You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fail2ban/fail2ban.spec

894 lines
30 KiB

%if 0%{?rhel} >= 9
%bcond_with shorewall
%else
%bcond_without shorewall
%endif
Name: fail2ban
Version: 1.0.2
Release: 11%{?dist}
Summary: Daemon to ban hosts that cause multiple authentication errors
License: GPLv2+
URL: http://fail2ban.sourceforge.net/
Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
# Releases are signed by Serg G. Brester (sebres) <info AT sebres.de>. The
# fingerprint can be found in a signature file:
# gpg --list-packets fail2ban-1.0.2.tar.gz.asc | grep 'issuer fpr'
#
# The following commands can be used to fetch the signing key via fingerprint
# and extract it:
# fpr=8738559E26F671DF9E2C6D9E683BF1BEBD0A882C
# gpg --receive-keys $fpr
# gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
Source2: gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc
# SELinux policy
Source3: fail2ban.fc
Source4: fail2ban.if
Source5: fail2ban.te
Source6: Makefile
# Give up being PartOf iptables and ipset for now
# https://bugzilla.redhat.com/show_bug.cgi?id=1379141
# https://bugzilla.redhat.com/show_bug.cgi?id=1573185
Patch0: fail2ban-partof.patch
# Patch for dovecot jail eating 100% CPU
#Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
# Remove warning about allowipv6 from startup
Patch2: https://github.com/fail2ban/fail2ban/commit/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
BuildArch: noarch
%if 0%{?rhel} && 0%{?rhel} < 8
BuildRequires: python-devel
BuildRequires: python-setuptools
# For testcases
BuildRequires: python-inotify
%else
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: /usr/bin/2to3
# For testcases
BuildRequires: python3-inotify
%endif
# using a python3_version-based conditional does not work here, so
# this is a proxy for "Python version greater than 3.12". asyncore
# and asynchat were dropped from cpython core in 3.12, these modules
# make them available again. See:
# https://github.com/fail2ban/fail2ban/issues/3487
# https://bugzilla.redhat.com/show_bug.cgi?id=2219991
%if 0%{?fedora} > 38
BuildRequires: python3-pyasyncore
BuildRequires: python3-pyasynchat
%endif
BuildRequires: sqlite
BuildRequires: systemd
BuildRequires: selinux-policy-devel
BuildRequires: make
BuildRequires: bash-completion
BuildRequires: gnupg2
# Default components
Requires: %{name}-firewalld = %{version}-%{release}
Requires: %{name}-sendmail = %{version}-%{release}
Requires: %{name}-server = %{version}-%{release}
%description
Fail2Ban scans log files and bans IP addresses that makes too many password
failures. It updates firewall rules to reject the IP address. These rules can
be defined by the user. Fail2Ban can read multiple log files such as sshd or
Apache web server ones.
Fail2Ban is able to reduce the rate of incorrect authentications attempts
however it cannot eliminate the risk that weak authentication presents.
Configure services to use only two factor or public/private authentication
mechanisms if you really want to protect services.
This is a meta-package that will install the default configuration. Other
sub-packages are available to install support for other actions and
configurations.
%package selinux
Summary: SELinux policies for Fail2Ban
%{?selinux_requires}
%global modulename fail2ban
%global selinuxtype targeted
%description selinux
SELinux policies for Fail2Ban.
%package server
Summary: Core server component for Fail2Ban
%if 0%{?rhel} && 0%{?rhel} < 8
Requires: systemd-python
Requires: ipset
Requires: iptables
%else
Requires: python3-systemd
Requires: nftables
%endif
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
%if 0%{?fedora} || 0%{?rhel} >= 8
Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
%else
Requires: %{name}-selinux
%endif
# see note above in BuildRequires section
%if v"0%{?python3_version}" >= v"3.12"
Requires: python3-pyasyncore
Requires: python3-pyasynchat
%endif
%description server
This package contains the core server components for Fail2Ban with minimal
dependencies. You can install this directly if you want to have a small
installation and know what you are doing.
