Accepting request 676713 from home:computersalat:devel:security

Update to 0.10.4

OBS-URL: https://build.opensuse.org/request/show/676713
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=92

fail2ban.changes

@@ -1,3 +1,53 @@
+-------------------------------------------------------------------
+Sat Feb 16 22:28:49 UTC 2019 - chris@computersalat.de
+
+- ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four
+  * https://github.com/fail2ban/fail2ban/blob/0.10.4/ChangeLog
+
+- Fixes
+  * `filter.d/dovecot.conf`: 
+    - failregex enhancement to catch sql password mismatch errors (gh-2153);
+    - disconnected with "proxy dest auth failed" (gh-2184);
+  * `filter.d/freeswitch.conf`:
+    - provide compatibility for log-format from gh-2193:
+      * extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
+        `YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
+      * more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
+    - extended with mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)`
+      (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter
+      how to set it to mode `normal`.
+  * `filter.d/domino-smtp.conf`:
+    - recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
+    - failregex extended to catch connections rejected for policy reasons (gh-2228);
+  * `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters stating with '_' are protected 
+    and don't allowed in command-actions), see gh-2114;
+  * decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171):
+    - fail2ban running in the preferred encoding now (as default encoding also within python 2.x), mostly
+      `UTF-8` in opposite to `ascii` previously, so minimizes influence of implicit conversions errors;
+    - actions: avoid possible conversion errors on wrong-chars by replace tags;
+    - database: improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database;
+      additionally both are exception-safe now, so avoid possible locking of database (closes gh-2137);
+    - logging in fail2ban is process-wide exception-safe now.
+  * repaired start-time of initial seek to time (as well as other log-parsing related data), 
+    if parameter `logpath` specified before `findtime`, `backend`, `datepattern`, etc (gh-2173)
+  * systemd: fixed type error on option `journalflags`: an integer is required (gh-2125);
+
+- New Features
+  * new option `ignorecache` to improve performance of ignore failure check (using caching of `ignoreip`, 
+    `ignoreself` and `ignorecommand`), see `man jail.conf` for syntax-example;
+  * `ignorecommand` extended to use actions-similar replacement (capable to interpolate 
+    all possible tags like `<ip-host>`, `<family>`, `<fid>`, `F-USER` etc.)
+
+- Enhancements
+  * `filter.d/dovecot.conf`: extended with tags F-USER (and alternatives) to collect user-logins (gh-2168)
+  * since v.0.10.4, fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info,
+    additionally option `-V` can be used to get version in normalized machine-readable short format.
+
+- rebase patches
+  * fail2ban-opensuse-locations.patch
+  * fail2ban-opensuse-service.patch
+- add signature file
+
 -------------------------------------------------------------------
 Sat Apr 21 06:02:12 UTC 2018 - jweberhofer@weberhofer.at