From ed63d5a903ff59bc694943cc40cdb2c4a91bb3c4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 28 Jul 2010 14:11:37 +0000 Subject: [PATCH 001/201] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index dfaa955..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: fail2ban -# $Id$ -NAME := fail2ban -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From aa671a991b2be966eee43c0d6a12a003394c242f Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 11 Aug 2010 17:27:37 -0400 Subject: [PATCH 002/201] recompiling .py files against Python 2.7 (rhbz#623295) --- fail2ban.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 76f5e33..fd7a52f 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -4,7 +4,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.4 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ @@ -84,6 +84,9 @@ fi %dir %{_localstatedir}/run/fail2ban %changelog +* Wed Aug 11 2010 David Malcolm - 0.8.4-25 +- recompiling .py files against Python 2.7 (rhbz#623295) + * Sun Feb 14 2010 Axel Thimm - 0.8.4-24 - Patch by Jonathan G. Underwood to cloexec another fd leak. From f7225b0819af72a8b8a1669c46db0454d059fe6c Mon Sep 17 00:00:00 2001 From: David Malcolm Date: Wed, 11 Aug 2010 17:27:49 -0400 Subject: [PATCH 003/201] recompiling .py files against Python 2.7 (rhbz#623295) --- fail2ban.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index 76f5e33..fd7a52f 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -4,7 +4,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.4 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ @@ -84,6 +84,9 @@ fi %dir %{_localstatedir}/run/fail2ban %changelog +* Wed Aug 11 2010 David Malcolm - 0.8.4-25 +- recompiling .py files against Python 2.7 (rhbz#623295) + * Sun Feb 14 2010 Axel Thimm - 0.8.4-24 - Patch by Jonathan G. Underwood to cloexec another fd leak. From 4e465e580bed35d9ea8127deb9f3aacde86b1b2e Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 8 Feb 2011 13:12:52 -0600 Subject: [PATCH 004/201] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- fail2ban.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fail2ban.spec b/fail2ban.spec index fd7a52f..166104a 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -4,7 +4,7 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.4 -Release: 25%{?dist} +Release: 26%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ @@ -84,6 +84,9 @@ fi %dir %{_localstatedir}/run/fail2ban %changelog +* Tue Feb 08 2011 Fedora Release Engineering - 0.8.4-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Wed Aug 11 2010 David Malcolm - 0.8.4-25 - recompiling .py files against Python 2.7 (rhbz#623295) From af90cd27edf5811023039788340301665ed340f8 Mon Sep 17 00:00:00 2001 From: Axel Thimm Date: Sat, 9 Apr 2011 19:26:24 +0200 Subject: [PATCH 005/201] Fix several minor bugs, and move to using inotify instead of gamin. --- fail2ban-0.8.4-examplemail.patch | 110 +++ fail2ban-0.8.4-notmp.patch | 101 +++ fail2ban-tmpfiles.conf | 1 + fail2ban.spec | 30 +- pyinotify.patch | 1379 ++++++++++++++++++++++++++++++ 5 files changed, 1612 insertions(+), 9 deletions(-) create mode 100644 fail2ban-0.8.4-examplemail.patch create mode 100644 fail2ban-0.8.4-notmp.patch create mode 100644 fail2ban-tmpfiles.conf create mode 100644 pyinotify.patch diff --git a/fail2ban-0.8.4-examplemail.patch b/fail2ban-0.8.4-examplemail.patch new file mode 100644 index 0000000..71268b5 --- /dev/null +++ b/fail2ban-0.8.4-examplemail.patch @@ -0,0 +1,110 @@ +--- fail2ban-0.8.4/config/jail.conf.bak 2011-04-09 17:53:27.022210040 +0200 ++++ fail2ban-0.8.4/config/jail.conf 2011-04-09 18:22:35.075335264 +0200 +@@ -45,7 +45,7 @@ + enabled = true + filter = sshd + action = iptables[name=SSH, port=ssh, protocol=tcp] +- sendmail-whois[name=SSH, dest=root, sender=fail2ban@mail.com] ++ sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com] + logpath = /var/log/secure + maxretry = 5 + +@@ -54,7 +54,7 @@ + enabled = false + filter = proftpd + action = iptables[name=ProFTPD, port=ftp, protocol=tcp] +- sendmail-whois[name=ProFTPD, dest=you@mail.com] ++ sendmail-whois[name=ProFTPD, dest=you@example.com] + logpath = /var/log/proftpd/proftpd.log + maxretry = 6 + +@@ -66,7 +66,7 @@ + filter = sasl + backend = polling + action = iptables[name=sasl, port=smtp, protocol=tcp] +- sendmail-whois[name=sasl, dest=you@mail.com] ++ sendmail-whois[name=sasl, dest=you@example.com] + logpath = /var/log/mail.log + + # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is +@@ -77,7 +77,7 @@ + enabled = false + filter = sshd + action = hostsdeny +- sendmail-whois[name=SSH, dest=you@mail.com] ++ sendmail-whois[name=SSH, dest=you@example.com] + ignoreregex = for myuser from + logpath = /var/log/sshd.log + +@@ -101,7 +101,7 @@ + enabled = false + filter = postfix + action = hostsdeny[file=/not/a/standard/path/hosts.deny] +- sendmail[name=Postfix, dest=you@mail.com] ++ sendmail[name=Postfix, dest=you@example.com] + logpath = /var/log/postfix.log + bantime = 300 + +@@ -112,7 +112,7 @@ + + enabled = false + filter = vsftpd +-action = sendmail-whois[name=VSFTPD, dest=you@mail.com] ++action = sendmail-whois[name=VSFTPD, dest=you@example.com] + logpath = /var/log/vsftpd.log + maxretry = 5 + bantime = 1800 +@@ -124,7 +124,7 @@ + enabled = false + filter = vsftpd + action = iptables[name=VSFTPD, port=ftp, protocol=tcp] +- sendmail-whois[name=VSFTPD, dest=you@mail.com] ++ sendmail-whois[name=VSFTPD, dest=you@example.com] + logpath = /var/log/vsftpd.log + maxretry = 5 + bantime = 1800 +@@ -137,7 +137,7 @@ + enabled = false + filter = apache-badbots + action = iptables-multiport[name=BadBots, port="http,https"] +- sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com] ++ sendmail-buffered[name=BadBots, lines=5, dest=you@example.com] + logpath = /var/www/*/logs/access_log + bantime = 172800 + maxretry = 1 +@@ -149,7 +149,7 @@ + enabled = false + filter = apache-noscript + action = shorewall +- sendmail[name=Postfix, dest=you@mail.com] ++ sendmail[name=Postfix, dest=you@example.com] + logpath = /var/log/apache2/error_log + + # Ban attackers that try to use PHP's URL-fopen() functionality +@@ -190,7 +190,7 @@ + enabled = false + filter = sshd + action = ipfw[localhost=192.168.0.1] +- sendmail-whois[name="SSH,IPFW", dest=you@mail.com] ++ sendmail-whois[name="SSH,IPFW", dest=you@example.com] + logpath = /var/log/auth.log + ignoreip = 168.192.0.1 + +@@ -216,7 +216,7 @@ + enabled = false + filter = named-refused + action = iptables-multiport[name=Named, port="domain,953", protocol=udp] +- sendmail-whois[name=Named, dest=you@mail.com] ++ sendmail-whois[name=Named, dest=you@example.com] + logpath = /var/log/named/security.log + ignoreip = 168.192.0.1 + +@@ -227,7 +227,7 @@ + enabled = false + filter = named-refused + action = iptables-multiport[name=Named, port="domain,953", protocol=tcp] +- sendmail-whois[name=Named, dest=you@mail.com] ++ sendmail-whois[name=Named, dest=you@example.com] + logpath = /var/log/named/security.log + ignoreip = 168.192.0.1 + diff --git a/fail2ban-0.8.4-notmp.patch b/fail2ban-0.8.4-notmp.patch new file mode 100644 index 0000000..dc09397 --- /dev/null +++ b/fail2ban-0.8.4-notmp.patch @@ -0,0 +1,101 @@ +diff -rud fail2ban-0.8.4.org/ChangeLog fail2ban-0.8.4/ChangeLog +--- fail2ban-0.8.4.org/ChangeLog 2009-09-07 21:11:29.000000000 +0200 ++++ fail2ban-0.8.4/ChangeLog 2011-04-09 17:56:51.029085738 +0200 +@@ -353,7 +353,7 @@ + Thanks to Tom Pike + - fail2ban.conf modified for readability. Thanks to Iain Lea + - Added an initd script for Gentoo +-- Changed default PID lock file location from /tmp to /var/run ++- Changed default PID lock file location from /var/lib/fail2ban to /var/run + + ver. 0.4.0 (2005/04/24) - stable + ---------- +diff -rud fail2ban-0.8.4.org/client/fail2banreader.py fail2ban-0.8.4/client/fail2banreader.py +--- fail2ban-0.8.4.org/client/fail2banreader.py 2008-02-27 22:44:56.000000000 +0100 ++++ fail2ban-0.8.4/client/fail2banreader.py 2011-04-09 17:56:51.027086612 +0200 +@@ -39,7 +39,7 @@ + ConfigReader.read(self, "fail2ban") + + def getEarlyOptions(self): +- opts = [["string", "socket", "/tmp/fail2ban.sock"]] ++ opts = [["string", "socket", "/var/lib/fail2ban/fail2ban.sock"]] + return ConfigReader.getOptions(self, "Definition", opts) + + def getOptions(self): +diff -rud fail2ban-0.8.4.org/config/action.d/dshield.conf fail2ban-0.8.4/config/action.d/dshield.conf +--- fail2ban-0.8.4.org/config/action.d/dshield.conf 2008-07-14 19:13:47.000000000 +0200 ++++ fail2ban-0.8.4/config/action.d/dshield.conf 2011-04-09 17:56:51.031085423 +0200 +@@ -204,7 +204,7 @@ + + # Option: tmpfile + # Notes.: Base name of temporary files used for buffering +-# Values: [ STRING ] Default: /tmp/fail2ban-dshield ++# Values: [ STRING ] Default: /var/lib/fail2ban/fail2ban-dshield + # +-tmpfile = /tmp/fail2ban-dshield ++tmpfile = /var/lib/fail2ban/fail2ban-dshield + +diff -rud fail2ban-0.8.4.org/config/action.d/mail-buffered.conf fail2ban-0.8.4/config/action.d/mail-buffered.conf +--- fail2ban-0.8.4.org/config/action.d/mail-buffered.conf 2008-07-16 23:11:43.000000000 +0200 ++++ fail2ban-0.8.4/config/action.d/mail-buffered.conf 2011-04-09 17:56:51.031085423 +0200 +@@ -81,7 +81,7 @@ + + # Default temporary file + # +-tmpfile = /tmp/fail2ban-mail.txt ++tmpfile = /var/lib/fail2ban/fail2ban-mail.txt + + # Destination/Addressee of the mail + # +diff -rud fail2ban-0.8.4.org/config/action.d/mynetwatchman.conf fail2ban-0.8.4/config/action.d/mynetwatchman.conf +--- fail2ban-0.8.4.org/config/action.d/mynetwatchman.conf 2008-07-14 19:14:13.000000000 +0200 ++++ fail2ban-0.8.4/config/action.d/mynetwatchman.conf 2011-04-09 17:56:51.030086280 +0200 +@@ -139,6 +139,6 @@ + + # Option: tmpfile + # Notes.: Base name of temporary files +-# Values: [ STRING ] Default: /tmp/fail2ban-mynetwatchman ++# Values: [ STRING ] Default: /var/lib/fail2ban/fail2ban-mynetwatchman + # +-tmpfile = /tmp/fail2ban-mynetwatchman ++tmpfile = /var/lib/fail2ban/fail2ban-mynetwatchman +diff -rud fail2ban-0.8.4.org/config/action.d/sendmail-buffered.conf fail2ban-0.8.4/config/action.d/sendmail-buffered.conf +--- fail2ban-0.8.4.org/config/action.d/sendmail-buffered.conf 2008-07-16 23:11:43.000000000 +0200 ++++ fail2ban-0.8.4/config/action.d/sendmail-buffered.conf 2011-04-09 17:56:51.029085738 +0200 +@@ -101,5 +101,5 @@ + + # Default temporary file + # +-tmpfile = /tmp/fail2ban-mail.txt ++tmpfile = /var/lib/fail2ban/fail2ban-mail.txt + +diff -rud fail2ban-0.8.4.org/files/nagios/f2ban.txt fail2ban-0.8.4/files/nagios/f2ban.txt +--- fail2ban-0.8.4.org/files/nagios/f2ban.txt 2009-01-27 23:53:40.000000000 +0100 ++++ fail2ban-0.8.4/files/nagios/f2ban.txt 2011-04-09 17:56:51.027086612 +0200 +@@ -6,7 +6,7 @@ + /etc/init.d/fail2ban stop + + 2.) delete the socket if avalible +-rm /tmp/fail2ban.sock ++rm /var/lib/fail2ban/fail2ban.sock + + 3.) start the Service + /etc/init.d/fail2ban start +diff -rud fail2ban-0.8.4.org/testcases/actiontestcase.py fail2ban-0.8.4/testcases/actiontestcase.py +--- fail2ban-0.8.4.org/testcases/actiontestcase.py 2008-02-27 22:44:54.000000000 +0100 ++++ fail2ban-0.8.4/testcases/actiontestcase.py 2011-04-09 17:56:51.027086612 +0200 +@@ -38,10 +38,10 @@ + self.__action.execActionStop() + + def testExecuteActionBan(self): +- self.__action.setActionStart("touch /tmp/fail2ban.test") +- self.__action.setActionStop("rm -f /tmp/fail2ban.test") ++ self.__action.setActionStart("touch /var/lib/fail2ban/fail2ban.test") ++ self.__action.setActionStop("rm -f /var/lib/fail2ban/fail2ban.test") + self.__action.setActionBan("echo -n") +- self.__action.setActionCheck("[ -e /tmp/fail2ban.test ]") ++ self.__action.setActionCheck("[ -e /var/lib/fail2ban/fail2ban.test ]") + + self.assertTrue(self.__action.execActionBan(None)) + +\ No newline at end of file diff --git a/fail2ban-tmpfiles.conf b/fail2ban-tmpfiles.conf new file mode 100644 index 0000000..3fd783f --- /dev/null +++ b/fail2ban-tmpfiles.conf @@ -0,0 +1 @@ +D /var/run/fail2ban 0755 root root - \ No newline at end of file diff --git a/fail2ban.spec b/fail2ban.spec index 166104a..ac9690c 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -4,21 +4,27 @@ Summary: Ban IPs that make too many password failures Name: fail2ban Version: 0.8.4 -Release: 26%{?dist} +Release: 27%{?dist} License: GPLv2+ Group: System Environment/Daemons URL: http://fail2ban.sourceforge.net/ Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2 Source1: fail2ban-logrotate +Source2: fail2ban-tmpfiles.conf Patch0: fail2ban-0.8.3-init.patch Patch1: fail2ban-0.8.1-sshd.patch Patch3: fail2ban-0.8.2-fd_cloexec.patch Patch6: fail2ban-0.8.3-log2syslog.patch Patch7: asyncserver.start_selinux.patch +Patch8: fail2ban-0.8.4-notmp.patch +Patch9: pyinotify.patch +Patch10: fail2ban-0.8.4-examplemail.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: python-devel >= 2.3 BuildArch: noarch Requires: iptables, tcp_wrappers, shorewall, gamin-python +Requires: python-inotify +Requires: initscripts Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service @@ -35,6 +41,9 @@ failures. It updates firewall rules to reject the IP address. %patch3 -p1 -b .fd_cloexec %patch6 -p1 -b .log2syslog %patch7 -p1 -b .fd_cloexec2 +%patch8 -p1 -b .notmp +%patch9 -p1 -b .inotify +%patch10 -p1 -b .mail %build python setup.py build @@ -48,8 +57,10 @@ mkdir -p %{buildroot}%{_mandir}/man1 install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban -mkdir -p %{buildroot}%{_localstatedir}/run/fail2ban -chmod 0755 %{buildroot}%{_localstatedir}/run/fail2ban +install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/ +install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/ +mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d +install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf %clean rm -rf %{buildroot} @@ -81,14 +92,15 @@ fi %config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf %config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban -%dir %{_localstatedir}/run/fail2ban +%dir %{_localstatedir}/run/fail2ban/ +%config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf +%dir %{_localstatedir}/lib/fail2ban/ %changelog -* Tue Feb 08 2011 Fedora Release Engineering - 0.8.4-26 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Wed Aug 11 2010 David Malcolm - 0.8.4-25 -- recompiling .py files against Python 2.7 (rhbz#623295) +* Sat Apr 9 2011 Axel Thimm - 0.8.4-27 +- Move tmp files to /var/lib (suggested by Phil Anderson). +- Enable inotify support (by Jonathan Underwood). +- Fixes RH bugs #669966, #669965, #551895, #552947, #658849, #656584. * Sun Feb 14 2010 Axel Thimm - 0.8.4-24 - Patch by Jonathan G. Underwood to diff --git a/pyinotify.patch b/pyinotify.patch new file mode 100644 index 0000000..f76ee0a --- /dev/null +++ b/pyinotify.patch @@ -0,0 +1,1379 @@ + + + + +Attachment #381327 for bug #551895 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + View + | Details + | Raw Unified + | Return to bug 551895 +
+ + +Collapse All | +Expand All + + +

+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
(-)a/config/jail.conf + (-3 / +6 lines) +
+ +
+  Lines 26-38 +   findtime = 600 + + Link Here  +
+
26
maxretry = 3
26
maxretry = 3
27
27
28
# "backend" specifies the backend used to get files modification. Available
28
# "backend" specifies the backend used to get files modification. Available
29
# options are "gamin", "polling" and "auto". This option can be overridden in
29
# options are "inotify", "gamin", "polling" and "auto". This option can be
30
# each jail too (use "gamin" for a jail and "polling" for another).
30
# overridden in each jail too (use "gamin" for a jail and "polling" for
31
# another).
31
#
32
#
33
# inotify: requires pyinotify and the a kernel supporting Inotify
32
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
34
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
33
#          is not installed, Fail2ban will use polling.
35
#          is not installed, Fail2ban will use polling.
34
# polling: uses a polling algorithm which does not require external libraries.
36
# polling: uses a polling algorithm which does not require external libraries.
35
# auto:    will choose Gamin if available and polling otherwise.
37
# auto:    will choose Inotify if pyinotify is present, if not then it will
38
# 	   try Gamin and use that if available, and polling otherwise.
36
backend = auto
39
backend = auto
37
40
38
41

+
+
+  
+            
+              
+              
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+
+
(-)a/server/filterinotify.py
+      (+157 lines)
+

+    
+    

+      Line 0
+       
+    
+  Link Here 
+    

+  
1
# This file is part of Fail2Ban.
2
#
3
# Fail2Ban is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
7
#
8
# Fail2Ban is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11
# GNU General Public License for more details.
12
#
13
# You should have received a copy of the GNU General Public License
14
# along with Fail2Ban; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
16
17
# Author: Jonathan G. Underwood
18
# 
19
# $Revision$
20
21
__author__ = "Jonathan G. Underwood"
22
__version__ = "$Revision$"
23
__date__ = "$Date$"
24
__copyright__ = "Copyright (c) 2010 Jonathan G. Underwood"
25
__license__ = "GPL"
26
27
from failmanager import FailManagerEmpty
28
from filter import FileFilter
29
from mytime import MyTime
30
31
import time, logging
32
33
import pyinotify
34
from pyinotify import ProcessEvent, WatchManager, Notifier
35
36
# Gets the instance of the logger.
37
logSys = logging.getLogger("fail2ban.filter")
38
39
##
40
# Log reader class.
41
#
42
# This class reads a log file and detects login failures or anything else
43
# that matches a given regular expression. This class is instanciated by
44
# a Jail object.
45
46
class FilterInotify(ProcessEvent, FileFilter):
47
48
	##
49
	# Constructor.
50
	#
51
	# Initialize the filter object with default values.
52
	# @param jail the jail object
53
	
54
	# Note that according to the pyinotify documentation we shouldn't
55
	# define an __init__ function, but define a my_init function which is
56
	# called by ProcessEvent.__init__. However, that approach appears not
57
	# to work here and so we define __init__ and call
58
	# ProcessEvent.__init__ from here.
59
	def __init__(self, jail):
60
		FileFilter.__init__(self, jail)
61
		ProcessEvent.__init__(self)
62
		self.__monitor = WatchManager()
63
		self.__notifier = Notifier(self.__monitor, self)
64
		self.__mask = pyinotify.IN_MODIFY | pyinotify.IN_CREATE
65
		
66
	##
67
	# Event handling functions used by pyinotify.ProcessEvent
68
	# instance. These simply call the __handleMod method.
69
	# @event an event object
70
71
	def process_IN_MODIFY(self, event):
72
		logSys.debug("process_IN_MODIFY called")
73
		self.__handleMod(event)
74
75
	def process_IN_CREATE(self, event):
76
		logSys.debug("process_IN_CREATE called")
77
		self.__handleMod(event)
78
79
	##
80
	# This method handles all modified file events
81
	# @event an event object
82
83
	def __handleMod(self, event):
84
		self.getFailures(event.path)
85
		try:
86
			while True:
87
				ticket = self.failManager.toBan()
88
				self.jail.putFailTicket(ticket)
89
		except FailManagerEmpty:
90
			self.failManager.cleanup(MyTime.time())
91
		self.dateDetector.sortTemplate()
92
			
93
	##
94
	# Add a log file path
95
	#
96
	# @param path log file path
97
98
	def addLogPath(self, path, tail = False):
99
		if self.containsLogPath(path):
100
			logSys.error(path + " already exists")
101
		else:
102
			wd = self.__monitor.add_watch(path, self.__mask)
103
			if wd[path] > 0:
104
				FileFilter.addLogPath(self, path, tail)
105
				logSys.info("Added logfile = %s" % path)
106
			else:
107
				logSys.error("Failed to add an inotify watch for logfile = %s" % path)
108
	
109
	##
110
	# Delete a log path
111
	#
112
	# @param path the log file to delete
113
	
114
	def delLogPath(self, path):
115
		if not self.containsLogPath(path):
116
			logSys.error(path + " is not monitored")
117
		else:
118
			rd = self.__monitor.rm_watch(self.__monitor.get_wd(path))
119
			if rd[path]:
120
				FileFilter.delLogPath(self, path)
121
				logSys.info("Removed logfile = %s" % path)
122
			else:
123
				logSys.error("Failed to remove inotify watch for logfile = %s" % path)
124
		
125
	##
126
	# Main loop.
127
	#
128
	# This function is the main loop of the thread. It checks if the
129
	# file has been modified and looks for failures.
130
	# @return True when the thread exits nicely
131
132
	def run(self):
133
		self.setActive(True)
134
		while self._isActive():
135
			if not self.getIdle():
136
				# We cannot block here because we want to be able to
137
				# exit. __notifier.check_events will block for
138
				# timeout milliseconds.
139
				if self.__notifier.check_events(timeout=10):
140
					self.__notifier.read_events()
141
					self.__notifier.process_events()
142
				time.sleep(self.getSleepTime())
143
			else:
144
				time.sleep(self.getSleepTime())
145
146
		# Cleanup when shutting down
147
		for wd in self.watchd.keys():
148
			self.__monitor.rm_watch(wd)
149
		del self.__monitor
150
		self.__notifier.stop()
151
		del self.__notifier
152
153
		logSys.debug(self.jail.getName() + ": filter terminated")
154
		return True
155
156
157
				

+
+
+  
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+            
+              
+              
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+          
+            
+              
+              
+
+              
+              
+            
+        
+          
+          
+          
+          
+        
+          
+            
+              
+              
+
+              
+              
+            
+            
+              
+              
+
+              
+              
+            
+            
+
+              
+              
+            
+            
+
+              
+              
+            
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+            
+              
+              
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+            
+              
+              
+            
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+        
+          
+          
+          
+          
+        
+
+
(-)a/server/jail.py
+      (-2 / +16 lines)
+

+    
+    

+       Lines 40-56
+      class Jail: 
+    
+  Link Here 
+    

+  
40
		logSys.info("Creating new jail '%s'" % self.__name)
40
		logSys.info("Creating new jail '%s'" % self.__name)
41
		if backend == "polling":
41
		if backend == "polling":
42
			self.__initPoller()
42
			self.__initPoller()
43
		elif backend == "inotify":
44
			self.__initInotify()
45
		elif backend == "gamin":
46
			self.__initGamin()
43
		else:
47
		else:
44
			try:
48
			try:
45
				self.__initGamin()
49
				self.__initInotify()
46
			except ImportError:
50
			except ImportError:
47
				self.__initPoller()
51
				try:
52
					self.__initGamin()
53
				except ImportError:
54
					self.__initPoller()
48
		self.__action = Actions(self)
55
		self.__action = Actions(self)
49
	
56
	
50
	def __initPoller(self):
57
	def __initPoller(self):
51
		logSys.info("Jail '%s' uses poller" % self.__name)
58
		logSys.info("Jail '%s' uses poller" % self.__name)
52
		from filterpoll import FilterPoll
59
		from filterpoll import FilterPoll
53
		self.__filter = FilterPoll(self)
60
		self.__filter = FilterPoll(self)
61
62
	def __initInotify(self):
63
		# Try to import pyinotify
64
		import pyinotify
65
		logSys.info("Jail '%s' uses Inotify" % self.__name)
66
		from filterinotify import FilterInotify
67
		self.__filter = FilterInotify(self)
54
	
68
	
55
	def __initGamin(self):
69
	def __initGamin(self):
56
		# Try to import gamin
70
		# Try to import gamin

+
+
+  

+
+  Return to bug 551895
+

+
+
+
+
+
+
+
+
\ No newline at end of file

From 6ad108b88fe637aeb4793c1e0a6a64626a021ce7 Mon Sep 17 00:00:00 2001
From: Axel Thimm 
Date: Sat, 9 Apr 2011 19:35:50 +0200
Subject: [PATCH 006/201] Replace brown-bag patch with proper patch ...

---
 pyinotify.patch | 1601 +++++++----------------------------------------
 1 file changed, 223 insertions(+), 1378 deletions(-)

diff --git a/pyinotify.patch b/pyinotify.patch
index f76ee0a..8a16c65 100644
--- a/pyinotify.patch
+++ b/pyinotify.patch
@@ -1,1379 +1,224 @@
-
-
-  
-    
-Attachment #381327 for bug #551895
-      
-    
-    
-
-
-
-
-
-    
-
-    
-      
-      
-    
-
-    
-        
-        
-      
-
-    
-        
-            
-            
-        
-        
-            
-            
-        
-
-    
-
-    
-        
-        
-    
-
-    
-    
-    
-    
-    
-    
-    
-
-        
-
-    
-
-    
-
-    
-    
-    
-  
-
-
-
-  
-  
-
-
-
- 
-
-

-  
-
-  
-    View
-    | Details
-    | Raw Unified
-    | Return to bug 551895
-  

-  
-
-Collapse All | 
-Expand All
-
-
-    


+@@ -, +, @@ 
+ config/jail.conf        |    9 ++-
+ server/filterinotify.py |  157 +++++++++++++++++++++++++++++++++++++++++++++++
+ server/jail.py          |   18 +++++-
+ 3 files changed, 179 insertions(+), 5 deletions(-)
+ create mode 100644 server/filterinotify.py
+--- a/config/jail.conf	
++++ a/config/jail.conf	
+@@ -26,13 +26,16 @@ findtime  = 600
+ maxretry = 3
  
-
-

-
-
-
-  
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-          
-            
-              
-              
-
-              
-              
-            
-            
-              
-              
-
-              
-              
-            
-            
-              
-              
-
-              
-              
-            
-        
-          
-          
-          
-          
-        
-            
-              
-              
-              
-              
-            
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-          
-            
-              
-              
-
-              
-              
-            
-            
-              
-              
-
-              
-              
-            
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-
-
(-)a/config/jail.conf
-      (-3 / +6 lines)
-

-    
-    

-       Lines 26-38
-      findtime  = 600 
-    
-  Link Here 
-    

-  
26
maxretry = 3
26
maxretry = 3
27
27
28
# "backend" specifies the backend used to get files modification. Available
28
# "backend" specifies the backend used to get files modification. Available
29
# options are "gamin", "polling" and "auto". This option can be overridden in
29
# options are "inotify", "gamin", "polling" and "auto". This option can be
30
# each jail too (use "gamin" for a jail and "polling" for another).
30
# overridden in each jail too (use "gamin" for a jail and "polling" for
31
# another).
31
#
32
#
33
# inotify: requires pyinotify and the a kernel supporting Inotify
32
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
34
# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
33
#          is not installed, Fail2ban will use polling.
35
#          is not installed, Fail2ban will use polling.
34
# polling: uses a polling algorithm which does not require external libraries.
36
# polling: uses a polling algorithm which does not require external libraries.
35
# auto:    will choose Gamin if available and polling otherwise.
37
# auto:    will choose Inotify if pyinotify is present, if not then it will
38
# 	   try Gamin and use that if available, and polling otherwise.
36
backend = auto
39
backend = auto
37
40
38
41

-
-
-  
-            
-              
-              
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-
-
(-)a/server/filterinotify.py
-      (+157 lines)
-

-    
-    

-      Line 0
-       
-    
-  Link Here 
-    

-  
1
# This file is part of Fail2Ban.
2
#
3
# Fail2Ban is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License as published by
5
# the Free Software Foundation; either version 2 of the License, or
6
# (at your option) any later version.
7
#
8
# Fail2Ban is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11
# GNU General Public License for more details.
12
#
13
# You should have received a copy of the GNU General Public License
14
# along with Fail2Ban; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
16
17
# Author: Jonathan G. Underwood
18
# 
19
# $Revision$
20
21
__author__ = "Jonathan G. Underwood"
22
__version__ = "$Revision$"
23
__date__ = "$Date$"
24
__copyright__ = "Copyright (c) 2010 Jonathan G. Underwood"
25
__license__ = "GPL"
26
27
from failmanager import FailManagerEmpty
28
from filter import FileFilter
29
from mytime import MyTime
30
31
import time, logging
32
33
import pyinotify
34
from pyinotify import ProcessEvent, WatchManager, Notifier
35
36
# Gets the instance of the logger.
37
logSys = logging.getLogger("fail2ban.filter")
38
39
##
40
# Log reader class.
41
#
42
# This class reads a log file and detects login failures or anything else
43
# that matches a given regular expression. This class is instanciated by
44
# a Jail object.
45
46
class FilterInotify(ProcessEvent, FileFilter):
47
48
	##
49
	# Constructor.
50
	#
51
	# Initialize the filter object with default values.
52
	# @param jail the jail object
53
	
54
	# Note that according to the pyinotify documentation we shouldn't
55
	# define an __init__ function, but define a my_init function which is
56
	# called by ProcessEvent.__init__. However, that approach appears not
57
	# to work here and so we define __init__ and call
58
	# ProcessEvent.__init__ from here.
59
	def __init__(self, jail):
60
		FileFilter.__init__(self, jail)
61
		ProcessEvent.__init__(self)
62
		self.__monitor = WatchManager()
63
		self.__notifier = Notifier(self.__monitor, self)
64
		self.__mask = pyinotify.IN_MODIFY | pyinotify.IN_CREATE
65
		
66
	##
67
	# Event handling functions used by pyinotify.ProcessEvent
68
	# instance. These simply call the __handleMod method.
69
	# @event an event object
70
71
	def process_IN_MODIFY(self, event):
72
		logSys.debug("process_IN_MODIFY called")
73
		self.__handleMod(event)
74
75
	def process_IN_CREATE(self, event):
76
		logSys.debug("process_IN_CREATE called")
77
		self.__handleMod(event)
78
79
	##
80
	# This method handles all modified file events
81
	# @event an event object
82
83
	def __handleMod(self, event):
84
		self.getFailures(event.path)
85
		try:
86
			while True:
87
				ticket = self.failManager.toBan()
88
				self.jail.putFailTicket(ticket)
89
		except FailManagerEmpty:
90
			self.failManager.cleanup(MyTime.time())
91
		self.dateDetector.sortTemplate()
92
			
93
	##
94
	# Add a log file path
95
	#
96
	# @param path log file path
97
98
	def addLogPath(self, path, tail = False):
99
		if self.containsLogPath(path):
100
			logSys.error(path + " already exists")
101
		else:
102
			wd = self.__monitor.add_watch(path, self.__mask)
103
			if wd[path] > 0:
104
				FileFilter.addLogPath(self, path, tail)
105
				logSys.info("Added logfile = %s" % path)
106
			else:
107
				logSys.error("Failed to add an inotify watch for logfile = %s" % path)
108
	
109
	##
110
	# Delete a log path
111
	#
112
	# @param path the log file to delete
113
	
114
	def delLogPath(self, path):
115
		if not self.containsLogPath(path):
116
			logSys.error(path + " is not monitored")
117
		else:
118
			rd = self.__monitor.rm_watch(self.__monitor.get_wd(path))
119
			if rd[path]:
120
				FileFilter.delLogPath(self, path)
121
				logSys.info("Removed logfile = %s" % path)
122
			else:
123
				logSys.error("Failed to remove inotify watch for logfile = %s" % path)
124
		
125
	##
126
	# Main loop.
127
	#
128
	# This function is the main loop of the thread. It checks if the
129
	# file has been modified and looks for failures.
130
	# @return True when the thread exits nicely
131
132
	def run(self):
133
		self.setActive(True)
134
		while self._isActive():
135
			if not self.getIdle():
136
				# We cannot block here because we want to be able to
137
				# exit. __notifier.check_events will block for
138
				# timeout milliseconds.
139
				if self.__notifier.check_events(timeout=10):
140
					self.__notifier.read_events()
141
					self.__notifier.process_events()
142
				time.sleep(self.getSleepTime())
143
			else:
144
				time.sleep(self.getSleepTime())
145
146
		# Cleanup when shutting down
147
		for wd in self.watchd.keys():
148
			self.__monitor.rm_watch(wd)
149
		del self.__monitor
150
		self.__notifier.stop()
151
		del self.__notifier
152
153
		logSys.debug(self.jail.getName() + ": filter terminated")
154
		return True
155
156
157
				

-
-
-  
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-            
-              
-              
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-          
-            
-              
-              
-
-              
-              
-            
-        
-          
-          
-          
-          
-        
-          
-            
-              
-              
-
-              
-              
-            
-            
-              
-              
-
-              
-              
-            
-            
-
-              
-              
-            
-            
-
-              
-              
-            
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-            
-              
-              
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-            
-              
-              
-            
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-        
-          
-          
-          
-          
-        
-
-
(-)a/server/jail.py
-      (-2 / +16 lines)
-

-    
-    

-       Lines 40-56
-      class Jail: 
-    
-  Link Here 
-    

-  
40
		logSys.info("Creating new jail '%s'" % self.__name)
40
		logSys.info("Creating new jail '%s'" % self.__name)
41
		if backend == "polling":
41
		if backend == "polling":
42
			self.__initPoller()
42
			self.__initPoller()
43
		elif backend == "inotify":
44
			self.__initInotify()
45
		elif backend == "gamin":
46
			self.__initGamin()
43
		else:
47
		else:
44
			try:
48
			try:
45
				self.__initGamin()
49
				self.__initInotify()
46
			except ImportError:
50
			except ImportError:
47
				self.__initPoller()
51
				try:
52
					self.__initGamin()
53
				except ImportError:
54
					self.__initPoller()
48
		self.__action = Actions(self)
55
		self.__action = Actions(self)
49
	
56
	
50
	def __initPoller(self):
57
	def __initPoller(self):
51
		logSys.info("Jail '%s' uses poller" % self.__name)
58
		logSys.info("Jail '%s' uses poller" % self.__name)
52
		from filterpoll import FilterPoll
59
		from filterpoll import FilterPoll
53
		self.__filter = FilterPoll(self)
60
		self.__filter = FilterPoll(self)
61
62
	def __initInotify(self):
63
		# Try to import pyinotify
64
		import pyinotify
65
		logSys.info("Jail '%s' uses Inotify" % self.__name)
66
		from filterinotify import FilterInotify
67
		self.__filter = FilterInotify(self)
54
	
68
	
55
	def __initGamin(self):
69
	def __initGamin(self):
56
		# Try to import gamin
70
		# Try to import gamin

-
-
-  

-
-  Return to bug 551895
-

-
-
-
-
-
-
-
-
\ No newline at end of file
+ # "backend" specifies the backend used to get files modification. Available
+-# options are "gamin", "polling" and "auto". This option can be overridden in
+-# each jail too (use "gamin" for a jail and "polling" for another).
++# options are "inotify", "gamin", "polling" and "auto". This option can be
++# overridden in each jail too (use "gamin" for a jail and "polling" for
++# another).
+ #
++# inotify: requires pyinotify and the a kernel supporting Inotify
+ # gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
+ #          is not installed, Fail2ban will use polling.
+ # polling: uses a polling algorithm which does not require external libraries.
+-# auto:    will choose Gamin if available and polling otherwise.
++# auto:    will choose Inotify if pyinotify is present, if not then it will
++# 	   try Gamin and use that if available, and polling otherwise.
+ backend = auto
+ 
+ 
+--- a/server/filterinotify.py	
++++ a/server/filterinotify.py	
+@@ -0,0 +1,157 @@ 
++# This file is part of Fail2Ban.
++#
++# Fail2Ban is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# Fail2Ban is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with Fail2Ban; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
++
++# Author: Jonathan G. Underwood
++# 
++# $Revision$
++
++__author__ = "Jonathan G. Underwood"
++__version__ = "$Revision$"
++__date__ = "$Date$"
++__copyright__ = "Copyright (c) 2010 Jonathan G. Underwood"
++__license__ = "GPL"
++
++from failmanager import FailManagerEmpty
++from filter import FileFilter
++from mytime import MyTime
++
++import time, logging
++
++import pyinotify
++from pyinotify import ProcessEvent, WatchManager, Notifier
++
++# Gets the instance of the logger.
++logSys = logging.getLogger("fail2ban.filter")
++
++##
++# Log reader class.
++#
++# This class reads a log file and detects login failures or anything else
++# that matches a given regular expression. This class is instanciated by
++# a Jail object.
++
++class FilterInotify(ProcessEvent, FileFilter):
++
++	##
++	# Constructor.
++	#
++	# Initialize the filter object with default values.
++	# @param jail the jail object
++	
++	# Note that according to the pyinotify documentation we shouldn't
++	# define an __init__ function, but define a my_init function which is
++	# called by ProcessEvent.__init__. However, that approach appears not
++	# to work here and so we define __init__ and call
++	# ProcessEvent.__init__ from here.
++	def __init__(self, jail):
++		FileFilter.__init__(self, jail)
++		ProcessEvent.__init__(self)
++		self.__monitor = WatchManager()
++		self.__notifier = Notifier(self.__monitor, self)
++		self.__mask = pyinotify.IN_MODIFY | pyinotify.IN_CREATE
++		
++	##
++	# Event handling functions used by pyinotify.ProcessEvent
++	# instance. These simply call the __handleMod method.
++	# @event an event object
++
++	def process_IN_MODIFY(self, event):
++		logSys.debug("process_IN_MODIFY called")
++		self.__handleMod(event)
++
++	def process_IN_CREATE(self, event):
++		logSys.debug("process_IN_CREATE called")
++		self.__handleMod(event)
++
++	##
++	# This method handles all modified file events
++	# @event an event object
++
++	def __handleMod(self, event):
++		self.getFailures(event.path)
++		try:
++			while True:
++				ticket = self.failManager.toBan()
++				self.jail.putFailTicket(ticket)
++		except FailManagerEmpty:
++			self.failManager.cleanup(MyTime.time())
++		self.dateDetector.sortTemplate()
++			
++	##
++	# Add a log file path
++	#
++	# @param path log file path
++
++	def addLogPath(self, path, tail = False):
++		if self.containsLogPath(path):
++			logSys.error(path + " already exists")
++		else:
++			wd = self.__monitor.add_watch(path, self.__mask)
++			if wd[path] > 0:
++				FileFilter.addLogPath(self, path, tail)
++				logSys.info("Added logfile = %s" % path)
++			else:
++				logSys.error("Failed to add an inotify watch for logfile = %s" % path)
++	
++	##
++	# Delete a log path
++	#
++	# @param path the log file to delete
++	
++	def delLogPath(self, path):
++		if not self.containsLogPath(path):
++			logSys.error(path + " is not monitored")
++		else:
++			rd = self.__monitor.rm_watch(self.__monitor.get_wd(path))
++			if rd[path]:
++				FileFilter.delLogPath(self, path)
++				logSys.info("Removed logfile = %s" % path)
++			else:
++				logSys.error("Failed to remove inotify watch for logfile = %s" % path)
++		
++	##
++	# Main loop.
++	#
++	# This function is the main loop of the thread. It checks if the
++	# file has been modified and looks for failures.
++	# @return True when the thread exits nicely
++
++	def run(self):
++		self.setActive(True)
++		while self._isActive():
++			if not self.getIdle():
++				# We cannot block here because we want to be able to
++				# exit. __notifier.check_events will block for
++				# timeout milliseconds.
++				if self.__notifier.check_events(timeout=10):
++					self.__notifier.read_events()
++					self.__notifier.process_events()
++				time.sleep(self.getSleepTime())
++			else:
++				time.sleep(self.getSleepTime())
++
++		# Cleanup when shutting down
++		for wd in self.watchd.keys():
++			self.__monitor.rm_watch(wd)
++		del self.__monitor
++		self.__notifier.stop()
++		del self.__notifier
++
++		logSys.debug(self.jail.getName() + ": filter terminated")
++		return True
++
++
++				
+--- a/server/jail.py	
++++ a/server/jail.py	
+@@ -40,17 +40,31 @@ class Jail:
+ 		logSys.info("Creating new jail '%s'" % self.__name)
+ 		if backend == "polling":
+ 			self.__initPoller()
++		elif backend == "inotify":
++			self.__initInotify()
++		elif backend == "gamin":
++			self.__initGamin()
+ 		else:
+ 			try:
+-				self.__initGamin()
++				self.__initInotify()
+ 			except ImportError:
+-				self.__initPoller()
++				try:
++					self.__initGamin()
++				except ImportError:
++					self.__initPoller()
+ 		self.__action = Actions(self)
+ 	
+ 	def __initPoller(self):
+ 		logSys.info("Jail '%s' uses poller" % self.__name)
+ 		from filterpoll import FilterPoll
+ 		self.__filter = FilterPoll(self)
++
++	def __initInotify(self):
++		# Try to import pyinotify
++		import pyinotify
++		logSys.info("Jail '%s' uses Inotify" % self.__name)
++		from filterinotify import FilterInotify
++		self.__filter = FilterInotify(self)
+ 	
+ 	def __initGamin(self):
+ 		# Try to import gamin

From 744512bf8c15ecfb961e1ac4b054f06a39f6d65a Mon Sep 17 00:00:00 2001
From: Dennis Gilmore 
Date: Thu, 12 Jan 2012 20:11:12 -0600
Subject: [PATCH 007/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index ac9690c..191b1c1 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -4,7 +4,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.4
-Release: 27%{?dist}
+Release: 28%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -97,6 +97,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Fri Jan 13 2012 Fedora Release Engineering  - 0.8.4-28
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
 * Sat Apr  9 2011 Axel Thimm  - 0.8.4-27
 - Move tmp files to /var/lib (suggested by Phil Anderson).
 - Enable inotify support (by Jonathan Underwood).

From 358d70894fe9cd1183c2a6f8a8b4d9a5ad9957b3 Mon Sep 17 00:00:00 2001
From: Dennis Gilmore 
Date: Wed, 18 Jul 2012 20:21:33 -0500
Subject: [PATCH 008/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 191b1c1..80bf5d6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -4,7 +4,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.4
-Release: 28%{?dist}
+Release: 29%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -97,6 +97,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Thu Jul 19 2012 Fedora Release Engineering  - 0.8.4-29
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
 * Fri Jan 13 2012 Fedora Release Engineering  - 0.8.4-28
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
 

From 6ebbe08f6248fc6b0ab1e010f5b981a91bcc5787 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 11 Oct 2012 12:06:59 -0600
Subject: [PATCH 009/201] Update to 0.8.7.1 Drop fd_cloexec, pyinotify, and
 examplemail patches fixed upstream Rebase sshd and notmp patches Use
 _initddir macro

---
 .gitignore                                    |   1 +
 ...choring-regex-for-IP-with-at-the-end.patch |  30 ---
 fail2ban-0.8.1-sock.patch                     |  30 ---
 fail2ban-0.8.1-sshd.patch                     |  17 --
 fail2ban-0.8.2-fd_cloexec.patch               |  22 --
 fail2ban-0.8.3-inodecheck.patch               |  35 ---
 fail2ban-0.8.4-examplemail.patch              | 110 ---------
 fail2ban-0.8.4-notmp.patch                    | 101 --------
 fail2ban-0.8.7.1-notmp.patch                  |  35 +++
 fail2ban-0.8.7.1-sshd.patch                   |  18 ++
 fail2ban.spec                                 |  31 ++-
 pyinotify.patch                               | 224 ------------------
 sources                                       |   3 +-
 13 files changed, 69 insertions(+), 588 deletions(-)
 delete mode 100644 0001-BF-anchoring-regex-for-IP-with-at-the-end.patch
 delete mode 100644 fail2ban-0.8.1-sock.patch
 delete mode 100644 fail2ban-0.8.1-sshd.patch
 delete mode 100644 fail2ban-0.8.2-fd_cloexec.patch
 delete mode 100644 fail2ban-0.8.3-inodecheck.patch
 delete mode 100644 fail2ban-0.8.4-examplemail.patch
 delete mode 100644 fail2ban-0.8.4-notmp.patch
 create mode 100644 fail2ban-0.8.7.1-notmp.patch
 create mode 100644 fail2ban-0.8.7.1-sshd.patch
 delete mode 100644 pyinotify.patch

diff --git a/.gitignore b/.gitignore
index 24ea3a7..c028cca 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 fail2ban-FAIL2BAN-0_8.tar.bz2
 fail2ban-0.8.4.tar.bz2
+/fail2ban_0.8.7.1.orig.tar.gz
diff --git a/0001-BF-anchoring-regex-for-IP-with-at-the-end.patch b/0001-BF-anchoring-regex-for-IP-with-at-the-end.patch
deleted file mode 100644
index 5097acb..0000000
--- a/0001-BF-anchoring-regex-for-IP-with-at-the-end.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From a8f963a2803acef984c66cd1910631eb06363ac1 Mon Sep 17 00:00:00 2001
-From: Yaroslav Halchenko 
-Date: Wed, 4 Feb 2009 15:38:11 -0500
-Subject: [PATCH] BF: anchoring regex for IP with " *$" at the end
-
-to forbid matching IP encoded in the hostname prior doing actual DNS
-lookup.
-
-It is quite important and actually security hazard: DoS is easy to
-perform...
----
- server/filter.py |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/server/filter.py b/server/filter.py
-index 457bb03..77042ad 100644
---- a/server/filter.py
-+++ b/server/filter.py
-@@ -492,7 +492,7 @@ import socket, struct
- 
- class DNSUtils:
- 	
--	IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}")
-+	IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3} *$")
- 	
- 	#@staticmethod
- 	def dnsToIp(dns):
--- 
-1.5.6.5
-
diff --git a/fail2ban-0.8.1-sock.patch b/fail2ban-0.8.1-sock.patch
deleted file mode 100644
index 55b25b6..0000000
--- a/fail2ban-0.8.1-sock.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -up fail2ban-0.8.1/server/ssocket.py.sock fail2ban-0.8.1/server/ssocket.py
---- fail2ban-0.8.1/server/ssocket.py.sock	2008-01-31 22:44:43.000000000 +0000
-+++ fail2ban-0.8.1/server/ssocket.py	2008-01-31 22:45:31.000000000 +0000
-@@ -41,11 +41,11 @@ class SSocket(Thread):
- 		Thread.__init__(self)
- 		self.__transmit = transmitter
- 		self.__isRunning = False
--		self.__socket = "/tmp/fail2ban.sock"
-+		self.__socket = "/var/run/fail2ban.sock"
- 		self.__ssock = None
- 		logSys.debug("Created SSocket")
- 	
--	def initialize(self, sock = "/tmp/fail2ban.sock", force = False):
-+	def initialize(self, sock = "/var/run/fail2ban.sock", force = False):
- 		self.__socket = sock
- 		# Remove socket
- 		if os.path.exists(sock):
-diff -up fail2ban-0.8.1/config/fail2ban.conf.sock fail2ban-0.8.1/config/fail2ban.conf
---- fail2ban-0.8.1/config/fail2ban.conf.sock	2008-01-31 22:46:01.000000000 +0000
-+++ fail2ban-0.8.1/config/fail2ban.conf	2008-01-31 22:46:23.000000000 +0000
-@@ -28,7 +28,7 @@ logtarget = /var/log/fail2ban.log
- # Notes.: Set the socket file. This is used to communicate with the daemon. Do
- #         not remove this file when Fail2ban runs. It will not be possible to
- #         communicate with the server afterwards.
--# Values: FILE  Default:  /tmp/fail2ban.sock
-+# Values: FILE  Default:  /var/run/fail2ban.sock
- #
--socket = /tmp/fail2ban.sock
-+socket = /var/run/fail2ban.sock
- 
diff --git a/fail2ban-0.8.1-sshd.patch b/fail2ban-0.8.1-sshd.patch
deleted file mode 100644
index 29a768e..0000000
--- a/fail2ban-0.8.1-sshd.patch
+++ /dev/null
@@ -1,17 +0,0 @@
---- fail2ban-0.8.1/config/jail.conf.sshd	2007-08-09 00:49:59.000000000 +0200
-+++ fail2ban-0.8.1/config/jail.conf	2007-08-15 21:41:33.000000000 +0200
-@@ -42,11 +42,11 @@
- 
- [ssh-iptables]
- 
--enabled  = false
-+enabled  = true
- filter   = sshd
- action   = iptables[name=SSH, port=ssh, protocol=tcp]
--           sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
--logpath  = /var/log/sshd.log
-+           sendmail-whois[name=SSH, dest=root, sender=fail2ban@mail.com]
-+logpath  = /var/log/secure
- maxretry = 5
- 
- [proftpd-iptables]
diff --git a/fail2ban-0.8.2-fd_cloexec.patch b/fail2ban-0.8.2-fd_cloexec.patch
deleted file mode 100644
index 5c89f7f..0000000
--- a/fail2ban-0.8.2-fd_cloexec.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- fail2ban-0.8.2/server/filter.py.orig	2008-03-27 16:26:59.000000000 +0000
-+++ fail2ban-0.8.2/server/filter.py	2008-03-27 15:29:48.000000000 +0000
-@@ -428,6 +428,7 @@
- # is computed and compared to the previous hash of this line.
- 
- import md5
-+import fcntl
- 
- class FileContainer:
- 	
-@@ -455,6 +456,11 @@
- 	
- 	def open(self):
- 		self.__handler = open(self.__filename)
-+
-+		# Set the file descriptor to be FD_CLOEXEC
-+		fd = self.__handler.fileno()
-+		fcntl.fcntl (self.__handler.fileno(), fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
-+
- 		firstLine = self.__handler.readline()
- 		# Computes the MD5 of the first line.
- 		myHash = md5.new(firstLine).digest()
diff --git a/fail2ban-0.8.3-inodecheck.patch b/fail2ban-0.8.3-inodecheck.patch
deleted file mode 100644
index 3938c22..0000000
--- a/fail2ban-0.8.3-inodecheck.patch
+++ /dev/null
@@ -1,35 +0,0 @@
---- fail2ban-0.8.3/server/filter.py.inodecheck	2009-08-27 20:50:22.000000000 +0200
-+++ fail2ban-0.8.3/server/filter.py	2009-08-27 20:50:22.000000000 +0200
-@@ -31,7 +31,7 @@
- from mytime import MyTime
- from failregex import FailRegex, Regex, RegexException
- 
--import logging, re
-+import logging, re, os
- 
- # Gets the instance of the logger.
- logSys = logging.getLogger("fail2ban.filter")
-@@ -438,6 +438,8 @@
- 		self.__handler = None
- 		# Try to open the file. Raises an exception if an error occured.
- 		handler = open(filename)
-+		stats = os.fstat(handler.fileno())
-+		self.__ino = stats.st_ino
- 		try:
- 			firstLine = handler.readline()
- 			# Computes the MD5 of the first line.
-@@ -464,10 +466,12 @@
- 		firstLine = self.__handler.readline()
- 		# Computes the MD5 of the first line.
- 		myHash = md5.new(firstLine).digest()
--		# Compare hash.
--		if not self.__hash == myHash:
-+		stats = os.fstat(self.__handler.fileno())
-+		# Compare hash and inode
-+		if self.__hash != myHash or self.__ino != stats.st_ino:
- 			logSys.info("Log rotation detected for %s" % self.__filename)
- 			self.__hash = myHash
-+			self.__ino = stats.st_ino
- 			self.__pos = 0
- 		# Sets the file pointer to the last position.
- 		self.__handler.seek(self.__pos)
diff --git a/fail2ban-0.8.4-examplemail.patch b/fail2ban-0.8.4-examplemail.patch
deleted file mode 100644
index 71268b5..0000000
--- a/fail2ban-0.8.4-examplemail.patch
+++ /dev/null
@@ -1,110 +0,0 @@
---- fail2ban-0.8.4/config/jail.conf.bak	2011-04-09 17:53:27.022210040 +0200
-+++ fail2ban-0.8.4/config/jail.conf	2011-04-09 18:22:35.075335264 +0200
-@@ -45,7 +45,7 @@
- enabled  = true
- filter   = sshd
- action   = iptables[name=SSH, port=ssh, protocol=tcp]
--           sendmail-whois[name=SSH, dest=root, sender=fail2ban@mail.com]
-+           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
- logpath  = /var/log/secure
- maxretry = 5
- 
-@@ -54,7 +54,7 @@
- enabled  = false
- filter   = proftpd
- action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
--           sendmail-whois[name=ProFTPD, dest=you@mail.com]
-+           sendmail-whois[name=ProFTPD, dest=you@example.com]
- logpath  = /var/log/proftpd/proftpd.log
- maxretry = 6
- 
-@@ -66,7 +66,7 @@
- filter   = sasl
- backend  = polling
- action   = iptables[name=sasl, port=smtp, protocol=tcp]
--           sendmail-whois[name=sasl, dest=you@mail.com]
-+           sendmail-whois[name=sasl, dest=you@example.com]
- logpath  = /var/log/mail.log
- 
- # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
-@@ -77,7 +77,7 @@
- enabled     = false
- filter      = sshd
- action      = hostsdeny
--              sendmail-whois[name=SSH, dest=you@mail.com]
-+              sendmail-whois[name=SSH, dest=you@example.com]
- ignoreregex = for myuser from
- logpath     = /var/log/sshd.log
- 
-@@ -101,7 +101,7 @@
- enabled  = false
- filter   = postfix
- action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
--           sendmail[name=Postfix, dest=you@mail.com]
-+           sendmail[name=Postfix, dest=you@example.com]
- logpath  = /var/log/postfix.log
- bantime  = 300
- 
-@@ -112,7 +112,7 @@
- 
- enabled  = false
- filter   = vsftpd
--action   = sendmail-whois[name=VSFTPD, dest=you@mail.com]
-+action   = sendmail-whois[name=VSFTPD, dest=you@example.com]
- logpath  = /var/log/vsftpd.log
- maxretry = 5
- bantime  = 1800
-@@ -124,7 +124,7 @@
- enabled  = false
- filter   = vsftpd
- action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
--           sendmail-whois[name=VSFTPD, dest=you@mail.com]
-+           sendmail-whois[name=VSFTPD, dest=you@example.com]
- logpath  = /var/log/vsftpd.log
- maxretry = 5
- bantime  = 1800
-@@ -137,7 +137,7 @@
- enabled  = false
- filter   = apache-badbots
- action   = iptables-multiport[name=BadBots, port="http,https"]
--           sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
-+           sendmail-buffered[name=BadBots, lines=5, dest=you@example.com]
- logpath  = /var/www/*/logs/access_log
- bantime  = 172800
- maxretry = 1
-@@ -149,7 +149,7 @@
- enabled  = false
- filter   = apache-noscript
- action   = shorewall
--           sendmail[name=Postfix, dest=you@mail.com]
-+           sendmail[name=Postfix, dest=you@example.com]
- logpath  = /var/log/apache2/error_log
- 
- # Ban attackers that try to use PHP's URL-fopen() functionality
-@@ -190,7 +190,7 @@
- enabled  = false
- filter   = sshd
- action   = ipfw[localhost=192.168.0.1]
--           sendmail-whois[name="SSH,IPFW", dest=you@mail.com]
-+           sendmail-whois[name="SSH,IPFW", dest=you@example.com]
- logpath  = /var/log/auth.log
- ignoreip = 168.192.0.1
- 
-@@ -216,7 +216,7 @@
- enabled  = false
- filter   = named-refused
- action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
--           sendmail-whois[name=Named, dest=you@mail.com]
-+           sendmail-whois[name=Named, dest=you@example.com]
- logpath  = /var/log/named/security.log
- ignoreip = 168.192.0.1
- 
-@@ -227,7 +227,7 @@
- enabled  = false
- filter   = named-refused
- action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
--           sendmail-whois[name=Named, dest=you@mail.com]
-+           sendmail-whois[name=Named, dest=you@example.com]
- logpath  = /var/log/named/security.log
- ignoreip = 168.192.0.1
- 
diff --git a/fail2ban-0.8.4-notmp.patch b/fail2ban-0.8.4-notmp.patch
deleted file mode 100644
index dc09397..0000000
--- a/fail2ban-0.8.4-notmp.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-diff -rud fail2ban-0.8.4.org/ChangeLog fail2ban-0.8.4/ChangeLog
---- fail2ban-0.8.4.org/ChangeLog	2009-09-07 21:11:29.000000000 +0200
-+++ fail2ban-0.8.4/ChangeLog	2011-04-09 17:56:51.029085738 +0200
-@@ -353,7 +353,7 @@
-   Thanks to Tom Pike
- - fail2ban.conf modified for readability. Thanks to Iain Lea
- - Added an initd script for Gentoo
--- Changed default PID lock file location from /tmp to /var/run
-+- Changed default PID lock file location from /var/lib/fail2ban to /var/run
- 
- ver. 0.4.0 (2005/04/24) - stable
- ----------
-diff -rud fail2ban-0.8.4.org/client/fail2banreader.py fail2ban-0.8.4/client/fail2banreader.py
---- fail2ban-0.8.4.org/client/fail2banreader.py	2008-02-27 22:44:56.000000000 +0100
-+++ fail2ban-0.8.4/client/fail2banreader.py	2011-04-09 17:56:51.027086612 +0200
-@@ -39,7 +39,7 @@
- 		ConfigReader.read(self, "fail2ban")
- 	
- 	def getEarlyOptions(self):
--		opts = [["string", "socket", "/tmp/fail2ban.sock"]]
-+		opts = [["string", "socket", "/var/lib/fail2ban/fail2ban.sock"]]
- 		return ConfigReader.getOptions(self, "Definition", opts)
- 	
- 	def getOptions(self):
-diff -rud fail2ban-0.8.4.org/config/action.d/dshield.conf fail2ban-0.8.4/config/action.d/dshield.conf
---- fail2ban-0.8.4.org/config/action.d/dshield.conf	2008-07-14 19:13:47.000000000 +0200
-+++ fail2ban-0.8.4/config/action.d/dshield.conf	2011-04-09 17:56:51.031085423 +0200
-@@ -204,7 +204,7 @@
- 
- # Option:  tmpfile
- # Notes.:  Base name of temporary files used for buffering
--# Values:  [ STRING ]  Default: /tmp/fail2ban-dshield
-+# Values:  [ STRING ]  Default: /var/lib/fail2ban/fail2ban-dshield
- #
--tmpfile = /tmp/fail2ban-dshield
-+tmpfile = /var/lib/fail2ban/fail2ban-dshield
- 
-diff -rud fail2ban-0.8.4.org/config/action.d/mail-buffered.conf fail2ban-0.8.4/config/action.d/mail-buffered.conf
---- fail2ban-0.8.4.org/config/action.d/mail-buffered.conf	2008-07-16 23:11:43.000000000 +0200
-+++ fail2ban-0.8.4/config/action.d/mail-buffered.conf	2011-04-09 17:56:51.031085423 +0200
-@@ -81,7 +81,7 @@
- 
- # Default temporary file
- #
--tmpfile = /tmp/fail2ban-mail.txt
-+tmpfile = /var/lib/fail2ban/fail2ban-mail.txt
- 
- # Destination/Addressee of the mail
- #
-diff -rud fail2ban-0.8.4.org/config/action.d/mynetwatchman.conf fail2ban-0.8.4/config/action.d/mynetwatchman.conf
---- fail2ban-0.8.4.org/config/action.d/mynetwatchman.conf	2008-07-14 19:14:13.000000000 +0200
-+++ fail2ban-0.8.4/config/action.d/mynetwatchman.conf	2011-04-09 17:56:51.030086280 +0200
-@@ -139,6 +139,6 @@
- 
- # Option:  tmpfile
- # Notes.:  Base name of temporary files
--# Values:  [ STRING ]  Default: /tmp/fail2ban-mynetwatchman
-+# Values:  [ STRING ]  Default: /var/lib/fail2ban/fail2ban-mynetwatchman
- #
--tmpfile = /tmp/fail2ban-mynetwatchman
-+tmpfile = /var/lib/fail2ban/fail2ban-mynetwatchman
-diff -rud fail2ban-0.8.4.org/config/action.d/sendmail-buffered.conf fail2ban-0.8.4/config/action.d/sendmail-buffered.conf
---- fail2ban-0.8.4.org/config/action.d/sendmail-buffered.conf	2008-07-16 23:11:43.000000000 +0200
-+++ fail2ban-0.8.4/config/action.d/sendmail-buffered.conf	2011-04-09 17:56:51.029085738 +0200
-@@ -101,5 +101,5 @@
- 
- # Default temporary file
- #
--tmpfile = /tmp/fail2ban-mail.txt
-+tmpfile = /var/lib/fail2ban/fail2ban-mail.txt
- 
-diff -rud fail2ban-0.8.4.org/files/nagios/f2ban.txt fail2ban-0.8.4/files/nagios/f2ban.txt
---- fail2ban-0.8.4.org/files/nagios/f2ban.txt	2009-01-27 23:53:40.000000000 +0100
-+++ fail2ban-0.8.4/files/nagios/f2ban.txt	2011-04-09 17:56:51.027086612 +0200
-@@ -6,7 +6,7 @@
- /etc/init.d/fail2ban stop
- 
- 2.) delete the socket if avalible
--rm /tmp/fail2ban.sock
-+rm /var/lib/fail2ban/fail2ban.sock
- 
- 3.) start the Service 
- /etc/init.d/fail2ban start
-diff -rud fail2ban-0.8.4.org/testcases/actiontestcase.py fail2ban-0.8.4/testcases/actiontestcase.py
---- fail2ban-0.8.4.org/testcases/actiontestcase.py	2008-02-27 22:44:54.000000000 +0100
-+++ fail2ban-0.8.4/testcases/actiontestcase.py	2011-04-09 17:56:51.027086612 +0200
-@@ -38,10 +38,10 @@
- 		self.__action.execActionStop()
- 	
- 	def testExecuteActionBan(self):
--		self.__action.setActionStart("touch /tmp/fail2ban.test")
--		self.__action.setActionStop("rm -f /tmp/fail2ban.test")
-+		self.__action.setActionStart("touch /var/lib/fail2ban/fail2ban.test")
-+		self.__action.setActionStop("rm -f /var/lib/fail2ban/fail2ban.test")
- 		self.__action.setActionBan("echo -n")
--		self.__action.setActionCheck("[ -e /tmp/fail2ban.test ]")
-+		self.__action.setActionCheck("[ -e /var/lib/fail2ban/fail2ban.test ]")
- 		
- 		self.assertTrue(self.__action.execActionBan(None))
- 		
-\ No newline at end of file
diff --git a/fail2ban-0.8.7.1-notmp.patch b/fail2ban-0.8.7.1-notmp.patch
new file mode 100644
index 0000000..6c52c96
--- /dev/null
+++ b/fail2ban-0.8.7.1-notmp.patch
@@ -0,0 +1,35 @@
+diff -U0 fail2ban-0.8.7.1/ChangeLog.notmp fail2ban-0.8.7.1/ChangeLog
+--- fail2ban-0.8.7.1/ChangeLog.notmp	2012-07-31 19:45:04.000000000 -0600
++++ fail2ban-0.8.7.1/ChangeLog	2012-10-11 11:49:16.317481660 -0600
+@@ -511 +511 @@
+-- Changed default PID lock file location from /tmp to /var/run
++- Changed default PID lock file location from /var/lib/fail2ban to /var/run
+diff -up fail2ban-0.8.7.1/client/fail2banreader.py.notmp fail2ban-0.8.7.1/client/fail2banreader.py
+--- fail2ban-0.8.7.1/client/fail2banreader.py.notmp	2012-07-31 19:45:04.000000000 -0600
++++ fail2ban-0.8.7.1/client/fail2banreader.py	2012-10-11 11:49:16.318481661 -0600
+@@ -42,7 +42,7 @@ class Fail2banReader(ConfigReader):
+ 		ConfigReader.read(self, "fail2ban")
+ 	
+ 	def getEarlyOptions(self):
+-		opts = [["string", "socket", "/tmp/fail2ban.sock"]]
++		opts = [["string", "socket", "/var/lib/fail2ban/fail2ban.sock"]]
+ 		return ConfigReader.getOptions(self, "Definition", opts)
+ 	
+ 	def getOptions(self):
+diff -up fail2ban-0.8.7.1/config/action.d/dshield.conf.notmp fail2ban-0.8.7.1/config/action.d/dshield.conf
+diff -up fail2ban-0.8.7.1/config/action.d/mail-buffered.conf.notmp fail2ban-0.8.7.1/config/action.d/mail-buffered.conf
+diff -up fail2ban-0.8.7.1/config/action.d/mynetwatchman.conf.notmp fail2ban-0.8.7.1/config/action.d/mynetwatchman.conf
+diff -up fail2ban-0.8.7.1/config/action.d/sendmail-buffered.conf.notmp fail2ban-0.8.7.1/config/action.d/sendmail-buffered.conf
+diff -up fail2ban-0.8.7.1/files/nagios/f2ban.txt.notmp fail2ban-0.8.7.1/files/nagios/f2ban.txt
+--- fail2ban-0.8.7.1/files/nagios/f2ban.txt.notmp	2012-07-31 19:45:04.000000000 -0600
++++ fail2ban-0.8.7.1/files/nagios/f2ban.txt	2012-10-11 11:53:32.323532817 -0600
+@@ -6,7 +6,7 @@ HELP:
+ /etc/init.d/fail2ban stop
+ 
+ 2.) delete the socket if available
+-rm /tmp/fail2ban.sock
++rm /var/run/fail2ban/fail2ban.sock
+ 
+ 3.) start the Service 
+ /etc/init.d/fail2ban start
+diff -up fail2ban-0.8.7.1/testcases/actiontestcase.py.notmp fail2ban-0.8.7.1/testcases/actiontestcase.py
diff --git a/fail2ban-0.8.7.1-sshd.patch b/fail2ban-0.8.7.1-sshd.patch
new file mode 100644
index 0000000..aa3773e
--- /dev/null
+++ b/fail2ban-0.8.7.1-sshd.patch
@@ -0,0 +1,18 @@
+diff -up fail2ban-0.8.7.1/config/jail.conf.sshd fail2ban-0.8.7.1/config/jail.conf
+--- fail2ban-0.8.7.1/config/jail.conf.sshd	2012-07-31 19:45:04.000000000 -0600
++++ fail2ban-0.8.7.1/config/jail.conf	2012-10-11 11:47:33.131451895 -0600
+@@ -62,11 +62,11 @@ usedns = warn
+ 
+ [ssh-iptables]
+ 
+-enabled  = false
++enabled  = true
+ filter   = sshd
+ action   = iptables[name=SSH, port=ssh, protocol=tcp]
+-           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
+-logpath  = /var/log/sshd.log
++           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
++logpath  = /var/log/secure
+ maxretry = 5
+ 
+ [proftpd-iptables]
diff --git a/fail2ban.spec b/fail2ban.spec
index 80bf5d6..6b60bd9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,24 +1,18 @@
-# Not defined in Fedora's buildsystem
-%global _initdir %{_sysconfdir}/rc.d/init.d
-
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
-Version: 0.8.4
-Release: 29%{?dist}
+Version: 0.8.7.1
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
+Source0: https://github.com/downloads/%{name}/%{name}/%{name}_%{version}.orig.tar.gz
 Source1: fail2ban-logrotate
 Source2: fail2ban-tmpfiles.conf
 Patch0: fail2ban-0.8.3-init.patch
-Patch1: fail2ban-0.8.1-sshd.patch
-Patch3: fail2ban-0.8.2-fd_cloexec.patch
+Patch1: fail2ban-0.8.7.1-sshd.patch
 Patch6: fail2ban-0.8.3-log2syslog.patch
 Patch7: asyncserver.start_selinux.patch
-Patch8: fail2ban-0.8.4-notmp.patch
-Patch9: pyinotify.patch
-Patch10: fail2ban-0.8.4-examplemail.patch
+Patch8: fail2ban-0.8.7.1-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 BuildArch: noarch
@@ -38,12 +32,9 @@ failures. It updates firewall rules to reject the IP address.
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
-%patch3 -p1 -b .fd_cloexec
 %patch6 -p1 -b .log2syslog
 %patch7 -p1 -b .fd_cloexec2
 %patch8 -p1 -b .notmp
-%patch9 -p1 -b .inotify
-%patch10 -p1 -b .mail
 
