diff --git a/fail2ban-0.10.3.1.tar.gz b/fail2ban-0.10.3.1.tar.gz deleted file mode 100644 index e484d8a..0000000 --- a/fail2ban-0.10.3.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7ee3fd0e94d58c94298718b25e6bcfa96932712b7aa683580e162403f68d40c8 -size 485803 diff --git a/fail2ban-0.10.4.tar.gz b/fail2ban-0.10.4.tar.gz new file mode 100644 index 0000000..6e28089 --- /dev/null +++ b/fail2ban-0.10.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d6ca1bbc7e7944f7acb2ba7c1065953cd9837680bc4d175f30ed155c6a372449 +size 493064 diff --git a/fail2ban-0.10.4.tar.gz.asc b/fail2ban-0.10.4.tar.gz.asc new file mode 100644 index 0000000..730a4c0 --- /dev/null +++ b/fail2ban-0.10.4.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAlu15V0ACgkQaDvxvr0K +iCwh/gf+ITCZism2CR8z/G1tFNxIsvlGMvNKUEflbdoap+WzFQSiwSbY1YzAg5+j +ZfcCsVPF/1Rob6TomVTQPM39lKNwD135KfsqwG/YoAKHc+2fYQVLKycIgfxyvf2C +Z4UQQ8Ko++oBc2Iun8Gh9x3F1RNcH1hrhtDr1WxtpY9JJzy7QlEWuXbn3q/bHT6T +NQgxsZ74F7b3KCZcduGy17h5c0hWarSAZ1f8W7YWRNJuC7Bw4r1esQQIt0+IYn/d +f9islqxN01Baq6gWNYllqq4kkQCT/KxfzVsAO1RfHt0mIGcpaCkprgwUDyUhjdvP +3Cv2NtggXIOjVNLXOi0seDXhneFtAA== +=2jk9 +-----END PGP SIGNATURE----- diff --git a/fail2ban-opensuse-locations.patch b/fail2ban-opensuse-locations.patch index bc47236..a477437 100644 --- a/fail2ban-opensuse-locations.patch +++ b/fail2ban-opensuse-locations.patch @@ -2,7 +2,7 @@ Index: config/jail.conf =================================================================== --- config/jail.conf.orig +++ config/jail.conf -@@ -670,7 +670,7 @@ backend = %(syslog_backend)s +@@ -688,7 +688,7 @@ backend = %(syslog_backend)s # filter = named-refused # port = domain,953 # protocol = udp @@ -11,7 +11,7 @@ Index: config/jail.conf # IMPORTANT: see filter.d/named-refused for instructions to enable logging # This jail blocks TCP traffic for DNS requests. -@@ -678,7 +678,7 @@ backend = %(syslog_backend)s +@@ -696,7 +696,7 @@ backend = %(syslog_backend)s [named-refused] port = domain,953 @@ -24,7 +24,7 @@ Index: config/paths-common.conf =================================================================== --- config/paths-common.conf.orig +++ config/paths-common.conf -@@ -75,7 +75,7 @@ solidpop3d_log = %(syslog_local0)s +@@ -90,7 +90,7 @@ solidpop3d_log = %(syslog_local0)s mysql_log = %(syslog_daemon)s mysql_backend = %(default_backend)s diff --git a/fail2ban-opensuse-service.patch b/fail2ban-opensuse-service.patch index d44cafa..b3f68a1 100644 --- a/fail2ban-opensuse-service.patch +++ b/fail2ban-opensuse-service.patch @@ -1,6 +1,7 @@ -diff -ur fail2ban-0.10.2-orig/files/fail2ban.service.in fail2ban-0.10.2/files/fail2ban.service.in ---- fail2ban-0.10.2-orig/files/fail2ban.service.in 2018-01-18 14:49:01.000000000 +0100 -+++ fail2ban-0.10.2/files/fail2ban.service.in 2018-02-20 09:35:36.759476111 +0100 +Index: files/fail2ban.service.in +=================================================================== +--- files/fail2ban.service.in.orig ++++ files/fail2ban.service.in @@ -1,17 +1,18 @@ [Unit] Description=Fail2Ban Service diff --git a/fail2ban.changes b/fail2ban.changes index e387c23..b40406a 100644 --- a/fail2ban.changes +++ b/fail2ban.changes @@ -1,3 +1,53 @@ +------------------------------------------------------------------- +Sat Feb 16 22:28:49 UTC 2019 - chris@computersalat.de + +- ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four + * https://github.com/fail2ban/fail2ban/blob/0.10.4/ChangeLog + +- Fixes + * `filter.d/dovecot.conf`: + - failregex enhancement to catch sql password mismatch errors (gh-2153); + - disconnected with "proxy dest auth failed" (gh-2184); + * `filter.d/freeswitch.conf`: + - provide compatibility for log-format from gh-2193: + * extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover + `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional); + * more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter); + - extended with mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` + (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter + how to set it to mode `normal`. + * `filter.d/domino-smtp.conf`: + - recognizes failures logged using another format (something like session-id, IP enclosed in square brackets); + - failregex extended to catch connections rejected for policy reasons (gh-2228); + * `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters stating with '_' are protected + and don't allowed in command-actions), see gh-2114; + * decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171): + - fail2ban running in the preferred encoding now (as default encoding also within python 2.x), mostly + `UTF-8` in opposite to `ascii` previously, so minimizes influence of implicit conversions errors; + - actions: avoid possible conversion errors on wrong-chars by replace tags; + - database: improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database; + additionally both are exception-safe now, so avoid possible locking of database (closes gh-2137); + - logging in fail2ban is process-wide exception-safe now. + * repaired start-time of initial seek to time (as well as other log-parsing related data), + if parameter `logpath` specified before `findtime`, `backend`, `datepattern`, etc (gh-2173) + * systemd: fixed type error on option `journalflags`: an integer is required (gh-2125); + +- New Features + * new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`, + `ignoreself` and `ignorecommand`), see `man jail.conf` for syntax-example; + * `ignorecommand` extended to use actions-similar replacement (capable to interpolate + all possible tags like ``, ``, ``, `F-USER` etc.) + +- Enhancements + * `filter.d/dovecot.conf`: extended with tags F-USER (and alternatives) to collect user-logins (gh-2168) + * since v.0.10.4, fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info, + additionally option `-V` can be used to get version in normalized machine-readable short format. + +- rebase patches + * fail2ban-opensuse-locations.patch + * fail2ban-opensuse-service.patch +- add signature file + ------------------------------------------------------------------- Sat Apr 21 06:02:12 UTC 2018 - jweberhofer@weberhofer.at diff --git a/fail2ban.spec b/fail2ban.spec index e951d67..0ce47a7 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,7 +1,7 @@ # # spec file for package fail2ban # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,13 +23,14 @@ %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create} Name: fail2ban -Version: 0.10.3.1 +Version: 0.10.4 Release: 0 Summary: Bans IP addresses that make too many authentication failures License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.fail2ban.org/ -Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source0: https://github.com/fail2ban/fail2ban/archive/%{version}/%{name}-%{version}.tar.gz +Source1: https://github.com/fail2ban/fail2ban/releases/download/%{version}/%{name}-%{version}.tar.gz.asc Source2: %{name}.sysconfig Source3: %{name}.logrotate Source5: %{name}.tmpfiles @@ -127,7 +128,7 @@ sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py %patch100 -%patch101 -p1 +%patch101 %if 0%{?suse_version} < 1310 %patch200 -p1 %endif