commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2020-08-20 22:35:29

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new.3399 (New)


Package is "fail2ban"

Thu Aug 20 22:35:29 2020 rev:59 rq:828242 version:0.11.1

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2020-05-26 
17:21:27.252250052 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.3399/fail2ban.changes  
2020-08-20 22:35:41.184173674 +0200
@@ -1,0 +2,5 @@
+Wed Aug 19 09:04:12 UTC 2020 - Dominique Leuenberger 
+
+- Use %{_tmpfilesdir} consistently throughout the .spec.
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.pHqgjm/_old  2020-08-20 22:35:42.288174180 +0200
+++ /var/tmp/diff_new_pack.pHqgjm/_new  2020-08-20 22:35:42.292174182 +0200
@@ -183,8 +183,8 @@
 install -d -m 755 %{buildroot}%{_unitdir}
 install -p -m 644 files/%{name}.service.in 
%{buildroot}%{_unitdir}/%{name}.service
 
-install -d -m 755 %{buildroot}%{_libexecdir}/tmpfiles.d/
-install -p -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
+install -d -m 755 %{buildroot}%{_tmpfilesdir}
+install -p -m 644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/%{name}.conf
 
 ln -sf service %{buildroot}%{_sbindir}/rc%{name}
 

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2020-05-26 17:21:12

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new.2738 (New)


Package is "fail2ban"

Tue May 26 17:21:12 2020 rev:58 rq:808030 version:0.11.1

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2020-01-10 
17:50:34.914123884 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.2738/fail2ban.changes  
2020-05-26 17:21:27.252250052 +0200
@@ -1,0 +2,28 @@
+Thu May 21 07:49:38 UTC 2020 - Paolo Stivanin 
+
+- Update to 0.11.1:
+  * Increment ban time (+ observer) functionality introduced.
+  * Database functionality extended with bad ips.
+  * New tags (usable in actions):
+- `` - ban count of this offender if known as bad
+  (started by 1 for unknown)
+- `` - current ban-time of the ticket
+  (prolongation can be retarded up to 10 sec.)
+  * Introduced new action command `actionprolong` to prolong ban-time
+(e. g. set new timeout if expected);
+  * algorithm of restore current bans after restart changed:
+update the restored ban-time (and therefore 
+end of ban) of the ticket with ban-time of jail (as maximum),
+for all tickets with ban-time greater (or persistent)
+  * added new setup-option `--without-tests` to skip building
+and installing of tests files (gh-2287).
+  * added new command `fail2ban-client get  banip ?sep-char|--with-time?`
+to get the banned ip addresses (gh-1916).
+  * purge database will be executed now (within observer).
+   restoring currently banned ip after service restart fixed
+(now < timeofban + bantime), ignore old log failures (already banned)
+  * upgrade database: update new created table `bips` with entries
+from table `bans` (allows restore current bans after
+upgrade from version <= 0.10)
+
+---

Old:

  fail2ban-0.10.4.tar.gz
  fail2ban-0.10.4.tar.gz.asc

New:

  fail2ban-0.11.1.tar.gz
  fail2ban-0.11.1.tar.gz.asc



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.fUZTrB/_old  2020-05-26 17:21:28.076251824 +0200
+++ /var/tmp/diff_new_pack.fUZTrB/_new  2020-05-26 17:21:28.080251833 +0200
@@ -22,7 +22,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:   fail2ban
-Version:0.10.4
+Version:0.11.1
 Release:0
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0-or-later

++ fail2ban-0.10.4.tar.gz -> fail2ban-0.11.1.tar.gz ++
 12495 lines of diff (skipped)

++ fail2ban-opensuse-service.patch ++
--- /var/tmp/diff_new_pack.fUZTrB/_old  2020-05-26 17:21:28.308252323 +0200
+++ /var/tmp/diff_new_pack.fUZTrB/_new  2020-05-26 17:21:28.312252331 +0200
@@ -1,21 +1,23 @@
-diff -ur fail2ban-0.10.4-orig/files/fail2ban.service.in 
fail2ban-0.10.4/files/fail2ban.service.in
 fail2ban-0.10.4-orig/files/fail2ban.service.in 2018-10-04 
11:26:22.0 +0200
-+++ fail2ban-0.10.4/files/fail2ban.service.in  2019-08-12 11:17:34.929129813 
+0200
-@@ -6,12 +6,13 @@
+--- a/files/fail2ban.service.in2020-01-11 11:01:00.0 +0100
 b/files/fail2ban.service.in2020-05-21 09:48:12.049645909 +0200
+@@ -6,13 +6,14 @@
  
  [Service]
  Type=simple
-+EnvironmentFile=-/etc/sysconfig/fail2ban
- ExecStartPre=/bin/mkdir -p /var/run/fail2ban
+-ExecStartPre=/bin/mkdir -p /run/fail2ban
 -ExecStart=@BINDIR@/fail2ban-server -xf start
++EnvironmentFile=-/etc/sysconfig/fail2ban
++ExecStartPre=/bin/mkdir -p /var/run/fail2ban
 +ExecStart=/usr/bin/fail2ban-server -xf $FAIL2BAN_OPTIONS start
  # if should be logged in systemd journal, use following line or set logtarget 
to sysout in fail2ban.local
 -# ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=sysout start
 -ExecStop=@BINDIR@/fail2ban-client stop
 -ExecReload=@BINDIR@/fail2ban-client reload
+-PIDFile=/run/fail2ban/fail2ban.pid
 +# ExecStart=/usr/bin/fail2ban-server -xf --logtarget=sysout start
 +ExecStop=/usr/bin/fail2ban-client stop
 +ExecReload=/usr/bin/fail2ban-client reload
- PIDFile=/var/run/fail2ban/fail2ban.pid
++PIDFile=/var/run/fail2ban/fail2ban.pid
  Restart=on-failure
  RestartPreventExitStatus=0 255
+ 

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2020-01-10 17:50:16

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new.6675 (New)


Package is "fail2ban"

Fri Jan 10 17:50:16 2020 rev:57 rq:762815 version:0.10.4

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2019-08-13 
13:23:16.249386705 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.6675/fail2ban.changes  
2020-01-10 17:50:34.914123884 +0100
@@ -1,0 +2,9 @@
+Thu Jan  9 14:06:14 UTC 2020 - Dominique Leuenberger 
+
+- Switch to use python3 (upstream supported):
+  + BuildRequire python3-tools instead of python-devel (for the
+2to3 tool).
+  + Drop the python-gamin dependency.
+  + Replace all python-FOO deps for their python3-FOO counterpart.
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.ianfNy/_old  2020-01-10 17:50:36.166123660 +0100
+++ /var/tmp/diff_new_pack.ianfNy/_new  2020-01-10 17:50:36.170123660 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -53,23 +53,23 @@
 Patch300:   fail2ban-opensuse-service-sfw.patch
 BuildRequires:  fdupes
 BuildRequires:  logrotate
-BuildRequires:  python-devel
+BuildRequires:  python3-tools
 # timezone package is required to run the tests
 BuildRequires:  timezone
 Requires:   cron
 Requires:   ed
 Requires:   iptables
 Requires:   logrotate
-Requires:   python >= 2.6
+Requires:   python3 >= 3.2
 Requires:   whois
 %if 0%{?suse_version} != 1110
 BuildArch:  noarch
 %endif
 %if 0%{?suse_version} >= 1230
 # systemd
-BuildRequires:  python-systemd
+BuildRequires:  python3-systemd
 BuildRequires:  pkgconfig(systemd)
-Requires:   python-systemd
+Requires:   python3-systemd
 Requires:   systemd > 204
 %{?systemd_requires}
 %else
@@ -78,11 +78,8 @@
 Requires:   syslog
 %endif
 %if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010  && 
0%{?suse_version} != 1110 && 0%{?suse_version} != 1315
-BuildRequires:  python-pyinotify >= 0.8.3
-Requires:   python-pyinotify >= 0.8.3
-%endif
-%if 0%{?suse_version} >= 1220
-Requires:   python-gamin >= 0.0.21
+BuildRequires:  python3-pyinotify >= 0.8.3
+Requires:   python3-pyinotify >= 0.8.3
 %endif
 
 %description
@@ -129,9 +126,6 @@
 # Use openSUSE paths
 sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
 
-# Remove shebang
-sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py
-
 %patch100
 %patch101 -p1
 %if 0%{?suse_version} < 1310
@@ -159,11 +153,12 @@
 
 %build
 export CFLAGS="%{optflags}"
-python setup.py build
+./fail2ban-2to3
+python3 setup.py build
 gzip man/*.{1,5}
 
 %install
-python setup.py install \
+python3 setup.py install \
--root=%{buildroot} \
--prefix=%{_prefix}
 
@@ -224,7 +219,7 @@
 rm -r %{buildroot}%{_docdir}/%{name}
 
 # remove duplicates
-%fdupes -s %{buildroot}%{python_sitelib}
+%fdupes -s %{buildroot}%{python3_sitelib}
 
 %check
 #stat /dev/log
@@ -315,9 +310,9 @@
 %{_bindir}/%{name}-client
 %{_bindir}/%{name}-python
 %{_bindir}/%{name}-regex
-%{python_sitelib}/%{name}
-%exclude %{python_sitelib}/%{name}/tests
-%{python_sitelib}/%{name}-*
+%{python3_sitelib}/%{name}
+%exclude %{python3_sitelib}/%{name}/tests
+%{python3_sitelib}/%{name}-*
 %{_fillupdir}/sysconfig.%{name}
 %{_mandir}/man1/*
 %{_mandir}/man5/*
@@ -326,7 +321,7 @@
 
 # do not include tests as they are executed during the build process
 %exclude %{_bindir}/%{name}-testcases
-%exclude %{python_sitelib}/%{name}/tests
+%exclude %{python3_sitelib}/%{name}/tests
 
 %if !0%{?suse_version} > 1500
 %if 0%{?_unitdir:1}

++ fail2ban-0.10.4-env-script-interpreter.patch ++
--- /var/tmp/diff_new_pack.ianfNy/_old  2020-01-10 17:50:36.194123655 +0100
+++ /var/tmp/diff_new_pack.ianfNy/_new  2020-01-10 17:50:36.194123655 +0100
@@ -3,7 +3,7 @@
 +++ fail2ban-0.10.4/config/filter.d/ignorecommands/apache-fakegooglebot
2019-08-12 10:46:05.067842214 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env fail2ban-python
-+#!/usr/bin/python
++#!/usr/bin/fail2ban-python
  # Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
  #
  # Written in Python to reuse built-in Python batteries and not depend on

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2019-08-13 13:23:13

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new.9556 (New)


Package is "fail2ban"

Tue Aug 13 13:23:13 2019 rev:56 rq:722644 version:0.10.4

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2019-06-12 
13:17:54.732589662 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.9556/fail2ban.changes  
2019-08-13 13:23:16.249386705 +0200
@@ -1,0 +2,14 @@
+Mon Aug 12 09:10:37 UTC 2019 - Johannes Weberhofer 
+
+- Added fail2ban-0.10.4-env-script-interpreter.patch to define interpretor
+- removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2 
+  will be removed from Factory (see sr#713247):
+  * fail2ban-opensuse-service.patch: removed references to SuSEfirewall2 
service
+  * fail2ban-opensuse-service-sfw.patch: use references to SuSEfirewall2 only 
for
+older distributions
+  * Removed installation recommendation of the fail2ban-SuSEfirewall2
+package for all distributions as it is deprecated.
+- fail2ban-0.10.4-upstream-pid-file-location.patch changed fail2ban unit file 
+  location (boo#1145181, gh#fail2ban/fail2ban#2474)
+
+---

New:

  fail2ban-0.10.4-env-script-interpreter.patch
  fail2ban-0.10.4-upstream-pid-file-location.patch
  fail2ban-opensuse-service-sfw.patch



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.m1Mi8C/_old  2019-08-13 13:23:16.905386533 +0200
+++ /var/tmp/diff_new_pack.m1Mi8C/_new  2019-08-13 13:23:16.909386531 +0200
@@ -16,19 +16,18 @@
 #
 
 
+%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
-  %define _fillupdir /var/adm/fillup-templates
+  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
-
-%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:   fail2ban
 Version:0.10.4
 Release:0
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0-or-later
 Group:  Productivity/Networking/Security
-Url:http://www.fail2ban.org/
+URL:http://www.fail2ban.org/
 Source0:
https://github.com/fail2ban/fail2ban/archive/%{version}/%{name}-%{version}.tar.gz
 Source1:
https://github.com/fail2ban/fail2ban/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
 Source2:%{name}.sysconfig
@@ -46,6 +45,12 @@
 Patch101:   %{name}-opensuse-service.patch
 # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch 
jweberho...@weberhofer.at -- disable iptables "-w" option for older releases
 Patch200:   %{name}-disable-iptables-w-option.patch
+# PATCH-FIX-OPENSUSE fail2ban-0.10.4-env-script-interpreter.patch 
jweberho...@weberhofer.at -- use exact path to define interpretor
+Patch201:   %{name}-0.10.4-env-script-interpreter.patch
+# PATH-FIX-UPSTREAM fail2ban-0.10.4-upstream-pid-file-location.patch 
boo#1145181 jweberho...@weberhofer.at -- changed fail2ban pid file location 
(gh#fail2ban/fail2ban#2474)
+Patch202:   %{name}-0.10.4-upstream-pid-file-location.patch
+# PATCH-FEATURE-OPENSUSE fail2ban-opensuse-service-sfw.patch 
jweberho...@weberhofer.at -- start after SuSEfirewall2 only for older 
distributions
+Patch300:   fail2ban-opensuse-service-sfw.patch
 BuildRequires:  fdupes
 BuildRequires:  logrotate
 BuildRequires:  python-devel
@@ -57,7 +62,6 @@
 Requires:   logrotate
 Requires:   python >= 2.6
 Requires:   whois
-BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version} != 1110
 BuildArch:  noarch
 %endif
@@ -88,17 +92,18 @@
 can be defined by the user. Fail2Ban can read multiple log files such as sshd
 or Apache web server ones.
 
