Update to 0.8.10 security release

- Use upstream provided systemd files
- Drop upstreamed patches, rebase log2syslog and notmp patches

.gitignore

@@ -2,3 +2,4 @@ fail2ban-FAIL2BAN-0_8.tar.bz2
 fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.7.1.orig.tar.gz
 /fail2ban_0.8.8.orig.tar.gz
+/fail2ban-0.8.10.tar.gz

asyncserver.start_selinux.patch

@@ -1,35 +0,0 @@
-From 20c717c25c5d180b720bec6902475f07b02f8b87 Mon Sep 17 00:00:00 2001
-From: Jonathan G. Underwood <jonathan.underwood@gmail.com>
-Date: Sun, 3 Jan 2010 02:16:09 +0000
-Subject: [PATCH] Set socket file descriptor in AsyncServer.start to be CLOEXEC
-
-https://bugzilla.redhat.com/show_bug.cgi?id=522767
----
- server/asyncserver.py |    4 +++-
- 1 files changed, 3 insertions(+), 1 deletions(-)
-
-diff --git a/server/asyncserver.py b/server/asyncserver.py
-index 35cebf1..96b62d0 100644
---- a/server/asyncserver.py
-+++ b/server/asyncserver.py
-@@ -26,7 +26,7 @@ __license__ = "GPL"
- 
- from pickle import dumps, loads, HIGHEST_PROTOCOL
- from common import helpers
--import asyncore, asynchat, socket, os, logging, sys, traceback
-+import asyncore, asynchat, socket, os, logging, sys, traceback, fcntl
- 
- # Gets the instance of the logger.
- logSys = logging.getLogger("fail2ban.server")
-@@ -126,6 +126,8 @@ class AsyncServer(asyncore.dispatcher):
- 				raise AsyncServerException("Server already running")
- 		# Creates the socket.
- 		self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
-+		fd = self.fileno()
-+		fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
- 		self.set_reuse_addr()
- 		try:
- 			self.bind(sock)
--- 
-1.6.5.2
-

fail2ban-0.8.3-log2syslog.patch

@@ -1,11 +0,0 @@
---- fail2ban-0.8.3/config/fail2ban.conf~	2008-02-27 22:44:55.000000000 +0100
-+++ fail2ban-0.8.3/config/fail2ban.conf	2009-08-27 20:48:25.000000000 +0200
-@@ -22,7 +22,7 @@
- #          Only one log target can be specified.
- # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
- #
--logtarget = /var/log/fail2ban.log
-+logtarget = SYSLOG
- 
- # Option: socket
- # Notes.: Set the socket file. This is used to communicate with the daemon. Do

fail2ban-0.8.7.1-notmp.patch

@@ -1,35 +0,0 @@
-diff -U0 fail2ban-0.8.7.1/ChangeLog.notmp fail2ban-0.8.7.1/ChangeLog
---- fail2ban-0.8.7.1/ChangeLog.notmp	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/ChangeLog	2012-10-11 11:49:16.317481660 -0600
-@@ -511 +511 @@
--- Changed default PID lock file location from /tmp to /var/run
-+- Changed default PID lock file location from /var/lib/fail2ban to /var/run
-diff -up fail2ban-0.8.7.1/client/fail2banreader.py.notmp fail2ban-0.8.7.1/client/fail2banreader.py
---- fail2ban-0.8.7.1/client/fail2banreader.py.notmp	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/client/fail2banreader.py	2012-10-11 11:49:16.318481661 -0600
-@@ -42,7 +42,7 @@ class Fail2banReader(ConfigReader):
- 		ConfigReader.read(self, "fail2ban")
- 	
- 	def getEarlyOptions(self):
--		opts = [["string", "socket", "/tmp/fail2ban.sock"]]
-+		opts = [["string", "socket", "/var/lib/fail2ban/fail2ban.sock"]]
- 		return ConfigReader.getOptions(self, "Definition", opts)
- 	
- 	def getOptions(self):
-diff -up fail2ban-0.8.7.1/config/action.d/dshield.conf.notmp fail2ban-0.8.7.1/config/action.d/dshield.conf
-diff -up fail2ban-0.8.7.1/config/action.d/mail-buffered.conf.notmp fail2ban-0.8.7.1/config/action.d/mail-buffered.conf
-diff -up fail2ban-0.8.7.1/config/action.d/mynetwatchman.conf.notmp fail2ban-0.8.7.1/config/action.d/mynetwatchman.conf
-diff -up fail2ban-0.8.7.1/config/action.d/sendmail-buffered.conf.notmp fail2ban-0.8.7.1/config/action.d/sendmail-buffered.conf
-diff -up fail2ban-0.8.7.1/files/nagios/f2ban.txt.notmp fail2ban-0.8.7.1/files/nagios/f2ban.txt
---- fail2ban-0.8.7.1/files/nagios/f2ban.txt.notmp	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/files/nagios/f2ban.txt	2012-10-11 11:53:32.323532817 -0600
-@@ -6,7 +6,7 @@ HELP:
- /etc/init.d/fail2ban stop
- 
- 2.) delete the socket if available
--rm /tmp/fail2ban.sock
-+rm /var/run/fail2ban/fail2ban.sock
- 
- 3.) start the Service 
- /etc/init.d/fail2ban start
-diff -up fail2ban-0.8.7.1/testcases/actiontestcase.py.notmp fail2ban-0.8.7.1/testcases/actiontestcase.py