%package all
Summary: Install all Fail2Ban packages and dependencies
Requires: %{name}-firewalld = %{version}-%{release}
Requires: %{name}-hostsdeny = %{version}-%{release}
Requires: %{name}-mail = %{version}-%{release}
Requires: %{name}-sendmail = %{version}-%{release}
Requires: %{name}-server = %{version}-%{release}
%if %{with shorewall}
Requires: %{name}-shorewall = %{version}-%{release}
%endif
Requires: perl-interpreter
%if 0%{?rhel} && 0%{?rhel} < 8
Requires: python-inotify
# No python3 support for gamin so epel only
Requires: gamin-python
%else
Requires: python3-inotify
%endif
Requires: /usr/bin/whois
%description all
This package installs all of the Fail2Ban packages and dependencies.
%package firewalld
Summary: Firewalld support for Fail2Ban
Requires: %{name}-server = %{version}-%{release}
Requires: firewalld
%description firewalld
This package enables support for manipulating firewalld rules. This is the
default firewall service in Fedora.
%package hostsdeny
Summary: Hostsdeny (tcp_wrappers) support for Fail2Ban
Requires: %{name}-server = %{version}-%{release}
Requires: ed
Requires: tcp_wrappers
%description hostsdeny
This package enables support for manipulating tcp_wrapper's /etc/hosts.deny
files.
%package tests
Summary: Fail2Ban testcases
Requires: %{name}-server = %{version}-%{release}
%description tests
This package contains Fail2Ban's testscases and scripts.
%package mail
Summary: Mail actions for Fail2Ban
Requires: %{name}-server = %{version}-%{release}
Requires: /usr/bin/mail
%description mail
This package installs Fail2Ban's mail actions. These are an alternative
to the default sendmail actions.
%package sendmail
Summary: Sendmail actions for Fail2Ban
Requires: %{name}-server = %{version}-%{release}
Requires: /usr/sbin/sendmail
%description sendmail
This package installs Fail2Ban's sendmail actions. This is the default
mail actions for Fail2Ban.
%if %{with shorewall}
%package shorewall
Summary: Shorewall support for Fail2Ban
Requires: %{name}-server = %{version}-%{release}
Requires: shorewall
Conflicts: %{name}-shorewall-lite
%description shorewall
This package enables support for manipulating shorewall rules.
%package shorewall-lite
Summary: Shorewall lite support for Fail2Ban
Requires: %{name}-server = %{version}-%{release}
Requires: shorewall-lite
Conflicts: %{name}-shorewall
%description shorewall-lite
This package enables support for manipulating shorewall rules.
%endif
%package systemd
Summary: Systemd journal configuration for Fail2Ban
Requires: %{name}-server = %{version}-%{release}
%description systemd
This package configures Fail2Ban to use the systemd journal for its log input
by default.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1
# this test uses smtpd which is removed in Python 3.12, rewriting it
# isn't trivial
%if v"0%{?python3_version}" >= v"3.12"
rm -f fail2ban/tests/action_d/test_smtp.py
%endif
# Use Fedora paths
sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
%if 0%{?fedora} || 0%{?rhel} >= 8
2to3 --write --nobackups .
find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
%endif
# SELinux sources
cp -p %SOURCE3 %SOURCE4 %SOURCE5 .