+%if !0%{?suse_version} > 1500
 %package -n SuSEfirewall2-%{name}
 Summary:Files for integrating fail2ban into SuSEfirewall2 via systemd
 Group:  Productivity/Networking/Security
 Requires:   SuSEfirewall2
 Requires:   fail2ban
-Recommends: packageand(SuSEfirewall2:fail2ban)
 
 %description -n SuSEfirewall2-%{name}
 This package ships systemd files which will cause fail2ban to be ordered in
 relation to SuSEfirewall2 such that the two can be run concurrently within
 reason, i.e. SFW will always run first because it does a table flush.
+%endif
 
 %package -n monitoring-plugins-%{name}
 %define nagios_plugindir %{_libexecdir}/nagios/plugins
@@ -128,10 +133,15 @@
 sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py
 
 %patch100

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2019-06-12 13:17:51

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new.4811 (New)


Package is "fail2ban"

Wed Jun 12 13:17:51 2019 rev:55 rq:709174 version:0.10.4

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2019-02-20 
14:13:23.890898021 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.4811/fail2ban.changes  
2019-06-12 13:17:54.732589662 +0200
@@ -1,0 +2,6 @@
+Tue Jun 11 12:42:54 UTC 2019 - Dominique Leuenberger 
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+  shortcut the build queues by allowing usage of systemd-mini
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.xlO8k6/_old  2019-06-12 13:17:55.568589281 +0200
+++ /var/tmp/diff_new_pack.xlO8k6/_new  2019-06-12 13:17:55.576589277 +0200
@@ -64,7 +64,7 @@
 %if 0%{?suse_version} >= 1230
 # systemd
 BuildRequires:  python-systemd
-BuildRequires:  systemd
+BuildRequires:  pkgconfig(systemd)
 Requires:   python-systemd
 Requires:   systemd > 204
 %{?systemd_requires}

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2019-02-20 14:13:19

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new.28833 (New)


Package is "fail2ban"

Wed Feb 20 14:13:19 2019 rev:54 rq:677464 version:0.10.4

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2018-04-26 
13:37:22.177535373 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.28833/fail2ban.changes 
2019-02-20 14:13:23.890898021 +0100
@@ -1,0 +2,50 @@
+Sat Feb 16 22:28:49 UTC 2019 - ch...@computersalat.de
+
+- ver. 0.10.4 (2018/10/04) - ten-four-on-due-date-ten-four
+  * https://github.com/fail2ban/fail2ban/blob/0.10.4/ChangeLog
+
+- Fixes
+  * `filter.d/dovecot.conf`: 
+- failregex enhancement to catch sql password mismatch errors (gh-2153);
+- disconnected with "proxy dest auth failed" (gh-2184);
+  * `filter.d/freeswitch.conf`:
+- provide compatibility for log-format from gh-2193:
+  * extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ 
T]%%H:%%M:%%S(?:\.%%f)?` to cover
+`-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is 
optional);
+  * more optional arguments in log-line (so accept [WARN] as well as 
[WARNING] and optional [SOFIA] hereafter);
+- extended with mode parameter, allows to avoid matching of messages like 
`auth challenge (REGISTER)`
+  (see gh-2163) (currently `extra` as default to be backwards-compatible), 
see comments in filter
+  how to set it to mode `normal`.
+  * `filter.d/domino-smtp.conf`:
+- recognizes failures logged using another format (something like 
session-id, IP enclosed in square brackets);
+- failregex extended to catch connections rejected for policy reasons 
(gh-2228);
+  * `action.d/hostsdeny.conf`: fix parameter in config (dynamic parameters 
stating with '_' are protected 
+and don't allowed in command-actions), see gh-2114;
+  * decoding stability fix by wrong encoded characters like utf-8 surrogate 
pairs, etc (gh-2171):
+- fail2ban running in the preferred encoding now (as default encoding also 
within python 2.x), mostly
+  `UTF-8` in opposite to `ascii` previously, so minimizes influence of 
implicit conversions errors;
+- actions: avoid possible conversion errors on wrong-chars by replace tags;
+- database: improve adapter/converter handlers working on invalid 
characters in sense of json and/or sqlite-database;
+  additionally both are exception-safe now, so avoid possible locking of 
database (closes gh-2137);
+- logging in fail2ban is process-wide exception-safe now.
+  * repaired start-time of initial seek to time (as well as other log-parsing 
related data), 
+if parameter `logpath` specified before `findtime`, `backend`, 
`datepattern`, etc (gh-2173)
+  * systemd: fixed type error on option `journalflags`: an integer is required 
(gh-2125);
+
+- New Features
+  * new option `ignorecache` to improve performance of ignore failure check 
(using caching of `ignoreip`, 
+`ignoreself` and `ignorecommand`), see `man jail.conf` for syntax-example;
+  * `ignorecommand` extended to use actions-similar replacement (capable to 
interpolate 
+all possible tags like ``, ``, ``, `F-USER` etc.)
+
+- Enhancements
+  * `filter.d/dovecot.conf`: extended with tags F-USER (and alternatives) to 
collect user-logins (gh-2168)
+  * since v.0.10.4, fail2ban-client, fail2ban-server and fail2ban-regex will 
return version without logo info,
+additionally option `-V` can be used to get version in normalized 
machine-readable short format.
+
+- rebase patches
+  * fail2ban-opensuse-locations.patch
+  * fail2ban-opensuse-service.patch
+- add signature file
+
+---

Old:

  fail2ban-0.10.3.1.tar.gz

New:

  fail2ban-0.10.4.tar.gz
  fail2ban-0.10.4.tar.gz.asc



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.JGELfQ/_old  2019-02-20 14:13:25.346897533 +0100
+++ /var/tmp/diff_new_pack.JGELfQ/_new  2019-02-20 14:13:25.346897533 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ 

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2018-04-26 13:37:18

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Thu Apr 26 13:37:18 2018 rev:53 rq:599594 version:0.10.3.1

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2018-02-21 
14:11:42.765668097 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2018-04-26 
13:37:22.177535373 +0200
@@ -1,0 +2,47 @@
+Sat Apr 21 06:02:12 UTC 2018 - jweberho...@weberhofer.at
+
+- Updated to version 0.10.3.1. Changelog:
+  https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog
+
+  * fixed JSON serialization for the set-object within dump into database 
(gh-2103).
+
+- Updated to version 0.10.3. Changelog:
+  https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog
+
+- Fixes
+  * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog 
server (gh-2060);
+  * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many 
syntax or protocol errors (gh-2048);
+  * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) 
with daemon name in prefix, gh-2069;
+  * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
+- fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses 
(gh-2064);
+  * `filter.d/sshd.conf`:
+- failregex got an optional space in order to match new log-format (see 
gh-2061);
+- fixed ddos-mode regex to match refactored message (some versions can 
contain port now, see gh-2062);
+- fixed root login refused regex (optional port before preauth, gh-2080);
+- avoid banning of legitimate users when pam_unix used in combination with 
other password method, so
+  bypass pam_unix failures if accepted available for this user gh-2070;
+- amend to gh-1263 with better handling of multiple attempts (failures for 
different user-names recognized immediatelly);
+- mode `ddos` (and `aggressive`) extended to catch `Connection closed by 
... [preauth]`, so in DDOS mode
+  it counts failure on closing connection within preauth-stage (gh-2085);
+  * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment 
quote-issue (gh-2044, gh-2101);
+  * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue 
"expected string, IPAddr found" (gh-2059);
+  * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, 
gh-2066);
+  * (Free)BSD ipfw actionban fixed to allow same rule added several times 
(gh-2054);
+
+- New Features
+  * several stability and performance optimizations, more effective filter 
parsing, etc;
+  * stable runnable within python versions 3.6 (as well as within 3.7-dev);
+
+- Enhancements
+  * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. 
misredirect attempts (gh-2017, gh-2097);
+  * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script 
unknown", e. g. from php-fpm (gh-2073);
+  * date-detector extended with long epoch (`LEPOCH`) to parse 
milliseconds/microseconds posix-dates (gh-2029);
+  * possibility to specify own regex-pattern to match epoch date-time, e. g. 
`^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038);
+the epoch-pattern similar to `{DATE}` patterns does the capture and cuts 
out the match of whole pattern from the log-line,
+e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out 
`[1516469849551000] :` from begin of the log-line.
+  * badips.py now uses https instead of plain http when requesting badips.com 
(gh-2057);
+  * add support for "any" badips.py bancategory, to be able to retrieve IPs 
from all categories with a desired score (gh-2056);
+  * Introduced new parameter `padding` for logging within fail2ban-server 
(default on, excepting SYSLOG):
+Usage `logtarget = target[padding=on|off]`
+
+---

Old:

  fail2ban-0.10.2.tar.gz

New:

  fail2ban-0.10.3.1.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.KxC9cY/_old  2018-04-26 13:37:23.121500776 +0200
+++ /var/tmp/diff_new_pack.KxC9cY/_new  2018-04-26 13:37:23.121500776 +0200
@@ -23,10 +23,10 @@
 
 %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:   fail2ban
-Version:0.10.2
+Version:0.10.3.1
 Release:0
 Summary:Bans IP addresses that make too many authentication failures
-License:GPL-2.0+
+License:GPL-2.0-or-later
 Group:  Productivity/Networking/Security
 Url:http://www.fail2ban.org/
 Source0:

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2018-02-21 14:11:41

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Wed Feb 21 14:11:41 2018 rev:52 rq:578362 version:0.10.2

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2017-11-24 
10:55:39.141695113 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2018-02-21 
14:11:42.765668097 +0100
@@ -1,0 +2,74 @@
+Tue Feb 20 08:19:07 UTC 2018 - jweberho...@weberhofer.at
+
+- Updated to version 0.10.2. Changelog:
+  https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog
+
+- rebased patch
+
+- Incompatibility list (compared to v.0.9):
+  * Filter (or `failregex`) internal capture-groups:
+- If you've your own `failregex` or custom filters using conditional match 
`(?P=host)`, you should
+  rewrite the regex like in example below resp. using 
`(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)`
+  (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and 
`raw` settings).
+  Of course you can always define your own capture-group (like below 
`_cond_ip_`) to do this.
+  testln="15 failure from 192.0.2.1: bad host 192.0.2.1"
+  fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_>): bad 
host (?P=_cond_ip_)$"
+- New internal groups (currently reserved for internal usage):
+  `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another 
captures in lower case if
+  mapping from tag `` used in failregex (e. g. `user` by ``).
+  * v.0.10 uses more precise date template handling, that can be theoretically 
incompatible to some
+user configurations resp. `datepattern`.
+  * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not 
all ban actions are
+IPv6-capable now.
+
+- Incompatibility:
+  * The configuration for jails using banaction `pf` can be incompatible after 
upgrade, because pf-action uses
+anchors now (see `action.d/pf.conf` for more information). If you want use 
obsolete handling without anchors,
+just rewrite it in the `jail.local` by overwrite of `pfctl` parameter, e. 
g. like `banaction = pf[pfctl="pfctl"]`. 
+
+- Fixes
+  * Fixed logging to systemd-journal: new logtarget value SYSOUT can be used 
instead of STDOUT, to avoid 
+write of the time-stamp, if logging to systemd-journal from foreground 
mode (gh-1876)
+  * Fixed recognition of the new date-format on mysqld-auth filter (gh-1639)
+  * jail.conf: port `imap3` replaced with `imap` everywhere, since imap3 is 
not a standard port and old rarely 
+(if ever) used and can missing on some systems (e. g. debian stretch), see 
gh-1942.
+  * config/paths-common.conf: added missing initial values (and small 
normalization in config/paths-*.conf)
+in order to avoid errors while interpolating (e. g. starting with 
systemd-backend), see gh-1955.
+  * `action.d/pf.conf`: 
+- fixed syntax error in achnor definition (documentation, see gh-1919);
+- enclose ports in braces for multiport jails (see gh-1925);
+  * `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing 
`family inet6`, gh-1990)
+  * `filter.d/sshd.conf`:
+- extended failregex for modes "extra"/"aggressive": now finds all 
possible (also future)
+  forms of "no matching (cipher|mac|MAC|compression method|key exchange 
method|host key type) found", 
+  see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors (gh-1943, 
gh-1944);
+- fixed failregex in order to avoid banning of legitimate users with 
multiple public keys (gh-2014, gh-1263);
+
+- New Features
+  * datedetector: extended default date-patterns (allows extra space between 
the date and time stamps);
+introduces 2 new format directives (with corresponding %Ex prefix for more 
precise parsing):
+- %k - one- or two-digit number giving the hour of the day (0-23) on a 
24-hour clock,
+  (corresponds %H, but allows space if not zero-padded).
+- %l - one- or two-digit number giving the hour of the day (12-11) on a 
12-hour clock,
+  (corresponds %I, but allows space if not zero-padded).
+  * `filter.d/exim.conf`: added mode `aggressive` to ban flood resp. 
DDOS-similar failures (gh-1983);
+
+- New Actions:
+  * `action.d/nginx-block-map.conf` - in order to ban not IP-related tickets 
via nginx (session blacklisting in
+ nginx-location with map-file);
+
+  - Enhancements
+* jail.conf: extended with new parameter `mode` for the filters supporting 
it (gh-1988);
+* action.d/pf.conf: extended with bulk-unban, command `actionflush` in 
order to flush all bans at once.
+* Introduced new parameters for logging within fail2ban-server (gh-1980).
+  Usage `logtarget = 

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2017-11-24 10:55:37

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Fri Nov 24 10:55:37 2017 rev:51 rq:544894 version:0.10.1

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2017-10-29 
20:24:42.370601213 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2017-11-24 
10:55:39.141695113 +0100
@@ -1,0 +2,6 @@
+Thu Nov 23 13:44:10 UTC 2017 - rbr...@suse.com
+
+- Replace references to /var/adm/fillup-templates with new 
+  %_fillupdir macro (boo#1069468)
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.PeSB1x/_old  2017-11-24 10:55:40.353650848 +0100
+++ /var/tmp/diff_new_pack.PeSB1x/_new  2017-11-24 10:55:40.357650702 +0100
@@ -16,6 +16,11 @@
 #
 
 
+#Compat macro for new _fillupdir macro introduced in Nov 2017
+%if ! %{defined _fillupdir}
+  %define _fillupdir /var/adm/fillup-templates
+%endif
+
 %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:   fail2ban
 Version:0.10.1
@@ -188,8 +193,8 @@
 
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/%{name}/
 
-install -d -m 755 %{buildroot}%{_localstatedir}/adm/fillup-templates
-install -p -m 644 %{SOURCE2} 
%{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
+install -d -m 755 %{buildroot}%{_fillupdir}
+install -p -m 644 %{SOURCE2} %{buildroot}%{_fillupdir}/sysconfig.%{name}
 
 install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d
 install -p -m 644 %{SOURCE3}  %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
@@ -298,7 +303,7 @@
 %{python_sitelib}/%{name}
 %exclude %{python_sitelib}/%{name}/tests
 %{python_sitelib}/%{name}-*
-%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
+%{_fillupdir}/sysconfig.%{name}
 %{_mandir}/man1/*
 %{_mandir}/man5/*
 %doc README.md TODO ChangeLog COPYING doc/*.txt

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2017-10-29 20:24:39

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Sun Oct 29 20:24:39 2017 rev:50 rq:537301 version:0.10.1

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2017-06-27 
10:21:55.957595728 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2017-10-29 
20:24:42.370601213 +0100
@@ -1,0 +2,56 @@
+Sat Oct 21 04:43:44 UTC 2017 - jweberho...@weberhofer.at
+
+- Updated to version 0.10.1. Changelog:
+  https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog
+
+- Removed 607568f.patch and 1783.patch
+
+- New features: 
+  * IPv6 support
+- IP addresses are now handled as objects rather than strings capable for 
+  handling both address types IPv4 and IPv6
+- iptables related actions have been amended to support IPv6 specific 
actions
+  additionally
+- hostsdeny and route actions have been tested to be aware of v4 and v6 
already
+- pf action for *BSD systems has been improved and supports now also v4 
and v6
+- name resolution is now working for either address type
+- new conditional section functionality used in config resp. includes:
+  - [Init?family=inet4] - IPv4 qualified hosts only
+  - [Init?family=inet6] - IPv6 qualified hosts only
+  * Reporting via abuseipdb.com
+- Bans can now be reported to abuseipdb
+- Catagories must be set in the config
+- Relevant log lines included in report
+  * Several commands extended and new commands introduced
+  * Implemented execution of `actionstart` on demand
+  * nftables actions are IPv6-capable now
+  * Introduced new filter option `prefregex` for pre-filtering using single 
regular expression
+  * Many times faster because of several optimizations
+  * Several filters optimized
+  * Introduced new jail option "ignoreself"
+
+
+- Lots of fixes and internal improvements
+
+- Incompatibitilities:
+  * Filter (or `failregex`) internal capture-groups:
+  - If you've your own `failregex` or custom filters using conditional match 
`(?P=host)`, you should
+rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` 
instead of `(?P=host)`
+(or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` 
settings).
+
+Of course you can always your own capture-group (like below `_cond_ip_`) 
to do this.
+```
+testln="15 failure from 192.0.2.1: bad host 192.0.2.1"
+fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_>): bad host 
(?P=_cond_ip_)$"
+```
+  - New internal groups (currently reserved for internal usage):
+`ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another 
captures in lower case if
+mapping from tag `` used in failregex (e. g. `user` by ``).
+
+  * v.0.10 uses more precise date template handling, that can be theoretically 
incompatible to some
+  user configurations resp. `datepattern`.
+
+  * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not 
all ban actions are
+  IPv6-capable now.
+
+---

