Hello community,
here is the log from the commit of package fail2ban for openSUSE:11.3
checked in at Wed Oct 19 16:13:26 CEST 2011.
--------
--- old-versions/11.3/all/fail2ban/fail2ban.changes 2010-05-05 19:13:28.000000000 +0200
+++ 11.3/fail2ban/fail2ban.changes 2011-09-01 16:09:20.000000000 +0200
@@ -1,0 +2,18 @@
+Thu Sep 1 14:07:28 UTC 2011 - coolo@suse.com
+
+- Use /var/run/fail2ban instead of /tmp for temp files in
+ actions: see bugs.debian.org/544232, bnc#690853,
+ CVE-2009-5023
+
+-------------------------------------------------------------------
+Thu Jan 6 16:56:30 UTC 2011 - lchiquitto@novell.com
+
+- Use $FAIL2BAN_OPTIONS when starting (bnc#662495)
+- Clean up sysconfig file
+
+-------------------------------------------------------------------
+Tue Jul 27 20:39:41 UTC 2010 - cristian.rodriguez@opensuse.org
+
+- Use O_CLOEXEC on fds (patch from Fedora)
+
+-------------------------------------------------------------------
Package does not exist at destination yet. Using Fallback old-versions/11.3/all/fail2ban
Destination is old-versions/11.3/UPDATES/all/fail2ban
calling whatdependson for 11.3-i586
New:
----
fail2ban-0.8.2-fd_cloexec.patch
fix-tmp-usage.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ fail2ban.spec ++++++
--- /var/tmp/diff_new_pack.9hcTNH/_old 2011-10-19 16:11:48.000000000 +0200
+++ /var/tmp/diff_new_pack.9hcTNH/_new 2011-10-19 16:11:48.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package fail2ban (Version 0.8.4)
+# spec file for package fail2ban
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
PreReq: %fillup_prereq
AutoReqProv: on
Version: 0.8.4
-Release: 2
+Release: 5.<RELEASE2>
Url: http://www.fail2ban.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@@ -34,6 +34,8 @@
Source0: http://download.sourceforge.net/sourceforge/fail2ban/%{name}-%{version}.tar.bz2
Source1: %{name}.init
Source2: %{name}.sysconfig
+Patch: fail2ban-0.8.2-fd_cloexec.patch
+Patch1: fix-tmp-usage.diff
%description
Fail2ban scans log files like /var/log/messages and bans IP addresses
@@ -51,6 +53,8 @@
%prep
%setup
perl -pi -e 's;/usr/local/;/usr/;g' files/suse-initd
+%patch -p1
+%patch1 -p1
%build
export CFLAGS="$RPM_OPT_FLAGS"
++++++ fail2ban-0.8.2-fd_cloexec.patch ++++++
--- fail2ban-0.8.2/server/filter.py.orig 2008-03-27 16:26:59.000000000 +0000
+++ fail2ban-0.8.2/server/filter.py 2008-03-27 15:29:48.000000000 +0000
@@ -428,6 +428,7 @@
# is computed and compared to the previous hash of this line.
import md5
+import fcntl
class FileContainer:
@@ -455,6 +456,11 @@
def open(self):
self.__handler = open(self.__filename)
+
+ # Set the file descriptor to be FD_CLOEXEC
+ fd = self.__handler.fileno()
+ fcntl.fcntl (self.__handler.fileno(), fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
+
firstLine = self.__handler.readline()
# Computes the MD5 of the first line.
myHash = md5.new(firstLine).digest()
++++++ fail2ban.init ++++++
--- /var/tmp/diff_new_pack.9hcTNH/_old 2011-10-19 16:11:48.000000000 +0200
+++ /var/tmp/diff_new_pack.9hcTNH/_new 2011-10-19 16:11:48.000000000 +0200
@@ -66,7 +66,7 @@
fi
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
- startproc $FAIL2BAN_CLI -q start > /dev/null 2>&1
+ startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start > /dev/null 2>&1
# Remember status and be verbose
rc_status -v
++++++ fail2ban.sysconfig ++++++
--- /var/tmp/diff_new_pack.9hcTNH/_old 2011-10-19 16:11:48.000000000 +0200
+++ /var/tmp/diff_new_pack.9hcTNH/_new 2011-10-19 16:11:48.000000000 +0200
@@ -1,18 +1,10 @@
-## Path: System/Security/Fail2ban
-## Description: fail2ban options
-## Type: string
-## Default: fail2ban
+## Path: System/Security/Fail2ban
+## Description: fail2ban options
+## Type: string
+## Default: ""
## ServiceReload: fail2ban
## ServiceRestart: fail2ban
#
-IDENT="fail2ban"
-## Type: string
-## Default: "fail2ban daemon"
-DESCRIPTIVE="fail2ban daemon"
-## Type: string
-## Default: ""
+# Options for fail2ban
#
-# change FAIL2BAN_OPTIONS for arguments of start of fail2ban
-# e.g. FAIL2BAN_OPTIONS="-c /etc/fail2ban/fail2ban.conf"
FAIL2BAN_OPTIONS=""
-
++++++ fix-tmp-usage.diff ++++++
From: yarikoptic