Update to 0.9.0 from master

.gitignore

@@ -4,3 +4,6 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.8.orig.tar.gz
 /fail2ban-0.8.10.tar.gz
 /fail2ban-0.8.11.tar.gz
+/fail2ban-0.9-d529151.tar.xz
+/fail2ban-0.9-1f1a561.tar.xz
+/fail2ban-0.9.tar.gz

fail2ban-0.8.11-singlejail.patch

@@ -1,12 +0,0 @@
-diff -up fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf.singlejail fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf
---- fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf.singlejail	2013-12-03 16:17:48.282238194 +0100
-+++ fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf	2013-12-03 16:17:57.421402502 +0100
-@@ -20,7 +20,7 @@ actionstop = firewall-cmd --direct --rem
-              firewall-cmd --direct --remove-rules ipv4 filter fail2ban-<name>
-              firewall-cmd --direct --remove-chain ipv4 filter fail2ban-<name>
- 
--actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q 'fail2ban-<name>[ \t]'
-+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -Eq 'fail2ban-<name>$|fail2ban-<name> '
- 
- actionban = firewall-cmd --direct --add-rule ipv4 filter fail2ban-<name> 0 -s <ip> -j <blocktype>
- 

fail2ban-0.8.3-init.patch

@@ -1,11 +0,0 @@
-diff -up fail2ban-0.8.11/files/redhat-initd.init fail2ban-0.8.11/files/redhat-initd
---- fail2ban-0.8.11/files/redhat-initd.init	2013-11-25 18:07:00.191938851 +0100
-+++ fail2ban-0.8.11/files/redhat-initd	2013-11-25 18:07:49.576801893 +0100
-@@ -1,6 +1,6 @@
- #!/bin/bash
- #
--# chkconfig: 345 92 08
-+# chkconfig: - 92 08
- # processname: fail2ban-server
- # config: /etc/fail2ban/fail2ban.conf
- # pidfile: /var/run/fail2ban/fail2ban.pid

fail2ban-0.8.7.1-sshd.patch

@@ -1,18 +0,0 @@
-diff -up fail2ban-0.8.11/config/jail.conf.sshd fail2ban-0.8.11/config/jail.conf
---- fail2ban-0.8.11/config/jail.conf.sshd	2013-11-25 18:08:08.034123038 +0100
-+++ fail2ban-0.8.11/config/jail.conf	2013-11-25 18:16:28.107917373 +0100
-@@ -71,11 +71,11 @@ usedns = warn
- 
- [ssh-iptables]
- 
--enabled  = false
-+enabled  = true
- filter   = sshd
- action   = iptables[name=SSH, port=ssh, protocol=tcp]
--           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
--logpath  = /var/log/sshd.log
-+           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
-+logpath  = /var/log/secure
- maxretry = 5
- 
- [proftpd-iptables]

fail2ban-import.patch

@@ -1,75 +0,0 @@
-commit d561a4c2bbc336db70d5923cf630813bc51dc3ee
-Author: Yaroslav Halchenko <debian@onerussian.com>
-Date:   Mon Jan 28 09:54:08 2013 -0500
-
-    BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112)
-    
-    This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed
-    
-    but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
-
-diff --git a/fail2ban-client b/fail2ban-client
-index 1d8eb15..13d018e 100755
---- a/fail2ban-client
-+++ b/fail2ban-client
-@@ -27,12 +27,13 @@ import getopt, time, shlex, socket
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--if os.path.abspath(__file__).startswith('/usr/'):
--	# makes sense to use system-wide library iff -client is also under /usr/
-+try:
-+	from common.version import version
-+except ImportError, e:
- 	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
--# Now we can import our modules
--from common.version import version
-+# Now we can import the rest of modules
- from common.protocol import printFormatted
- from client.csocket import CSocket
- from client.configurator import Configurator
-diff --git a/fail2ban-regex b/fail2ban-regex
-index a42ed96..f9bc72c 100755
---- a/fail2ban-regex
-+++ b/fail2ban-regex
-@@ -26,13 +26,14 @@ import getopt, sys, time, logging, os
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--if os.path.abspath(__file__).startswith('/usr/'):
--	# makes sense to use system-wide library iff -regex is also under /usr/
--    sys.path.insert(1, "/usr/share/fail2ban")
-+try:
-+	from common.version import version
-+except ImportError, e:
-+	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
- from client.configparserinc import SafeConfigParserWithIncludes
- from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
--from common.version import version
- from server.filter import Filter
- from server.failregex import RegexException
- 
-diff --git a/fail2ban-server b/fail2ban-server
-index bd86e6c..0f3410c 100755
---- a/fail2ban-server
-+++ b/fail2ban-server
-@@ -26,11 +26,12 @@ import getopt, sys, logging, os
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--if os.path.abspath(__file__).startswith('/usr/'):
--	# makes sense to use system-wide library iff -server is also under /usr/
-+try:
-+	from common.version import version
-+except ImportError, e:
- 	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
--from common.version import version
- from server.server import Server
- 
- # Gets the instance of the logger.