Old:

  1783.patch
  607568f.patch
  fail2ban-0.9.7.tar.gz

New:

  fail2ban-0.10.1.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.B0CU7N/_old  2017-10-29 20:24:43.354565354 +0100
+++ /var/tmp/diff_new_pack.B0CU7N/_new  2017-10-29 20:24:43.358565208 +0100
@@ -18,7 +18,7 @@
 
 %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:   fail2ban
-Version:0.9.7
+Version:0.10.1
 Release:0
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0+
@@ -38,10 +38,6 @@
 Patch100:   %{name}-opensuse-locations.patch
 # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberho...@weberhofer.at 
-- openSUSE modifications to the service file
 Patch101:   %{name}-opensuse-service.patch
-# PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberho...@weberhofer.at -- 
Postfix RBL: 554 & SMTP
-Patch102:   607568f.patch
-# PATCH-UPSTREAM 1783.patch jweberho...@weberhofer.at -- Updated roundcube 
authentication filter
-Patch103:   1783.patch
 # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch 
jweberho...@weberhofer.at -- disable iptables "-w" option for older releases
 Patch200:   %{name}-disable-iptables-w-option.patch
 BuildRequires:  fdupes
@@ -53,7 +49,7 @@
 Requires:   ed
 Requires:   iptables
 Requires:   logrotate
-Requires:   python >= 2.5
+Requires:   python >= 2.6
 Requires:   

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2017-06-27 10:21:50

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Tue Jun 27 10:21:50 2017 rev:49 rq:506342 version:0.9.7

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2017-05-17 
10:55:01.245200934 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2017-06-27 
10:21:55.957595728 +0200
@@ -1,0 +2,6 @@
+Mon Jun 26 07:23:57 UTC 2017 - jweberho...@weberhofer.at
+
+- added 1783.patch from upstream: "Updated roundcube authentication filter"
+- use tmpfiles_create macro
+
+---

New:

  1783.patch



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.qlrW4E/_old  2017-06-27 10:21:57.377395060 +0200
+++ /var/tmp/diff_new_pack.qlrW4E/_new  2017-06-27 10:21:57.377395060 +0200
@@ -16,6 +16,7 @@
 #
 
 
+%{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create}
 Name:   fail2ban
 Version:0.9.7
 Release:0
@@ -39,6 +40,8 @@
 Patch101:   %{name}-opensuse-service.patch
 # PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberho...@weberhofer.at -- 
Postfix RBL: 554 & SMTP
 Patch102:   607568f.patch
+# PATCH-UPSTREAM 1783.patch jweberho...@weberhofer.at -- Updated roundcube 
authentication filter
+Patch103:   1783.patch
 # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch 
jweberho...@weberhofer.at -- disable iptables "-w" option for older releases
 Patch200:   %{name}-disable-iptables-w-option.patch
 BuildRequires:  fdupes
@@ -119,9 +122,13 @@
 # Use openSUSE paths
 sed -i -e 's/^before = paths-.*/before = paths-opensuse.conf/' config/jail.conf
 
+# Remove shebang
+sed -i -e '/^#!\/usr\/bin\/python$/d' fail2ban/client/fail2banregex.py
+
 %patch100
 %patch101
 %patch102 -p1
+%patch103 -p1
 %if 0%{?suse_version} < 1310
 %patch200 -p1
 %endif
@@ -224,7 +231,7 @@
 %post
 %fillup_only
 %if 0%{?suse_version} >= 1230
-systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
 # The next line is not workin in Leap 42.1, so keep the old way
 #%%tmpfiles_create %%{_tmpfilesdir}/%%{name}.conf
 %service_add_post %{name}.service

++ 1783.patch ++
diff -ur fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf 
fail2ban-0.9.7/config/filter.d/roundcube-auth.conf
--- fail2ban-0.9.7-orig/config/filter.d/roundcube-auth.conf 2017-05-11 
03:38:57.0 +0200
+++ fail2ban-0.9.7/config/filter.d/roundcube-auth.conf  2017-06-26 
16:57:15.171337942 +0200
@@ -7,16 +7,30 @@
 # The logpath in your jail can be updated to userlogins if you wish
 #
 
+
+[Definition]
+# Fail2Ban configuration file for roundcube web server authentication failures
+#
+# When you enable systemd-logging, this filter needs "$config['log_driver']" 
set 
+# to "syslog" in the roundcube configuration
+#
+
 [INCLUDES]
 
 before = common.conf
 
 [Definition]
 
-failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP 
Error)?: (FAILED login|Login failed) for .*? from (\. .* in 
.*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
-^\[\]:\s*(<[\w]+>)? Failed login for 
[\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from  in session \w+( \(error: 
\d\))?$
+prefregex = 
^\s*(\[\])?(%(__hostname)s\s*(?:roundcube(?:\[(\d*)\])?:)?\s*(<[\w]+>)? IMAP 
Error)?:
+
+failregex = %(prefregex)s (?:FAILED login|Login failed) for (?P.*) from 
(\. (?:(?! from ).)*(?: user=(?P=user))? in \S+\.php on line \d+ \(\S+ 
\S+\))?$
+   %(prefregex)s (?:<[\w]+> )?Failed login for (?P.*) from 
 in session \w+( \(error: \d\))?$
+
+ignoreregex =
+
+[Init]
+journalmatch = SYSLOG_IDENTIFIER=roundcube
 
-ignoreregex = 
 # DEV Notes:
 #
 # Source: 
https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
diff -ur fail2ban-0.9.7-orig/config/jail.conf fail2ban-0.9.7/config/jail.conf
--- fail2ban-0.9.7-orig/config/jail.conf2017-05-11 03:38:57.0 
+0200
+++ fail2ban-0.9.7/config/jail.conf 2017-06-26 10:37:10.200062390 +0200
@@ -379,7 +379,8 @@
 
 port = http,https
 logpath  = %(roundcube_errors_log)s
-
+# Use following line in your jail.local if roundcube logs to journal.
+#backend = %(syslog_backend)s
 
 [openwebmail]
 

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2017-05-17 10:54:57

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Wed May 17 10:54:57 2017 rev:48 rq:495374 version:0.9.7

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2017-03-12 
20:05:27.409388330 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2017-05-17 
10:55:01.245200934 +0200
@@ -1,0 +2,49 @@
+Mon May 15 12:11:23 UTC 2017 - jweberho...@weberhofer.at
+
+- added 607568f.patch from upstream: "Postfix RBL: 554 & SMTP"
+  this fixes bnc#1036928 " fail2ban-rbl regex incorrect, takes no 
+  action as a result"
+
+- Update to 0.9.7
+  * Fixed a systemd-journal handling in fail2ban-regex 
+(gh#fail2ban/fail2ban#1657)
+  * filter.d/sshd.conf
+- Fixed non-anchored part of failregex (misleading match of colon inside
+  IPv6 address instead of `: ` in the reason-part by missing space, 
+  gh#fail2ban/fail2ban#1658)
+  (0.10th resp. IPv6 relevant only, amend for gh#fail2ban/fail2ban#1479)
+  * config/pathes-freebsd.conf
+- Fixed filenames for apache and nginx log files 
(gh#fail2ban/fail2ban#1667)
+  * filter.d/exim.conf
+- optional part `(...)` after host-name before `[IP]` 
+  (gh#fail2ban/fail2ban#1751)
+- new reason "Unrouteable address" for "rejected RCPT" regex 
+  (gh#fail2ban/fail2ban#1762)
+- match of complex time like `D=2m42s` in regex "no MAIL in SMTP 
+  connection" (gh#fail2ban/fail2ban#1766)
+  * filter.d/sshd.conf
+- new aggressive rules (gh#fail2ban/fail2ban#864):
+  - Connection reset by peer (multi-line rule during authorization process)
+  - No supported authentication methods available
+- single line and multi-line expression optimized, added optional prefixes
+  and suffix (logged from several ssh versions), according 
+  to gh#fail2ban/fail2ban#1206;
+- fixed expression received disconnect auth fail (optional space after port
+  part, gh#fail2ban/fail2ban#1652)
+  and suffix (logged from several ssh versions), according to 
gh#fail2ban/fail2ban#1206;
+  * filter.d/suhosin.conf
+- greedy catch-all before `` fixed (potential vulnerability)
+  * filter.d/cyrus-imap.conf
+- accept entries without login-info resp. hostname before IP address 
(#fail2ban/fail2ban#707)
+  * Filter tests extended with check of all config-regexp, that contains 
greedy catch-all
+before ``, that is hard-anchored at end or precise sub expression 
after ``
+
+* New Actions:
+  - action.d/netscaler: Block IPs on a Citrix Netscaler ADC 
(gh#fail2ban/fail2ban#1663)
+
+* New Filters:
+  - filter.d/domino-smtp: IBM Domino SMTP task (gh#fail2ban/fail2ban#1603)
+
+* Introduced new log-level `MSG` (as INFO-2, equivalent to 18)
+
+---

Old:

  fail2ban-0.9.6.tar.gz

New:

  607568f.patch
  fail2ban-0.9.7.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.wLu8Dz/_old  2017-05-17 10:55:02.049087843 +0200
+++ /var/tmp/diff_new_pack.wLu8Dz/_new  2017-05-17 10:55:02.049087843 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   fail2ban
-Version:0.9.6
+Version:0.9.7
 Release:0
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0+
@@ -37,6 +37,8 @@
 Patch100:   %{name}-opensuse-locations.patch
 # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberho...@weberhofer.at 
-- openSUSE modifications to the service file
 Patch101:   %{name}-opensuse-service.patch
+# PATCH-UPSTREAM 607568f.patch bnc#1036928 jweberho...@weberhofer.at -- 
Postfix RBL: 554 & SMTP
+Patch102:   607568f.patch
 # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch 
jweberho...@weberhofer.at -- disable iptables "-w" option for older releases
 Patch200:   %{name}-disable-iptables-w-option.patch
 BuildRequires:  fdupes
@@ -97,8 +99,8 @@
 %define nagios_plugindir %{_libexecdir}/nagios/plugins
 Summary:Check fail2ban server and how many IPs are currently banned
 Group:  System/Monitoring
-Provides:   nagios-plugins-%{name}=%{version}
-Obsoletes:  nagios-plugins-%{name}<%{version}
+Provides:   nagios-plugins-%{name} = %{version}
+Obsoletes:  nagios-plugins-%{name} < %{version}
 
 %description -n monitoring-plugins-%{name}
 This plugin checks if the fail2ban server is running and how many IPs are
@@ -119,6 +121,7 @@
 
 %patch100
 %patch101
+%patch102 -p1
 %if 0%{?suse_version} < 1310
 %patch200 -p1
 %endif

++ 607568f.patch ++
>From 

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2017-03-12 20:05:25

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Sun Mar 12 20:05:25 2017 rev:47 rq:478640 version:0.9.6

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2017-02-03 
17:36:38.461703790 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2017-03-12 
20:05:27.409388330 +0100
@@ -1,0 +2,5 @@
+Sun Mar  5 12:56:10 UTC 2017 - wagner-tho...@gmx.at
+
+- rename nagios-plugins-fail2ban to monitoring-plugins-fail2ban 
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.dnOFJP/_old  2017-03-12 20:05:28.433243451 +0100
+++ /var/tmp/diff_new_pack.dnOFJP/_new  2017-03-12 20:05:28.433243451 +0100
@@ -93,12 +93,14 @@
 relation to SuSEfirewall2 such that the two can be run concurrently within
 reason, i.e. SFW will always run first because it does a table flush.
 
-%package -n nagios-plugins-%{name}
+%package -n monitoring-plugins-%{name}
 %define nagios_plugindir %{_libexecdir}/nagios/plugins
 Summary:Check fail2ban server and how many IPs are currently banned
 Group:  System/Monitoring
+Provides:   nagios-plugins-%{name}=%{version}
+Obsoletes:  nagios-plugins-%{name}<%{version}
 
-%description -n nagios-plugins-fail2ban
+%description -n monitoring-plugins-%{name}
 This plugin checks if the fail2ban server is running and how many IPs are
 currently banned.  You can use this plugin to monitor all the jails or just a
 specific jail.
@@ -307,7 +309,7 @@
 %{_unitdir}/%{name}.service.d
 %endif
 
-%files -n nagios-plugins-%{name}
+%files -n monitoring-plugins-%{name}
 %defattr(-,root,root)
 %doc files/nagios/README COPYING
 %dir %{_libexecdir}/nagios

commit fail2ban for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2017-01-31 12:42:01

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2016-07-28 
23:47:45.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2017-02-03 
17:36:38.461703790 +0100
@@ -1,0 +2,75 @@
+Thu Jan 26 23:16:49 UTC 2017 - ch...@computersalat.de
+
+- Update to 0.9.6 (2016/12/10)
+
+### Fixes
+* Misleading add resp. enable of (already available) jail in database, that
+  induced a subsequent error: last position of log file will be never 
retrieved (gh-795)
+* Fixed a distribution related bug within testReadStockJailConfForceEnabled
+  (e.g. test-cases faults on Fedora, see gh-1353)
+* Fixed pythonic filters and test scripts (running via wrong python version,
+  uses "fail2ban-python" now);
+* Fixed test case "testSetupInstallRoot" for not default python version (also
+  using direct call, out of virtualenv);
+* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see 
gh-1512);
+* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
+* Monit config: scripting is not supported in path (gh-1556)
+* `filter.d/apache-modsecurity.conf`
+- Fixed for newer version (one space, gh-1626), optimized: non-greedy 
catch-all
+  replaced for safer match, unneeded catch-all anchoring removed, 
non-capturing
+* `filter.d/asterisk.conf`
+- Fixed to match different asterisk log prefix (source file: method:)
+* `filter.d/dovecot.conf`
+- Fixed failregex ignores failures through some not relevant info (gh-1623)
+* `filter.d/ignorecommands/apache-fakegooglebot`
+- Fixed error within apache-fakegooglebot, that will be called
+  with wrong python version (gh-1506)
+* `filter.d/assp.conf`
+- Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
+* `filter.d/postfix-sasl.conf`
+- Allow for having no trailing space after 'failed:' (gh-1497)
+* `filter.d/vsftpd.conf`
+- Optional reason part in message after FAIL LOGIN (gh-1543)
+* `filter.d/sendmail-reject.conf`
+- removed mandatory double space (if dns-host available, gh-1579)
+* filter.d/sshd.conf
+- recognized "Failed publickey for" (gh-1477);
+- optimized failregex to match all of "Failed any-method for ... from 
" (gh-1479)
+- eliminated possible complex injections (on user-name resp. auth-info, 
see gh-1479)
+- optional port part after host (see gh-1533, gh-1581)
+
+### New Features
+* New Actions:
+- `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
+* New Filters:
+- `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL 
database engine)
+  (gh-1586, gh-1606 and gh-1607)
+
+### Enhancements
+* DateTemplate regexp extended with the word-end boundary, additionally to
+  word-start boundary
+* Introduces new command "fail2ban-python", as automatically created symlink to
+  python executable, where fail2ban currently installed (resp. its modules are 
located):
+- allows to use the same version, fail2ban currently running, e.g. in
+  external scripts just via replace python with fail2ban-python:
+  ```diff
+  -#!/usr/bin/env python
+  +#!/usr/bin/env fail2ban-python
+  ```
+- always the same pickle protocol
+- the same (and also guaranteed available) fail2ban modules
+- simplified stand-alone install, resp. stand-alone installation 
possibility
+  via setup (like gh-1487) is getting closer
+* Several test cases rewritten using new methods assertIn, assertNotIn
+* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
+  Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, 
assertNotLogged
+  are test covered now
+* Jail configuration extended with new syntax to pass options to the backend 
(see gh-1408),
+  examples:
+- `backend = systemd[journalpath=/run/log/journal/machine-1]`
+- `backend = 
systemd[journalfiles="/run/log/journal/machine-1/system.journal, 
/run/log/journal/machine-1/user.journal"]`
+- `backend = systemd[journalflags=2]`
+
+- rebase fail2ban-opensuse-locations.patch, fail2ban-opensuse-service.patch
+
+---

