From 7b7f0beacb393da9964bee3f294a8e527b15e30069eb4463554c2111205f439c Mon Sep 17 00:00:00 2001
From: Johannes Weberhofer <jweberhofer@weberhofer.at>
Date: Tue, 27 Jun 2017 04:04:17 +0000
Subject: [PATCH] Accepting request 506341 from home:weberho:branches:security

- added 1783.patch from upstream: "Updated roundcube authentication filter"
- use tmpfiles_create macro

OBS-URL: https://build.opensuse.org/request/show/506341
OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=81
---
 1783.patch       | 50 ++++++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.changes |  6 ++++++
 fail2ban.spec    |  9 ++++++++-
 3 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 1783.patch

diff --git a/1783.patch b/1783.patch
new file mode 100644
index 0000000..bceea22
--- /dev/null
+++ b/1783.patch
@@ -0,0 +1,50 @@
+diff -ur fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf fail2ban-0.9.7/config/filter.d/roundcube-auth.conf
+--- fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf	2017-05-11 03:38:57.000000000 +0200
++++ fail2ban-0.9.7/config/filter.d/roundcube-auth.conf	2017-06-26 16:57:15.171337942 +0200
+@@ -7,16 +7,30 @@
+ # The logpath in your jail can be updated to userlogins if you wish
+ #
+ 
++
++[Definition]
++# Fail2Ban configuration file for roundcube web server authentication failures
++#
++# When you enable systemd-logging, this filter needs "$config['log_driver']" set 
++# to "syslog" in the roundcube configuration
++#
++
+ [INCLUDES]
+ 
+ before = common.conf
+ 
+ [Definition]
+ 
+-failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
+-            ^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$
++prefregex = ^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP Error)?:
++
++failregex = %(prefregex)s (?:FAILED login|Login failed) for (?P<user>.*) from <HOST>(\. (?:(?! from ).)*(?: user=(?P=user))? in \S+\.php on line \d+ \(\S+ \S+\))?$
++	    %(prefregex)s (?:<[\w]+> )?Failed login for (?P<user>.*) from <HOST> in session \w+( \(error: \d\))?$
++
++ignoreregex =
++
++[Init]
++journalmatch = SYSLOG_IDENTIFIER=roundcube
+ 
+-ignoreregex = 
+ # DEV Notes:
+ #
+ # Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
+diff -ur fail2ban-0.9.7-orig/config/jail.conf fail2ban-0.9.7/config/jail.conf
+--- fail2ban-0.9.7-orig/config/jail.conf	2017-05-11 03:38:57.000000000 +0200
++++ fail2ban-0.9.7/config/jail.conf	2017-06-26 10:37:10.200062390 +0200
+@@ -379,7 +379,8 @@
+ 
+ port     = http,https
+ logpath  = %(roundcube_errors_log)s
+-
++# Use following line in your jail.local if roundcube logs to journal.
++#backend = %(syslog_backend)s
+ 
+ [openwebmail]
+ 
diff --git a/fail2ban.changes b/fail2ban.changes
index 9758e20..00256cf 100644
--- a/fail2ban.changes
+++ b/fail2ban.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jun 26 07:23:57 UTC 2017 - jweberhofer@weberhofer.at
+
+- added 1783.patch from upstream: "Updated roundcube authentication filter"
+- use tmpfiles_create macro
+
 -------------------------------------------------------------------
 Mon May 15 12:11:23 UTC 2017 - jweberhofer@weberhofer.at
 
diff --git a/fail2ban.spec b/fail2ban.spec
index 6837371..f085075 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -16,6 +16,7 @@
 #
 
 
+%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:           fail2ban
 Version:        0.9.7
 Release:        0
@@ -39,6 +40,8 @@ Patch100:       %{name}-opensuse-locations.patch
 Patch101:       %{name}-opensuse-service.patch
 # PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberhofer@weberhofer.at -- Postfix RBL: 554 & SMTP
 Patch102:       607568f.patch
+# PATCH-UPSTREAM 1783.patch jweberhofer@weberhofer.at -- Updated roundcube authentication filter
+Patch103:       1783.patch
 # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch jweberhofer@weberhofer.at -- disable iptables "-w" option for older releases
 Patch200:       %{name}-disable-iptables-w-option.patch
 BuildRequires:  fdupes
@@ -119,9 +122,13 @@ install -m644 %{SOURCE8} config/paths-opensuse.conf
 # Use openSUSE paths
 sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
 
+# Remove shebang
+sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py
+
 %patch100
 %patch101
 %patch102 -p1
+%patch103 -p1
 %if 0%{?suse_version} < 1310
 %patch200 -p1
 %endif
@@ -224,7 +231,7 @@ export LANG=en_US.UTF-8
 %post
 %fillup_only
 %if 0%{?suse_version} >= 1230
-systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
 # The next line is not workin in Leap 42.1, so keep the old way
 #%%tmpfiles_create %%{_tmpfilesdir}/%%{name}.conf
 %service_add_post %{name}.service