# 2to3 has been removed from setuptools and we already use the binary in
# %%prep.
sed -i "/use_2to3/d" setup.py
%build
%if 0%{?rhel} && 0%{?rhel} < 8
%py2_build
%else
%py3_build
%endif
make -f %SOURCE6
%install
%if 0%{?rhel} && 0%{?rhel} < 8
%py2_install
# Make symbolic link relative
ln -fs python2 %{buildroot}%{_bindir}/fail2ban-python
%else
%py3_install
ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
%endif
mkdir -p %{buildroot}%{_unitdir}
cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
mkdir -p %{buildroot}%{_mandir}/man{1,5}
install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
install -d -m 0755 %{buildroot}/run/fail2ban/
install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
mkdir -p %{buildroot}%{_tmpfilesdir}
install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
# Remove non-Linux actions
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
# Remove config files for other distros
rm -f %{buildroot}%{_sysconfdir}/fail2ban/paths-{arch,debian,freebsd,opensuse,osx}.conf
# firewalld configuration
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <<EOF
# This file is part of the fail2ban-firewalld package to configure the use of
# the firewalld actions as the default actions. You can remove this package
# (along with the empty fail2ban meta-package) if you do not use firewalld
[DEFAULT]
banaction = firewallcmd-rich-rules
banaction_allports = firewallcmd-rich-rules
EOF
# systemd journal configuration
cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <<EOF
# This file is part of the fail2ban-systemd package to configure the use of
# the systemd journal as the default backend. You can remove this package
# (along with the empty fail2ban meta-package) if you do not want to use the
# journal backend
[DEFAULT]
backend=systemd
EOF
# Remove installed doc, use doc macro instead
rm -r %{buildroot}%{_docdir}/%{name}
# SELinux
# install policy modules
install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
#BASH completion
COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion)
%__mkdir_p $COMPLETIONDIR
%__install -p -m 644 files/bash-completion $COMPLETIONDIR/fail2ban
%check
%if 0%{?rhel} && 0%{?rhel} < 8
%python2 bin/fail2ban-testcases --verbosity=2 --no-network
%else
%if 0%{?fedora} > 38
# testRepairDb does not work with sqlite 3.42.0+
# https://github.com/fail2ban/fail2ban/issues/3586
%python3 bin/fail2ban-testcases --verbosity=2 --no-network -i testRepairDb
%else
%python3 bin/fail2ban-testcases --verbosity=2 --no-network
%endif
%endif
%pre selinux
%selinux_relabel_pre -s %{selinuxtype}
%post selinux
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
%postun selinux
if [ $1 -eq 0 ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{modulename}
fi
%posttrans selinux
%selinux_relabel_post -s %{selinuxtype}
%post server
%systemd_post fail2ban.service
%preun server
%systemd_preun fail2ban.service
%postun server
%systemd_postun_with_restart fail2ban.service
%files
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
%license COPYING
%files server
%doc README.md TODO ChangeLog COPYING doc/*.txt
%{_bindir}/fail2ban-client
%{_bindir}/fail2ban-python
%{_bindir}/fail2ban-regex
%{_bindir}/fail2ban-server
%if 0%{?rhel} && 0%{?rhel} < 8
%{python2_sitelib}/*
%exclude %{python2_sitelib}/fail2ban/tests
%else
%{python3_sitelib}/*
%exclude %{python3_sitelib}/fail2ban/tests
%endif
%{_unitdir}/fail2ban.service
%{_datadir}/bash-completion/
%{_mandir}/man1/fail2ban.1*
%{_mandir}/man1/fail2ban-client.1*
%{_mandir}/man1/fail2ban-python.1*
%{_mandir}/man1/fail2ban-regex.1*
%{_mandir}/man1/fail2ban-server.1*
%{_mandir}/man5/*.5*
%config(noreplace) %{_sysconfdir}/fail2ban/
%exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
%exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
%exclude %{_sysconfdir}/fail2ban/action.d/mail.conf
%exclude %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
%exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
%exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
%exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
%{_tmpfilesdir}/fail2ban.conf
%dir %{_localstatedir}/lib/fail2ban/
%dir /run/%{name}/
%ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
%files all
%files firewalld
%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf
%files hostsdeny
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
%files tests
%{_bindir}/fail2ban-testcases
%{_mandir}/man1/fail2ban-testcases.1*
%if 0%{?rhel} && 0%{?rhel} < 8
%{python2_sitelib}/fail2ban/tests
%else
%{python3_sitelib}/fail2ban/tests
%endif
%files mail
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail.conf
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
%files sendmail
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
%if %{with shorewall}
%files shorewall
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
%files shorewall-lite
%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
%endif
%files systemd
%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf
%changelog
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Sep 27 2023 Adam Williamson <awilliam@redhat.com> - 1.0.2-9
- Require pyasynchat and pyasyncore with Python 3.12+
- Disable smtp tests on F39+ due to removal of smtpd from Python 3.12
- Disable db repair test on F39+ as it's broken with sqlite 3.42.0+
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jun 26 2023 Todd Zullinger <tmz@pobox.com> - 1.0.2-7
- exclude shorewall subpackage on epel9 (rhbz#2217649)
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 1.0.2-6
- Rebuilt for Python 3.12
* Tue Apr 04 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-5
- Drop downstream python3.11 patch, upstream went with a different fix
* Sun Apr 02 2023 Todd Zullinger <tmz@pobox.com> - 1.0.2-4
- verify upstream source signature
* Thu Mar 30 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-3
- Add upstream patch to remove warning about allowipv6 (bz#2160781)
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Dec 17 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.2-1
- Update to 1.0.2.