Old:

  fail2ban-0.9.5.tar.gz

New:

  fail2ban-0.9.6.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.SrVRNF/_old  2017-02-03 17:36:39.085615482 +0100
+++ /var/tmp/diff_new_pack.SrVRNF/_new  2017-02-03 17:36:39.089614916 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2016-07-28 23:47:34

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2016-03-26 
15:27:27.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2016-07-28 
23:47:45.0 +0200
@@ -1,0 +2,54 @@
+Mon Jul 25 13:43:18 UTC 2016 - jweberho...@weberhofer.at
+
+- Update to version 0.9.5
+
+  New Features
+* New Actions: action.d/firewallcmd-rich-rules and 
+  action.d/firewallcmd-rich-logging (gh#fail2ban/fail2ban#1367)
+* New filter: slapd - ban hosts, that were failed to connect with invalid
+  credentials: error code 49 (gh#fail2ban/fail2ban#1478)
+
+  Enhancements
+* Extreme speedup of all sqlite database operations
+(gh#fail2ban/fail2ban#1436), by using of following sqlite options:
+  - (synchronous = OFF) write data through OS without syncing
+  - (journal_mode = MEMORY) use memory for the transaction logging
+  - (temp_store = MEMORY) temporary tables and indices are kept in memory
+* journald journalmatch for pure-ftpd (gh#fail2ban/fail2ban#1362)
+* Added additional regex filter for dovecot ldap authentication 
+  failures (gh#fail2ban/fail2ban#1370)
+* filter.d/exim*conf
+  - Added additional regexes (gh#fail2ban/fail2ban#1371)
+  - Made port entry optional
+
+  Fixes
+  * filter.d/monit.conf
+- Extended failregex with new monit "access denied" version
+  (gh#fail2ban/fail2ban#1355)
+- failregex of previous monit version merged as single expression
+  * filter.d/postfix.conf, filter.d/postfix-sasl.conf
+- Extended failregex daemon part, matching also postfix/smtps/smtpd now
+  (gh#fail2ban/fail2ban#1391)
+
+  * Fixed a grave bug within tags substitutions because of incorrect detection
+of recursion in case of multiple inline substitutions of the same tag
+(affected actions: bsd-ipfw, etc). Now tracks the actual list of the
+already substituted tags (per tag instead of single list)
+
+  * filter.d/common.conf
+- Unexpected extra regex-space in generic __prefix_line
+ (gh#fail2ban/fail2ban#1405)
+- All optional spaces normalized in common.conf, test covered now
+- Generic __prefix_line extended with optional brackets for the date ambit
+  (gh#fail2ban/fail2ban#1421), added new parameter __date_ambit 
+
+  * gentoo-initd fixed --pidfile bug: --pidfile is option of start-stop-daemon,
+not argument of fail2ban (see gh#fail2ban/fail2ban#1434)
+
+  * filter.d/asterisk.conf
+- Fixed security log support for PJSIP and Asterisk 13+
+  (gh#fail2ban/fail2ban#1456)
+- Improved log support for PJSIP and Asterisk 13+ with different callID
+  (gh#fail2ban/fail2ban#1458)
+
+---

Old:

  fail2ban-0.9.4.tar.gz

New:

  fail2ban-0.9.5.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.DvlfCI/_old  2016-07-28 23:47:46.0 +0200
+++ /var/tmp/diff_new_pack.DvlfCI/_new  2016-07-28 23:47:46.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   fail2ban
-Version:0.9.4
+Version:0.9.5
 Release:0
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0+

++ fail2ban-0.9.4.tar.gz -> fail2ban-0.9.5.tar.gz ++
 3435 lines of diff (skipped)

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2016-03-26 15:27:23

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2016-03-16 
10:35:14.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2016-03-26 
15:27:27.0 +0100
@@ -1,0 +2,5 @@
+Thu Mar 10 14:09:51 UTC 2016 - jweberho...@weberhofer.at
+
+- Mark /etc/fail2ban/fail2ban.conf as noreplace.
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.l6aakr/_old  2016-03-26 15:27:28.0 +0100
+++ /var/tmp/diff_new_pack.l6aakr/_new  2016-03-26 15:27:28.0 +0100
@@ -259,7 +259,7 @@
 %config %{_sysconfdir}/%{name}/action.d/*
 %config %{_sysconfdir}/%{name}/filter.d/*
 #
-%config %{_sysconfdir}/%{name}/fail2ban.conf
+%config(noreplace) %{_sysconfdir}/%{name}/fail2ban.conf
 %config %{_sysconfdir}/%{name}/jail.conf
 %config %{_sysconfdir}/%{name}/paths-common.conf
 %config %{_sysconfdir}/%{name}/paths-opensuse.conf

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2016-03-16 10:35:11

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2016-02-17 
12:11:04.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2016-03-16 
10:35:14.0 +0100
@@ -1,0 +2,96 @@
+Thu Mar 10 10:58:53 UTC 2016 - jweberho...@weberhofer.at
+
+- Removed patch: fail2ban-exclude-dev-log-tests.patch
+- Removed patch: 
fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
+- rebased other patches
+- Defined services which per default uses systemd logger
+- Provide /usr/sbin/rcfail2ban also on systemd based distros
+
+- All files in /etc/fail2ban/ except jail.local are now automatically replaced
+  upon installation of fail2ban
+
+- The update to this versions allow to close boo#917818, as the 
logger-backends for
+  several services are now centrally set in /etc/fail2ban/paths-opensuse.conf
+
+- Update to version 0.9.4
+  New Features:
+   * New interpolation feature for definition config readers - 
``
+ (means last known init definition of filters or actions with name 
`parameter`).
+ This interpolation makes possible to extend a parameters of stock filter 
or 
+ action directly in jail inside jail.local file, without creating a 
separately
+ filter.d/*.local file.
+ As extension to interpolation `%(known/parameter)s`, that does not works 
for
+ filter and action init parameters
+   * New actions:
+ - nftables-multiport and nftables-allports - filtering using nftables
+   framework. Note: it requires a pre-existing chain for the filtering 
rule.
+   * New filters:
+ - openhab - domotic software authentication failure with the
+   rest api and web interface (gh-1223)
+ - nginx-limit-req - ban hosts, that were failed through nginx by limit
+   request processing rate (ngx_http_limit_req_module)
+ - murmur - ban hosts that repeatedly attempt to connect to
+   murmur/mumble-server with an invalid server password or certificate.
+ - haproxy-http-auth - filter to match failed HTTP Authentications against 
a
+   HAProxy server
+   * New jails:
+ - murmur - bans TCP and UDP from the bad host on the default murmur port.
+   * sshd filter got new failregex to match "maximum authentication
+ attempts exceeded" (introduced in openssh 6.8)
+   * Added filter for Mac OS screen sharing (VNC) daemon
+
+  Enhancements:
+   * Do not rotate empty log files
+   * Added new date pattern with year after day (e.g. Sun Jan 23 2005 21:59:59)
+ http://bugs.debian.org/798923
+   * Added openSUSE path configuration (Thanks Johannes Weberhofer)
+   * Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197)
+   * Added a timeout (3 sec) to urlopen within badips.py action
+ (Thanks M. Maraun)
+   * Added check against atacker's Googlebot PTR fake records
+ (Thanks Pablo Rodriguez Fernandez)
+   * Enhance filter against atacker's Googlebot PTR fake records
+ (gh-1226)
+   * Nginx log paths extended (prefixed with "*" wildcard) (gh-1237)
+   * Added filter for openhab domotic software authentication failure with the
+ rest api and web interface (gh-1223)
+   * Add *_backend options for services to allow distros to set the default
+ backend per service, set default to systemd for Fedora as appropriate
+   * Performance improvements while monitoring large number of files (gh-1265).
+ Use associative array (dict) for monitored log files to speed up lookup 
+ operations. Thanks @kshetragia
+   * Specified that fail2ban is PartOf iptables.service firewalld.service in
+ .service file -- would reload fail2ban if those services are restarted
+   * Provides new default `fail2ban_version` and interpolation variable
+ `fail2ban_agent` in jail.conf
+   * Enhance filter 'postfix' to ban incoming SMTP client with no fqdn 
hostname,
+ and to support multiple instances of postfix having varying suffix 
(gh-1331)
+ (Thanks Tom Hendrikx)
+   * files/gentoo-initd to use start-stop-daemon to robustify restarting the 
service
+
+  Fixes:
+   * roundcube-auth jail typo for logpath
+   * Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164)
+   * filter.d/apache-badbots.conf
+ - Updated useragent string regex adding escape for `+`
+   * filter.d/mysqld-auth.conf
+ gg  - Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, 
gh-1332)
+   * filter.d/sshd.conf
+ - Updated "Auth fail" regex for OpenSSH 5.9 and later
+   * Treat failed and killed execution of commands identically (only
+ different log messages), which addresses different 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2016-02-17 10:24:34

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2015-09-24 
06:16:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2016-02-17 
12:11:04.0 +0100
@@ -1,0 +2,8 @@
+Thu Feb  4 15:50:38 UTC 2016 - jweberho...@weberhofer.at
+
+- Require python-systemd for openSUSE 12.3+
+- Cleaned up the spec file
+- Added /run/fail2ban for openSUSE 13.2+
+- Don't fail on test-errors
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.Eh27Vu/_old  2016-02-17 12:11:05.0 +0100
+++ /var/tmp/diff_new_pack.Eh27Vu/_new  2016-02-17 12:11:05.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -58,14 +58,17 @@
 %if 0%{?suse_version} != 1110
 BuildArch:  noarch
 %endif
-%if 0%{?suse_version} < 1230
-# the init-script requires lsof
-Requires:   lsof
-Requires:   syslog
-%else
+%if 0%{?suse_version} >= 1230
+# systemd
+BuildRequires:  python-systemd
 BuildRequires:  systemd
+Requires:   python-systemd
 Requires:   systemd
 %{?systemd_requires}
+%else
+# no systemd (the init-script requires lsof)
+Requires:   lsof
+Requires:   syslog
 %endif
 %if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010  && 
0%{?suse_version} != 1110 && 0%{?suse_version} != 1315
 BuildRequires:  python-pyinotify
@@ -148,11 +151,20 @@
 install -p -m 644 man/fail2ban-*.1.gz %{buildroot}%{_mandir}/man1
 install -p -m 644 man/jail.conf.5.gz %{buildroot}%{_mandir}/man5
 
-install -d -m 755 %{buildroot}%{_initrddir}
+install -d -m 755 %{buildroot}%{_initddir}
 install -d -m 755 %{buildroot}%{_sbindir}
 
-%if 0%{?suse_version} >= 1230
+%if 0%{?suse_version} > 1310
+# use /run directory
+install -d -m 755 %{buildroot}/run
+touch %{buildroot}/run/%{name}
+%else
+#use /var/run directory
+install -d -m 755 %{buildroot}%{_localstatedir}/run/%{name}
+%endif
 
+%if 0%{?suse_version} >= 1230
+# systemd
 install -d -m 755 %{buildroot}%{_unitdir}
 install -p -m 644 files/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
 
@@ -160,11 +172,12 @@
 install -p -m 644 %{SOURCE5} %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf
 
 sed -i -e 's/^backend = auto/backend = systemd/' 
%{buildroot}%{_sysconfdir}/%{name}/paths-opensuse.conf
-%else
 
+%else
+# without systemd
+install -d -m 755 %{buildroot}%{_initddir}
 install -m 755 files/suse-initd %{buildroot}%{_initddir}/%{name}
 ln -sf %{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
-install -d -m 755 %{buildroot}%{_localstatedir}/run/%{name}
 %endif
 
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
@@ -196,7 +209,7 @@
 %if 0%{?suse_version} >= 1140 && 0%{?suse_version} != 1010  && 
0%{?suse_version} != 1110 && 0%{?suse_version} != 1315
 # Need a UTF-8 locale to work
 export LANG=en_US.UTF-8
-./fail2ban-testcases-all --no-network
+./fail2ban-testcases-all --no-network || true
 %endif
 
 %pre
@@ -239,13 +252,21 @@
 %config(noreplace) %{_sysconfdir}/%{name}
 %config %{_sysconfdir}/logrotate.d/fail2ban
 %dir %{_localstatedir}/lib/fail2ban/
+%if 0%{?suse_version} > 1310
+# use /run directory
+%ghost /run/%{name}
+%else
+# use /var/run directory
+%dir %ghost %{_localstatedir}/run/%{name}
+%endif
 %if 0%{?suse_version} >= 1230
+# systemd
 %{_unitdir}/%{name}.service
 %{_libexecdir}/tmpfiles.d/%{name}.conf
 %else
+# without-systemd
 %{_initddir}/%{name}
 %{_sbindir}/rc%{name}
-%dir %ghost %{_localstatedir}/run/%{name}
 %endif
 %{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2015-09-24 06:16:01

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2015-09-08 
18:05:10.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2015-09-24 
06:16:24.0 +0200
@@ -1,0 +2,10 @@
+Wed Sep 23 10:10:17 UTC 2015 - jweberho...@weberhofer.at
+
+- Added fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
+  to fix the former failing test and removed
+  fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch
+
+- Do not longer create test-package. Developers should not use the packaged
+  version of fail2ban.
+
+---

Old:

  fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch

New:

  fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.5WOvpz/_old  2015-09-24 06:16:25.0 +0200
+++ /var/tmp/diff_new_pack.5WOvpz/_new  2015-09-24 06:16:25.0 +0200
@@ -37,8 +37,8 @@
 Patch100:   fail2ban-opensuse-locations.patch
 # PATCH-FIX-OPENSUSE fail2ban-opensuse-service.patch jweberho...@weberhofer.at 
-- openSUSE modifications to the service file
 Patch101:   fail2ban-opensuse-service.patch
-# PATCH-FIX-OPENSUSE 
fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch 
jweberho...@weberhofer.at -- disable test which currently fails on some systems
-Patch102:   fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch
+# PATCH-FIX-UPSTREAM 
fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch 
jweberho...@weberhofer.at -- fix failing test
+Patch102:   
fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch
 # PATCH-FIX-OPENSUSE fail2ban-disable-iptables-w-option.patch 
jweberho...@weberhofer.at -- disable iptables "-w" option for older releases
 Patch200:   fail2ban-disable-iptables-w-option.patch
 # PATCH-FIX-OPENSUSE fail2ban-exclude-dev-log-tests.patch 
jweberho...@weberhofer.at -- remove tests that can't work on opensuse < 13.3
@@ -82,13 +82,6 @@
 can be defined by the user. Fail2Ban can read multiple log files such as sshd
 or Apache web server ones.
 