fail2ban-log2syslog.patch

@@ -1,12 +0,0 @@
-diff -up fail2ban-0.8.11/config/fail2ban.conf.log2syslog fail2ban-0.8.11/config/fail2ban.conf
---- fail2ban-0.8.11/config/fail2ban.conf.log2syslog	2013-11-25 18:23:28.627391472 +0100
-+++ fail2ban-0.8.11/config/fail2ban.conf	2013-11-25 18:24:57.633978793 +0100
-@@ -30,7 +30,7 @@ loglevel = 3
- #         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
- # Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
- #
--logtarget = /var/log/fail2ban.log
-+logtarget = SYSLOG
- 
- # Option: socket
- # Notes.: Set the socket file. This is used to communicate with the daemon. Do

fail2ban-loglevel.patch

@@ -0,0 +1,21 @@
+commit 1470e3c01d49841335e11ed7ca7898516d1b8be8
+Author: Steven Hiscocks <steven@hiscocks.me.uk>
+Date:   Wed Mar 19 19:09:07 2014 +0000
+
+    BF: fail2ban.conf reader expected "int" type for `loglevel`
+    
+    Closes #657
+
+diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py
+index f17ff92..251c698 100644
+--- a/fail2ban/client/fail2banreader.py
++++ b/fail2ban/client/fail2banreader.py
+@@ -45,7 +45,7 @@ class Fail2banReader(ConfigReader):
+ 		return ConfigReader.getOptions(self, "Definition", opts)
+ 	
+ 	def getOptions(self):
+-		opts = [["int", "loglevel", "INFO" ],
++		opts = [["string", "loglevel", "INFO" ],
+ 				["string", "logtarget", "STDERR"],
+ 				["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
+ 				["int", "dbpurgeage", 86400]]

fail2ban-logrotate

@@ -1,9 +0,0 @@
-/var/log/fail2ban.log {
-    missingok
-    notifempty
-    size 30k
-    create 0600 root root
-    postrotate
-        /usr/bin/fail2ban-client set logtarget SYSLOG 2> /dev/null || true
-    endscript
-}

fail2ban-tests-nonet.patch

@@ -0,0 +1,20 @@
+commit 175c5934620adb600fe4435732a3887855320669
+Author: Steven Hiscocks <steven@hiscocks.me.uk>
+Date:   Wed Mar 19 19:30:48 2014 +0000
+
+    TST: Skip badips.py test is no network option set
+
+diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
+index 456a829..85c1d92 100644
+--- a/fail2ban/tests/utils.py
++++ b/fail2ban/tests/utils.py
+@@ -209,6 +209,9 @@ def gatherTests(regexps=None, no_network=False):
+ 	for file_ in os.listdir(
+ 		os.path.abspath(os.path.dirname(action_d.__file__))):
+ 		if file_.startswith("test_") and file_.endswith(".py"):
++			if no_network and file_ in ['test_badips.py']: #pragma: no cover
++				# Test required network
++				continue
+ 			tests.addTest(testloader.loadTestsFromName(
+ 				"%s.%s" % (action_d.__name__, os.path.splitext(file_)[0])))
+ 