 %build
 python setup.py build
@@ -51,8 +42,8 @@ python setup.py build
 %install
 rm -rf %{buildroot}
 python setup.py install -O1 --root %{buildroot}
-mkdir -p %{buildroot}%{_initdir}
-install -p -m 755 files/redhat-initd %{buildroot}%{_initdir}/fail2ban
+mkdir -p %{buildroot}%{_initddir}
+install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
 mkdir -p %{buildroot}%{_mandir}/man1
 install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
@@ -82,7 +73,7 @@ fi
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
 %{_datadir}/fail2ban
-%{_initdir}/fail2ban
+%{_initddir}/fail2ban
 %{_mandir}/man1/fail2ban-*.1*
 %dir %{_sysconfdir}/fail2ban
 %dir %{_sysconfdir}/fail2ban/action.d
@@ -97,6 +88,12 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Thu Oct 11 2012 Orion Poplawski  - 0.8.7.1-1
+- Update to 0.8.7.1
+- Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
+- Rebase sshd and notmp patches
+- Use _initddir macro
+
 * Thu Jul 19 2012 Fedora Release Engineering  - 0.8.4-29
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
 
diff --git a/pyinotify.patch b/pyinotify.patch
deleted file mode 100644
index 8a16c65..0000000
--- a/pyinotify.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-@@ -, +, @@ 
- config/jail.conf        |    9 ++-
- server/filterinotify.py |  157 +++++++++++++++++++++++++++++++++++++++++++++++
- server/jail.py          |   18 +++++-
- 3 files changed, 179 insertions(+), 5 deletions(-)
- create mode 100644 server/filterinotify.py
---- a/config/jail.conf	
-+++ a/config/jail.conf	
-@@ -26,13 +26,16 @@ findtime  = 600
- maxretry = 3
- 
- # "backend" specifies the backend used to get files modification. Available
--# options are "gamin", "polling" and "auto". This option can be overridden in
--# each jail too (use "gamin" for a jail and "polling" for another).
-+# options are "inotify", "gamin", "polling" and "auto". This option can be
-+# overridden in each jail too (use "gamin" for a jail and "polling" for
-+# another).
- #
-+# inotify: requires pyinotify and the a kernel supporting Inotify
- # gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
- #          is not installed, Fail2ban will use polling.
- # polling: uses a polling algorithm which does not require external libraries.
--# auto:    will choose Gamin if available and polling otherwise.
-+# auto:    will choose Inotify if pyinotify is present, if not then it will
-+# 	   try Gamin and use that if available, and polling otherwise.
- backend = auto
- 
- 
---- a/server/filterinotify.py	
-+++ a/server/filterinotify.py	
-@@ -0,0 +1,157 @@ 
-+# This file is part of Fail2Ban.
-+#
-+# Fail2Ban is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# Fail2Ban is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with Fail2Ban; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-+
-+# Author: Jonathan G. Underwood
-+# 
-+# $Revision$
-+
-+__author__ = "Jonathan G. Underwood"
-+__version__ = "$Revision$"
-+__date__ = "$Date$"
-+__copyright__ = "Copyright (c) 2010 Jonathan G. Underwood"
-+__license__ = "GPL"
-+
-+from failmanager import FailManagerEmpty
-+from filter import FileFilter
-+from mytime import MyTime
-+
-+import time, logging
-+
-+import pyinotify
-+from pyinotify import ProcessEvent, WatchManager, Notifier
-+
-+# Gets the instance of the logger.
-+logSys = logging.getLogger("fail2ban.filter")
-+
-+##
-+# Log reader class.
-+#
-+# This class reads a log file and detects login failures or anything else
-+# that matches a given regular expression. This class is instanciated by
-+# a Jail object.
-+
-+class FilterInotify(ProcessEvent, FileFilter):
-+
-+	##
-+	# Constructor.
-+	#
-+	# Initialize the filter object with default values.
-+	# @param jail the jail object
-+	
-+	# Note that according to the pyinotify documentation we shouldn't
-+	# define an __init__ function, but define a my_init function which is
-+	# called by ProcessEvent.__init__. However, that approach appears not
-+	# to work here and so we define __init__ and call
-+	# ProcessEvent.__init__ from here.
-+	def __init__(self, jail):
-+		FileFilter.__init__(self, jail)
-+		ProcessEvent.__init__(self)
-+		self.__monitor = WatchManager()
-+		self.__notifier = Notifier(self.__monitor, self)
-+		self.__mask = pyinotify.IN_MODIFY | pyinotify.IN_CREATE
-+		
-+	##
-+	# Event handling functions used by pyinotify.ProcessEvent
-+	# instance. These simply call the __handleMod method.
-+	# @event an event object
-+
-+	def process_IN_MODIFY(self, event):
-+		logSys.debug("process_IN_MODIFY called")
-+		self.__handleMod(event)
-+
-+	def process_IN_CREATE(self, event):
-+		logSys.debug("process_IN_CREATE called")
-+		self.__handleMod(event)
-+
-+	##
-+	# This method handles all modified file events
-+	# @event an event object
-+
-+	def __handleMod(self, event):
-+		self.getFailures(event.path)
-+		try:
-+			while True:
-+				ticket = self.failManager.toBan()
-+				self.jail.putFailTicket(ticket)
-+		except FailManagerEmpty:
-+			self.failManager.cleanup(MyTime.time())
-+		self.dateDetector.sortTemplate()
-+			
-+	##
-+	# Add a log file path
-+	#
-+	# @param path log file path
-+
-+	def addLogPath(self, path, tail = False):
-+		if self.containsLogPath(path):
-+			logSys.error(path + " already exists")
-+		else:
-+			wd = self.__monitor.add_watch(path, self.__mask)
-+			if wd[path] > 0:
-+				FileFilter.addLogPath(self, path, tail)
-+				logSys.info("Added logfile = %s" % path)
-+			else:
-+				logSys.error("Failed to add an inotify watch for logfile = %s" % path)
-+	
-+	##
-+	# Delete a log path
-+	#
-+	# @param path the log file to delete
-+	
-+	def delLogPath(self, path):
-+		if not self.containsLogPath(path):
-+			logSys.error(path + " is not monitored")
-+		else:
-+			rd = self.__monitor.rm_watch(self.__monitor.get_wd(path))
-+			if rd[path]:
-+				FileFilter.delLogPath(self, path)
-+				logSys.info("Removed logfile = %s" % path)
-+			else:
-+				logSys.error("Failed to remove inotify watch for logfile = %s" % path)
-+		
-+	##
-+	# Main loop.
-+	#
-+	# This function is the main loop of the thread. It checks if the
-+	# file has been modified and looks for failures.
-+	# @return True when the thread exits nicely
-+
-+	def run(self):
-+		self.setActive(True)
-+		while self._isActive():
-+			if not self.getIdle():
-+				# We cannot block here because we want to be able to
-+				# exit. __notifier.check_events will block for
-+				# timeout milliseconds.
-+				if self.__notifier.check_events(timeout=10):
-+					self.__notifier.read_events()
-+					self.__notifier.process_events()
-+				time.sleep(self.getSleepTime())
-+			else:
-+				time.sleep(self.getSleepTime())
-+
-+		# Cleanup when shutting down
-+		for wd in self.watchd.keys():
-+			self.__monitor.rm_watch(wd)
-+		del self.__monitor
-+		self.__notifier.stop()
-+		del self.__notifier
-+
-+		logSys.debug(self.jail.getName() + ": filter terminated")
-+		return True
-+
-+
-+				
---- a/server/jail.py	
-+++ a/server/jail.py	
-@@ -40,17 +40,31 @@ class Jail:
- 		logSys.info("Creating new jail '%s'" % self.__name)
- 		if backend == "polling":
- 			self.__initPoller()
-+		elif backend == "inotify":
-+			self.__initInotify()
-+		elif backend == "gamin":
-+			self.__initGamin()
- 		else:
- 			try:
--				self.__initGamin()
-+				self.__initInotify()
- 			except ImportError:
--				self.__initPoller()
-+				try:
-+					self.__initGamin()
-+				except ImportError:
-+					self.__initPoller()
- 		self.__action = Actions(self)
- 	
- 	def __initPoller(self):
- 		logSys.info("Jail '%s' uses poller" % self.__name)
- 		from filterpoll import FilterPoll
- 		self.__filter = FilterPoll(self)
-+
-+	def __initInotify(self):
-+		# Try to import pyinotify
-+		import pyinotify
-+		logSys.info("Jail '%s' uses Inotify" % self.__name)
-+		from filterinotify import FilterInotify
-+		self.__filter = FilterInotify(self)
- 	
- 	def __initGamin(self):
- 		# Try to import gamin
diff --git a/sources b/sources
index 3b57e09..b243c67 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-76b4d0e69ad808950b8353c6fcf93615  fail2ban-FAIL2BAN-0_8.tar.bz2
-df94335a5d12b4750869e5fe350073fa  fail2ban-0.8.4.tar.bz2
+39ae20deafbd0441ad385204d532e423  fail2ban_0.8.7.1.orig.tar.gz

From 9bcdcc246631eb27e0affae405e2f5d6f6d82d59 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 17 Dec 2012 12:15:32 -0700
Subject: [PATCH 010/201] Update to 0.8.8 (CVE-2012-5642 Bug #887914)

---
 .gitignore    | 1 +
 fail2ban.spec | 5 ++++-
 sources       | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index c028cca..a463bbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 fail2ban-FAIL2BAN-0_8.tar.bz2
 fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.7.1.orig.tar.gz
+/fail2ban_0.8.8.orig.tar.gz
diff --git a/fail2ban.spec b/fail2ban.spec
index 6b60bd9..1e51370 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
-Version: 0.8.7.1
+Version: 0.8.8
 Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
@@ -88,6 +88,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Mon Dec 17 2012 Orion Poplawski  - 0.8.8-1
+- Update to 0.8.8 (CVE-2012-5642 Bug #887914)
+
 * Thu Oct 11 2012 Orion Poplawski  - 0.8.7.1-1
 - Update to 0.8.7.1
 - Drop fd_cloexec, pyinotify, and examplemail patches fixed upstream
diff --git a/sources b/sources
index b243c67..47627bf 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-39ae20deafbd0441ad385204d532e423  fail2ban_0.8.7.1.orig.tar.gz
+48a7cfa29c30227f0e1361bd3c88ec8e  fail2ban_0.8.8.orig.tar.gz

From fb11724b4ec3ed6e96124b5274e5e7fa682d4895 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 17 Dec 2012 13:25:20 -0700
Subject: [PATCH 011/201] Remove fail2ban-0.8-sshd-filter.diff

---
 fail2ban-0.8-sshd-filter.diff | 18 ------------------
 1 file changed, 18 deletions(-)
 delete mode 100644 fail2ban-0.8-sshd-filter.diff

diff --git a/fail2ban-0.8-sshd-filter.diff b/fail2ban-0.8-sshd-filter.diff
deleted file mode 100644
index a9fa0e0..0000000
--- a/fail2ban-0.8-sshd-filter.diff
+++ /dev/null
@@ -1,18 +0,0 @@
---- fail2ban-0.8.0/config/filter.d/sshd.conf.upstream	2007-06-20 11:56:18.000000000 +0100
-+++ fail2ban-0.8.0/config/filter.d/sshd.conf	2007-06-20 11:53:36.000000000 +0100
-@@ -14,10 +14,11 @@
- #          (?:::f{4,6}:)?(?P\S+)
- # Values:  TEXT
- #
--failregex = Authentication failure for .* from 
--            Failed [-/\w]+ for .* from 
--            ROOT LOGIN REFUSED .* FROM 
--            [iI](?:llegal|nvalid) user .* from 
-+failregex = Authentication failure for .* from $
-+            Failed [-/\w]+ for .* from $
-+            ROOT LOGIN REFUSED .* FROM $
-+            [iI](?:llegal|nvalid) user .* from $
-+            User .* from  not allowed because not listed in AllowUsers$
- 
- # Option:  ignoreregex
- # Notes.:  regex to ignore. If this regex matches, the line is ignored.

From d1c947a7196463467cd8674676fc3056ffac9307 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 14 Jan 2013 17:04:14 -0700
Subject: [PATCH 012/201] Add %check to run testcases

---
 fail2ban.spec | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index 1e51370..92ec5f4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -15,6 +15,8 @@ Patch7: asyncserver.start_selinux.patch
 Patch8: fail2ban-0.8.7.1-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
+# For testcases
+BuildRequires: python-inotify
 BuildArch: noarch
 Requires: iptables, tcp_wrappers, shorewall, gamin-python
 Requires: python-inotify
@@ -53,6 +55,9 @@ install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
 install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
 
+%check
+./fail2ban-testcases
+
 %clean
 rm -rf %{buildroot}
 

From 260f069b94fed7118847cbd29fd4bda9f0818c28 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 23 Jan 2013 16:46:59 -0700
Subject: [PATCH 013/201] Add patch to prevent sshd blocks of successful logins
 for systems that use sssd or ldap

---
 fail2ban-0.8.8-sshd-pam.patch | 11 +++++++++++
 fail2ban.spec                 | 10 +++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-0.8.8-sshd-pam.patch

diff --git a/fail2ban-0.8.8-sshd-pam.patch b/fail2ban-0.8.8-sshd-pam.patch
new file mode 100644
index 0000000..cfe0772
--- /dev/null
+++ b/fail2ban-0.8.8-sshd-pam.patch
@@ -0,0 +1,11 @@
+diff -up fail2ban-0.8.8/config/filter.d/sshd.conf.sshd-pam fail2ban-0.8.8/config/filter.d/sshd.conf
+--- fail2ban-0.8.8/config/filter.d/sshd.conf.sshd-pam	2012-12-05 20:51:29.000000000 -0700
++++ fail2ban-0.8.8/config/filter.d/sshd.conf	2013-01-18 14:29:00.300902426 -0700
+@@ -30,7 +30,6 @@ failregex = ^%(__prefix_line)s(?:error:
+             ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from \s*$
+             ^%(__prefix_line)sUser .+ from  not allowed because not listed in AllowUsers\s*$
+             ^%(__prefix_line)sUser .+ from  not allowed because listed in DenyUsers\s*$
+-            ^%(__prefix_line)s(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=(?:\s+user=.*)?\s*$
+             ^%(__prefix_line)srefused connect from \S+ \(\)\s*$
+             ^%(__prefix_line)sUser .+ from  not allowed because none of user's groups are listed in AllowGroups\s*$
+ 
diff --git a/fail2ban.spec b/fail2ban.spec
index 92ec5f4..4412ef2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.8
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -10,6 +10,9 @@ Source1: fail2ban-logrotate
 Source2: fail2ban-tmpfiles.conf
 Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
+# Do not use pam_unix failure messages to ban sshd
+# https://github.com/fail2ban/fail2ban/issues/106
+Patch2: fail2ban-0.8.8-sshd-pam.patch
 Patch6: fail2ban-0.8.3-log2syslog.patch
 Patch7: asyncserver.start_selinux.patch
 Patch8: fail2ban-0.8.7.1-notmp.patch
@@ -34,6 +37,7 @@ failures. It updates firewall rules to reject the IP address.
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
+%patch2 -p1 -b .sshd-pam
 %patch6 -p1 -b .log2syslog
 %patch7 -p1 -b .fd_cloexec2
 %patch8 -p1 -b .notmp
@@ -93,6 +97,10 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Fri Jan 18 2013 Orion Poplawski  - 0.8.8-2
+- Add patch to prevent sshd blocks of successful logins for systems that use
+  sssd or ldap
+
 * Mon Dec 17 2012 Orion Poplawski  - 0.8.8-1
 - Update to 0.8.8 (CVE-2012-5642 Bug #887914)
 

From fc604fe404ea3fcd5fce2c32f8900a7d37af7c26 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 25 Jan 2013 09:43:17 -0700
Subject: [PATCH 014/201] Testcases need network access.  Disable for now

---
 fail2ban.spec | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 4412ef2..80d1bae 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -59,8 +59,9 @@ install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
 install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
 
-%check
-./fail2ban-testcases
+# Testcases need network access
+#%check
+#./fail2ban-testcases
 
 %clean
 rm -rf %{buildroot}

From 83ab8cd69d68fb990b389897b438cf500b553a77 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 14 Feb 2013 14:31:50 -0700
Subject: [PATCH 015/201] Add patch from upstream to fix module imports (Bug
 #892365) Add patch from upstream to UTF-8 characters in syslog (Bug #905097)

---
 fail2ban-import.patch | 75 +++++++++++++++++++++++++++++++++++++++++++
 fail2ban-utf8.patch   | 18 +++++++++++
 fail2ban.spec         | 23 +++++++++++--
 3 files changed, 114 insertions(+), 2 deletions(-)
 create mode 100644 fail2ban-import.patch
 create mode 100644 fail2ban-utf8.patch

diff --git a/fail2ban-import.patch b/fail2ban-import.patch
new file mode 100644
index 0000000..c4a2836
--- /dev/null
+++ b/fail2ban-import.patch
@@ -0,0 +1,75 @@
+commit d561a4c2bbc336db70d5923cf630813bc51dc3ee
+Author: Yaroslav Halchenko 
+Date:   Mon Jan 28 09:54:08 2013 -0500
+
+    BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112)
+    
+    This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed
+    
+    but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
+
+diff --git a/fail2ban-client b/fail2ban-client
+index 1d8eb15..13d018e 100755
+--- a/fail2ban-client
++++ b/fail2ban-client
+@@ -27,12 +27,13 @@ import getopt, time, shlex, socket
+ 
+ # Inserts our own modules path first in the list
+ # fix for bug #343821
+-if os.path.abspath(__file__).startswith('/usr/'):
+-	# makes sense to use system-wide library iff -client is also under /usr/
++try:
++	from common.version import version
++except ImportError, e:
+ 	sys.path.insert(1, "/usr/share/fail2ban")
++	from common.version import version
+ 
+-# Now we can import our modules
+-from common.version import version
++# Now we can import the rest of modules
+ from common.protocol import printFormatted
+ from client.csocket import CSocket
+ from client.configurator import Configurator
+diff --git a/fail2ban-regex b/fail2ban-regex
+index a42ed96..f9bc72c 100755
+--- a/fail2ban-regex
++++ b/fail2ban-regex
+@@ -26,13 +26,14 @@ import getopt, sys, time, logging, os
+ 
+ # Inserts our own modules path first in the list
+ # fix for bug #343821
+-if os.path.abspath(__file__).startswith('/usr/'):
+-	# makes sense to use system-wide library iff -regex is also under /usr/
+-    sys.path.insert(1, "/usr/share/fail2ban")
++try:
++	from common.version import version
++except ImportError, e:
++	sys.path.insert(1, "/usr/share/fail2ban")
++	from common.version import version
+ 
+ from client.configparserinc import SafeConfigParserWithIncludes
+ from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
+-from common.version import version
+ from server.filter import Filter
+ from server.failregex import RegexException
+ 
+diff --git a/fail2ban-server b/fail2ban-server
+index bd86e6c..0f3410c 100755
+--- a/fail2ban-server
++++ b/fail2ban-server
+@@ -26,11 +26,12 @@ import getopt, sys, logging, os
+ 
+ # Inserts our own modules path first in the list
+ # fix for bug #343821
+-if os.path.abspath(__file__).startswith('/usr/'):
+-	# makes sense to use system-wide library iff -server is also under /usr/
++try:
++	from common.version import version
++except ImportError, e:
+ 	sys.path.insert(1, "/usr/share/fail2ban")
++	from common.version import version
+ 
+-from common.version import version
+ from server.server import Server
+ 
+ # Gets the instance of the logger.
diff --git a/fail2ban-utf8.patch b/fail2ban-utf8.patch
new file mode 100644
index 0000000..d0013e7
--- /dev/null
+++ b/fail2ban-utf8.patch
@@ -0,0 +1,18 @@
+commit f8983872ad4297ddb3017f4818edd08892dd2129
+Author: Yaroslav Halchenko 
+Date:   Fri Feb 1 16:07:00 2013 -0500
+
+    BF: return str(host) to avoid spurious characters in the logs (Close gh-113)
+    
+    thanks to opoplawski@github
+
+diff --git a/server/failregex.py b/server/failregex.py
+index 8ce9597..b194d47 100644
+--- a/server/failregex.py
++++ b/server/failregex.py
+@@ -130,4 +130,4 @@ class FailRegex(Regex):
+ 			s = self._matchCache.string
+ 			r = self._matchCache.re
+ 			raise RegexException("No 'host' found in '%s' using '%s'" % (s, r))
+-		return host
++		return str(host)
diff --git a/fail2ban.spec b/fail2ban.spec
index 80d1bae..90ac37d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.8
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -13,6 +13,14 @@ Patch1: fail2ban-0.8.7.1-sshd.patch
 # Do not use pam_unix failure messages to ban sshd
 # https://github.com/fail2ban/fail2ban/issues/106
 Patch2: fail2ban-0.8.8-sshd-pam.patch
+# Upstream patch to fix module loading
+# https://github.com/fail2ban/fail2ban/issues/112
+# https://bugzilla.redhat.com/show_bug.cgi?id=892365
+Patch3: fail2ban-import.patch
+# Upstream patch to fix UTF-8 characters in hostnames
+# https://github.com/fail2ban/fail2ban/issues/113
+# https://bugzilla.redhat.com/show_bug.cgi?id=905097
+Patch4: fail2ban-utf8.patch
 Patch6: fail2ban-0.8.3-log2syslog.patch
 Patch7: asyncserver.start_selinux.patch
 Patch8: fail2ban-0.8.7.1-notmp.patch
@@ -21,7 +29,8 @@ BuildRequires: python-devel >= 2.3
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
-Requires: iptables, tcp_wrappers, shorewall, gamin-python
+Requires: iptables
+Requires: gamin-python
 Requires: python-inotify
 Requires: initscripts
 Requires(post): /sbin/chkconfig
@@ -33,11 +42,17 @@ Fail2ban scans log files like /var/log/pwdfail or
 /var/log/apache/error_log and bans IP that makes too many password
 failures. It updates firewall rules to reject the IP address.
 
+To use the hostsdeny and shorewall actions you must install tcp_wrappers
+and shorewall respectively.
+
+
 %prep
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
 %patch2 -p1 -b .sshd-pam
+%patch3 -p1 -b .import
+%patch4 -p1 -b .utf8
 %patch6 -p1 -b .log2syslog
 %patch7 -p1 -b .fd_cloexec2
 %patch8 -p1 -b .notmp
@@ -98,6 +113,10 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Thu Feb 14 2013 Orion Poplawski  - 0.8.8-3
+- Add patch from upstream to fix module imports (Bug #892365)
+- Add patch from upstream to UTF-8 characters in syslog (Bug #905097)
+
 * Fri Jan 18 2013 Orion Poplawski  - 0.8.8-2
 - Add patch to prevent sshd blocks of successful logins for systems that use
   sssd or ldap

From 680209bec5b7fd9d04ec2569a50758e86e7c13bc Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 14 Feb 2013 14:58:59 -0700
Subject: [PATCH 016/201] Add %changelog entry for dropping requires

---
 fail2ban.spec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index 90ac37d..64c896c 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -116,6 +116,7 @@ fi
 * Thu Feb 14 2013 Orion Poplawski  - 0.8.8-3
 - Add patch from upstream to fix module imports (Bug #892365)
 - Add patch from upstream to UTF-8 characters in syslog (Bug #905097)
+- Drop Requires: tcp_wrappers and shorewall (Bug #781341)
 
 * Fri Jan 18 2013 Orion Poplawski  - 0.8.8-2
 - Add patch to prevent sshd blocks of successful logins for systems that use

From 6bfd65edcf3e117d0bdd38b89be6601e90febc53 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 15 Mar 2013 14:19:57 -0600
Subject: [PATCH 017/201] Use systemd init for Fedora 19+ (bug #883158)

---
 fail2ban.service | 12 ++++++++++++
 fail2ban.spec    | 37 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban.service

diff --git a/fail2ban.service b/fail2ban.service
new file mode 100644
index 0000000..35d7fc8
--- /dev/null
+++ b/fail2ban.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Fail2ban Service
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/fail2ban-client -x start
+ExecStop=/usr/bin/fail2ban-client stop
+ExecReload=/usr/bin/fail2ban-client reload
+Restart=always
+
+[Install]
+WantedBy=network.target
diff --git a/fail2ban.spec b/fail2ban.spec
index 64c896c..0e7283b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,13 +1,16 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/downloads/%{name}/%{name}/%{name}_%{version}.orig.tar.gz
 Source1: fail2ban-logrotate
 Source2: fail2ban-tmpfiles.conf
+%if 0%{?fedora} >= 19
+Source3: fail2ban.service
+%endif
 Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
 # Do not use pam_unix failure messages to ban sshd
@@ -32,10 +35,17 @@ BuildArch: noarch
 Requires: iptables
 Requires: gamin-python
 Requires: python-inotify
+%if 0%{?fedora} >= 19
+BuildRequires: systemd
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+%else
 Requires: initscripts
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
+%endif
 
 %description
 Fail2ban scans log files like /var/log/pwdfail or
@@ -63,8 +73,13 @@ python setup.py build
 %install
 rm -rf %{buildroot}
 python setup.py install -O1 --root %{buildroot}
+%if 0%{?fedora} >= 19
+mkdir -p %{buildroot}%{_unitdir}
+cp -p %SOURCE3 %{buildroot}%{_unitdir}/
+%else
 mkdir -p %{buildroot}%{_initddir}
 install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
+%endif
 mkdir -p %{buildroot}%{_mandir}/man1
 install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
@@ -82,13 +97,26 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
 rm -rf %{buildroot}
 
 %post
+%if 0%{?fedora} >= 19
+%systemd_post fail2ban.service
+%else
 /sbin/chkconfig --add %{name}
+%endif
 
 %preun
+%if 0%{?fedora} >= 19
+%systemd_preun fail2ban.service
+%else
 if [ $1 = 0 ]; then
   /sbin/service %{name} stop > /dev/null 2>&1
   /sbin/chkconfig --del %{name}
 fi
+%endif
+
+%if 0%{?fedora} >= 19
+%postun
+%systemd_postun_with_restart fail2ban.service
+%endif
 
 %files
 %defattr(-,root,root,-)
@@ -98,7 +126,11 @@ fi
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
 %{_datadir}/fail2ban
+%if 0%{?fedora} >= 19
+%{_unitdir}/fail2ban.service
+%else
 %{_initddir}/fail2ban
+%endif
 %{_mandir}/man1/fail2ban-*.1*
 %dir %{_sysconfdir}/fail2ban
 %dir %{_sysconfdir}/fail2ban/action.d
@@ -113,6 +145,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Fri Mar 15 2013 Orion Poplawski  - 0.8.8-4
+- Use systemd init for Fedora 19+ (bug #883158)
+
 * Thu Feb 14 2013 Orion Poplawski  - 0.8.8-3
 - Add patch from upstream to fix module imports (Bug #892365)
 - Add patch from upstream to UTF-8 characters in syslog (Bug #905097)

From d0f8175ad9ce08a811ff9512740214e9001f1e8a Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 12 Jun 2013 16:34:16 -0600
Subject: [PATCH 018/201] Update to 0.8.10 security release

- Use upstream provided systemd files
- Drop upstreamed patches, rebase log2syslog and notmp patches
---
 .gitignore                      |  1 +
 asyncserver.start_selinux.patch | 35 -------------------------
 fail2ban-0.8.3-log2syslog.patch | 11 --------
 fail2ban-0.8.7.1-notmp.patch    | 35 -------------------------
 fail2ban-0.8.8-sshd-pam.patch   | 11 --------
 fail2ban-log2syslog.patch       | 12 +++++++++
 fail2ban-notmp.patch            | 12 +++++++++
 fail2ban.spec                   | 45 ++++++++++++---------------------
 sources                         |  2 +-
 9 files changed, 42 insertions(+), 122 deletions(-)
 delete mode 100644 asyncserver.start_selinux.patch
 delete mode 100644 fail2ban-0.8.3-log2syslog.patch
 delete mode 100644 fail2ban-0.8.7.1-notmp.patch
 delete mode 100644 fail2ban-0.8.8-sshd-pam.patch
 create mode 100644 fail2ban-log2syslog.patch
 create mode 100644 fail2ban-notmp.patch

diff --git a/.gitignore b/.gitignore
index a463bbc..fa2b88b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ fail2ban-FAIL2BAN-0_8.tar.bz2
 fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.7.1.orig.tar.gz
 /fail2ban_0.8.8.orig.tar.gz
+/fail2ban-0.8.10.tar.gz
diff --git a/asyncserver.start_selinux.patch b/asyncserver.start_selinux.patch
deleted file mode 100644
index 7f36ae4..0000000
--- a/asyncserver.start_selinux.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 20c717c25c5d180b720bec6902475f07b02f8b87 Mon Sep 17 00:00:00 2001
-From: Jonathan G. Underwood 
-Date: Sun, 3 Jan 2010 02:16:09 +0000
-Subject: [PATCH] Set socket file descriptor in AsyncServer.start to be CLOEXEC
-
-https://bugzilla.redhat.com/show_bug.cgi?id=522767
----
- server/asyncserver.py |    4 +++-
- 1 files changed, 3 insertions(+), 1 deletions(-)
-
-diff --git a/server/asyncserver.py b/server/asyncserver.py
-index 35cebf1..96b62d0 100644
---- a/server/asyncserver.py
-+++ b/server/asyncserver.py
-@@ -26,7 +26,7 @@ __license__ = "GPL"
- 
- from pickle import dumps, loads, HIGHEST_PROTOCOL
- from common import helpers
--import asyncore, asynchat, socket, os, logging, sys, traceback
-+import asyncore, asynchat, socket, os, logging, sys, traceback, fcntl
- 
- # Gets the instance of the logger.
- logSys = logging.getLogger("fail2ban.server")
-@@ -126,6 +126,8 @@ class AsyncServer(asyncore.dispatcher):
- 				raise AsyncServerException("Server already running")
- 		# Creates the socket.
- 		self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
-+		fd = self.fileno()
-+		fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
- 		self.set_reuse_addr()
- 		try:
- 			self.bind(sock)
--- 
-1.6.5.2
-
diff --git a/fail2ban-0.8.3-log2syslog.patch b/fail2ban-0.8.3-log2syslog.patch
deleted file mode 100644
index 5ee11f6..0000000
--- a/fail2ban-0.8.3-log2syslog.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- fail2ban-0.8.3/config/fail2ban.conf~	2008-02-27 22:44:55.000000000 +0100
-+++ fail2ban-0.8.3/config/fail2ban.conf	2009-08-27 20:48:25.000000000 +0200
-@@ -22,7 +22,7 @@
- #          Only one log target can be specified.
- # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
- #
--logtarget = /var/log/fail2ban.log
-+logtarget = SYSLOG
- 
- # Option: socket
- # Notes.: Set the socket file. This is used to communicate with the daemon. Do
diff --git a/fail2ban-0.8.7.1-notmp.patch b/fail2ban-0.8.7.1-notmp.patch
deleted file mode 100644
index 6c52c96..0000000
--- a/fail2ban-0.8.7.1-notmp.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-diff -U0 fail2ban-0.8.7.1/ChangeLog.notmp fail2ban-0.8.7.1/ChangeLog
---- fail2ban-0.8.7.1/ChangeLog.notmp	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/ChangeLog	2012-10-11 11:49:16.317481660 -0600
-@@ -511 +511 @@
--- Changed default PID lock file location from /tmp to /var/run
-+- Changed default PID lock file location from /var/lib/fail2ban to /var/run
-diff -up fail2ban-0.8.7.1/client/fail2banreader.py.notmp fail2ban-0.8.7.1/client/fail2banreader.py
---- fail2ban-0.8.7.1/client/fail2banreader.py.notmp	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/client/fail2banreader.py	2012-10-11 11:49:16.318481661 -0600
-@@ -42,7 +42,7 @@ class Fail2banReader(ConfigReader):
- 		ConfigReader.read(self, "fail2ban")
- 	
- 	def getEarlyOptions(self):
--		opts = [["string", "socket", "/tmp/fail2ban.sock"]]
-+		opts = [["string", "socket", "/var/lib/fail2ban/fail2ban.sock"]]
- 		return ConfigReader.getOptions(self, "Definition", opts)
- 	
- 	def getOptions(self):
-diff -up fail2ban-0.8.7.1/config/action.d/dshield.conf.notmp fail2ban-0.8.7.1/config/action.d/dshield.conf
-diff -up fail2ban-0.8.7.1/config/action.d/mail-buffered.conf.notmp fail2ban-0.8.7.1/config/action.d/mail-buffered.conf
-diff -up fail2ban-0.8.7.1/config/action.d/mynetwatchman.conf.notmp fail2ban-0.8.7.1/config/action.d/mynetwatchman.conf
-diff -up fail2ban-0.8.7.1/config/action.d/sendmail-buffered.conf.notmp fail2ban-0.8.7.1/config/action.d/sendmail-buffered.conf
-diff -up fail2ban-0.8.7.1/files/nagios/f2ban.txt.notmp fail2ban-0.8.7.1/files/nagios/f2ban.txt
---- fail2ban-0.8.7.1/files/nagios/f2ban.txt.notmp	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/files/nagios/f2ban.txt	2012-10-11 11:53:32.323532817 -0600
-@@ -6,7 +6,7 @@ HELP:
- /etc/init.d/fail2ban stop
- 
- 2.) delete the socket if available
--rm /tmp/fail2ban.sock
-+rm /var/run/fail2ban/fail2ban.sock
- 
- 3.) start the Service 
- /etc/init.d/fail2ban start
-diff -up fail2ban-0.8.7.1/testcases/actiontestcase.py.notmp fail2ban-0.8.7.1/testcases/actiontestcase.py
diff --git a/fail2ban-0.8.8-sshd-pam.patch b/fail2ban-0.8.8-sshd-pam.patch
deleted file mode 100644
index cfe0772..0000000
--- a/fail2ban-0.8.8-sshd-pam.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up fail2ban-0.8.8/config/filter.d/sshd.conf.sshd-pam fail2ban-0.8.8/config/filter.d/sshd.conf
---- fail2ban-0.8.8/config/filter.d/sshd.conf.sshd-pam	2012-12-05 20:51:29.000000000 -0700
-+++ fail2ban-0.8.8/config/filter.d/sshd.conf	2013-01-18 14:29:00.300902426 -0700
-@@ -30,7 +30,6 @@ failregex = ^%(__prefix_line)s(?:error:
-             ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from \s*$
-             ^%(__prefix_line)sUser .+ from  not allowed because not listed in AllowUsers\s*$
-             ^%(__prefix_line)sUser .+ from  not allowed because listed in DenyUsers\s*$
--            ^%(__prefix_line)s(?:pam_unix\(sshd:auth\):\s)?authentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=(?:\s+user=.*)?\s*$
-             ^%(__prefix_line)srefused connect from \S+ \(\)\s*$
-             ^%(__prefix_line)sUser .+ from  not allowed because none of user's groups are listed in AllowGroups\s*$
- 
diff --git a/fail2ban-log2syslog.patch b/fail2ban-log2syslog.patch
new file mode 100644
index 0000000..49c220d
--- /dev/null
+++ b/fail2ban-log2syslog.patch
@@ -0,0 +1,12 @@
+diff -up fail2ban-0.8.10/config/fail2ban.conf.log2syslog fail2ban-0.8.10/config/fail2ban.conf
+--- fail2ban-0.8.10/config/fail2ban.conf.log2syslog	2013-06-12 11:21:12.000000000 -0600
++++ fail2ban-0.8.10/config/fail2ban.conf	2013-06-12 16:12:48.233512068 -0600
+@@ -30,7 +30,7 @@ loglevel = 3
+ #          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+ # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+ #
+-logtarget = /var/log/fail2ban.log
++logtarget = SYSLOG
+ 
+ # Option: socket
+ # Notes.: Set the socket file. This is used to communicate with the daemon. Do
diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch
new file mode 100644
index 0000000..8799101
--- /dev/null
+++ b/fail2ban-notmp.patch
@@ -0,0 +1,12 @@
+diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py
+--- fail2ban-0.8.10/client/fail2banreader.py.notmp	2013-06-12 11:21:12.000000000 -0600
++++ fail2ban-0.8.10/client/fail2banreader.py	2013-06-12 16:17:43.820837700 -0600
+@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
+ 		ConfigReader.read(self, "fail2ban")
+ 	
+ 	def getEarlyOptions(self):
+-		opts = [["string", "socket", "/tmp/fail2ban.sock"],
++		opts = [["string", "socket", "/var/run/fail2ban/fail2ban.sock"],
+ 				["string", "pidfile", "/var/run/fail2ban/fail2ban.pid"]]
+ 		return ConfigReader.getOptions(self, "Definition", opts)
+ 	
diff --git a/fail2ban.spec b/fail2ban.spec
index 0e7283b..40164e5 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,32 +1,16 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
-Version: 0.8.8
-Release: 4%{?dist}
+Version: 0.8.10
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-Source0: https://github.com/downloads/%{name}/%{name}/%{name}_%{version}.orig.tar.gz
+Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1: fail2ban-logrotate
-Source2: fail2ban-tmpfiles.conf
-%if 0%{?fedora} >= 19
-Source3: fail2ban.service
-%endif
 Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
-# Do not use pam_unix failure messages to ban sshd
-# https://github.com/fail2ban/fail2ban/issues/106
-Patch2: fail2ban-0.8.8-sshd-pam.patch
-# Upstream patch to fix module loading
-# https://github.com/fail2ban/fail2ban/issues/112
-# https://bugzilla.redhat.com/show_bug.cgi?id=892365
-Patch3: fail2ban-import.patch
-# Upstream patch to fix UTF-8 characters in hostnames
-# https://github.com/fail2ban/fail2ban/issues/113
-# https://bugzilla.redhat.com/show_bug.cgi?id=905097
-Patch4: fail2ban-utf8.patch
-Patch6: fail2ban-0.8.3-log2syslog.patch
-Patch7: asyncserver.start_selinux.patch
-Patch8: fail2ban-0.8.7.1-notmp.patch
+Patch6: fail2ban-log2syslog.patch
+Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 # For testcases
@@ -60,11 +44,7 @@ and shorewall respectively.
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
-%patch2 -p1 -b .sshd-pam
-%patch3 -p1 -b .import
-%patch4 -p1 -b .utf8
 %patch6 -p1 -b .log2syslog
-%patch7 -p1 -b .fd_cloexec2
 %patch8 -p1 -b .notmp
 
 %build
@@ -75,7 +55,7 @@ rm -rf %{buildroot}
 python setup.py install -O1 --root %{buildroot}
 %if 0%{?fedora} >= 19
 mkdir -p %{buildroot}%{_unitdir}
-cp -p %SOURCE3 %{buildroot}%{_unitdir}/
+cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
 %else
 mkdir -p %{buildroot}%{_initddir}
 install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
@@ -87,7 +67,9 @@ install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
-install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+# Remove installed doc, use doc macro instead
+rm -r %{buildroot}%{_docdir}/%{name}
 
 # Testcases need network access
 #%check
@@ -120,7 +102,7 @@ fi
 
 %files
 %defattr(-,root,root,-)
-%doc README TODO ChangeLog COPYING
+%doc README.md TODO ChangeLog COPYING doc/*.txt
 #doc config/fail2ban.conf*
 %{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client
@@ -131,7 +113,7 @@ fi
 %else
 %{_initddir}/fail2ban
 %endif
-%{_mandir}/man1/fail2ban-*.1*
+%{_mandir}/man1/fail2ban*.1*
 %dir %{_sysconfdir}/fail2ban
 %dir %{_sysconfdir}/fail2ban/action.d
 %dir %{_sysconfdir}/fail2ban/filter.d
@@ -145,6 +127,11 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Wed Jun 12 2013 Orion Poplawski  - 0.8.10-1
+- Update to 0.8.10 security release
+- Use upstream provided systemd files
+- Drop upstreamed patches, rebase log2syslog and notmp patches
+
 * Fri Mar 15 2013 Orion Poplawski  - 0.8.8-4
 - Use systemd init for Fedora 19+ (bug #883158)
 
diff --git a/sources b/sources
index 47627bf..72b95f0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-48a7cfa29c30227f0e1361bd3c88ec8e  fail2ban_0.8.8.orig.tar.gz
+48327ac0f5938dcc2f82c63728fc8918  fail2ban-0.8.10.tar.gz

From ed39c4df2576b64af859e4a8b3720323f4b22cae Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 12 Jun 2013 16:44:15 -0600
Subject: [PATCH 019/201] Remove systemd files

---
 fail2ban-tmpfiles.conf |  1 -
 fail2ban.service       | 12 ------------
 2 files changed, 13 deletions(-)
 delete mode 100644 fail2ban-tmpfiles.conf
 delete mode 100644 fail2ban.service

diff --git a/fail2ban-tmpfiles.conf b/fail2ban-tmpfiles.conf
deleted file mode 100644
index 3fd783f..0000000
--- a/fail2ban-tmpfiles.conf
+++ /dev/null
@@ -1 +0,0 @@
-D /var/run/fail2ban 0755 root root -
\ No newline at end of file
diff --git a/fail2ban.service b/fail2ban.service
deleted file mode 100644
index 35d7fc8..0000000
--- a/fail2ban.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Fail2ban Service
-
-[Service]
-Type=forking
-ExecStart=/usr/bin/fail2ban-client -x start
-ExecStop=/usr/bin/fail2ban-client stop
-ExecReload=/usr/bin/fail2ban-client reload
-Restart=always
-
-[Install]
-WantedBy=network.target

From 29c113ec6e2561c1cda2b574e92783bfcd90822a Mon Sep 17 00:00:00 2001
From: Dennis Gilmore 
Date: Sat, 3 Aug 2013 05:35:13 -0500
Subject: [PATCH 020/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 40164e5..6d3a0d5 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -127,6 +127,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Sat Aug 03 2013 Fedora Release Engineering  - 0.8.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
 * Wed Jun 12 2013 Orion Poplawski  - 0.8.10-1
 - Update to 0.8.10 security release
 - Use upstream provided systemd files

From b5e668e8493ce336013e62f047c79c475bef5812 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 8 Aug 2013 21:42:28 -0600
Subject: [PATCH 021/201] - Update to 0.9 git branch - Rebase patches - Require
 systemd-python for journal support

---
 .gitignore                  |   1 +
 fail2ban-0.8.7.1-sshd.patch |  18 ---
 fail2ban-logfiles.patch     | 212 ++++++++++++++++++++++++++++++++++++
 fail2ban-notmp.patch        |   6 +-
 fail2ban.spec               |  23 ++--
 sources                     |   2 +-
 6 files changed, 233 insertions(+), 29 deletions(-)
 delete mode 100644 fail2ban-0.8.7.1-sshd.patch
 create mode 100644 fail2ban-logfiles.patch

diff --git a/.gitignore b/.gitignore
index fa2b88b..ebbd8d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.7.1.orig.tar.gz
 /fail2ban_0.8.8.orig.tar.gz
 /fail2ban-0.8.10.tar.gz
+/fail2ban-0.9-d529151.tar.xz
diff --git a/fail2ban-0.8.7.1-sshd.patch b/fail2ban-0.8.7.1-sshd.patch
deleted file mode 100644
index aa3773e..0000000
--- a/fail2ban-0.8.7.1-sshd.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -up fail2ban-0.8.7.1/config/jail.conf.sshd fail2ban-0.8.7.1/config/jail.conf
---- fail2ban-0.8.7.1/config/jail.conf.sshd	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/config/jail.conf	2012-10-11 11:47:33.131451895 -0600
-@@ -62,11 +62,11 @@ usedns = warn
- 
- [ssh-iptables]
- 
--enabled  = false
-+enabled  = true
- filter   = sshd
- action   = iptables[name=SSH, port=ssh, protocol=tcp]
--           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
--logpath  = /var/log/sshd.log
-+           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
-+logpath  = /var/log/secure
- maxretry = 5
- 
- [proftpd-iptables]
diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch
new file mode 100644
index 0000000..c2cf359
--- /dev/null
+++ b/fail2ban-logfiles.patch
@@ -0,0 +1,212 @@
+diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf
+--- fail2ban-0.9-d529151/config/jail.conf.logfiles	2013-07-28 03:43:54.000000000 -0600
++++ fail2ban-0.9-d529151/config/jail.conf	2013-08-08 21:23:41.785950007 -0600
+@@ -152,20 +152,18 @@ action = %(action_)s
+ [sshd]
+ 
+ port    = ssh
+-logpath = /var/log/auth.log
+-          /var/log/sshd.log
++logpath = /var/log/secure
+ 
+ [sshd-ddos]
+ 
+ port    = ssh
+-logpath = /var/log/auth.log
+-          /var/log/sshd.log
++logpath = /var/log/secure
+ 
+ [dropbear]
+ 
+ port     = ssh
+ filter   = sshd
+-logpath  = /var/log/dropbear
++logpath  = /var/log/secure
+ 
+ 
+ # Generic filter for PAM. Has to be used with action which bans all
+@@ -175,12 +173,12 @@ logpath  = /var/log/dropbear
+ 
+ # pam-generic filter can be customized to monitor specific subset of 'tty's
+ banaction = iptables-allports
+-logpath  = /var/log/auth.log
++logpath  = /var/log/secure
+ 
+ [xinetd-fail]
+ 
+ banaction = iptables-multiport-log
+-logpath   = /var/log/daemon.log
++logpath   = /var/log/messages
+ maxretry  = 2
+ 
+ # .. custom jails
+@@ -201,7 +199,7 @@ filter      = sshd
+ action      = hostsdeny[daemon_list=sshd]
+               sendmail-whois[name=SSH, dest=you@example.com]
+ ignoreregex = for myuser from
+-logpath     = /var/log/sshd.log
++logpath     = /var/log/secure
+ 
+ # Here we use blackhole routes for not requiring any additional kernel support
+ # to store large volumes of banned IPs
+@@ -210,7 +208,7 @@ logpath     = /var/log/sshd.log
+ 
+ filter = sshd
+ action = route
+-logpath = /var/log/sshd.log
++logpath = /var/log/secure
+ 
+ # Here we use a combination of Netfilter/Iptables and IPsets
+ # for storing large volumes of banned IPs
+@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log
+ 
+ filter   = sshd
+ action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/secure
+ 
+ [sshd-iptables-ipset6]
+ 
+ filter   = sshd
+ action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/secure
+ 
+ # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
+ # option is overridden in this jail. Moreover, the action "mail-whois" defines
+@@ -238,7 +236,7 @@ logpath  = /var/log/sshd.log
+ filter   = sshd
+ action   = ipfw[localhost=192.168.0.1]
+            sendmail-whois[name="SSH,IPFW", dest=you@example.com]
+-logpath  = /var/log/auth.log
++logpath  = /var/log/secure
+ ignoreip = 168.192.0.1
+ 
+ # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
+@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1
+ [ssh-bsd-ipfw]
+ filter   = sshd
+ action   = bsd-ipfw[port=ssh,table=1]
+-logpath  = /var/log/auth.log
++logpath  = /var/log/secure
+ 
+ #
+ # HTTP servers
+@@ -259,7 +257,7 @@ logpath  = /var/log/auth.log
+ [apache-auth]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*error.log
++logpath  = /var/log/httpd/*error_log
+ 
+ # Ban hosts which agent identifies spammer robots crawling the web
+ # for email addresses. The mail outputs are buffered.
+@@ -267,21 +265,20 @@ logpath  = /var/log/apache*/*error.log
+ [apache-badbots]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*access.log
+-		   /var/www/*/logs/access_log
++logpath  = /var/log/httpd/*access_log
+ bantime  = 172800
+ maxretry = 1
+ 
+ [apache-noscript]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*error.log
++logpath  = /var/log/httpd/*error_log
+ maxretry = 6
+ 
+ [apache-overflows]
+ 
+ port     = http,https
+-logpath  = /var/log/apache*/*error.log
++logpath  = /var/log/httpd/*error_log
+ maxretry = 2
+ 
+ # Ban attackers that try to use PHP's URL-fopen() functionality
+@@ -291,7 +288,7 @@ maxretry = 2
+ [php-url-fopen]
+ 
+ port    = http,https
+-logpath = /var/www/*/logs/access_log
++logpath = /var/log/httpd/*access_log
+ 
+ # A simple PHP-fastcgi jail which works with lighttpd.
+ # If you run a lighttpd server, then you probably will
+@@ -330,7 +327,7 @@ logpath  = /var/log/sogo/sogo.log
+ 
+ filter	 = apache-auth
+ action   = hostsdeny
+-logpath  = /var/log/apache*/*error.log
++logpath  = /var/log/httpd/*error_log
+ maxretry = 6
+ 
+ 
+@@ -347,7 +344,7 @@ logpath  = /var/log/proftpd/proftpd.log
+ [pure-ftpd]
+ 
+ port     = ftp,ftp-data,ftps,ftps-data
+-logpath  = /var/log/auth.log
++logpath  = /var/log/secure
+ maxretry = 6
+ 
+ [vsftpd]
+@@ -355,7 +352,7 @@ maxretry = 6
+ port     = ftp,ftp-data,ftps,ftps-data
+ logpath  = /var/log/vsftpd.log
+ # or overwrite it in jails.local to be
+-# logpath = /var/log/auth.log
++# logpath = /var/log/secure
+ # if you want to rely on PAM failed login attempts
+ # vsftpd's failregex should match both of those formats
+ 
+@@ -384,12 +381,12 @@ maxretry = 6
+ [courier-smtp]
+ 
+ port     = smtp,ssmtp,submission
+-logpath  = /var/log/mail.log
++logpath  = /var/log/maillog
+ 
+ [postfix]
+ 
+ port     = smtp,ssmtp,submission
+-logpath  = /var/log/mail.log
++logpath  = /var/log/maillog
+ 
+ # The hosts.deny path can be defined with the "file" argument if it is
+ # not in /etc.
+@@ -410,7 +407,7 @@ bantime  = 300
+ [courier-auth]
+ 
+ port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+-logpath  = /var/log/mail.log
++logpath  = /var/log/maillog
+ 
+ 
+ [sasl]
+@@ -419,12 +416,12 @@ port     = smtp,ssmtp,submission,imap2,i
+ # You might consider monitoring /var/log/mail.warn instead if you are
+ # running postfix since it would provide the same log lines at the
+ # "warn" level but overall at the smaller filesize.
+-logpath  = /var/log/mail.log
++logpath  = /var/log/maillog
+ 
+ [dovecot]
+ 
+ port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
+-logpath = /var/log/mail.log
++logpath = /var/log/maillog
+ 
+ #
+ # DNS servers
+@@ -519,7 +516,7 @@ maxretry = 5
+ enabled=false
+ filter = sshd
+ action = pf
+-logpath  = /var/log/sshd.log
++logpath  = /var/log/secure
+ maxretry=5
+ 
+ [3proxy]
diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch
index 8799101..af207d5 100644
--- a/fail2ban-notmp.patch
+++ b/fail2ban-notmp.patch
@@ -1,6 +1,6 @@
-diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py
---- fail2ban-0.8.10/client/fail2banreader.py.notmp	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/client/fail2banreader.py	2013-06-12 16:17:43.820837700 -0600
+diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py
+--- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp	2013-07-28 03:43:54.000000000 -0600
++++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py	2013-08-08 20:15:19.997686089 -0600
 @@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
  		ConfigReader.read(self, "fail2ban")
  	
diff --git a/fail2ban.spec b/fail2ban.spec
index 6d3a0d5..ac087b9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,14 +1,16 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
-Version: 0.8.10
-Release: 2%{?dist}
+Version: 0.9
+Release: 0.1.gitd529151%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0: %{name}-%{version}-d529151.tar.xz
 Source1: fail2ban-logrotate
 Patch0: fail2ban-0.8.3-init.patch
-Patch1: fail2ban-0.8.7.1-sshd.patch
+# Fix logfile paths in jail.conf
+Patch1: fail2ban-logfiles.patch
 Patch6: fail2ban-log2syslog.patch
 Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -21,6 +23,7 @@ Requires: gamin-python
 Requires: python-inotify
 %if 0%{?fedora} >= 19
 BuildRequires: systemd
+Requires: systemd-python
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -41,9 +44,9 @@ and shorewall respectively.
 
