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
+      * more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
+    - extended with mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)`
+      (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter
+      how to set it to mode `normal`.
+  * `filter.d/domino-smtp.conf`:
+    - recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
+    - failregex extended to catch connections rejected for policy reasons (gh-2228);
+  * `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters stating with '_' are protected 
+    and don't allowed in command-actions), see gh-2114;
+  * decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171):
+    - fail2ban running in the preferred encoding now (as default encoding also within python 2.x), mostly
+      `UTF-8` in opposite to `ascii` previously, so minimizes influence of implicit conversions errors;
+    - actions: avoid possible conversion errors on wrong-chars by replace tags;
+    - database: improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database;
+      additionally both are exception-safe now, so avoid possible locking of database (closes gh-2137);
+    - logging in fail2ban is process-wide exception-safe now.
+  * repaired start-time of initial seek to time (as well as other log-parsing related data), 
+    if parameter `logpath` specified before `findtime`, `backend`, `datepattern`, etc (gh-2173)
+  * systemd: fixed type error on option `journalflags`: an integer is required (gh-2125);
+
+- New Features
+  * new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`, 
+    `ignoreself` and `ignorecommand`), see `man jail.conf` for syntax-example;
+  * `ignorecommand` extended to use actions-similar replacement (capable to interpolate 
+    all possible tags like `<ip-host>`, `<family>`, `<fid>`, `F-USER` etc.)
+
+- Enhancements
+  * `filter.d/dovecot.conf`: extended with tags F-USER (and alternatives) to collect user-logins (gh-2168)
+  * since v.0.10.4, fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info,
+    additionally option `-V` can be used to get version in normalized machine-readable short format.
+
+- rebase patches
+  * fail2ban-opensuse-locations.patch
+  * fail2ban-opensuse-service.patch
+- add signature file
+
 -------------------------------------------------------------------
 Sat Apr 21 06:02:12 UTC 2018 - jweberhofer@weberhofer.at
 

fail2ban.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -23,13 +23,14 @@
 
 %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:           fail2ban
-Version:        0.10.3.1
+Version:        0.10.4
 Release:        0
 Summary:        Bans IP addresses that make too many authentication failures
 License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Url:            http://www.fail2ban.org/
-Source0:        https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:        https://github.com/fail2ban/fail2ban/archive/%{version}/%{name}-%{version}.tar.gz
+Source1:        https://github.com/fail2ban/fail2ban/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
 Source2:        %{name}.sysconfig
 Source3:        %{name}.logrotate
 Source5:        %{name}.tmpfiles
@@ -127,7 +128,7 @@ sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
 sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py
 
 %patch100
-%patch101 -p1
+%patch101
 %if 0%{?suse_version} < 1310
 %patch200 -p1
 %endif