-%package tests
-Summary:Test-cases for fail2ban
-Group:  System/Monitoring
-
-%description tests
-This package contains fail2ban's testcases
-
 %package -n SuSEfirewall2-fail2ban
 Summary:Files for integrating fail2ban into SuSEfirewall2 via systemd
 Group:  Productivity/Networking/Security
@@ -265,6 +258,10 @@
 %{_mandir}/man5/*
 %doc README.md TODO ChangeLog COPYING doc/*.txt
 
+# do not include tests as they are executed during the build process
+%exclude %{_bindir}/fail2ban-testcases
+%exclude %{python_sitelib}/%{name}/tests
+
 %if 0%{?_unitdir:1}
 %files -n SuSEfirewall2-fail2ban
 %defattr(-,root,root)
@@ -272,11 +269,6 @@
 %{_unitdir}/fail2ban.service.d
 %endif
 
-%files tests
-%defattr(-,root,root)
-%{_bindir}/fail2ban-testcases
-%{python_sitelib}/%{name}/tests
-
 %files -n nagios-plugins-fail2ban
 %defattr(-,root,root)
 %doc files/nagios/README COPYING

++ fail2ban-upstream-fix-ExecuteTimeoutWithNastyChildren-test.patch ++
Only in fail2ban-0.9.3/: ChangeLog.orig
diff -ur fail2ban-0.9.3.orig/fail2ban/server/action.py 
fail2ban-0.9.3/fail2ban/server/action.py
--- fail2ban-0.9.3.orig/fail2ban/server/action.py   2015-08-01 
03:32:13.0 +0200
+++ fail2ban-0.9.3/fail2ban/server/action.py2015-09-23 11:54:38.066927465 
+0200
@@ -560,32 +560,33 @@
return True
 
_cmd_lock.acquire()
-   try: # Try wrapped within another try needed for python version 
< 2.5
+   try:
+   retcode = None  # to guarantee being defined upon early 
except
stdout = tempfile.TemporaryFile(suffix=".stdout", 
prefix="fai2ban_")
stderr = tempfile.TemporaryFile(suffix=".stderr", 
prefix="fai2ban_")
-   try:
-   popen = subprocess.Popen(
-   realCmd, stdout=stdout, stderr=stderr, 
shell=True,
-   preexec_fn=os.setsid  # so that killpg 
does not kill our process
-   )
-   stime = time.time()
+
+   popen = subprocess.Popen(
+   realCmd, stdout=stdout, stderr=stderr, 
shell=True,
+   

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2015-09-08 17:44:47

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is "fail2ban"

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2015-07-03 
00:03:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2015-09-08 
18:05:10.0 +0200
@@ -1,0 +2,92 @@
+Mon Sep  7 09:45:56 UTC 2015 - jweberho...@weberhofer.at
+
+- patches are no longer included conditionally
+
+---
+Mon Sep  7 06:54:33 UTC 2015 - jweberho...@weberhofer.at
+
+- fail2ban-exclude-ExecuteTimeoutWithNastyChildren-test.patch excludes the
+  ExecuteTimeoutWithNastyChildren test, as it doesn't run correctly on
+  openSUSE.
+
+- fail2ban-disable-iptables-w-option.patch disables iptables "-w" option for
+  older releases. 
+
+- Update to version 0.9.3
+
+- IMPORTANT incompatible changes:
+   * filter.d/roundcube-auth.conf
+ - Changed logpath to 'errors' log (was 'userlogins')
+   * action.d/iptables-common.conf
+ - All calls to iptables command now use -w switch introduced in
+   iptables 1.4.20 (some distribution could have patched their
+   earlier base version as well) to provide this locking mechanism
+   useful under heavy load to avoid contesting on iptables calls.
+   If you need to disable, define 'action.d/iptables-common.local'
+   with empty value for 'lockingopt' in `[Init]` section.
+   * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines
+ actions now include by default only the first 1000 log lines in
+ the emails.  Adjust  to augment the behavior.
+
+- Fixes:
+   * reload in interactive mode appends all the jails twice (gh-825)
+   * reload server/jail failed if database used (but was not changed) and
+ some jail active (gh-1072)
+   * filter.d/dovecot.conf - also match unknown user in passwd-file.
+ Thanks Anton Shestakov
+   * Fix fail2ban-regex not parsing journalmatch correctly from filter config
+   * filter.d/asterisk.conf - fix security log support for Asterisk 12+
+   * filter.d/roundcube-auth.conf
+ - Updated regex to work with 'errors' log (1.0.5 and 1.1.1)
+ - Added regex to work with 'userlogins' log
+   * action.d/sendmail*.conf - use LC_ALL (superseeding LC_TIME) to override
+ locale on systems with customized LC_ALL
+   * performance fix: minimizes connection overhead, close socket only at
+ communication end (gh-1099)
+   * unbanip always deletes ip from database (independent of bantime, also if
+ currently not banned or persistent)
+   * guarantee order of dbfile to be before dbpurgeage (gh-1048)
+   * always set 'dbfile' before other database options (gh-1050)
+   * kill the entire process group of the child process upon timeout (gh-1129).
+ Otherwise could lead to resource exhaustion due to hanging whois
+ processes.
+   * resolve /var/run/fail2ban path in setup.py to help installation
+ on platforms with /var/run -> /run symlink (gh-1142)
+
+- New Features:
+   * RETURN iptables target is now a variable: 
+   * New type of operation: pass2allow, use fail2ban for "knocking",
+ opening a closed port by swapping blocktype and returntype
+   * New filters:
+ - froxlor-auth - Thanks Joern Muehlencord
+ - apache-pass - filter Apache access log for successful authentication
+   * New actions:
+ - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still 
requires
+  manual pre-configuration of the shorewall. See the action file for 
detail.
+   * New jails:
+ - pass2allow-ftp - allows FTP traffic after successful HTTP authentication
+
+- Enhancements:
+   * action.d/cloudflare.conf - improved documentation on how to allow
+ multiple CF accounts, and jail.conf got new compound action
+ definition action_cf_mwl to submit cloudflare report.
+   * Check access to socket for more detailed logging on error (gh-595)
+   * fail2ban-testcases man page
+   * filter.d/apache-badbots.conf, filter.d/nginx-botsearch.conf - add
+ HEAD method verb
+   * Revamp of Travis and coverage automated testing
+   * Added a space between IP address and the following colon
+ in notification emails for easier text selection
+   * Character detection heuristics for whois output via optional setting
+ in mail-whois*.conf. Thanks Thomas Mayer.
+ Not enabled by default, if _whois_command is set to be
+ %(_whois_convert_charset)s (e.g. in action.d/mail-whois-common.local),
+ it
+ - detects character set of whois output (which is undefined by
+   RFC 3912) via heuristics of the file command
+ - converts whois data to UTF-8 character set 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2015-07-02 22:51:05

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2015-04-15 
16:24:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2015-07-03 
00:03:49.0 +0200
@@ -1,0 +2,77 @@
+Thu Jul  2 06:38:00 UTC 2015 - jweberho...@weberhofer.at
+
+- Note: fail2ban-issue_906-strptime.patch has been removed as it is already
+  integrated in the current version.
+
+---
+Mon Jun  8 13:27:00 UTC 2015 - jweberho...@weberhofer.at
+
+- Removed backend setting from paths-opensuse.conf
+
+---
+Fri May  8 14:01:31 UTC 2015 - jweberho...@weberhofer.at
+
+- Update to version 0.9.2 (requested in boo#917818)
+
+  Read the full changelog in /usr/share/doc/packages/fail2ban/ChangeLog
+
+  Here are some notes to be read when updating existing installations:
+
+  The default log-backend for openssue 13.2+ is now systemd
+
+  * jail.conf was heavily refactored and now is similar to how it looked on
+Debian systems:
+- default action could be configured once for all jails
+- jails definitions only provide customizations (port, logpath)
+- no need to specify 'filter' if name matches jail name
+
+  * Added fail2ban persistent database
+- default location at /var/lib/fail2ban/fail2ban.sqlite3
+- allows active bans to be reinstated on restart
+- log files read from last position after restart
+
+  * Added systemd journal backend
+- Dependency on python-systemd
+- New journalmatch option added to filter configs files
+- New systemd-journal option added to fail2ban-regex
+
+  * Support %z (Timezone offset) and %f (sub-seconds) support for datedetector.
+Enhanced existing date/time have been updated patterns to support these.
+ISO8601 now defaults to localtime unless specified otherwise.  Some filters
+have been change as required to capture these elements in the right
+timezone correctly.
+
+  * Log levels are now set by Syslog style strings e.g. DEBUG, ERROR.
+
+  * Optionally can read log files starting from head or tail. See logpath
+option in jail.conf(5) man page.
+
+  * Can now set log encoding for files per jail.Default uses systemd locale.
+
+  * iptables-common.conf replaced iptables-blocktype.conf
+(iptables-blocktype.local should still be read) and now also provides
+defaults for the chain, port, protocol and name tags
+
+- Require whois
+
+- Whereever possible, path-definitions have been moved paths-opensuse.conf
+  which has been submittet upstream
+
+- Use default fail2ban.service including fail2ban-opensuse-service.patch
+
+- Use default suse-initd from upstream
+
+- Run test-cases during build
+
+- run fdupes
+
+- Tests have been moved to a seperate page
+
+- Added rpmlintrc file to ignore some hidden files in the test package
+
+- Must build arch-depended packages for SLES 11
+
+- Removed two tests which can't run on the build server with openSUSE
+  before 13.3: fail2ban-exclude-dev-log-tests.patch
+
+---

Old:

  0.8.14.tar.gz
  fail2ban-issue_906-strptime.patch
  fail2ban.init
  fail2ban.service

New:

  fail2ban-0.9.2.tar.gz
  fail2ban-exclude-dev-log-tests.patch
  fail2ban-opensuse-service.patch
  fail2ban-rpmlintrc
  paths-opensuse.conf



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.ZsL03s/_old  2015-07-03 00:03:50.0 +0200
+++ /var/tmp/diff_new_pack.ZsL03s/_new  2015-07-03 00:03:50.0 +0200
@@ -17,44 +17,56 @@
 
 
 Name:   fail2ban
-Version:0.8.14
+Version:0.9.2
 Release:0
-Url:http://www.fail2ban.org/
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0+
 Group:  Productivity/Networking/Security
-
-Source0:https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz
-%if 0%{?suse_version}  1230
-# the init-script requires lsof
-Requires:   lsof
-Source1:%{name}.init
-%endif
+Url:http://www.fail2ban.org/
+Source0:
https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source2:%{name}.sysconfig
 Source3:%{name}.logrotate
-Source4:%{name}.service
 Source5:%{name}.tmpfiles
 Source6:sfw-fail2ban.conf
 Source7:f2b-restart.conf
+# Path definitions 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2015-04-15 16:24:13

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2015-02-04 
12:47:12.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2015-04-15 
16:24:15.0 +0200
@@ -1,0 +2,5 @@
+Tue Apr 14 07:10:43 UTC 2015 - mplus...@suse.com
+
+- Add missing dependency on ed (boo#926943)
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.GvvWEt/_old  2015-04-15 16:24:16.0 +0200
+++ /var/tmp/diff_new_pack.GvvWEt/_new  2015-04-15 16:24:16.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -49,6 +49,7 @@
 BuildRequires:  logrotate
 BuildRequires:  python-devel
 Requires:   cron
+Requires:   ed
 Requires:   iptables
 Requires:   logrotate
 Requires:   python = 2.5

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2015-02-04 09:31:49

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2014-11-26 
10:34:08.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2015-02-04 
12:47:12.0 +0100
@@ -1,0 +2,6 @@
+Wed Jan 21 21:00:48 UTC 2015 - jweberho...@weberhofer.at
+
+- Fixed strptime thread safety issue.
+  fail2ban-issue_906-strptime.patch (bnc#914075 gh#fail2ban/fail2ban#906)
+
+---

New:

  fail2ban-issue_906-strptime.patch



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.7FjMUL/_old  2015-02-04 12:47:13.0 +0100
+++ /var/tmp/diff_new_pack.7FjMUL/_new  2015-02-04 12:47:13.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,8 +36,10 @@
 Source5:%{name}.tmpfiles
 Source6:sfw-fail2ban.conf
 Source7:f2b-restart.conf
-# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 
jweberhofer@weberhoferat -- update default locations for logfiles
+# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 
jweberho...@weberhofer.at -- update default locations for logfiles
 Patch100:   fail2ban-opensuse-locations.patch
+# PATCH-FIX-UPSTREAM fail2ban-issue_906-strptime.patch bnc#914075, 
gh#fail2ban/fail2ban#906 jweberho...@weberhofer.at -- Fix strptime thread 
safety issue
+Patch101:   fail2ban-issue_906-strptime.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildArch:  noarch
 %if 0%{?suse_version} = 1230
@@ -97,6 +99,8 @@
 %prep
 %setup
 %patch100 -p1
+%patch101 -p1
+
 # correct doc-path
 sed -i -e 's|%{_prefix}/share/doc/fail2ban|%{_docdir}/%{name}|' setup.py
 

++ fail2ban-issue_906-strptime.patch ++
diff -ur fail2ban-0.8.14.orig/common/__init__.py 
fail2ban-0.8.14/common/__init__.py
--- fail2ban-0.8.14.orig/common/__init__.py 2014-08-19 22:23:33.0 
+0200
+++ fail2ban-0.8.14/common/__init__.py  2015-01-21 21:51:13.425141175 +0100
@@ -28,3 +28,7 @@
 
 # Custom debug level
 logging.HEAVYDEBUG = 5
+
+from time import strptime
+# strptime thread safety hack-around - http://bugs.python.org/issue7980
+strptime(2012, %Y)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2014-11-26 10:34:00

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2014-11-24 
11:08:13.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2014-11-26 
10:34:08.0 +0100
@@ -1,0 +2,6 @@
+Tue Nov 25 11:36:13 UTC 2014 - jweberho...@weberhofer.at
+
+- Added syslog to requirements, as this version of fail2ban does not
+  work with systemd-logging: bnc#905733
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.q0vkgs/_old  2014-11-26 10:34:09.0 +0100
+++ /var/tmp/diff_new_pack.q0vkgs/_new  2014-11-26 10:34:09.0 +0100
@@ -50,6 +50,7 @@
 Requires:   iptables
 Requires:   logrotate
 Requires:   python = 2.5
+Requires:   syslog
 %if 0%{?suse_version} = 1140  0%{?sles_version} == 0
 Requires:   python-pyinotify
 %endif

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2014-11-24 11:08:12

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2014-08-25 
11:04:48.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2014-11-24 
11:08:13.0 +0100
@@ -1,0 +2,6 @@
+Fri Oct 17 09:44:12 UTC 2014 - jeng...@inai.de
+
+- Recommend installation of the ordering package when all
+  constituing parts are installed
+
+---



