Hello community, here is the log from the commit of package fail2ban for openSUSE:Factory checked in at 2013-11-19 10:45:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fail2ban (Old) and /work/SRC/openSUSE:Factory/.fail2ban.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "fail2ban" Changes: -------- --- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes 2013-09-23 16:04:08.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.fail2ban.new/fail2ban.changes 2013-11-19 10:45:04.000000000 +0100 @@ -1,0 +2,17 @@ +Thu Nov 14 05:14:35 UTC 2013 - jweberhofer@weberhofer.at + +- Update to version 0.8.11 + +- In light of CVE-2013-2178 that triggered our last release we have put a + significant effort into tightening all of the regexs of our filters to avoid + another similar vulnerability. We haven't examined all of these for a potential + DoS scenario however it is possible that another DoS vulnerability exists that + is fixed by this release. A large number of filters have been updated to + include more failure regexs supporting previously unbanned failures and support + newer application versions too. We have test cases for most of these now + however if you have other examples that demonstrate that a filter is + insufficient we welcome your feedback. During the tightening of the regexs to + avoid DoS vulnerabilities there is the possibility that we have inadvertently, + despite our best intentions, incorrectly allowed a failure to continue. + +------------------------------------------------------------------- Old: ---- fail2ban-0.8.10.tar.gz New: ---- fail2ban-0.8.11.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fail2ban.spec ++++++ --- /var/tmp/diff_new_pack.IroLJ2/_old 2013-11-19 10:45:05.000000000 +0100 +++ /var/tmp/diff_new_pack.IroLJ2/_new 2013-11-19 10:45:05.000000000 +0100 @@ -35,7 +35,7 @@ BuildRequires: logrotate BuildRequires: python-devel PreReq: %fillup_prereq -Version: 0.8.10 +Version: 0.8.11 Release: 0 Url: http://www.fail2ban.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -43,8 +43,7 @@ Summary: Bans IP addresses that make too many authentication failures License: GPL-2.0+ Group: Productivity/Networking/Security -#URL https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9 -Source0: %{name}-%{version}.tar.gz +Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.bz2 %if 0%{?suse_version} < 1230 Source1: %{name}.init %endif ++++++ fail2ban-0.8.10.tar.gz -> fail2ban-0.8.11.tar.bz2 ++++++ ++++ 10362 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org