 
 %prep
-%setup -q
+%setup -q -n %{name}-%{version}-d529151
 %patch0 -p1 -b .init
-%patch1 -p1 -b .sshd
+%patch1 -p1 -b .logfiles
 %patch6 -p1 -b .log2syslog
 %patch8 -p1 -b .notmp
 
@@ -107,7 +110,8 @@ fi
 %{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
-%{_datadir}/fail2ban
+%{_bindir}/fail2ban-testcases
+%{python_sitelib}/*
 %if 0%{?fedora} >= 19
 %{_unitdir}/fail2ban.service
 %else
@@ -127,6 +131,11 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Thu Aug 8 2013 Orion Poplawski  - 0.9-0.1.gitd529151
+- Update to 0.9 git branch
+- Rebase patches
+- Require systemd-python for journal support
+
 * Sat Aug 03 2013 Fedora Release Engineering  - 0.8.10-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
diff --git a/sources b/sources
index 72b95f0..df0bbd5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-48327ac0f5938dcc2f82c63728fc8918  fail2ban-0.8.10.tar.gz
+d51144c03988c9f63d91515b6ebc5d57  fail2ban-0.9-d529151.tar.xz

From 8cded8185094dc868feba424c040f64063d6ca38 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 9 Aug 2013 14:25:30 -0600
Subject: [PATCH 022/201] Ship jail.conf(5) man page

---
 fail2ban.spec | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index ac087b9..1bbdbc4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.9
-Release: 0.1.gitd529151%{?dist}
+Release: 0.2.gitd529151%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -63,8 +63,9 @@ cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
 mkdir -p %{buildroot}%{_initddir}
 install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
 %endif
-mkdir -p %{buildroot}%{_mandir}/man1
-install -p -m 644 man/fail2ban*.1 %{buildroot}%{_mandir}/man1
+mkdir -p %{buildroot}%{_mandir}/man{1,5}
+install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
+install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
@@ -118,6 +119,7 @@ fi
 %{_initddir}/fail2ban
 %endif
 %{_mandir}/man1/fail2ban*.1*
+%{_mandir}/man5/*.1*
 %dir %{_sysconfdir}/fail2ban
 %dir %{_sysconfdir}/fail2ban/action.d
 %dir %{_sysconfdir}/fail2ban/filter.d
@@ -131,6 +133,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Fri Aug 9 2013 Orion Poplawski  - 0.9-0.2.gitd529151
+- Ship jail.conf(5) man page
+
 * Thu Aug 8 2013 Orion Poplawski  - 0.9-0.1.gitd529151
 - Update to 0.9 git branch
 - Rebase patches

From b43bf1b783b6907543ca872687236634d915f861 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 15 Aug 2013 13:25:42 -0600
Subject: [PATCH 023/201] Ship empty /etc/fail2ban/jail.d directory

---
 fail2ban-jail.d.patch | 14 ++++++++++++++
 fail2ban.spec         |  7 ++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-jail.d.patch

diff --git a/fail2ban-jail.d.patch b/fail2ban-jail.d.patch
new file mode 100644
index 0000000..9ccb6bb
--- /dev/null
+++ b/fail2ban-jail.d.patch
@@ -0,0 +1,14 @@
+diff --git a/setup.py b/setup.py
+index b61ecce..27ad17b 100755
+--- a/setup.py
++++ b/setup.py
+@@ -66,6 +66,9 @@ setup(
+ 						('/etc/fail2ban/action.d',
+ 							glob("config/action.d/*.conf")
+ 						),
++						('/etc/fail2ban/jail.d',
++                            ''
++						),
+ 						('/var/run/fail2ban',
+ 							''
+ 						),
diff --git a/fail2ban.spec b/fail2ban.spec
index 1bbdbc4..fe2b67d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -11,6 +11,8 @@ Source1: fail2ban-logrotate
 Patch0: fail2ban-0.8.3-init.patch
 # Fix logfile paths in jail.conf
 Patch1: fail2ban-logfiles.patch
+# Install jail.d
+Patch2: fail2ban-jail.d.patch
 Patch6: fail2ban-log2syslog.patch
 Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -47,6 +49,7 @@ and shorewall respectively.
 %setup -q -n %{name}-%{version}-d529151
 %patch0 -p1 -b .init
 %patch1 -p1 -b .logfiles
+%patch2 -p1 -b .jail.d
 %patch6 -p1 -b .log2syslog
 %patch8 -p1 -b .notmp
 
@@ -119,10 +122,11 @@ fi
 %{_initddir}/fail2ban
 %endif
 %{_mandir}/man1/fail2ban*.1*
-%{_mandir}/man5/*.1*
+%{_mandir}/man5/*.5*
 %dir %{_sysconfdir}/fail2ban
 %dir %{_sysconfdir}/fail2ban/action.d
 %dir %{_sysconfdir}/fail2ban/filter.d
+%dir %{_sysconfdir}/fail2ban/jail.d
 %config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf
 %config(noreplace) %{_sysconfdir}/fail2ban/jail.conf
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf
@@ -135,6 +139,7 @@ fi
 %changelog
 * Fri Aug 9 2013 Orion Poplawski  - 0.9-0.2.gitd529151
 - Ship jail.conf(5) man page
+- Ship empty /etc/fail2ban/jail.d directory
 
 * Thu Aug 8 2013 Orion Poplawski  - 0.9-0.1.gitd529151
 - Update to 0.9 git branch

From 625535d32aa615aeca780768857a555e5e6855d5 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 16 Aug 2013 09:12:13 -0600
Subject: [PATCH 024/201] Add upstream patch to fix hostsdeny permission issue

---
 fail2ban-hostsdeny.patch | 19 +++++++++++++++++++
 fail2ban.spec            | 11 ++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-hostsdeny.patch

diff --git a/fail2ban-hostsdeny.patch b/fail2ban-hostsdeny.patch
new file mode 100644
index 0000000..73a771f
--- /dev/null
+++ b/fail2ban-hostsdeny.patch
@@ -0,0 +1,19 @@
+commit aebd24ec5485dacc5146728fa22387340b51099e
+Author: Daniel Black 
+Date:   Tue Jul 2 20:09:27 2013 +1000
+
+    BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl
+
+diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf
+index 50a4545..36e3494 100644
+--- a/config/action.d/hostsdeny.conf
++++ b/config/action.d/hostsdeny.conf
+@@ -39,7 +39,7 @@ actionban = IP= &&
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionunban = IP= && sed  /ALL:\ $IP/d  > .new && mv .new 
++actionunban = echo "/ALL: $/
d
w
q" | ed 
+ 
+ [Init]
+ 
diff --git a/fail2ban.spec b/fail2ban.spec
index 40164e5..da3978f 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.10
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -9,6 +9,10 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 Source1: fail2ban-logrotate
 Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
+# Upstream patch to fix hostsdeny permission issue
+# https://github.com/fail2ban/fail2ban/issues/266
+# https://bugzilla.redhat.com/show_bug.cgi?id=997863
+Patch2: fail2ban-hostsdeny.patch
 Patch6: fail2ban-log2syslog.patch
 Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -16,6 +20,7 @@ BuildRequires: python-devel >= 2.3
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
+Requires: ed
 Requires: iptables
 Requires: gamin-python
 Requires: python-inotify
@@ -44,6 +49,7 @@ and shorewall respectively.
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
+%patch2 -p1 -b .hostsdeny
 %patch6 -p1 -b .log2syslog
 %patch8 -p1 -b .notmp
 
@@ -127,6 +133,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Fri Aug 16 2013 Orion Poplawski  - 0.8.10-2
+- Add upstream patch to fix hostsdeny permission issue
+
 * Wed Jun 12 2013 Orion Poplawski  - 0.8.10-1
 - Update to 0.8.10 security release
 - Use upstream provided systemd files

From 51345ece5778b26fd26b9407a88bbd7e92b6a755 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 16 Aug 2013 09:15:34 -0600
Subject: [PATCH 025/201] Add requires on ed for hostsdeny action

---
 fail2ban.spec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index fe2b67d..84714ba 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -20,6 +20,7 @@ BuildRequires: python-devel >= 2.3
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
+Requires: ed
 Requires: iptables
 Requires: gamin-python
 Requires: python-inotify

From 1a340b280d50208ac5913c47783eb9fe3eb9af80 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 28 Aug 2013 12:01:35 -0600
Subject: [PATCH 026/201] Add upstream patch to fix mailx argument ordering
 (bug #998020)

---
 fail2ban-mailx.patch | 60 ++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec        | 10 +++++++-
 2 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-mailx.patch

diff --git a/fail2ban-mailx.patch b/fail2ban-mailx.patch
new file mode 100644
index 0000000..9801c58
--- /dev/null
+++ b/fail2ban-mailx.patch
@@ -0,0 +1,60 @@
+diff -U0 fail2ban-0.8.10/ChangeLog.mailx fail2ban-0.8.10/ChangeLog
+--- fail2ban-0.8.10/ChangeLog.mailx	2013-08-28 11:57:02.631137995 -0600
++++ fail2ban-0.8.10/ChangeLog	2013-08-28 11:58:10.150945945 -0600
+@@ -23,0 +24,3 @@
++  Rolf Fokkens
++   * action.d/dshield.conf and complain.conf -- reorder mailx arguements.
++	   https://bugzilla.redhat.com/show_bug.cgi?id=998020
+diff -up fail2ban-0.8.10/config/action.d/complain.conf.mailx fail2ban-0.8.10/config/action.d/complain.conf
+--- fail2ban-0.8.10/config/action.d/complain.conf.mailx	2013-06-12 11:21:12.000000000 -0600
++++ fail2ban-0.8.10/config/action.d/complain.conf	2013-08-28 11:57:02.631137995 -0600
+@@ -58,7 +58,7 @@ actioncheck =
+ actionban = ADDRESSES=`whois  | perl -e 'while () { next if /^changed|@(ripe|apnic)\.net/io; $m += (/abuse|trouble:|report|spam|security/io?3:0); if (/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)/io) { while (s/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)//io) { if ($m) { $a{lc($1)}=$m } else { $b{lc($1)}=$m } } $m=0 } else { $m && --$m } } if (%%a) {print join(",",keys(%%a))} else {print join(",",keys(%%b))}'`
+ 	    IP=
+             if [ ! -z "$ADDRESSES" ]; then
+-                (printf %%b "\n"; date '+Note: Local timezone is %%z (%%Z)'; grep '' ) |  "Abuse from " $ADDRESSES 
++                (printf %%b "\n"; date '+Note: Local timezone is %%z (%%Z)'; grep '' ) |  "Abuse from "  $ADDRESSES
+             fi
+ 
+ # Option:  actionunban
+diff -up fail2ban-0.8.10/config/action.d/dshield.conf.mailx fail2ban-0.8.10/config/action.d/dshield.conf
+--- fail2ban-0.8.10/config/action.d/dshield.conf.mailx	2013-06-12 11:21:12.000000000 -0600
++++ fail2ban-0.8.10/config/action.d/dshield.conf	2013-08-28 11:57:02.632137993 -0600
+@@ -39,7 +39,7 @@ actionstart =
+ # Values:  CMD
+ #
+ actionstop = if [ -f .buffer ]; then
+-                 cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
++                 cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
+                  date +%%s > .lastsent
+              fi
+              rm -f .buffer .first
+@@ -80,7 +80,7 @@ actionban = TZONE=`date +%%z | sed 's/\(
+             LASTREPORT=$(($NOW - `cat .lastsent`))
+             LINES=$( wc -l .buffer | awk '{ print $1 }' )
+             if [ $LINES -ge  && $LASTREPORT -gt  ] || [ $LOGAGE -gt  ]; then
+-                cat .buffer |  "FORMAT DSHIELD USERID  TZ $TZONE Fail2Ban"  
++                cat .buffer |  "FORMAT DSHIELD USERID  TZ $TZONE Fail2Ban"  
+                 rm -f .buffer .first
+                 echo $NOW > .lastsent
+             fi
+@@ -95,7 +95,7 @@ actionunban = if [ -f .first ];
+                   NOW=`date +%%s`
+                   LOGAGE=$(($NOW - `cat .first`))
+                   if [ $LOGAGE -gt  ]; then
+-                      cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
++                      cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
+                       rm -f .buffer .first
+                       echo $NOW > .lastsent
+                   fi
+diff -up fail2ban-0.8.10/THANKS.mailx fail2ban-0.8.10/THANKS
+--- fail2ban-0.8.10/THANKS.mailx	2013-08-28 11:57:02.631137995 -0600
++++ fail2ban-0.8.10/THANKS	2013-08-28 11:58:34.542879375 -0600
+@@ -38,6 +38,7 @@ Patrick Börjesson
+ Raphaël Marichez
+ René Berber
+ Robert Edeker
++Rolf Fokkens
+ Russell Odom
+ Sireyessire
+ silviogarbes
diff --git a/fail2ban.spec b/fail2ban.spec
index da3978f..977830f 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.10
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -13,6 +13,10 @@ Patch1: fail2ban-0.8.7.1-sshd.patch
 # https://github.com/fail2ban/fail2ban/issues/266
 # https://bugzilla.redhat.com/show_bug.cgi?id=997863
 Patch2: fail2ban-hostsdeny.patch
+# Upstream patch to fix mailx argument ordering
+# https://github.com/fail2ban/fail2ban/issues/328
+# https://bugzilla.redhat.com/show_bug.cgi?id=998020
+Patch3: fail2ban-mailx.patch
 Patch6: fail2ban-log2syslog.patch
 Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -50,6 +54,7 @@ and shorewall respectively.
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
 %patch2 -p1 -b .hostsdeny
+%patch3 -p1 -b .mailx
 %patch6 -p1 -b .log2syslog
 %patch8 -p1 -b .notmp
 
@@ -133,6 +138,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Wed Aug 28 2013 Orion Poplawski  - 0.8.10-3
+- Add upstream patch to fix mailx argument ordering (bug #998020)
+
 * Fri Aug 16 2013 Orion Poplawski  - 0.8.10-2
 - Add upstream patch to fix hostsdeny permission issue
 

From a1783e1929b345d64c5b53e252a8d1e549b5ed18 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 24 Sep 2013 21:03:40 -0600
Subject: [PATCH 027/201] - Update to current 0.9 git branch - Rebase init
 patch, drop jail.d and notmp patch applied upstream

---
 .gitignore                |  1 +
 fail2ban-0.8.3-init.patch | 20 -------------
 fail2ban-init.patch       | 11 +++++++
 fail2ban-jail.d.patch     | 14 ---------
 fail2ban-logfiles.patch   | 61 +++++++++++++++++++--------------------
 fail2ban-notmp.patch      | 12 --------
 fail2ban.spec             | 17 +++++------
 sources                   |  2 +-
 8 files changed, 51 insertions(+), 87 deletions(-)
 delete mode 100644 fail2ban-0.8.3-init.patch
 create mode 100644 fail2ban-init.patch
 delete mode 100644 fail2ban-jail.d.patch
 delete mode 100644 fail2ban-notmp.patch

diff --git a/.gitignore b/.gitignore
index ebbd8d0..f421bcf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.8.orig.tar.gz
 /fail2ban-0.8.10.tar.gz
 /fail2ban-0.9-d529151.tar.xz
+/fail2ban-0.9-1f1a561.tar.xz
diff --git a/fail2ban-0.8.3-init.patch b/fail2ban-0.8.3-init.patch
deleted file mode 100644
index 3ed8609..0000000
--- a/fail2ban-0.8.3-init.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- fail2ban-0.8.3/files/redhat-initd.init	2008-03-10 23:36:22.000000000 +0100
-+++ fail2ban-0.8.3/files/redhat-initd	2008-08-24 20:46:01.000000000 +0200
-@@ -1,6 +1,6 @@
- #!/bin/bash
- #
--# chkconfig: 345 92 08
-+# chkconfig: - 92 08
- # description: Fail2ban daemon
- #              http://fail2ban.sourceforge.net/wiki/index.php/Main_Page
- # process name: fail2ban-server
-@@ -27,8 +27,7 @@
-     echo -n $"Starting fail2ban: "
-     getpid
-     if [ -z "$pid" ]; then
--	rm -rf /var/run/fail2ban/fail2ban.sock # in case of unclean shutdown
--        $FAIL2BAN start > /dev/null
-+        $FAIL2BAN -x start > /dev/null
-         RETVAL=$?
-     fi
-     if [ $RETVAL -eq 0 ]; then
diff --git a/fail2ban-init.patch b/fail2ban-init.patch
new file mode 100644
index 0000000..03b0016
--- /dev/null
+++ b/fail2ban-init.patch
@@ -0,0 +1,11 @@
+diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd
+--- fail2ban-0.9-1f1a561/files/redhat-initd.init	2013-09-24 16:57:09.515712728 -0600
++++ fail2ban-0.9-1f1a561/files/redhat-initd	2013-09-24 16:57:52.435590284 -0600
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# chkconfig: 345 92 08
++# chkconfig: - 92 08
+ # processname: fail2ban-server
+ # config: /etc/fail2ban/fail2ban.conf
+ # pidfile: /var/run/fail2ban/fail2ban.pid
diff --git a/fail2ban-jail.d.patch b/fail2ban-jail.d.patch
deleted file mode 100644
index 9ccb6bb..0000000
--- a/fail2ban-jail.d.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/setup.py b/setup.py
-index b61ecce..27ad17b 100755
---- a/setup.py
-+++ b/setup.py
-@@ -66,6 +66,9 @@ setup(
- 						('/etc/fail2ban/action.d',
- 							glob("config/action.d/*.conf")
- 						),
-+						('/etc/fail2ban/jail.d',
-+                            ''
-+						),
- 						('/var/run/fail2ban',
- 							''
- 						),
diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch
index c2cf359..a6082da 100644
--- a/fail2ban-logfiles.patch
+++ b/fail2ban-logfiles.patch
@@ -1,6 +1,6 @@
-diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/config/jail.conf
---- fail2ban-0.9-d529151/config/jail.conf.logfiles	2013-07-28 03:43:54.000000000 -0600
-+++ fail2ban-0.9-d529151/config/jail.conf	2013-08-08 21:23:41.785950007 -0600
+diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf
+--- fail2ban-0.9-1f1a561/config/jail.conf.logfiles	2013-09-08 05:02:35.000000000 -0600
++++ fail2ban-0.9-1f1a561/config/jail.conf	2013-09-24 17:01:40.264930006 -0600
 @@ -152,20 +152,18 @@ action = %(action_)s
  [sshd]
  
@@ -40,7 +40,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  maxretry  = 2
  
  # .. custom jails
-@@ -201,7 +199,7 @@ filter      = sshd
+@@ -194,7 +192,7 @@ filter      = sshd
  action      = hostsdeny[daemon_list=sshd]
                sendmail-whois[name=SSH, dest=you@example.com]
  ignoreregex = for myuser from
@@ -49,7 +49,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  
  # Here we use blackhole routes for not requiring any additional kernel support
  # to store large volumes of banned IPs
-@@ -210,7 +208,7 @@ logpath     = /var/log/sshd.log
+@@ -203,7 +201,7 @@ logpath     = /var/log/sshd.log
  
  filter = sshd
  action = route
@@ -58,7 +58,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  
  # Here we use a combination of Netfilter/Iptables and IPsets
  # for storing large volumes of banned IPs
-@@ -221,13 +219,13 @@ logpath = /var/log/sshd.log
+@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log
  
  filter   = sshd
  action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
@@ -74,25 +74,33 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  
  # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
  # option is overridden in this jail. Moreover, the action "mail-whois" defines
-@@ -238,7 +236,7 @@ logpath  = /var/log/sshd.log
+@@ -231,7 +229,7 @@ logpath  = /var/log/sshd.log
  filter   = sshd
  action   = ipfw[localhost=192.168.0.1]
             sendmail-whois[name="SSH,IPFW", dest=you@example.com]
 -logpath  = /var/log/auth.log
 +logpath  = /var/log/secure
- ignoreip = 168.192.0.1
  
  # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
-@@ -250,7 +248,7 @@ ignoreip = 168.192.0.1
- [ssh-bsd-ipfw]
+ # table number must be unique.
+@@ -243,14 +241,14 @@ logpath  = /var/log/auth.log
+ 
  filter   = sshd
  action   = bsd-ipfw[port=ssh,table=1]
 -logpath  = /var/log/auth.log
 +logpath  = /var/log/secure
  
+ # PF is a BSD based firewall
+ [ssh-pf]
+ 
+ filter  = sshd
+ action  = pf
+-logpath = /var/log/sshd.log
++logpath = /var/log/secure
+ maxretry= 5
+ 
  #
- # HTTP servers
-@@ -259,7 +257,7 @@ logpath  = /var/log/auth.log
+@@ -260,7 +258,7 @@ maxretry= 5
  [apache-auth]
  
  port     = http,https
@@ -101,7 +109,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  
  # Ban hosts which agent identifies spammer robots crawling the web
  # for email addresses. The mail outputs are buffered.
-@@ -267,21 +265,20 @@ logpath  = /var/log/apache*/*error.log
+@@ -268,21 +266,20 @@ logpath  = /var/log/apache*/*error.log
  [apache-badbots]
  
  port     = http,https
@@ -126,16 +134,16 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  maxretry = 2
  
  # Ban attackers that try to use PHP's URL-fopen() functionality
-@@ -291,7 +288,7 @@ maxretry = 2
+@@ -292,7 +289,7 @@ maxretry = 2
  [php-url-fopen]
  
  port    = http,https
 -logpath = /var/www/*/logs/access_log
 +logpath = /var/log/httpd/*access_log
  
- # A simple PHP-fastcgi jail which works with lighttpd.
- # If you run a lighttpd server, then you probably will
-@@ -330,7 +327,7 @@ logpath  = /var/log/sogo/sogo.log
+ [suhosin]
+ 
+@@ -325,7 +322,7 @@ logpath  = /var/log/sogo/sogo.log
  
  filter	 = apache-auth
  action   = hostsdeny
@@ -143,7 +151,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
 +logpath  = /var/log/httpd/*error_log
  maxretry = 6
  
- 
+ [3proxy]
 @@ -347,7 +344,7 @@ logpath  = /var/log/proftpd/proftpd.log
  [pure-ftpd]
  
@@ -162,7 +170,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  # if you want to rely on PAM failed login attempts
  # vsftpd's failregex should match both of those formats
  
-@@ -384,12 +381,12 @@ maxretry = 6
+@@ -390,12 +387,12 @@ logpath  = /root/path/to/assp/logs/maill
  [courier-smtp]
  
  port     = smtp,ssmtp,submission
@@ -177,7 +185,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  
  # The hosts.deny path can be defined with the "file" argument if it is
  # not in /etc.
-@@ -410,7 +407,7 @@ bantime  = 300
+@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog
  [courier-auth]
  
  port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
@@ -186,7 +194,7 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
  
  
  [sasl]
-@@ -419,12 +416,12 @@ port     = smtp,ssmtp,submission,imap2,i
+@@ -436,12 +433,12 @@ port     = smtp,ssmtp,submission,imap2,i
  # You might consider monitoring /var/log/mail.warn instead if you are
  # running postfix since it would provide the same log lines at the
  # "warn" level but overall at the smaller filesize.
@@ -199,14 +207,5 @@ diff -up fail2ban-0.9-d529151/config/jail.conf.logfiles fail2ban-0.9-d529151/con
 -logpath = /var/log/mail.log
 +logpath = /var/log/maillog
  
- #
- # DNS servers
-@@ -519,7 +516,7 @@ maxretry = 5
- enabled=false
- filter = sshd
- action = pf
--logpath  = /var/log/sshd.log
-+logpath  = /var/log/secure
- maxretry=5
+ [perdition]
  
- [3proxy]
diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch
deleted file mode 100644
index af207d5..0000000
--- a/fail2ban-notmp.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py
---- fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py.notmp	2013-07-28 03:43:54.000000000 -0600
-+++ fail2ban-0.9-d529151/fail2ban/client/fail2banreader.py	2013-08-08 20:15:19.997686089 -0600
-@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
- 		ConfigReader.read(self, "fail2ban")
- 	
- 	def getEarlyOptions(self):
--		opts = [["string", "socket", "/tmp/fail2ban.sock"],
-+		opts = [["string", "socket", "/var/run/fail2ban/fail2ban.sock"],
- 				["string", "pidfile", "/var/run/fail2ban/fail2ban.pid"]]
- 		return ConfigReader.getOptions(self, "Definition", opts)
- 	
diff --git a/fail2ban.spec b/fail2ban.spec
index 84714ba..3ad6df0 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,20 +1,17 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.9
-Release: 0.2.gitd529151%{?dist}
+Release: 0.3.git1f1a561%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
 #Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source0: %{name}-%{version}-d529151.tar.xz
+Source0: %{name}-%{version}-1f1a561.tar.xz
 Source1: fail2ban-logrotate
-Patch0: fail2ban-0.8.3-init.patch
+Patch0: fail2ban-init.patch
 # Fix logfile paths in jail.conf
 Patch1: fail2ban-logfiles.patch
-# Install jail.d
-Patch2: fail2ban-jail.d.patch
 Patch6: fail2ban-log2syslog.patch
-Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 # For testcases
@@ -47,12 +44,10 @@ and shorewall respectively.
 
 
 %prep
-%setup -q -n %{name}-%{version}-d529151
+%setup -q -n %{name}-%{version}-1f1a561
 %patch0 -p1 -b .init
 %patch1 -p1 -b .logfiles
-%patch2 -p1 -b .jail.d
 %patch6 -p1 -b .log2syslog
-%patch8 -p1 -b .notmp
 
 %build
 python setup.py build
@@ -138,6 +133,10 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Tue Sep 24 2013 Orion Poplawski  - 0.9-0.3.git1f1a561
+- Update to current 0.9 git branch
+- Rebase init patch, drop jail.d and notmp patch applied upstream
+
 * Fri Aug 9 2013 Orion Poplawski  - 0.9-0.2.gitd529151
 - Ship jail.conf(5) man page
 - Ship empty /etc/fail2ban/jail.d directory
diff --git a/sources b/sources
index df0bbd5..9e9d22b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d51144c03988c9f63d91515b6ebc5d57  fail2ban-0.9-d529151.tar.xz
+6c8a581bc46712be597f3a949d036217  fail2ban-0.9-1f1a561.tar.xz

From 49aafa1d0e90f92241409b1d8b4f81c23e1c42e5 Mon Sep 17 00:00:00 2001
From: Adam Tkac 
Date: Mon, 25 Nov 2013 18:37:59 +0100
Subject: [PATCH 028/201] Update to 0.8.11 (#1034355)

- drop part of the fail2ban-0.8.3-init.patch (merged)
- fail2ban-hostsdeny.patch has been merged
- fail2ban-mailx.patch has been merged
- fail2ban-notmp.patch has been merged

Signed-off-by: Adam Tkac 
---
 fail2ban-0.8.3-init.patch   | 21 ++++---------
 fail2ban-0.8.7.1-sshd.patch | 12 ++++----
 fail2ban-hostsdeny.patch    | 19 ------------
 fail2ban-log2syslog.patch   | 10 +++----
 fail2ban-mailx.patch        | 60 -------------------------------------
 fail2ban-notmp.patch        | 12 --------
 fail2ban.spec               | 23 ++++++--------
 7 files changed, 26 insertions(+), 131 deletions(-)
 delete mode 100644 fail2ban-hostsdeny.patch
 delete mode 100644 fail2ban-mailx.patch
 delete mode 100644 fail2ban-notmp.patch

diff --git a/fail2ban-0.8.3-init.patch b/fail2ban-0.8.3-init.patch
index 3ed8609..c40256a 100644
--- a/fail2ban-0.8.3-init.patch
+++ b/fail2ban-0.8.3-init.patch
@@ -1,20 +1,11 @@
---- fail2ban-0.8.3/files/redhat-initd.init	2008-03-10 23:36:22.000000000 +0100
-+++ fail2ban-0.8.3/files/redhat-initd	2008-08-24 20:46:01.000000000 +0200
+diff -up fail2ban-0.8.11/files/redhat-initd.init fail2ban-0.8.11/files/redhat-initd
+--- fail2ban-0.8.11/files/redhat-initd.init	2013-11-25 18:07:00.191938851 +0100
++++ fail2ban-0.8.11/files/redhat-initd	2013-11-25 18:07:49.576801893 +0100
 @@ -1,6 +1,6 @@
  #!/bin/bash
  #
 -# chkconfig: 345 92 08
 +# chkconfig: - 92 08
- # description: Fail2ban daemon
- #              http://fail2ban.sourceforge.net/wiki/index.php/Main_Page
- # process name: fail2ban-server
-@@ -27,8 +27,7 @@
-     echo -n $"Starting fail2ban: "
-     getpid
-     if [ -z "$pid" ]; then
--	rm -rf /var/run/fail2ban/fail2ban.sock # in case of unclean shutdown
--        $FAIL2BAN start > /dev/null
-+        $FAIL2BAN -x start > /dev/null
-         RETVAL=$?
-     fi
-     if [ $RETVAL -eq 0 ]; then
+ # processname: fail2ban-server
+ # config: /etc/fail2ban/fail2ban.conf
+ # pidfile: /var/run/fail2ban/fail2ban.pid
diff --git a/fail2ban-0.8.7.1-sshd.patch b/fail2ban-0.8.7.1-sshd.patch
index aa3773e..1d7fe5f 100644
--- a/fail2ban-0.8.7.1-sshd.patch
+++ b/fail2ban-0.8.7.1-sshd.patch
@@ -1,7 +1,7 @@
-diff -up fail2ban-0.8.7.1/config/jail.conf.sshd fail2ban-0.8.7.1/config/jail.conf
---- fail2ban-0.8.7.1/config/jail.conf.sshd	2012-07-31 19:45:04.000000000 -0600
-+++ fail2ban-0.8.7.1/config/jail.conf	2012-10-11 11:47:33.131451895 -0600
-@@ -62,11 +62,11 @@ usedns = warn
+diff -up fail2ban-0.8.11/config/jail.conf.sshd fail2ban-0.8.11/config/jail.conf
+--- fail2ban-0.8.11/config/jail.conf.sshd	2013-11-25 18:08:08.034123038 +0100
++++ fail2ban-0.8.11/config/jail.conf	2013-11-25 18:16:28.107917373 +0100
+@@ -71,11 +71,11 @@ usedns = warn
  
  [ssh-iptables]
  
@@ -9,9 +9,9 @@ diff -up fail2ban-0.8.7.1/config/jail.conf.sshd fail2ban-0.8.7.1/config/jail.con
 +enabled  = true
  filter   = sshd
  action   = iptables[name=SSH, port=ssh, protocol=tcp]
--           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com]
+-           sendmail-whois[name=SSH, dest=you@example.com, sender=fail2ban@example.com, sendername="Fail2Ban"]
 -logpath  = /var/log/sshd.log
-+           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com]
++           sendmail-whois[name=SSH, dest=root, sender=fail2ban@example.com, sendername="Fail2Ban"]
 +logpath  = /var/log/secure
  maxretry = 5
  
diff --git a/fail2ban-hostsdeny.patch b/fail2ban-hostsdeny.patch
deleted file mode 100644
index 73a771f..0000000
--- a/fail2ban-hostsdeny.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-commit aebd24ec5485dacc5146728fa22387340b51099e
-Author: Daniel Black 
-Date:   Tue Jul 2 20:09:27 2013 +1000
-
-    BF: replace with ed so its cross platform, fixes permission problem gh-266, and Yaroslav doesn't revert to perl
-
-diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf
-index 50a4545..36e3494 100644
---- a/config/action.d/hostsdeny.conf
-+++ b/config/action.d/hostsdeny.conf
-@@ -39,7 +39,7 @@ actionban = IP= &&
- # Tags:    See jail.conf(5) man page
- # Values:  CMD
- #
--actionunban = IP= && sed  /ALL:\ $IP/d  > .new && mv .new 
-+actionunban = echo "/ALL: $/
d
w
q" | ed 
- 
- [Init]
- 
diff --git a/fail2ban-log2syslog.patch b/fail2ban-log2syslog.patch
index 49c220d..3646a8a 100644
--- a/fail2ban-log2syslog.patch
+++ b/fail2ban-log2syslog.patch
@@ -1,9 +1,9 @@
-diff -up fail2ban-0.8.10/config/fail2ban.conf.log2syslog fail2ban-0.8.10/config/fail2ban.conf
---- fail2ban-0.8.10/config/fail2ban.conf.log2syslog	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/config/fail2ban.conf	2013-06-12 16:12:48.233512068 -0600
+diff -up fail2ban-0.8.11/config/fail2ban.conf.log2syslog fail2ban-0.8.11/config/fail2ban.conf
+--- fail2ban-0.8.11/config/fail2ban.conf.log2syslog	2013-11-25 18:23:28.627391472 +0100
++++ fail2ban-0.8.11/config/fail2ban.conf	2013-11-25 18:24:57.633978793 +0100
 @@ -30,7 +30,7 @@ loglevel = 3
- #          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
- # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+ #         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+ # Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
  #
 -logtarget = /var/log/fail2ban.log
 +logtarget = SYSLOG
diff --git a/fail2ban-mailx.patch b/fail2ban-mailx.patch
deleted file mode 100644
index 9801c58..0000000
--- a/fail2ban-mailx.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-diff -U0 fail2ban-0.8.10/ChangeLog.mailx fail2ban-0.8.10/ChangeLog
---- fail2ban-0.8.10/ChangeLog.mailx	2013-08-28 11:57:02.631137995 -0600
-+++ fail2ban-0.8.10/ChangeLog	2013-08-28 11:58:10.150945945 -0600
-@@ -23,0 +24,3 @@
-+  Rolf Fokkens
-+   * action.d/dshield.conf and complain.conf -- reorder mailx arguements.
-+	   https://bugzilla.redhat.com/show_bug.cgi?id=998020
-diff -up fail2ban-0.8.10/config/action.d/complain.conf.mailx fail2ban-0.8.10/config/action.d/complain.conf
---- fail2ban-0.8.10/config/action.d/complain.conf.mailx	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/config/action.d/complain.conf	2013-08-28 11:57:02.631137995 -0600
-@@ -58,7 +58,7 @@ actioncheck =
- actionban = ADDRESSES=`whois  | perl -e 'while () { next if /^changed|@(ripe|apnic)\.net/io; $m += (/abuse|trouble:|report|spam|security/io?3:0); if (/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)/io) { while (s/([a-z0-9_\-\.+]+@[a-z0-9\-]+(\.[[a-z0-9\-]+)+)//io) { if ($m) { $a{lc($1)}=$m } else { $b{lc($1)}=$m } } $m=0 } else { $m && --$m } } if (%%a) {print join(",",keys(%%a))} else {print join(",",keys(%%b))}'`
- 	    IP=
-             if [ ! -z "$ADDRESSES" ]; then
--                (printf %%b "\n"; date '+Note: Local timezone is %%z (%%Z)'; grep '' ) |  "Abuse from " $ADDRESSES 
-+                (printf %%b "\n"; date '+Note: Local timezone is %%z (%%Z)'; grep '' ) |  "Abuse from "  $ADDRESSES
-             fi
- 
- # Option:  actionunban
-diff -up fail2ban-0.8.10/config/action.d/dshield.conf.mailx fail2ban-0.8.10/config/action.d/dshield.conf
---- fail2ban-0.8.10/config/action.d/dshield.conf.mailx	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/config/action.d/dshield.conf	2013-08-28 11:57:02.632137993 -0600
-@@ -39,7 +39,7 @@ actionstart =
- # Values:  CMD
- #
- actionstop = if [ -f .buffer ]; then
--                 cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
-+                 cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
-                  date +%%s > .lastsent
-              fi
-              rm -f .buffer .first
-@@ -80,7 +80,7 @@ actionban = TZONE=`date +%%z | sed 's/\(
-             LASTREPORT=$(($NOW - `cat .lastsent`))
-             LINES=$( wc -l .buffer | awk '{ print $1 }' )
-             if [ $LINES -ge  && $LASTREPORT -gt  ] || [ $LOGAGE -gt  ]; then
--                cat .buffer |  "FORMAT DSHIELD USERID  TZ $TZONE Fail2Ban"  
-+                cat .buffer |  "FORMAT DSHIELD USERID  TZ $TZONE Fail2Ban"  
-                 rm -f .buffer .first
-                 echo $NOW > .lastsent
-             fi
-@@ -95,7 +95,7 @@ actionunban = if [ -f .first ];
-                   NOW=`date +%%s`
-                   LOGAGE=$(($NOW - `cat .first`))
-                   if [ $LOGAGE -gt  ]; then
--                      cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
-+                      cat .buffer |  "FORMAT DSHIELD USERID  TZ `date +%%z | sed 's/\([+-]..\)\(..\)/\1:\2/'` Fail2Ban"  
-                       rm -f .buffer .first
-                       echo $NOW > .lastsent
-                   fi
-diff -up fail2ban-0.8.10/THANKS.mailx fail2ban-0.8.10/THANKS
---- fail2ban-0.8.10/THANKS.mailx	2013-08-28 11:57:02.631137995 -0600
-+++ fail2ban-0.8.10/THANKS	2013-08-28 11:58:34.542879375 -0600
-@@ -38,6 +38,7 @@ Patrick Börjesson
- Raphaël Marichez
- René Berber
- Robert Edeker
-+Rolf Fokkens
- Russell Odom
- Sireyessire
- silviogarbes
diff --git a/fail2ban-notmp.patch b/fail2ban-notmp.patch
deleted file mode 100644
index 8799101..0000000
--- a/fail2ban-notmp.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up fail2ban-0.8.10/client/fail2banreader.py.notmp fail2ban-0.8.10/client/fail2banreader.py
---- fail2ban-0.8.10/client/fail2banreader.py.notmp	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/client/fail2banreader.py	2013-06-12 16:17:43.820837700 -0600
-@@ -39,7 +39,7 @@ class Fail2banReader(ConfigReader):
- 		ConfigReader.read(self, "fail2ban")
- 	
- 	def getEarlyOptions(self):
--		opts = [["string", "socket", "/tmp/fail2ban.sock"],
-+		opts = [["string", "socket", "/var/run/fail2ban/fail2ban.sock"],
- 				["string", "pidfile", "/var/run/fail2ban/fail2ban.pid"]]
- 		return ConfigReader.getOptions(self, "Definition", opts)
- 	
diff --git a/fail2ban.spec b/fail2ban.spec
index 977830f..0f34d7a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
-Version: 0.8.10
-Release: 3%{?dist}
+Version: 0.8.11
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -9,16 +9,7 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 Source1: fail2ban-logrotate
 Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
-# Upstream patch to fix hostsdeny permission issue
-# https://github.com/fail2ban/fail2ban/issues/266
-# https://bugzilla.redhat.com/show_bug.cgi?id=997863
-Patch2: fail2ban-hostsdeny.patch
-# Upstream patch to fix mailx argument ordering
-# https://github.com/fail2ban/fail2ban/issues/328
-# https://bugzilla.redhat.com/show_bug.cgi?id=998020
-Patch3: fail2ban-mailx.patch
 Patch6: fail2ban-log2syslog.patch
-Patch8: fail2ban-notmp.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 # For testcases
@@ -53,10 +44,7 @@ and shorewall respectively.
 %setup -q
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
-%patch2 -p1 -b .hostsdeny
-%patch3 -p1 -b .mailx
 %patch6 -p1 -b .log2syslog
-%patch8 -p1 -b .notmp
 
 %build
 python setup.py build
@@ -138,6 +126,13 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Mon Nov 25 2013 Adam Tkac  - 0.8.11-1
+- update to 0.8.11 (#1034355)
+- drop part of the fail2ban-0.8.3-init.patch (merged)
+- fail2ban-hostsdeny.patch has been merged
+- fail2ban-mailx.patch has been merged
+- fail2ban-notmp.patch has been merged
+
 * Wed Aug 28 2013 Orion Poplawski  - 0.8.10-3
 - Add upstream patch to fix mailx argument ordering (bug #998020)
 

From 40572929e08ba2793b5b637a13c27860373841fb Mon Sep 17 00:00:00 2001
From: Adam Tkac 
Date: Mon, 25 Nov 2013 18:43:53 +0100
Subject: [PATCH 029/201] Upload 0.8.11 tar.gz

Signed-off-by: Adam Tkac 
---
 .gitignore | 1 +
 sources    | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index fa2b88b..2d214e7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban_0.8.7.1.orig.tar.gz
 /fail2ban_0.8.8.orig.tar.gz
 /fail2ban-0.8.10.tar.gz
+/fail2ban-0.8.11.tar.gz
diff --git a/sources b/sources
index 72b95f0..0836756 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-48327ac0f5938dcc2f82c63728fc8918  fail2ban-0.8.10.tar.gz
+2182a21c7efd885f373ffc941d11914d  fail2ban-0.8.11.tar.gz

From 594618426a28507baddee0313989d76b77d3b241 Mon Sep 17 00:00:00 2001
From: Adam Tkac 
Date: Tue, 3 Dec 2013 14:10:47 +0100
Subject: [PATCH 030/201] Include post-release patch for apache-auth filter

Signed-off-by: Adam Tkac 
---
 ...s-using-error-log-weren-t-matched-wh.patch | 99 +++++++++++++++++++
 fail2ban.spec                                 |  7 +-
 2 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch

diff --git a/0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch b/0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch
new file mode 100644
index 0000000..e30916c
--- /dev/null
+++ b/0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch
@@ -0,0 +1,99 @@
+From 284f811c912af2f683c7eb150011337912516934 Mon Sep 17 00:00:00 2001
+From: Daniel Black 
+Date: Tue, 19 Nov 2013 10:27:55 +1100
+Subject: [PATCH] BF: apache filters using error log weren't matched when
+ referer existed in HTTP header
+
+---
+ config/filter.d/apache-auth.conf      | 26 ++++++++++++++------------
+ config/filter.d/apache-noscript.conf  |  4 ++--
+ config/filter.d/apache-overflows.conf |  2 +-
+ testcases/files/logs/apache-auth      |  3 +++
+ 6 files changed, 22 insertions(+), 15 deletions(-)
+
+diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf
+index 3df91c1..f421348 100644
+--- a/config/filter.d/apache-auth.conf
++++ b/config/filter.d/apache-auth.conf
+@@ -10,19 +10,19 @@ before = apache-common.conf
+ [Definition]
+ 
+ 
+-failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*\s*$
+-            ^%(_apache_error_client)s (AH01617: )?user .* authentication failure for "\S*": Password Mismatch$
+-            ^%(_apache_error_client)s (AH01618: )?user .* not found(: )?\S*\s*$
+-            ^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*\s*$
++failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01617: )?user .*? authentication failure for "\S*": Password Mismatch(, referer: \S+)?$
++            ^%(_apache_error_client)s (AH01618: )?user .*? not found(: )?\S*(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*(, referer: \S+)?\s*$
+             ^%(_apache_error_client)s (AH\d+: )?Authorization of user \S+ to access \S* failed, reason: .*$
+-            ^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*: password mismatch: \S*\s*$
+-            ^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*' in realm `.+' (not found|denied by provider): \S*\s*$
+-            ^%(_apache_error_client)s (AH01631: )?user .*: authorization failure for "\S*":\s*$
+-            ^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \S+\s*$
+-            ^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*' but expected `.+'\s*$
+-            ^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*' received: \S*\s*$
+-            ^%(_apache_error_client)s (AH01793: )?invalid qop `.*' received: \S*\s*$
+-            ^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .* received - user attempted time travel\s*$
++            ^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*?: password mismatch: \S*(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*?' in realm `.+' (not found|denied by provider): \S*(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01631: )?user .*?: authorization failure for "\S*":(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \S+(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*?' but expected `.+'(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*?' received: \S*(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01793: )?invalid qop `.*?' received: \S*(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .*? received - user attempted time travel(, referer: \S+)?\s*$
+ 
+ ignoreregex = 
+ 
+@@ -50,5 +50,7 @@ ignoreregex =
+ #     ^%(_apache_error_client)s (AH01779: )?user .*: one-time-nonce mismatch - sending new nonce\s*$
+ #     ^%(_apache_error_client)s (AH02486: )?realm mismatch - got `.*' but no realm specified\s*$
+ #
++# referer is always in error log messages if it exists added as per the log_error_core function in server/log.c
++# 
+ # Author: Cyril Jaquier
+ # Major edits by Daniel Black
+diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf
+index f3c6246..7ea257b 100644
+--- a/config/filter.d/apache-noscript.conf
++++ b/config/filter.d/apache-noscript.conf
+@@ -9,8 +9,8 @@ before = apache-common.conf
+ 
+ [Definition]
+ 
+-failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)\s*$
+-            ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$
++failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
++            ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$
+ 
+ ignoreregex = 
+ 
+diff --git a/config/filter.d/apache-overflows.conf b/config/filter.d/apache-overflows.conf
+index 9255152..74e44b8 100644
+--- a/config/filter.d/apache-overflows.conf
++++ b/config/filter.d/apache-overflows.conf
+@@ -8,7 +8,7 @@ before = apache-common.conf
+ 
+ [Definition]
+ 
+-failregex = ^%(_apache_error_client)s ((AH0013[456]: )?Invalid (method|URI) in request .*( - possible attempt to establish SSL connection on non-SSL port)?|(AH00565: )?request failed: URI too long \(longer than \d+\)|request failed: erroneous characters after protocol string: .*|AH00566: request failed: invalid characters in URI)$
++failregex = ^%(_apache_error_client)s ((AH0013[456]: )?Invalid (method|URI) in request .*( - possible attempt to establish SSL connection on non-SSL port)?|(AH00565: )?request failed: URI too long \(longer than \d+\)|request failed: erroneous characters after protocol string: .*|AH00566: request failed: invalid characters in URI)(, referer: \S+)?$
+ 
+ ignoreregex =
+ 
+diff --git a/testcases/files/logs/apache-auth b/testcases/files/logs/apache-auth
+index d6c40ac..787d160 100644
+--- a/testcases/files/logs/apache-auth
++++ b/testcases/files/logs/apache-auth
+@@ -115,3 +115,6 @@
+ 
+ # failJSON: { "time": "2013-06-01T02:17:42", "match": true , "host": "192.168.0.2" }
+ [Sat Jun 01 02:17:42 2013] [error] [client 192.168.0.2] user root not found
++
++# failJSON: { "time": "2013-11-18T22:39:33", "match": true , "host": "91.49.82.139" }
++[Mon Nov 18 22:39:33 2013] [error] [client 91.49.82.139] user gg not found: /, referer: http://sj.hopto.org/management.html
+-- 
+1.8.3.1
+
diff --git a/fail2ban.spec b/fail2ban.spec
index 0f34d7a..73c695d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.8.11
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
@@ -10,6 +10,7 @@ Source1: fail2ban-logrotate
 Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
 Patch6: fail2ban-log2syslog.patch
+Patch7: 0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 # For testcases
@@ -45,6 +46,7 @@ and shorewall respectively.
 %patch0 -p1 -b .init
 %patch1 -p1 -b .sshd
 %patch6 -p1 -b .log2syslog
+%patch7 -p1 -b .apache-authfix
 
 %build
 python setup.py build
@@ -126,6 +128,9 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 
 %changelog
+* Tue Dec 03 2013 Adam Tkac  - 0.8.11-2
+- include post-release patch for apache-auth filter
+
 * Mon Nov 25 2013 Adam Tkac  - 0.8.11-1
 - update to 0.8.11 (#1034355)
 - drop part of the fail2ban-0.8.3-init.patch (merged)

From f903335247ba0310992d454aac90c4c9fef67abe Mon Sep 17 00:00:00 2001
From: Adam Tkac 
Date: Tue, 3 Dec 2013 16:19:21 +0100
Subject: [PATCH 031/201] Fix firewalld support (#979622, comment 18)

Signed-off-by: Adam Tkac 
---
 fail2ban-0.8.11-singlejail.patch | 12 ++++++++++++
 fail2ban.spec                    |  3 +++
 2 files changed, 15 insertions(+)
 create mode 100644 fail2ban-0.8.11-singlejail.patch

diff --git a/fail2ban-0.8.11-singlejail.patch b/fail2ban-0.8.11-singlejail.patch
new file mode 100644
index 0000000..9419c83
--- /dev/null
+++ b/fail2ban-0.8.11-singlejail.patch
@@ -0,0 +1,12 @@
+diff -up fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf.singlejail fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf
+--- fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf.singlejail	2013-12-03 16:17:48.282238194 +0100
++++ fail2ban-0.8.11/config/action.d/firewall-cmd-direct-new.conf	2013-12-03 16:17:57.421402502 +0100
+@@ -20,7 +20,7 @@ actionstop = firewall-cmd --direct --rem
+              firewall-cmd --direct --remove-rules ipv4 filter fail2ban-
+              firewall-cmd --direct --remove-chain ipv4 filter fail2ban-
+ 
+-actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q 'fail2ban-[ \t]'
++actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -Eq 'fail2ban-$|fail2ban- '
+ 
+ actionban = firewall-cmd --direct --add-rule ipv4 filter fail2ban- 0 -s  -j 
+ 
diff --git a/fail2ban.spec b/fail2ban.spec
index 73c695d..8769761 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -11,6 +11,7 @@ Patch0: fail2ban-0.8.3-init.patch
 Patch1: fail2ban-0.8.7.1-sshd.patch
 Patch6: fail2ban-log2syslog.patch
 Patch7: 0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch
+Patch8: fail2ban-0.8.11-singlejail.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel >= 2.3
 # For testcases
@@ -47,6 +48,7 @@ and shorewall respectively.
 %patch1 -p1 -b .sshd
 %patch6 -p1 -b .log2syslog
 %patch7 -p1 -b .apache-authfix
+%patch8 -p1 -b .singlejail
 
 %build
 python setup.py build
@@ -130,6 +132,7 @@ fi
 %changelog
 * Tue Dec 03 2013 Adam Tkac  - 0.8.11-2
 - include post-release patch for apache-auth filter
+- fix firewalld support (#979622, comment 18)
 
 * Mon Nov 25 2013 Adam Tkac  - 0.8.11-1
 - update to 0.8.11 (#1034355)

From 8f487f616581747788ca42ab879ff9c67a49b374 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 17 Mar 2014 18:03:52 -0600
Subject: [PATCH 032/201] Update to 0.9

---
 .gitignore                |   1 +
 fail2ban-import.patch     |  75 --------------
 fail2ban-init.patch       |  11 --
 fail2ban-log2syslog.patch |  12 ---
 fail2ban-logfiles.patch   | 211 --------------------------------------
 fail2ban-logrotate        |   9 --
 fail2ban-utf8.patch       |  18 ----
 fail2ban.spec             |  40 +++-----
 sources                   |   2 +-
 9 files changed, 15 insertions(+), 364 deletions(-)
 delete mode 100644 fail2ban-import.patch
 delete mode 100644 fail2ban-init.patch
 delete mode 100644 fail2ban-log2syslog.patch
 delete mode 100644 fail2ban-logfiles.patch
 delete mode 100644 fail2ban-logrotate
 delete mode 100644 fail2ban-utf8.patch

diff --git a/.gitignore b/.gitignore
index f421bcf..8d98bf2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.8.10.tar.gz
 /fail2ban-0.9-d529151.tar.xz
 /fail2ban-0.9-1f1a561.tar.xz
+/fail2ban-0.9.tar.gz
diff --git a/fail2ban-import.patch b/fail2ban-import.patch
deleted file mode 100644
index c4a2836..0000000
--- a/fail2ban-import.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-commit d561a4c2bbc336db70d5923cf630813bc51dc3ee
-Author: Yaroslav Halchenko 
-Date:   Mon Jan 28 09:54:08 2013 -0500
-
-    BF: do not rely on scripts being under /usr -- might differ eg on Fedora -- rely on import of common.version (Closes gh-112)
-    
-    This is also not ideal, since if there happens to be some systemwide common.version -- we are doomed
-    
-    but otherwise, we cannot keep extending comparison check to /bin, /sbin whatelse
-
-diff --git a/fail2ban-client b/fail2ban-client
-index 1d8eb15..13d018e 100755
---- a/fail2ban-client
-+++ b/fail2ban-client
-@@ -27,12 +27,13 @@ import getopt, time, shlex, socket
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--if os.path.abspath(__file__).startswith('/usr/'):
--	# makes sense to use system-wide library iff -client is also under /usr/
-+try:
-+	from common.version import version
-+except ImportError, e:
- 	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
--# Now we can import our modules
--from common.version import version
-+# Now we can import the rest of modules
- from common.protocol import printFormatted
- from client.csocket import CSocket
- from client.configurator import Configurator
-diff --git a/fail2ban-regex b/fail2ban-regex
-index a42ed96..f9bc72c 100755
---- a/fail2ban-regex
-+++ b/fail2ban-regex
-@@ -26,13 +26,14 @@ import getopt, sys, time, logging, os
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--if os.path.abspath(__file__).startswith('/usr/'):
--	# makes sense to use system-wide library iff -regex is also under /usr/
--    sys.path.insert(1, "/usr/share/fail2ban")
-+try:
-+	from common.version import version
-+except ImportError, e:
-+	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
- from client.configparserinc import SafeConfigParserWithIncludes
- from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
--from common.version import version
- from server.filter import Filter
- from server.failregex import RegexException
- 
-diff --git a/fail2ban-server b/fail2ban-server
-index bd86e6c..0f3410c 100755
---- a/fail2ban-server
-+++ b/fail2ban-server
-@@ -26,11 +26,12 @@ import getopt, sys, logging, os
- 
- # Inserts our own modules path first in the list
- # fix for bug #343821
--if os.path.abspath(__file__).startswith('/usr/'):
--	# makes sense to use system-wide library iff -server is also under /usr/
-+try:
-+	from common.version import version
-+except ImportError, e:
- 	sys.path.insert(1, "/usr/share/fail2ban")
-+	from common.version import version
- 
--from common.version import version
- from server.server import Server
- 
- # Gets the instance of the logger.
diff --git a/fail2ban-init.patch b/fail2ban-init.patch
deleted file mode 100644
index 03b0016..0000000
--- a/fail2ban-init.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -up fail2ban-0.9-1f1a561/files/redhat-initd.init fail2ban-0.9-1f1a561/files/redhat-initd
---- fail2ban-0.9-1f1a561/files/redhat-initd.init	2013-09-24 16:57:09.515712728 -0600
-+++ fail2ban-0.9-1f1a561/files/redhat-initd	2013-09-24 16:57:52.435590284 -0600
-@@ -1,6 +1,6 @@
- #!/bin/bash
- #
--# chkconfig: 345 92 08
-+# chkconfig: - 92 08
- # processname: fail2ban-server
- # config: /etc/fail2ban/fail2ban.conf
- # pidfile: /var/run/fail2ban/fail2ban.pid
diff --git a/fail2ban-log2syslog.patch b/fail2ban-log2syslog.patch
deleted file mode 100644
index 49c220d..0000000
--- a/fail2ban-log2syslog.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up fail2ban-0.8.10/config/fail2ban.conf.log2syslog fail2ban-0.8.10/config/fail2ban.conf
---- fail2ban-0.8.10/config/fail2ban.conf.log2syslog	2013-06-12 11:21:12.000000000 -0600
-+++ fail2ban-0.8.10/config/fail2ban.conf	2013-06-12 16:12:48.233512068 -0600
-@@ -30,7 +30,7 @@ loglevel = 3
- #          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
- # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
- #
--logtarget = /var/log/fail2ban.log
-+logtarget = SYSLOG
- 
- # Option: socket
- # Notes.: Set the socket file. This is used to communicate with the daemon. Do
diff --git a/fail2ban-logfiles.patch b/fail2ban-logfiles.patch
deleted file mode 100644
index a6082da..0000000
--- a/fail2ban-logfiles.patch
+++ /dev/null
@@ -1,211 +0,0 @@
-diff -up fail2ban-0.9-1f1a561/config/jail.conf.logfiles fail2ban-0.9-1f1a561/config/jail.conf
---- fail2ban-0.9-1f1a561/config/jail.conf.logfiles	2013-09-08 05:02:35.000000000 -0600
-+++ fail2ban-0.9-1f1a561/config/jail.conf	2013-09-24 17:01:40.264930006 -0600
-@@ -152,20 +152,18 @@ action = %(action_)s
- [sshd]
- 
- port    = ssh
--logpath = /var/log/auth.log
--          /var/log/sshd.log
-+logpath = /var/log/secure
- 
- [sshd-ddos]
- 
- port    = ssh
--logpath = /var/log/auth.log
--          /var/log/sshd.log
-+logpath = /var/log/secure
- 
- [dropbear]
- 
- port     = ssh
- filter   = sshd
--logpath  = /var/log/dropbear
-+logpath  = /var/log/secure
- 
- 
- # Generic filter for PAM. Has to be used with action which bans all
-@@ -175,12 +173,12 @@ logpath  = /var/log/dropbear
- 
- # pam-generic filter can be customized to monitor specific subset of 'tty's
- banaction = iptables-allports
--logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- 
- [xinetd-fail]
- 
- banaction = iptables-multiport-log
--logpath   = /var/log/daemon.log
-+logpath   = /var/log/messages
- maxretry  = 2
- 
- # .. custom jails
-@@ -194,7 +192,7 @@ filter      = sshd
- action      = hostsdeny[daemon_list=sshd]
-               sendmail-whois[name=SSH, dest=you@example.com]
- ignoreregex = for myuser from
--logpath     = /var/log/sshd.log
-+logpath     = /var/log/secure
- 
- # Here we use blackhole routes for not requiring any additional kernel support
- # to store large volumes of banned IPs
-@@ -203,7 +201,7 @@ logpath     = /var/log/sshd.log
- 
- filter = sshd
- action = route
--logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- 
- # Here we use a combination of Netfilter/Iptables and IPsets
- # for storing large volumes of banned IPs
-@@ -214,13 +212,13 @@ logpath = /var/log/sshd.log
- 
- filter   = sshd
- action   = iptables-ipset-proto4[name=SSH, port=ssh, protocol=tcp]
--logpath  = /var/log/sshd.log
-+logpath  = /var/log/secure
- 
- [sshd-iptables-ipset6]
- 
- filter   = sshd
- action   = iptables-ipset-proto6[name=SSH, port=ssh, protocol=tcp, bantime=600]
--logpath  = /var/log/sshd.log
-+logpath  = /var/log/secure
- 
- # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
- # option is overridden in this jail. Moreover, the action "mail-whois" defines
-@@ -231,7 +229,7 @@ logpath  = /var/log/sshd.log
- filter   = sshd
- action   = ipfw[localhost=192.168.0.1]
-            sendmail-whois[name="SSH,IPFW", dest=you@example.com]
--logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- 
- # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
- # table number must be unique.
-@@ -243,14 +241,14 @@ logpath  = /var/log/auth.log
- 
- filter   = sshd
- action   = bsd-ipfw[port=ssh,table=1]
--logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- 
- # PF is a BSD based firewall
- [ssh-pf]
- 
- filter  = sshd
- action  = pf
--logpath = /var/log/sshd.log
-+logpath = /var/log/secure
- maxretry= 5
- 
- #
-@@ -260,7 +258,7 @@ maxretry= 5
- [apache-auth]
- 
- port     = http,https
--logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- 
- # Ban hosts which agent identifies spammer robots crawling the web
- # for email addresses. The mail outputs are buffered.
-@@ -268,21 +266,20 @@ logpath  = /var/log/apache*/*error.log
- [apache-badbots]
- 
- port     = http,https
--logpath  = /var/log/apache*/*access.log
--		   /var/www/*/logs/access_log
-+logpath  = /var/log/httpd/*access_log
- bantime  = 172800
- maxretry = 1
- 
- [apache-noscript]
- 
- port     = http,https
--logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- maxretry = 6
- 
- [apache-overflows]
- 
- port     = http,https
--logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- maxretry = 2
- 
- # Ban attackers that try to use PHP's URL-fopen() functionality
-@@ -292,7 +289,7 @@ maxretry = 2
- [php-url-fopen]
- 
- port    = http,https
--logpath = /var/www/*/logs/access_log
-+logpath = /var/log/httpd/*access_log
- 
- [suhosin]
- 
-@@ -325,7 +322,7 @@ logpath  = /var/log/sogo/sogo.log
- 
- filter	 = apache-auth
- action   = hostsdeny
--logpath  = /var/log/apache*/*error.log
-+logpath  = /var/log/httpd/*error_log
- maxretry = 6
- 
- [3proxy]
-@@ -347,7 +344,7 @@ logpath  = /var/log/proftpd/proftpd.log
- [pure-ftpd]
- 
- port     = ftp,ftp-data,ftps,ftps-data
--logpath  = /var/log/auth.log
-+logpath  = /var/log/secure
- maxretry = 6
- 
- [vsftpd]
-@@ -355,7 +352,7 @@ maxretry = 6
- port     = ftp,ftp-data,ftps,ftps-data
- logpath  = /var/log/vsftpd.log
- # or overwrite it in jails.local to be
--# logpath = /var/log/auth.log
-+# logpath = /var/log/secure
- # if you want to rely on PAM failed login attempts
- # vsftpd's failregex should match both of those formats
- 
-@@ -390,12 +387,12 @@ logpath  = /root/path/to/assp/logs/maill
- [courier-smtp]
- 
- port     = smtp,ssmtp,submission
--logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- [postfix]
- 
- port     = smtp,ssmtp,submission
--logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- # The hosts.deny path can be defined with the "file" argument if it is
- # not in /etc.
-@@ -427,7 +424,7 @@ logpath = /var/log/exim/mainlog
- [courier-auth]
- 
- port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
--logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- 
- [sasl]
-@@ -436,12 +433,12 @@ port     = smtp,ssmtp,submission,imap2,i
- # You might consider monitoring /var/log/mail.warn instead if you are
- # running postfix since it would provide the same log lines at the
- # "warn" level but overall at the smaller filesize.
--logpath  = /var/log/mail.log
-+logpath  = /var/log/maillog
- 
- [dovecot]
- 
- port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
--logpath = /var/log/mail.log
-+logpath = /var/log/maillog
- 
- [perdition]
- 
diff --git a/fail2ban-logrotate b/fail2ban-logrotate
deleted file mode 100644
index 4d7a6c9..0000000
--- a/fail2ban-logrotate
+++ /dev/null
@@ -1,9 +0,0 @@
-/var/log/fail2ban.log {
-    missingok
-    notifempty
-    size 30k
-    create 0600 root root
-    postrotate
-        /usr/bin/fail2ban-client set logtarget SYSLOG 2> /dev/null || true
-    endscript
-}
diff --git a/fail2ban-utf8.patch b/fail2ban-utf8.patch
deleted file mode 100644
index d0013e7..0000000
--- a/fail2ban-utf8.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-commit f8983872ad4297ddb3017f4818edd08892dd2129
-Author: Yaroslav Halchenko 
-Date:   Fri Feb 1 16:07:00 2013 -0500
-
-    BF: return str(host) to avoid spurious characters in the logs (Close gh-113)
-    
-    thanks to opoplawski@github
-
-diff --git a/server/failregex.py b/server/failregex.py
-index 8ce9597..b194d47 100644
---- a/server/failregex.py
-+++ b/server/failregex.py
-@@ -130,4 +130,4 @@ class FailRegex(Regex):
- 			s = self._matchCache.string
- 			r = self._matchCache.re
- 			raise RegexException("No 'host' found in '%s' using '%s'" % (s, r))
--		return host
-+		return str(host)
diff --git a/fail2ban.spec b/fail2ban.spec
index 3ad6df0..04ce99a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,19 +1,13 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.9
-Release: 0.3.git1f1a561%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
-#Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source0: %{name}-%{version}-1f1a561.tar.xz
-Source1: fail2ban-logrotate
-Patch0: fail2ban-init.patch
-# Fix logfile paths in jail.conf
-Patch1: fail2ban-logfiles.patch
-Patch6: fail2ban-log2syslog.patch
+Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: python-devel >= 2.3
+BuildRequires: python-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
@@ -44,10 +38,7 @@ and shorewall respectively.
 