fail2ban-0.8.8-sshd-pam.patch

@@ -1,11 +0,0 @@
-diff -up fail2ban-0.8.8/config/filter.d/sshd.conf.sshd-pam fail2ban-0.8.8/config/filter.d/sshd.conf
---- fail2ban-0.8.8/config/filter.d/sshd.conf.sshd-pam	2012-12-05 20:51:29.000000000 -0700
-+++ fail2ban-0.8.8/config/filter.d/sshd.conf	2013-01-18 14:29:00.300902426 -0700
-@@ -30,7 +30,6 @@ failregex = ^%(__prefix_line)s(?:error:
-             ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
-             ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$
-             ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$
--            ^%(__prefix_line)s(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
-             ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
-             ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
- 

fail2ban-log2syslog.patch

@@ -0,0 +1,12 @@
+diff -up fail2ban-0.8.10/config/fail2ban.conf.log2syslog fail2ban-0.8.10/config/fail2ban.conf
+--- fail2ban-0.8.10/config/fail2ban.conf.log2syslog	2013-06-12 11:21:12.000000000 -0600
++++ fail2ban-0.8.10/config/fail2ban.conf	2013-06-12 16:12:48.233512068 -0600
+@@ -30,7 +30,7 @@ loglevel = 3
+ #          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+ # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+ #
+-logtarget = /var/log/fail2ban.log
++logtarget = SYSLOG
+ 
+ # Option: socket
+ # Notes.: Set the socket file. This is used to communicate with the daemon. Do

fail2ban-notmp.patch

@@ -0,0 +1,12 @@
+diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py
+--- fail2ban-0.8.10/client/fail2banreader.py.notmp	2013-06-12 11:21:12.000000000 -0600
++++ fail2ban-0.8.10/client/fail2banreader.py	2013-06-12 16:17:43.820837700 -0600
+@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
+ 		ConfigReader.read(self, "fail2ban")
+ 	
+ 	def getEarlyOptions(self):
+-		opts = [["string", "socket", "/tmp/fail2ban.sock"],
++		opts = [["string", "socket", "/var/run/fail2ban/fail2ban.sock"],
+ 				["string", "pidfile", "/var/run/fail2ban/fail2ban.pid"]]
+ 		return ConfigReader.getOptions(self, "Definition", opts)
+ 	

fail2ban.spec

@@ -1,32 +1,16 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
-Version: 0.8.8
-Release: 4%{?dist}
+Version: 0.8.10
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-Source0: https://github.com/downloads/%{name}/%{name}/%{name}_%{version}.orig.tar.gz
+Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1: fail2ban-logrotate
-Source2: fail2ban-tmpfiles.conf
-%if 0%{?fedora} >= 19
-Source3: fail2ban.service
-%endif
 Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
-# Do not use pam_unix failure messages to ban sshd
-# https://github.com/fail2ban/fail2ban/issues/106
-Patch2: fail2ban-0.8.8-sshd-pam.patch
-# Upstream patch to fix module loading
-# https://github.com/fail2ban/fail2ban/issues/112
-# https://bugzilla.redhat.com/show_bug.cgi?id=892365
-Patch3: fail2ban-import.patch
-# Upstream patch to fix UTF-8 characters in hostnames
-# https://github.com/fail2ban/fail2ban/issues/113
-# https://bugzilla.redhat.com/show_bug.cgi?id=905097
-Patch4: fail2ban-utf8.patch
-Patch6: fail2ban-0.8.3-log2syslog.patch
-Patch7: asyncserver.start_selinux.patch
-Patch8: fail2ban-0.8.7.1-notmp.patch
+Patch6: fail2ban-log2syslog.patch
+Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 # For testcases
@@ -60,11 +44,7 @@ and shorewall respectively.
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
-%patch2 -p1 -b .sshd-pam
-%patch3 -p1 -b .import
-%patch4 -p1 -b .utf8
 %patch6 -p1 -b .log2syslog
-%patch7 -p1 -b .fd_cloexec2
 %patch8 -p1 -b .notmp
 
 %build
@@ -75,7 +55,7 @@ rm -rf %{buildroot}
 python setup.py install -O1 --root %{buildroot}
 %if 0%{?fedora} >= 19
 mkdir -p %{buildroot}%{_unitdir}
-cp -p %SOURCE3 %{buildroot}%{_unitdir}/
+cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
 %else
 mkdir -p %{buildroot}%{_initddir}
 install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
@@ -87,7 +67,9 @@ install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
-install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+# Remove installed doc, use doc macro instead
+rm -r %{buildroot}%{_docdir}/%{name}
 
 # Testcases need network access
 #%check
@@ -120,7 +102,7 @@ fi
 
 %files
 %defattr(-,root,root,-)
-%doc README TODO ChangeLog COPYING
+%doc README.md TODO ChangeLog COPYING doc/*.txt
 #doc config/fail2ban.conf*
 %{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client
@@ -131,7 +113,7 @@ fi
 %else
 %{_initddir}/fail2ban
 %endif
-%{_mandir}/man1/fail2ban-*.1*
+%{_mandir}/man1/fail2ban*.1*
 %dir %{_sysconfdir}/fail2ban
 %dir %{_sysconfdir}/fail2ban/action.d
 %dir %{_sysconfdir}/fail2ban/filter.d
@@ -145,6 +127,11 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Wed Jun 12 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.10-1
+- Update to 0.8.10 security release
+- Use upstream provided systemd files
+- Drop upstreamed patches, rebase log2syslog and notmp patches
+
 * Fri Mar 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-4
 - Use systemd init for Fedora 19+ (bug #883158)
 

sources

@@ -1 +1 @@
-48a7cfa29c30227f0e1361bd3c88ec8e  fail2ban_0.8.8.orig.tar.gz
+48327ac0f5938dcc2f82c63728fc8918  fail2ban-0.8.10.tar.gz