* Wed Nov 02 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.1-2
- Add patch for dovecot eating 100% CPU.
* Sun Oct 02 2022 Richard Shaw <hobbes1069@gmail.com> - 1.0.1-1
- Update to 1.0.1.
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jun 15 2022 Python Maint <python-maint@redhat.com> - 0.11.2-13
- Rebuilt for Python 3.11
* Wed May 18 2022 Orion Poplawski <orion@nwra.com> - 0.11.2-12
- Fix SELinux policy to allow watch on var_log_t (bz#2083923)
* Fri Jan 28 2022 Orion Poplawski <orion@nwra.com> - 0.11.2-11
- Require /usr/bin/mail instead of mailx
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sun Sep 26 2021 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 0.11.2-9
- Fix CVE-2021-32749 RHBZ#1983223
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 07 2021 Python Maint <python-maint@redhat.com> - 0.11.2-7
- Rebuilt for Python 3.10
* Sun Jun 06 2021 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-6
- Update selinux policy for Fedora 34+
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.11.2-5
- Rebuilt for Python 3.10
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.11.2-4
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 06 2021 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-2
- Add patch to deal with a new century in tests (2021).
* Tue Nov 24 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-1
- Update to 0.11.2.
* Fri Aug 28 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-10.2
- Create shorewall-lite subpackage package which conflicts with shorewall
subpackage. Fixes RHBZ#1872759.
* Tue Jul 28 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-9.2
- Fix python2 requires for EPEL 7.
* Mon Jul 27 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-9
- Add conditonals back for EL 7 as it's being brought up to date.
- Add patch to deal with nftables not accepting ":" as a port separator.
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.11.1-7
- Rebuilt for Python 3.9
* Thu Apr 16 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-6
- Change default firewalld backend from ipset to rich-rules as ipset causes
firewalld to use legacy iptables. Fixes RHBZ#1823746.
- Remove conditionals for EL versions less than 7.
* Thu Mar 19 2020 Richard Shaw <hobbes1069@gmail.com> - 0.11.1-5
- Update for Python 3.9.
* Wed Feb 26 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-4
- Add SELinux policy
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 21 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-2
- Move action.d/mail-whois-common.conf into fail2ban-server
* Tue Jan 14 2020 Orion Poplawski <orion@nwra.com> - 0.11.1-1
- Update to 0.11.1
* Tue Jan 14 2020 Orion Poplawski <orion@nwra.com> - 0.10.5-1
- Update to 0.10.5
* Thu Nov 21 2019 Orion Poplawski <orion@nwra.com> - 0.10.4-8
- Define banaction_allports for firewalld, update banaction (bz#1775175)
- Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625)
* Thu Oct 31 2019 Orion Poplawski <orion@nwra.com> - 0.10.4-7
- Remove config files for other distros (bz#1533113)
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.10.4-6
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.10.4-5
- Rebuilt for Python 3.8
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sun Nov 18 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.10.4-2
- Drop explicit locale setting
See https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot
* Fri Oct 5 2018 Orion Poplawski <orion@nwra.com> - 0.10.4-1
- Update to 0.10.4
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Orion Poplawski <orion@nwra.com> - 0.10.3.1-2
- Remove PartOf ipset.service (bug #1573185)
* Tue Jun 19 2018 Orion Poplawski <orion@nwra.com> - 0.10.3.1-1
- Update to 0.10.3.1
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.10.2-2
- Rebuilt for Python 3.7
* Wed Mar 28 2018 Orion Poplawski <orion@nwra.com> - 0.10.2-1
- Update to 0.10.2
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Dec 30 2017 Orion Poplawski <orion@nwra.com> - 0.10.1-3
- Add upstream patch to fix ipset issue (bug #1525134)
* Sat Dec 30 2017 Orion Poplawski <orion@nwra.com> - 0.10.1-2
- Add upstream patch to fix buildroot issue
* Tue Nov 14 2017 Orion Poplawski <orion@cora.nwra.com> - 0.10.1-1
- Update to 0.10.1
* Wed Sep 20 2017 Orion Poplawski <orion@cora.nwra.com> - 0.10.0-1
- Update to 0.10.0
* Wed Aug 16 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.7-4
- Use BR /usr/bin/2to3