 
 %prep
-%setup -q -n %{name}-%{version}-1f1a561
-%patch0 -p1 -b .init
-%patch1 -p1 -b .logfiles
-%patch6 -p1 -b .log2syslog
+%setup -q
 
 %build
 python setup.py build
@@ -66,7 +57,7 @@ mkdir -p %{buildroot}%{_mandir}/man{1,5}
 install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
-install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
+install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
@@ -75,11 +66,9 @@ install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfi
 rm -r %{buildroot}%{_docdir}/%{name}
 
 # Testcases need network access
-#%check
-#./fail2ban-testcases
+%check
+./fail2ban-testcases-all --no-network
 
-%clean
-rm -rf %{buildroot}
 
 %post
 %if 0%{?fedora} >= 19
@@ -119,20 +108,17 @@ fi
 %endif
 %{_mandir}/man1/fail2ban*.1*
 %{_mandir}/man5/*.5*
-%dir %{_sysconfdir}/fail2ban
-%dir %{_sysconfdir}/fail2ban/action.d
-%dir %{_sysconfdir}/fail2ban/filter.d
-%dir %{_sysconfdir}/fail2ban/jail.d
-%config(noreplace) %{_sysconfdir}/fail2ban/fail2ban.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/jail.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/action.d/*.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/filter.d/*.conf
+%config(noreplace) %{_sysconfdir}/fail2ban
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
-%dir %{_localstatedir}/run/fail2ban/
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
+%dir %{_localstatedir}/run/fail2ban/
+
 
 %changelog
+* Mon Mar 17 2014 Orion Poplawski  - 0.9-1
+- Update to 0.9
+
 * Tue Sep 24 2013 Orion Poplawski  - 0.9-0.3.git1f1a561
 - Update to current 0.9 git branch
 - Rebase init patch, drop jail.d and notmp patch applied upstream
diff --git a/sources b/sources
index 9e9d22b..78e6b89 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-6c8a581bc46712be597f3a949d036217  fail2ban-0.9-1f1a561.tar.xz
+02de1ff774f3c16d23450a3ad1c43137  fail2ban-0.9.tar.gz

From de396da924b5002b42a1f810fe4ca38df6fee16a Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 17 Mar 2014 18:43:32 -0600
Subject: [PATCH 033/201] Disable tests again for now

---
 fail2ban.spec | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 04ce99a..f75952b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -65,10 +65,9 @@ install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfi
 # Remove installed doc, use doc macro instead
 rm -r %{buildroot}%{_docdir}/%{name}
 
-# Testcases need network access
 %check
-./fail2ban-testcases-all --no-network
-
+# Testcases still pulling in network tests, wants /dev/log
+#./fail2ban-testcases-all --no-network
 
 %post
 %if 0%{?fedora} >= 19

From c6ff414f68597621df1dd1c6885892e917a6d719 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 17 Mar 2014 18:49:13 -0600
Subject: [PATCH 034/201] Spec cleanup

---
 fail2ban.spec | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index f75952b..267f6c6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -3,10 +3,8 @@ Name: fail2ban
 Version: 0.9
 Release: 1%{?dist}
 License: GPLv2+
-Group: System Environment/Daemons
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel
 # For testcases
 BuildRequires: python-inotify
@@ -44,7 +42,6 @@ and shorewall respectively.
 python setup.py build
 
 %install
-rm -rf %{buildroot}
 python setup.py install -O1 --root %{buildroot}
 %if 0%{?fedora} >= 19
 mkdir -p %{buildroot}%{_unitdir}
@@ -92,7 +89,6 @@ fi
 %endif
 
 %files
-%defattr(-,root,root,-)
 %doc README.md TODO ChangeLog COPYING doc/*.txt
 #doc config/fail2ban.conf*
 %{_bindir}/fail2ban-server

From 3120ad735d61f695059f7808ba5976a38bad8797 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 18 Mar 2014 20:28:01 -0600
Subject: [PATCH 035/201] BR python2-devel

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 267f6c6..8257e89 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -5,7 +5,7 @@ Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-BuildRequires: python-devel
+BuildRequires: python2-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch

From 909f71303dec99e1551812b6cef4d6d8b879c5d3 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 18 Mar 2014 22:57:27 -0600
Subject: [PATCH 036/201] Use Fedora paths Start after firewalld (bug #1067147)

---
 fail2ban.spec | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 8257e89..16317b3 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Ban IPs that make too many password failures
 Name: fail2ban
 Version: 0.9
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -37,6 +37,10 @@ and shorewall respectively.
 
 %prep
 %setup -q
+# Use Fedora paths
+sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
+# Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
+sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service
 
 %build
 python setup.py build
@@ -111,6 +115,10 @@ fi
 
 
 %changelog
+* Tue Mar 18 2014 Orion Poplawski  - 0.9-2
+- Use Fedora paths
+- Start after firewalld (bug #1067147)
+
 * Mon Mar 17 2014 Orion Poplawski  - 0.9-1
 - Update to 0.9
 

From cfc0b77c7d97613f6d7b64d451732ab60cc39086 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 19 Mar 2014 21:59:36 -0600
Subject: [PATCH 037/201] Split into sub-packages for different components
 Enable journal filter by default (bug #985567) Enable firewalld action by
 default (bug #1046816)

---
 fail2ban.spec | 175 +++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 158 insertions(+), 17 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 16317b3..3272e19 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
-Summary: Ban IPs that make too many password failures
+Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -9,12 +9,34 @@ BuildRequires: python2-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
-Requires: ed
-Requires: iptables
-Requires: gamin-python
-Requires: python-inotify
 %if 0%{?fedora} >= 19
 BuildRequires: systemd
+%endif
+# Default components
+Requires: %{name}-firewalld = %{version}-%{release}
+Requires: %{name}-sendmail = %{version}-%{release}
+Requires: %{name}-server = %{version}-%{release}
+Requires: %{name}-systemd = %{version}-%{release}
+
+%description
+Fail2Ban scans log files and bans IP addresses that makes too many password
+failures. It updates firewall rules to reject the IP address. These rules can
+be defined by the user. Fail2Ban can read multiple log files such as sshd or
+Apache web server ones.
+
+Fail2Ban is able to reduce the rate of incorrect authentications attempts
+however it cannot eliminate the risk that weak authentication presents.
+Configure services to use only two factor or public/private authentication
+mechanisms if you really want to protect services.
+
+This is a meta-package that will install the default configuration.  Other
+sub-packages are available to install support for other actions and
+configurations.
+
+
+%package server
+Summary: Core server component for Fail2Ban
+%if 0%{?fedora} >= 19
 Requires: systemd-python
 Requires(post): systemd
 Requires(preun): systemd
@@ -25,14 +47,90 @@ Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 Requires(preun): /sbin/service
 %endif
+Requires: ipset
+Requires: iptables
 
-%description
-Fail2ban scans log files like /var/log/pwdfail or
-/var/log/apache/error_log and bans IP that makes too many password
-failures. It updates firewall rules to reject the IP address.
+%description server
+This package contains the core server components for Fail2Ban with minimal
+dependencies.  You can install this directly if you want to have a small
+installation and know what you are doing.
 
-To use the hostsdeny and shorewall actions you must install tcp_wrappers
-and shorewall respectively.
+
+%package all
+Summary: Install all Fail2Ban packages and dependencies
+Requires: %{name}-firewalld = %{version}-%{release}
+Requires: %{name}-hostsdeny = %{version}-%{release}
+Requires: %{name}-mail = %{version}-%{release}
+Requires: %{name}-sendmail = %{version}-%{release}
+Requires: %{name}-server = %{version}-%{release}
+Requires: %{name}-shorewall = %{version}-%{release}
+Requires: %{name}-systemd = %{version}-%{release}
+Requires: gamin-python
+Requires: perl
+Requires: python-inotify
+Requires: /usr/bin/whois
+
+%description all
+This package installs all of the Fail2Ban packages and dependencies.
+
+
+%package firewalld
+Summary: Firewalld support for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: firewalld
+
+%description firewalld
+This package enables support for manipulating firewalld rules.  This is the
+default firewall service in Fedora.
+
+
+%package hostsdeny
+Summary: Hostsdeny (tcp_wrappers) support for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: ed
+Requires: tcp_wrappers
+
+%description hostsdeny
+This package enables support for manipulating tcp_wrapper's /etc/hosts.deny
+files.
+
+
+%package mail
+Summary: Mail actions for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: /usr/bin/mail
+
+%description mail
+This package installs Fail2Ban's mail actions.  These are an alternative
+to the default sendmail actions.
+
+
+%package sendmail
+Summary: Sendmail actions for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: /usr/sbin/sendmail
+
+%description sendmail
+This package installs Fail2Ban's sendmail actions.  This is the default
+mail actions for Fail2Ban.
+
+
+%package shorewall
+Summary: Shorewall support for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: shorewall
+
+%description shorewall
+This package enables support for manipulating shoreall rules.
+
+
+%package systemd
+Summary: Systemd journal configuration for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+
+%description systemd
+This package configures Fail2Ban to use the systemd journal for its log input
+by default.
 
 
 %prep
@@ -63,6 +161,20 @@ install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
 install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+# Remove non-Linux actions
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
+rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
+# firewalld configuration
+cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf < %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <= 19
 %systemd_post fail2ban.service
 %else
 /sbin/chkconfig --add %{name}
 %endif
 
-%preun
+%preun server
 %if 0%{?fedora} >= 19
 %systemd_preun fail2ban.service
 %else
@@ -88,13 +200,12 @@ fi
 %endif
 
 %if 0%{?fedora} >= 19
-%postun
+%postun server
 %systemd_postun_with_restart fail2ban.service
 %endif
 
-%files
+%files server
 %doc README.md TODO ChangeLog COPYING doc/*.txt
-#doc config/fail2ban.conf*
 %{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
@@ -108,13 +219,43 @@ fi
 %{_mandir}/man1/fail2ban*.1*
 %{_mandir}/man5/*.5*
 %config(noreplace) %{_sysconfdir}/fail2ban
+%exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
+%exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
 %dir %{_localstatedir}/run/fail2ban/
 
+%files firewalld
+%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf
+
+%files hostsdeny
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
+
+%files mail
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+
+%files sendmail
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
+
+%files shorewall
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
+
+%files systemd
+%config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf
+
 
 %changelog
+* Wed Mar 19 2014 Orion Poplawski  - 0.9-3
+- Split into sub-packages for different components
+- Enable journal filter by default (bug #985567)
+- Enable firewalld action by default (bug #1046816)
+
 * Tue Mar 18 2014 Orion Poplawski  - 0.9-2
 - Use Fedora paths
 - Start after firewalld (bug #1067147)

From 673cc6fe140eb8dc2c4e7c16be9aa14f8beb31ad Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 19 Mar 2014 22:14:01 -0600
Subject: [PATCH 038/201] Add upstream patch to fix setting loglevel in
 fail2ban.conf Add upstream patches to fix tests in mock, run tests

---
 fail2ban-loglevel.patch     | 21 +++++++++++++++++++++
 fail2ban-tests-nonet.patch  | 20 ++++++++++++++++++++
 fail2ban-tests-syslog.patch | 23 +++++++++++++++++++++++
 fail2ban.spec               | 18 ++++++++++++++++--
 4 files changed, 80 insertions(+), 2 deletions(-)
 create mode 100644 fail2ban-loglevel.patch
 create mode 100644 fail2ban-tests-nonet.patch
 create mode 100644 fail2ban-tests-syslog.patch

diff --git a/fail2ban-loglevel.patch b/fail2ban-loglevel.patch
new file mode 100644
index 0000000..f41fb87
--- /dev/null
+++ b/fail2ban-loglevel.patch
@@ -0,0 +1,21 @@
+commit 1470e3c01d49841335e11ed7ca7898516d1b8be8
+Author: Steven Hiscocks 
+Date:   Wed Mar 19 19:09:07 2014 +0000
+
+    BF: fail2ban.conf reader expected "int" type for `loglevel`
+    
+    Closes #657
+
+diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py
+index f17ff92..251c698 100644
+--- a/fail2ban/client/fail2banreader.py
++++ b/fail2ban/client/fail2banreader.py
+@@ -45,7 +45,7 @@ class Fail2banReader(ConfigReader):
+ 		return ConfigReader.getOptions(self, "Definition", opts)
+ 	
+ 	def getOptions(self):
+-		opts = [["int", "loglevel", "INFO" ],
++		opts = [["string", "loglevel", "INFO" ],
+ 				["string", "logtarget", "STDERR"],
+ 				["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
+ 				["int", "dbpurgeage", 86400]]
diff --git a/fail2ban-tests-nonet.patch b/fail2ban-tests-nonet.patch
new file mode 100644
index 0000000..57e1c1c
--- /dev/null
+++ b/fail2ban-tests-nonet.patch
@@ -0,0 +1,20 @@
+commit 175c5934620adb600fe4435732a3887855320669
+Author: Steven Hiscocks 
+Date:   Wed Mar 19 19:30:48 2014 +0000
+
+    TST: Skip badips.py test is no network option set
+
+diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
+index 456a829..85c1d92 100644
+--- a/fail2ban/tests/utils.py
++++ b/fail2ban/tests/utils.py
+@@ -209,6 +209,9 @@ def gatherTests(regexps=None, no_network=False):
+ 	for file_ in os.listdir(
+ 		os.path.abspath(os.path.dirname(action_d.__file__))):
+ 		if file_.startswith("test_") and file_.endswith(".py"):
++			if no_network and file_ in ['test_badips.py']: #pragma: no cover
++				# Test required network
++				continue
+ 			tests.addTest(testloader.loadTestsFromName(
+ 				"%s.%s" % (action_d.__name__, os.path.splitext(file_)[0])))
+ 
diff --git a/fail2ban-tests-syslog.patch b/fail2ban-tests-syslog.patch
new file mode 100644
index 0000000..0541367
--- /dev/null
+++ b/fail2ban-tests-syslog.patch
@@ -0,0 +1,23 @@
+commit 75325da09091f3ae800a2efbcde1a016617e5f1a
+Author: Steven Hiscocks 
+Date:   Wed Mar 19 19:21:23 2014 +0000
+
+    TST: Skip SYSLOG log target test if '/dev/log' not present
+
+diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
+index 231aecd..c4163db 100644
+--- a/fail2ban/tests/servertestcase.py
++++ b/fail2ban/tests/servertestcase.py
+@@ -678,6 +678,12 @@ class TransmitterLogging(TransmitterBase):
+ 
+ 		self.setGetTest("logtarget", "STDOUT")
+ 		self.setGetTest("logtarget", "STDERR")
++
++	def testLogTargetSYSLOG(self):
++		if not os.path.exists("/dev/log") and sys.version_info >= (2, 7):
++			raise unittest.SkipTest("'/dev/log' not present")
++		elif not os.path.exists("/dev/log"):
++			return
+ 		self.setGetTest("logtarget", "SYSLOG")
+ 
+ 	def testLogLevel(self):
diff --git a/fail2ban.spec b/fail2ban.spec
index 3272e19..6eed81d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -5,6 +5,16 @@ Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# Upstream patch to fix setting loglevel
+# https://github.com/fail2ban/fail2ban/issues/657
+Patch0: fail2ban-loglevel.patch
+# Upstream patch to skip tests with no-network
+# https://github.com/fail2ban/fail2ban/issues/110
+Patch1: fail2ban-tests-nonet.patch
+# Upstream patch to skip syslog tests without /dev/log
+# https://github.com/fail2ban/fail2ban/issues/110
+Patch2: fail2ban-tests-syslog.patch
+
 BuildRequires: python2-devel
 # For testcases
 BuildRequires: python-inotify
@@ -135,6 +145,9 @@ by default.
 
 %prep
 %setup -q
+%patch0 -p1 -b .loglevel
+%patch1 -p1 -b .tests-nonet
+%patch2 -p1 -b .tests-syslog
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@@ -179,8 +192,7 @@ EOF
 rm -r %{buildroot}%{_docdir}/%{name}
 
 %check
-# Testcases still pulling in network tests, wants /dev/log
-#./fail2ban-testcases-all --no-network
+./fail2ban-testcases-all --no-network
 
 %post server
 %if 0%{?fedora} >= 19
@@ -255,6 +267,8 @@ fi
 - Split into sub-packages for different components
 - Enable journal filter by default (bug #985567)
 - Enable firewalld action by default (bug #1046816)
+- Add upstream patch to fix setting loglevel in fail2ban.conf
+- Add upstream patches to fix tests in mock, run tests
 
 * Tue Mar 18 2014 Orion Poplawski  - 0.9-2
 - Use Fedora paths

From d81aba9573a205551f8e54998ca16480605af610 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 20 Mar 2014 08:59:00 -0600
Subject: [PATCH 039/201] Need empty %files to produce main and -all package

---
 fail2ban.spec | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 6eed81d..7a24cbf 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -216,6 +216,8 @@ fi
 %systemd_postun_with_restart fail2ban.service
 %endif
 
+%files
+
 %files server
 %doc README.md TODO ChangeLog COPYING doc/*.txt
 %{_bindir}/fail2ban-server
@@ -242,6 +244,8 @@ fi
 %dir %{_localstatedir}/lib/fail2ban/
 %dir %{_localstatedir}/run/fail2ban/
 
+%files all
+
 %files firewalld
 %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-firewalld.conf
 
@@ -263,6 +267,9 @@ fi
 
 
 %changelog
+* Thu Mar 20 2014 Orion Poplawski  - 0.9-4
+- Need empty %%files to produce main and -all package
+
 * Wed Mar 19 2014 Orion Poplawski  - 0.9-3
 - Split into sub-packages for different components
 - Enable journal filter by default (bug #985567)

From ed39c40e98de3da6ac584f8dfb037107e477ee10 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 20 Mar 2014 13:30:25 -0600
Subject: [PATCH 040/201] Require mailx for /usr/bin/mailx

---
 fail2ban.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 7a24cbf..d4d7f05 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -108,7 +108,7 @@ files.
 %package mail
 Summary: Mail actions for Fail2Ban
 Requires: %{name}-server = %{version}-%{release}
-Requires: /usr/bin/mail
+Requires: mailx
 
 %description mail
 This package installs Fail2Ban's mail actions.  These are an alternative
@@ -267,6 +267,9 @@ fi
 
 
 %changelog
+* Thu Mar 20 2014 Orion Poplawski  - 0.9-5
+- Require mailx for /usr/bin/mailx
+
 * Thu Mar 20 2014 Orion Poplawski  - 0.9-4
 - Need empty %%files to produce main and -all package
 

From 96df1d56f623faa0cb70ee5bb1cb2a006412469e Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 20 Mar 2014 21:20:27 -0600
Subject: [PATCH 041/201] Fix typo

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d4d7f05..58937c7 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -268,7 +268,7 @@ fi
 
 %changelog
 * Thu Mar 20 2014 Orion Poplawski  - 0.9-5
-- Require mailx for /usr/bin/mailx
+- Require mailx for /usr/bin/mail
 
 * Thu Mar 20 2014 Orion Poplawski  - 0.9-4
 - Need empty %%files to produce main and -all package

From 5dde66f4934720e97290b15c4cd5d7ae98e2ec1c Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 21 Mar 2014 11:47:59 -0600
Subject: [PATCH 042/201] Add some comments to the config files

---
 fail2ban.spec | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index 58937c7..66bf22b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -180,11 +180,18 @@ rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
 # firewalld configuration
 cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf < %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <
Date: Sat, 7 Jun 2014 06:22:15 -0500
Subject: [PATCH 043/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 66bf22b..fa25872 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -274,6 +274,9 @@ fi
 
 
 %changelog
+* Sat Jun 07 2014 Fedora Release Engineering  - 0.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
 * Thu Mar 20 2014 Orion Poplawski  - 0.9-5
 - Require mailx for /usr/bin/mail
 

From ac04ee13497368fd2d2ab575a33e37414226d70a Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 21 Jul 2014 16:20:39 -0600
Subject: [PATCH 044/201] Use systemd for EL7

---
 fail2ban.spec | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index fa25872..37b3d73 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -19,7 +19,7 @@ BuildRequires: python2-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 BuildRequires: systemd
 %endif
 # Default components
@@ -46,7 +46,7 @@ configurations.
 
 %package server
 Summary: Core server component for Fail2Ban
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 Requires: systemd-python
 Requires(post): systemd
 Requires(preun): systemd
@@ -158,7 +158,7 @@ python setup.py build
 
 %install
 python setup.py install -O1 --root %{buildroot}
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
 %else
@@ -202,14 +202,14 @@ rm -r %{buildroot}%{_docdir}/%{name}
 ./fail2ban-testcases-all --no-network
 
 %post server
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %systemd_post fail2ban.service
 %else
 /sbin/chkconfig --add %{name}
 %endif
 
 %preun server
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %systemd_preun fail2ban.service
 %else
 if [ $1 = 0 ]; then
@@ -218,7 +218,7 @@ if [ $1 = 0 ]; then
 fi
 %endif
 
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %postun server
 %systemd_postun_with_restart fail2ban.service
 %endif
@@ -232,7 +232,7 @@ fi
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-testcases
 %{python_sitelib}/*
-%if 0%{?fedora} >= 19
+%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 %{_unitdir}/fail2ban.service
 %else
 %{_initddir}/fail2ban
@@ -274,6 +274,9 @@ fi
 
 
 %changelog
+* Mon Jul 21 2014 Orion Poplawski  - 0.9-7
+- Use systemd for EL7
+
 * Sat Jun 07 2014 Fedora Release Engineering  - 0.9-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
 

From 5d9a81c73977b3b06bd79f0fd6b5defec0c88ecc Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 8 Aug 2014 13:55:00 -0600
Subject: [PATCH 045/201] Fix log paths for some jails (bug #1128152)

---
 fail2ban-logpath.patch | 53 ++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec          | 10 +++++++-
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-logpath.patch

diff --git a/fail2ban-logpath.patch b/fail2ban-logpath.patch
new file mode 100644
index 0000000..8de38a0
--- /dev/null
+++ b/fail2ban-logpath.patch
@@ -0,0 +1,53 @@
+diff -up fail2ban-0.9/config/jail.conf.logpath fail2ban-0.9/config/jail.conf
+--- fail2ban-0.9/config/jail.conf.logpath	2014-08-08 13:29:40.101582649 -0600
++++ fail2ban-0.9/config/jail.conf	2014-08-08 13:33:56.376307236 -0600
+@@ -370,7 +370,7 @@ logpath  = /var/log/tomcat*/catalina.out
+ [webmin-auth]
+ 
+ port    = 10000
+-logpath = /var/log/auth.log
++logpath = %(syslog_authpriv)s
+ 
+ 
+ #
+@@ -423,7 +423,7 @@ maxretry = 6
+ 
+ [vsftpd]
+ # or overwrite it in jails.local to be
+-# logpath = /var/log/auth.log
++# logpath = %(syslog_authpriv)s
+ # if you want to rely on PAM failed login attempts
+ # vsftpd's failregex should match both of those formats
+ port     = ftp,ftp-data,ftps,ftps-data
+@@ -533,7 +533,7 @@ logpath  = %(postfix_log)s
+ [perdition]
+ 
+ port   = imap3,imaps,pop3,pop3s
+-logpath = /var/log/maillog
++logpath = %(syslog_mail)s
+ 
+ 
+ [squirrelmail]
+@@ -657,13 +657,13 @@ maxretry = 5
+ [pam-generic]
+ # pam-generic filter can be customized to monitor specific subset of 'tty's
+ banaction = iptables-allports
+-logpath  = /var/log/auth.log
++logpath  = %(syslog_authpriv)s
+ 
+ 
+ [xinetd-fail]
+ 
+ banaction = iptables-multiport-log
+-logpath   = /var/log/daemon.log
++logpath   = %(syslog_daemon)s
+ maxretry  = 2
+ 
+ 
+@@ -693,5 +693,5 @@ action  = %(banaction)s[name=%(__name__)
+ [nagios]
+ 
+ enabled  = false
+-logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
++logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
+ maxretry = 1
diff --git a/fail2ban.spec b/fail2ban.spec
index 37b3d73..2f5c67e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -14,6 +14,10 @@ Patch1: fail2ban-tests-nonet.patch
 # Upstream patch to skip syslog tests without /dev/log
 # https://github.com/fail2ban/fail2ban/issues/110
 Patch2: fail2ban-tests-syslog.patch
+# Fix logpaths to use syslog macros
+# https://bugzilla.redhat.com/show_bug.cgi?id=1128152
+# https://github.com/fail2ban/fail2ban/pull/780
+Patch3: fail2ban-logpath.patch
 
 BuildRequires: python2-devel
 # For testcases
@@ -148,6 +152,7 @@ by default.
 %patch0 -p1 -b .loglevel
 %patch1 -p1 -b .tests-nonet
 %patch2 -p1 -b .tests-syslog
+%patch3 -p1 -b .logpath
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@@ -274,6 +279,9 @@ fi
 
 
 %changelog
+* Fri Aug 8 2014 Orion Poplawski  - 0.9-8
+- Fix log paths for some jails (bug #1128152)
+
 * Mon Jul 21 2014 Orion Poplawski  - 0.9-7
 - Use systemd for EL7
 

From 8cebd782b2e2d0c79539c04498d824d8ba60615c Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 15 Aug 2014 10:54:28 -0600
Subject: [PATCH 046/201] Add patch to fix tests

---
 fail2ban-tests.patch | 41 +++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec        |  9 ++++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-tests.patch

diff --git a/fail2ban-tests.patch b/fail2ban-tests.patch
new file mode 100644
index 0000000..b4dc47a
--- /dev/null
+++ b/fail2ban-tests.patch
@@ -0,0 +1,41 @@
+commit b2a1032f5738575f1c368360ba93fc7da5991225
+Author: Yaroslav Halchenko 
+Date:   Tue Aug 12 11:31:42 2014 -0400
+
+    ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test
+
+diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
+index c02e861..1fa3116 100644
+--- a/fail2ban/tests/filtertestcase.py
++++ b/fail2ban/tests/filtertestcase.py
+@@ -24,6 +24,7 @@ __license__ = "GPL"
+ 
+ from __builtin__ import open as fopen
+ import unittest
++import getpass
+ import os
+ import sys
+ import time
+@@ -349,10 +350,20 @@ class LogFileMonitor(LogCaptureTestCase):
+ 		# shorter wait time for not modified status
+ 		return not self.isModified(0.4)
+ 
+-	def testNoLogFile(self):
++	def testUnaccessibleLogFile(self):
+ 		os.chmod(self.name, 0)
+ 		self.filter.getFailures(self.name)
+-		self.assertTrue(self._is_logged('Unable to open %s' % self.name))
++		failure_was_logged = self._is_logged('Unable to open %s' % self.name)
++		is_root = getpass.getuser() == 'root'
++		# If ran as root, those restrictive permissions would not
++		# forbid log to be read.
++		self.assertTrue(failure_was_logged != is_root)
++
++	def testNoLogFile(self):
++		_killfile(self.file, self.name)
++		self.filter.getFailures(self.name)
++		failure_was_logged = self._is_logged('Unable to open %s' % self.name)
++		self.assertTrue(failure_was_logged)
+ 
+ 	def testRemovingFailRegex(self):
+ 		self.filter.delFailRegex(0)
diff --git a/fail2ban.spec b/fail2ban.spec
index 2f5c67e..6d58c3a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -18,6 +18,9 @@ Patch2: fail2ban-tests-syslog.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1128152
 # https://github.com/fail2ban/fail2ban/pull/780
 Patch3: fail2ban-logpath.patch
+# Fix test failure
+# https://github.com/fail2ban/fail2ban/pull/784
+Patch4: fail2ban-tests.patch
 
 BuildRequires: python2-devel
 # For testcases
@@ -153,6 +156,7 @@ by default.
 %patch1 -p1 -b .tests-nonet
 %patch2 -p1 -b .tests-syslog
 %patch3 -p1 -b .logpath
+%patch4 -p1 -b .tests
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@@ -279,6 +283,9 @@ fi
 
 
 %changelog
+* Fri Aug 15 2014 Orion Poplawski  - 0.9-8
+- Add patch to fix tests
+
 * Fri Aug 8 2014 Orion Poplawski  - 0.9-8
 - Fix log paths for some jails (bug #1128152)
 

From bc2d2aa5938bf1d01468cc8d433c7e6a8b3b45de Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 28 Oct 2014 16:32:12 -0600
Subject: [PATCH 047/201] Update to 0.9.1

---
 .gitignore                  |  1 +
 fail2ban-loglevel.patch     | 21 ---------------
 fail2ban-logpath.patch      | 53 -------------------------------------
 fail2ban-tests-nonet.patch  | 20 --------------
 fail2ban-tests-syslog.patch | 23 ----------------
 fail2ban-tests.patch        | 41 ----------------------------
 fail2ban.spec               | 28 ++++----------------
 sources                     |  2 +-
 8 files changed, 7 insertions(+), 182 deletions(-)
 delete mode 100644 fail2ban-loglevel.patch
 delete mode 100644 fail2ban-logpath.patch
 delete mode 100644 fail2ban-tests-nonet.patch
 delete mode 100644 fail2ban-tests-syslog.patch
 delete mode 100644 fail2ban-tests.patch

diff --git a/.gitignore b/.gitignore
index 8d98bf2..2c60b66 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9-d529151.tar.xz
 /fail2ban-0.9-1f1a561.tar.xz
 /fail2ban-0.9.tar.gz
+/fail2ban-0.9.1.tar.gz
diff --git a/fail2ban-loglevel.patch b/fail2ban-loglevel.patch
deleted file mode 100644
index f41fb87..0000000
--- a/fail2ban-loglevel.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-commit 1470e3c01d49841335e11ed7ca7898516d1b8be8
-Author: Steven Hiscocks 
-Date:   Wed Mar 19 19:09:07 2014 +0000
-
-    BF: fail2ban.conf reader expected "int" type for `loglevel`
-    
-    Closes #657
-
-diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py
-index f17ff92..251c698 100644
---- a/fail2ban/client/fail2banreader.py
-+++ b/fail2ban/client/fail2banreader.py
-@@ -45,7 +45,7 @@ class Fail2banReader(ConfigReader):
- 		return ConfigReader.getOptions(self, "Definition", opts)
- 	
- 	def getOptions(self):
--		opts = [["int", "loglevel", "INFO" ],
-+		opts = [["string", "loglevel", "INFO" ],
- 				["string", "logtarget", "STDERR"],
- 				["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
- 				["int", "dbpurgeage", 86400]]
diff --git a/fail2ban-logpath.patch b/fail2ban-logpath.patch
deleted file mode 100644
index 8de38a0..0000000
--- a/fail2ban-logpath.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-diff -up fail2ban-0.9/config/jail.conf.logpath fail2ban-0.9/config/jail.conf
---- fail2ban-0.9/config/jail.conf.logpath	2014-08-08 13:29:40.101582649 -0600
-+++ fail2ban-0.9/config/jail.conf	2014-08-08 13:33:56.376307236 -0600
-@@ -370,7 +370,7 @@ logpath  = /var/log/tomcat*/catalina.out
- [webmin-auth]
- 
- port    = 10000
--logpath = /var/log/auth.log
-+logpath = %(syslog_authpriv)s
- 
- 
- #
-@@ -423,7 +423,7 @@ maxretry = 6
- 
- [vsftpd]
- # or overwrite it in jails.local to be
--# logpath = /var/log/auth.log
-+# logpath = %(syslog_authpriv)s
- # if you want to rely on PAM failed login attempts
- # vsftpd's failregex should match both of those formats
- port     = ftp,ftp-data,ftps,ftps-data
-@@ -533,7 +533,7 @@ logpath  = %(postfix_log)s
- [perdition]
- 
- port   = imap3,imaps,pop3,pop3s
--logpath = /var/log/maillog
-+logpath = %(syslog_mail)s
- 
- 
- [squirrelmail]
-@@ -657,13 +657,13 @@ maxretry = 5
- [pam-generic]
- # pam-generic filter can be customized to monitor specific subset of 'tty's
- banaction = iptables-allports
--logpath  = /var/log/auth.log
-+logpath  = %(syslog_authpriv)s
- 
- 
- [xinetd-fail]
- 
- banaction = iptables-multiport-log
--logpath   = /var/log/daemon.log
-+logpath   = %(syslog_daemon)s
- maxretry  = 2
- 
- 
-@@ -693,5 +693,5 @@ action  = %(banaction)s[name=%(__name__)
- [nagios]
- 
- enabled  = false
--logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
-+logpath  = %(syslog_daemon)s     ; nrpe.cfg may define a different log_facility
- maxretry = 1
diff --git a/fail2ban-tests-nonet.patch b/fail2ban-tests-nonet.patch
deleted file mode 100644
index 57e1c1c..0000000
--- a/fail2ban-tests-nonet.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-commit 175c5934620adb600fe4435732a3887855320669
-Author: Steven Hiscocks 
-Date:   Wed Mar 19 19:30:48 2014 +0000
-
-    TST: Skip badips.py test is no network option set
-
-diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py
-index 456a829..85c1d92 100644
---- a/fail2ban/tests/utils.py
-+++ b/fail2ban/tests/utils.py
-@@ -209,6 +209,9 @@ def gatherTests(regexps=None, no_network=False):
- 	for file_ in os.listdir(
- 		os.path.abspath(os.path.dirname(action_d.__file__))):
- 		if file_.startswith("test_") and file_.endswith(".py"):
-+			if no_network and file_ in ['test_badips.py']: #pragma: no cover
-+				# Test required network
-+				continue
- 			tests.addTest(testloader.loadTestsFromName(
- 				"%s.%s" % (action_d.__name__, os.path.splitext(file_)[0])))
- 
diff --git a/fail2ban-tests-syslog.patch b/fail2ban-tests-syslog.patch
deleted file mode 100644
index 0541367..0000000
--- a/fail2ban-tests-syslog.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-commit 75325da09091f3ae800a2efbcde1a016617e5f1a
-Author: Steven Hiscocks 
-Date:   Wed Mar 19 19:21:23 2014 +0000
-
-    TST: Skip SYSLOG log target test if '/dev/log' not present
-
-diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
-index 231aecd..c4163db 100644
---- a/fail2ban/tests/servertestcase.py
-+++ b/fail2ban/tests/servertestcase.py
-@@ -678,6 +678,12 @@ class TransmitterLogging(TransmitterBase):
- 
- 		self.setGetTest("logtarget", "STDOUT")
- 		self.setGetTest("logtarget", "STDERR")
-+
-+	def testLogTargetSYSLOG(self):
-+		if not os.path.exists("/dev/log") and sys.version_info >= (2, 7):
-+			raise unittest.SkipTest("'/dev/log' not present")
-+		elif not os.path.exists("/dev/log"):
-+			return
- 		self.setGetTest("logtarget", "SYSLOG")
- 
- 	def testLogLevel(self):
diff --git a/fail2ban-tests.patch b/fail2ban-tests.patch
deleted file mode 100644
index b4dc47a..0000000
--- a/fail2ban-tests.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-commit b2a1032f5738575f1c368360ba93fc7da5991225
-Author: Yaroslav Halchenko 
-Date:   Tue Aug 12 11:31:42 2014 -0400
-
-    ENH/BF(TST): making permissions restrictive is not sufficient -- really remove file to test
-
-diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
-index c02e861..1fa3116 100644
---- a/fail2ban/tests/filtertestcase.py
-+++ b/fail2ban/tests/filtertestcase.py
-@@ -24,6 +24,7 @@ __license__ = "GPL"
- 
- from __builtin__ import open as fopen
- import unittest
-+import getpass
- import os
- import sys
- import time
-@@ -349,10 +350,20 @@ class LogFileMonitor(LogCaptureTestCase):
- 		# shorter wait time for not modified status
- 		return not self.isModified(0.4)
- 
--	def testNoLogFile(self):
-+	def testUnaccessibleLogFile(self):
- 		os.chmod(self.name, 0)
- 		self.filter.getFailures(self.name)
--		self.assertTrue(self._is_logged('Unable to open %s' % self.name))
-+		failure_was_logged = self._is_logged('Unable to open %s' % self.name)
-+		is_root = getpass.getuser() == 'root'
-+		# If ran as root, those restrictive permissions would not
-+		# forbid log to be read.
-+		self.assertTrue(failure_was_logged != is_root)
-+
-+	def testNoLogFile(self):
-+		_killfile(self.file, self.name)
-+		self.filter.getFailures(self.name)
-+		failure_was_logged = self._is_logged('Unable to open %s' % self.name)
-+		self.assertTrue(failure_was_logged)
- 
- 	def testRemovingFailRegex(self):
- 		self.filter.delFailRegex(0)
diff --git a/fail2ban.spec b/fail2ban.spec
index 6d58c3a..0e577d0 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,26 +1,10 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9
-Release: 9%{?dist}
+Version: 0.9.1
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# Upstream patch to fix setting loglevel
-# https://github.com/fail2ban/fail2ban/issues/657
-Patch0: fail2ban-loglevel.patch
-# Upstream patch to skip tests with no-network
-# https://github.com/fail2ban/fail2ban/issues/110
-Patch1: fail2ban-tests-nonet.patch
-# Upstream patch to skip syslog tests without /dev/log
-# https://github.com/fail2ban/fail2ban/issues/110
-Patch2: fail2ban-tests-syslog.patch
-# Fix logpaths to use syslog macros
-# https://bugzilla.redhat.com/show_bug.cgi?id=1128152
-# https://github.com/fail2ban/fail2ban/pull/780
-Patch3: fail2ban-logpath.patch
-# Fix test failure
-# https://github.com/fail2ban/fail2ban/pull/784
-Patch4: fail2ban-tests.patch
 
 BuildRequires: python2-devel
 # For testcases
@@ -152,11 +136,6 @@ by default.
 
 %prep
 %setup -q
-%patch0 -p1 -b .loglevel
-%patch1 -p1 -b .tests-nonet
-%patch2 -p1 -b .tests-syslog
-%patch3 -p1 -b .logpath
-%patch4 -p1 -b .tests
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@@ -283,6 +262,9 @@ fi
 
 
 %changelog
+* Tue Oct 28 2014 Orion Poplawski  - 0.9.1-1
+- Update to 0.9.1
+
 * Fri Aug 15 2014 Orion Poplawski  - 0.9-8
 - Add patch to fix tests
 
diff --git a/sources b/sources
index 78e6b89..a0b3ea2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-02de1ff774f3c16d23450a3ad1c43137  fail2ban-0.9.tar.gz
+3554cc3de3f06ddfd7f90f8305b765b8  fail2ban-0.9.1.tar.gz

From bb0440075a09f9ed0c30ba9c774645e03823de78 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 28 Nov 2014 22:25:28 -0700
Subject: [PATCH 048/201] Fix php-url-fopen logpath (bug #1169026)

---
 ...ate-php-url-fopen-logpath-by-newline.patch | 26 +++++++++++++++++++
 fail2ban.spec                                 |  5 ++++
 2 files changed, 31 insertions(+)
 create mode 100644 0001-Separate-php-url-fopen-logpath-by-newline.patch

diff --git a/0001-Separate-php-url-fopen-logpath-by-newline.patch b/0001-Separate-php-url-fopen-logpath-by-newline.patch
new file mode 100644
index 0000000..5f80bd1
--- /dev/null
+++ b/0001-Separate-php-url-fopen-logpath-by-newline.patch
@@ -0,0 +1,26 @@
+From d8867807f560838e70375cc9ca90585179700fe6 Mon Sep 17 00:00:00 2001
+From: Orion Poplawski 
+Date: Fri, 28 Nov 2014 22:04:09 -0700
+Subject: [PATCH] Separate php-url-fopen logpath by newline
+
+---
+ config/jail.conf | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/config/jail.conf b/config/jail.conf
+index d119d22..6a95aa1 100644
+--- a/config/jail.conf
++++ b/config/jail.conf
+@@ -302,7 +302,8 @@ logpath = %(nginx_error_log)s
+ [php-url-fopen]
+ 
+ port    = http,https
+-logpath = %(nginx_access_log)s %(apache_access_log)s
++logpath = %(nginx_access_log)s
++          %(apache_access_log)s
+ 
+ 
+ [suhosin]
+-- 
+2.1.0
+
diff --git a/fail2ban.spec b/fail2ban.spec
index 0e577d0..b64e7e4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -5,6 +5,8 @@ Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# https://bugzilla.redhat.com/show_bug.cgi?id=1169026
+Patch0: 0001-Separate-php-url-fopen-logpath-by-newline.patch
 
 BuildRequires: python2-devel
 # For testcases
@@ -262,6 +264,9 @@ fi
 
 
 %changelog
+* Fri Nov 28 2014 Orion Poplawski  - 0.9.1-2
+- Fix php-url-fopen logpath (bug #1169026)
+
 * Tue Oct 28 2014 Orion Poplawski  - 0.9.1-1
 - Update to 0.9.1
 

From 82e4d8fec8795d2d4446cffb4211a7118894c117 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sun, 14 Dec 2014 10:02:43 -0700
Subject: [PATCH 049/201] Bumpt release and apply patch

---
 fail2ban.spec | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index b64e7e4..9556ca2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -138,6 +138,7 @@ by default.
 
 %prep
 %setup -q
+%patch0 -p1
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)

From 4fa088d49191fb384c70e4d732b0ddca833a6ffc Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sun, 22 Feb 2015 19:42:01 -0700
Subject: [PATCH 050/201] Do not use systemd by default

---
 fail2ban.spec | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 9556ca2..6cd8920 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -19,7 +19,8 @@ BuildRequires: systemd
 Requires: %{name}-firewalld = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
-Requires: %{name}-systemd = %{version}-%{release}
+# Currently this breaks jaila that don't log to the journal
+#Requires: %{name}-systemd = %{version}-%{release}
 
 %description
 Fail2Ban scans log files and bans IP addresses that makes too many password
@@ -67,7 +68,7 @@ Requires: %{name}-mail = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
 Requires: %{name}-shorewall = %{version}-%{release}
-Requires: %{name}-systemd = %{version}-%{release}
+#Requires: %{name}-systemd = %{version}-%{release}
 Requires: gamin-python
 Requires: perl
 Requires: python-inotify
@@ -265,6 +266,9 @@ fi
 
 
 %changelog
+* Sun Feb 22 2015 Orion Poplawski  - 0.9.1-3
+- Do not use systemd by default
+
 * Fri Nov 28 2014 Orion Poplawski  - 0.9.1-2
 - Fix php-url-fopen logpath (bug #1169026)
 

From 55a0d27c319aea2d06bbec7869145e7684979c5a Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 16 Mar 2015 16:26:08 -0600
Subject: [PATCH 051/201] Do not load user paths for fail2ban-{client,server}
 (bug #1202151)

---
 fail2ban.spec | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 6cd8920..a3149c3 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -150,6 +150,11 @@ python setup.py build
 
 %install
 python setup.py install -O1 --root %{buildroot}
+
+# Do not load user paths 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1202151
+sed -i -e '1s/python$/python -Es/' %{buildroot}%{_bindir}/fail2ban-{client,server}
+
 %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
@@ -266,6 +271,9 @@ fi
 
 
 %changelog
+* Mon Mar 16 2015 Orion Poplawski  - 0.9.1-4
+- Do not load user paths for fail2ban-{client,server} (bug #1202151)
+
 * Sun Feb 22 2015 Orion Poplawski  - 0.9.1-3
 - Do not use systemd by default
 

From 863772fa8527593094370d6006dbd050f49533a2 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 30 Apr 2015 12:12:05 -0600
Subject: [PATCH 052/201] Update to 0.9.2

---
 .gitignore                                    |  1 +
 ...ate-php-url-fopen-logpath-by-newline.patch | 26 -------------------
 fail2ban.spec                                 | 12 +++++----
 sources                                       |  2 +-
 4 files changed, 9 insertions(+), 32 deletions(-)
 delete mode 100644 0001-Separate-php-url-fopen-logpath-by-newline.patch

diff --git a/.gitignore b/.gitignore
index 2c60b66..f5dfe4d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9-1f1a561.tar.xz
 /fail2ban-0.9.tar.gz
 /fail2ban-0.9.1.tar.gz
+/fail2ban-0.9.2.tar.gz
diff --git a/0001-Separate-php-url-fopen-logpath-by-newline.patch b/0001-Separate-php-url-fopen-logpath-by-newline.patch
deleted file mode 100644
index 5f80bd1..0000000
--- a/0001-Separate-php-url-fopen-logpath-by-newline.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From d8867807f560838e70375cc9ca90585179700fe6 Mon Sep 17 00:00:00 2001
-From: Orion Poplawski 
-Date: Fri, 28 Nov 2014 22:04:09 -0700
-Subject: [PATCH] Separate php-url-fopen logpath by newline
-
----
- config/jail.conf | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/config/jail.conf b/config/jail.conf
-index d119d22..6a95aa1 100644
---- a/config/jail.conf
-+++ b/config/jail.conf
-@@ -302,7 +302,8 @@ logpath = %(nginx_error_log)s
- [php-url-fopen]
- 
- port    = http,https
--logpath = %(nginx_access_log)s %(apache_access_log)s
-+logpath = %(nginx_access_log)s
-+          %(apache_access_log)s
- 
- 
- [suhosin]
--- 
-2.1.0
-
diff --git a/fail2ban.spec b/fail2ban.spec
index a3149c3..d0f5292 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,12 +1,10 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.1
-Release: 4%{?dist}
+Version: 0.9.2
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# https://bugzilla.redhat.com/show_bug.cgi?id=1169026
-Patch0: 0001-Separate-php-url-fopen-logpath-by-newline.patch
 
 BuildRequires: python2-devel
 # For testcases
@@ -139,7 +137,6 @@ by default.
 
 %prep
 %setup -q
-%patch0 -p1
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@@ -196,6 +193,8 @@ EOF
 rm -r %{buildroot}%{_docdir}/%{name}
 
 %check
+# Need a UTF-8 locale to work
+export LANG=en_US.UTF-8
 ./fail2ban-testcases-all --no-network
 
 %post server
@@ -271,6 +270,9 @@ fi
 
 
 %changelog
+* Thu Apr 30 2015 Orion Poplawski  - 0.9.2-1
+- Update to 0.9.2
+
 * Mon Mar 16 2015 Orion Poplawski  - 0.9.1-4
 - Do not load user paths for fail2ban-{client,server} (bug #1202151)
 
diff --git a/sources b/sources
index a0b3ea2..1b1b49e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3554cc3de3f06ddfd7f90f8305b765b8  fail2ban-0.9.1.tar.gz
+bcdc9ef9f02c6fe8e43bb391835c65d6  fail2ban-0.9.2.tar.gz

From eb19baa3e3761186f89ad56a2006dd8f77520dd3 Mon Sep 17 00:00:00 2001
From: Dennis Gilmore 
Date: Wed, 17 Jun 2015 05:56:53 +0000
Subject: [PATCH 053/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d0f5292..ef87085 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -270,6 +270,9 @@ fi
 
 
 %changelog
+* Wed Jun 17 2015 Fedora Release Engineering  - 0.9.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
 * Thu Apr 30 2015 Orion Poplawski  - 0.9.2-1
 - Update to 0.9.2
 

From 1896da93864db1828151bb8a891b7f6b45f54181 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sat, 12 Sep 2015 15:04:33 -0600
Subject: [PATCH 054/201] Update to 0.9.3

- Cleanup spec, use new python macros
---
 .gitignore                                    |  1 +
 ...de29336b4a01e4dcd20f98253e1db913ee7a.patch | 50 +++++++++++++++++++
 fail2ban.spec                                 | 38 +++++++-------
 sources                                       |  2 +-
 4 files changed, 73 insertions(+), 18 deletions(-)
 create mode 100644 3187de29336b4a01e4dcd20f98253e1db913ee7a.patch

diff --git a/.gitignore b/.gitignore
index f5dfe4d..d3132d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.tar.gz
 /fail2ban-0.9.1.tar.gz
 /fail2ban-0.9.2.tar.gz
+/fail2ban-0.9.3.tar.gz
diff --git a/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch b/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
new file mode 100644
index 0000000..e516462
--- /dev/null
+++ b/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
@@ -0,0 +1,50 @@
+From 3187de29336b4a01e4dcd20f98253e1db913ee7a Mon Sep 17 00:00:00 2001
+From: Yaroslav Halchenko 
+Date: Sat, 12 Sep 2015 14:15:10 -0400
+Subject: [PATCH] BF(TST): allow exception and False for executeCmd due to
+ inconsistent behavior across bash/dash
+
+Temporary minimalistic fix to the test
+---
+ fail2ban/tests/actiontestcase.py | 23 +++++++++++++++++------
+ 1 file changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py
+index febbc61..73dee12 100644
+--- a/fail2ban/tests/actiontestcase.py
++++ b/fail2ban/tests/actiontestcase.py
+@@ -222,17 +222,28 @@ def getnastypid():
+ 				return int(f.read())
+ 
+ 		# First test if can kill the bastard
+-		self.assertRaises(
+-			RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
++		try:
++			self.assertFalse(
++				CommandAction.executeCmd('bash %s' % tmpFilename, timeout=.1))
++		except RuntimeError:
++			# this one is expected behavior, see
++			# https://github.com/fail2ban/fail2ban/issues/1155#issuecomment-139799958
++			pass
+ 		# Verify that the proccess itself got killed
+ 		self.assertFalse(pid_exists(getnastypid()))  # process should have been killed
+ 		self.assertTrue(self._is_logged('timed out'))
+-		self.assertTrue(self._is_logged('killed with SIGTERM'))
++		self.assertTrue(self._is_logged('Terminated'))
+ 
+ 		# A bit evolved case even though, previous test already tests killing children processes
+-		self.assertRaises(
+-			RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
+-			timeout=.2)
++		try:
++			self.assertFalse(
++				CommandAction.executeCmd('out=`bash %s`; echo ALRIGHT' % tmpFilename,
++										 timeout=.2))
++		except RuntimeError:
++			# this one is expected behavior, see
++			# https://github.com/fail2ban/fail2ban/issues/1155#issuecomment-139799958
++			pass
++
+ 		# Verify that the proccess itself got killed
+ 		self.assertFalse(pid_exists(getnastypid()))
+ 		self.assertTrue(self._is_logged('timed out'))
diff --git a/fail2ban.spec b/fail2ban.spec
index ef87085..2b069d6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,23 +1,26 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.2
-Release: 2%{?dist}
+Version: 0.9.3
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# Fix failing test
+# https://github.com/fail2ban/fail2ban/issues/1155
+Patch0: https://github.com/yarikoptic/fail2ban/commit/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
 
-BuildRequires: python2-devel
+BuildRequires: python-devel
 # For testcases
 BuildRequires: python-inotify
 BuildArch: noarch
-%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%if 0%{?fedora} || 0%{?rhel} >= 7
 BuildRequires: systemd
 %endif
 # Default components
 Requires: %{name}-firewalld = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
-# Currently this breaks jaila that don't log to the journal
+# Currently this breaks jails that don't log to the journal
 #Requires: %{name}-systemd = %{version}-%{release}
 
 %description
@@ -38,7 +41,7 @@ configurations.
 
 %package server
 Summary: Core server component for Fail2Ban
-%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%if 0%{?fedora} || 0%{?rhel} >= 7
 Requires: systemd-python
 Requires(post): systemd
 Requires(preun): systemd
@@ -137,22 +140,19 @@ by default.
 
 %prep
 %setup -q
+%patch0 -p1 -b .test
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
 sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service
 
 %build
-python setup.py build
+%py_build
 
 %install
-python setup.py install -O1 --root %{buildroot}
+%py_install
 
-# Do not load user paths 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1202151
-sed -i -e '1s/python$/python -Es/' %{buildroot}%{_bindir}/fail2ban-{client,server}
-
-%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%if 0%{?fedora} || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
 %else
@@ -198,14 +198,14 @@ export LANG=en_US.UTF-8
 ./fail2ban-testcases-all --no-network
 
 %post server
-%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%if 0%{?fedora} || 0%{?rhel} >= 7
 %systemd_post fail2ban.service
 %else
 /sbin/chkconfig --add %{name}
 %endif
 
 %preun server
-%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%if 0%{?fedora} || 0%{?rhel} >= 7
 %systemd_preun fail2ban.service
 %else
 if [ $1 = 0 ]; then
@@ -214,7 +214,7 @@ if [ $1 = 0 ]; then
 fi
 %endif
 
-%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%if 0%{?fedora} || 0%{?rhel} >= 7
 %postun server
 %systemd_postun_with_restart fail2ban.service
 %endif
@@ -228,7 +228,7 @@ fi
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-testcases
 %{python_sitelib}/*
-%if 0%{?fedora} >= 19 || 0%{?rhel} >= 7
+%if 0%{?fedora} || 0%{?rhel} >= 7
 %{_unitdir}/fail2ban.service
 %else
 %{_initddir}/fail2ban
@@ -270,6 +270,10 @@ fi
 
 
 %changelog
+* Sat Sep 12 2015 Orion Poplawski  - 0.9.3-1
+- Update to 0.9.3
+- Cleanup spec, use new python macros
+
 * Wed Jun 17 2015 Fedora Release Engineering  - 0.9.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
 
diff --git a/sources b/sources
index 1b1b49e..29e969c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-bcdc9ef9f02c6fe8e43bb391835c65d6  fail2ban-0.9.2.tar.gz
+73c87c545cc6474de984b5a05e64ecab  fail2ban-0.9.3.tar.gz

From ed8043cdfacc43ee6b3b5f52f6bedb7bf0953369 Mon Sep 17 00:00:00 2001
From: Dennis Gilmore 
Date: Wed, 3 Feb 2016 20:13:01 +0000
Subject: [PATCH 055/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 2b069d6..6b21974 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -270,6 +270,9 @@ fi
 
 
 %changelog
+* Wed Feb 03 2016 Fedora Release Engineering  - 0.9.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
 * Sat Sep 12 2015 Orion Poplawski  - 0.9.3-1
 - Update to 0.9.3
 - Cleanup spec, use new python macros

From 3454a2012a174aea6aa8ef1a64b9773f86ff0334 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 23 Feb 2016 11:23:57 -0700
Subject: [PATCH 056/201] Use python3 (bug #1282498)

---
 fail2ban.spec | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 6b21974..8a7d9f6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -9,9 +9,11 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 # https://github.com/fail2ban/fail2ban/issues/1155
 Patch0: https://github.com/yarikoptic/fail2ban/commit/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
 
-BuildRequires: python-devel
+BuildRequires: python3-devel
+# For 2to3
+BuildRequires: python2-tools
 # For testcases
-BuildRequires: python-inotify
+BuildRequires: python3-inotify
 BuildArch: noarch
 %if 0%{?fedora} || 0%{?rhel} >= 7
 BuildRequires: systemd
@@ -42,7 +44,7 @@ configurations.
 %package server
 Summary: Core server component for Fail2Ban
 %if 0%{?fedora} || 0%{?rhel} >= 7
-Requires: systemd-python
+Requires: python3-systemd
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -69,10 +71,12 @@ Requires: %{name}-mail = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
 Requires: %{name}-shorewall = %{version}-%{release}
+# Currently this breaks jails that don't log to the journal
 #Requires: %{name}-systemd = %{version}-%{release}
-Requires: gamin-python
+# No python3 support for gamin
+#Requires: gamin-python
 Requires: perl
-Requires: python-inotify
+Requires: python3-inotify
 Requires: /usr/bin/whois
 
 %description all
@@ -145,12 +149,13 @@ by default.
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
 sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service
+2to3 --write --nobackups .
 