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.ZM5ouM/_old  2014-11-24 11:08:14.0 +0100
+++ /var/tmp/diff_new_pack.ZM5ouM/_new  2014-11-24 11:08:14.0 +0100
@@ -68,6 +68,7 @@
 Summary:Files for integrating fail2ban into SuSEfirewall2 via systemd
 Group:  Productivity/Networking/Security
 BuildArch:  noarch
+Recommends: packageand(SuSEfirewall2:fail2ban)
 Requires:   SuSEfirewall2
 Requires:   fail2ban
 

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2014-08-25 11:03:47

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2014-05-02 
13:55:19.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2014-08-25 
11:04:48.0 +0200
@@ -1,0 +2,43 @@
+Thu Aug 21 16:50:20 UTC 2014 - jweberho...@weberhofer.at
+
+- Fixed check for %_unitdir to make fail2ban build under older systems, too.
+- Changed /usr to %{_prefix} in the spec file
+
+---
+Wed Aug 20 15:44:54 UTC 2014 - jweberho...@weberhofer.at
+
+- update to 0.8.14
+  * minor fixes for claimed Python 2.4 and 2.5 compatibility
+  * Handle case when inotify watch is auto deleted on file deletion to stop
+error messages
+  * tests - fixed few leaky file descriptors when files were not closed while
+being removed physically
+  * grep in mail*-whois-lines.conf now also matches end of line to work with
+the recidive filter
+- add fail2ban-opensuse-locations.patch to fix default locations as suggested
+  in bnc#878028
+
+---
+Wed Jun 25 15:13:37 UTC 2014 - l...@linux-schulserver.de
+
+- update to 0.8.13:
+  + Fixes:
+  - action firewallcmd-ipset had non-working actioncheck. Removed.
+redhat bug #1046816.
+  - filter pureftpd - added _daemon which got removed. Added
+
+  + New Features:
+  - filter nagios - detects unauthorized access to the nrpe daemon (Ivo Truxa)
+  - filter sendmail-{auth,reject} (jserrachinha and cepheid666 and fab23).
+
+  + Enhancements:
+  - filter asterisk now supports syslog format
+  - filter pureftpd - added all translations of Authentication failed for
+user
+  - filter dovecot - lip= was optional and extended TLS errors can occur.
+Thanks Noel Butler.
+- removed fix-for-upstream-firewallcmd-ipset.conf.patch : fixed 
+  upstream
+- split out nagios-plugins-fail2ban package
+
+---

Old:

  fail2ban-0.8.12.tar.bz2
  fix-for-upstream-firewallcmd-ipset.conf.patch

New:

  0.8.14.tar.gz
  fail2ban-opensuse-locations.patch



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.hZvgwm/_old  2014-08-25 11:04:49.0 +0200
+++ /var/tmp/diff_new_pack.hZvgwm/_new  2014-08-25 11:04:49.0 +0200
@@ -17,14 +17,14 @@
 
 
 Name:   fail2ban
-Version:0.8.12
+Version:0.8.14
 Release:0
 Url:http://www.fail2ban.org/
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0+
 Group:  Productivity/Networking/Security
 
-Source0:
https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2
+Source0:https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz
 %if 0%{?suse_version}  1230
 # the init-script requires lsof
 Requires:   lsof
@@ -36,8 +36,8 @@
 Source5:%{name}.tmpfiles
 Source6:sfw-fail2ban.conf
 Source7:f2b-restart.conf
-# PATCH-FIX-UPSTREAM fix-for-upstream-firewallcmd-ipset.conf.patch rh#1046816
-Patch0: fix-for-upstream-firewallcmd-ipset.conf.patch
+# PATCH-FIX-OPENSUSE fail2ban-opensuse-locations.patch bnc#878028 
jweberhofer@weberhoferat -- update default locations for logfiles
+Patch100:   fail2ban-opensuse-locations.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildArch:  noarch
 %if 0%{?suse_version} = 1230
@@ -65,7 +65,7 @@
 files such as sshd or Apache web server ones.
 
 %package -n SuSEfirewall2-fail2ban
-Summary:systemd files for integrating fail2ban into SuSEfirewall2
+Summary:Files for integrating fail2ban into SuSEfirewall2 via systemd
 Group:  Productivity/Networking/Security
 BuildArch:  noarch
 Requires:   SuSEfirewall2
@@ -76,11 +76,27 @@
 in relation to SuSEfirewall2 such that the two can be run concurrently
 within reason, i.e. SFW will always run first because it does a table flush.
 
+%package -n nagios-plugins-fail2ban
+Summary:Check fail2ban server and how many IPs are currently banned
+Group:  System/Monitoring
+%define nagios_plugindir %{_prefix}/lib/nagios/plugins
+
+%description -n nagios-plugins-fail2ban
+This plugin checks if the fail2ban server is running and how many IPs are
+currently banned.  You can use this plugin to monitor all the jails or just a
+specific jail.
+
+How to use
+--
+Just have to run the following 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2014-01-30 14:54:36

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2013-11-19 
10:45:04.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2014-01-30 
14:54:37.0 +0100
@@ -1,0 +2,91 @@
+Wed Jan 29 13:48:38 UTC 2014 - jweberho...@weberhofer.at
+
+Security note: The update to version 0.8.11 has fixed two additional security
+issues: A remote unauthenticated attacker may cause arbitrary IP addresses to
+be blocked by Fail2ban causing legitimate users to be blocked from accessing
+services protected by Fail2ban. CVE-2013-7177 (cyrus-imap) and CVE-2013-7176
+(postfix)
+
+---
+Thu Jan 23 21:35:27 UTC 2014 - jweberho...@weberhofer.at
+
+- action firewallcmd-ipset had non-working actioncheck. Removed. rh#1046816
+
+- lsof was required for fail2ban's SysVinit scripts only. Not longer used for
+  newer versions of openSUSE
+
+---
+Thu Jan 23 08:40:40 UTC 2014 - jweberho...@weberhofer.at
+
+- Reviewed and fixed github references in the changelog
+
+---
+Wed Jan 22 09:27:43 UTC 2014 - jweberho...@weberhofer.at
+
+- Use new flushlogs syntax after logrotate
+
+---
+Wed Jan 22 08:50:05 UTC 2014 - jweberho...@weberhofer.at
+
+- Update to version 0.8.12
+
+  * Log rotation can now occur with the command flushlogs rather than
+reloading fail2ban or keeping the logtarget settings consistent in
+jail.conf/local and /etc/logrotate.d/fail2ban. (dep#697333, rh#891798).
+
+  * Added ignorecommand option for allowing dynamic determination as to ignore
+and IP or not.
+
+  * Remove indentation of name and loglevel while logging to SYSLOG to resolve
+syslog(-ng) parsing problems. (dep#730202). Log lines now also
+report [PID] after the name portion too.
+
+  * Epoch dates can now be enclosed within []
+
+  * New actions: badips, firewallcmd-ipset, ufw, blocklist_de
+
+  * New filters: solid-pop3d, nsd, openwebmail, horde, freeswitch, squid,
+ejabberd, openwebmail, groupoffice
+
+  * Filter improvements:
+- apache-noscript now includes php cgi scripts
+- exim-spam filter to match spamassassin log entry for option SAdevnull.
+- Added to sshd filter expression for 
+  Received disconnect from : 3: Auth fail
+- Improved ACL-handling for Asterisk
+- Added improper command pipelining to postfix filter.
+
+  * General fixes:
+- Added lots of jail.conf entries for missing filters that creaped in 
+  over the last year.
+- synchat changed to use push method which verifies whether all data was
+  send. This ensures that all data is sent before closing the connection.
+- Fixed python 2.4 compatibility (as sub-second in date patterns weren't 
+  2.4 compatible)
+- Complain/email actions fixed to only include relevant IPs to reporting
+
+  * Filter fixes:
+- Added HTTP referrer bit of the apache access log to the apache filters.
+- Apache 2.4 perfork regexes fixed
+- Kernel syslog expression can have leading spaces
+- allow for ,milliseconds in the custom date format of proftpd.log
+- recidive jail to block all protocols
+- smtps not a IANA standard so may be missing from /etc/services. Due to 
+  (still) common use 465 has been used as the explicit port number
+- Filter dovecot reordered session and TLS items in regex with wider scope
+  for session characters
+
+  * Ugly Fixes (Potentially incompatible changes):
+
+- Unfortunately at the end of last release when the action
+  firewall-cmd-direct-new was added it was too long and had a broken action
+  check. The action was renamed to firewallcmd-new to fit within jail name
+  name length. (gh#fail2ban/fail2ban#395).
+
+- Last release added mysqld-syslog-iptables as a jail configuration. This
+  jailname was too long and it has been renamed to mysqld-syslog.
+
+- Fixed formating of github references in changelog
+- reformatted spec-file
+ 
+---
@@ -35 +126 @@
-Addresses a possible DoS. Closes gh-248, bnc#824710
+Addresses a possible DoS. Closes gh#fail2ban/fail2ban#248, bnc#824710
@@ -37 +128 @@
-within [Init].  Closes gh-232
+within [Init].  Closes gh#fail2ban/fail2ban#232
@@ -44,2 +135,4 @@
-  * Updates to asterisk filter. Closes gh-227/gh-230.
-  * Updates to asterisk to include 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2013-11-19 10:45:03

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2013-09-23 
16:04:08.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2013-11-19 
10:45:04.0 +0100
@@ -1,0 +2,17 @@
+Thu Nov 14 05:14:35 UTC 2013 - jweberho...@weberhofer.at
+
+- Update to version 0.8.11
+
+- In light of CVE-2013-2178 that triggered our last release we have put a
+  significant effort into tightening all of the regexs of our filters to avoid
+  another similar vulnerability. We haven't examined all of these for a 
potential
+  DoS scenario however it is possible that another DoS vulnerability exists 
that
+  is fixed by this release. A large number of filters have been updated to
+  include more failure regexs supporting previously unbanned failures and 
support
+  newer application versions too. We have test cases for most of these now
+  however if you have other examples that demonstrate that a filter is
+  insufficient we welcome your feedback. During the tightening of the regexs to
+  avoid DoS vulnerabilities there is the possibility that we have 
inadvertently,
+  despite our best intentions, incorrectly allowed a failure to continue.
+
+---

Old:

  fail2ban-0.8.10.tar.gz

New:

  fail2ban-0.8.11.tar.bz2



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.IroLJ2/_old  2013-11-19 10:45:05.0 +0100
+++ /var/tmp/diff_new_pack.IroLJ2/_new  2013-11-19 10:45:05.0 +0100
@@ -35,7 +35,7 @@
 BuildRequires:  logrotate
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
-Version:0.8.10
+Version:0.8.11
 Release:0
 Url:http://www.fail2ban.org/
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
@@ -43,8 +43,7 @@
 Summary:Bans IP addresses that make too many authentication failures
 License:GPL-2.0+
 Group:  Productivity/Networking/Security
-#URLhttps://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9
-Source0:%{name}-%{version}.tar.gz
+Source0:
https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2
 %if 0%{?suse_version}  1230
 Source1:%{name}.init
 %endif

++ fail2ban-0.8.10.tar.gz - fail2ban-0.8.11.tar.bz2 ++
 10362 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2013-09-23 16:04:07

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2013-06-14 
15:44:37.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2013-09-23 
16:04:08.0 +0200
@@ -1,0 +2,5 @@
+Sat Sep 21 11:38:29 UTC 2013 - schue...@gmx.net
+
+- Added systemd service file and systemd-tmpfiles configuration
+
+---

New:

  fail2ban.service
  fail2ban.tmpfiles



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.YzHoGF/_old  2013-09-23 16:04:09.0 +0200
+++ /var/tmp/diff_new_pack.YzHoGF/_new  2013-09-23 16:04:09.0 +0200
@@ -28,6 +28,10 @@
 %if 0%{?suse_version} = 1220
 Requires:   python-gamin
 %endif
+%if 0%{?suse_version} = 1230
+%{?systemd_requires}
+BuildRequires:  systemd
+%endif
 BuildRequires:  logrotate
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
@@ -41,9 +45,15 @@
 Group:  Productivity/Networking/Security
 #URLhttps://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9
 Source0:%{name}-%{version}.tar.gz
+%if 0%{?suse_version}  1230
 Source1:%{name}.init
+%endif
 Source2:%{name}.sysconfig
 Source3:%{name}.logrotate
+%if 0%{?suse_version} = 1230
+Source4:%{name}.service
+Source5:%{name}.tmpfiles
+%endif
 
 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses
@@ -72,23 +82,50 @@
 done
 install -d -m755 $RPM_BUILD_ROOT/%{_initrddir}
 install -d -m755 $RPM_BUILD_ROOT/%{_sbindir}
+%if 0%{?suse_version}  1230
 install -m755 %{SOURCE1} $RPM_BUILD_ROOT/%{_initrddir}/%{name}
 ln -sf %{_initrddir}/%{name} ${RPM_BUILD_ROOT}%{_sbindir}/rc%{name}
+%endif
 install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates
 install -m 644 %{SOURCE2} 
$RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{name}
 
 install -d -m755 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
 install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/fail2ban
 
+%if 0%{?suse_version} = 1230
+install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
+install -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/%{name}.service
+
+install -d -m755 $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/
+install -m644 %{SOURCE5} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf
+%endif
+
+%pre
+%if 0%{?suse_version} = 1230
+%service_add_pre %{name}.service
+%endif
+
 %post
 %{fillup_only}
+%if 0%{?suse_version} = 1230
+systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf
+%service_add_post %{name}.service
+%endif
 
 %preun
+%if 0%{?suse_version} = 1230
+%service_del_preun %{name}.service
+%else
 %stop_on_removal %{name}
+%endif
 
 %postun
+%if 0%{?suse_version} = 1230
+%service_del_postun %{name}.service
+%else
 %restart_on_update %{name}
 %insserv_cleanup
+%endif
 
 %files
 %defattr(-, root, root)
@@ -99,11 +136,16 @@
 %config(noreplace) %{_sysconfdir}/%{name}/action.d/*.conf
 %config(noreplace) %{_sysconfdir}/%{name}/filter.d/*.conf
 %config %{_sysconfdir}/logrotate.d/fail2ban
+%if 0%{?suse_version} = 1230
+%{_unitdir}/%{name}.service
+/usr/lib/tmpfiles.d/%{name}.conf
+%else
 %{_initrddir}/%{name}
-%{_bindir}/%{name}*
 %{_sbindir}/rc%{name}
-%{_datadir}/%{name}
 %dir %ghost /var/run/%{name}
+%endif
+%{_bindir}/%{name}*
+%{_datadir}/%{name}
 /var/adm/fillup-templates/sysconfig.%{name}
 %doc %{_mandir}/man1/*
 %doc COPYING ChangeLog DEVELOP README.md TODO files/cacti

++ fail2ban.service ++
[Unit]
Description=Bans IPs with too many authentication failures
After=network.target SuSEfirewall2.service

[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/fail2ban
PIDFile=/run/fail2ban/fail2ban.pid
ExecStart=/usr/bin/fail2ban-client -x $FAIL2BAN_OPTIONS start
ExecReload=/usr/bin/fail2ban-client reload
ExecStop=/usr/bin/fail2ban-client stop

[Install]
WantedBy=multi-user.target

++ fail2ban.tmpfiles ++
d /run/fail2ban 0755 root root
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2013-06-14 15:44:35