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Jul 13 2017 Petr Pisar <ppisar@redhat.com> - 0.9.7-2
- perl dependency renamed to perl-interpreter
<https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
* Wed Jul 12 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.7-1
- Update to 0.9.7
* Wed Feb 15 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-4
- Properly handle /run/fail2ban (bug #1422500)
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Jan 10 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-2
- Add upstream patch to fix fail2ban-regex with journal
* Fri Jan 6 2017 Orion Poplawski <orion@cora.nwra.com> - 0.9.6-1
- Update to 0.9.6
- Fix sendmail-auth filter (bug #1329919)
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 0.9.5-5
- Rebuild for Python 3.6
* Fri Oct 7 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-4
- %%ghost /run/fail2ban
- Fix typo in shorewall description
- Move tests to -tests sub-package
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-3
- Add journalmatch entries for sendmail (bug #1329919)
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-2
- Give up being PartOf iptables to allow firewalld restarts to work
(bug #1379141)
* Mon Oct 3 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-1
- Add patch to fix failing test
* Sun Sep 25 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.5-1
- Update to 0.9.5
- Drop mysql patch applied upstream
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.4-6
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Tue Apr 5 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-5
- Fix python3 usage (bug #1324113)
* Sun Mar 27 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-4
- Use %%{_tmpfilesdir} for systemd tmpfile config
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-3
- No longer need to add After=firewalld.service (bug #1301910)
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-2
- Fix mariadb/mysql log handling
* Wed Mar 9 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.4-1
- Update to 0.9.4
- Use mariadb log path by default
* Tue Feb 23 2016 Orion Poplawski <orion@cora.nwra.com> - 0.9.3-3
- Use python3 (bug #1282498)
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Sat Sep 12 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.3-1
- Update to 0.9.3
- Cleanup spec, use new python macros
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Thu Apr 30 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.2-1
- Update to 0.9.2
* Mon Mar 16 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-4
- Do not load user paths for fail2ban-{client,server} (bug #1202151)
* Sun Feb 22 2015 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-3
- Do not use systemd by default
* Fri Nov 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-2
- Fix php-url-fopen logpath (bug #1169026)
* Tue Oct 28 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9.1-1
- Update to 0.9.1
* Fri Aug 15 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
- Add patch to fix tests
* Fri Aug 8 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-8
- Fix log paths for some jails (bug #1128152)
* Mon Jul 21 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-7
- Use systemd for EL7
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-5
- Require mailx for /usr/bin/mail
* Thu Mar 20 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-4
- Need empty %%files to produce main and -all package
* Wed Mar 19 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-3
- Split into sub-packages for different components
- Enable journal filter by default (bug #985567)
- Enable firewalld action by default (bug #1046816)
- Add upstream patch to fix setting loglevel in fail2ban.conf
- Add upstream patches to fix tests in mock, run tests
* Tue Mar 18 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-2
- Use Fedora paths
- Start after firewalld (bug #1067147)
* Mon Mar 17 2014 Orion Poplawski <orion@cora.nwra.com> - 0.9-1
- Update to 0.9
* Tue Sep 24 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.3.git1f1a561
- Update to current 0.9 git branch
- Rebase init patch, drop jail.d and notmp patch applied upstream
* Fri Aug 9 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.2.gitd529151
- Ship jail.conf(5) man page
- Ship empty /etc/fail2ban/jail.d directory
* Thu Aug 8 2013 Orion Poplawski <orion@cora.nwra.com> - 0.9-0.1.gitd529151
- Update to 0.9 git branch
- Rebase patches