 %build
-%py_build
+%py3_build
 
 %install
-%py_install
+%py3_install
 
 %if 0%{?fedora} || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
@@ -195,7 +200,7 @@ rm -r %{buildroot}%{_docdir}/%{name}
 %check
 # Need a UTF-8 locale to work
 export LANG=en_US.UTF-8
-./fail2ban-testcases-all --no-network
+./fail2ban-testcases-all-python3 --no-network
 
 %post server
 %if 0%{?fedora} || 0%{?rhel} >= 7
@@ -227,7 +232,7 @@ fi
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-testcases
-%{python_sitelib}/*
+%{python3_sitelib}/*
 %if 0%{?fedora} || 0%{?rhel} >= 7
 %{_unitdir}/fail2ban.service
 %else
@@ -270,6 +275,9 @@ fi
 
 
 %changelog
+* Tue Feb 23 2016 Orion Poplawski  - 0.9.3-3
+- Use python3 (bug #1282498)
+
 * Wed Feb 03 2016 Fedora Release Engineering  - 0.9.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 

From b818fb6ecc30e7f14604dffdd2a48604cbc845c8 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 9 Mar 2016 11:55:10 -0700
Subject: [PATCH 057/201] Update to 0.9.4

- Use mariadb log path by default
---
 .gitignore                                    |  1 +
 ...de29336b4a01e4dcd20f98253e1db913ee7a.patch | 50 -------------------
 fail2ban-mysql.patch                          | 13 +++++
 fail2ban-test.patch                           | 12 +++++
 fail2ban.spec                                 | 17 +++++--
 sources                                       |  2 +-
 6 files changed, 40 insertions(+), 55 deletions(-)
 delete mode 100644 3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
 create mode 100644 fail2ban-mysql.patch
 create mode 100644 fail2ban-test.patch

diff --git a/.gitignore b/.gitignore
index d3132d5..bf86dda 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.1.tar.gz
 /fail2ban-0.9.2.tar.gz
 /fail2ban-0.9.3.tar.gz
+/fail2ban-0.9.4.tar.gz
diff --git a/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch b/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
deleted file mode 100644
index e516462..0000000
--- a/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 3187de29336b4a01e4dcd20f98253e1db913ee7a Mon Sep 17 00:00:00 2001
-From: Yaroslav Halchenko 
-Date: Sat, 12 Sep 2015 14:15:10 -0400
-Subject: [PATCH] BF(TST): allow exception and False for executeCmd due to
- inconsistent behavior across bash/dash
-
-Temporary minimalistic fix to the test
----
- fail2ban/tests/actiontestcase.py | 23 +++++++++++++++++------
- 1 file changed, 17 insertions(+), 6 deletions(-)
-
-diff --git a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py
-index febbc61..73dee12 100644
---- a/fail2ban/tests/actiontestcase.py
-+++ b/fail2ban/tests/actiontestcase.py
-@@ -222,17 +222,28 @@ def getnastypid():
- 				return int(f.read())
- 
- 		# First test if can kill the bastard
--		self.assertRaises(
--			RuntimeError, CommandAction.executeCmd, 'bash %s' % tmpFilename, timeout=.1)
-+		try:
-+			self.assertFalse(
-+				CommandAction.executeCmd('bash %s' % tmpFilename, timeout=.1))
-+		except RuntimeError:
-+			# this one is expected behavior, see
-+			# https://github.com/fail2ban/fail2ban/issues/1155#issuecomment-139799958
-+			pass
- 		# Verify that the proccess itself got killed
- 		self.assertFalse(pid_exists(getnastypid()))  # process should have been killed
- 		self.assertTrue(self._is_logged('timed out'))
--		self.assertTrue(self._is_logged('killed with SIGTERM'))
-+		self.assertTrue(self._is_logged('Terminated'))
- 
- 		# A bit evolved case even though, previous test already tests killing children processes
--		self.assertRaises(
--			RuntimeError, CommandAction.executeCmd, 'out=`bash %s`; echo ALRIGHT' % tmpFilename,
--			timeout=.2)
-+		try:
-+			self.assertFalse(
-+				CommandAction.executeCmd('out=`bash %s`; echo ALRIGHT' % tmpFilename,
-+										 timeout=.2))
-+		except RuntimeError:
-+			# this one is expected behavior, see
-+			# https://github.com/fail2ban/fail2ban/issues/1155#issuecomment-139799958
-+			pass
-+
- 		# Verify that the proccess itself got killed
- 		self.assertFalse(pid_exists(getnastypid()))
- 		self.assertTrue(self._is_logged('timed out'))
diff --git a/fail2ban-mysql.patch b/fail2ban-mysql.patch
new file mode 100644
index 0000000..5efa807
--- /dev/null
+++ b/fail2ban-mysql.patch
@@ -0,0 +1,13 @@
+diff --git a/config/paths-fedora.conf b/config/paths-fedora.conf
+index b3c978c..e91845a 100644
+--- a/config/paths-fedora.conf
++++ b/config/paths-fedora.conf
+@@ -34,7 +34,7 @@ apache_access_log = /var/log/httpd/*access_log
+ 
+ exim_main_log = /var/log/exim/main.log
+ 
+-mysql_log = /var/lib/mysql/mysqld.log
++mysql_log = /var/log/mariadb/mariadb.log
+ 
+ roundcube_errors_log = /var/log/roundcubemail/errors
+ 
diff --git a/fail2ban-test.patch b/fail2ban-test.patch
new file mode 100644
index 0000000..1522ece
--- /dev/null
+++ b/fail2ban-test.patch
@@ -0,0 +1,12 @@
+diff -up fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py.test fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py
+--- fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py.test	2016-03-09 10:43:53.649645648 -0700
++++ fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py	2016-03-09 11:00:19.208546116 -0700
+@@ -632,8 +632,6 @@ class JailsReaderTest(LogCaptureTestCase
+ 
+ 			# and we know even some of them by heart
+ 			for j in ['sshd', 'recidive']:
+-				# by default we have 'auto' backend ATM
+-				self.assertTrue(['add', j, 'auto'] in comm_commands)
+ 				# and warn on useDNS
+ 				self.assertTrue(['set', j, 'usedns', 'warn'] in comm_commands)
+ 				self.assertTrue(['start', j] in comm_commands)
diff --git a/fail2ban.spec b/fail2ban.spec
index 8a7d9f6..d7024c0 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,13 +1,17 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.3
-Release: 3%{?dist}
+Version: 0.9.4
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+#Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
 # Fix failing test
-# https://github.com/fail2ban/fail2ban/issues/1155
-Patch0: https://github.com/yarikoptic/fail2ban/commit/3187de29336b4a01e4dcd20f98253e1db913ee7a.patch
+# https://github.com/fail2ban/fail2ban/issues/1353
+Patch0: fail2ban-test.patch
+# Fix mysql log path
+# https://github.com/fail2ban/fail2ban/issues/1354
+Patch1: fail2ban-mysql.patch
 
 BuildRequires: python3-devel
 # For 2to3
@@ -145,6 +149,7 @@ by default.
 %prep
 %setup -q
 %patch0 -p1 -b .test
+%patch1 -p1 -b .mysql
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
@@ -275,6 +280,10 @@ fi
 
 
 %changelog
+* Wed Mar 9 2016 Orion Poplawski  - 0.9.4-1
+- Update to 0.9.4
+- Use mariadb log path by default
+
 * Tue Feb 23 2016 Orion Poplawski  - 0.9.3-3
 - Use python3 (bug #1282498)
 
diff --git a/sources b/sources
index 29e969c..6113bd9 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-73c87c545cc6474de984b5a05e64ecab  fail2ban-0.9.3.tar.gz
+2dc93dff03c4da9fb95d4695e07b65d8  fail2ban-0.9.4.tar.gz

From 1e5fef520eacf80463ffaf1feefa4ad70d7f6d5a Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 9 Mar 2016 12:02:13 -0700
Subject: [PATCH 058/201] Revert "Use python3 (bug #1282498)"

This reverts commit 3454a2012a174aea6aa8ef1a64b9773f86ff0334.

Conflicts:
	fail2ban.spec
---
 fail2ban.spec | 26 +++++++++-----------------
 1 file changed, 9 insertions(+), 17 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d7024c0..ab85ba6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -13,11 +13,9 @@ Patch0: fail2ban-test.patch
 # https://github.com/fail2ban/fail2ban/issues/1354
 Patch1: fail2ban-mysql.patch
 
-BuildRequires: python3-devel
-# For 2to3
-BuildRequires: python2-tools
+BuildRequires: python-devel
 # For testcases
-BuildRequires: python3-inotify
+BuildRequires: python-inotify
 BuildArch: noarch
 %if 0%{?fedora} || 0%{?rhel} >= 7
 BuildRequires: systemd
@@ -48,7 +46,7 @@ configurations.
 %package server
 Summary: Core server component for Fail2Ban
 %if 0%{?fedora} || 0%{?rhel} >= 7
-Requires: python3-systemd
+Requires: systemd-python
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -75,12 +73,10 @@ Requires: %{name}-mail = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
 Requires: %{name}-shorewall = %{version}-%{release}
-# Currently this breaks jails that don't log to the journal
 #Requires: %{name}-systemd = %{version}-%{release}
-# No python3 support for gamin
-#Requires: gamin-python
+Requires: gamin-python
 Requires: perl
-Requires: python3-inotify
+Requires: python-inotify
 Requires: /usr/bin/whois
 
 %description all
@@ -154,13 +150,12 @@ by default.
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 # Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
 sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service
-2to3 --write --nobackups .
 
 %build
-%py3_build
+%py_build
 
 %install
-%py3_install
+%py_install
 
 %if 0%{?fedora} || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
@@ -205,7 +200,7 @@ rm -r %{buildroot}%{_docdir}/%{name}
 %check
 # Need a UTF-8 locale to work
 export LANG=en_US.UTF-8
-./fail2ban-testcases-all-python3 --no-network
+./fail2ban-testcases-all --no-network
 
 %post server
 %if 0%{?fedora} || 0%{?rhel} >= 7
@@ -237,7 +232,7 @@ fi
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-testcases
-%{python3_sitelib}/*
+%{python_sitelib}/*
 %if 0%{?fedora} || 0%{?rhel} >= 7
 %{_unitdir}/fail2ban.service
 %else
@@ -284,9 +279,6 @@ fi
 - Update to 0.9.4
 - Use mariadb log path by default
 
-* Tue Feb 23 2016 Orion Poplawski  - 0.9.3-3
-- Use python3 (bug #1282498)
-
 * Wed Feb 03 2016 Fedora Release Engineering  - 0.9.3-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 

From 5fb4dae05d56e67ad74d5477ebfeaecc7e232ed8 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 9 Mar 2016 14:00:46 -0700
Subject: [PATCH 059/201] Fix mariadb/mysql log handling

---
 fail2ban-mysql.patch | 10 ++++++++--
 fail2ban.spec        |  5 ++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/fail2ban-mysql.patch b/fail2ban-mysql.patch
index 5efa807..4eb52a3 100644
--- a/fail2ban-mysql.patch
+++ b/fail2ban-mysql.patch
@@ -1,13 +1,19 @@
 diff --git a/config/paths-fedora.conf b/config/paths-fedora.conf
-index b3c978c..e91845a 100644
+index b3c978c..d13645b 100644
 --- a/config/paths-fedora.conf
 +++ b/config/paths-fedora.conf
-@@ -34,7 +34,7 @@ apache_access_log = /var/log/httpd/*access_log
+@@ -34,7 +34,8 @@ apache_access_log = /var/log/httpd/*access_log
  
  exim_main_log = /var/log/exim/main.log
  
 -mysql_log = /var/lib/mysql/mysqld.log
 +mysql_log = /var/log/mariadb/mariadb.log
++            /var/log/mysqld.log
  
  roundcube_errors_log = /var/log/roundcubemail/errors
  
+@@ -48,4 +49,3 @@ pureftpd_backend = systemd
+ wuftpd_backend = systemd
+ postfix_backend = systemd
+ dovecot_backend = systemd
+-mysql_backend = systemd
diff --git a/fail2ban.spec b/fail2ban.spec
index d7024c0..eace602 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -280,6 +280,9 @@ fi
 
 
 %changelog
+* Wed Mar 9 2016 Orion Poplawski  - 0.9.4-2
+- Fix mariadb/mysql log handling
+
 * Wed Mar 9 2016 Orion Poplawski  - 0.9.4-1
 - Update to 0.9.4
 - Use mariadb log path by default

From 4918cc13d558fef20673f4b02586076ebee5596f Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 9 Mar 2016 14:27:16 -0700
Subject: [PATCH 060/201] No longer need to add After=firewalld.service (bug
 #1301910)

---
 fail2ban.spec | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index eace602..c6b9696 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -152,8 +152,6 @@ by default.
 %patch1 -p1 -b .mysql
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
-# Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
-sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service
 2to3 --write --nobackups .
 
 %build
@@ -280,6 +278,9 @@ fi
 
 
 %changelog
+* Wed Mar 9 2016 Orion Poplawski  - 0.9.4-3
+- No longer need to add After=firewalld.service (bug #1301910)
+
 * Wed Mar 9 2016 Orion Poplawski  - 0.9.4-2
 - Fix mariadb/mysql log handling
 

From 7939b816091d7bf3bf583ec310ca8595c882f84e Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sun, 27 Mar 2016 11:28:56 -0600
Subject: [PATCH 061/201] Use %{_tmpfilesdir} for systemd tmpfile config

---
 fail2ban.spec | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index c6b9696..6f7994e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -174,8 +174,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
-mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
-install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
 # Remove non-Linux actions
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
@@ -251,7 +251,7 @@ fi
 %exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
 %exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf
+%{_tmpfilesdir}/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
 %dir %{_localstatedir}/run/fail2ban/
 
@@ -278,6 +278,9 @@ fi
 
 
 %changelog
+* Sun Mar 27 2016 Orion Poplawski  - 0.9.4-4
+- Use %%{_tmpfilesdir} for systemd tmpfile config
+
 * Wed Mar 9 2016 Orion Poplawski  - 0.9.4-3
 - No longer need to add After=firewalld.service (bug #1301910)
 

From 491ac3332272c145f0d11b71030790d74a824702 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 5 Apr 2016 09:18:47 -0600
Subject: [PATCH 062/201] Fix python3 usage (bug #1324113)

---
 fail2ban.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 6f7994e..4793895 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -153,6 +153,7 @@ by default.
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
+find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
 
 %build
 %py3_build
@@ -278,6 +279,9 @@ fi
 
 
 %changelog
+* Tue Apr 5 2016 Orion Poplawski  - 0.9.4-5
+- Fix python3 usage (bug #1324113)
+
 * Sun Mar 27 2016 Orion Poplawski  - 0.9.4-4
 - Use %%{_tmpfilesdir} for systemd tmpfile config
 

From 314a77633d7ee94dd49138a3f66868a9d1054395 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Tue, 19 Jul 2016 07:02:06 +0000
Subject: [PATCH 063/201] -
 https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 4793895..fabcb96 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -279,6 +279,9 @@ fi
 
 
 %changelog
+* Tue Jul 19 2016 Fedora Release Engineering  - 0.9.4-6
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
 * Tue Apr 5 2016 Orion Poplawski  - 0.9.4-5
 - Fix python3 usage (bug #1324113)
 

From f918a8706c05dc692107f93d15fd81a884ceaee0 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sun, 25 Sep 2016 09:47:36 -0600
Subject: [PATCH 064/201] Update to 0.9.5

- Drop mysql patch applied upstream
---
 .gitignore           |  1 +
 fail2ban-mysql.patch | 19 -------------------
 fail2ban.spec        | 12 ++++++------
 sources              |  2 +-
 4 files changed, 8 insertions(+), 26 deletions(-)
 delete mode 100644 fail2ban-mysql.patch

diff --git a/.gitignore b/.gitignore
index bf86dda..000a84c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.2.tar.gz
 /fail2ban-0.9.3.tar.gz
 /fail2ban-0.9.4.tar.gz
+/fail2ban-0.9.5.tar.gz
diff --git a/fail2ban-mysql.patch b/fail2ban-mysql.patch
deleted file mode 100644
index 4eb52a3..0000000
--- a/fail2ban-mysql.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/config/paths-fedora.conf b/config/paths-fedora.conf
-index b3c978c..d13645b 100644
---- a/config/paths-fedora.conf
-+++ b/config/paths-fedora.conf
-@@ -34,7 +34,8 @@ apache_access_log = /var/log/httpd/*access_log
- 
- exim_main_log = /var/log/exim/main.log
- 
--mysql_log = /var/lib/mysql/mysqld.log
-+mysql_log = /var/log/mariadb/mariadb.log
-+            /var/log/mysqld.log
- 
- roundcube_errors_log = /var/log/roundcubemail/errors
- 
-@@ -48,4 +49,3 @@ pureftpd_backend = systemd
- wuftpd_backend = systemd
- postfix_backend = systemd
- dovecot_backend = systemd
--mysql_backend = systemd
diff --git a/fail2ban.spec b/fail2ban.spec
index fabcb96..9fa8d9b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.4
-Release: 6%{?dist}
+Version: 0.9.5
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -9,9 +9,6 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 # Fix failing test
 # https://github.com/fail2ban/fail2ban/issues/1353
 Patch0: fail2ban-test.patch
-# Fix mysql log path
-# https://github.com/fail2ban/fail2ban/issues/1354
-Patch1: fail2ban-mysql.patch
 
 BuildRequires: python3-devel
 # For 2to3
@@ -149,7 +146,6 @@ by default.
 %prep
 %setup -q
 %patch0 -p1 -b .test
-%patch1 -p1 -b .mysql
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
@@ -279,6 +275,10 @@ fi
 
 
 %changelog
+* Sun Sep 25 2016 Orion Poplawski  - 0.9.5-1
+- Update to 0.9.5
+- Drop mysql patch applied upstream
+
 * Tue Jul 19 2016 Fedora Release Engineering  - 0.9.4-6
 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
 
diff --git a/sources b/sources
index 6113bd9..7cb27dc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2dc93dff03c4da9fb95d4695e07b65d8  fail2ban-0.9.4.tar.gz
+1b59fc84a40b790e3f959257d64ab313  fail2ban-0.9.5.tar.gz

From c12a4ed538e73262bddddddbb4ba0aeb94d915dc Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 3 Oct 2016 12:14:07 -0600
Subject: [PATCH 065/201] Add patch to fix failing test

---
 ...e12f701807a8d89bfe57c9f7f492375a0a53.patch | 60 +++++++++++++++++++
 fail2ban.spec                                 |  7 +++
 2 files changed, 67 insertions(+)
 create mode 100644 c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch

diff --git a/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
new file mode 100644
index 0000000..848ef2a
--- /dev/null
+++ b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
@@ -0,0 +1,60 @@
+From c49fe12f701807a8d89bfe57c9f7f492375a0a53 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Mon, 15 Aug 2016 12:53:40 +0200
+Subject: [PATCH] fix fail2banregextestcase using setUpMyTime/tearDownMyTime:
+ always use correct static time as base-time (using mock up MyTime), correct
+ datetimes inside test
+
+---
+ fail2ban/tests/fail2banregextestcase.py | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py
+index 3321ffd..1119efd 100644
+--- a/fail2ban/tests/fail2banregextestcase.py
++++ b/fail2ban/tests/fail2banregextestcase.py
+@@ -39,7 +39,7 @@
+ 
+ from ..client import fail2banregex
+ from ..client.fail2banregex import Fail2banRegex, get_opt_parser, output
+-from .utils import LogCaptureTestCase, logSys
++from .utils import setUpMyTime, tearDownMyTime, LogCaptureTestCase, logSys
+ from .utils import CONFIG_DIR
+ 
+ 
+@@ -70,10 +70,12 @@ class Fail2banRegexTest(LogCaptureTestCase):
+ 	def setUp(self):
+ 		"""Call before every test case."""
+ 		LogCaptureTestCase.setUp(self)
++		setUpMyTime()
+ 
+ 	def tearDown(self):
+ 		"""Call after every test case."""
+ 		LogCaptureTestCase.tearDown(self)
++		tearDownMyTime()
+ 
+ 	def testWrongRE(self):
+ 		(opts, args, fail2banRegex) = _Fail2banRegex(
+@@ -159,8 +161,8 @@ def testVerbose(self):
+ 		self.assertTrue(fail2banRegex.start(opts, args))
+ 		self.assertLogged('Lines: 13 lines, 0 ignored, 5 matched, 8 missed')
+ 
+-		self.assertLogged('141.3.81.106  Fri Aug 14 11:53:59 2015')
+-		self.assertLogged('141.3.81.106  Fri Aug 14 11:54:59 2015')
++		self.assertLogged('141.3.81.106  Sun Aug 14 11:53:59 2005')
++		self.assertLogged('141.3.81.106  Sun Aug 14 11:54:59 2005')
+ 
+ 	def testWronChar(self):
+ 		(opts, args, fail2banRegex) = _Fail2banRegex(
+@@ -169,9 +171,8 @@ def testWronChar(self):
+ 		self.assertTrue(fail2banRegex.start(opts, args))
+ 		self.assertLogged('Lines: 4 lines, 0 ignored, 2 matched, 2 missed')
+ 
+-		self.assertLogged('Error decoding line');
+-		self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:58 user ');
+-		self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:59 user ');
++		self.assertLogged('Error decoding line')
++		self.assertLogged('Continuing to process line ignoring invalid characters:')
+ 
+ 		self.assertLogged('Nov  8 00:16:12 main sshd[32548]: input_userauth_request: invalid user llinco')
+ 		self.assertLogged('Nov  8 00:16:12 main sshd[32547]: pam_succeed_if(sshd:auth): error retrieving information about user llinco')
diff --git a/fail2ban.spec b/fail2ban.spec
index 9fa8d9b..59e1410 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -9,6 +9,9 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 # Fix failing test
 # https://github.com/fail2ban/fail2ban/issues/1353
 Patch0: fail2ban-test.patch
+# Upstream patch to fix failing tests
+# https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53
+Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
 
 BuildRequires: python3-devel
 # For 2to3
@@ -146,6 +149,7 @@ by default.
 %prep
 %setup -q
 %patch0 -p1 -b .test
+%patch1 -p1
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
@@ -275,6 +279,9 @@ fi
 
 
 %changelog
+* Mon Oct 3 2016 Orion Poplawski  - 0.9.5-1
+- Add patch to fix failing test
+
 * Sun Sep 25 2016 Orion Poplawski  - 0.9.5-1
 - Update to 0.9.5
 - Drop mysql patch applied upstream

From cc9d6fbb2c266583fd251d86483d6382bb49ad7d Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 9 Mar 2016 14:27:16 -0700
Subject: [PATCH 066/201] No longer need to add After=firewalld.service (bug
 #1301910)

Conflicts:
	fail2ban.spec
---
 fail2ban.spec | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 946077a..90e01a5 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -148,8 +148,6 @@ by default.
 %patch1 -p1 -b .mysql
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
-# Start after firewalld (https://bugzilla.redhat.com/show_bug.cgi?id=1067147)
-sed -i -e '/^After=/s/$/ firewalld.service/' files/fail2ban.service
 
 %build
 %py_build
@@ -275,6 +273,9 @@ fi
 
 
 %changelog
+* Wed Mar 9 2016 Orion Poplawski  - 0.9.4-3
+- No longer need to add After=firewalld.service (bug #1301910)
+
 * Wed Mar 9 2016 Orion Poplawski  - 0.9.4-2
 - Fix mariadb/mysql log handling
 

From 04c18b4f10ff4d616e344a27bde8029cdfca4faa Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sun, 27 Mar 2016 11:28:56 -0600
Subject: [PATCH 067/201] Use %{_tmpfilesdir} for systemd tmpfile config

---
 fail2ban.spec | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 90e01a5..adbe7e6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -169,8 +169,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
-mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
-install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_sysconfdir}/tmpfiles.d/fail2ban.conf
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
 # Remove non-Linux actions
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
@@ -246,7 +246,7 @@ fi
 %exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
 %exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
-%config(noreplace) %{_sysconfdir}/tmpfiles.d/fail2ban.conf
+%{_tmpfilesdir}/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
 %dir %{_localstatedir}/run/fail2ban/
 
@@ -273,6 +273,9 @@ fi
 
 
 %changelog
+* Sun Mar 27 2016 Orion Poplawski  - 0.9.4-4
+- Use %%{_tmpfilesdir} for systemd tmpfile config
+
 * Wed Mar 9 2016 Orion Poplawski  - 0.9.4-3
 - No longer need to add After=firewalld.service (bug #1301910)
 

From a0b29d90581cf0b1a3d72036c499b318553b81ef Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sun, 25 Sep 2016 09:47:36 -0600
Subject: [PATCH 068/201] Update to 0.9.5

- Drop mysql patch applied upstream

Conflicts:
	fail2ban.spec
---
 .gitignore           |  1 +
 fail2ban-mysql.patch | 19 -------------------
 fail2ban.spec        | 12 ++++++------
 sources              |  2 +-
 4 files changed, 8 insertions(+), 26 deletions(-)
 delete mode 100644 fail2ban-mysql.patch

diff --git a/.gitignore b/.gitignore
index fc9ed14..ffc3ada 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.2.tar.gz
 /fail2ban-0.9.3.tar.gz
 /fail2ban-0.9.4.tar.gz
+/fail2ban-0.9.5.tar.gz
diff --git a/fail2ban-mysql.patch b/fail2ban-mysql.patch
deleted file mode 100644
index 4eb52a3..0000000
--- a/fail2ban-mysql.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff --git a/config/paths-fedora.conf b/config/paths-fedora.conf
-index b3c978c..d13645b 100644
---- a/config/paths-fedora.conf
-+++ b/config/paths-fedora.conf
-@@ -34,7 +34,8 @@ apache_access_log = /var/log/httpd/*access_log
- 
- exim_main_log = /var/log/exim/main.log
- 
--mysql_log = /var/lib/mysql/mysqld.log
-+mysql_log = /var/log/mariadb/mariadb.log
-+            /var/log/mysqld.log
- 
- roundcube_errors_log = /var/log/roundcubemail/errors
- 
-@@ -48,4 +49,3 @@ pureftpd_backend = systemd
- wuftpd_backend = systemd
- postfix_backend = systemd
- dovecot_backend = systemd
--mysql_backend = systemd
diff --git a/fail2ban.spec b/fail2ban.spec
index adbe7e6..ba82b17 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.4
-Release: 4%{?dist}
+Version: 0.9.5
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -9,9 +9,6 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 # Fix failing test
 # https://github.com/fail2ban/fail2ban/issues/1353
 Patch0: fail2ban-test.patch
-# Fix mysql log path
-# https://github.com/fail2ban/fail2ban/issues/1354
-Patch1: fail2ban-mysql.patch
 
 BuildRequires: python-devel
 # For testcases
@@ -145,7 +142,6 @@ by default.
 %prep
 %setup -q
 %patch0 -p1 -b .test
-%patch1 -p1 -b .mysql
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 
@@ -273,6 +269,10 @@ fi
 
 
 %changelog
+* Sun Sep 25 2016 Orion Poplawski  - 0.9.5-1
+- Update to 0.9.5
+- Drop mysql patch applied upstream
+
 * Sun Mar 27 2016 Orion Poplawski  - 0.9.4-4
 - Use %%{_tmpfilesdir} for systemd tmpfile config
 
diff --git a/sources b/sources
index 6113bd9..7cb27dc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2dc93dff03c4da9fb95d4695e07b65d8  fail2ban-0.9.4.tar.gz
+1b59fc84a40b790e3f959257d64ab313  fail2ban-0.9.5.tar.gz

From cca1cc057181b390e01e96fbf189f2ff26dd8fab Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 3 Oct 2016 12:14:07 -0600
Subject: [PATCH 069/201] Add patch to fix failing test

---
 ...e12f701807a8d89bfe57c9f7f492375a0a53.patch | 60 +++++++++++++++++++
 fail2ban.spec                                 |  7 +++
 2 files changed, 67 insertions(+)
 create mode 100644 c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch

diff --git a/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
new file mode 100644
index 0000000..848ef2a
--- /dev/null
+++ b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
@@ -0,0 +1,60 @@
+From c49fe12f701807a8d89bfe57c9f7f492375a0a53 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Mon, 15 Aug 2016 12:53:40 +0200
+Subject: [PATCH] fix fail2banregextestcase using setUpMyTime/tearDownMyTime:
+ always use correct static time as base-time (using mock up MyTime), correct
+ datetimes inside test
+
+---
+ fail2ban/tests/fail2banregextestcase.py | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py
+index 3321ffd..1119efd 100644
+--- a/fail2ban/tests/fail2banregextestcase.py
++++ b/fail2ban/tests/fail2banregextestcase.py
+@@ -39,7 +39,7 @@
+ 
+ from ..client import fail2banregex
+ from ..client.fail2banregex import Fail2banRegex, get_opt_parser, output
+-from .utils import LogCaptureTestCase, logSys
++from .utils import setUpMyTime, tearDownMyTime, LogCaptureTestCase, logSys
+ from .utils import CONFIG_DIR
+ 
+ 
+@@ -70,10 +70,12 @@ class Fail2banRegexTest(LogCaptureTestCase):
+ 	def setUp(self):
+ 		"""Call before every test case."""
+ 		LogCaptureTestCase.setUp(self)
++		setUpMyTime()
+ 
+ 	def tearDown(self):
+ 		"""Call after every test case."""
+ 		LogCaptureTestCase.tearDown(self)
++		tearDownMyTime()
+ 
+ 	def testWrongRE(self):
+ 		(opts, args, fail2banRegex) = _Fail2banRegex(
+@@ -159,8 +161,8 @@ def testVerbose(self):
+ 		self.assertTrue(fail2banRegex.start(opts, args))
+ 		self.assertLogged('Lines: 13 lines, 0 ignored, 5 matched, 8 missed')
+ 
+-		self.assertLogged('141.3.81.106  Fri Aug 14 11:53:59 2015')
+-		self.assertLogged('141.3.81.106  Fri Aug 14 11:54:59 2015')
++		self.assertLogged('141.3.81.106  Sun Aug 14 11:53:59 2005')
++		self.assertLogged('141.3.81.106  Sun Aug 14 11:54:59 2005')
+ 
+ 	def testWronChar(self):
+ 		(opts, args, fail2banRegex) = _Fail2banRegex(
+@@ -169,9 +171,8 @@ def testWronChar(self):
+ 		self.assertTrue(fail2banRegex.start(opts, args))
+ 		self.assertLogged('Lines: 4 lines, 0 ignored, 2 matched, 2 missed')
+ 
+-		self.assertLogged('Error decoding line');
+-		self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:58 user ');
+-		self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:59 user ');
++		self.assertLogged('Error decoding line')
++		self.assertLogged('Continuing to process line ignoring invalid characters:')
+ 
+ 		self.assertLogged('Nov  8 00:16:12 main sshd[32548]: input_userauth_request: invalid user llinco')
+ 		self.assertLogged('Nov  8 00:16:12 main sshd[32547]: pam_succeed_if(sshd:auth): error retrieving information about user llinco')
diff --git a/fail2ban.spec b/fail2ban.spec
index ba82b17..4522f9e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -9,6 +9,9 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 # Fix failing test
 # https://github.com/fail2ban/fail2ban/issues/1353
 Patch0: fail2ban-test.patch
+# Upstream patch to fix failing tests
+# https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53
+Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
 
 BuildRequires: python-devel
 # For testcases
@@ -142,6 +145,7 @@ by default.
 %prep
 %setup -q
 %patch0 -p1 -b .test
+%patch1 -p1
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 
@@ -269,6 +273,9 @@ fi
 
 
 %changelog
+* Mon Oct 3 2016 Orion Poplawski  - 0.9.5-1
+- Add patch to fix failing test
+
 * Sun Sep 25 2016 Orion Poplawski  - 0.9.5-1
 - Update to 0.9.5
 - Drop mysql patch applied upstream

From 7a716eded05f657b4f077038c6c2e83b09fdb541 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 3 Oct 2016 13:32:37 -0600
Subject: [PATCH 070/201] Remove old patch

---
 ...s-using-error-log-weren-t-matched-wh.patch | 99 -------------------
 1 file changed, 99 deletions(-)
 delete mode 100644 0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch

diff --git a/0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch b/0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch
deleted file mode 100644
index e30916c..0000000
--- a/0001-BF-apache-filters-using-error-log-weren-t-matched-wh.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 284f811c912af2f683c7eb150011337912516934 Mon Sep 17 00:00:00 2001
-From: Daniel Black 
-Date: Tue, 19 Nov 2013 10:27:55 +1100
-Subject: [PATCH] BF: apache filters using error log weren't matched when
- referer existed in HTTP header
-
----
- config/filter.d/apache-auth.conf      | 26 ++++++++++++++------------
- config/filter.d/apache-noscript.conf  |  4 ++--
- config/filter.d/apache-overflows.conf |  2 +-
- testcases/files/logs/apache-auth      |  3 +++
- 6 files changed, 22 insertions(+), 15 deletions(-)
-
-diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf
-index 3df91c1..f421348 100644
---- a/config/filter.d/apache-auth.conf
-+++ b/config/filter.d/apache-auth.conf
-@@ -10,19 +10,19 @@ before = apache-common.conf
- [Definition]
- 
- 
--failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*\s*$
--            ^%(_apache_error_client)s (AH01617: )?user .* authentication failure for "\S*": Password Mismatch$
--            ^%(_apache_error_client)s (AH01618: )?user .* not found(: )?\S*\s*$
--            ^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*\s*$
-+failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01617: )?user .*? authentication failure for "\S*": Password Mismatch(, referer: \S+)?$
-+            ^%(_apache_error_client)s (AH01618: )?user .*? not found(: )?\S*(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*(, referer: \S+)?\s*$
-             ^%(_apache_error_client)s (AH\d+: )?Authorization of user \S+ to access \S* failed, reason: .*$
--            ^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*: password mismatch: \S*\s*$
--            ^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*' in realm `.+' (not found|denied by provider): \S*\s*$
--            ^%(_apache_error_client)s (AH01631: )?user .*: authorization failure for "\S*":\s*$
--            ^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \S+\s*$
--            ^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*' but expected `.+'\s*$
--            ^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*' received: \S*\s*$
--            ^%(_apache_error_client)s (AH01793: )?invalid qop `.*' received: \S*\s*$
--            ^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .* received - user attempted time travel\s*$
-+            ^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*?: password mismatch: \S*(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*?' in realm `.+' (not found|denied by provider): \S*(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01631: )?user .*?: authorization failure for "\S*":(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \S+(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*?' but expected `.+'(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*?' received: \S*(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01793: )?invalid qop `.*?' received: \S*(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .*? received - user attempted time travel(, referer: \S+)?\s*$
- 
- ignoreregex = 
- 
-@@ -50,5 +50,7 @@ ignoreregex =
- #     ^%(_apache_error_client)s (AH01779: )?user .*: one-time-nonce mismatch - sending new nonce\s*$
- #     ^%(_apache_error_client)s (AH02486: )?realm mismatch - got `.*' but no realm specified\s*$
- #
-+# referer is always in error log messages if it exists added as per the log_error_core function in server/log.c
-+# 
- # Author: Cyril Jaquier
- # Major edits by Daniel Black
-diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf
-index f3c6246..7ea257b 100644
---- a/config/filter.d/apache-noscript.conf
-+++ b/config/filter.d/apache-noscript.conf
-@@ -9,8 +9,8 @@ before = apache-common.conf
- 
- [Definition]
- 
--failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)\s*$
--            ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$
-+failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
-+            ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$
- 
- ignoreregex = 
- 
-diff --git a/config/filter.d/apache-overflows.conf b/config/filter.d/apache-overflows.conf
-index 9255152..74e44b8 100644
---- a/config/filter.d/apache-overflows.conf
-+++ b/config/filter.d/apache-overflows.conf
-@@ -8,7 +8,7 @@ before = apache-common.conf
- 
- [Definition]
- 
--failregex = ^%(_apache_error_client)s ((AH0013[456]: )?Invalid (method|URI) in request .*( - possible attempt to establish SSL connection on non-SSL port)?|(AH00565: )?request failed: URI too long \(longer than \d+\)|request failed: erroneous characters after protocol string: .*|AH00566: request failed: invalid characters in URI)$
-+failregex = ^%(_apache_error_client)s ((AH0013[456]: )?Invalid (method|URI) in request .*( - possible attempt to establish SSL connection on non-SSL port)?|(AH00565: )?request failed: URI too long \(longer than \d+\)|request failed: erroneous characters after protocol string: .*|AH00566: request failed: invalid characters in URI)(, referer: \S+)?$
- 
- ignoreregex =
- 
-diff --git a/testcases/files/logs/apache-auth b/testcases/files/logs/apache-auth
-index d6c40ac..787d160 100644
---- a/testcases/files/logs/apache-auth
-+++ b/testcases/files/logs/apache-auth
-@@ -115,3 +115,6 @@
- 
- # failJSON: { "time": "2013-06-01T02:17:42", "match": true , "host": "192.168.0.2" }
- [Sat Jun 01 02:17:42 2013] [error] [client 192.168.0.2] user root not found
-+
-+# failJSON: { "time": "2013-11-18T22:39:33", "match": true , "host": "91.49.82.139" }
-+[Mon Nov 18 22:39:33 2013] [error] [client 91.49.82.139] user gg not found: /, referer: http://sj.hopto.org/management.html
--- 
-1.8.3.1
-

From 64d45110bb6b8dbe0b74b4bf0ebbed7b85a4e216 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 3 Oct 2016 16:01:29 -0600
Subject: [PATCH 071/201] Give up being PartOf iptables to allow firewalld
 restarts to work

  (bug #1379141)
---
 fail2ban-partof.patch | 12 ++++++++++++
 fail2ban.spec         | 10 +++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-partof.patch

diff --git a/fail2ban-partof.patch b/fail2ban-partof.patch
new file mode 100644
index 0000000..d634668
--- /dev/null
+++ b/fail2ban-partof.patch
@@ -0,0 +1,12 @@
+diff -up fail2ban-0.9.5/files/fail2ban.service.partof fail2ban-0.9.5/files/fail2ban.service
+--- fail2ban-0.9.5/files/fail2ban.service.partof	2016-07-14 20:25:07.000000000 -0600
++++ fail2ban-0.9.5/files/fail2ban.service	2016-10-03 15:59:24.761782253 -0600
+@@ -2,7 +2,7 @@
+ Description=Fail2Ban Service
+ Documentation=man:fail2ban(1)
+ After=network.target iptables.service firewalld.service
+-PartOf=iptables.service firewalld.service
++PartOf=firewalld.service
+ 
+ [Service]
+ Type=forking
diff --git a/fail2ban.spec b/fail2ban.spec
index 59e1410..fd3c1b5 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -12,6 +12,9 @@ Patch0: fail2ban-test.patch
 # Upstream patch to fix failing tests
 # https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53
 Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
+# Give up being PartOf iptables for now
+# https://bugzilla.redhat.com/show_bug.cgi?id=1379141
+Patch2: fail2ban-partof.patch
 
 BuildRequires: python3-devel
 # For 2to3
@@ -150,6 +153,7 @@ by default.
 %setup -q
 %patch0 -p1 -b .test
 %patch1 -p1
+%patch2 -p1 -b .partof
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
@@ -279,6 +283,10 @@ fi
 
 
 %changelog
+* Mon Oct 3 2016 Orion Poplawski  - 0.9.5-2
+- Give up being PartOf iptables to allow firewalld restarts to work
+  (bug #1379141)
+
 * Mon Oct 3 2016 Orion Poplawski  - 0.9.5-1
 - Add patch to fix failing test
 

From 7dfd4e4924c9b26f9538244aa8b9c832aec17840 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 3 Oct 2016 16:37:16 -0600
Subject: [PATCH 072/201] Add journalmatch entries for sendmail (bug #1329919)

---
 fail2ban-sendmail.patch | 34 ++++++++++++++++++++++++++++++++++
 fail2ban.spec           | 10 +++++++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-sendmail.patch

diff --git a/fail2ban-sendmail.patch b/fail2ban-sendmail.patch
new file mode 100644
index 0000000..c612560
--- /dev/null
+++ b/fail2ban-sendmail.patch
@@ -0,0 +1,34 @@
+commit 6a5f8ddf63658f3645a88988641c06d5a9625c00
+Author: Orion Poplawski 
+Date:   Mon Oct 3 16:26:11 2016 -0600
+
+    Add sendmail journalmatch options
+
+diff --git a/config/filter.d/sendmail-auth.conf b/config/filter.d/sendmail-auth.conf
+index 138fbb8..7886e60 100644
+--- a/config/filter.d/sendmail-auth.conf
++++ b/config/filter.d/sendmail-auth.conf
+@@ -13,6 +13,10 @@ failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: po
+ 
+ ignoreregex =
+ 
++[Init]
++
++journalmatch = _SYSTEMD_UNIT=sendmail.service
++
+ # DEV Notes:
+ #
+ # Author: Daniel Black
+diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf
+index 93b8343..219d910 100644
+--- a/config/filter.d/sendmail-reject.conf
++++ b/config/filter.d/sendmail-reject.conf
+@@ -33,6 +33,8 @@ ignoreregex =
+ 
+ [Init]
+ 
++journalmatch = _SYSTEMD_UNIT=sendmail.service
++
+ # "maxlines" is number of log lines to buffer for multi-line regex searches
+ maxlines = 10
+ 
diff --git a/fail2ban.spec b/fail2ban.spec
index fd3c1b5..d188879 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -15,6 +15,10 @@ Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7
 # Give up being PartOf iptables for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 Patch2: fail2ban-partof.patch
+# Add journalmatch entries for sendmail
+# https://bugzilla.redhat.com/show_bug.cgi?id=1329919
+# https://github.com/fail2ban/fail2ban/pull/1566
+Patch3: fail2ban-sendmail.patch
 
 BuildRequires: python3-devel
 # For 2to3
@@ -154,6 +158,7 @@ by default.
 %patch0 -p1 -b .test
 %patch1 -p1
 %patch2 -p1 -b .partof
+%patch3 -p1 -b .sendmail
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
@@ -283,6 +288,9 @@ fi
 
 
 %changelog
+* Mon Oct 3 2016 Orion Poplawski  - 0.9.5-3
+- Add journalmatch entries for sendmail (bug #1329919)
+
 * Mon Oct 3 2016 Orion Poplawski  - 0.9.5-2
 - Give up being PartOf iptables to allow firewalld restarts to work
   (bug #1379141)

From b524383086eec23d4f8f5025f66939f2cd2d5a65 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 7 Oct 2016 16:15:02 -0600
Subject: [PATCH 073/201] Add .rpmlint file

---
 .rpmlint | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .rpmlint

diff --git a/.rpmlint b/.rpmlint
new file mode 100644
index 0000000..05ddcce
--- /dev/null
+++ b/.rpmlint
@@ -0,0 +1,8 @@
+from Config import *
+addFilter("incoherent-logrotate-file /etc/logrotate.d/fail2ban");
+addFilter("macro-in-comment %{(name|version|release)}");
+addFilter("spelling-error .* (tcp|sendmail|shorewall|sshd)");
+# Tests
+addFilter("hidden-file-or-dir .*fail2ban/tests/files/config/apache.*/\.htpasswd");
+addFilter("htaccess-file-error .*fail2ban/tests/files/config/apache.*/\.htaccess");
+addFilter("zero-length .*fail2ban/tests/files/files/");

From 79ae934283ec6fa173dc60f809d4161603c80899 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 7 Oct 2016 16:15:22 -0600
Subject: [PATCH 074/201] %ghost /run/fail2ban

- Fix typo in shorewall description
- Move tests to -tests sub-package
---
 fail2ban.spec | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d188879..9e95afe 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -115,6 +115,14 @@ This package enables support for manipulating tcp_wrapper's /etc/hosts.deny
 files.
 
 
+%package tests
+Summary: Fail2Ban testcases
+Requires: %{name}-server = %{version}-%{release}
+
+%description tests
+This package contains Fail2Ban's testscases and scripts.
+
+
 %package mail
 Summary: Mail actions for Fail2Ban
 Requires: %{name}-server = %{version}-%{release}
@@ -141,7 +149,7 @@ Requires: %{name}-server = %{version}-%{release}
 Requires: shorewall
 
 %description shorewall
-This package enables support for manipulating shoreall rules.
+This package enables support for manipulating shorewall rules.
 
 
 %package systemd
@@ -182,7 +190,7 @@ install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
-install -d -m 0755 %{buildroot}%{_localstatedir}/run/fail2ban/
+install -d -m 0755 %{buildroot}/run/fail2ban/
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_tmpfilesdir}
 install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
@@ -241,17 +249,20 @@ fi
 
 %files server
 %doc README.md TODO ChangeLog COPYING doc/*.txt
-%{_bindir}/fail2ban-server
 %{_bindir}/fail2ban-client
 %{_bindir}/fail2ban-regex
-%{_bindir}/fail2ban-testcases
+%{_bindir}/fail2ban-server
 %{python3_sitelib}/*
+%exclude %{python3_sitelib}/fail2ban/tests
 %if 0%{?fedora} || 0%{?rhel} >= 7
 %{_unitdir}/fail2ban.service
 %else
 %{_initddir}/fail2ban
 %endif
-%{_mandir}/man1/fail2ban*.1*
+%{_mandir}/man1/fail2ban.1*
+%{_mandir}/man1/fail2ban-client.1*
+%{_mandir}/man1/fail2ban-regex.1*
+%{_mandir}/man1/fail2ban-server.1*
 %{_mandir}/man5/*.5*
 %config(noreplace) %{_sysconfdir}/fail2ban
 %exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
@@ -263,7 +274,7 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
 %{_tmpfilesdir}/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
-%dir %{_localstatedir}/run/fail2ban/
+%ghost %dir /run/fail2ban/
 
 %files all
 
@@ -273,6 +284,11 @@ fi
 %files hostsdeny
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
 
+%files tests
+%{_bindir}/fail2ban-testcases
+%{_mandir}/man1/fail2ban-testcases.1*
+%{python3_sitelib}/fail2ban/tests
+
 %files mail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-*.conf
@@ -288,6 +304,11 @@ fi
 
 
 %changelog
+* Fri Oct 7 2016 Orion Poplawski  - 0.9.5-4
+- %%ghost /run/fail2ban
+- Fix typo in shorewall description
+- Move tests to -tests sub-package
+
 * Mon Oct 3 2016 Orion Poplawski  - 0.9.5-3
 - Add journalmatch entries for sendmail (bug #1329919)
 

From 61410ac2576999421e894729653585efb7740432 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= 
Date: Mon, 19 Dec 2016 18:20:36 +0100
Subject: [PATCH 075/201] Rebuild for Python 3.6

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 9e95afe..82669c3 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.5
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -304,6 +304,9 @@ fi
 
 
 %changelog
+* Mon Dec 19 2016 Miro Hrončok  - 0.9.5-5
+- Rebuild for Python 3.6
+
 * Fri Oct 7 2016 Orion Poplawski  - 0.9.5-4
 - %%ghost /run/fail2ban
 - Fix typo in shorewall description

From eaa8e0f385511dd57b37f38ee4205d8e5e32c5a2 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 6 Jan 2017 19:29:08 -0700
Subject: [PATCH 076/201] Update to 0.9.6 Fix sendmail-auth filter (bug
 #1329919)

---
 .gitignore                                    |  1 +
 ...e12f701807a8d89bfe57c9f7f492375a0a53.patch | 60 -------------------
 fail2ban-sendmail.patch                       | 29 +++++----
 fail2ban-test.patch                           | 12 ----
 fail2ban.spec                                 | 17 +++---
 sources                                       |  2 +-
 6 files changed, 23 insertions(+), 98 deletions(-)
 delete mode 100644 c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
 delete mode 100644 fail2ban-test.patch

diff --git a/.gitignore b/.gitignore
index 000a84c..8e54753 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,3 +11,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.3.tar.gz
 /fail2ban-0.9.4.tar.gz
 /fail2ban-0.9.5.tar.gz
+/fail2ban-0.9.6.tar.gz
diff --git a/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch b/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
deleted file mode 100644
index 848ef2a..0000000
--- a/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From c49fe12f701807a8d89bfe57c9f7f492375a0a53 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Mon, 15 Aug 2016 12:53:40 +0200
-Subject: [PATCH] fix fail2banregextestcase using setUpMyTime/tearDownMyTime:
- always use correct static time as base-time (using mock up MyTime), correct
- datetimes inside test
-
----
- fail2ban/tests/fail2banregextestcase.py | 13 +++++++------
- 1 file changed, 7 insertions(+), 6 deletions(-)
-
-diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py
-index 3321ffd..1119efd 100644
---- a/fail2ban/tests/fail2banregextestcase.py
-+++ b/fail2ban/tests/fail2banregextestcase.py
-@@ -39,7 +39,7 @@
- 
- from ..client import fail2banregex
- from ..client.fail2banregex import Fail2banRegex, get_opt_parser, output
--from .utils import LogCaptureTestCase, logSys
-+from .utils import setUpMyTime, tearDownMyTime, LogCaptureTestCase, logSys
- from .utils import CONFIG_DIR
- 
- 
-@@ -70,10 +70,12 @@ class Fail2banRegexTest(LogCaptureTestCase):
- 	def setUp(self):
- 		"""Call before every test case."""
- 		LogCaptureTestCase.setUp(self)
-+		setUpMyTime()
- 
- 	def tearDown(self):
- 		"""Call after every test case."""
- 		LogCaptureTestCase.tearDown(self)
-+		tearDownMyTime()
- 
- 	def testWrongRE(self):
- 		(opts, args, fail2banRegex) = _Fail2banRegex(
-@@ -159,8 +161,8 @@ def testVerbose(self):
- 		self.assertTrue(fail2banRegex.start(opts, args))
- 		self.assertLogged('Lines: 13 lines, 0 ignored, 5 matched, 8 missed')
- 
--		self.assertLogged('141.3.81.106  Fri Aug 14 11:53:59 2015')
--		self.assertLogged('141.3.81.106  Fri Aug 14 11:54:59 2015')
-+		self.assertLogged('141.3.81.106  Sun Aug 14 11:53:59 2005')
-+		self.assertLogged('141.3.81.106  Sun Aug 14 11:54:59 2005')
- 
- 	def testWronChar(self):
- 		(opts, args, fail2banRegex) = _Fail2banRegex(
-@@ -169,9 +171,8 @@ def testWronChar(self):
- 		self.assertTrue(fail2banRegex.start(opts, args))
- 		self.assertLogged('Lines: 4 lines, 0 ignored, 2 matched, 2 missed')
- 
--		self.assertLogged('Error decoding line');
--		self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:58 user ');
--		self.assertLogged('Continuing to process line ignoring invalid characters:', '2015-01-14 20:00:59 user ');
-+		self.assertLogged('Error decoding line')
-+		self.assertLogged('Continuing to process line ignoring invalid characters:')
- 
- 		self.assertLogged('Nov  8 00:16:12 main sshd[32548]: input_userauth_request: invalid user llinco')
- 		self.assertLogged('Nov  8 00:16:12 main sshd[32547]: pam_succeed_if(sshd:auth): error retrieving information about user llinco')
diff --git a/fail2ban-sendmail.patch b/fail2ban-sendmail.patch
index c612560..bc2f228 100644
--- a/fail2ban-sendmail.patch
+++ b/fail2ban-sendmail.patch
@@ -1,14 +1,14 @@
-commit 6a5f8ddf63658f3645a88988641c06d5a9625c00
-Author: Orion Poplawski 
-Date:   Mon Oct 3 16:26:11 2016 -0600
-
-    Add sendmail journalmatch options
-
-diff --git a/config/filter.d/sendmail-auth.conf b/config/filter.d/sendmail-auth.conf
-index 138fbb8..7886e60 100644
---- a/config/filter.d/sendmail-auth.conf
-+++ b/config/filter.d/sendmail-auth.conf
-@@ -13,6 +13,10 @@ failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: po
+diff -up fail2ban-0.9.6/config/filter.d/sendmail-auth.conf.sendmail fail2ban-0.9.6/config/filter.d/sendmail-auth.conf
+--- fail2ban-0.9.6/config/filter.d/sendmail-auth.conf.sendmail	2017-01-06 19:00:12.228687290 -0700
++++ fail2ban-0.9.6/config/filter.d/sendmail-auth.conf	2017-01-06 19:01:33.991702030 -0700
+@@ -7,12 +7,16 @@ before = common.conf
+ 
+ [Definition]
+ 
+-_daemon = (?:sm-(mta|acceptingconnections))
++_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))
+ 
+ failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
  
  ignoreregex =
  
@@ -19,10 +19,9 @@ index 138fbb8..7886e60 100644
  # DEV Notes:
  #
  # Author: Daniel Black
-diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf
-index 93b8343..219d910 100644
---- a/config/filter.d/sendmail-reject.conf
-+++ b/config/filter.d/sendmail-reject.conf
+diff -up fail2ban-0.9.6/config/filter.d/sendmail-reject.conf.sendmail fail2ban-0.9.6/config/filter.d/sendmail-reject.conf
+--- fail2ban-0.9.6/config/filter.d/sendmail-reject.conf.sendmail	2017-01-06 19:00:12.229687303 -0700
++++ fail2ban-0.9.6/config/filter.d/sendmail-reject.conf	2017-01-06 19:00:12.229687303 -0700
 @@ -33,6 +33,8 @@ ignoreregex =
  
  [Init]
diff --git a/fail2ban-test.patch b/fail2ban-test.patch
deleted file mode 100644
index 1522ece..0000000
--- a/fail2ban-test.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py.test fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py
---- fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py.test	2016-03-09 10:43:53.649645648 -0700
-+++ fail2ban-0.9.4/fail2ban/tests/clientreadertestcase.py	2016-03-09 11:00:19.208546116 -0700
-@@ -632,8 +632,6 @@ class JailsReaderTest(LogCaptureTestCase
- 
- 			# and we know even some of them by heart
- 			for j in ['sshd', 'recidive']:
--				# by default we have 'auto' backend ATM
--				self.assertTrue(['add', j, 'auto'] in comm_commands)
- 				# and warn on useDNS
- 				self.assertTrue(['set', j, 'usedns', 'warn'] in comm_commands)
- 				self.assertTrue(['start', j] in comm_commands)
diff --git a/fail2ban.spec b/fail2ban.spec
index 82669c3..f2c4ab7 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,17 +1,11 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.5
-Release: 5%{?dist}
+Version: 0.9.6
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
-# Fix failing test
-# https://github.com/fail2ban/fail2ban/issues/1353
-Patch0: fail2ban-test.patch
-# Upstream patch to fix failing tests
-# https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53
-Patch1: https://github.com/fail2ban/fail2ban/commit/c49fe12f701807a8d89bfe57c9f7f492375a0a53.patch
 # Give up being PartOf iptables for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 Patch2: fail2ban-partof.patch
@@ -163,8 +157,6 @@ by default.
 
 %prep
 %setup -q
-%patch0 -p1 -b .test
-%patch1 -p1
 %patch2 -p1 -b .partof
 %patch3 -p1 -b .sendmail
 # Use Fedora paths
@@ -250,6 +242,7 @@ fi
 %files server
 %doc README.md TODO ChangeLog COPYING doc/*.txt
 %{_bindir}/fail2ban-client
+%{_bindir}/fail2ban-python
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-server
 %{python3_sitelib}/*
@@ -304,6 +297,10 @@ fi
 
 
 %changelog
+* Fri Jan 6 2017 Orion Poplawski  - 0.9.6-1
+- Update to 0.9.6
+- Fix sendmail-auth filter (bug #1329919)
+
 * Mon Dec 19 2016 Miro Hrončok  - 0.9.5-5
 - Rebuild for Python 3.6
 
diff --git a/sources b/sources
index 7cb27dc..b9708c4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1b59fc84a40b790e3f959257d64ab313  fail2ban-0.9.5.tar.gz
+SHA512 (fail2ban-0.9.6.tar.gz) = 4a0c09451409f81882664c2316867aa1c45572018b7f4647f8dc356f9115c9c2ff4a17098ef249bcc6712acfed6b5c99518b1c069ef1bf253d96c900d29be1d2

From 4d17e58ace7e3b8cf1037521e5ed0ff4a4924025 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 10 Jan 2017 13:33:16 -0700
Subject: [PATCH 077/201] Add upstream patch to fix fail2ban-regex with journal

---
 ...f1c4346597dcc4fd27151d220ea4a7806fdd.patch | 102 ++++++++++++++++++
 fail2ban.spec                                 |   9 +-
 2 files changed, 110 insertions(+), 1 deletion(-)
 create mode 100644 2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch

diff --git a/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch b/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch
new file mode 100644
index 0000000..73023fe
--- /dev/null
+++ b/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch
@@ -0,0 +1,102 @@
+From 2009f1c4346597dcc4fd27151d220ea4a7806fdd Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Tue, 10 Jan 2017 10:59:53 +0100
+Subject: [PATCH] fail2ban-regex: fix for systemd-journal (see gh-1657)
+
+---
+ fail2ban/client/fail2banregex.py | 31 ++++++++++++++-----------------
+ fail2ban/server/filtersystemd.py |  8 ++++++++
+ 2 files changed, 22 insertions(+), 17 deletions(-)
+
+diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
+index 71f5095..13fa35d 100755
+--- a/fail2ban/client/fail2banregex.py
++++ b/fail2ban/client/fail2banregex.py
+@@ -43,12 +43,12 @@
+ from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
+ 
+ try:
+-	from systemd import journal
+ 	from ..server.filtersystemd import FilterSystemd
+ except ImportError:
+-	journal = None
++	FilterSystemd = None
+ 
+ from ..version import version
++from .jailreader import JailReader
+ from .filterreader import FilterReader
+ from ..server.filter import Filter, FileContainer
+ from ..server.failregex import RegexException
+@@ -82,7 +82,7 @@ def pprint_list(l, header=None):
+ 		s = ''
+ 	output( s + "|  " + "\n|  ".join(l) + '\n`-' )
+ 
+-def journal_lines_gen(myjournal):
++def journal_lines_gen(flt, myjournal): # pragma: no cover
+ 	while True:
+ 		try:
+ 			entry = myjournal.get_next()
+@@ -90,7 +90,7 @@ def journal_lines_gen(myjournal):
+ 			continue
+ 		if not entry:
+ 			break
+-		yield FilterSystemd.formatJournalEntry(entry)
++		yield flt.formatJournalEntry(entry)
+ 
+ def get_opt_parser():
+ 	# use module docstring for help output
+@@ -513,25 +513,22 @@ def start(self, opts, args):
+ 			except IOError as e:
+ 				output( e )
+ 				return False
+-		elif cmd_log == "systemd-journal": # pragma: no cover
+-			if not journal:
++		elif cmd_log.startswith("systemd-journal"): # pragma: no cover
++			if not FilterSystemd:
+ 				output( "Error: systemd library not found. Exiting..." )
+ 				return False
+-			myjournal = journal.Reader(converters={'__CURSOR': lambda x: x})
++			output( "Use         systemd journal" )
++			output( "Use         encoding : %s" % self.encoding )
++			backend, beArgs = JailReader.extractOptions(cmd_log)
++			flt = FilterSystemd(None, **beArgs)
++			flt.setLogEncoding(self.encoding)
++			myjournal = flt.getJournalReader()
+ 			journalmatch = self._journalmatch
+ 			self.setDatePattern(None)
+ 			if journalmatch:
+-				try:
+-					for element in journalmatch:
+-						if element == "+":
+-							myjournal.add_disjunction()
+-						else:
+-							myjournal.add_match(element)
+-				except ValueError:
+-					output( "Error: Invalid journalmatch: %s" % shortstr(" ".join(journalmatch)) )
+-					return False
++				flt.addJournalMatch(journalmatch)
+ 			output( "Use    journal match : %s" % " ".join(journalmatch) )
+-			test_lines = journal_lines_gen(myjournal)
++			test_lines = journal_lines_gen(flt, myjournal)
+ 		else:
+ 			output( "Use      single line : %s" % shortstr(cmd_log) )
+ 			test_lines = [ cmd_log ]
+diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
+index 3023155..908112a 100644
+--- a/fail2ban/server/filtersystemd.py
++++ b/fail2ban/server/filtersystemd.py
+@@ -175,6 +175,14 @@ def uni_decode(self, x):
+ 		return v
+ 
+ 	##
++	# Get journal reader
++	#
++	# @return journal reader
++
++	def getJournalReader(self):
++		return self.__journal
++
++	##
+ 	# Format journal log entry into syslog style
+ 	#
+ 	# @param entry systemd journal entry dict
diff --git a/fail2ban.spec b/fail2ban.spec
index f2c4ab7..217157e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,11 +1,14 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
+# fail2ban-regex: fix for systemd-journal
+# https://github.com/fail2ban/fail2ban/issues/1657
+Patch0: https://github.com/fail2ban/fail2ban/commit/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch
 # Give up being PartOf iptables for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 Patch2: fail2ban-partof.patch
@@ -157,6 +160,7 @@ by default.
 