fail2ban-tests-syslog.patch

@@ -0,0 +1,23 @@
+commit 75325da09091f3ae800a2efbcde1a016617e5f1a
+Author: Steven Hiscocks <steven@hiscocks.me.uk>
+Date:   Wed Mar 19 19:21:23 2014 +0000
+
+    TST: Skip SYSLOG log target test if '/dev/log' not present
+
+diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
+index 231aecd..c4163db 100644
+--- a/fail2ban/tests/servertestcase.py
++++ b/fail2ban/tests/servertestcase.py
+@@ -678,6 +678,12 @@ class TransmitterLogging(TransmitterBase):
+ 
+ 		self.setGetTest("logtarget", "STDOUT")
+ 		self.setGetTest("logtarget", "STDERR")
++
++	def testLogTargetSYSLOG(self):
++		if not os.path.exists("/dev/log") and sys.version_info >= (2, 7):
++			raise unittest.SkipTest("'/dev/log' not present")
++		elif not os.path.exists("/dev/log"):
++			return
+ 		self.setGetTest("logtarget", "SYSLOG")
+ 
+ 	def testLogLevel(self):

fail2ban-utf8.patch

@@ -1,18 +0,0 @@
-commit f8983872ad4297ddb3017f4818edd08892dd2129
-Author: Yaroslav Halchenko <debian@onerussian.com>
-Date:   Fri Feb 1 16:07:00 2013 -0500
-
-    BF: return str(host) to avoid spurious characters in the logs (Close gh-113)
-    
-    thanks to opoplawski@github
-
-diff --git a/server/failregex.py b/server/failregex.py
-index 8ce9597..b194d47 100644
---- a/server/failregex.py
-+++ b/server/failregex.py
-@@ -130,4 +130,4 @@ class FailRegex(Regex):
- 			s = self._matchCache.string
- 			r = self._matchCache.re
- 			raise RegexException("No 'host' found in '%s' using '%s'" % (s, r))
--		return host
-+		return str(host)

fail2ban.spec

@@ -1,28 +1,53 @@
-Summary: Ban IPs that make too many password failures
+Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.8.11
-Release: 2%{?dist}
+Version: 0.9
+Release: 7%{?dist}
 License: GPLv2+
-Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1: fail2ban-logrotate
-Patch0: fail2ban-0.8.3-init.patch
-Patch1: fail2ban-0.8.7.1-sshd.patch
-Patch6: fail2ban-log2syslog.patch
-Patch7: 0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch
-Patch8: fail2ban-0.8.11-singlejail.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: python-devel >= 2.3
+# Upstream patch to fix setting loglevel
+# https://github.com/fail2ban/fail2ban/issues/657
+Patch0: fail2ban-loglevel.patch
+# Upstream patch to skip tests with no-network
+# https://github.com/fail2ban/fail2ban/issues/110
+Patch1: fail2ban-tests-nonet.patch
+# Upstream patch to skip syslog tests without /dev/log
+# https://github.com/fail2ban/fail2ban/issues/110
+Patch2: fail2ban-tests-syslog.patch
+
+BuildRequires: python2-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
-Requires: ed
-Requires: iptables
-Requires: gamin-python
-Requires: python-inotify
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 BuildRequires: systemd
+%endif
+# Default components
+Requires: %{name}-firewalld = %{version}-%{release}
+Requires: %{name}-sendmail = %{version}-%{release}
+Requires: %{name}-server = %{version}-%{release}
+Requires: %{name}-systemd = %{version}-%{release}
+
+%description
+Fail2Ban scans log files and bans IP addresses that makes too many password
+failures. It updates firewall rules to reject the IP address. These rules can
+be defined by the user. Fail2Ban can read multiple log files such as sshd or
+Apache web server ones.
+
+Fail2Ban is able to reduce the rate of incorrect authentications attempts
+however it cannot eliminate the risk that weak authentication presents.
+Configure services to use only two factor or public/private authentication
+mechanisms if you really want to protect services.
+
+This is a meta-package that will install the default configuration.  Other
+sub-packages are available to install support for other actions and
+configurations.
+
+
+%package server
+Summary: Core server component for Fail2Ban
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+Requires: systemd-python
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -32,64 +57,159 @@ Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 %endif
+Requires: ipset
+Requires: iptables
 