- Require systemd-python for journal support
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jun 12 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.10-1
- Update to 0.8.10 security release
- Use upstream provided systemd files
- Drop upstreamed patches, rebase log2syslog and notmp patches
* Fri Mar 15 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-4
- Use systemd init for Fedora 19+ (bug #883158)
* Thu Feb 14 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-3
- Add patch from upstream to fix module imports (Bug #892365)
- Add patch from upstream to UTF-8 characters in syslog (Bug #905097)
- Drop Requires: tcp_wrappers and shorewall (Bug #781341)
* Fri Jan 18 2013 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-2
- Add patch to prevent sshd blocks of successful logins for systems that use
sssd or ldap
* Mon Dec 17 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.8-1
- Update to 0.8.8 (CVE-2012-5642 Bug #887914)
* Thu Oct 11 2012 Orion Poplawski <orion@cora.nwra.com> - 0.8.7.1-1
- Update to 0.8.7.1
- Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
- Rebase sshd and notmp patches
- Use _initddir macro
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.4-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sat Apr 9 2011 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-27
- Move tmp files to /var/lib (suggested by Phil Anderson).
- Enable inotify support (by Jonathan Underwood).
- Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584.
* Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
- Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
cloexec another fd leak.
* Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
- update to 0.8.4.
* Wed Sep 2 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-22
- Update to a newer svn snapshot to fix python 2.6 issue.
* Thu Aug 27 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-21
- Log to syslog (RH bug #491983). Also deals with RH bug #515116.
- Check inodes of log files (RH bug #503852).
* Sat Feb 14 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-18
- Fix CVE-2009-0362 (Fedora bugs #485461, #485464, #485465, #485466).
* Mon Dec 01 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.8.3-17
- Rebuild for Python 2.6
* Sun Aug 24 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.3-16
- Update to 0.8.3.
* Wed May 21 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 0.8.2-15
- fix license tag
* Thu Mar 27 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-14
- Close on exec fixes by Jonathan Underwood.
* Sun Mar 16 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-13
- Add %%{_localstatedir}/run/fail2ban (David Rees).
* Fri Mar 14 2008 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.2-12
- Update to 0.8.2.
* Thu Jan 31 2008 Jonathan G. Underwood <jonathan.underwood@gmail.com> - 0.8.1-11
- Move socket file from /tmp to /var/run to prevent SElinux from stopping
fail2ban from starting (BZ #429281)
- Change logic in init file to start with -x to remove the socket file in case
of unclean shutdown
* Wed Aug 15 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.1-10
- Update to 0.8.1.
- Remove patch fixing CVE-2007-4321 (upstream).
- Remove AllowUsers patch (upstream).
- Add dependency to gamin-python.
* Thu Jun 21 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-9
- Fix remote log injection (no CVE assignment yet).
* Sun Jun 3 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-8
- Also trigger on non-AllowUsers failures (Jonathan Underwood
<jonathan.underwood@gmail.com>).
* Wed May 23 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-7
- logrotate should restart fail2ban (Zing <zing@fastmail.fm>).
- send mail to root; logrotate (Jonathan Underwood
<jonathan.underwood@gmail.com>)
* Sat May 19 2007 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.0-4
- Update to 0.8.0.
- enable ssh by default, fix log file for ssh scanning, adjust python
dependency (Jonathan Underwood <jonathan.underwood@gmail.com>)
* Sat Dec 30 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-3
- Remove forgotten condrestart.
* Fri Dec 29 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-2
- Move /usr/lib/fail2ban to %%{_datadir}/fail2ban.
- Don't default chkconfig to enabled.
- Add dependencies on service/chkconfig.
- Use example iptables/ssh config as default config.
* Mon Dec 25 2006 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.6.2-1
- Initial build.