 %prep
 %setup -q
+%patch0 -p1 -b .journal
 %patch2 -p1 -b .partof
 %patch3 -p1 -b .sendmail
 # Use Fedora paths
@@ -297,6 +301,9 @@ fi
 
 
 %changelog
+* Tue Jan 10 2017 Orion Poplawski  - 0.9.6-2
+- Add upstream patch to fix fail2ban-regex with journal
+
 * Fri Jan 6 2017 Orion Poplawski  - 0.9.6-1
 - Update to 0.9.6
 - Fix sendmail-auth filter (bug #1329919)

From 3929195fe477457faeae94c80fd2ec45f708d10c Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Fri, 10 Feb 2017 09:33:14 +0000
Subject: [PATCH 078/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 217157e..d972f0f 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -301,6 +301,9 @@ fi
 
 
 %changelog
+* Fri Feb 10 2017 Fedora Release Engineering  - 0.9.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
 * Tue Jan 10 2017 Orion Poplawski  - 0.9.6-2
 - Add upstream patch to fix fail2ban-regex with journal
 

From 0335adcbb9337e0224b800ef47c76938c9ce8ad2 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 15 Feb 2017 11:18:40 -0700
Subject: [PATCH 079/201] Properly handle /run/fail2ban (bug #1422500)

---
 fail2ban.spec | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d972f0f..89944c2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.6
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -187,6 +187,7 @@ install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}/run/fail2ban/
+install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_tmpfilesdir}
 install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
@@ -271,7 +272,8 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
 %{_tmpfilesdir}/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
-%ghost %dir /run/fail2ban/
+%dir /run/%{name}/
+%verify(not size mtime md5) /run/%{name}.pid
 
 %files all
 
@@ -301,6 +303,9 @@ fi
 
 
 %changelog
+* Wed Feb 15 2017 Orion Poplawski  - 0.9.6-4
+- Properly handle /run/fail2ban (bug #1422500)
+
 * Fri Feb 10 2017 Fedora Release Engineering  - 0.9.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
 

From 3250c55db619c1f1407cce9f637f79b397dbbf32 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 15 Feb 2017 11:18:40 -0700
Subject: [PATCH 080/201] Properly handle /run/fail2ban (bug #1422500)

Conflicts:
	fail2ban.spec
---
 fail2ban.spec | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index dbe0a24..c5645a1 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -181,6 +181,7 @@ install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -p -m 644 files/fail2ban-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/fail2ban
 install -d -m 0755 %{buildroot}/run/fail2ban/
+install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_tmpfilesdir}
 install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
@@ -265,7 +266,8 @@ fi
 %config(noreplace) %{_sysconfdir}/logrotate.d/fail2ban
 %{_tmpfilesdir}/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
-%ghost %dir /run/fail2ban/
+%dir /run/%{name}/
+%verify(not size mtime md5) /run/%{name}.pid
 
 %files all
 
@@ -295,6 +297,9 @@ fi
 
 
 %changelog
+* Wed Feb 15 2017 Orion Poplawski  - 0.9.6-3
+- Properly handle /run/fail2ban (bug #1422500)
+
 * Tue Jan 10 2017 Orion Poplawski  - 0.9.6-2
 - Add upstream patch to fix fail2ban-regex with journal
 

From 7e05c26c478f18e1068e1c5763033370d921d662 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 15 Feb 2017 11:34:46 -0700
Subject: [PATCH 081/201] %ghost pid file and fix path

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index c5645a1..56f8973 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -267,7 +267,7 @@ fi
 %{_tmpfilesdir}/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
 %dir /run/%{name}/
-%verify(not size mtime md5) /run/%{name}.pid
+%ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
 
 %files all
 

From 3613474772763769d19667db49c466d737be0eb3 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 15 Feb 2017 11:34:46 -0700
Subject: [PATCH 082/201] %ghost pid file and fix path

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 89944c2..5122774 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -273,7 +273,7 @@ fi
 %{_tmpfilesdir}/fail2ban.conf
 %dir %{_localstatedir}/lib/fail2ban/
 %dir /run/%{name}/
-%verify(not size mtime md5) /run/%{name}.pid
+%ghost %verify(not size mtime md5) /run/%{name}/%{name}.pid
 
 %files all
 

From af59184fdac73f7051ed38490d46101ec73f6b63 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 12 Jul 2017 22:50:49 -0600
Subject: [PATCH 083/201] Update to 0.9.7

---
 .gitignore                                    |   1 +
 ...f1c4346597dcc4fd27151d220ea4a7806fdd.patch | 102 ------------------
 fail2ban.spec                                 |  11 +-
 sources                                       |   2 +-
 4 files changed, 7 insertions(+), 109 deletions(-)
 delete mode 100644 2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch

diff --git a/.gitignore b/.gitignore
index 8e54753..f255fa8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.4.tar.gz
 /fail2ban-0.9.5.tar.gz
 /fail2ban-0.9.6.tar.gz
+/fail2ban-0.9.7.tar.gz
diff --git a/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch b/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch
deleted file mode 100644
index 73023fe..0000000
--- a/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 2009f1c4346597dcc4fd27151d220ea4a7806fdd Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Tue, 10 Jan 2017 10:59:53 +0100
-Subject: [PATCH] fail2ban-regex: fix for systemd-journal (see gh-1657)
-
----
- fail2ban/client/fail2banregex.py | 31 ++++++++++++++-----------------
- fail2ban/server/filtersystemd.py |  8 ++++++++
- 2 files changed, 22 insertions(+), 17 deletions(-)
-
-diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
-index 71f5095..13fa35d 100755
---- a/fail2ban/client/fail2banregex.py
-+++ b/fail2ban/client/fail2banregex.py
-@@ -43,12 +43,12 @@
- from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
- 
- try:
--	from systemd import journal
- 	from ..server.filtersystemd import FilterSystemd
- except ImportError:
--	journal = None
-+	FilterSystemd = None
- 
- from ..version import version
-+from .jailreader import JailReader
- from .filterreader import FilterReader
- from ..server.filter import Filter, FileContainer
- from ..server.failregex import RegexException
-@@ -82,7 +82,7 @@ def pprint_list(l, header=None):
- 		s = ''
- 	output( s + "|  " + "\n|  ".join(l) + '\n`-' )
- 
--def journal_lines_gen(myjournal):
-+def journal_lines_gen(flt, myjournal): # pragma: no cover
- 	while True:
- 		try:
- 			entry = myjournal.get_next()
-@@ -90,7 +90,7 @@ def journal_lines_gen(myjournal):
- 			continue
- 		if not entry:
- 			break
--		yield FilterSystemd.formatJournalEntry(entry)
-+		yield flt.formatJournalEntry(entry)
- 
- def get_opt_parser():
- 	# use module docstring for help output
-@@ -513,25 +513,22 @@ def start(self, opts, args):
- 			except IOError as e:
- 				output( e )
- 				return False
--		elif cmd_log == "systemd-journal": # pragma: no cover
--			if not journal:
-+		elif cmd_log.startswith("systemd-journal"): # pragma: no cover
-+			if not FilterSystemd:
- 				output( "Error: systemd library not found. Exiting..." )
- 				return False
--			myjournal = journal.Reader(converters={'__CURSOR': lambda x: x})
-+			output( "Use         systemd journal" )
-+			output( "Use         encoding : %s" % self.encoding )
-+			backend, beArgs = JailReader.extractOptions(cmd_log)
-+			flt = FilterSystemd(None, **beArgs)
-+			flt.setLogEncoding(self.encoding)
-+			myjournal = flt.getJournalReader()
- 			journalmatch = self._journalmatch
- 			self.setDatePattern(None)
- 			if journalmatch:
--				try:
--					for element in journalmatch:
--						if element == "+":
--							myjournal.add_disjunction()
--						else:
--							myjournal.add_match(element)
--				except ValueError:
--					output( "Error: Invalid journalmatch: %s" % shortstr(" ".join(journalmatch)) )
--					return False
-+				flt.addJournalMatch(journalmatch)
- 			output( "Use    journal match : %s" % " ".join(journalmatch) )
--			test_lines = journal_lines_gen(myjournal)
-+			test_lines = journal_lines_gen(flt, myjournal)
- 		else:
- 			output( "Use      single line : %s" % shortstr(cmd_log) )
- 			test_lines = [ cmd_log ]
-diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
-index 3023155..908112a 100644
---- a/fail2ban/server/filtersystemd.py
-+++ b/fail2ban/server/filtersystemd.py
-@@ -175,6 +175,14 @@ def uni_decode(self, x):
- 		return v
- 
- 	##
-+	# Get journal reader
-+	#
-+	# @return journal reader
-+
-+	def getJournalReader(self):
-+		return self.__journal
-+
-+	##
- 	# Format journal log entry into syslog style
- 	#
- 	# @param entry systemd journal entry dict
diff --git a/fail2ban.spec b/fail2ban.spec
index 5122774..7fab29b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,14 +1,11 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.6
-Release: 4%{?dist}
+Version: 0.9.7
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
-# fail2ban-regex: fix for systemd-journal
-# https://github.com/fail2ban/fail2ban/issues/1657
-Patch0: https://github.com/fail2ban/fail2ban/commit/2009f1c4346597dcc4fd27151d220ea4a7806fdd.patch
 # Give up being PartOf iptables for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 Patch2: fail2ban-partof.patch
@@ -160,7 +157,6 @@ by default.
 
 %prep
 %setup -q
-%patch0 -p1 -b .journal
 %patch2 -p1 -b .partof
 %patch3 -p1 -b .sendmail
 # Use Fedora paths
@@ -303,6 +299,9 @@ fi
 
 
 %changelog
+* Wed Jul 12 2017 Orion Poplawski  - 0.9.7-1
+- Update to 0.9.7
+
 * Wed Feb 15 2017 Orion Poplawski  - 0.9.6-4
 - Properly handle /run/fail2ban (bug #1422500)
 
diff --git a/sources b/sources
index b9708c4..4c7af9a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.9.6.tar.gz) = 4a0c09451409f81882664c2316867aa1c45572018b7f4647f8dc356f9115c9c2ff4a17098ef249bcc6712acfed6b5c99518b1c069ef1bf253d96c900d29be1d2
+SHA512 (fail2ban-0.9.7.tar.gz) = 2c28f892e882f1c7d9bc33d16e1f469f65aa198a1dd9fe409367cd857006d7b7e6e4c88f1075f726f8b3e268da5a422d9fae0ebe12457016d814e2b8eea2465a

From 252f5a232ac85dbe88cfbde6a2527f36a9669f79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= 
Date: Thu, 13 Jul 2017 10:38:40 +0200
Subject: [PATCH 084/201] perl dependency renamed to perl-interpreter
 

---
 fail2ban.spec | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 7fab29b..fcd12c4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -80,7 +80,7 @@ Requires: %{name}-shorewall = %{version}-%{release}
 #Requires: %{name}-systemd = %{version}-%{release}
 # No python3 support for gamin
 #Requires: gamin-python
-Requires: perl
+Requires: perl-interpreter
 Requires: python3-inotify
 Requires: /usr/bin/whois
 
@@ -299,6 +299,10 @@ fi
 
 
 %changelog
+* Thu Jul 13 2017 Petr Pisar  - 0.9.7-2
+- perl dependency renamed to perl-interpreter
+  
+
 * Wed Jul 12 2017 Orion Poplawski  - 0.9.7-1
 - Update to 0.9.7
 

From 72f0087b75714c49444cef9b1665234130911ee9 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Wed, 26 Jul 2017 07:59:55 +0000
Subject: [PATCH 085/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index fcd12c4..a3b1928 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.7
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -299,6 +299,9 @@ fi
 
 
 %changelog
+* Wed Jul 26 2017 Fedora Release Engineering  - 0.9.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
 * Thu Jul 13 2017 Petr Pisar  - 0.9.7-2
 - perl dependency renamed to perl-interpreter
   

From 06df6da577348425996d49049246606091544384 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 16 Aug 2017 15:30:29 -0600
Subject: [PATCH 086/201] Use BR /usr/bin/2to3

---
 fail2ban.spec | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index a3b1928..474364a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.9.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -15,8 +15,7 @@ Patch2: fail2ban-partof.patch
 Patch3: fail2ban-sendmail.patch
 
 BuildRequires: python3-devel
-# For 2to3
-BuildRequires: python2-tools
+BuildRequires: /usr/bin/2to3
 # For testcases
 BuildRequires: python3-inotify
 BuildArch: noarch
@@ -299,6 +298,9 @@ fi
 
 
 %changelog
+* Wed Aug 16 2017 Orion Poplawski  - 0.9.7-4
+- Use BR /usr/bin/2to3
+
 * Wed Jul 26 2017 Fedora Release Engineering  - 0.9.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
 

From 87fc83e17a87dbd5f4fd744134562d7f107343d2 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 20 Sep 2017 20:22:16 -0600
Subject: [PATCH 087/201] Update to 0.10.0

---
 .gitignore              |  1 +
 fail2ban-partof.patch   |  8 ++++----
 fail2ban-sendmail.patch | 29 ++++-------------------------
 fail2ban.spec           |  7 +++++--
 sources                 |  2 +-
 5 files changed, 15 insertions(+), 32 deletions(-)

diff --git a/.gitignore b/.gitignore
index f255fa8..6e19aff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.5.tar.gz
 /fail2ban-0.9.6.tar.gz
 /fail2ban-0.9.7.tar.gz
+/fail2ban-0.10.0.tar.gz
diff --git a/fail2ban-partof.patch b/fail2ban-partof.patch
index d634668..0d0c2d9 100644
--- a/fail2ban-partof.patch
+++ b/fail2ban-partof.patch
@@ -1,6 +1,6 @@
-diff -up fail2ban-0.9.5/files/fail2ban.service.partof fail2ban-0.9.5/files/fail2ban.service
---- fail2ban-0.9.5/files/fail2ban.service.partof	2016-07-14 20:25:07.000000000 -0600
-+++ fail2ban-0.9.5/files/fail2ban.service	2016-10-03 15:59:24.761782253 -0600
+diff -up fail2ban-0.10.0/files/fail2ban.service.partof fail2ban-0.10.0/files/fail2ban.service
+--- fail2ban-0.10.0/files/fail2ban.service.partof	2017-09-20 20:00:36.697955743 -0600
++++ fail2ban-0.10.0/files/fail2ban.service	2017-09-20 20:00:48.358115261 -0600
 @@ -2,7 +2,7 @@
  Description=Fail2Ban Service
  Documentation=man:fail2ban(1)
@@ -9,4 +9,4 @@ diff -up fail2ban-0.9.5/files/fail2ban.service.partof fail2ban-0.9.5/files/fail2
 +PartOf=firewalld.service
  
  [Service]
- Type=forking
+ Type=simple
diff --git a/fail2ban-sendmail.patch b/fail2ban-sendmail.patch
index bc2f228..ccd6328 100644
--- a/fail2ban-sendmail.patch
+++ b/fail2ban-sendmail.patch
@@ -1,7 +1,7 @@
-diff -up fail2ban-0.9.6/config/filter.d/sendmail-auth.conf.sendmail fail2ban-0.9.6/config/filter.d/sendmail-auth.conf
---- fail2ban-0.9.6/config/filter.d/sendmail-auth.conf.sendmail	2017-01-06 19:00:12.228687290 -0700
-+++ fail2ban-0.9.6/config/filter.d/sendmail-auth.conf	2017-01-06 19:01:33.991702030 -0700
-@@ -7,12 +7,16 @@ before = common.conf
+diff -up fail2ban-0.10.0/config/filter.d/sendmail-auth.conf.sendmail fail2ban-0.10.0/config/filter.d/sendmail-auth.conf
+--- fail2ban-0.10.0/config/filter.d/sendmail-auth.conf.sendmail	2017-09-20 20:01:34.624748219 -0600
++++ fail2ban-0.10.0/config/filter.d/sendmail-auth.conf	2017-09-20 20:02:56.902880330 -0600
+@@ -7,7 +7,7 @@ before = common.conf
  
  [Definition]
  
@@ -10,24 +10,3 @@ diff -up fail2ban-0.9.6/config/filter.d/sendmail-auth.conf.sendmail fail2ban-0.9
  
  failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
  
- ignoreregex =
- 
-+[Init]
-+
-+journalmatch = _SYSTEMD_UNIT=sendmail.service
-+
- # DEV Notes:
- #
- # Author: Daniel Black
-diff -up fail2ban-0.9.6/config/filter.d/sendmail-reject.conf.sendmail fail2ban-0.9.6/config/filter.d/sendmail-reject.conf
---- fail2ban-0.9.6/config/filter.d/sendmail-reject.conf.sendmail	2017-01-06 19:00:12.229687303 -0700
-+++ fail2ban-0.9.6/config/filter.d/sendmail-reject.conf	2017-01-06 19:00:12.229687303 -0700
-@@ -33,6 +33,8 @@ ignoreregex =
- 
- [Init]
- 
-+journalmatch = _SYSTEMD_UNIT=sendmail.service
-+
- # "maxlines" is number of log lines to buffer for multi-line regex searches
- maxlines = 10
- 
diff --git a/fail2ban.spec b/fail2ban.spec
index 474364a..a18752d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.9.7
-Release: 4%{?dist}
+Version: 0.10.0
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -298,6 +298,9 @@ fi
 
 
 %changelog
+* Wed Sep 20 2017 Orion Poplawski  - 0.10.0-1
+- Update to 0.10.0
+
 * Wed Aug 16 2017 Orion Poplawski  - 0.9.7-4
 - Use BR /usr/bin/2to3
 
diff --git a/sources b/sources
index 4c7af9a..d291510 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.9.7.tar.gz) = 2c28f892e882f1c7d9bc33d16e1f469f65aa198a1dd9fe409367cd857006d7b7e6e4c88f1075f726f8b3e268da5a422d9fae0ebe12457016d814e2b8eea2465a
+SHA512 (fail2ban-0.10.0.tar.gz) = 4906d54a761a6f053928613f091b3228c28f9d1dc2f24a3f1f6904f8141ef811a394692b8808e810524e73ecbf2f40b5da827c7fb05e8aefdf1d783abf88781f

From a439a4fdf867c84e069b51696848976b519c0ccf Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 14 Nov 2017 09:26:18 -0700
Subject: [PATCH 088/201] Update to 0.10.1

---
 .gitignore            | 1 +
 fail2ban-partof.patch | 6 +++---
 fail2ban.spec         | 5 ++++-
 sources               | 2 +-
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6e19aff..de75998 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.6.tar.gz
 /fail2ban-0.9.7.tar.gz
 /fail2ban-0.10.0.tar.gz
+/fail2ban-0.10.1.tar.gz
diff --git a/fail2ban-partof.patch b/fail2ban-partof.patch
index 0d0c2d9..353d7b0 100644
--- a/fail2ban-partof.patch
+++ b/fail2ban-partof.patch
@@ -1,6 +1,6 @@
-diff -up fail2ban-0.10.0/files/fail2ban.service.partof fail2ban-0.10.0/files/fail2ban.service
---- fail2ban-0.10.0/files/fail2ban.service.partof	2017-09-20 20:00:36.697955743 -0600
-+++ fail2ban-0.10.0/files/fail2ban.service	2017-09-20 20:00:48.358115261 -0600
+diff -up fail2ban-0.10.1/files/fail2ban.service.in.partof fail2ban-0.10.1/files/fail2ban.service.in
+--- fail2ban-0.10.1/files/fail2ban.service.in.partof	2017-10-12 05:46:46.000000000 -0600
++++ fail2ban-0.10.1/files/fail2ban.service.in	2017-11-14 09:25:23.163912667 -0700
 @@ -2,7 +2,7 @@
  Description=Fail2Ban Service
  Documentation=man:fail2ban(1)
diff --git a/fail2ban.spec b/fail2ban.spec
index a18752d..bfe84d2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.10.0
+Version: 0.10.1
 Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
@@ -298,6 +298,9 @@ fi
 
 
 %changelog
+* Tue Nov 14 2017 Orion Poplawski  - 0.10.1-1
+- Update to 0.10.1
+
 * Wed Sep 20 2017 Orion Poplawski  - 0.10.0-1
 - Update to 0.10.0
 
diff --git a/sources b/sources
index d291510..aa19b17 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.10.0.tar.gz) = 4906d54a761a6f053928613f091b3228c28f9d1dc2f24a3f1f6904f8141ef811a394692b8808e810524e73ecbf2f40b5da827c7fb05e8aefdf1d783abf88781f
+SHA512 (fail2ban-0.10.1.tar.gz) = 556e071e439454ef369e7e323cae9652bbfb8e43d697e9b6c19d710e9d59838db489ffe07125443c86837b0a9f0688b7567135178591d1817caaab954ce40366

From e4745ad53cc127873615955ffdbd7a3d4e103b3e Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 14 Nov 2017 10:30:51 -0700
Subject: [PATCH 089/201] Install built fail2ban.service file

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index bfe84d2..f13dba9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -171,7 +171,7 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 
 %if 0%{?fedora} || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
-cp -p files/fail2ban.service %{buildroot}%{_unitdir}/
+cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
 %else
 mkdir -p %{buildroot}%{_initddir}
 install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban

From d6aa896d2195da682f1d2fccfd098b1a14e6f6f1 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sat, 30 Dec 2017 12:22:04 -0700
Subject: [PATCH 090/201] Add upstream patch to fix buildroot issue

---
 ...0966c503b0bc940c119d9a0adafb9ccf50d4.patch | 39 +++++++++++++++++++
 fail2ban.spec                                 |  9 ++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch

diff --git a/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch b/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
new file mode 100644
index 0000000..269ba80
--- /dev/null
+++ b/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
@@ -0,0 +1,39 @@
+From eac80966c503b0bc940c119d9a0adafb9ccf50d4 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Fri, 24 Nov 2017 12:54:45 +0100
+Subject: [PATCH] Fix scripts-root within `fail2ban.service` (relative install
+ root-base directory). This is amend for
+ e3b061e94b54067525c5e7f2ac716d1c838c9f20. Closes gh-1964
+
+---
+ setup.py | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index 11748778b..5dbd5b1ae 100755
+--- a/setup.py
++++ b/setup.py
+@@ -88,7 +88,13 @@ def get_outputs(self):
+ 
+ 	def update_scripts(self, dry_run=False):
+ 		buildroot = os.path.dirname(self.build_dir)
+-		print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, self.install_dir))
++		try:
++			root = self.distribution.command_options['install']['root'][1]
++			if self.install_dir.startswith(root):
++				install_dir = self.install_dir[len(root):]
++		except: # pragma: no cover
++			print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".')
++		print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir))
+ 		with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn:
+ 			lines = fn.readlines()
+ 		fn = None
+@@ -96,7 +102,7 @@ def update_scripts(self, dry_run=False):
+ 			fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w')
+ 		try:
+ 			for ln in lines:
+-				ln = re.sub(r'@BINDIR@', lambda v: self.install_dir, ln)
++				ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
+ 				if dry_run:
+ 					sys.stdout.write(' | ' + ln)
+ 					continue
diff --git a/fail2ban.spec b/fail2ban.spec
index f13dba9..d51d2a8 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,10 +1,13 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# Fix buildroot issue
+# https://github.com/fail2ban/fail2ban/issues/1964
+Patch0: https://github.com/fail2ban/fail2ban/commit/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
 #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
 # Give up being PartOf iptables for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
@@ -156,6 +159,7 @@ by default.
 
 %prep
 %setup -q
+%patch0 -p1
 %patch2 -p1 -b .partof
 %patch3 -p1 -b .sendmail
 # Use Fedora paths
@@ -298,6 +302,9 @@ fi
 
 
 %changelog
+* Sat Dec 30 2017 Orion Poplawski  - 0.10.1-2
+- Add upstream patch to fix buildroot issue
+
 * Tue Nov 14 2017 Orion Poplawski  - 0.10.1-1
 - Update to 0.10.1
 

From 20597288b5c0b7fe45f5f45c3a4ced21c93202cf Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sat, 30 Dec 2017 12:56:35 -0700
Subject: [PATCH 091/201] Add upstream patch to fix ipset issue (bug #1525134)

---
 fail2ban-ipset.patch | 37 +++++++++++++++++++++++++++++++++++++
 fail2ban.spec        | 10 +++++++++-
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-ipset.patch

diff --git a/fail2ban-ipset.patch b/fail2ban-ipset.patch
new file mode 100644
index 0000000..205f3e2
--- /dev/null
+++ b/fail2ban-ipset.patch
@@ -0,0 +1,37 @@
+diff -up fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf.ipset fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf
+--- fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf.ipset	2017-10-12 05:46:46.000000000 -0600
++++ fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf	2017-12-30 12:51:29.714747457 -0700
+@@ -18,7 +18,7 @@ before = firewallcmd-common.conf
+ 
+ [Definition]
+ 
+-actionstart = ipset create  hash:ip timeout 
++actionstart = ipset create  hash:ip timeout 
+               firewall-cmd --direct --add-rule  filter  0 -p  -m multiport --dports  -m set --match-set  src -j 
+ 
+ actionstop = firewall-cmd --direct --remove-rule  filter  0 -p  -m multiport --dports  -m set --match-set  src -j 
+@@ -45,10 +45,12 @@ chain = INPUT_direct
+ bantime = 600
+ 
+ ipmset = f2b-
++familyopt =
+ 
+ [Init?family=inet6]
+ 
+ ipmset = f2b-6
++familyopt = family inet6
+ 
+ 
+ # DEV NOTES:
+diff -up fail2ban-0.10.1/fail2ban/tests/servertestcase.py.ipset fail2ban-0.10.1/fail2ban/tests/servertestcase.py
+--- fail2ban-0.10.1/fail2ban/tests/servertestcase.py.ipset	2017-12-30 12:51:29.714747457 -0700
++++ fail2ban-0.10.1/fail2ban/tests/servertestcase.py	2017-12-30 12:52:05.823412753 -0700
+@@ -1644,7 +1644,7 @@ class ServerConfigReaderTests(LogCapture
+ 						"`firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`",
+ 					), 
+ 					'ip6-start': (
+-						"`ipset create f2b-j-w-fwcmd-ipset6 hash:ip timeout 600`",
++						"`ipset create f2b-j-w-fwcmd-ipset6 hash:ip timeout 600 family inet6`",
+ 						"`firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`",
+ 					),
+ 					'stop': (
diff --git a/fail2ban.spec b/fail2ban.spec
index d51d2a8..177c946 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,13 +1,17 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # Fix buildroot issue
 # https://github.com/fail2ban/fail2ban/issues/1964
 Patch0: https://github.com/fail2ban/fail2ban/commit/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
+# Fix ipset issue
+# https://bugzilla.redhat.com/show_bug.cgi?id=1525134
+# https://github.com/fail2ban/fail2ban/issues/1990
+Patch1: fail2ban-ipset.patch
 #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
 # Give up being PartOf iptables for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
@@ -160,6 +164,7 @@ by default.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1 -b .ipset
 %patch2 -p1 -b .partof
 %patch3 -p1 -b .sendmail
 # Use Fedora paths
@@ -302,6 +307,9 @@ fi
 
 
 %changelog
+* Sat Dec 30 2017 Orion Poplawski  - 0.10.1-3
+- Add upstream patch to fix ipset issue (bug #1525134)
+
 * Sat Dec 30 2017 Orion Poplawski  - 0.10.1-2
 - Add upstream patch to fix buildroot issue
 

From baa8815450af0494c47ac9f995144afea6e15e60 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Wed, 7 Feb 2018 09:12:03 +0000
Subject: [PATCH 092/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 177c946..8956a5e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -307,6 +307,9 @@ fi
 
 
 %changelog
+* Wed Feb 07 2018 Fedora Release Engineering  - 0.10.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
 * Sat Dec 30 2017 Orion Poplawski  - 0.10.1-3
 - Add upstream patch to fix ipset issue (bug #1525134)
 

From 81c8227c5ed9c86bf8080843b53216edff5c7b7d Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 28 Mar 2018 13:56:34 -0600
Subject: [PATCH 093/201] Update to 0.10.2

---
 .gitignore                                    |  1 +
 ...0966c503b0bc940c119d9a0adafb9ccf50d4.patch | 39 -------------------
 fail2ban-ipset.patch                          | 37 ------------------
 fail2ban-partof.patch                         | 12 +++---
 fail2ban-sendmail.patch                       | 12 ------
 fail2ban.spec                                 | 22 +++--------
 sources                                       |  2 +-
 7 files changed, 14 insertions(+), 111 deletions(-)
 delete mode 100644 eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
 delete mode 100644 fail2ban-ipset.patch
 delete mode 100644 fail2ban-sendmail.patch

diff --git a/.gitignore b/.gitignore
index de75998..2ae54fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.9.7.tar.gz
 /fail2ban-0.10.0.tar.gz
 /fail2ban-0.10.1.tar.gz
+/fail2ban-0.10.2.tar.gz
diff --git a/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch b/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
deleted file mode 100644
index 269ba80..0000000
--- a/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From eac80966c503b0bc940c119d9a0adafb9ccf50d4 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Fri, 24 Nov 2017 12:54:45 +0100
-Subject: [PATCH] Fix scripts-root within `fail2ban.service` (relative install
- root-base directory). This is amend for
- e3b061e94b54067525c5e7f2ac716d1c838c9f20. Closes gh-1964
-
----
- setup.py | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index 11748778b..5dbd5b1ae 100755
---- a/setup.py
-+++ b/setup.py
-@@ -88,7 +88,13 @@ def get_outputs(self):
- 
- 	def update_scripts(self, dry_run=False):
- 		buildroot = os.path.dirname(self.build_dir)
--		print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, self.install_dir))
-+		try:
-+			root = self.distribution.command_options['install']['root'][1]
-+			if self.install_dir.startswith(root):
-+				install_dir = self.install_dir[len(root):]
-+		except: # pragma: no cover
-+			print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".')
-+		print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir))
- 		with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn:
- 			lines = fn.readlines()
- 		fn = None
-@@ -96,7 +102,7 @@ def update_scripts(self, dry_run=False):
- 			fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w')
- 		try:
- 			for ln in lines:
--				ln = re.sub(r'@BINDIR@', lambda v: self.install_dir, ln)
-+				ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)
- 				if dry_run:
- 					sys.stdout.write(' | ' + ln)
- 					continue
diff --git a/fail2ban-ipset.patch b/fail2ban-ipset.patch
deleted file mode 100644
index 205f3e2..0000000
--- a/fail2ban-ipset.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-diff -up fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf.ipset fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf
---- fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf.ipset	2017-10-12 05:46:46.000000000 -0600
-+++ fail2ban-0.10.1/config/action.d/firewallcmd-ipset.conf	2017-12-30 12:51:29.714747457 -0700
-@@ -18,7 +18,7 @@ before = firewallcmd-common.conf
- 
- [Definition]
- 
--actionstart = ipset create  hash:ip timeout 
-+actionstart = ipset create  hash:ip timeout 
-               firewall-cmd --direct --add-rule  filter  0 -p  -m multiport --dports  -m set --match-set  src -j 
- 
- actionstop = firewall-cmd --direct --remove-rule  filter  0 -p  -m multiport --dports  -m set --match-set  src -j 
-@@ -45,10 +45,12 @@ chain = INPUT_direct
- bantime = 600
- 
- ipmset = f2b-
-+familyopt =
- 
- [Init?family=inet6]
- 
- ipmset = f2b-6
-+familyopt = family inet6
- 
- 
- # DEV NOTES:
-diff -up fail2ban-0.10.1/fail2ban/tests/servertestcase.py.ipset fail2ban-0.10.1/fail2ban/tests/servertestcase.py
---- fail2ban-0.10.1/fail2ban/tests/servertestcase.py.ipset	2017-12-30 12:51:29.714747457 -0700
-+++ fail2ban-0.10.1/fail2ban/tests/servertestcase.py	2017-12-30 12:52:05.823412753 -0700
-@@ -1644,7 +1644,7 @@ class ServerConfigReaderTests(LogCapture
- 						"`firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`",
- 					), 
- 					'ip6-start': (
--						"`ipset create f2b-j-w-fwcmd-ipset6 hash:ip timeout 600`",
-+						"`ipset create f2b-j-w-fwcmd-ipset6 hash:ip timeout 600 family inet6`",
- 						"`firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`",
- 					),
- 					'stop': (
diff --git a/fail2ban-partof.patch b/fail2ban-partof.patch
index 353d7b0..db0fae3 100644
--- a/fail2ban-partof.patch
+++ b/fail2ban-partof.patch
@@ -1,12 +1,12 @@
-diff -up fail2ban-0.10.1/files/fail2ban.service.in.partof fail2ban-0.10.1/files/fail2ban.service.in
---- fail2ban-0.10.1/files/fail2ban.service.in.partof	2017-10-12 05:46:46.000000000 -0600
-+++ fail2ban-0.10.1/files/fail2ban.service.in	2017-11-14 09:25:23.163912667 -0700
+diff -up fail2ban-0.10.2/files/fail2ban.service.in.partof fail2ban-0.10.2/files/fail2ban.service.in
+--- fail2ban-0.10.2/files/fail2ban.service.in.partof	2018-03-28 09:07:46.990072640 -0600
++++ fail2ban-0.10.2/files/fail2ban.service.in	2018-03-28 09:08:54.360701976 -0600
 @@ -2,7 +2,7 @@
  Description=Fail2Ban Service
  Documentation=man:fail2ban(1)
- After=network.target iptables.service firewalld.service
--PartOf=iptables.service firewalld.service
-+PartOf=firewalld.service
+ After=network.target iptables.service firewalld.service ip6tables.service ipset.service
+-PartOf=iptables.service firewalld.service ip6tables.service ipset.service
++PartOf=firewalld.service ipset.service
  
  [Service]
  Type=simple
diff --git a/fail2ban-sendmail.patch b/fail2ban-sendmail.patch
deleted file mode 100644
index ccd6328..0000000
--- a/fail2ban-sendmail.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up fail2ban-0.10.0/config/filter.d/sendmail-auth.conf.sendmail fail2ban-0.10.0/config/filter.d/sendmail-auth.conf
---- fail2ban-0.10.0/config/filter.d/sendmail-auth.conf.sendmail	2017-09-20 20:01:34.624748219 -0600
-+++ fail2ban-0.10.0/config/filter.d/sendmail-auth.conf	2017-09-20 20:02:56.902880330 -0600
-@@ -7,7 +7,7 @@ before = common.conf
- 
- [Definition]
- 
--_daemon = (?:sm-(mta|acceptingconnections))
-+_daemon = (?:sendmail|sm-(?:mta|acceptingconnections))
- 
- failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$
- 
diff --git a/fail2ban.spec b/fail2ban.spec
index 8956a5e..14f9a3b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,30 +1,20 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.10.1
-Release: 4%{?dist}
+Version: 0.10.2
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# Fix buildroot issue
-# https://github.com/fail2ban/fail2ban/issues/1964
-Patch0: https://github.com/fail2ban/fail2ban/commit/eac80966c503b0bc940c119d9a0adafb9ccf50d4.patch
-# Fix ipset issue
-# https://bugzilla.redhat.com/show_bug.cgi?id=1525134
-# https://github.com/fail2ban/fail2ban/issues/1990
-Patch1: fail2ban-ipset.patch
 #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
 # Give up being PartOf iptables for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 Patch2: fail2ban-partof.patch
-# Add journalmatch entries for sendmail
-# https://bugzilla.redhat.com/show_bug.cgi?id=1329919
-# https://github.com/fail2ban/fail2ban/pull/1566
-Patch3: fail2ban-sendmail.patch
 
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3
 # For testcases
 BuildRequires: python3-inotify
+BuildRequires: sqlite
 BuildArch: noarch
 %if 0%{?fedora} || 0%{?rhel} >= 7
 BuildRequires: systemd
@@ -163,10 +153,7 @@ by default.
 
 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1 -b .ipset
 %patch2 -p1 -b .partof
-%patch3 -p1 -b .sendmail
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
@@ -307,6 +294,9 @@ fi
 
 
 %changelog
+* Wed Mar 28 2018 Orion Poplawski  - 0.10.2-1
+- Update to 0.10.2
+
 * Wed Feb 07 2018 Fedora Release Engineering  - 0.10.1-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
diff --git a/sources b/sources
index aa19b17..97ffc49 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.10.1.tar.gz) = 556e071e439454ef369e7e323cae9652bbfb8e43d697e9b6c19d710e9d59838db489ffe07125443c86837b0a9f0688b7567135178591d1817caaab954ce40366
+SHA512 (fail2ban-0.10.2.tar.gz) = bc3c7b8caff6f78833cb222aeb57ecaf4ada447610aa6a7187e4e5744ee408eb582d209f012968f9921463dee1d203d86fe5cddabc99974d15ef4f3155e685c1

From 5b28d6fdabe2463ab5877e17ef547baa4b9ff77b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= 
Date: Tue, 19 Jun 2018 10:42:49 +0200
Subject: [PATCH 094/201] Rebuilt for Python 3.7

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 14f9a3b..54623e8 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -294,6 +294,9 @@ fi
 
 
 %changelog
+* Tue Jun 19 2018 Miro Hrončok  - 0.10.2-2
+- Rebuilt for Python 3.7
+
 * Wed Mar 28 2018 Orion Poplawski  - 0.10.2-1
 - Update to 0.10.2
 

From 39b3dbc5665d0469ff49da6bb1ff9c606bc5dfe4 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 19 Jun 2018 11:55:23 -0600
Subject: [PATCH 095/201] Update to 0.10.3.1

---
 .gitignore    | 1 +
 fail2ban.spec | 8 ++++++--
 sources       | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2ae54fe..8e066e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.10.0.tar.gz
 /fail2ban-0.10.1.tar.gz
 /fail2ban-0.10.2.tar.gz
+/fail2ban-0.10.3.1.tar.gz
diff --git a/fail2ban.spec b/fail2ban.spec
index 54623e8..d6ca01f 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.10.2
-Release: 2%{?dist}
+Version: 0.10.3.1
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -250,6 +250,7 @@ fi
 %endif
 %{_mandir}/man1/fail2ban.1*
 %{_mandir}/man1/fail2ban-client.1*
+%{_mandir}/man1/fail2ban-python.1*
 %{_mandir}/man1/fail2ban-regex.1*
 %{_mandir}/man1/fail2ban-server.1*
 %{_mandir}/man5/*.5*
@@ -294,6 +295,9 @@ fi
 
 
 %changelog
+* Tue Jun 19 2018 Orion Poplawski  - 0.10.3.1-1
+- Update to 0.10.3.1
+
 * Tue Jun 19 2018 Miro Hrončok  - 0.10.2-2
 - Rebuilt for Python 3.7
 
diff --git a/sources b/sources
index 97ffc49..0ea6e95 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.10.2.tar.gz) = bc3c7b8caff6f78833cb222aeb57ecaf4ada447610aa6a7187e4e5744ee408eb582d209f012968f9921463dee1d203d86fe5cddabc99974d15ef4f3155e685c1
+SHA512 (fail2ban-0.10.3.1.tar.gz) = 78388fce93e7a28f86905d7797cd188cfc19515ab43f85356da629f4f3797fba0e9e043f3d1a37740da463bd3cba629d660a3f7fc792be8a8f05e75fbf77c3ad

From 4574d23bc37fa4bc48d4be5b4e9c198462623e5f Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 19 Jun 2018 12:12:15 -0600
Subject: [PATCH 096/201] Remove PartOf ipset.service (bug #1573185)

---
 fail2ban-partof.patch | 8 ++++----
 fail2ban.spec         | 8 ++++++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/fail2ban-partof.patch b/fail2ban-partof.patch
index db0fae3..7f2f00d 100644
--- a/fail2ban-partof.patch
+++ b/fail2ban-partof.patch
@@ -1,12 +1,12 @@
-diff -up fail2ban-0.10.2/files/fail2ban.service.in.partof fail2ban-0.10.2/files/fail2ban.service.in
---- fail2ban-0.10.2/files/fail2ban.service.in.partof	2018-03-28 09:07:46.990072640 -0600
-+++ fail2ban-0.10.2/files/fail2ban.service.in	2018-03-28 09:08:54.360701976 -0600
+diff -up fail2ban-0.10.3.1/files/fail2ban.service.in.partof fail2ban-0.10.3.1/files/fail2ban.service.in
+--- fail2ban-0.10.3.1/files/fail2ban.service.in.partof	2018-06-19 12:10:15.401391081 -0600
++++ fail2ban-0.10.3.1/files/fail2ban.service.in	2018-06-19 12:10:38.892291609 -0600
 @@ -2,7 +2,7 @@
  Description=Fail2Ban Service
  Documentation=man:fail2ban(1)
  After=network.target iptables.service firewalld.service ip6tables.service ipset.service
 -PartOf=iptables.service firewalld.service ip6tables.service ipset.service
-+PartOf=firewalld.service ipset.service
++PartOf=firewalld.service
  
  [Service]
  Type=simple
diff --git a/fail2ban.spec b/fail2ban.spec
index d6ca01f..95c21cb 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,13 +1,14 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.3.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 #Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
-# Give up being PartOf iptables for now
+# Give up being PartOf iptables and ipset for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
+# https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch2: fail2ban-partof.patch
 
 BuildRequires: python3-devel
@@ -295,6 +296,9 @@ fi
 
 
 %changelog
+* Tue Jun 19 2018 Orion Poplawski  - 0.10.3.1-2
+- Remove PartOf ipset.service (bug #1573185)
+
 * Tue Jun 19 2018 Orion Poplawski  - 0.10.3.1-1
 - Update to 0.10.3.1
 

From a4e6419d7bf0f328faba5e912e924b0a033e7160 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Fri, 13 Jul 2018 00:18:46 +0000
Subject: [PATCH 097/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 95c21cb..e7e8ede 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.3.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -296,6 +296,9 @@ fi
 
 
 %changelog
+* Fri Jul 13 2018 Fedora Release Engineering  - 0.10.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
 * Tue Jun 19 2018 Orion Poplawski  - 0.10.3.1-2
 - Remove PartOf ipset.service (bug #1573185)
 

From d502fdede314cce698581c3ceb56bfa0fcf7e64f Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 5 Oct 2018 15:38:31 -0600
Subject: [PATCH 098/201] Update to 0.10.4

---
 .gitignore    | 1 +
 fail2ban.spec | 7 +++++--
 sources       | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8e066e2..573439a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.10.1.tar.gz
 /fail2ban-0.10.2.tar.gz
 /fail2ban-0.10.3.1.tar.gz
+/fail2ban-0.10.4.tar.gz
diff --git a/fail2ban.spec b/fail2ban.spec
index e7e8ede..8bc670a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.10.3.1
-Release: 3%{?dist}
+Version: 0.10.4
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -296,6 +296,9 @@ fi
 
 
 %changelog
+* Fri Oct 5 2018 Orion Poplawski  - 0.10.4-1
+- Update to 0.10.4
+
 * Fri Jul 13 2018 Fedora Release Engineering  - 0.10.3.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
diff --git a/sources b/sources
index 0ea6e95..efd923a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.10.3.1.tar.gz) = 78388fce93e7a28f86905d7797cd188cfc19515ab43f85356da629f4f3797fba0e9e043f3d1a37740da463bd3cba629d660a3f7fc792be8a8f05e75fbf77c3ad
+SHA512 (fail2ban-0.10.4.tar.gz) = 3f4af84b7e3332b887240c927c1f706d2b3020217df2a68c64897619d54eb6dfa972992e3153f4ea150d025e2c8a2b537da47cf71a6dfee1df3c8d029a6d5f42

From 0891a342096457a171bb26767673fc91c3b82f3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
Date: Sun, 18 Nov 2018 23:42:01 +0100
Subject: [PATCH 099/201] Drop explicit locale setting

Python3 now sets unicode locale automatically, this workaround
should not be necessary anymore.
---
 fail2ban.spec | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 8bc670a..80cf653 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -208,8 +208,6 @@ EOF
 rm -r %{buildroot}%{_docdir}/%{name}
 
 %check
-# Need a UTF-8 locale to work
-export LANG=en_US.UTF-8
 ./fail2ban-testcases-all-python3 --no-network
 
 %post server
@@ -296,6 +294,10 @@ fi
 
 
 %changelog
+* Sun Nov 18 2018 Zbigniew Jędrzejewski-Szmek  - 0.10.4-2
+- Drop explicit locale setting
+  See https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot
+
 * Fri Oct 5 2018 Orion Poplawski  - 0.10.4-1
 - Update to 0.10.4
 

From 49fc7cb638ee1eaaf2b6a2bd01fafce1f5058c1f Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Thu, 31 Jan 2019 19:18:56 +0000
Subject: [PATCH 100/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 80cf653..bba2a7c 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -294,6 +294,9 @@ fi
 
 
 %changelog
+* Thu Jan 31 2019 Fedora Release Engineering  - 0.10.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
 * Sun Nov 18 2018 Zbigniew Jędrzejewski-Szmek  - 0.10.4-2
 - Drop explicit locale setting
   See https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot

From 63ce4a21b2d9620696864d3af5c691c959a2dcdb Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Thu, 25 Jul 2019 00:10:14 +0000
Subject: [PATCH 101/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index bba2a7c..c43c522 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -294,6 +294,9 @@ fi
 
 
 %changelog
+* Thu Jul 25 2019 Fedora Release Engineering  - 0.10.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
 * Thu Jan 31 2019 Fedora Release Engineering  - 0.10.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 

From be63f233ff84df6e2dbc16f96247be0903b3c66c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= 
Date: Mon, 19 Aug 2019 10:13:40 +0200
Subject: [PATCH 102/201] Rebuilt for Python 3.8

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index c43c522..ab7a668 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -294,6 +294,9 @@ fi
 
 
 %changelog
+* Mon Aug 19 2019 Miro Hrončok  - 0.10.4-5
+- Rebuilt for Python 3.8
+
 * Thu Jul 25 2019 Fedora Release Engineering  - 0.10.4-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 

From 9d196c3abdf8d200f5553e3cfbd3f88103fffde3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= 
Date: Thu, 3 Oct 2019 13:53:06 +0200
Subject: [PATCH 103/201] Rebuilt for Python 3.8.0rc1 (#1748018)

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index ab7a668..9603820 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.4
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -294,6 +294,9 @@ fi
 
 
 %changelog
+* Thu Oct 03 2019 Miro Hrončok  - 0.10.4-6
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
 * Mon Aug 19 2019 Miro Hrončok  - 0.10.4-5
 - Rebuilt for Python 3.8
 

From 965cbc4d23b52b73d3d0b4767b3805138e686618 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 31 Oct 2019 19:12:07 -0600
Subject: [PATCH 104/201] Remove config files for other distros (bz#1533113)

---
 fail2ban.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 9603820..56dce2d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.4
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -187,6 +187,8 @@ install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
+# Remove config files for other distros
+rm -f %{buildroot}%{_sysconfdir}/fail2ban/paths-{arch,debian,freebsd,opensuse,osx}.conf
 # firewalld configuration
 cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf < - 0.10.4-7
+- Remove config files for other distros (bz#1533113)
+
 * Thu Oct 03 2019 Miro Hrončok  - 0.10.4-6
 - Rebuilt for Python 3.8.0rc1 (#1748018)
 

From b9fa37fab61b8b9407a4ccc9731a565a1784408e Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 21 Nov 2019 23:03:55 -0700
Subject: [PATCH 105/201] Define banaction_allports for firewalld, update
 banaction (bz#1775175) Update sendmail-reject with TLSMTA & MSA port IDs
 (bz#1722625)

---
 2388.patch    | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec | 17 ++++++---
 2 files changed, 108 insertions(+), 5 deletions(-)
 create mode 100644 2388.patch

diff --git a/2388.patch b/2388.patch
new file mode 100644
index 0000000..d391969
--- /dev/null
+++ b/2388.patch
@@ -0,0 +1,96 @@
+From 9e1fa4ff73a1566ae0c381930b6eaae9880b0f29 Mon Sep 17 00:00:00 2001
+From: Amir Caspi 
+Date: Fri, 29 Mar 2019 17:38:30 -0600
+Subject: [PATCH 1/7] Update sendmail-reject
+
+Added loglines to show TLSMTA and MSA port IDs (RHEL/CentOS sendmail default for ports 465 and 587, respectively)
+---
+ fail2ban/tests/files/logs/sendmail-reject | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/fail2ban/tests/files/logs/sendmail-reject b/fail2ban/tests/files/logs/sendmail-reject
+index 44f8eb92f..a76cbf4b6 100644
+--- a/fail2ban/tests/files/logs/sendmail-reject
++++ b/fail2ban/tests/files/logs/sendmail-reject
+@@ -95,3 +95,8 @@ Nov  3 11:35:30 Microsoft sendmail[26254]: rA37ZTSC026255: from=
+Date: Fri, 29 Mar 2019 17:39:27 -0600
+Subject: [PATCH 2/7] Update sendmail-reject.conf
+
+On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in https://github.com/fail2ban/fail2ban/commit/9e1fa4ff73a1566ae0c381930b6eaae9880b0f29
+---
+ config/filter.d/sendmail-reject.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf
+index 985eac8b1..dd58f3e75 100644
+--- a/config/filter.d/sendmail-reject.conf
++++ b/config/filter.d/sendmail-reject.conf
+@@ -32,7 +32,7 @@ cmnfailre = ^ruleset=check_rcpt, arg1=(?P<\S+@\S+>), relay=(\S+ )?\[(?:IP
+ 
+ mdre-normal =
+ 
+-mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to M(?:TA|SP)(?:-\w+)?$
++mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to (?:TLS)?M(?:TA|SP|SA)(?:-\w+)?$
+ 
+ mdre-aggressive = %(mdre-extra)s
+ 
+
+From 76816285e886eee0a53ba5c64c50101fbd87a760 Mon Sep 17 00:00:00 2001
+From: Amir Caspi 
+Date: Fri, 29 Mar 2019 18:21:47 -0600
+Subject: [PATCH 5/7] Update sendmail-reject
+
+Fixing timestamps to 2005 (oops)
+---
+ fail2ban/tests/files/logs/sendmail-reject | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/tests/files/logs/sendmail-reject b/fail2ban/tests/files/logs/sendmail-reject
+index a76cbf4b6..b6911c4df 100644
+--- a/fail2ban/tests/files/logs/sendmail-reject
++++ b/fail2ban/tests/files/logs/sendmail-reject
+@@ -96,7 +96,7 @@ Mar  6 16:55:28 s192-168-0-1 sm-mta[20949]: v26LtRA0020949: some-host-24.example
+ # failJSON: { "time": "2005-03-07T15:04:37", "match": true , "host": "192.0.2.195", "desc": "wrong resp. non RFC compiant (ddos prelude?), MSP-mode, (may be forged)" }
+ Mar  7 15:04:37 s192-168-0-1 sm-mta[18624]: v27K4Vj8018624: some-host-24.example.org [192.0.2.195] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP-v4
+ 
+-# failJSON: { "time": "2019-03-29T22:33:47", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), TLSMTA-mode" }
++# failJSON: { "time": "2005-03-29T22:33:47", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), TLSMTA-mode" }
+ Mar 29 22:33:47 kismet sm-mta[23221]: x2TMXH7Y023221: internettl.org [104.152.52.29] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to TLSMTA
+-# failJSON: { "time": "2019-03-29T22:51:42", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), MSA-mode" }
++# failJSON: { "time": "2005-03-29T22:51:42", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), MSA-mode" }
+ Mar 29 22:51:42 kismet sm-mta[24202]: x2TMpAlI024202: internettl.org [104.152.52.29] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
+
+From 6c7093c66dce9f695cde24149a78650868083617 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Thu, 4 Apr 2019 02:28:50 +0200
+Subject: [PATCH 6/7] minor amend, refolding branches (SP|SA -> S[PA])
+
+---
+ config/filter.d/sendmail-reject.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf
+index dd58f3e75..e6814a00c 100644
+--- a/config/filter.d/sendmail-reject.conf
++++ b/config/filter.d/sendmail-reject.conf
+@@ -32,7 +32,7 @@ cmnfailre = ^ruleset=check_rcpt, arg1=(?P<\S+@\S+>), relay=(\S+ )?\[(?:IP
+ 
+ mdre-normal =
+ 
+-mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to (?:TLS)?M(?:TA|SP|SA)(?:-\w+)?$
++mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to (?:TLS)?M(?:TA|S[PA])(?:-\w+)?$
+ 
+ mdre-aggressive = %(mdre-extra)s
+ 
+
diff --git a/fail2ban.spec b/fail2ban.spec
index 56dce2d..eeb11ec 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.4
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -9,7 +9,10 @@ Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%
 # Give up being PartOf iptables and ipset for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
-Patch2: fail2ban-partof.patch
+Patch0: fail2ban-partof.patch
+# Update sendmail-reject with TLSMTA & MSA port IDs
+# https://bugzilla.redhat.com/show_bug.cgi?id=1722625
+Patch1: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2388.patch
 
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3
@@ -153,8 +156,7 @@ by default.
 
 
 %prep
-%setup -q
-%patch2 -p1 -b .partof
+%autosetup -p1
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
@@ -195,7 +197,8 @@ cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <]
+banaction_allports = firewallcmd-ipset[actiontype=]
 EOF
 # systemd journal configuration
 cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf < - 0.10.4-8
+- Define banaction_allports for firewalld, update banaction (bz#1775175)
+- Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625)
+
 * Thu Oct 31 2019 Orion Poplawski  - 0.10.4-7
 - Remove config files for other distros (bz#1533113)
 

From 4eae5e19dade1792f794dfc1fb7785d97502e68c Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sat, 23 Nov 2019 16:15:18 -0700
Subject: [PATCH 106/201] Add extra blank line for EL6 %autosetup

---
 fail2ban.spec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index 94f3407..29bdf66 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -155,6 +155,7 @@ by default.
 
 %prep
 %autosetup -p1
+
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 

From 0a5bad9a03eaeafb8fcb49b30d49076e18539ac3 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 14 Jan 2020 22:03:31 -0700
Subject: [PATCH 107/201] Update to 0.10.5

---
 .gitignore                                    |  1 +
 2388.patch                                    | 96 -------------------
 ...c547285c4030d4bf7661981673038e6e9829.patch | 31 ++++++
 ...f83aa3795f387c8475ceb48df197a94a37e8.patch | 22 +++++
 ...b1942c4da76f7a0f71efe81bea6835466648.patch | 25 +++++
 fail2ban-partof.patch                         | 10 +-
 fail2ban.spec                                 | 21 ++--
 sources                                       |  2 +-
 8 files changed, 99 insertions(+), 109 deletions(-)
 delete mode 100644 2388.patch
 create mode 100644 8694c547285c4030d4bf7661981673038e6e9829.patch
 create mode 100644 b158f83aa3795f387c8475ceb48df197a94a37e8.patch
 create mode 100644 ec37b1942c4da76f7a0f71efe81bea6835466648.patch

diff --git a/.gitignore b/.gitignore
index 573439a..6535f8f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.10.2.tar.gz
 /fail2ban-0.10.3.1.tar.gz
 /fail2ban-0.10.4.tar.gz
+/fail2ban-0.10.5.tar.gz
diff --git a/2388.patch b/2388.patch
deleted file mode 100644
index d391969..0000000
--- a/2388.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 9e1fa4ff73a1566ae0c381930b6eaae9880b0f29 Mon Sep 17 00:00:00 2001
-From: Amir Caspi 
-Date: Fri, 29 Mar 2019 17:38:30 -0600
-Subject: [PATCH 1/7] Update sendmail-reject
-
-Added loglines to show TLSMTA and MSA port IDs (RHEL/CentOS sendmail default for ports 465 and 587, respectively)
----
- fail2ban/tests/files/logs/sendmail-reject | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/fail2ban/tests/files/logs/sendmail-reject b/fail2ban/tests/files/logs/sendmail-reject
-index 44f8eb92f..a76cbf4b6 100644
---- a/fail2ban/tests/files/logs/sendmail-reject
-+++ b/fail2ban/tests/files/logs/sendmail-reject
-@@ -95,3 +95,8 @@ Nov  3 11:35:30 Microsoft sendmail[26254]: rA37ZTSC026255: from=
-Date: Fri, 29 Mar 2019 17:39:27 -0600
-Subject: [PATCH 2/7] Update sendmail-reject.conf
-
-On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in https://github.com/fail2ban/fail2ban/commit/9e1fa4ff73a1566ae0c381930b6eaae9880b0f29
----
- config/filter.d/sendmail-reject.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf
-index 985eac8b1..dd58f3e75 100644
---- a/config/filter.d/sendmail-reject.conf
-+++ b/config/filter.d/sendmail-reject.conf
-@@ -32,7 +32,7 @@ cmnfailre = ^ruleset=check_rcpt, arg1=(?P<\S+@\S+>), relay=(\S+ )?\[(?:IP
- 
- mdre-normal =
- 
--mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to M(?:TA|SP)(?:-\w+)?$
-+mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to (?:TLS)?M(?:TA|SP|SA)(?:-\w+)?$
- 
- mdre-aggressive = %(mdre-extra)s
- 
-
-From 76816285e886eee0a53ba5c64c50101fbd87a760 Mon Sep 17 00:00:00 2001
-From: Amir Caspi 
-Date: Fri, 29 Mar 2019 18:21:47 -0600
-Subject: [PATCH 5/7] Update sendmail-reject
-
-Fixing timestamps to 2005 (oops)
----
- fail2ban/tests/files/logs/sendmail-reject | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/fail2ban/tests/files/logs/sendmail-reject b/fail2ban/tests/files/logs/sendmail-reject
-index a76cbf4b6..b6911c4df 100644
---- a/fail2ban/tests/files/logs/sendmail-reject
-+++ b/fail2ban/tests/files/logs/sendmail-reject
-@@ -96,7 +96,7 @@ Mar  6 16:55:28 s192-168-0-1 sm-mta[20949]: v26LtRA0020949: some-host-24.example
- # failJSON: { "time": "2005-03-07T15:04:37", "match": true , "host": "192.0.2.195", "desc": "wrong resp. non RFC compiant (ddos prelude?), MSP-mode, (may be forged)" }
- Mar  7 15:04:37 s192-168-0-1 sm-mta[18624]: v27K4Vj8018624: some-host-24.example.org [192.0.2.195] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MSP-v4
- 
--# failJSON: { "time": "2019-03-29T22:33:47", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), TLSMTA-mode" }
-+# failJSON: { "time": "2005-03-29T22:33:47", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), TLSMTA-mode" }
- Mar 29 22:33:47 kismet sm-mta[23221]: x2TMXH7Y023221: internettl.org [104.152.52.29] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to TLSMTA
--# failJSON: { "time": "2019-03-29T22:51:42", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), MSA-mode" }
-+# failJSON: { "time": "2005-03-29T22:51:42", "match": true , "host": "104.152.52.29", "desc": "wrong resp. non RFC compiant (ddos prelude?), MSA-mode" }
- Mar 29 22:51:42 kismet sm-mta[24202]: x2TMpAlI024202: internettl.org [104.152.52.29] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA
-
-From 6c7093c66dce9f695cde24149a78650868083617 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" 
-Date: Thu, 4 Apr 2019 02:28:50 +0200
-Subject: [PATCH 6/7] minor amend, refolding branches (SP|SA -> S[PA])
-
----
- config/filter.d/sendmail-reject.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf
-index dd58f3e75..e6814a00c 100644
---- a/config/filter.d/sendmail-reject.conf
-+++ b/config/filter.d/sendmail-reject.conf
-@@ -32,7 +32,7 @@ cmnfailre = ^ruleset=check_rcpt, arg1=(?P<\S+@\S+>), relay=(\S+ )?\[(?:IP
- 
- mdre-normal =
- 
--mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to (?:TLS)?M(?:TA|SP|SA)(?:-\w+)?$
-+mdre-extra = ^(?:\S+ )?\[(?:IPv6:|)\](?: \(may be forged\))? did not issue (?:[A-Z]{4}[/ ]?)+during connection to (?:TLS)?M(?:TA|S[PA])(?:-\w+)?$
- 
- mdre-aggressive = %(mdre-extra)s
- 
-
diff --git a/8694c547285c4030d4bf7661981673038e6e9829.patch b/8694c547285c4030d4bf7661981673038e6e9829.patch
new file mode 100644
index 0000000..71ead1e
--- /dev/null
+++ b/8694c547285c4030d4bf7661981673038e6e9829.patch
@@ -0,0 +1,31 @@
+From 8694c547285c4030d4bf7661981673038e6e9829 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Tue, 14 Jan 2020 11:51:27 +0100
+Subject: [PATCH] increase test stack size to 128K (on some platforms min size
+ is greater then 32K), closes gh-2597
+
+---
+ fail2ban/tests/fail2banclienttestcase.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/tests/fail2banclienttestcase.py b/fail2ban/tests/fail2banclienttestcase.py
+index 29adb1220..5caa4dd90 100644
+--- a/fail2ban/tests/fail2banclienttestcase.py
++++ b/fail2ban/tests/fail2banclienttestcase.py
+@@ -469,14 +469,14 @@ def _testStartForeground(self, tmp, startparams, phase):
+ 
+ 	@with_foreground_server_thread(startextra={'f2b_local':(
+ 			"[Thread]",
+-			"stacksize = 32"
++			"stacksize = 128"
+ 			"",
+ 		)})
+ 	def testStartForeground(self, tmp, startparams):
+ 		# check thread options were set:
+ 		self.pruneLog()
+ 		self.execCmd(SUCCESS, startparams, "get", "thread")
+-		self.assertLogged("{'stacksize': 32}")
++		self.assertLogged("{'stacksize': 128}")
+ 		# several commands to server:
+ 		self.execCmd(SUCCESS, startparams, "ping")
+ 		self.execCmd(FAILED, startparams, "~~unknown~cmd~failed~~")
diff --git a/b158f83aa3795f387c8475ceb48df197a94a37e8.patch b/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
new file mode 100644
index 0000000..f4a2416
--- /dev/null
+++ b/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
@@ -0,0 +1,22 @@
+From b158f83aa3795f387c8475ceb48df197a94a37e8 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Mon, 13 Jan 2020 12:37:19 +0100
+Subject: [PATCH] testIPAddr_CompareDNS: add missing network constraint
+ (gh-2596)
+
+---
+ fail2ban/tests/filtertestcase.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
+index d6ad82358..6ca8162bd 100644
+--- a/fail2ban/tests/filtertestcase.py
++++ b/fail2ban/tests/filtertestcase.py
+@@ -2064,6 +2064,7 @@ def testIPAddr_CIDR_Repr(self):
+ 		)
+ 
+ 	def testIPAddr_CompareDNS(self):
++		unittest.F2B.SkipIfNoNetwork()
+ 		ips = IPAddr('example.com')
+ 		self.assertTrue(IPAddr("93.184.216.34").isInNet(ips))
+ 		self.assertTrue(IPAddr("2606:2800:220:1:248:1893:25c8:1946").isInNet(ips))
diff --git a/ec37b1942c4da76f7a0f71efe81bea6835466648.patch b/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
new file mode 100644
index 0000000..3878213
--- /dev/null
+++ b/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
@@ -0,0 +1,25 @@
+From ec37b1942c4da76f7a0f71efe81bea6835466648 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Tue, 14 Jan 2020 11:39:13 +0100
+Subject: [PATCH] action.d/nginx-block-map.conf: fixed backslash substitution
+ (different echo behavior in some shells, gh-2596)
+
+---
+ config/action.d/nginx-block-map.conf | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/config/action.d/nginx-block-map.conf b/config/action.d/nginx-block-map.conf
+index 0b6aa0ad7..ee702907e 100644
+--- a/config/action.d/nginx-block-map.conf
++++ b/config/action.d/nginx-block-map.conf
+@@ -103,6 +103,8 @@ actionstop = %(actionflush)s
+ 
+ actioncheck = 
+ 
+-actionban = echo "\\\\ 1;" >> '%(blck_lst_file)s'; %(blck_lst_reload)s
++_echo_blck_row = printf '\%%s 1;\n' ""
+ 
+-actionunban = id=$(echo "" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^\\\\$id 1;$/d" %(blck_lst_file)s; %(blck_lst_reload)s
++actionban = %(_echo_blck_row)s >> '%(blck_lst_file)s'; %(blck_lst_reload)s
++
++actionunban = id=$(%(_echo_blck_row)s | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" %(blck_lst_file)s; %(blck_lst_reload)s
diff --git a/fail2ban-partof.patch b/fail2ban-partof.patch
index 7f2f00d..ddb39e8 100644
--- a/fail2ban-partof.patch
+++ b/fail2ban-partof.patch
@@ -1,11 +1,11 @@
-diff -up fail2ban-0.10.3.1/files/fail2ban.service.in.partof fail2ban-0.10.3.1/files/fail2ban.service.in
---- fail2ban-0.10.3.1/files/fail2ban.service.in.partof	2018-06-19 12:10:15.401391081 -0600
-+++ fail2ban-0.10.3.1/files/fail2ban.service.in	2018-06-19 12:10:38.892291609 -0600
+diff -up fail2ban-0.10.5/files/fail2ban.service.in.partof fail2ban-0.10.5/files/fail2ban.service.in
+--- fail2ban-0.10.5/files/fail2ban.service.in.partof	2020-01-10 05:34:46.000000000 -0700
++++ fail2ban-0.10.5/files/fail2ban.service.in	2020-01-11 16:13:53.372316861 -0700
 @@ -2,7 +2,7 @@
  Description=Fail2Ban Service
  Documentation=man:fail2ban(1)
- After=network.target iptables.service firewalld.service ip6tables.service ipset.service
--PartOf=iptables.service firewalld.service ip6tables.service ipset.service
+ After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
+-PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
 +PartOf=firewalld.service
  