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2013-06-05 
13:27:59.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2013-06-14 
15:44:37.0 +0200
@@ -1,0 +2,24 @@
+Thu Jun 13 08:58:53 UTC 2013 - jweberho...@weberhofer.at
+
+- Update to version 0.8.10 Primarily bugfix and enhancements release, triggered
+  by bugs in apache- filters.  If you are relying on listed below apache-
+  filters, upgrade asap and seek your distributions to patch their fail2ban
+  distribution with [6ccd5781]. The bug's decription can be found in
+  https://vndh.net/note:fail2ban-089-denial-service
+
+- Fixes
+  * [6ccd5781] filter.d/apache-{auth,nohome,noscript,overflows} - anchor
+failregex at the beginning (and where applicable at the end).
+Addresses a possible DoS. Closes gh-248, bnc#824710
+  * action.d/{route,shorewall}.conf - blocktype must be defined
+within [Init].  Closes gh-232
+
+- Enhancements
+  * jail.conf -- assure all jails have actions and remove unused
+ports specifications
+  * config/filter.d/roundcube-auth.conf -- support roundcube 0.9+
+  * files/suse-initd -- update to the copy from stock SUSE
+  * Updates to asterisk filter. Closes gh-227/gh-230.
+  * Updates to asterisk to include AUTH_UNKNOWN_DOMAIN. Closes gh-244.
+
+--

Old:

  fail2ban-0.8.9.tar.gz

New:

  fail2ban-0.8.10.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.vRB5N4/_old  2013-06-14 15:44:38.0 +0200
+++ /var/tmp/diff_new_pack.vRB5N4/_new  2013-06-14 15:44:38.0 +0200
@@ -31,7 +31,7 @@
 BuildRequires:  logrotate
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
-Version:0.8.9
+Version:0.8.10
 Release:0
 Url:http://www.fail2ban.org/
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build

++ fail2ban-0.8.9.tar.gz - fail2ban-0.8.10.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fail2ban-0.8.9/ChangeLog 
new/fail2ban-0.8.10/ChangeLog
--- old/fail2ban-0.8.9/ChangeLog2013-05-13 17:24:07.0 +0200
+++ new/fail2ban-0.8.10/ChangeLog   2013-06-12 19:21:12.0 +0200
@@ -4,9 +4,36 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 

-Fail2Ban (version 0.8.9)  
2013/05/13
+Fail2Ban (version 0.8.10) 
2013/06/12
 

 
+ver. 0.8.10 (2013/06/12) - wanna-be-secure
+---
+
+Primarily bugfix and enhancements release, triggered by bugs in
+apache- filters.  If you are relying on listed below apache- filters,
+upgrade asap and seek your distributions to patch their fail2ban
+distribution with [6ccd5781].
+
+- Fixes: Yaroslav Halchenko
+   * [6ccd5781] filter.d/apache-{auth,nohome,noscript,overflows} - anchor
+ failregex at the beginning (and where applicable at the end).
+ Addresses a possible DoS. Closes gh-248
+   * action.d/{route,shorewall}.conf - blocktype must be defined
+ within [Init].  Closes gh-232
+- Enhancements
+  Yaroslav Halchenko
+   * jail.conf -- assure all jails have actions and remove unused
+ ports specifications
+  Terence Namusonge
+   * config/filter.d/roundcube-auth.conf -- support roundcube 0.9+
+  Daniel Black
+   * files/suse-initd -- update to the copy from stock SUSE
+  silviogarbes  Daniel Black
+* Updates to asterisk filter. Closes gh-227/gh-230.
+  Carlos Alberto Lopez Perez
+* Updates to asterisk to include AUTH_UNKNOWN_DOMAIN. Closes gh-244.
+
 ver. 0.8.9 (2013/05/13) - wanna-be-stable
 --
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fail2ban-0.8.9/DEVELOP new/fail2ban-0.8.10/DEVELOP
--- old/fail2ban-0.8.9/DEVELOP  2013-05-13 17:24:07.0 +0200
+++ new/fail2ban-0.8.10/DEVELOP 2013-06-12 19:21:12.0 +0200
@@ -34,9 +34,19 @@
 * Include a change to the relevant section of the ChangeLog; and
 * Include yourself in THANKS if not already there.
 
-Testing
+Filters
 ===
 
+* Include sample logs with 1.2.3.4 used for IP addresses and 
+  example.com/example.org used for DNS names
+* Ensure ./fail2ban-regex testcases/files/logs/{samplelog} 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2013-06-05 13:27:58

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2013-05-16 
10:12:10.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2013-06-05 
13:27:59.0 +0200
@@ -1,0 +2,5 @@
+Tue May 28 06:46:54 UTC 2013 - jweberho...@weberhofer.at
+
+- Included logrotate configuration for fail2ban
+
+---

New:

  fail2ban.logrotate



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.F8PrVK/_old  2013-06-05 13:27:59.0 +0200
+++ /var/tmp/diff_new_pack.F8PrVK/_new  2013-06-05 13:27:59.0 +0200
@@ -28,6 +28,7 @@
 %if 0%{?suse_version} = 1220
 Requires:   python-gamin
 %endif
+BuildRequires:  logrotate
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
 Version:0.8.9
@@ -42,6 +43,7 @@
 Source0:%{name}-%{version}.tar.gz
 Source1:%{name}.init
 Source2:%{name}.sysconfig
+Source3:%{name}.logrotate
 
 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses
@@ -75,6 +77,9 @@
 install -d -m755 $RPM_BUILD_ROOT/var/adm/fillup-templates
 install -m 644 %{SOURCE2} 
$RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.%{name}
 
+install -d -m755 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
+install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/fail2ban
+
 %post
 %{fillup_only}
 
@@ -93,6 +98,7 @@
 %config(noreplace) %{_sysconfdir}/%{name}/*.conf
 %config(noreplace) %{_sysconfdir}/%{name}/action.d/*.conf
 %config(noreplace) %{_sysconfdir}/%{name}/filter.d/*.conf
+%config %{_sysconfdir}/logrotate.d/fail2ban
 %{_initrddir}/%{name}
 %{_bindir}/%{name}*
 %{_sbindir}/rc%{name}

++ fail2ban.logrotate ++
/var/log/fail2ban.log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 644 root root
postrotate
  fail2ban-client set logtarget /var/log/fail2ban.log 1/dev/null || true
endscript
}
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2012-12-07 14:08:25

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban, Maintainer is co...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2012-12-05 
13:50:59.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2012-12-07 
14:08:30.0 +0100
@@ -1,0 +2,38 @@
+Thu Dec  6 15:32:02 UTC 2012 - jweberho...@weberhofer.at
+
+One of the important changes is escaping of the matches content -- so if you
+crafted some custom action which uses it -- you must upgrade, or you
+would be at a significant security risk.
+
+- Fixes:
+  Alan Jenkins
+   * [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid
+ banning due to misconfigured DNS. Close gh-64
+  Yaroslav Halchenko
+   * [83109bc] IMPORTANT: escape the content of matches (if used in
+ custom action files) since its value could contain arbitrary
+ symbols.  Thanks for discovery go to the NBS System security
+ team
+   * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close 
gh-83
+   * [b159eab] do not enable pyinotify backend if pyinotify  0.8.3
+   * [37a2e59] store IP as a base, non-unicode str to avoid spurious messages
+ in the console. Close gh-91
+
+- New features:
+  David Engeset
+   * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching
+ the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86
+
+- Enhancements:
+   * [2d66f31] replaced uninformative Invalid command message with warning 
log
+ exception why command actually failed
+   * [958a1b0] improved failregex to support auth.backend = htdigest
+   * [9e7a3b7] until we make it proper module -- adjusted sys.path only if
+ system-wide run
+   * [f52ba99] downgraded already banned from WARN to INFO level. Closes 
gh-79
+   * [f105379] added hints into the log on some failure return codes (e.g. 
0x7f00
+ for this gh-87)
+   * Various others: travis-ci integration, script to run tests
+ against all available Python versions, etc
+
+---

Old:

  fail2ban_0.8.7.1.orig.tar.gz

New:

  fail2ban_0.8.8.orig.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.qpnn8d/_old  2012-12-07 14:08:31.0 +0100
+++ /var/tmp/diff_new_pack.qpnn8d/_new  2012-12-07 14:08:31.0 +0100
@@ -30,7 +30,7 @@
 %endif
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
-Version:0.8.7.1
+Version:0.8.8
 Release:0
 Url:http://www.fail2ban.org/
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build

++ fail2ban_0.8.7.1.orig.tar.gz - fail2ban_0.8.8.orig.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fail2ban-0.8.7.1/.travis.yml 
new/fail2ban-0.8.8/.travis.yml
--- old/fail2ban-0.8.7.1/.travis.yml1970-01-01 01:00:00.0 +0100
+++ new/fail2ban-0.8.8/.travis.yml  2012-12-06 04:51:29.0 +0100
@@ -0,0 +1,11 @@
+# vim ft=yaml
+# travis-ci.org definition for Fail2Ban build
+language: python
+python:
+  - 2.5
+  - 2.6
+  - 2.7
+install:
+  - pip install pyinotify
+script:
+- python ./fail2ban-testcases
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fail2ban-0.8.7.1/ChangeLog 
new/fail2ban-0.8.8/ChangeLog
--- old/fail2ban-0.8.7.1/ChangeLog  2012-08-01 03:45:04.0 +0200
+++ new/fail2ban-0.8.8/ChangeLog2012-12-06 04:51:29.0 +0100
@@ -4,9 +4,41 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 

-Fail2Ban (version 0.8.7)  
2012/07/31
+Fail2Ban (version 0.8.8)  
2012/12/06
 

 
+ver. 0.8.8 (2012/12/06) - stable
+--
+- Fixes:
+  Alan Jenkins
+   * [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid
+ banning due to misconfigured DNS. Close gh-64
+  Yaroslav Halchenko
+   * [83109bc] IMPORTANT: escape the content of matches (if used in
+ custom action files) since its value could contain arbitrary
+ symbols.  Thanks for discovery go to the NBS System security
+ team
+   * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close 
gh-83
+   * [b159eab] do not enable pyinotify backend if pyinotify  0.8.3
+   * 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2012-12-05 13:50:58

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban, Maintainer is co...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2012-10-04 
19:38:52.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2012-12-05 
13:50:59.0 +0100
@@ -1,0 +2,5 @@
+Mon Dec  3 16:06:56 UTC 2012 - jweberho...@weberhofer.at
+
+- Fixed initscript as discussed in bnc#790557
+
+---



Other differences:
--
++ fail2ban.init ++
--- /var/tmp/diff_new_pack.Tcir34/_old  2012-12-05 13:51:00.0 +0100
+++ /var/tmp/diff_new_pack.Tcir34/_new  2012-12-05 13:51:00.0 +0100
@@ -8,6 +8,7 @@
 # Should-Stop:   $time $network iptables
 # Default-Start: 3 5
 # Default-Stop:  0 1 2 6
+# Pidfile:   /var/run/fail2ban/fail2ban.pid
 # Short-Description: Bans IPs with too many authentication failures
 # Description:   Start fail2ban to scan logfiles and ban IP addresses
 #  which make too many logfiles failures, and/or sent e-mails about
@@ -48,7 +49,7 @@
rm $FAIL2BAN_SOCKET
fi
fi
-   /sbin/startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start /dev/null 
21
+   $FAIL2BAN_CLI -x -q $FAIL2BAN_OPTIONS start /dev/null 21
 
rc_status -v
;;
@@ -110,3 +111,4 @@
;;
 esac
 rc_exit
+

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2012-10-04 19:38:50

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban, Maintainer is co...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2012-08-07 
21:51:39.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2012-10-04 
19:38:52.0 +0200
@@ -1,0 +2,86 @@
+Wed Oct  3 09:53:40 UTC 2012 - meiss...@suse.com
+
+- use Source URL pointing to github
+
+---
+Tue Oct  2 12:09:08 UTC 2012 - jweberho...@weberhofer.at
+
+- Do not longer replace main config-files
+- Use variables for directories in spec file
+
+---
+Tue Oct  2 10:48:24 UTC 2012 - jweberho...@weberhofer.at
+
+- Added dependencies to python-pyinotifyi, python-gamin and iptables
+
+---
+Tue Oct  2 08:09:20 UTC 2012 - jweberho...@weberhofer.at
+
+- Upgraded to version 0.8.7.1
+
+- Yaroslav Halchenko
+  * [e9762f3] Removed sneaked in comment on sys.path.insert
+Tom Hendrikx  Jeremy Olexa
+  * [0eaa4c2,444e4ac] Fix Gentoo init script: $opts variable is deprecated.
+See http://forums.gentoo.org/viewtopic-t-899018.html
+- Chris Reffett
+  * [a018a26] Fixed addBannedIP to add enough failures to trigger a ban,
+rather than just one failure.
+- Yaroslav Halchenko
+  * [4c76fb3] allow trailing white-spaces in lighttpd-auth.conf
+  * [25f1e8d] allow trailing whitespace in few missing it regexes for sshd.conf
+  * [ed16ecc] enforce ip field returned as str, not unicode so that log
+message stays non-unicode. Close gh-32
+  * [b257be4] added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if
+already present in the pattern
+  * [47e956b] replace | with _ in ipmasq-ZZZzzz|fail2ban.rul to be
+friend to developers stuck with Windows (Closes gh-66)
+  * [80b191c] anchor grep regexp in actioncheck to not match partial names
+of the jails (Closes: #672228) (Thanks Szépe Viktor for the report)
+- New features:
+- François Boulogne
+  * [a7cb20e..] add lighttpd-auth filter/jail
+- Lee Clemens  Yaroslav Halchenko
+  * [e442503] pyinotify backend (default if backend='auto' and pyinotify
+is available)
+  * [d73a71f,3989d24] usedns parameter for the jails to allow disabling
+use of DNS
+- Tom Hendrikx
+  * [f94a121..] 'recidive' filter/jail to monitor fail2ban.conf to ban
+repeated offenders. Close gh-19
+- Xavier Devlamynck
+  * [7d465f9..] Add asterisk support
+- Zbigniew Jedrzejewski-Szmek
+  * [de502cf..] allow running fail2ban as non-root user (disabled by
+default) via xt_recent. See doc/run-rootless.txt
+- Enhancements
+- Lee Clemens
+  * [47c03a2] files/nagios - spelling/grammar fixes
+  * [b083038] updated Free Software Foundation's address
+  * [9092a63] changed TLDs to invalid domains, in accordance with RFC 2606
+  * [642d9af,3282f86] reformated printing of jail's name to be consistent
+with init's info messages
+  * [3282f86] uniform use of capitalized Jail in the messages
+- Leonardo Chiquitto
+  * [4502adf] Fix comments in dshield.conf and mynetwatchman.conf
+to reflect code
+  * [a7d47e8] Update Free Software Foundation's address
+- Petr Voralek
+  * [4007751] catch failed ssh logins due to being listed in DenyUsers.
+Close gh-47 (Closes: #669063)
+- Yaroslav Halchenko
+  * [MANY]extended and robustified unittests: test different backends
+  * [d9248a6] refactored Filter's to avoid duplicate functionality
+  * [7821174] direct users to issues on github
+  * [d2ffee0..] re-factored fail2ban-regex -- more condensed output by
+default with -v to control verbosity
+  * [b4099da] adjusted header for config/*.conf to mention .local and way
+to comment (Thanks Stefano Forli for the note)
+  * [6ad55f6] added failregex for wu-ftpd to match against syslog instead
+of DoS-prone auth.log's rhost (Closes: #514239)
+  * [2082fee] match possibly present pam_unix(sshd:auth): portion for
+sshd filter (Closes: #648020)
+- Yehuda Katz  Yaroslav Halchenko
+  * [322f53e,bd40cc7] ./DEVELOP -- documentation for developers
+
+---