-%description
-Fail2ban scans log files like /var/log/pwdfail or
-/var/log/apache/error_log and bans IP that makes too many password
-failures. It updates firewall rules to reject the IP address.
+%description server
+This package contains the core server components for Fail2Ban with minimal
+dependencies.  You can install this directly if you want to have a small
+installation and know what you are doing.
+
+
+%package all
+Summary: Install all Fail2Ban packages and dependencies
+Requires: %{name}-firewalld = %{version}-%{release}
+Requires: %{name}-hostsdeny = %{version}-%{release}
+Requires: %{name}-mail = %{version}-%{release}
+Requires: %{name}-sendmail = %{version}-%{release}
+Requires: %{name}-server = %{version}-%{release}
+Requires: %{name}-shorewall = %{version}-%{release}
+Requires: %{name}-systemd = %{version}-%{release}
+Requires: gamin-python
+Requires: perl
+Requires: python-inotify
+Requires: /usr/bin/whois
+
+%description all
+This package installs all of the Fail2Ban packages and dependencies.
+
+
+%package firewalld
+Summary: Firewalld support for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: firewalld
+
+%description firewalld
+This package enables support for manipulating firewalld rules.  This is the
+default firewall service in Fedora.
+
+
+%package hostsdeny
+Summary: Hostsdeny (tcp_wrappers) support for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: ed
+Requires: tcp_wrappers
+
+%description hostsdeny
+This package enables support for manipulating tcp_wrapper's /etc/hosts.deny
+files.
+
+
+%package mail
+Summary: Mail actions for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: mailx
+
+%description mail
+This package installs Fail2Ban's mail actions.  These are an alternative
+to the default sendmail actions.
+
+
+%package sendmail
+Summary: Sendmail actions for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: /usr/sbin/sendmail
 
-To use the hostsdeny and shorewall actions you must install tcp_wrappers
-and shorewall respectively.
+%description sendmail
+This package installs Fail2Ban's sendmail actions.  This is the default
+mail actions for Fail2Ban.
+
+
+%package shorewall
+Summary: Shorewall support for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: shorewall
+
+%description shorewall
+This package enables support for manipulating shoreall rules.
+
+
+%package systemd
+Summary: Systemd journal configuration for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+
+%description systemd
+This package configures Fail2Ban to use the systemd journal for its log input
+by default.
 
 
 %prep
 %setup -q
-%patch0 -p1 -b .init
-%patch1 -p1 -b .sshd
-%patch6 -p1 -b .log2syslog
-%patch7 -p1 -b .apache-authfix
-%patch8 -p1 -b .singlejail
+%patch0 -p1 -b .loglevel
+%patch1 -p1 -b .tests-nonet
+%patch2 -p1 -b .tests-syslog
+# Use Fedora paths
+sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
+# Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
+sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service
 
 %build
 python setup.py build
 
 %install
-rm -rf %{buildroot}
 python setup.py install -O1 --root %{buildroot}
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
 %else
 mkdir -p %{buildroot}%{_initddir}
 install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
 %endif
-mkdir -p %{buildroot}%{_mandir}/man1
-install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1
+mkdir -p %{buildroot}%{_mandir}/man{1,5}
+install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
+install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
-install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
+install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
 install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+# Remove non-Linux actions
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
+# firewalld configuration
+cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <<EOF
+# This file is part of the fail2ban-firewalld package to configure the use of
+# the firewalld actions as the default actions.  You can remove this package
+# (along with the empty fail2ban meta-package) if you do not use firewalld
+[DEFAULT]
+banaction = firewallcmd-ipset
+EOF
+# systemd journal configuration
+cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
+# This file is part of the fail2ban-systemd package to configure the use of
+# the systemd journal as the default backend.  You can remove this package
+# (along with the empty fail2ban meta-package) if you do not want to use the
+# journal backend
+[DEFAULT]
+backend=systemd
+EOF
 # Remove installed doc, use doc macro instead
 rm -r %{buildroot}%{_docdir}/%{name}
 
-# Testcases need network access
-#%check
-#./fail2ban-testcases
-
-%clean
-rm -rf %{buildroot}
+%check
+./fail2ban-testcases-all --no-network
 