  [Service]
diff --git a/fail2ban.spec b/fail2ban.spec
index eeb11ec..8f3669b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,18 +1,20 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.10.4
-Release: 8%{?dist}
+Version: 0.10.5
+Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-#Source0: https://github.com/sebres/%{name}/archive/f2b-perfom-prepare-716-cs.tar.gz#/%{name}-test.tar.gz
 # Give up being PartOf iptables and ipset for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch0: fail2ban-partof.patch
-# Update sendmail-reject with TLSMTA & MSA port IDs
-# https://bugzilla.redhat.com/show_bug.cgi?id=1722625
-Patch1: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2388.patch
+# Fix nginx-block-map
+Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
+# testIPAddr_CompareDNS: add missing network constraint
+Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
+# FIx test thread stack size on aarch64
+Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch
 
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3
@@ -213,7 +215,9 @@ EOF
 rm -r %{buildroot}%{_docdir}/%{name}
 
 %check
-./fail2ban-testcases-all-python3 --no-network
+# testSampleRegexsSSHD fails for some reason when run alongside all other tests
+%python3 bin/fail2ban-testcases --no-network testSampleRegexsSSHD
+%python3 bin/fail2ban-testcases --no-network -i testSampleRegexsSSHD
 
 %post server
 %if 0%{?fedora} || 0%{?rhel} >= 7
@@ -299,6 +303,9 @@ fi
 
 
 %changelog
+* Tue Jan 14 2020 Orion Poplawski  - 0.10.5-1
+- Update to 0.10.5
+
 * Thu Nov 21 2019 Orion Poplawski  - 0.10.4-8
 - Define banaction_allports for firewalld, update banaction (bz#1775175)
 - Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625)
diff --git a/sources b/sources
index efd923a..96975ca 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.10.4.tar.gz) = 3f4af84b7e3332b887240c927c1f706d2b3020217df2a68c64897619d54eb6dfa972992e3153f4ea150d025e2c8a2b537da47cf71a6dfee1df3c8d029a6d5f42
+SHA512 (fail2ban-0.10.5.tar.gz) = 306153587a3fcda6e72856f0b7817ea76eda83cca84d5a9af2d182aaf06cc18379c31ae22b16f7544d988bf5abaf8e12df229c350a48bbdf01751a56c9be80c6

From 55f6b78077e4856a8f360fbcc1b01b7d0a41f226 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 14 Jan 2020 22:04:44 -0700
Subject: [PATCH 108/201] Update to 0.11.1

---
 .gitignore    | 1 +
 fail2ban.spec | 5 ++++-
 sources       | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 6535f8f..dce9971 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.10.3.1.tar.gz
 /fail2ban-0.10.4.tar.gz
 /fail2ban-0.10.5.tar.gz
+/fail2ban-0.11.1.tar.gz
diff --git a/fail2ban.spec b/fail2ban.spec
index 8f3669b..1125bfa 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
-Version: 0.10.5
+Version: 0.11.1
 Release: 1%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
@@ -303,6 +303,9 @@ fi
 
 
 %changelog
+* Tue Jan 14 2020 Orion Poplawski  - 0.11.1-1
+- Update to 0.11.1
+
 * Tue Jan 14 2020 Orion Poplawski  - 0.10.5-1
 - Update to 0.10.5
 
diff --git a/sources b/sources
index 96975ca..585083b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.10.5.tar.gz) = 306153587a3fcda6e72856f0b7817ea76eda83cca84d5a9af2d182aaf06cc18379c31ae22b16f7544d988bf5abaf8e12df229c350a48bbdf01751a56c9be80c6
+SHA512 (fail2ban-0.11.1.tar.gz) = 019b088aa6375f98742ed101ef6f65adabca3324444d71d5b8597a8d1d22fa76b9f503660f0498643fe24a3b8e4368de916072a1ab77b8e2ea3eda41c3e0c8c6

From 54746313a81173b6d4883103601a6dedabcbdd9d Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sat, 18 Jan 2020 11:52:02 -0700
Subject: [PATCH 109/201] Add upstream patches to fix testcase install and
 tests; Fix fail2ban-python symlink

---
 2605.patch                                    | 152 ++++++++++++
 ...f30cdd855c41b80ebdde3fe2bc91cc94e594.patch | 233 ++++++++++++++++++
 fail2ban.spec                                 |  15 +-
 3 files changed, 396 insertions(+), 4 deletions(-)
 create mode 100644 2605.patch
 create mode 100644 8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch

diff --git a/2605.patch b/2605.patch
new file mode 100644
index 0000000..05e5646
--- /dev/null
+++ b/2605.patch
@@ -0,0 +1,152 @@
+From 3965d690b137152b2a0a6a46989178b5566cfd8e Mon Sep 17 00:00:00 2001
+From: Angelo Compagnucci 
+Date: Thu, 16 Jan 2020 12:05:13 +0100
+Subject: [PATCH 1/2] Revert "setup.py: adding option to install without tests"
+
+Test should actually removed from the stup data in finalize_options
+instead of being added back.
+
+This reverts commit 9b918bba2f672780fb4469294d80ba7deb6b8cab.
+
+Signed-off-by: Angelo Compagnucci 
+---
+ setup.py | 41 ++++++++++++++++-------------------------
+ 1 file changed, 16 insertions(+), 25 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index e476c5dd6..8da292683 100755
+--- a/setup.py
++++ b/setup.py
+@@ -119,11 +119,9 @@ def update_scripts(self, dry_run=False):
+ class install_command_f2b(install):
+ 	user_options = install.user_options + [
+ 		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
+-		('without-tests', None, 'without tests files installation'),
+ 	]
+ 	def initialize_options(self):
+ 		self.disable_2to3 = None
+-		self.without_tests = None
+ 		install.initialize_options(self)
+ 	def finalize_options(self):
+ 		global _2to3
+@@ -134,28 +132,6 @@ def finalize_options(self):
+ 			cmdclass = self.distribution.cmdclass
+ 			cmdclass['build_py'] = build_py_2to3
+ 			cmdclass['build_scripts'] = build_scripts_2to3
+-		if not self.without_tests:
+-			self.distribution.scripts += [
+-				'bin/fail2ban-testcases',
+-			]
+-
+-			self.distribution.packages += [
+-				'fail2ban.tests',
+-				'fail2ban.tests.action_d',
+-			]
+-
+-			self.distribution.package_data = {
+-				'fail2ban.tests':
+-					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
+-						for w in os.walk('fail2ban/tests/files')
+-						for f in w[2]] +
+-					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
+-						for w in os.walk('fail2ban/tests/config')
+-						for f in w[2]] +
+-					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
+-						for w in os.walk('fail2ban/tests/action_d')
+-						for f in w[2]]
+-			}
+ 		install.finalize_options(self)
+ 	def run(self):
+ 		install.run(self)
+@@ -232,20 +208,35 @@ def run(self):
+ 	license = "GPL",
+ 	platforms = "Posix",
+ 	cmdclass = {
+-		'build_py': build_py, 'build_scripts': build_scripts,
++		'build_py': build_py, 'build_scripts': build_scripts, 
+ 		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
+ 	},
+ 	scripts = [
+ 		'bin/fail2ban-client',
+ 		'bin/fail2ban-server',
+ 		'bin/fail2ban-regex',
++		'bin/fail2ban-testcases',
+ 		# 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper
+ 	],
+ 	packages = [
+ 		'fail2ban',
+ 		'fail2ban.client',
+ 		'fail2ban.server',
++		'fail2ban.tests',
++		'fail2ban.tests.action_d',
+ 	],
++	package_data = {
++		'fail2ban.tests':
++			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
++				for w in os.walk('fail2ban/tests/files')
++				for f in w[2]] +
++			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
++				for w in os.walk('fail2ban/tests/config')
++				for f in w[2]] +
++			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
++				for w in os.walk('fail2ban/tests/action_d')
++				for f in w[2]]
++	},
+ 	data_files = [
+ 		('/etc/fail2ban',
+ 			glob("config/*.conf")
+
+From 5fa1f69264d3c23793f64c03c96737d54555e919 Mon Sep 17 00:00:00 2001
+From: Angelo Compagnucci 
+Date: Thu, 16 Jan 2020 12:28:42 +0100
+Subject: [PATCH 2/2] setup.py: adding option to install without tests
+
+Tests files are not always needed especially when installing on low
+resource systems like an embedded one.
+This patch adds the --without-tests option to skip installing the
+tests files.
+
+Signed-off-by: Angelo Compagnucci 
+---
+ setup.py | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 8da292683..ce1eedf68 100755
+--- a/setup.py
++++ b/setup.py
+@@ -119,9 +119,11 @@ def update_scripts(self, dry_run=False):
+ class install_command_f2b(install):
+ 	user_options = install.user_options + [
+ 		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
++		('without-tests', None, 'without tests files installation'),
+ 	]
+ 	def initialize_options(self):
+ 		self.disable_2to3 = None
++		self.without_tests = None
+ 		install.initialize_options(self)
+ 	def finalize_options(self):
+ 		global _2to3
+@@ -132,6 +134,13 @@ def finalize_options(self):
+ 			cmdclass = self.distribution.cmdclass
+ 			cmdclass['build_py'] = build_py_2to3
+ 			cmdclass['build_scripts'] = build_scripts_2to3
++		if self.without_tests:
++			self.distribution.scripts.remove('bin/fail2ban-testcases')
++
++			self.distribution.packages.remove('fail2ban.tests')
++			self.distribution.packages.remove('fail2ban.tests.action_d')
++
++			del self.distribution.package_data['fail2ban.tests']
+ 		install.finalize_options(self)
+ 	def run(self):
+ 		install.run(self)
+@@ -208,7 +217,7 @@ def run(self):
+ 	license = "GPL",
+ 	platforms = "Posix",
+ 	cmdclass = {
+-		'build_py': build_py, 'build_scripts': build_scripts, 
++		'build_py': build_py, 'build_scripts': build_scripts,
+ 		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
+ 	},
+ 	scripts = [
diff --git a/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch b/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
new file mode 100644
index 0000000..de372f3
--- /dev/null
+++ b/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
@@ -0,0 +1,233 @@
+From 8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Wed, 15 Jan 2020 19:22:53 +0100
+Subject: [PATCH] closes #2596: fixed supplying of backend-related `logtype` to
+ the jail filter - don't merge it (provide as init parameter if not set in
+ definition section), init parameters don't affect config-cache (better
+ implementation as in #2387 and it covered now with new test)
+
+---
+ MANIFEST                                      |  2 ++
+ fail2ban/client/configreader.py               |  8 +++--
+ fail2ban/client/fail2banregex.py              |  7 ++---
+ fail2ban/client/filterreader.py               |  8 +++++
+ fail2ban/client/jailreader.py                 |  7 ++---
+ fail2ban/tests/clientreadertestcase.py        | 17 +++++++++-
+ .../tests/config/filter.d/checklogtype.conf   | 31 +++++++++++++++++++
+ .../config/filter.d/checklogtype_test.conf    | 12 +++++++
+ fail2ban/tests/config/jail.conf               | 25 +++++++++++++++
+ 9 files changed, 104 insertions(+), 13 deletions(-)
+ create mode 100644 fail2ban/tests/config/filter.d/checklogtype.conf
+ create mode 100644 fail2ban/tests/config/filter.d/checklogtype_test.conf
+
+diff --git a/MANIFEST b/MANIFEST
+index dbcc2f602..5680492af 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -226,6 +226,8 @@ fail2ban/tests/clientreadertestcase.py
+ fail2ban/tests/config/action.d/action.conf
+ fail2ban/tests/config/action.d/brokenaction.conf
+ fail2ban/tests/config/fail2ban.conf
++fail2ban/tests/config/filter.d/checklogtype.conf
++fail2ban/tests/config/filter.d/checklogtype_test.conf
+ fail2ban/tests/config/filter.d/simple.conf
+ fail2ban/tests/config/filter.d/test.conf
+ fail2ban/tests/config/filter.d/test.local
+diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
+index 66b987b28..20709b724 100644
+--- a/fail2ban/client/configreader.py
++++ b/fail2ban/client/configreader.py
+@@ -120,6 +120,10 @@ def has_section(self, sec):
+ 		except AttributeError:
+ 			return False
+ 
++	def has_option(self, sec, opt, withDefault=True):
++		return self._cfg.has_option(sec, opt) if withDefault \
++			else opt in self._cfg._sections.get(sec, {})
++
+ 	def merge_defaults(self, d):
+ 		self._cfg.get_defaults().update(d)
+ 
+@@ -261,8 +265,8 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False):
+ 					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
+ 								% (optname, sec, optvalue))
+ 					values[optname] = optvalue
+-				elif logSys.getEffectiveLevel() <= logLevel:
+-					logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec)
++				# elif logSys.getEffectiveLevel() <= logLevel:
++				# 	logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec)
+ 			except ValueError:
+ 				logSys.warning("Wrong value for '" + optname + "' in '" + sec +
+ 							"'. Using default one: '" + repr(optvalue) + "'")
+diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
+index f6a4b141c..334c031f4 100644
+--- a/fail2ban/client/fail2banregex.py
++++ b/fail2ban/client/fail2banregex.py
+@@ -372,11 +372,8 @@ def readRegex(self, value, regextype):
+ 			if not ret:
+ 				output( "ERROR: failed to load filter %s" % value )
+ 				return False
+-			# overwrite default logtype (considering that the filter could specify this too in Definition/Init sections):
+-			if not fltOpt.get('logtype'):
+-				reader.merge_defaults({
+-					'logtype': ['file','journal'][int(self._backend.startswith("systemd"))]
+-				})
++			# set backend-related options (logtype):
++			reader.applyAutoOptions(self._backend)
+ 			# get, interpolate and convert options:
+ 			reader.getOptions(None)
+ 			# show real options if expected:
+diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py
+index ede18dca2..413f125e6 100644
+--- a/fail2ban/client/filterreader.py
++++ b/fail2ban/client/filterreader.py
+@@ -53,6 +53,14 @@ def setFile(self, fileName):
+ 	def getFile(self):
+ 		return self.__file
+ 
++	def applyAutoOptions(self, backend):
++		# set init option to backend-related logtype, considering
++		# that the filter settings may be overwritten in its local:
++		if (not self._initOpts.get('logtype') and 
++		    not self.has_option('Definition', 'logtype', False)
++		  ):
++			self._initOpts['logtype'] = ['file','journal'][int(backend.startswith("systemd"))]
++
+ 	def convert(self):
+ 		stream = list()
+ 		opts = self.getCombined()
+diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
+index 917a562ce..1d7db0dc9 100644
+--- a/fail2ban/client/jailreader.py
++++ b/fail2ban/client/jailreader.py
+@@ -142,11 +142,8 @@ def getOptions(self):
+ 				ret = self.__filter.read()
+ 				if not ret:
+ 					raise JailDefError("Unable to read the filter %r" % filterName)
+-				if not filterOpt.get('logtype'):
+-					# overwrite default logtype backend-related (considering that the filter settings may be overwritten):
+-					self.__filter.merge_defaults({
+-						'logtype': ['file','journal'][int(self.__opts.get('backend', '').startswith("systemd"))]
+-					})
++				# set backend-related options (logtype):
++				self.__filter.applyAutoOptions(self.__opts.get('backend', ''))
+ 				# merge options from filter as 'known/...' (all options unfiltered):
+ 				self.__filter.getOptions(self.__opts, all=True)
+ 				ConfigReader.merge_section(self, self.__name, self.__filter.getCombined(), 'known/')
+diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
+index d39860f47..2c1d0a0e4 100644
+--- a/fail2ban/tests/clientreadertestcase.py
++++ b/fail2ban/tests/clientreadertestcase.py
+@@ -328,7 +328,22 @@ def testOverrideFilterOptInJail(self):
+ 			self.assertFalse(len(o) > 2 and o[2].endswith('regex'))
+ 			i += 1
+ 			if i > usednsidx: break
+-		
++
++	def testLogTypeOfBackendInJail(self):
++		unittest.F2B.SkipIfCfgMissing(stock=True); # expected include of common.conf
++		# test twice to check cache works peoperly:
++		for i in (1, 2):
++			# backend-related, overwritten in definition, specified in init parameters:
++			for prefline in ('JRNL', 'FILE', 'TEST', 'INIT'):
++				jail = JailReader('checklogtype_'+prefline.lower(), basedir=IMPERFECT_CONFIG,
++					share_config=IMPERFECT_CONFIG_SHARE_CFG, force_enable=True)
++				self.assertTrue(jail.read())
++				self.assertTrue(jail.getOptions())
++				stream = jail.convert()
++				# 'JRNL' for systemd, 'FILE' for file backend, 'TEST' for custom logtype (overwrite it):
++				self.assertEqual([['set', jail.getName(), 'addfailregex', '^%s failure from $' % prefline]],
++					[o for o in stream if len(o) > 2 and o[2] == 'addfailregex'])
++
+ 	def testSplitOption(self):
+ 		# Simple example
+ 		option = "mail-whois[name=SSH]"
+diff --git a/fail2ban/tests/config/filter.d/checklogtype.conf b/fail2ban/tests/config/filter.d/checklogtype.conf
+new file mode 100644
+index 000000000..4d700fffa
+--- /dev/null
++++ b/fail2ban/tests/config/filter.d/checklogtype.conf
+@@ -0,0 +1,31 @@
++# Fail2Ban configuration file
++#
++
++[INCLUDES]
++
++# Read common prefixes (logtype is set in default section)
++before = ../../../../config/filter.d/common.conf
++
++[Definition]
++
++_daemon = test
++
++failregex = ^/__prefix_line> failure from $
++ignoreregex = 
++
++# following sections define prefix line considering logtype:
++
++# backend-related (retrieved from backend, overwrite default):
++[lt_file]
++__prefix_line = FILE
++
++[lt_journal]
++__prefix_line = JRNL
++
++# specified in definition section of filter (see filter checklogtype_test.conf):
++[lt_test]
++__prefix_line = TEST
++
++# specified in init parameter of jail (see ../jail.conf, jail checklogtype_init):
++[lt_init]
++__prefix_line = INIT
+diff --git a/fail2ban/tests/config/filter.d/checklogtype_test.conf b/fail2ban/tests/config/filter.d/checklogtype_test.conf
+new file mode 100644
+index 000000000..a76f5fcfb
+--- /dev/null
++++ b/fail2ban/tests/config/filter.d/checklogtype_test.conf
+@@ -0,0 +1,12 @@
++# Fail2Ban configuration file
++#
++
++[INCLUDES]
++
++# Read common prefixes (logtype is set in default section)
++before = checklogtype.conf
++
++[Definition]
++
++# overwrite logtype in definition (no backend anymore):
++logtype = test
+\ No newline at end of file
+diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf
+index de5bbbdc5..b1a1707b6 100644
+--- a/fail2ban/tests/config/jail.conf
++++ b/fail2ban/tests/config/jail.conf
+@@ -74,3 +74,28 @@ journalmatch = _COMM=test
+ maxlines = 2
+ usedns = no
+ enabled = false
++
++[checklogtype_jrnl]
++filter = checklogtype
++backend = systemd
++action = action
++enabled = false
++
++[checklogtype_file]
++filter = checklogtype
++backend = polling
++logpath = README.md
++action = action
++enabled = false
++
++[checklogtype_test]
++filter = checklogtype_test
++backend = systemd
++action = action
++enabled = false
++
++[checklogtype_init]
++filter = checklogtype_test[logtype=init]
++backend = systemd
++action = action
++enabled = false
diff --git a/fail2ban.spec b/fail2ban.spec
index 1125bfa..e238742 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -13,8 +13,12 @@ Patch0: fail2ban-partof.patch
 Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
 # testIPAddr_CompareDNS: add missing network constraint
 Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
-# FIx test thread stack size on aarch64
+# Fix test thread stack size on aarch64
 Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch
+# Fix handling of journal in tests
+Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
+# Fix test install
+Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch
 
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3
@@ -170,6 +174,9 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 %install
 %py3_install
 
+# Make symbolic link relative
+ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
+
 %if 0%{?fedora} || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
@@ -214,10 +221,10 @@ EOF
 # Remove installed doc, use doc macro instead
 rm -r %{buildroot}%{_docdir}/%{name}
 
+
 %check
-# testSampleRegexsSSHD fails for some reason when run alongside all other tests
-%python3 bin/fail2ban-testcases --no-network testSampleRegexsSSHD
-%python3 bin/fail2ban-testcases --no-network -i testSampleRegexsSSHD
+%python3 bin/fail2ban-testcases --verbosity=2 --no-network
+
 
 %post server
 %if 0%{?fedora} || 0%{?rhel} >= 7

From 1a4d927b86e84de101162e1662b19bead9a69a76 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 20 Jan 2020 21:03:06 -0700
Subject: [PATCH 110/201] Move action.d/mail-whois-common.conf into
 fail2ban-server

---
 fail2ban.spec | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index e238742..652186b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.11.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -272,7 +272,10 @@ fi
 %config(noreplace) %{_sysconfdir}/fail2ban
 %exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
-%exclude %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
 %exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
@@ -297,7 +300,10 @@ fi
 
 %files mail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
 
 %files sendmail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
@@ -310,6 +316,9 @@ fi
 
 
 %changelog
+* Tue Jan 21 2020 Orion Poplawski  - 0.11.1-2
+- Move action.d/mail-whois-common.conf into fail2ban-server
+
 * Tue Jan 14 2020 Orion Poplawski  - 0.11.1-1
 - Update to 0.11.1
 

From bc30e2b939e7b2e5f6310f3088f5fbe56a2a20f7 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Mon, 20 Jan 2020 21:03:06 -0700
Subject: [PATCH 111/201] Move action.d/mail-whois-common.conf into
 fail2ban-server

---
 fail2ban.spec | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 8f3669b..e879428 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.10.5
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -265,7 +265,10 @@ fi
 %config(noreplace) %{_sysconfdir}/fail2ban
 %exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
-%exclude %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
+%exclude %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/shorewall.conf
 %exclude %{_sysconfdir}/fail2ban/jail.d/*.conf
@@ -290,7 +293,10 @@ fi
 
 %files mail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
-%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-*.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-buffered.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois.conf
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/mail-whois-lines.conf
 
 %files sendmail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
@@ -303,6 +309,9 @@ fi
 
 
 %changelog
+* Tue Jan 21 2020 Orion Poplawski  - 0.10.5-2
+- Move action.d/mail-whois-common.conf into fail2ban-server
+
 * Tue Jan 14 2020 Orion Poplawski  - 0.10.5-1
 - Update to 0.10.5
 

From 143f9afcfe02d123b3dff047a58903ca0bef1e2f Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Tue, 28 Jan 2020 18:04:56 +0000
Subject: [PATCH 112/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 652186b..5e72d32 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,7 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.11.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -316,6 +316,9 @@ fi
 
 
 %changelog
+* Tue Jan 28 2020 Fedora Release Engineering  - 0.11.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
 * Tue Jan 21 2020 Orion Poplawski  - 0.11.1-2
 - Move action.d/mail-whois-common.conf into fail2ban-server
 

From 9c838cdfb9d50522ff80eb70caa1c6a6fb4518f2 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 29 Nov 2019 19:33:59 -0700
Subject: [PATCH 113/201] Add SELinux policy

---
 Makefile      |  26 +++++
 fail2ban.fc   |   9 ++
 fail2ban.if   | 313 ++++++++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec |  51 +++++++-
 fail2ban.te   | 190 ++++++++++++++++++++++++++++++
 5 files changed, 588 insertions(+), 1 deletion(-)
 create mode 100644 Makefile
 create mode 100644 fail2ban.fc
 create mode 100644 fail2ban.if
 create mode 100644 fail2ban.te

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..70b552a
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,26 @@
+TARGET?=fail2ban
+MODULES?=${TARGET:=.pp.bz2}
+SHAREDIR?=/usr/share
+
+all: ${TARGET:=.pp.bz2}
+
+%.pp.bz2: %.pp
+	@echo Compressing $^ -\> $@
+	bzip2 -9 $^
+
+%.pp: %.te
+	make -f ${SHAREDIR}/selinux/devel/Makefile $@
+
+clean:
+	rm -f *~  *.tc *.pp *.pp.bz2
+	rm -rf tmp *.tar.gz
+
+man: install-policy
+	sepolicy manpage --path . --domain ${TARGET}_t
+
+install-policy: all
+	semodule -i ${TARGET}.pp.bz2
+
+install: man
+	install -D -m 644 ${TARGET}.pp.bz2 ${DESTDIR}${SHAREDIR}/selinux/packages/${TARGET}.pp.bz2
+	install -D -m 644 ${TARGET}_selinux.8 ${DESTDIR}${SHAREDIR}/man/man8/
diff --git a/fail2ban.fc b/fail2ban.fc
new file mode 100644
index 0000000..4da938f
--- /dev/null
+++ b/fail2ban.fc
@@ -0,0 +1,9 @@
+/etc/rc\.d/init\.d/fail2ban	--	gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0)
+
+/usr/bin/fail2ban	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
+/usr/bin/fail2ban-client	--	gen_context(system_u:object_r:fail2ban_client_exec_t,s0)
+/usr/bin/fail2ban-server	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
+
+/var/lib/fail2ban(/.*)?	gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
+/var/log/fail2ban\.log.*	--	gen_context(system_u:object_r:fail2ban_log_t,s0)
+/var/run/fail2ban.*	gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff --git a/fail2ban.if b/fail2ban.if
new file mode 100644
index 0000000..94e1936
--- /dev/null
+++ b/fail2ban.if
@@ -0,0 +1,313 @@
+## Update firewall filtering to ban IP addresses with too many password failures.
+
+########################################
+## 
+##	Execute a domain transition to run fail2ban.
+## 
+## 
+## 
+##	Domain allowed to transition.
+## 
+## 
+#
+interface(`fail2ban_domtrans',`
+	gen_require(`
+		type fail2ban_t, fail2ban_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, fail2ban_exec_t, fail2ban_t)
+')
+
+#######################################
+## 
+##  Execute the fail2ban client in
+##  the fail2ban client domain.
+## 
+## 
+##  
+##  Domain allowed to transition.
+##  
+## 
+#
+interface(`fail2ban_domtrans_client',`
+    gen_require(`
+        type fail2ban_client_t, fail2ban_client_exec_t;
+    ')
+
+    corecmd_search_bin($1)
+    domtrans_pattern($1, fail2ban_client_exec_t, fail2ban_client_t)
+')
+
+#######################################
+## 
+##  Execute fail2ban client in the
+##  fail2ban client domain, and allow
+##  the specified role the fail2ban
+##  client domain.
+## 
+## 
+##  
+##  Domain allowed to transition.
+##  
+## 
+## 
+##  
+##  Role allowed access.
+##  
+## 
+#
+interface(`fail2ban_run_client',`
+    gen_require(`
+        attribute_role fail2ban_client_roles;
+    ')
+
+    fail2ban_domtrans_client($1)
+    roleattribute $2 fail2ban_client_roles;
+')
+
+#####################################
+## 
+##	Connect to fail2ban over a unix domain
+##	stream socket.
+## 
+## 
+##	
+##	Domain allowed access.
+##	
+## 
+#
+interface(`fail2ban_stream_connect',`
+	gen_require(`
+		type fail2ban_t, fail2ban_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
+')
+
+########################################
+## 
+##	Read and write inherited temporary files.
+## 
+## 
+##	
+##	Domain allowed access.
+##	
+## 
+#
+interface(`fail2ban_rw_inherited_tmp_files',`
+	gen_require(`
+		type fail2ban_tmp_t;
+	')
+
+	files_search_tmp($1)
+	allow $1 fail2ban_tmp_t:file rw_inherited_file_perms;
+')
+
+########################################
+## 
+##	Read and write to an fail2ba unix stream socket.
+## 
+## 
+##	
+##	Domain allowed access.
+##	
+## 
+#
+interface(`fail2ban_rw_stream_sockets',`
+	gen_require(`
+		type fail2ban_t;
+	')
+
+	allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
+')
+
+#######################################
+## 
+##  Do not audit attempts to use
+##  fail2ban file descriptors.
+## 
+## 
+##  
+##  Domain to not audit.
+##  
+## 
+#
+interface(`fail2ban_dontaudit_use_fds',`
+    gen_require(`
+        type fail2ban_t;
+    ')
+
+    dontaudit $1 fail2ban_t:fd use;
+')
+
+#######################################
+## 
+##  Do not audit attempts to read and
+##  write fail2ban unix stream sockets
+## 
+## 
+##  
+##  Domain to not audit.
+##  
+## 
+#
+interface(`fail2ban_dontaudit_rw_stream_sockets',`
+    gen_require(`
+        type fail2ban_t;
+    ')
+
+    dontaudit $1 fail2ban_t:unix_stream_socket { read write };
+')
+
+########################################
+## 
+##	Read fail2ban lib files.
+## 
+## 
+##	
+##	Domain allowed access.
+##	
+## 
+#
+interface(`fail2ban_read_lib_files',`
+	gen_require(`
+		type fail2ban_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, fail2ban_var_lib_t, fail2ban_var_lib_t)
+')
+
+########################################
+## 
+##	Allow the specified domain to read fail2ban's log files.
+## 
+## 
+##	
+##	Domain allowed access.
+##	
+## 
+## 
+#
+interface(`fail2ban_read_log',`
+	gen_require(`
+		type fail2ban_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 fail2ban_log_t:dir list_dir_perms;
+	allow $1 fail2ban_log_t:file read_file_perms;
+')
+
+########################################
+## 
+##	Allow the specified domain to append
+##	fail2ban log files.
+## 
+## 
+## 	
+##	Domain allowed access.
+## 	
+## 
+#
+interface(`fail2ban_append_log',`
+	gen_require(`
+		type fail2ban_log_t;
+	')
+
+	logging_search_logs($1)
+	allow $1 fail2ban_log_t:dir list_dir_perms;
+	allow $1 fail2ban_log_t:file append_file_perms;
+')
+
+########################################
+## 
+##	Read fail2ban PID files.
+## 
+## 
+##	
+##	Domain allowed access.
+##	
+## 
+#
+interface(`fail2ban_read_pid_files',`
+	gen_require(`
+		type fail2ban_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 fail2ban_var_run_t:file read_file_perms;
+')
+
+########################################
+## 
+##	dontaudit read and write an leaked file descriptors
+## 
+## 
+##	
+##	Domain to not audit.
+##	
+## 
+#
+interface(`fail2ban_dontaudit_leaks',`
+	gen_require(`
+		type fail2ban_t;
+	')
+
+ 	dontaudit $1 fail2ban_t:tcp_socket { read write };
+	dontaudit $1 fail2ban_t:unix_dgram_socket { read write };
+	dontaudit $1 fail2ban_t:unix_stream_socket { read write };
+')
+
+########################################
+## 
+##	All of the rules required to administrate 
+##	an fail2ban environment
+## 
+## 
+##	
+##	Domain allowed access.
+##	
+## 
+## 
+##	
+##	The role to be allowed to manage the fail2ban domain.
+##	
+## 
+## 
+#
+interface(`fail2ban_admin',`
+	gen_require(`
+		type fail2ban_t, fail2ban_log_t, fail2ban_initrc_exec_t;
+		type fail2ban_var_run_t, fail2ban_var_lib_t, fail2ban_tmp_t;
+		type fail2ban_client_t;
+	')
+
+	allow $1 { fail2ban_t fail2ban_client_t }:process signal_perms;
+	ps_process_pattern($1, { fail2ban_t fail2ban_client_t })
+
+	tunable_policy(`deny_ptrace',`',`
+		allow $1 { fail2ban_t fail2ban_client_t }:process ptrace;
+	')
+
+	init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
+	domain_system_change_exemption($1)
+	role_transition $2 fail2ban_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	logging_list_logs($1)
+	admin_pattern($1, fail2ban_log_t)
+
+	files_list_pids($1)
+	admin_pattern($1, fail2ban_var_run_t)
+
+	files_list_var_lib($1)
+	admin_pattern($1, fail2ban_var_lib_t)
+
+	files_list_tmp($1)
+	admin_pattern($1, fail2ban_tmp_t)
+
+	fail2ban_run_client($1, $2)
+')
diff --git a/fail2ban.spec b/fail2ban.spec
index 5e72d32..27557e1 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,10 +1,15 @@
 Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.11.1
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+# SELinux policy
+Source1: fail2ban.fc
+Source2: fail2ban.if
+Source3: fail2ban.te
+Source4: Makefile
 # Give up being PartOf iptables and ipset for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
@@ -29,6 +34,7 @@ BuildArch: noarch
 %if 0%{?fedora} || 0%{?rhel} >= 7
 BuildRequires: systemd
 %endif
+BuildRequires: selinux-policy-devel
 # Default components
 Requires: %{name}-firewalld = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
@@ -52,6 +58,16 @@ sub-packages are available to install support for other actions and
 configurations.
 
 
+%package selinux
+Summary: SELinux policies for Fail2Ban
+%{?selinux_requires}
+%global modulename fail2ban
+%global selinuxtype targeted
+
+%description selinux
+SELinux policies for Fail2Ban.
+
+
 %package server
 Summary: Core server component for Fail2Ban
 %if 0%{?fedora} || 0%{?rhel} >= 7
@@ -67,6 +83,7 @@ Requires(preun): /sbin/service
 %endif
 Requires: ipset
 Requires: iptables
+Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
 
 %description server
 This package contains the core server components for Fail2Ban with minimal
@@ -167,9 +184,12 @@ by default.
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
 find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
+# SELinux sources
+cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
 
 %build
 %py3_build
+make -f %SOURCE4
 
 %install
 %py3_install
@@ -221,11 +241,32 @@ EOF
 # Remove installed doc, use doc macro instead
 rm -r %{buildroot}%{_docdir}/%{name}
 
+# SELinux
+# install policy modules
+install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
+install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
+
 
 %check
 %python3 bin/fail2ban-testcases --verbosity=2 --no-network
 
 
+
+%pre selinux
+%selinux_relabel_pre -s %{selinuxtype}
+
+%post selinux
+%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.bz2
+
+%postun selinux
+if [ $1 -eq 0 ]; then
+    %selinux_modules_uninstall -s %{selinuxtype} %{modulename}
+fi
+
+%posttrans selinux
+%selinux_relabel_post -s %{selinuxtype}
+
+
 %post server
 %if 0%{?fedora} || 0%{?rhel} >= 7
 %systemd_post fail2ban.service
@@ -250,6 +291,11 @@ fi
 
 %files
 
+%files selinux
+%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
+%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
+%license COPYING
+
 %files server
 %doc README.md TODO ChangeLog COPYING doc/*.txt
 %{_bindir}/fail2ban-client
@@ -316,6 +362,9 @@ fi
 
 
 %changelog
+* Wed Feb 26 2020 Orion Poplawski  - 0.11.1-4
+- Add SELinux policy
+
 * Tue Jan 28 2020 Fedora Release Engineering  - 0.11.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
diff --git a/fail2ban.te b/fail2ban.te
new file mode 100644
index 0000000..0b5effb
--- /dev/null
+++ b/fail2ban.te
@@ -0,0 +1,190 @@
+policy_module(fail2ban, 1.5.0)
+
+########################################
+#
+# Declarations
+#
+
+attribute_role fail2ban_client_roles;
+
+type fail2ban_t;
+type fail2ban_exec_t;
+init_daemon_domain(fail2ban_t, fail2ban_exec_t)
+
+type fail2ban_initrc_exec_t;
+init_script_file(fail2ban_initrc_exec_t)
+
+type fail2ban_log_t;
+logging_log_file(fail2ban_log_t)
+
+type fail2ban_var_lib_t;
+files_type(fail2ban_var_lib_t)
+
+type fail2ban_var_run_t;
+files_pid_file(fail2ban_var_run_t)
+
+type fail2ban_tmp_t;
+files_tmp_file(fail2ban_tmp_t)
+
+type fail2ban_client_t;
+type fail2ban_client_exec_t;
+init_system_domain(fail2ban_client_t, fail2ban_client_exec_t)
+role fail2ban_client_roles types fail2ban_client_t;
+
+########################################
+#
+# Server Local policy
+#
+
+allow fail2ban_t self:capability { dac_read_search sys_tty_config };
+allow fail2ban_t self:process { getpgid setsched signal };
+allow fail2ban_t self:fifo_file rw_fifo_file_perms;
+allow fail2ban_t self:unix_stream_socket { accept connectto listen };
+allow fail2ban_t self:tcp_socket { accept listen };
+allow fail2ban_t self:netlink_netfilter_socket create_socket_perms;
+
+read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
+
+append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
+create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
+setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
+logging_log_filetrans(fail2ban_t, fail2ban_log_t, file)
+
+manage_dirs_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
+manage_files_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
+exec_files_pattern(fail2ban_t, fail2ban_tmp_t, fail2ban_tmp_t)
+files_tmp_filetrans(fail2ban_t, fail2ban_tmp_t, { dir file })
+
+manage_dirs_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t)
+manage_files_pattern(fail2ban_t, fail2ban_var_lib_t, fail2ban_var_lib_t)
+
+manage_dirs_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+manage_sock_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+manage_files_pattern(fail2ban_t, fail2ban_var_run_t, fail2ban_var_run_t)
+files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, file)
+
+kernel_read_system_state(fail2ban_t)
+kernel_read_network_state(fail2ban_t)
+
+
+corecmd_exec_bin(fail2ban_t)
+corecmd_exec_shell(fail2ban_t)
+
+corenet_all_recvfrom_netlabel(fail2ban_t)
+corenet_tcp_sendrecv_generic_if(fail2ban_t)
+corenet_tcp_sendrecv_generic_node(fail2ban_t)
+
+corenet_sendrecv_whois_client_packets(fail2ban_t)
+corenet_tcp_connect_whois_port(fail2ban_t)
+corenet_tcp_sendrecv_whois_port(fail2ban_t)
+
+dev_read_urand(fail2ban_t)
+
+domain_use_interactive_fds(fail2ban_t)
+domain_dontaudit_read_all_domains_state(fail2ban_t)
+
+files_read_etc_runtime_files(fail2ban_t)
+files_list_var(fail2ban_t)
+files_dontaudit_list_tmp(fail2ban_t)
+
+fs_list_inotifyfs(fail2ban_t)
+fs_getattr_all_fs(fail2ban_t)
+
+auth_use_nsswitch(fail2ban_t)
+
+logging_read_all_logs(fail2ban_t)
+logging_read_audit_log(fail2ban_t)
+logging_send_syslog_msg(fail2ban_t)
+logging_read_syslog_pid(fail2ban_t)
+logging_dontaudit_search_audit_logs(fail2ban_t)
+logging_mmap_generic_logs(fail2ban_t)
+logging_mmap_journal(fail2ban_t)
+
+mta_send_mail(fail2ban_t)
+
+sysnet_manage_config(fail2ban_t)
+
+optional_policy(`
+	apache_read_log(fail2ban_t)
+')
+
+optional_policy(`
+	dbus_system_bus_client(fail2ban_t)
+	dbus_connect_system_bus(fail2ban_t)
+
+	optional_policy(`
+		firewalld_dbus_chat(fail2ban_t)
+	')
+')
+
+optional_policy(`
+	ftp_read_log(fail2ban_t)
+')
+
+optional_policy(`
+	gnome_dontaudit_search_config(fail2ban_t)
+')
+
+optional_policy(`
+	iptables_domtrans(fail2ban_t)
+')
+
+optional_policy(`
+	allow fail2ban_t self:capability sys_resource;
+	allow fail2ban_t self:process setrlimit;
+	journalctl_exec(fail2ban_t)
+')
+
+optional_policy(`
+	libs_exec_ldconfig(fail2ban_t)
+')
+
+optional_policy(`
+	rpm_exec(fail2ban_t)
+')
+
+optional_policy(`
+	shorewall_domtrans(fail2ban_t)
+')
+
+########################################
+#
+# Client Local policy
+#
+
+allow fail2ban_client_t self:capability { dac_read_search  };
+allow fail2ban_client_t self:unix_stream_socket { create connect write read };
+
+domtrans_pattern(fail2ban_client_t, fail2ban_exec_t, fail2ban_t)
+
+allow fail2ban_client_t fail2ban_t:process { rlimitinh };
+
+dontaudit fail2ban_client_t fail2ban_var_run_t:dir_file_class_set audit_access;
+allow fail2ban_client_t fail2ban_var_run_t:dir write;
+stream_connect_pattern(fail2ban_client_t, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
+
+kernel_read_system_state(fail2ban_client_t)
+
+corecmd_exec_bin(fail2ban_client_t)
+
+dev_read_urand(fail2ban_client_t)
+dev_read_rand(fail2ban_client_t)
+
+domain_use_interactive_fds(fail2ban_client_t)
+
+files_search_pids(fail2ban_client_t)
+
+auth_use_nsswitch(fail2ban_client_t)
+
+libs_exec_ldconfig(fail2ban_client_t)
+
+logging_getattr_all_logs(fail2ban_client_t)
+logging_search_all_logs(fail2ban_client_t)
+logging_read_audit_log(fail2ban_client_t)
+
+userdom_dontaudit_search_user_home_dirs(fail2ban_client_t)
+userdom_use_user_terminals(fail2ban_client_t)
+
+optional_policy(`
+    apache_read_log(fail2ban_client_t)
+')

From e923ba837168bac553e8a17106f52d85a6248ac7 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 26 Feb 2020 19:54:14 -0700
Subject: [PATCH 114/201] Update to lastest selinux-policy-contrib

---
 fail2ban.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fail2ban.te b/fail2ban.te
index 0b5effb..302f4bc 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -65,7 +65,7 @@ files_pid_filetrans(fail2ban_t, fail2ban_var_run_t, file)
 
 kernel_read_system_state(fail2ban_t)
 kernel_read_network_state(fail2ban_t)
-
+kernel_read_net_sysctls(fail2ban_t)
 
 corecmd_exec_bin(fail2ban_t)
 corecmd_exec_shell(fail2ban_t)
@@ -79,6 +79,7 @@ corenet_tcp_connect_whois_port(fail2ban_t)
 corenet_tcp_sendrecv_whois_port(fail2ban_t)
 
 dev_read_urand(fail2ban_t)
+dev_read_sysfs(fail2ban_t)
 
 domain_use_interactive_fds(fail2ban_t)
 domain_dontaudit_read_all_domains_state(fail2ban_t)

From 3df6a1af6947b244143b4a4ad2f45c84ec6413e5 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 18 Mar 2020 19:53:11 -0500
Subject: [PATCH 115/201] Commit fixes for Python 3.9.

---
 2651.patch                                    | 65 +++++++++++++++++++
 ...c1cdd296530f331637c725bd2bb0549e01e6.patch | 54 +++++++++++++++
 ...f30cdd855c41b80ebdde3fe2bc91cc94e594.patch | 34 ++--------
 fail2ban.spec                                 |  4 ++
 4 files changed, 130 insertions(+), 27 deletions(-)
 create mode 100644 2651.patch
 create mode 100644 343ec1cdd296530f331637c725bd2bb0549e01e6.patch

diff --git a/2651.patch b/2651.patch
new file mode 100644
index 0000000..520d5d2
--- /dev/null
+++ b/2651.patch
@@ -0,0 +1,65 @@
+From 781a25512b107828aff71998c19f2fa4dbf471c1 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Fri, 6 Mar 2020 19:04:39 +0100
+Subject: [PATCH 1/4] travis CI: add 3.9-dev as target
+
+---
+ .travis.yml | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fail2ban/server/jailthread.py
++++ b/fail2ban/server/jailthread.py
+@@ -120,3 +120,6 @@ class JailThread(Thread):
+ ## python 2.x replace binding of private __bootstrap method:
+ if sys.version_info < (3,): # pragma: 3.x no cover
+ 	JailThread._Thread__bootstrap = JailThread._JailThread__bootstrap
++## python 3.9, restore isAlive method:
++elif not hasattr(JailThread, 'isAlive'): # pragma: 2.x no cover
++	 JailThread.isAlive = JailThread.is_alive
+--- a/fail2ban/tests/sockettestcase.py
++++ b/fail2ban/tests/sockettestcase.py
+@@ -87,7 +87,7 @@ class Socket(LogCaptureTestCase):
+ 	def _stopServerThread(self):
+ 		serverThread = self.serverThread
+ 		# wait for end of thread :
+-		Utils.wait_for(lambda: not serverThread.isAlive() 
++		Utils.wait_for(lambda: not serverThread.is_alive()
+ 			or serverThread.join(Utils.DEFAULT_SLEEP_TIME), unittest.F2B.maxWaitTime(10))
+ 		self.serverThread = None
+ 
+@@ -98,7 +98,7 @@ class Socket(LogCaptureTestCase):
+ 		self.server.close()
+ 		# wait for end of thread :
+ 		self._stopServerThread()
+-		self.assertFalse(serverThread.isAlive())
++		self.assertFalse(serverThread.is_alive())
+ 		# clean :
+ 		self.server.stop()
+ 		self.assertFalse(self.server.isActive())
+@@ -139,7 +139,7 @@ class Socket(LogCaptureTestCase):
+ 		self.server.stop()
+ 		# wait for end of thread :
+ 		self._stopServerThread()
+-		self.assertFalse(serverThread.isAlive())
++		self.assertFalse(serverThread.is_alive())
+ 		self.assertFalse(self.server.isActive())
+ 		self.assertFalse(os.path.exists(self.sock_name))
+ 
+@@ -180,7 +180,7 @@ class Socket(LogCaptureTestCase):
+ 		self.server.stop()
+ 		# wait for end of thread :
+ 		self._stopServerThread()
+-		self.assertFalse(serverThread.isAlive())
++		self.assertFalse(serverThread.is_alive())
+ 
+ 	def testLoopErrors(self):
+ 		# replace poll handler to produce error in loop-cycle:
+@@ -216,7 +216,7 @@ class Socket(LogCaptureTestCase):
+ 		self.server.stop()
+ 		# wait for end of thread :
+ 		self._stopServerThread()
+-		self.assertFalse(serverThread.isAlive())
++		self.assertFalse(serverThread.is_alive())
+ 		self.assertFalse(self.server.isActive())
+ 		self.assertFalse(os.path.exists(self.sock_name))
+ 
diff --git a/343ec1cdd296530f331637c725bd2bb0549e01e6.patch b/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
new file mode 100644
index 0000000..fb597ad
--- /dev/null
+++ b/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
@@ -0,0 +1,54 @@
+From 343ec1cdd296530f331637c725bd2bb0549e01e6 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Wed, 18 Mar 2020 20:37:25 +0100
+Subject: [PATCH] test-causes: avoid host-depending issue (mistakenly ignoring
+ IP 127.0.0.2 as own address) - replace loop-back addr with test sub-net addr
+ (and disable ignoreself)
+
+---
+ fail2ban/tests/observertestcase.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/fail2ban/tests/observertestcase.py b/fail2ban/tests/observertestcase.py
+index 8e9444548..e379ccd18 100644
+--- a/fail2ban/tests/observertestcase.py
++++ b/fail2ban/tests/observertestcase.py
+@@ -36,7 +36,6 @@
+ from ..server.observer import Observers, ObserverThread
+ from ..server.utils import Utils
+ from .utils import LogCaptureTestCase
+-from ..server.filter import Filter
+ from .dummyjail import DummyJail
+ 
+ from .databasetestcase import getFail2BanDb, Fail2BanDb
+@@ -224,7 +223,7 @@ def testBanTimeIncr(self):
+ 		jail.actions.setBanTime(10)
+ 		jail.setBanTimeExtra('increment', 'true')
+ 		jail.setBanTimeExtra('multipliers', '1 2 4 8 16 32 64 128 256 512 1024 2048')
+-		ip = "127.0.0.2"
++		ip = "192.0.2.1"
+ 		# used as start and fromtime (like now but time independence, cause test case can run slow):
+ 		stime = int(MyTime.time())
+ 		ticket = FailTicket(ip, stime, [])
+@@ -385,10 +384,12 @@ def testBanTimeIncr(self):
+ 
+ 		# two separate jails :
+ 		jail1 = DummyJail(backend='polling')
++		jail1.filter.ignoreSelf = False
+ 		jail1.setBanTimeExtra('increment', 'true')
+ 		jail1.database = self.db
+ 		self.db.addJail(jail1)
+ 		jail2 = DummyJail(name='DummyJail-2', backend='polling')
++		jail2.filter.ignoreSelf = False
+ 		jail2.database = self.db
+ 		self.db.addJail(jail2)
+ 		ticket1 = FailTicket(ip, stime, [])
+@@ -477,7 +478,7 @@ def testObserver(self):
+ 		self.assertEqual(tickets, [])
+ 
+ 		# add failure:
+-		ip = "127.0.0.2"
++		ip = "192.0.2.1"
+ 		ticket = FailTicket(ip, stime-120, [])
+ 		failManager = FailManager()
+ 		failManager.setMaxRetry(3)
diff --git a/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch b/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
index de372f3..abc806c 100644
--- a/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
+++ b/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
@@ -20,11 +20,9 @@ Subject: [PATCH] closes #2596: fixed supplying of backend-related `logtype` to
  create mode 100644 fail2ban/tests/config/filter.d/checklogtype.conf
  create mode 100644 fail2ban/tests/config/filter.d/checklogtype_test.conf
 
-diff --git a/MANIFEST b/MANIFEST
-index dbcc2f602..5680492af 100644
 --- a/MANIFEST
 +++ b/MANIFEST
-@@ -226,6 +226,8 @@ fail2ban/tests/clientreadertestcase.py
+@@ -227,6 +227,8 @@ fail2ban/tests/clientreadertestcase.py
  fail2ban/tests/config/action.d/action.conf
  fail2ban/tests/config/action.d/brokenaction.conf
  fail2ban/tests/config/fail2ban.conf
@@ -33,11 +31,9 @@ index dbcc2f602..5680492af 100644
  fail2ban/tests/config/filter.d/simple.conf
  fail2ban/tests/config/filter.d/test.conf
  fail2ban/tests/config/filter.d/test.local
-diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
-index 66b987b28..20709b724 100644
 --- a/fail2ban/client/configreader.py
 +++ b/fail2ban/client/configreader.py
-@@ -120,6 +120,10 @@ def has_section(self, sec):
+@@ -120,6 +120,10 @@ class ConfigReader():
  		except AttributeError:
  			return False
  
@@ -48,7 +44,7 @@ index 66b987b28..20709b724 100644
  	def merge_defaults(self, d):
  		self._cfg.get_defaults().update(d)
  
-@@ -261,8 +265,8 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False):
+@@ -261,8 +265,8 @@ class ConfigReaderUnshared(SafeConfigPar
  					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
  								% (optname, sec, optvalue))
  					values[optname] = optvalue
@@ -59,11 +55,9 @@ index 66b987b28..20709b724 100644
  			except ValueError:
  				logSys.warning("Wrong value for '" + optname + "' in '" + sec +
  							"'. Using default one: '" + repr(optvalue) + "'")
-diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py
-index f6a4b141c..334c031f4 100644
 --- a/fail2ban/client/fail2banregex.py
 +++ b/fail2ban/client/fail2banregex.py
-@@ -372,11 +372,8 @@ def readRegex(self, value, regextype):
+@@ -372,11 +372,8 @@ class Fail2banRegex(object):
  			if not ret:
  				output( "ERROR: failed to load filter %s" % value )
  				return False
@@ -77,11 +71,9 @@ index f6a4b141c..334c031f4 100644
  			# get, interpolate and convert options:
  			reader.getOptions(None)
  			# show real options if expected:
-diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py
-index ede18dca2..413f125e6 100644
 --- a/fail2ban/client/filterreader.py
 +++ b/fail2ban/client/filterreader.py
-@@ -53,6 +53,14 @@ def setFile(self, fileName):
+@@ -53,6 +53,14 @@ class FilterReader(DefinitionInitConfigR
  	def getFile(self):
  		return self.__file
  
@@ -96,11 +88,9 @@ index ede18dca2..413f125e6 100644
  	def convert(self):
  		stream = list()
  		opts = self.getCombined()
-diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
-index 917a562ce..1d7db0dc9 100644
 --- a/fail2ban/client/jailreader.py
 +++ b/fail2ban/client/jailreader.py
-@@ -142,11 +142,8 @@ def getOptions(self):
+@@ -149,11 +149,8 @@ class JailReader(ConfigReader):
  				ret = self.__filter.read()
  				if not ret:
  					raise JailDefError("Unable to read the filter %r" % filterName)
@@ -114,11 +104,9 @@ index 917a562ce..1d7db0dc9 100644
  				# merge options from filter as 'known/...' (all options unfiltered):
  				self.__filter.getOptions(self.__opts, all=True)
  				ConfigReader.merge_section(self, self.__name, self.__filter.getCombined(), 'known/')
-diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py
-index d39860f47..2c1d0a0e4 100644
 --- a/fail2ban/tests/clientreadertestcase.py
 +++ b/fail2ban/tests/clientreadertestcase.py
-@@ -328,7 +328,22 @@ def testOverrideFilterOptInJail(self):
+@@ -328,7 +328,22 @@ class JailReaderTest(LogCaptureTestCase)
  			self.assertFalse(len(o) > 2 and o[2].endswith('regex'))
  			i += 1
  			if i > usednsidx: break
@@ -142,9 +130,6 @@ index d39860f47..2c1d0a0e4 100644
  	def testSplitOption(self):
  		# Simple example
  		option = "mail-whois[name=SSH]"
-diff --git a/fail2ban/tests/config/filter.d/checklogtype.conf b/fail2ban/tests/config/filter.d/checklogtype.conf
-new file mode 100644
-index 000000000..4d700fffa
 --- /dev/null
 +++ b/fail2ban/tests/config/filter.d/checklogtype.conf
 @@ -0,0 +1,31 @@
@@ -179,9 +164,6 @@ index 000000000..4d700fffa
 +# specified in init parameter of jail (see ../jail.conf, jail checklogtype_init):
 +[lt_init]
 +__prefix_line = INIT
-diff --git a/fail2ban/tests/config/filter.d/checklogtype_test.conf b/fail2ban/tests/config/filter.d/checklogtype_test.conf
-new file mode 100644
-index 000000000..a76f5fcfb
 --- /dev/null
 +++ b/fail2ban/tests/config/filter.d/checklogtype_test.conf
 @@ -0,0 +1,12 @@
@@ -198,8 +180,6 @@ index 000000000..a76f5fcfb
 +# overwrite logtype in definition (no backend anymore):
 +logtype = test
 \ No newline at end of file
-diff --git a/fail2ban/tests/config/jail.conf b/fail2ban/tests/config/jail.conf
-index de5bbbdc5..b1a1707b6 100644
 --- a/fail2ban/tests/config/jail.conf
 +++ b/fail2ban/tests/config/jail.conf
 @@ -74,3 +74,28 @@ journalmatch = _COMM=test
diff --git a/fail2ban.spec b/fail2ban.spec
index 27557e1..77698e5 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -24,6 +24,10 @@ Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf76619816
 Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
 # Fix test install
 Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch
+# Patch for Python 3.9
+# https://bugzilla.redhat.com/show_bug.cgi?id=1808347
+Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch
+Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
 
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3

From a61ce58a32157d98e56650d2c34d1815fa36d91d Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 18 Mar 2020 19:58:01 -0500
Subject: [PATCH 116/201] Update for Python 3.9.

---
 fail2ban.spec | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 77698e5..0d892ad 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,7 +1,8 @@
-Summary: Daemon to ban hosts that cause multiple authentication errors
 Name: fail2ban
 Version: 0.11.1
-Release: 4%{?dist}
+Release: 5%{?dist}
+Summary: Daemon to ban hosts that cause multiple authentication errors
+
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -255,7 +256,6 @@ install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{
 %python3 bin/fail2ban-testcases --verbosity=2 --no-network
 
 
-
 %pre selinux
 %selinux_relabel_pre -s %{selinuxtype}
 
@@ -366,6 +366,9 @@ fi
 
 
 %changelog
+* Thu Mar 19 2020 Richard Shaw  - 0.11.1-5
+- Update for Python 3.9.
+
 * Wed Feb 26 2020 Orion Poplawski  - 0.11.1-4
 - Add SELinux policy
 

From fe5d325c64f0fb945730be2689437c407f7028be Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Thu, 16 Apr 2020 07:26:35 -0500
Subject: [PATCH 117/201] Change default firewalld backend from ipset to
 rich-rules as ipset causes   firewalld to use legacy iptables. Fixes
 RHBZ#1823746. Remove conditionals for EL versions less than 7.

---
 fail2ban.spec | 51 +++++++++++++++++----------------------------------
 1 file changed, 17 insertions(+), 34 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 0d892ad..22f73c2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -36,9 +36,7 @@ BuildRequires: /usr/bin/2to3
 BuildRequires: python3-inotify
 BuildRequires: sqlite
 BuildArch: noarch
-%if 0%{?fedora} || 0%{?rhel} >= 7
 BuildRequires: systemd
-%endif
 BuildRequires: selinux-policy-devel
 # Default components
 Requires: %{name}-firewalld = %{version}-%{release}
@@ -75,17 +73,10 @@ SELinux policies for Fail2Ban.
 
 %package server
 Summary: Core server component for Fail2Ban
-%if 0%{?fedora} || 0%{?rhel} >= 7
 Requires: python3-systemd
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-%else
-Requires: initscripts
-Requires(post): /sbin/chkconfig
-Requires(preun): /sbin/chkconfig
-Requires(preun): /sbin/service
-%endif
 Requires: ipset
 Requires: iptables
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
@@ -185,13 +176,16 @@ by default.
 
 %prep
 %autosetup -p1
+
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
 2to3 --write --nobackups .
 find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
+
 # SELinux sources
 cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
 
+
 %build
 %py3_build
 make -f %SOURCE4
@@ -202,13 +196,8 @@ make -f %SOURCE4
 # Make symbolic link relative
 ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
 
-%if 0%{?fedora} || 0%{?rhel} >= 7
 mkdir -p %{buildroot}%{_unitdir}
 cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
-%else
-mkdir -p %{buildroot}%{_initddir}
-install -p -m 755 files/redhat-initd %{buildroot}%{_initddir}/fail2ban
-%endif
 mkdir -p %{buildroot}%{_mandir}/man{1,5}
 install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
@@ -219,21 +208,25 @@ install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_tmpfilesdir}
 install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
+
 # Remove non-Linux actions
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/{ipfilter,pf,ufw}.conf
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/osx-*.conf
+
 # Remove config files for other distros
 rm -f %{buildroot}%{_sysconfdir}/fail2ban/paths-{arch,debian,freebsd,opensuse,osx}.conf
+
 # firewalld configuration
 cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <]
-banaction_allports = firewallcmd-ipset[actiontype=]
+banaction = firewallcmd-rich-rules[actiontype=]
+banaction_allports = firewallcmd-rich-rules[actiontype=]
 EOF
+
 # systemd journal configuration
 cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf < %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-systemd.conf <= 7
 %systemd_post fail2ban.service
-%else
-/sbin/chkconfig --add %{name}
-%endif
 
 %preun server
-%if 0%{?fedora} || 0%{?rhel} >= 7
 %systemd_preun fail2ban.service
-%else
-if [ $1 = 0 ]; then
-  /sbin/service %{name} stop > /dev/null 2>&1
-  /sbin/chkconfig --del %{name}
-fi
-%endif
 
-%if 0%{?fedora} || 0%{?rhel} >= 7
 %postun server
 %systemd_postun_with_restart fail2ban.service
-%endif
+
 
 %files
 
@@ -308,11 +290,7 @@ fi
 %{_bindir}/fail2ban-server
 %{python3_sitelib}/*
 %exclude %{python3_sitelib}/fail2ban/tests
-%if 0%{?fedora} || 0%{?rhel} >= 7
 %{_unitdir}/fail2ban.service
-%else
-%{_initddir}/fail2ban
-%endif
 %{_mandir}/man1/fail2ban.1*
 %{_mandir}/man1/fail2ban-client.1*
 %{_mandir}/man1/fail2ban-python.1*
@@ -366,6 +344,11 @@ fi
 
 
 %changelog
+* Thu Apr 16 2020 Richard Shaw  - 0.11.1-6
+- Change default firewalld backend from ipset to rich-rules as ipset causes
+  firewalld to use legacy iptables. Fixes RHBZ#1823746.
+- Remove conditionals for EL versions less than 7.
+
 * Thu Mar 19 2020 Richard Shaw  - 0.11.1-5
 - Update for Python 3.9.
 

From 75dff9a4709f451f2ad344f308c36f04a3dad871 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= 
Date: Tue, 26 May 2020 02:45:14 +0200
Subject: [PATCH 118/201] Rebuilt for Python 3.9

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 22f73c2..290fe6c 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -344,6 +344,9 @@ fi
 
 
 %changelog
+* Tue May 26 2020 Miro Hrončok  - 0.11.1-7
+- Rebuilt for Python 3.9
+
 * Thu Apr 16 2020 Richard Shaw  - 0.11.1-6
 - Change default firewalld backend from ipset to rich-rules as ipset causes
   firewalld to use legacy iptables. Fixes RHBZ#1823746.

