commit fail2ban for openSUSE:Factory
Hello community, here is the log from the commit of package fail2ban for openSUSE:Factory checked in at 2018-04-26 13:37:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fail2ban (Old) and /work/SRC/openSUSE:Factory/.fail2ban.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "fail2ban" Thu Apr 26 13:37:18 2018 rev:53 rq:599594 version:0.10.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes 2018-02-21 14:11:42.765668097 +0100 +++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes 2018-04-26 13:37:22.177535373 +0200 @@ -1,0 +2,47 @@ +Sat Apr 21 06:02:12 UTC 2018 - jweberhofer@weberhofer.at + +- Updated to version 0.10.3.1. Changelog: + https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog + + * fixed JSON serialization for the set-object within dump into database (gh-2103). + +- Updated to version 0.10.3. Changelog: + https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog + +- Fixes + * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060); + * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048); + * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069; + * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` : + - fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064); + * `filter.d/sshd.conf`: + - failregex got an optional space in order to match new log-format (see gh-2061); + - fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062); + - fixed root login refused regex (optional port before preauth, gh-2080); + - avoid banning of legitimate users when pam_unix used in combination with other password method, so + bypass pam_unix failures if accepted available for this user gh-2070; + - amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly); + - mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode + it counts failure on closing connection within preauth-stage (gh-2085); + * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101); + * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059); + * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066); + * (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054); + +- New Features + * several stability and performance optimizations, more effective filter parsing, etc; + * stable runnable within python versions 3.6 (as well as within 3.7-dev); + +- Enhancements + * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097); + * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073); + * date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029); + * possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038); + the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line, + e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line. + * badips.py now uses https instead of plain http when requesting badips.com (gh-2057); + * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056); + * Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG): + Usage `logtarget = target[padding=on|off]` + +------------------------------------------------------------------- Old: ---- fail2ban-0.10.2.tar.gz New: ---- fail2ban-0.10.3.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fail2ban.spec ++++++ --- /var/tmp/diff_new_pack.KxC9cY/_old 2018-04-26 13:37:23.121500776 +0200 +++ /var/tmp/diff_new_pack.KxC9cY/_new 2018-04-26 13:37:23.121500776 +0200 @@ -23,10 +23,10 @@ %{!?tmpfiles_create:%global tmpfiles_create systemd-tmpfiles --create} Name: fail2ban -Version: 0.10.2 +Version: 0.10.3.1 Release: 0 Summary: Bans IP addresses that make too many authentication failures -License: GPL-2.0+ +License: GPL-2.0-or-later Group: Productivity/Networking/Security Url: http://www.fail2ban.org/ Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz ++++++ fail2ban-0.10.2.tar.gz -> fail2ban-0.10.3.1.tar.gz ++++++ ++++ 6073 lines of diff (skipped)
participants (1)
-
root@hilbert.suse.de