-%post
-%if 0%{?fedora} >= 19
+%post server
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %systemd_post fail2ban.service
 %else
 /sbin/chkconfig --add %{name}
 %endif
 
-%preun
-%if 0%{?fedora} >= 19
+%preun server
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %systemd_preun fail2ban.service
 %else
 if [ $1 = 0 ]; then
@@ -98,54 +218,103 @@ if [ $1 = 0 ]; then
 fi
 %endif
 
-%if 0%{?fedora} >= 19
-%postun
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%postun server
 %systemd_postun_with_restart fail2ban.service
 %endif
 
 %files
-%defattr(-,root,root,-)
+
+%files server
 %doc README.md TODO ChangeLog COPYING doc/*.txt
-#doc config/fail2ban.conf*
 %{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
-%{_datadir}/fail2ban
-%if 0%{?fedora} >= 19
+%{_bindir}/fail2ban-testcases
+%{python_sitelib}/*
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %{_unitdir}/fail2ban.service
 %else
 %{_initddir}/fail2ban
 %endif
 %{_mandir}/man1/fail2ban*.1*
-%dir %{_sysconfdir}/fail2ban
-%dir %{_sysconfdir}/fail2ban/action.d
-%dir %{_sysconfdir}/fail2ban/filter.d
-%config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/jail.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
+%{_mandir}/man5/*.5*
+%config(noreplace) %{_sysconfdir}/fail2ban
+%exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
+%exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
-%dir %{_localstatedir}/run/fail2ban/
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
+%dir %{_localstatedir}/run/fail2ban/
+
+%files all
+
+%files firewalld
+%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf
+
+%files hostsdeny
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
+
+%files mail
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+
+%files sendmail
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
+
+%files shorewall
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
+
+%files systemd
+%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf
+
 
 %changelog
-* Tue Dec 03 2013 Adam Tkac <vonsch@gmail.com> - 0.8.11-2
-- include post-release patch for apache-auth filter
-- fix firewalld support (#979622, comment 18)
-
-* Mon Nov 25 2013 Adam Tkac <vonsch@gmail.com> - 0.8.11-1
-- update to 0.8.11 (#1034355)
-- drop part of the fail2ban-0.8.3-init.patch (merged)
-- fail2ban-hostsdeny.patch has been merged
-- fail2ban-mailx.patch has been merged
-- fail2ban-notmp.patch has been merged
-
-* Wed Aug 28 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.10-3
-- Add upstream patch to fix mailx argument ordering (bug #998020)
-
-* Fri Aug 16 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.10-2
-- Add upstream patch to fix hostsdeny permission issue
+* Mon Jul 21 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-7
+- Use systemd for EL7
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-5
+- Require mailx for /usr/bin/mail
+
+* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-4
+- Need empty %%files to produce main and -all package
+
+* Wed Mar 19 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-3
+- Split into sub-packages for different components
+- Enable journal filter by default (bug #985567)
+- Enable firewalld action by default (bug #1046816)
+- Add upstream patch to fix setting loglevel in fail2ban.conf
+- Add upstream patches to fix tests in mock, run tests
+
+* Tue Mar 18 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-2
+- Use Fedora paths
+- Start after firewalld (bug #1067147)
+
+* Mon Mar 17 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-1
+- Update to 0.9
+
+* Tue Sep 24 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.3.git1f1a561
+- Update to current 0.9 git branch
+- Rebase init patch, drop jail.d and notmp patch applied upstream
+
+* Fri Aug 9 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.2.gitd529151
+- Ship jail.conf(5) man page
+- Ship empty /etc/fail2ban/jail.d directory
+
+* Thu Aug 8 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.1.gitd529151
+- Update to 0.9 git branch
+- Rebase patches
+- Require systemd-python for journal support
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
 * Wed Jun 12 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.10-1
 - Update to 0.8.10 security release

sources

@@ -1 +1 @@
-2182a21c7efd885f373ffc941d11914d  fail2ban-0.8.11.tar.gz
+02de1ff774f3c16d23450a3ad1c43137  fail2ban-0.9.tar.gz