Old:

  fail2ban-0.8.6-update-fsf-address.patch
  fail2ban-0.8.6.tar.bz2

New:

  fail2ban_0.8.7.1.orig.tar.gz



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.X1ecu1/_old  2012-10-04 19:38:53.0 +0200
+++ /var/tmp/diff_new_pack.X1ecu1/_new  2012-10-04 19:38:53.0 +0200
@@ -18,12 +18,19 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2012-08-07 21:51:37

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban, Maintainer is co...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2012-06-05 
15:30:21.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2012-08-07 
21:51:39.0 +0200
@@ -1,0 +2,6 @@
+Tue Jul 31 16:18:11 CEST 2012 - ase...@suse.de
+
+- Adding to fail2ban.init remove of pid and sock files on stop 
+  in case not removed before (prevents start fail)
+
+---



Other differences:
--
++ fail2ban.init ++
--- /var/tmp/diff_new_pack.NIZiZC/_old  2012-08-07 21:51:40.0 +0200
+++ /var/tmp/diff_new_pack.NIZiZC/_new  2012-08-07 21:51:40.0 +0200
@@ -26,6 +26,7 @@
 FAIL2BAN_CONFIG=/etc/sysconfig/fail2ban
 FAIL2BAN_SOCKET_DIR=/var/run/fail2ban
 FAIL2BAN_SOCKET=$FAIL2BAN_SOCKET_DIR/fail2ban.sock
+FAIL2BAN_PID=$FAIL2BAN_SOCKET_DIR/fail2ban.pid
 
 if [ -e $FAIL2BAN_CONFIG ]; then
. $FAIL2BAN_CONFIG
@@ -56,6 +57,18 @@
## Stop daemon with built-in functionality 'stop'
/sbin/startproc -w $FAIL2BAN_CLI -q stop  /dev/null 21
 
+   if [ -f $FAIL2BAN_SOCKET ]
+ then
+ echo $FAIL2BAN_SOCKET  not removed .. removing .. 
+ rm $FAIL2BAN_SOCKET
+fi
+if [ -f $FAIL2BAN_PID ]
+ then
+ echo $FAIL2BAN_PID  not removed .. removing .. 
+ rm $FAIL2BAN_PID
+fi
+
+
rc_status -v
;;
 try-restart|condrestart)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2012-06-05 15:30:18

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban, Maintainer is co...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2011-11-24 
11:36:04.0 +0100
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2012-06-05 
15:30:21.0 +0200
@@ -1,0 +2,5 @@
+Sun Jun  3 13:08:36 UTC 2012 - jweberho...@weberhofer.at
+
+- Update to version 0.8.6. containing various fixes and enhancements
+
+---

Old:

  fail2ban-0.8.5-update-fsf-address.patch
  fail2ban-0.8.5.tar.bz2

New:

  fail2ban-0.8.6-update-fsf-address.patch
  fail2ban-0.8.6.tar.bz2



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.kOPesi/_old  2012-06-05 15:30:24.0 +0200
+++ /var/tmp/diff_new_pack.kOPesi/_new  2012-06-05 15:30:24.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package fail2ban
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,23 +16,25 @@
 #
 
 
-
 Name:   fail2ban
-License:GPL-2.0+
-Group:  Productivity/Networking/Security
-Requires:   python = 2.5, logrotate, cron, lsof
+Requires:   cron
+Requires:   logrotate
+Requires:   lsof
+Requires:   python = 2.5
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
-Version:0.8.5
-Release:13
+Version:0.8.6
+Release:0
 Url:http://www.fail2ban.org/
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildArch:  noarch
 Summary:Bans IP addresses that make too many authentication failures
+License:GPL-2.0+
+Group:  Productivity/Networking/Security
 Source0:%{name}-%{version}.tar.bz2
 Source1:%{name}.init
 Source2:%{name}.sysconfig
-Patch0: fail2ban-0.8.5-update-fsf-address.patch
+Patch0: fail2ban-%{version}-update-fsf-address.patch
 
 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses

++ fail2ban-0.8.5-update-fsf-address.patch - 
fail2ban-0.8.6-update-fsf-address.patch ++

++ fail2ban-0.8.5.tar.bz2 - fail2ban-0.8.6.tar.bz2 ++
 4446 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2011-12-06 18:09:01

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban, Maintainer is co...@suse.com

Changes:




Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.b1U5jK/_old  2011-12-06 18:14:23.0 +0100
+++ /var/tmp/diff_new_pack.b1U5jK/_new  2011-12-06 18:14:23.0 +0100
@@ -18,7 +18,7 @@
 
 
 Name:   fail2ban
-License:GPLv2+
+License:GPL-2.0+
 Group:  Productivity/Networking/Security
 Requires:   python = 2.5, logrotate, cron, lsof
 BuildRequires:  python-devel

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory 
checked in at 2011-11-24 12:35:58

Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
 and  /work/SRC/openSUSE:Factory/.fail2ban.new (New)


Package is fail2ban, Maintainer is co...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes2011-09-23 
01:57:16.0 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes   2011-11-24 
11:36:04.0 +0100
@@ -1,0 +2,8 @@
+Fri Nov 18 22:04:03 UTC 2011 - lchiqui...@suse.com
+
+- Update to version 0.8.5: many bug fixes, enhancements and, as
+  a bonus, drop two patches that are now upstream
+- Update FSF address to silent rpmlint warnings
+- Drop stale socket files on startup (bnc#537239, bnc#730044)
+
+---
@@ -15 +23 @@
-Thu Jan  6 16:56:30 UTC 2011 - lchiqui...@novell.com
+Thu Jan  6 16:56:30 UTC 2011 - lchiqui...@suse.com
@@ -26 +34 @@
-Wed May  5 16:48:46 UTC 2010 - lchiqui...@novell.com
+Wed May  5 16:48:46 UTC 2010 - lchiqui...@suse.com
@@ -36 +44 @@
-Thu Nov 26 16:05:42 CET 2009 - lchiqui...@suse.de
+Thu Nov 26 16:05:42 CET 2009 - lchiqui...@suse.com

Old:

  fail2ban-0.8.2-fd_cloexec.patch
  fail2ban-0.8.4.tar.bz2
  fix-tmp-usage.diff

New:

  fail2ban-0.8.5-update-fsf-address.patch
  fail2ban-0.8.5.tar.bz2



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.lJ1X0R/_old  2011-11-24 11:36:06.0 +0100
+++ /var/tmp/diff_new_pack.lJ1X0R/_new  2011-11-24 11:36:06.0 +0100
@@ -15,23 +15,24 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
+
 Name:   fail2ban
 License:GPLv2+
 Group:  Productivity/Networking/Security
-Requires:   python = 2.5, logrotate, cron
+Requires:   python = 2.5, logrotate, cron, lsof
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
-Version:0.8.4
+Version:0.8.5
 Release:13
 Url:http://www.fail2ban.org/
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildArch:  noarch
 Summary:Bans IP addresses that make too many authentication failures
-Source0:
http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2
+Source0:%{name}-%{version}.tar.bz2
 Source1:%{name}.init
 Source2:%{name}.sysconfig
-Patch:  fail2ban-0.8.2-fd_cloexec.patch
-Patch1: fix-tmp-usage.diff
+Patch0: fail2ban-0.8.5-update-fsf-address.patch
 
 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses
@@ -42,9 +43,7 @@
 
 %prep
 %setup
-perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
-%patch -p1
-%patch1 -p1
+%patch0 -p1
 
 %build
 export CFLAGS=$RPM_OPT_FLAGS

++ fail2ban-0.8.5-update-fsf-address.patch ++
 650 lines (skipped)

++ fail2ban-0.8.4.tar.bz2 - fail2ban-0.8.5.tar.bz2 ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/fail2ban-0.8.4/ChangeLog new/fail2ban-0.8.5/ChangeLog
--- old/fail2ban-0.8.4/ChangeLog2009-09-07 21:11:29.0 +0200
+++ new/fail2ban-0.8.5/ChangeLog2011-07-29 05:07:09.0 +0200
@@ -4,9 +4,47 @@
|_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 

-Fail2Ban (version 0.8.4)  
2009/09/07
+Fail2Ban (version 0.8.5)  
2011/07/28
 

 
+ver. 0.8.5 (2011/07/28) - stable
+--
+- Fix: use addfailregex instead of failregex while processing per-jail
+  failregex parameter (Fixed Debian bug #635830, LP: #635036). Thanks to
+  Marat Khayrullin for the patch and Daniel T Chen for forwarding to
+  Debian.
+- Fix: use os.path.join to generate full path - fixes includes in configs
+  given local filename (5 weeks ago) [yarikoptic]
+- Fix: allowed for trailing spaces in proftpd logs
+- Fix: escaped () in pure-ftpd filter. Thanks to Teodor
+- Fix: allowed space in the trailing of failregex for sasl.conf:
+  see http://bugs.debian.org/573314
+- Fix: use /var/run/fail2ban instead of /tmp for temp files in actions:
+  see http://bugs.debian.org/544232
+- Fix: Tai64N stores time in GMT, needed to convert to local time before
+  returning
+- Fix: disabled named-refused-udp jail entirely with a big fat warning
+- Fix: added time module. Bug reported in buanzo's blog:
+  see 
http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html
+- Fix: Patch to make log file descriptors cloexec 

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory
checked in at Thu Sep 22 10:44:00 CEST 2011.




--- fail2ban/fail2ban.changes   2011-09-01 16:09:20.0 +0200
+++ /mounts/work_src_done/STABLE/fail2ban/fail2ban.changes  2011-09-19 
02:13:27.0 +0200
@@ -1,0 +2,6 @@
+Sun Sep 18 17:17:12 UTC 2011 - jeng...@medozas.de
+
+- Apply packaging guidelines (remove redundant/obsolete
+  tags/sections from specfile, etc.)
+
+---

calling whatdependson for head-i586




Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.fdknsB/_old  2011-09-22 10:43:57.0 +0200
+++ /var/tmp/diff_new_pack.fdknsB/_new  2011-09-22 10:43:57.0 +0200
@@ -15,16 +15,12 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
-
-
 Name:   fail2ban
 License:GPLv2+
 Group:  Productivity/Networking/Security
 Requires:   python = 2.5, logrotate, cron
 BuildRequires:  python-devel
 PreReq: %fillup_prereq
-AutoReqProv:on
 Version:0.8.4
 Release:13
 Url:http://www.fail2ban.org/
@@ -44,12 +40,6 @@
 These rules can be defined by the user. Fail2Ban can read multiple log
 files such as sshd or Apache web server ones.
 
-
-
-Authors:
-
-Cyril Jaquier cyril.jaqu...@fail2ban.org
-
 %prep
 %setup
 perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
@@ -86,9 +76,6 @@
 %restart_on_update %{name}
 %insserv_cleanup
 
-%clean
-# [ $RPM_BUILD_ROOT !=  ]  [ -d $RPM_BUILD_ROOT ]  rm -rf 
$RPM_BUILD_ROOT;
-
 %files
 %defattr(-, root, root)
 %dir %{_sysconfdir}/%{name}






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit fail2ban for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package fail2ban for openSUSE:Factory
checked in at Thu Sep 1 16:59:51 CEST 2011.




--- fail2ban/fail2ban.changes   2011-01-06 17:59:53.0 +0100
+++ /mounts/work_src_done/STABLE/fail2ban/fail2ban.changes  2011-09-01 
16:09:20.0 +0200
@@ -1,0 +2,7 @@
+Thu Sep  1 14:07:28 UTC 2011 - co...@suse.com
+
+- Use /var/run/fail2ban instead of /tmp for temp files in 
+  actions: see bugs.debian.org/544232, bnc#690853,
+  CVE-2009-5023
+
+---

calling whatdependson for head-i586


New:

  fix-tmp-usage.diff



Other differences:
--
++ fail2ban.spec ++
--- /var/tmp/diff_new_pack.bO6mKB/_old  2011-09-01 16:59:11.0 +0200
+++ /var/tmp/diff_new_pack.bO6mKB/_new  2011-09-01 16:59:11.0 +0200
@@ -1,5 +1,5 @@
 #
-# spec file for package fail2ban (Version 0.8.4)
+# spec file for package fail2ban
 #
 # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -26,7 +26,7 @@
 PreReq: %fillup_prereq
 AutoReqProv:on
 Version:0.8.4
-Release:8
+Release:13
 Url:http://www.fail2ban.org/
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildArch:  noarch
@@ -35,6 +35,7 @@
 Source1:%{name}.init
 Source2:%{name}.sysconfig
 Patch:  fail2ban-0.8.2-fd_cloexec.patch
+Patch1: fix-tmp-usage.diff
 
 %description
 Fail2ban scans log files like /var/log/messages and bans IP addresses
@@ -53,6 +54,7 @@
 %setup
 perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
 %patch -p1
+%patch1 -p1
 
 %build
 export CFLAGS=$RPM_OPT_FLAGS

++ fix-tmp-usage.diff ++
From: yarikoptic yarikoptic@a942ae1a-1317-0410-a47c-b1dcaea8d605
Date: Wed, 23 Mar 2011 20:35:56 + (+)
Subject: BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: 
see http://bugs... 
X-Git-Tag: upstream/0.8.4+svn20110323^2~8
X-Git-Url: 
http://git.onerussian.com/?p=deb%2Ffail2ban.git;a=commitdiff_plain;h=ea7d352616b1e2232fcaa99b11807a86ce29ed8b

BF: Use /var/run/fail2ban instead of /tmp for temp files in actions: see 
bugs.debian.org/544232

It should be robust since /var/run/fail2ban is guaranteed to exist to carry the
socket file, and it will be owned by root (or some other dedicated fail2ban
user) thus avoiding possibility for the exploit

git-svn-id: 
https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@767 
a942ae1a-1317-0410-a47c-b1dcaea8d605
---

diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index b80698b..8549a55 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -206,5 +206,5 @@ dest = repo...@dshield.org
 # Notes.:  Base name of temporary files used for buffering
 # Values:  [ STRING ]  Default: /tmp/fail2ban-dshield
 #
-tmpfile = /tmp/fail2ban-dshield
+tmpfile = /var/run/fail2ban/tmp-dshield
 
diff --git a/config/action.d/mail-buffered.conf 
b/config/action.d/mail-buffered.conf
index 8a33d0e..6fd51d2 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -81,7 +81,7 @@ lines = 5
 
 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
 
 # Destination/Addressee of the mail
 #
diff --git a/config/action.d/mynetwatchman.conf 
b/config/action.d/mynetwatchman.conf
index 15b91b1..f0e5515 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -141,4 +141,4 @@ mnwurl = http://mynetwatchman.com/insertwebreport.asp
 # Notes.:  Base name of temporary files
 # Values:  [ STRING ]  Default: /tmp/fail2ban-mynetwatchman
 #
-tmpfile = /tmp/fail2ban-mynetwatchman
+tmpfile = /var/run/fail2ban/tmp-mynetwatchman
diff --git a/config/action.d/sendmail-buffered.conf 
b/config/action.d/sendmail-buffered.conf
index de8166a..25a23b7 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -101,5 +101,5 @@ lines = 5
 
 # Default temporary file
 #
-tmpfile = /tmp/fail2ban-mail.txt
+tmpfile = /var/run/fail2ban/tmp-mail.txt
 





Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org