openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of fail2ban

buildservice-autocommit accepted request 762815 from

Dominique Leuenberger (dimstar) over 4 years ago (revision 99)

baserev update by copy to link target

Dominique Leuenberger (dimstar) accepted request 762228 from

Dominique Leuenberger (dimstar) over 4 years ago (revision 98)

- Switch to use python3 (upstream supported):
  + BuildRequire python3-tools instead of python-devel (for the
    2to3 tool).
  + Drop the python-gamin dependency.
  + Replace all python-FOO deps for their python3-FOO counterpart.

- removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2
- fail2ban-0.10.4-upstream-pid-file-location.patch changed fail2ban unit file

buildservice-autocommit accepted request 722644 from

Johannes Weberhofer (weberho) almost 5 years ago (revision 97)

baserev update by copy to link target

Johannes Weberhofer (weberho) accepted request 722640 from

Johannes Weberhofer (weberho) almost 5 years ago (revision 96)

- Added fail2ban-0.10.4-env-script-interpreter.patch to define interpreter
- removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2
  will be removed from Factory (see sr#713247):
  * fail2ban-opensuse-service.patch: removed references to SuSEfirewall2 service
  * fail2ban-opensuse-service-sfw.patch: use references to SuSEfirewall2 only for
    older distributions
  * Removed installation recommendation of the SuSEfirewall2-fail2ban
    package for all distributions as it is deprecated.
- fail2ban-0.10.4-upstream-pid-file-location.patch changed fail2ban unit file
  location (boo#1145181, gh#fail2ban/fail2ban#2474)

buildservice-autocommit accepted request 709174 from

Johannes Weberhofer (weberho) almost 5 years ago (revision 95)

baserev update by copy to link target

Johannes Weberhofer (weberho) accepted request 709167 from

Dominique Leuenberger (dimstar) almost 5 years ago (revision 94)

Allow OBS to pick better candidates to shorten rebuild queues

buildservice-autocommit accepted request 677464 from

Johannes Weberhofer (weberho) over 5 years ago (revision 93)

baserev update by copy to link target

Johannes Weberhofer (weberho) accepted request 676713 from

Christian Wittmer (computersalat) over 5 years ago (revision 92)

Update to 0.10.4

buildservice-autocommit accepted request 599594 from

Johannes Weberhofer (weberho) about 6 years ago (revision 91)

baserev update by copy to link target

Johannes Weberhofer (weberho) accepted request 599593 from

Johannes Weberhofer (weberho) about 6 years ago (revision 90)

- Updated to version 0.10.3.1. Changelog:
  https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog
  * fixed JSON serialization for the set-object within dump into database (gh-2103).
- Updated to version 0.10.3. Changelog:
  https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog
- Fixes
  * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060);
  * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048);
  * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069;
  * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
    - fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064);
  * `filter.d/sshd.conf`:
    - failregex got an optional space in order to match new log-format (see gh-2061);
    - fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062);
    - fixed root login refused regex (optional port before preauth, gh-2080);
    - avoid banning of legitimate users when pam_unix used in combination with other password method, so
      bypass pam_unix failures if accepted available for this user gh-2070;
    - amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly);
    - mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode
      it counts failure on closing connection within preauth-stage (gh-2085);
  * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101);
  * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059);
  * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066);
  * (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054);
- New Features
  * several stability and performance optimizations, more effective filter parsing, etc;
  * stable runnable within python versions 3.6 (as well as within 3.7-dev);
- Enhancements
  * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097);
  * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073);
  * date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029);
  * possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038);
    the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line,
    e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line.
  * badips.py now uses https instead of plain http when requesting badips.com (gh-2057);
  * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
  * Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG):
    Usage `logtarget = target[padding=on|off]`

buildservice-autocommit accepted request 578362 from

Johannes Weberhofer (weberho) over 6 years ago (revision 89)

baserev update by copy to link target

Johannes Weberhofer (weberho) committed over 6 years ago (revision 88)

Johannes Weberhofer (weberho) accepted request 578297 from

Johannes Weberhofer (weberho) over 6 years ago (revision 87)

- Updated to version 0.10.2. Changelog:
  https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog
- rebased patch

buildservice-autocommit accepted request 544894 from

Johannes Weberhofer (weberho) over 6 years ago (revision 86)

baserev update by copy to link target

Johannes Weberhofer (weberho) accepted request 544725 from

Richard Brown (RBrownSUSE) over 6 years ago (revision 85)

Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

buildservice-autocommit accepted request 537301 from

Factory Maintainer (factory-maintainer) over 6 years ago (revision 84)

baserev update by copy to link target

Johannes Weberhofer (weberho) accepted request 536273 from

Johannes Weberhofer (weberho) over 6 years ago (revision 83)

- Updated to version 0.10.1. Changelog:
  https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog
- Removed 607568f.patch and 1783.patch
- New features: 
  * IPv6 support
    - IP addresses are now handled as objects rather than strings capable for 
      handling both address types IPv4 and IPv6
    - iptables related actions have been amended to support IPv6 specific actions
      additionally
    - hostsdeny and route actions have been tested to be aware of v4 and v6 already
    - pf action for *BSD systems has been improved and supports now also v4 and v6
    - name resolution is now working for either address type
    - new conditional section functionality used in config resp. includes:
      - [Init?family=inet4] - IPv4 qualified hosts only
      - [Init?family=inet6] - IPv6 qualified hosts only
  * Reporting via abuseipdb.com
    - Bans can now be reported to abuseipdb
    - Catagories must be set in the config
    - Relevant log lines included in report
  * Several commands extended and new commands introduced
  * Implemented execution of `actionstart` on demand
  * nftables actions are IPv6-capable now
  * Introduced new filter option `prefregex` for pre-filtering using single regular expression
  * Many times faster because of several optimizations
  * Several filters optimized
  * Introduced new jail option "ignoreself"
- Lots of fixes and internal improvements
- Incompatibitilities:
  * Filter (or `failregex`) internal capture-groups:
  - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should
    rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)`
    (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings).
    Of course you can always your own capture-group (like below `_cond_ip_`) to do this.
    ```
    testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1"
    fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$"
    ```
  - New internal groups (currently reserved for internal usage):
    `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if
    mapping from tag `<F-*>` used in failregex (e. g. `user` by `<F-USER>`).
  * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some
  user configurations resp. `datepattern`.
  * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are
  IPv6-capable now.

buildservice-autocommit accepted request 506342 from

Johannes Weberhofer (weberho) almost 7 years ago (revision 82)

baserev update by copy to link target

Johannes Weberhofer (weberho) accepted request 506341 from

Johannes Weberhofer (weberho) almost 7 years ago (revision 81)

- added 1783.patch from upstream: "Updated roundcube authentication filter"
- use tmpfiles_create macro

buildservice-autocommit accepted request 495374 from

Johannes Weberhofer (weberho) about 7 years ago (revision 80)

baserev update by copy to link target

Displaying revisions 21 - 40 of 119

Places

Revisions of fail2ban

Places