From 5f7bd2d63dfb9edf2adfa66cb0358b65b8a6a4f8 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 24 Jun 2020 10:22:41 -0500
Subject: [PATCH 119/201] In Fedora 32 and EL 8 nftables is the default
 firewall and does not accept : for port ranges, fixes RHBZ#1850164.

---
 fail2ban.spec | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index 22f73c2..a3af58a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -185,6 +185,12 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 # SELinux sources
 cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
 
+# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
+%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8
+sed -i "s/port = 0:65535/port = 0-65535/" config/jail.conf
+%endif
+
 
 %build
 %py3_build

From b65dff671cac0cda6c516d7eaf6b5e03f7bacbb1 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 24 Jun 2020 10:24:00 -0500
Subject: [PATCH 120/201] In Fedora 32 and EL 8 nftables is the default
 firewall and does not accept : for port ranges, fixes RHBZ#1850164.

---
 fail2ban.spec | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index 290fe6c..23e1a2e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -185,6 +185,12 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 # SELinux sources
 cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
 
+# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
+%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8
+sed -i "s/port = 0:65535/port = 0-65535/" config/jail.conf
+%endif
+
 
 %build
 %py3_build

From 48c7cf6380ac053ca6037d85d75f5ed06b4e2842 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Sat, 25 Jul 2020 07:09:57 -0500
Subject: [PATCH 121/201] Spec file cleanup.

---
 fail2ban.spec | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 23e1a2e..1f04a9e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -29,15 +29,20 @@ Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605
 # https://bugzilla.redhat.com/show_bug.cgi?id=1808347
 Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch
 Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
+# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
+Patch8: https://github.com/fail2ban/fail2ban/commit/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
+
+BuildArch: noarch
 
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3
 # For testcases
 BuildRequires: python3-inotify
 BuildRequires: sqlite
-BuildArch: noarch
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
+
 # Default components
 Requires: %{name}-firewalld = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
@@ -45,6 +50,7 @@ Requires: %{name}-server = %{version}-%{release}
 # Currently this breaks jails that don't log to the journal
 #Requires: %{name}-systemd = %{version}-%{release}
 
+
 %description
 Fail2Ban scans log files and bans IP addresses that makes too many password
 failures. It updates firewall rules to reject the IP address. These rules can
@@ -79,6 +85,7 @@ Requires(preun): systemd
 Requires(postun): systemd
 Requires: ipset
 Requires: iptables
+
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
 
 %description server
@@ -185,11 +192,6 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 # SELinux sources
 cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
 
-# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
-%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8
-sed -i "s/port = 0:65535/port = 0-65535/" config/jail.conf
-%endif
 
 
 %build

From 12188f88628fe16520e731e943e51e7ff230e5ac Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Sat, 25 Jul 2020 07:13:14 -0500
Subject: [PATCH 122/201] Add patch.

---
 ...8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch

diff --git a/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch b/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
new file mode 100644
index 0000000..2039459
--- /dev/null
+++ b/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
@@ -0,0 +1,42 @@
+From 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Wed, 24 Jun 2020 19:20:36 +0200
+Subject: [PATCH] action.d/nftables.conf (type=multiport only): fixed port
+ range selector (replacing `:` with `-`)
+
+---
+ config/action.d/nftables.conf    | 2 +-
+ fail2ban/tests/servertestcase.py | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
+index c1fb8550f..77cf36615 100644
+--- a/config/action.d/nftables.conf
++++ b/config/action.d/nftables.conf
+@@ -34,7 +34,7 @@ type = multiport
+ 
+ rule_match-custom =
+ rule_match-allports = meta l4proto \{  \}
+-rule_match-multiport = $proto dport \{  \}
++rule_match-multiport = $proto dport \{ $(echo '' | sed s/:/-/g) \}
+ match = >
+ 
+ # Option:  rule_stat
+diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
+index b771ab50b..f1b667b12 100644
+--- a/fail2ban/tests/servertestcase.py
++++ b/fail2ban/tests/servertestcase.py
+@@ -1296,11 +1296,11 @@ def testCheckStockCommandActions(self):
+ 				),
+ 				'ip4-start': (
+ 					r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
+-					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`",
++					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
+ 				), 
+ 				'ip6-start': (
+ 					r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
+-					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
++					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
+ 				),
+ 				'flush': (
+ 					"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",

From 20fc6d32e1586d13e66f51145802985ba0014a3d Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Mon, 27 Jul 2020 17:08:11 +0000
Subject: [PATCH 123/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 1f04a9e..0cb0c40 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.1
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -352,6 +352,9 @@ fi
 
 
 %changelog
+* Mon Jul 27 2020 Fedora Release Engineering  - 0.11.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
 * Tue May 26 2020 Miro Hrončok  - 0.11.1-7
 - Rebuilt for Python 3.9
 

From 9eab35adee855a036c52fa5682499464eb227592 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 27 Jul 2020 12:34:10 -0500
Subject: [PATCH 124/201] Add conditionals for EL 7 / Python 2.

---
 fail2ban.spec | 56 ++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 44 insertions(+), 12 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 7abe5b4..3a5e346 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -35,10 +35,16 @@ Patch8: https://github.com/fail2ban/fail2ban/commit/309c8dddd7adc2de140ed5a72088
 
 BuildArch: noarch
 
+%if 0%{?rhel} && 0%{?rhel} < 8
+BuildRequires: python2-devel
+# For testcases
+BuildRequires: python-inotify
+%else
 BuildRequires: python3-devel
 BuildRequires: /usr/bin/2to3
 # For testcases
 BuildRequires: python3-inotify
+%endif
 BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
@@ -79,14 +85,20 @@ SELinux policies for Fail2Ban.
 
 %package server
 Summary: Core server component for Fail2Ban
+%if 0%{?rhel} && 0%{?rhel} < 8
+Requires: python2-systemd
+%else
 Requires: python3-systemd
+%endif
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 Requires: ipset
 Requires: iptables
 
+%if 0%{?fedora}
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
+%endif
 
 %description server
 This package contains the core server components for Fail2Ban with minimal
@@ -104,10 +116,14 @@ Requires: %{name}-server = %{version}-%{release}
 Requires: %{name}-shorewall = %{version}-%{release}
 # Currently this breaks jails that don't log to the journal
 #Requires: %{name}-systemd = %{version}-%{release}
-# No python3 support for gamin
-#Requires: gamin-python
 Requires: perl-interpreter
-Requires: python3-inotify
+%if 0%{?rhel} && 0%{?rhel} < 8
+Requires: python-inotify
+# No python3 support for gamin so epel only
+Requires: gamin-python
+%else
+Requires: python2-inotify
+%endif
 Requires: /usr/bin/whois
 
 %description all
@@ -186,29 +202,32 @@ by default.
 
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
+%if 0%{?fedora} || 0%{?rhel} >= 8
 2to3 --write --nobackups .
 find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
+%endif
 
 # SELinux sources
 cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
 
-# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
-%if 0%{?fedora} >= 32 || 0%{?rhel} >= 8
-sed -i "s/port = 0:65535/port = 0-65535/" config/jail.conf
-%endif
-
-
 
 %build
+%if 0%{?rhel} && 0%{?rhel} < 8
+%py2_build
+%else
 %py3_build
+%endif
 make -f %SOURCE4
 
 %install
-%py3_install
-
+%if 0%{?rhel} && 0%{?rhel} < 8
+%py2_install
 # Make symbolic link relative
+ln -fs python2 %{buildroot}%{_bindir}/fail2ban-python
+%else
+%py3_install
 ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
+%endif
 
 mkdir -p %{buildroot}%{_unitdir}
 cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
@@ -261,7 +280,11 @@ install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{
 
 
 %check
+%if 0%{?rhel} && 0%{?rhel} < 8
+%python2 bin/fail2ban-testcases --verbosity=2 --no-network
+%else
 %python3 bin/fail2ban-testcases --verbosity=2 --no-network
+%endif
 
 
 %pre selinux
@@ -302,8 +325,13 @@ fi
 %{_bindir}/fail2ban-python
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-server
+%if 0%{?rhel} && 0%{?rhel} < 8
+%{python2_sitelib}/*
+%exclude %{python2_sitelib}/fail2ban/tests
+%else
 %{python3_sitelib}/*
 %exclude %{python3_sitelib}/fail2ban/tests
+%endif
 %{_unitdir}/fail2ban.service
 %{_mandir}/man1/fail2ban.1*
 %{_mandir}/man1/fail2ban-client.1*
@@ -338,7 +366,11 @@ fi
 %files tests
 %{_bindir}/fail2ban-testcases
 %{_mandir}/man1/fail2ban-testcases.1*
+%if 0%{?rhel} && 0%{?rhel} < 8
+%{python2_sitelib}/fail2ban/tests
+%else
 %{python3_sitelib}/fail2ban/tests
+%endif
 
 %files mail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf

From 74b26064d28630dc60cee494360dcc64b4b09698 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 27 Jul 2020 12:37:15 -0500
Subject: [PATCH 125/201] Add conditonals back for EL 7 as it's being brought
 up to date. Add patch to deal with nftables not accepting ":" as a port
 separator.

---
 fail2ban.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 14402f1..005729e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.1
-Release: 8%{?dist}
+Release: 9%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -390,6 +390,10 @@ fi
 
 
 %changelog
+* Mon Jul 27 2020 Richard Shaw  - 0.11.1-9
+- Add conditonals back for EL 7 as it's being brought up to date.
+- Add patch to deal with nftables not accepting ":" as a port separator.
+
 * Mon Jul 27 2020 Fedora Release Engineering  - 0.11.1-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 

From 02a32ff76b6594ab4204d2ffeb2fe0a5372fb99b Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 27 Jul 2020 20:43:58 -0500
Subject: [PATCH 126/201] Fix python2 requires for EPEL 7.

---
 fail2ban.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 005729e..5e48fe0 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -36,7 +36,7 @@ Patch8: https://github.com/fail2ban/fail2ban/commit/309c8dddd7adc2de140ed5a72088
 BuildArch: noarch
 
 %if 0%{?rhel} && 0%{?rhel} < 8
-BuildRequires: python2-devel
+BuildRequires: python-devel
 # For testcases
 BuildRequires: python-inotify
 %else
@@ -86,7 +86,7 @@ SELinux policies for Fail2Ban.
 %package server
 Summary: Core server component for Fail2Ban
 %if 0%{?rhel} && 0%{?rhel} < 8
-Requires: python2-systemd
+Requires: python-systemd
 %else
 Requires: python3-systemd
 %endif

From 7b1980d50fa14ae114af7d36dc8a9a4b33500b8e Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 27 Jul 2020 20:44:30 -0500
Subject: [PATCH 127/201] Fix python2 requires for EPEL 7.

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 5e48fe0..d6df97f 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.1
-Release: 9%{?dist}
+Release: 9%{?dist}.1
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -390,6 +390,9 @@ fi
 
 
 %changelog
+* Tue Jul 28 2020 Richard Shaw  - 0.11.1-9.1
+- Fix python2 requires for EPEL 7.
+
 * Mon Jul 27 2020 Richard Shaw  - 0.11.1-9
 - Add conditonals back for EL 7 as it's being brought up to date.
 - Add patch to deal with nftables not accepting ":" as a port separator.

From e685f72cdac40bd3bbdeb1272338629c5abfac12 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 29 Jul 2020 07:51:20 -0500
Subject: [PATCH 128/201] Fix python2 requires for EPEL 7.

---
 fail2ban.spec | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d6df97f..48fa262 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.1
-Release: 9%{?dist}.1
+Release: 9%{?dist}.2
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -86,7 +86,7 @@ SELinux policies for Fail2Ban.
 %package server
 Summary: Core server component for Fail2Ban
 %if 0%{?rhel} && 0%{?rhel} < 8
-Requires: python-systemd
+Requires: systemd-python
 %else
 Requires: python3-systemd
 %endif
@@ -390,7 +390,7 @@ fi
 
 
 %changelog
-* Tue Jul 28 2020 Richard Shaw  - 0.11.1-9.1
+* Tue Jul 28 2020 Richard Shaw  - 0.11.1-9.2
 - Fix python2 requires for EPEL 7.
 
 * Mon Jul 27 2020 Richard Shaw  - 0.11.1-9

From 28225b6487b8012d7113afd17fccb23b7c67ad07 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Thu, 6 Aug 2020 06:44:39 -0500
Subject: [PATCH 129/201] Fix python-inotify dependency.

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 48fa262..ab5caa4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -122,7 +122,7 @@ Requires: python-inotify
 # No python3 support for gamin so epel only
 Requires: gamin-python
 %else
-Requires: python2-inotify
+Requires: python3-inotify
 %endif
 Requires: /usr/bin/whois
 

From 381568b39581cd6f271ddbd7503650ecf60e8550 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Fri, 28 Aug 2020 06:45:28 -0500
Subject: [PATCH 130/201] Create shorewall-lite subpackage package which
 conflicts with shorewall   subpackage. Fixes RHBZ#1872759.

---
 fail2ban.spec | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index ab5caa4..b72b39b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.1
-Release: 9%{?dist}.2
+Release: 10%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -183,11 +183,22 @@ mail actions for Fail2Ban.
 Summary: Shorewall support for Fail2Ban
 Requires: %{name}-server = %{version}-%{release}
 Requires: shorewall
+Conflicts: %{name}-shorewall-lite
 
 %description shorewall
 This package enables support for manipulating shorewall rules.
 
 
+%package shorewall-lite
+Summary: Shorewall lite support for Fail2Ban
+Requires: %{name}-server = %{version}-%{release}
+Requires: shorewall-lite
+Conflicts: %{name}-shorewall
+
+%description shorewall-lite
+This package enables support for manipulating shorewall rules.
+
+
 %package systemd
 Summary: Systemd journal configuration for Fail2Ban
 Requires: %{name}-server = %{version}-%{release}
@@ -385,11 +396,18 @@ fi
 %files shorewall
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
 
+%files shorewall-lite
+%config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
+
 %files systemd
 %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf
 
 
 %changelog
+* Fri Aug 28 2020 Richard Shaw  - 0.11.1-10.2
+- Create shorewall-lite subpackage package which conflicts with shorewall
+  subpackage. Fixes RHBZ#1872759.
+
 * Tue Jul 28 2020 Richard Shaw  - 0.11.1-9.2
 - Fix python2 requires for EPEL 7.
 

From 1617c7e46a50170a889db40b95589ad51a30cc00 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 5 Oct 2020 06:52:09 -0500
Subject: [PATCH 131/201] Require python setuptools explicitly.

---
 fail2ban.spec | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index b72b39b..51c0b42 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -37,10 +37,12 @@ BuildArch: noarch
 
 %if 0%{?rhel} && 0%{?rhel} < 8
 BuildRequires: python-devel
+BuildRequires: python-setuptools
 # For testcases
 BuildRequires: python-inotify
 %else
 BuildRequires: python3-devel
+BuildRequires: python3-setuptools
 BuildRequires: /usr/bin/2to3
 # For testcases
 BuildRequires: python3-inotify

From f3a4836a65bfa9979d8d4ab150b5706e35c6fab1 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Tue, 24 Nov 2020 08:28:29 -0600
Subject: [PATCH 132/201] Update to 0.11.2.

---
 .gitignore                                    |   1 +
 2605.patch                                    | 152 -------------
 2651.patch                                    |  65 ------
 ...8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch |  42 ----
 ...c1cdd296530f331637c725bd2bb0549e01e6.patch |  54 -----
 ...c547285c4030d4bf7661981673038e6e9829.patch |  31 ---
 ...f30cdd855c41b80ebdde3fe2bc91cc94e594.patch | 213 ------------------
 ...f83aa3795f387c8475ceb48df197a94a37e8.patch |  22 --
 ...b1942c4da76f7a0f71efe81bea6835466648.patch |  25 --
 fail2ban.spec                                 |  30 +--
 sources                                       |   2 +-
 11 files changed, 10 insertions(+), 627 deletions(-)
 delete mode 100644 2605.patch
 delete mode 100644 2651.patch
 delete mode 100644 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
 delete mode 100644 343ec1cdd296530f331637c725bd2bb0549e01e6.patch
 delete mode 100644 8694c547285c4030d4bf7661981673038e6e9829.patch
 delete mode 100644 8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
 delete mode 100644 b158f83aa3795f387c8475ceb48df197a94a37e8.patch
 delete mode 100644 ec37b1942c4da76f7a0f71efe81bea6835466648.patch

diff --git a/.gitignore b/.gitignore
index dd4b1af..0df6ce0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.10.4.tar.gz
 /fail2ban-0.10.5.tar.gz
 /fail2ban-0.11.1.tar.gz
+/fail2ban-0.11.2.tar.gz
diff --git a/2605.patch b/2605.patch
deleted file mode 100644
index 05e5646..0000000
--- a/2605.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From 3965d690b137152b2a0a6a46989178b5566cfd8e Mon Sep 17 00:00:00 2001
-From: Angelo Compagnucci 
-Date: Thu, 16 Jan 2020 12:05:13 +0100
-Subject: [PATCH 1/2] Revert "setup.py: adding option to install without tests"
-
-Test should actually removed from the stup data in finalize_options
-instead of being added back.
-
-This reverts commit 9b918bba2f672780fb4469294d80ba7deb6b8cab.
-
-Signed-off-by: Angelo Compagnucci 
----
- setup.py | 41 ++++++++++++++++-------------------------
- 1 file changed, 16 insertions(+), 25 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index e476c5dd6..8da292683 100755
---- a/setup.py
-+++ b/setup.py
-@@ -119,11 +119,9 @@ def update_scripts(self, dry_run=False):
- class install_command_f2b(install):
- 	user_options = install.user_options + [
- 		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
--		('without-tests', None, 'without tests files installation'),
- 	]
- 	def initialize_options(self):
- 		self.disable_2to3 = None
--		self.without_tests = None
- 		install.initialize_options(self)
- 	def finalize_options(self):
- 		global _2to3
-@@ -134,28 +132,6 @@ def finalize_options(self):
- 			cmdclass = self.distribution.cmdclass
- 			cmdclass['build_py'] = build_py_2to3
- 			cmdclass['build_scripts'] = build_scripts_2to3
--		if not self.without_tests:
--			self.distribution.scripts += [
--				'bin/fail2ban-testcases',
--			]
--
--			self.distribution.packages += [
--				'fail2ban.tests',
--				'fail2ban.tests.action_d',
--			]
--
--			self.distribution.package_data = {
--				'fail2ban.tests':
--					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
--						for w in os.walk('fail2ban/tests/files')
--						for f in w[2]] +
--					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
--						for w in os.walk('fail2ban/tests/config')
--						for f in w[2]] +
--					[ join(w[0], f).replace("fail2ban/tests/", "", 1)
--						for w in os.walk('fail2ban/tests/action_d')
--						for f in w[2]]
--			}
- 		install.finalize_options(self)
- 	def run(self):
- 		install.run(self)
-@@ -232,20 +208,35 @@ def run(self):
- 	license = "GPL",
- 	platforms = "Posix",
- 	cmdclass = {
--		'build_py': build_py, 'build_scripts': build_scripts,
-+		'build_py': build_py, 'build_scripts': build_scripts, 
- 		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
- 	},
- 	scripts = [
- 		'bin/fail2ban-client',
- 		'bin/fail2ban-server',
- 		'bin/fail2ban-regex',
-+		'bin/fail2ban-testcases',
- 		# 'bin/fail2ban-python', -- link (binary), will be installed via install_scripts_f2b wrapper
- 	],
- 	packages = [
- 		'fail2ban',
- 		'fail2ban.client',
- 		'fail2ban.server',
-+		'fail2ban.tests',
-+		'fail2ban.tests.action_d',
- 	],
-+	package_data = {
-+		'fail2ban.tests':
-+			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
-+				for w in os.walk('fail2ban/tests/files')
-+				for f in w[2]] +
-+			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
-+				for w in os.walk('fail2ban/tests/config')
-+				for f in w[2]] +
-+			[ join(w[0], f).replace("fail2ban/tests/", "", 1)
-+				for w in os.walk('fail2ban/tests/action_d')
-+				for f in w[2]]
-+	},
- 	data_files = [
- 		('/etc/fail2ban',
- 			glob("config/*.conf")
-
-From 5fa1f69264d3c23793f64c03c96737d54555e919 Mon Sep 17 00:00:00 2001
-From: Angelo Compagnucci 
-Date: Thu, 16 Jan 2020 12:28:42 +0100
-Subject: [PATCH 2/2] setup.py: adding option to install without tests
-
-Tests files are not always needed especially when installing on low
-resource systems like an embedded one.
-This patch adds the --without-tests option to skip installing the
-tests files.
-
-Signed-off-by: Angelo Compagnucci 
----
- setup.py | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/setup.py b/setup.py
-index 8da292683..ce1eedf68 100755
---- a/setup.py
-+++ b/setup.py
-@@ -119,9 +119,11 @@ def update_scripts(self, dry_run=False):
- class install_command_f2b(install):
- 	user_options = install.user_options + [
- 		('disable-2to3', None, 'Specify to deactivate 2to3, e.g. if the install runs from fail2ban test-cases.'),
-+		('without-tests', None, 'without tests files installation'),
- 	]
- 	def initialize_options(self):
- 		self.disable_2to3 = None
-+		self.without_tests = None
- 		install.initialize_options(self)
- 	def finalize_options(self):
- 		global _2to3
-@@ -132,6 +134,13 @@ def finalize_options(self):
- 			cmdclass = self.distribution.cmdclass
- 			cmdclass['build_py'] = build_py_2to3
- 			cmdclass['build_scripts'] = build_scripts_2to3
-+		if self.without_tests:
-+			self.distribution.scripts.remove('bin/fail2ban-testcases')
-+
-+			self.distribution.packages.remove('fail2ban.tests')
-+			self.distribution.packages.remove('fail2ban.tests.action_d')
-+
-+			del self.distribution.package_data['fail2ban.tests']
- 		install.finalize_options(self)
- 	def run(self):
- 		install.run(self)
-@@ -208,7 +217,7 @@ def run(self):
- 	license = "GPL",
- 	platforms = "Posix",
- 	cmdclass = {
--		'build_py': build_py, 'build_scripts': build_scripts, 
-+		'build_py': build_py, 'build_scripts': build_scripts,
- 		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
- 	},
- 	scripts = [
diff --git a/2651.patch b/2651.patch
deleted file mode 100644
index 520d5d2..0000000
--- a/2651.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 781a25512b107828aff71998c19f2fa4dbf471c1 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" 
-Date: Fri, 6 Mar 2020 19:04:39 +0100
-Subject: [PATCH 1/4] travis CI: add 3.9-dev as target
-
----
- .travis.yml | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/fail2ban/server/jailthread.py
-+++ b/fail2ban/server/jailthread.py
-@@ -120,3 +120,6 @@ class JailThread(Thread):
- ## python 2.x replace binding of private __bootstrap method:
- if sys.version_info < (3,): # pragma: 3.x no cover
- 	JailThread._Thread__bootstrap = JailThread._JailThread__bootstrap
-+## python 3.9, restore isAlive method:
-+elif not hasattr(JailThread, 'isAlive'): # pragma: 2.x no cover
-+	 JailThread.isAlive = JailThread.is_alive
---- a/fail2ban/tests/sockettestcase.py
-+++ b/fail2ban/tests/sockettestcase.py
-@@ -87,7 +87,7 @@ class Socket(LogCaptureTestCase):
- 	def _stopServerThread(self):
- 		serverThread = self.serverThread
- 		# wait for end of thread :
--		Utils.wait_for(lambda: not serverThread.isAlive() 
-+		Utils.wait_for(lambda: not serverThread.is_alive()
- 			or serverThread.join(Utils.DEFAULT_SLEEP_TIME), unittest.F2B.maxWaitTime(10))
- 		self.serverThread = None
- 
-@@ -98,7 +98,7 @@ class Socket(LogCaptureTestCase):
- 		self.server.close()
- 		# wait for end of thread :
- 		self._stopServerThread()
--		self.assertFalse(serverThread.isAlive())
-+		self.assertFalse(serverThread.is_alive())
- 		# clean :
- 		self.server.stop()
- 		self.assertFalse(self.server.isActive())
-@@ -139,7 +139,7 @@ class Socket(LogCaptureTestCase):
- 		self.server.stop()
- 		# wait for end of thread :
- 		self._stopServerThread()
--		self.assertFalse(serverThread.isAlive())
-+		self.assertFalse(serverThread.is_alive())
- 		self.assertFalse(self.server.isActive())
- 		self.assertFalse(os.path.exists(self.sock_name))
- 
-@@ -180,7 +180,7 @@ class Socket(LogCaptureTestCase):
- 		self.server.stop()
- 		# wait for end of thread :
- 		self._stopServerThread()
--		self.assertFalse(serverThread.isAlive())
-+		self.assertFalse(serverThread.is_alive())
- 
- 	def testLoopErrors(self):
- 		# replace poll handler to produce error in loop-cycle:
-@@ -216,7 +216,7 @@ class Socket(LogCaptureTestCase):
- 		self.server.stop()
- 		# wait for end of thread :
- 		self._stopServerThread()
--		self.assertFalse(serverThread.isAlive())
-+		self.assertFalse(serverThread.is_alive())
- 		self.assertFalse(self.server.isActive())
- 		self.assertFalse(os.path.exists(self.sock_name))
- 
diff --git a/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch b/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
deleted file mode 100644
index 2039459..0000000
--- a/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 309c8dddd7adc2de140ed5a72088cd4f2dcc9b91 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Wed, 24 Jun 2020 19:20:36 +0200
-Subject: [PATCH] action.d/nftables.conf (type=multiport only): fixed port
- range selector (replacing `:` with `-`)
-
----
- config/action.d/nftables.conf    | 2 +-
- fail2ban/tests/servertestcase.py | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
-index c1fb8550f..77cf36615 100644
---- a/config/action.d/nftables.conf
-+++ b/config/action.d/nftables.conf
-@@ -34,7 +34,7 @@ type = multiport
- 
- rule_match-custom =
- rule_match-allports = meta l4proto \{  \}
--rule_match-multiport = $proto dport \{  \}
-+rule_match-multiport = $proto dport \{ $(echo '' | sed s/:/-/g) \}
- match = >
- 
- # Option:  rule_stat
-diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
-index b771ab50b..f1b667b12 100644
---- a/fail2ban/tests/servertestcase.py
-+++ b/fail2ban/tests/servertestcase.py
-@@ -1296,11 +1296,11 @@ def testCheckStockCommandActions(self):
- 				),
- 				'ip4-start': (
- 					r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
--					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`",
-+					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
- 				), 
- 				'ip6-start': (
- 					r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
--					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
-+					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
- 				),
- 				'flush': (
- 					"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",
diff --git a/343ec1cdd296530f331637c725bd2bb0549e01e6.patch b/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
deleted file mode 100644
index fb597ad..0000000
--- a/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 343ec1cdd296530f331637c725bd2bb0549e01e6 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Wed, 18 Mar 2020 20:37:25 +0100
-Subject: [PATCH] test-causes: avoid host-depending issue (mistakenly ignoring
- IP 127.0.0.2 as own address) - replace loop-back addr with test sub-net addr
- (and disable ignoreself)
-
----
- fail2ban/tests/observertestcase.py | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/fail2ban/tests/observertestcase.py b/fail2ban/tests/observertestcase.py
-index 8e9444548..e379ccd18 100644
---- a/fail2ban/tests/observertestcase.py
-+++ b/fail2ban/tests/observertestcase.py
-@@ -36,7 +36,6 @@
- from ..server.observer import Observers, ObserverThread
- from ..server.utils import Utils
- from .utils import LogCaptureTestCase
--from ..server.filter import Filter
- from .dummyjail import DummyJail
- 
- from .databasetestcase import getFail2BanDb, Fail2BanDb
-@@ -224,7 +223,7 @@ def testBanTimeIncr(self):
- 		jail.actions.setBanTime(10)
- 		jail.setBanTimeExtra('increment', 'true')
- 		jail.setBanTimeExtra('multipliers', '1 2 4 8 16 32 64 128 256 512 1024 2048')
--		ip = "127.0.0.2"
-+		ip = "192.0.2.1"
- 		# used as start and fromtime (like now but time independence, cause test case can run slow):
- 		stime = int(MyTime.time())
- 		ticket = FailTicket(ip, stime, [])
-@@ -385,10 +384,12 @@ def testBanTimeIncr(self):
- 
- 		# two separate jails :
- 		jail1 = DummyJail(backend='polling')
-+		jail1.filter.ignoreSelf = False
- 		jail1.setBanTimeExtra('increment', 'true')
- 		jail1.database = self.db
- 		self.db.addJail(jail1)
- 		jail2 = DummyJail(name='DummyJail-2', backend='polling')
-+		jail2.filter.ignoreSelf = False
- 		jail2.database = self.db
- 		self.db.addJail(jail2)
- 		ticket1 = FailTicket(ip, stime, [])
-@@ -477,7 +478,7 @@ def testObserver(self):
- 		self.assertEqual(tickets, [])
- 
- 		# add failure:
--		ip = "127.0.0.2"
-+		ip = "192.0.2.1"
- 		ticket = FailTicket(ip, stime-120, [])
- 		failManager = FailManager()
- 		failManager.setMaxRetry(3)
diff --git a/8694c547285c4030d4bf7661981673038e6e9829.patch b/8694c547285c4030d4bf7661981673038e6e9829.patch
deleted file mode 100644
index 71ead1e..0000000
--- a/8694c547285c4030d4bf7661981673038e6e9829.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 8694c547285c4030d4bf7661981673038e6e9829 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Tue, 14 Jan 2020 11:51:27 +0100
-Subject: [PATCH] increase test stack size to 128K (on some platforms min size
- is greater then 32K), closes gh-2597
-
----
- fail2ban/tests/fail2banclienttestcase.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/fail2ban/tests/fail2banclienttestcase.py b/fail2ban/tests/fail2banclienttestcase.py
-index 29adb1220..5caa4dd90 100644
---- a/fail2ban/tests/fail2banclienttestcase.py
-+++ b/fail2ban/tests/fail2banclienttestcase.py
-@@ -469,14 +469,14 @@ def _testStartForeground(self, tmp, startparams, phase):
- 
- 	@with_foreground_server_thread(startextra={'f2b_local':(
- 			"[Thread]",
--			"stacksize = 32"
-+			"stacksize = 128"
- 			"",
- 		)})
- 	def testStartForeground(self, tmp, startparams):
- 		# check thread options were set:
- 		self.pruneLog()
- 		self.execCmd(SUCCESS, startparams, "get", "thread")
--		self.assertLogged("{'stacksize': 32}")
-+		self.assertLogged("{'stacksize': 128}")
- 		# several commands to server:
- 		self.execCmd(SUCCESS, startparams, "ping")
- 		self.execCmd(FAILED, startparams, "~~unknown~cmd~failed~~")
diff --git a/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch b/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
deleted file mode 100644
index abc806c..0000000
--- a/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-From 8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Wed, 15 Jan 2020 19:22:53 +0100
-Subject: [PATCH] closes #2596: fixed supplying of backend-related `logtype` to
- the jail filter - don't merge it (provide as init parameter if not set in
- definition section), init parameters don't affect config-cache (better
- implementation as in #2387 and it covered now with new test)
-
----
- MANIFEST                                      |  2 ++
- fail2ban/client/configreader.py               |  8 +++--
- fail2ban/client/fail2banregex.py              |  7 ++---
- fail2ban/client/filterreader.py               |  8 +++++
- fail2ban/client/jailreader.py                 |  7 ++---
- fail2ban/tests/clientreadertestcase.py        | 17 +++++++++-
- .../tests/config/filter.d/checklogtype.conf   | 31 +++++++++++++++++++
- .../config/filter.d/checklogtype_test.conf    | 12 +++++++
- fail2ban/tests/config/jail.conf               | 25 +++++++++++++++
- 9 files changed, 104 insertions(+), 13 deletions(-)
- create mode 100644 fail2ban/tests/config/filter.d/checklogtype.conf
- create mode 100644 fail2ban/tests/config/filter.d/checklogtype_test.conf
-
---- a/MANIFEST
-+++ b/MANIFEST
-@@ -227,6 +227,8 @@ fail2ban/tests/clientreadertestcase.py
- fail2ban/tests/config/action.d/action.conf
- fail2ban/tests/config/action.d/brokenaction.conf
- fail2ban/tests/config/fail2ban.conf
-+fail2ban/tests/config/filter.d/checklogtype.conf
-+fail2ban/tests/config/filter.d/checklogtype_test.conf
- fail2ban/tests/config/filter.d/simple.conf
- fail2ban/tests/config/filter.d/test.conf
- fail2ban/tests/config/filter.d/test.local
---- a/fail2ban/client/configreader.py
-+++ b/fail2ban/client/configreader.py
-@@ -120,6 +120,10 @@ class ConfigReader():
- 		except AttributeError:
- 			return False
- 
-+	def has_option(self, sec, opt, withDefault=True):
-+		return self._cfg.has_option(sec, opt) if withDefault \
-+			else opt in self._cfg._sections.get(sec, {})
-+
- 	def merge_defaults(self, d):
- 		self._cfg.get_defaults().update(d)
- 
-@@ -261,8 +265,8 @@ class ConfigReaderUnshared(SafeConfigPar
- 					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
- 								% (optname, sec, optvalue))
- 					values[optname] = optvalue
--				elif logSys.getEffectiveLevel() <= logLevel:
--					logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec)
-+				# elif logSys.getEffectiveLevel() <= logLevel:
-+				# 	logSys.log(logLevel, "Non essential option '%s' not defined in '%s'.", optname, sec)
- 			except ValueError:
- 				logSys.warning("Wrong value for '" + optname + "' in '" + sec +
- 							"'. Using default one: '" + repr(optvalue) + "'")
---- a/fail2ban/client/fail2banregex.py
-+++ b/fail2ban/client/fail2banregex.py
-@@ -372,11 +372,8 @@ class Fail2banRegex(object):
- 			if not ret:
- 				output( "ERROR: failed to load filter %s" % value )
- 				return False
--			# overwrite default logtype (considering that the filter could specify this too in Definition/Init sections):
--			if not fltOpt.get('logtype'):
--				reader.merge_defaults({
--					'logtype': ['file','journal'][int(self._backend.startswith("systemd"))]
--				})
-+			# set backend-related options (logtype):
-+			reader.applyAutoOptions(self._backend)
- 			# get, interpolate and convert options:
- 			reader.getOptions(None)
- 			# show real options if expected:
---- a/fail2ban/client/filterreader.py
-+++ b/fail2ban/client/filterreader.py
-@@ -53,6 +53,14 @@ class FilterReader(DefinitionInitConfigR
- 	def getFile(self):
- 		return self.__file
- 
-+	def applyAutoOptions(self, backend):
-+		# set init option to backend-related logtype, considering
-+		# that the filter settings may be overwritten in its local:
-+		if (not self._initOpts.get('logtype') and 
-+		    not self.has_option('Definition', 'logtype', False)
-+		  ):
-+			self._initOpts['logtype'] = ['file','journal'][int(backend.startswith("systemd"))]
-+
- 	def convert(self):
- 		stream = list()
- 		opts = self.getCombined()
---- a/fail2ban/client/jailreader.py
-+++ b/fail2ban/client/jailreader.py
-@@ -149,11 +149,8 @@ class JailReader(ConfigReader):
- 				ret = self.__filter.read()
- 				if not ret:
- 					raise JailDefError("Unable to read the filter %r" % filterName)
--				if not filterOpt.get('logtype'):
--					# overwrite default logtype backend-related (considering that the filter settings may be overwritten):
--					self.__filter.merge_defaults({
--						'logtype': ['file','journal'][int(self.__opts.get('backend', '').startswith("systemd"))]
--					})
-+				# set backend-related options (logtype):
-+				self.__filter.applyAutoOptions(self.__opts.get('backend', ''))
- 				# merge options from filter as 'known/...' (all options unfiltered):
- 				self.__filter.getOptions(self.__opts, all=True)
- 				ConfigReader.merge_section(self, self.__name, self.__filter.getCombined(), 'known/')
---- a/fail2ban/tests/clientreadertestcase.py
-+++ b/fail2ban/tests/clientreadertestcase.py
-@@ -328,7 +328,22 @@ class JailReaderTest(LogCaptureTestCase)
- 			self.assertFalse(len(o) > 2 and o[2].endswith('regex'))
- 			i += 1
- 			if i > usednsidx: break
--		
-+
-+	def testLogTypeOfBackendInJail(self):
-+		unittest.F2B.SkipIfCfgMissing(stock=True); # expected include of common.conf
-+		# test twice to check cache works peoperly:
-+		for i in (1, 2):
-+			# backend-related, overwritten in definition, specified in init parameters:
-+			for prefline in ('JRNL', 'FILE', 'TEST', 'INIT'):
-+				jail = JailReader('checklogtype_'+prefline.lower(), basedir=IMPERFECT_CONFIG,
-+					share_config=IMPERFECT_CONFIG_SHARE_CFG, force_enable=True)
-+				self.assertTrue(jail.read())
-+				self.assertTrue(jail.getOptions())
-+				stream = jail.convert()
-+				# 'JRNL' for systemd, 'FILE' for file backend, 'TEST' for custom logtype (overwrite it):
-+				self.assertEqual([['set', jail.getName(), 'addfailregex', '^%s failure from $' % prefline]],
-+					[o for o in stream if len(o) > 2 and o[2] == 'addfailregex'])
-+
- 	def testSplitOption(self):
- 		# Simple example
- 		option = "mail-whois[name=SSH]"
---- /dev/null
-+++ b/fail2ban/tests/config/filter.d/checklogtype.conf
-@@ -0,0 +1,31 @@
-+# Fail2Ban configuration file
-+#
-+
-+[INCLUDES]
-+
-+# Read common prefixes (logtype is set in default section)
-+before = ../../../../config/filter.d/common.conf
-+
-+[Definition]
-+
-+_daemon = test
-+
-+failregex = ^/__prefix_line> failure from $
-+ignoreregex = 
-+
-+# following sections define prefix line considering logtype:
-+
-+# backend-related (retrieved from backend, overwrite default):
-+[lt_file]
-+__prefix_line = FILE
-+
-+[lt_journal]
-+__prefix_line = JRNL
-+
-+# specified in definition section of filter (see filter checklogtype_test.conf):
-+[lt_test]
-+__prefix_line = TEST
-+
-+# specified in init parameter of jail (see ../jail.conf, jail checklogtype_init):
-+[lt_init]
-+__prefix_line = INIT
---- /dev/null
-+++ b/fail2ban/tests/config/filter.d/checklogtype_test.conf
-@@ -0,0 +1,12 @@
-+# Fail2Ban configuration file
-+#
-+
-+[INCLUDES]
-+
-+# Read common prefixes (logtype is set in default section)
-+before = checklogtype.conf
-+
-+[Definition]
-+
-+# overwrite logtype in definition (no backend anymore):
-+logtype = test
-\ No newline at end of file
---- a/fail2ban/tests/config/jail.conf
-+++ b/fail2ban/tests/config/jail.conf
-@@ -74,3 +74,28 @@ journalmatch = _COMM=test
- maxlines = 2
- usedns = no
- enabled = false
-+
-+[checklogtype_jrnl]
-+filter = checklogtype
-+backend = systemd
-+action = action
-+enabled = false
-+
-+[checklogtype_file]
-+filter = checklogtype
-+backend = polling
-+logpath = README.md
-+action = action
-+enabled = false
-+
-+[checklogtype_test]
-+filter = checklogtype_test
-+backend = systemd
-+action = action
-+enabled = false
-+
-+[checklogtype_init]
-+filter = checklogtype_test[logtype=init]
-+backend = systemd
-+action = action
-+enabled = false
diff --git a/b158f83aa3795f387c8475ceb48df197a94a37e8.patch b/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
deleted file mode 100644
index f4a2416..0000000
--- a/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From b158f83aa3795f387c8475ceb48df197a94a37e8 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Mon, 13 Jan 2020 12:37:19 +0100
-Subject: [PATCH] testIPAddr_CompareDNS: add missing network constraint
- (gh-2596)
-
----
- fail2ban/tests/filtertestcase.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py
-index d6ad82358..6ca8162bd 100644
---- a/fail2ban/tests/filtertestcase.py
-+++ b/fail2ban/tests/filtertestcase.py
-@@ -2064,6 +2064,7 @@ def testIPAddr_CIDR_Repr(self):
- 		)
- 
- 	def testIPAddr_CompareDNS(self):
-+		unittest.F2B.SkipIfNoNetwork()
- 		ips = IPAddr('example.com')
- 		self.assertTrue(IPAddr("93.184.216.34").isInNet(ips))
- 		self.assertTrue(IPAddr("2606:2800:220:1:248:1893:25c8:1946").isInNet(ips))
diff --git a/ec37b1942c4da76f7a0f71efe81bea6835466648.patch b/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
deleted file mode 100644
index 3878213..0000000
--- a/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From ec37b1942c4da76f7a0f71efe81bea6835466648 Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Tue, 14 Jan 2020 11:39:13 +0100
-Subject: [PATCH] action.d/nginx-block-map.conf: fixed backslash substitution
- (different echo behavior in some shells, gh-2596)
-
----
- config/action.d/nginx-block-map.conf | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/config/action.d/nginx-block-map.conf b/config/action.d/nginx-block-map.conf
-index 0b6aa0ad7..ee702907e 100644
---- a/config/action.d/nginx-block-map.conf
-+++ b/config/action.d/nginx-block-map.conf
-@@ -103,6 +103,8 @@ actionstop = %(actionflush)s
- 
- actioncheck = 
- 
--actionban = echo "\\\\ 1;" >> '%(blck_lst_file)s'; %(blck_lst_reload)s
-+_echo_blck_row = printf '\%%s 1;\n' ""
- 
--actionunban = id=$(echo "" | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^\\\\$id 1;$/d" %(blck_lst_file)s; %(blck_lst_reload)s
-+actionban = %(_echo_blck_row)s >> '%(blck_lst_file)s'; %(blck_lst_reload)s
-+
-+actionunban = id=$(%(_echo_blck_row)s | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" %(blck_lst_file)s; %(blck_lst_reload)s
diff --git a/fail2ban.spec b/fail2ban.spec
index 51c0b42..3802981 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
-Version: 0.11.1
-Release: 10%{?dist}
+Version: 0.11.2
+Release: 1%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -15,23 +15,6 @@ Source4: Makefile
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch0: fail2ban-partof.patch
-# Fix nginx-block-map
-Patch1: https://github.com/fail2ban/fail2ban/commit/ec37b1942c4da76f7a0f71efe81bea6835466648.patch
-# testIPAddr_CompareDNS: add missing network constraint
-Patch2: https://github.com/fail2ban/fail2ban/commit/b158f83aa3795f387c8475ceb48df197a94a37e8.patch
-# Fix test thread stack size on aarch64
-Patch3: https://github.com/fail2ban/fail2ban/commit/8694c547285c4030d4bf7661981673038e6e9829.patch
-# Fix handling of journal in tests
-Patch4: https://github.com/fail2ban/fail2ban/commit/8dc6f30cdd855c41b80ebdde3fe2bc91cc94e594.patch
-# Fix test install
-Patch5: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2605.patch
-# Patch for Python 3.9
-# https://bugzilla.redhat.com/show_bug.cgi?id=1808347
-Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/2651.patch
-Patch7: https://github.com/fail2ban/fail2ban/commit/343ec1cdd296530f331637c725bd2bb0549e01e6.patch
-# In Fedora 32 and EL 8 nftables is the default firewall and does not accept ":" for port ranges.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
-Patch8: https://github.com/fail2ban/fail2ban/commit/309c8dddd7adc2de140ed5a72088cd4f2dcc9b91.patch
 
 BuildArch: noarch
 
@@ -89,14 +72,15 @@ SELinux policies for Fail2Ban.
 Summary: Core server component for Fail2Ban
 %if 0%{?rhel} && 0%{?rhel} < 8
 Requires: systemd-python
+Requires: ipset
+Requires: iptables
 %else
 Requires: python3-systemd
+Requires: nftables
 %endif
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-Requires: ipset
-Requires: iptables
 
 %if 0%{?fedora}
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
@@ -314,7 +298,6 @@ fi
 %posttrans selinux
 %selinux_relabel_post -s %{selinuxtype}
 
-
 %post server
 %systemd_post fail2ban.service
 
@@ -406,6 +389,9 @@ fi
 
 
 %changelog
+* Tue Nov 24 2020 Richard Shaw  - 0.11.2-1
+- Update to 0.11.2.
+
 * Fri Aug 28 2020 Richard Shaw  - 0.11.1-10.2
 - Create shorewall-lite subpackage package which conflicts with shorewall
   subpackage. Fixes RHBZ#1872759.
diff --git a/sources b/sources
index 585083b..d48c0ea 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.11.1.tar.gz) = 019b088aa6375f98742ed101ef6f65adabca3324444d71d5b8597a8d1d22fa76b9f503660f0498643fe24a3b8e4368de916072a1ab77b8e2ea3eda41c3e0c8c6
+SHA512 (fail2ban-0.11.2.tar.gz) = 46b27abd947b00ea64106dbac563ef8afef38eec86684024d47d9a0e8c1969ff864ad6df7f4f8de2aa3eb1af6d769fb6796592d9f0e35521d5f95f17b8cade97

From 049ce5633ea1723c17e35657b73cbac28e31060a Mon Sep 17 00:00:00 2001
From: Tom Stellard 
Date: Fri, 18 Dec 2020 22:28:52 +0000
Subject: [PATCH 133/201] Add BuildRequires: make

https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
---
 fail2ban.spec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index 3802981..dd2660a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -33,6 +33,7 @@ BuildRequires: python3-inotify
 BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
+BuildRequires: make
 
 # Default components
 Requires: %{name}-firewalld = %{version}-%{release}

From 142cd904bf602190168a79908d1a55e25e89489c Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 6 Jan 2021 07:02:20 -0600
Subject: [PATCH 134/201] Add patch for tests to deal with 2021.

---
 fail2ban.spec | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index dd2660a..92dc81e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -15,6 +15,9 @@ Source4: Makefile
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch0: fail2ban-partof.patch
+# Fixes century selector for tests
+# https://bugzilla.redhat.com/show_bug.cgi?id=1912472
+Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf45277137771fc747fe.patch
 
 BuildArch: noarch
 

From 1a7cc53458e9df82063a0aa277c2d0c3f1ee08dd Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 6 Jan 2021 07:08:55 -0600
Subject: [PATCH 135/201] Add patch to SCM.

---
 ...dac74721c00f0184bf45277137771fc747fe.patch | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 f259dac74721c00f0184bf45277137771fc747fe.patch

diff --git a/f259dac74721c00f0184bf45277137771fc747fe.patch b/f259dac74721c00f0184bf45277137771fc747fe.patch
new file mode 100644
index 0000000..ba399ae
--- /dev/null
+++ b/f259dac74721c00f0184bf45277137771fc747fe.patch
@@ -0,0 +1,48 @@
+From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Mon, 4 Jan 2021 02:42:38 +0100
+Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
+ tests, considering interval from 2005 (alternate now) to now; + better
+ grouping algorithm for resulting century RE
+
+---
+ fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
+index 1464a96d1..39fc79586 100644
+--- a/fail2ban/server/strptime.py
++++ b/fail2ban/server/strptime.py
+@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
+ 	Thereby respect possible run in the test-cases (alternate date used there)
+ 	"""
+ 	cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
++	def grp(exprset):
++		c = None
++		if len(exprset) > 1:
++			for i in exprset:
++				if c is None or i[0:-1] == c:
++					c = i[0:-1]
++				else:
++					c = None
++					break
++			if not c:
++				for i in exprset:
++					if c is None or i[0] == c:
++						c = i[0]
++					else:
++						c = None
++						break
++			if c:
++				return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
++		return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
++			if len(exprset) > 1 else "".join(exprset)
+ 	exprset = set( cent(now[0].year + i) for i in (-1, distance) )
+ 	if len(now) and now[1]:
+-		exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
+-	return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
++		exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
++	return grp(sorted(list(exprset)))
+ 
+ timeRE = TimeRE()
+ 

From 029795b77a9a05bf829bb9270d479a5190856a37 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 6 Jan 2021 07:18:15 -0600
Subject: [PATCH 136/201] Add patch to deal with a new century in tests (2021).

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 92dc81e..1eb8397 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -393,6 +393,9 @@ fi
 
 
 %changelog
+* Wed Jan 06 2021 Richard Shaw  - 0.11.2-2
+- Add patch to deal with a new century in tests (2021).
+
 * Tue Nov 24 2020 Richard Shaw  - 0.11.2-1
 - Update to 0.11.2.
 

From 884fa781010739fe9e3098db5e1f2ad38d0d4fe4 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Tue, 26 Jan 2021 05:11:23 +0000
Subject: [PATCH 137/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 1eb8397..082c6f3 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -393,6 +393,9 @@ fi
 
 
 %changelog
+* Tue Jan 26 2021 Fedora Release Engineering  - 0.11.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
 * Wed Jan 06 2021 Richard Shaw  - 0.11.2-2
 - Add patch to deal with a new century in tests (2021).
 

From 4aef760552acf5da3c4ea85bbfe669e0b8d6e97c Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 8 Feb 2021 17:54:46 -0600
Subject: [PATCH 138/201] Add patch for Python 3.10a5 compatibility.

---
 ...604d73bb42d0ecae2c...py-3-10-alpha-5.patch | 80 +++++++++++++++++++
 fail2ban.spec                                 |  4 +
 2 files changed, 84 insertions(+)
 create mode 100644 ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch

diff --git a/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch b/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
new file mode 100644
index 0000000..c7f2c0f
--- /dev/null
+++ b/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
@@ -0,0 +1,80 @@
+From ad74e1c628b4fa2f67d8f7e342138e6e103832ea Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Mon, 8 Feb 2021 17:19:24 +0100
+Subject: [PATCH 2/4] follow bpo-37324:
+ :ref:`collections-abstract-base-classes` moved to the :mod:`collections.abc`
+ module
+
+(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
+---
+ fail2ban/server/action.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
+index 4615401ed..16ff66212 100644
+--- a/fail2ban/server/action.py
++++ b/fail2ban/server/action.py
+@@ -30,7 +30,10 @@
+ import threading
+ import time
+ from abc import ABCMeta
+-from collections import MutableMapping
++try:
++	from collections.abc import MutableMapping
++except ImportError:
++	from collections import MutableMapping
+ 
+ from .failregex import mapTag2Opt
+ from .ipdns import DNSUtils
+
+From a785aab392d8de2ecb685d8bdd9266a0c7f8edf8 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Mon, 8 Feb 2021 17:25:45 +0100
+Subject: [PATCH 3/4] amend for `Mapping`
+
+---
+ fail2ban/server/actions.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
+index 967908af6..91e1ebaf3 100644
+--- a/fail2ban/server/actions.py
++++ b/fail2ban/server/actions.py
+@@ -28,7 +28,10 @@
+ import os
+ import sys
+ import time
+-from collections import Mapping
++try:
++	from collections.abc import Mapping
++except ImportError:
++	from collections import Mapping
+ try:
+ 	from collections import OrderedDict
+ except ImportError:
+
+From 0e2e2bf37da59649a1c3392b04b9480f84dac446 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Mon, 8 Feb 2021 17:35:59 +0100
+Subject: [PATCH 4/4] amend for `Mapping` (jails)
+
+---
+ fail2ban/server/jails.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py
+index 972a8c4bd..27e12ddf6 100644
+--- a/fail2ban/server/jails.py
++++ b/fail2ban/server/jails.py
+@@ -22,7 +22,10 @@
+ __license__ = "GPL"
+ 
+ from threading import Lock
+-from collections import Mapping
++try:
++	from collections.abc import Mapping
++except ImportError:
++	from collections import Mapping
+ 
+ from ..exceptions import DuplicateJailException, UnknownJailException
+ from .jail import Jail
diff --git a/fail2ban.spec b/fail2ban.spec
index 1eb8397..bb9e1f6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -18,6 +18,10 @@ Patch0: fail2ban-partof.patch
 # Fixes century selector for tests
 # https://bugzilla.redhat.com/show_bug.cgi?id=1912472
 Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf45277137771fc747fe.patch
+# Python 3.10a5 compatibility
+# https://bugzilla.redhat.com/show_bug.cgi?id=1926201
+Patch2: https://github.com/fail2ban/fail2ban/compare/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
+
 
 BuildArch: noarch
 

From 247ec56ab87626e43a79a6f56d20ff2f9bc3fd20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= 
Date: Tue, 2 Mar 2021 16:13:51 +0100
Subject: [PATCH 139/201] Rebuilt for updated systemd-rpm-macros

See https://pagure.io/fesco/issue/2583.
---
 fail2ban.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 08b0c61..5a069e4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -397,6 +397,10 @@ fi
 
 
 %changelog
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek  - 0.11.2-4
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
 * Tue Jan 26 2021 Fedora Release Engineering  - 0.11.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 

From d44049eee64429cdc0b7cd900374a88a995e781a Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Fri, 4 Jun 2021 20:04:02 +0200
Subject: [PATCH 140/201] Rebuilt for Python 3.10

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 5a069e4..f2759a2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -397,6 +397,9 @@ fi
 
 
 %changelog
+* Fri Jun 04 2021 Python Maint  - 0.11.2-5
+- Rebuilt for Python 3.10
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek  - 0.11.2-4
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.

From 6dbaddcefe8af280f6c8a224143c7a864a1778c0 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Sun, 6 Jun 2021 06:58:43 -0500
Subject: [PATCH 141/201] Update selinux policy for Fedora 34+

---
 fail2ban.spec | 5 ++++-
 fail2ban.te   | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 5a069e4..fa9cfd6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -397,6 +397,9 @@ fi
 
 
 %changelog
+* Sun Jun 06 2021 Richard Shaw  - 0.11.2-5
+- Update selinux policy for Fedora 34+
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek  - 0.11.2-4
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.
diff --git a/fail2ban.te b/fail2ban.te
index 302f4bc..92615ca 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -45,6 +45,7 @@ allow fail2ban_t self:netlink_netfilter_socket create_socket_perms;
 
 read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
 
+allow fail2ban_t fail2ban_log_t:file watch;
 append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
@@ -88,7 +89,6 @@ files_read_etc_runtime_files(fail2ban_t)
 files_list_var(fail2ban_t)
 files_dontaudit_list_tmp(fail2ban_t)
 
-fs_list_inotifyfs(fail2ban_t)
 fs_getattr_all_fs(fail2ban_t)
 
 auth_use_nsswitch(fail2ban_t)
@@ -100,6 +100,10 @@ logging_read_syslog_pid(fail2ban_t)
 logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
+logging_watch_audit_log_files(fail2ban_t)
+logging_watch_audit_log_dirs(fail2ban_t)
+logging_watch_generic_log_dirs(fail2ban_t)
+logging_watch_journal_dir(fail2ban_t)
 
 mta_send_mail(fail2ban_t)
 

From 27db463db8e4aee76fd7a3db97a0f3dac28e9c3b Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Mon, 7 Jun 2021 11:13:15 +0200
Subject: [PATCH 142/201] Rebuilt for Python 3.10

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 7c15cc2..4b5127d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -397,6 +397,9 @@ fi
 
 
 %changelog
+* Mon Jun 07 2021 Python Maint  - 0.11.2-7
+- Rebuilt for Python 3.10
+
 * Sun Jun 06 2021 Richard Shaw  - 0.11.2-6
 - Update selinux policy for Fedora 34+
 

From 7c6041466e555fb07a3e1da12fb95925e49f7d76 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 28 Jun 2021 07:53:55 -0500
Subject: [PATCH 143/201] Rename rpmlint configuration file.

---
 .rpmlint => fail2ban.rpmlintrc | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .rpmlint => fail2ban.rpmlintrc (100%)

diff --git a/.rpmlint b/fail2ban.rpmlintrc
similarity index 100%
rename from .rpmlint
rename to fail2ban.rpmlintrc

From e9472c9f3fa4d0324df34f524d7886f2442f2411 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Wed, 21 Jul 2021 22:36:06 +0000
Subject: [PATCH 144/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 4b5127d..77b920a 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -397,6 +397,9 @@ fi
 
 
 %changelog
+* Wed Jul 21 2021 Fedora Release Engineering  - 0.11.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
 * Mon Jun 07 2021 Python Maint  - 0.11.2-7
 - Rebuilt for Python 3.10
 

From 8860a0809fca3950ad4828c2b5948bcc672087b6 Mon Sep 17 00:00:00 2001
From: Mikel Olasagasti Uranga 
Date: Thu, 7 Oct 2021 17:00:00 +0200
Subject: [PATCH 145/201] Fix CVE-2021-32749 RHBZ#1983223

---
 fail2ban.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 77b920a..93ad3d9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 8%{?dist}
+Release: 9%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -21,6 +21,8 @@ Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf452771
 # Python 3.10a5 compatibility
 # https://bugzilla.redhat.com/show_bug.cgi?id=1926201
 Patch2: https://github.com/fail2ban/fail2ban/compare/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
+# CVE-2021-32749 https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
+Patch3: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844.patch
 
 
 BuildArch: noarch
@@ -397,6 +399,9 @@ fi
 
 
 %changelog
+* Sun Sep 26 2021 Mikel Olasagasti Uranga  - 0.11.2-9
+- Fix CVE-2021-32749 RHBZ#1983223
+
 * Wed Jul 21 2021 Fedora Release Engineering  - 0.11.2-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 

From 268050b7f4b933de944e6c3ba7513fe4aa800e93 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Thu, 7 Oct 2021 16:49:43 -0500
Subject: [PATCH 146/201] Add new patch to SCM.

---
 ...6ce5c80dd981c22752da034f2529b5eee844.patch | 155 ++++++++++++++++++
 1 file changed, 155 insertions(+)
 create mode 100644 410a6ce5c80dd981c22752da034f2529b5eee844.patch

diff --git a/410a6ce5c80dd981c22752da034f2529b5eee844.patch b/410a6ce5c80dd981c22752da034f2529b5eee844.patch
new file mode 100644
index 0000000..d3c6779
--- /dev/null
+++ b/410a6ce5c80dd981c22752da034f2529b5eee844.patch
@@ -0,0 +1,155 @@
+From 410a6ce5c80dd981c22752da034f2529b5eee844 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Mon, 21 Jun 2021 17:12:53 +0200
+Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
+ (default tilde) stops consider "~" char after new-line as composing escape
+ sequence
+
+---
+ config/action.d/complain.conf         | 2 +-
+ config/action.d/dshield.conf          | 2 +-
+ config/action.d/mail-buffered.conf    | 8 ++++----
+ config/action.d/mail-whois-lines.conf | 2 +-
+ config/action.d/mail-whois.conf       | 6 +++---
+ config/action.d/mail.conf             | 6 +++---
+ 6 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
+index 3a5f882c9f..4d73b05859 100644
+--- a/config/action.d/complain.conf
++++ b/config/action.d/complain.conf
+@@ -102,7 +102,7 @@ logpath = /dev/null
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
+index c128bef348..3d5a7a53a9 100644
+--- a/config/action.d/dshield.conf
++++ b/config/action.d/dshield.conf
+@@ -179,7 +179,7 @@ tcpflags =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Option:  mailargs
+ # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
+diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
+index 325f185b2f..79b841049c 100644
+--- a/config/action.d/mail-buffered.conf
++++ b/config/action.d/mail-buffered.conf
+@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
+               The jail  has been started successfully.\n
+               Output will be buffered until  lines are available.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] : started on " 
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " 
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -28,13 +28,13 @@ actionstop = if [ -f  ]; then
+                  These hosts have been banned by Fail2Ban.\n
+                  `cat `
+                  Regards,\n
+-                 Fail2Ban"|mail -s "[Fail2Ban] : Summary from " 
++                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary from " 
+                  rm 
+              fi
+              printf %%b "Hi,\n
+              The jail  has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] : stopped on " 
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " 
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -55,7 +55,7 @@ actionban = printf %%b "`date`:  ( failures)\n" >> 
+                 These hosts have been banned by Fail2Ban.\n
+                 `cat `
+                 \nRegards,\n
+-                Fail2Ban"|mail -s "[Fail2Ban] : Summary" 
++                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary" 
+                 rm 
+             fi
+ 
+diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
+index 3a3e56b2c7..d2818cb9b9 100644
+--- a/config/action.d/mail-whois-lines.conf
++++ b/config/action.d/mail-whois-lines.conf
+@@ -72,7 +72,7 @@ actionunban =
+ # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
+ # Values:  CMD
+ #
+-mailcmd = mail -s
++mailcmd = mail -E 'set escape' -s
+ 
+ # Default name of the chain
+ #
+diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
+index 7fea34c40d..ab33b616dc 100644
+--- a/config/action.d/mail-whois.conf
++++ b/config/action.d/mail-whois.conf
+@@ -20,7 +20,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail  has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] : started on " 
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " 
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail  has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] : stopped on " 
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " 
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
+             Here is more information about  :\n
+             `%(_whois_command)s`\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] : banned  from " 
++            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned  from " 
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
+index 5d8c0e154c..f4838ddcb6 100644
+--- a/config/action.d/mail.conf
++++ b/config/action.d/mail.conf
+@@ -16,7 +16,7 @@ norestored = 1
+ actionstart = printf %%b "Hi,\n
+               The jail  has been started successfully.\n
+               Regards,\n
+-              Fail2Ban"|mail -s "[Fail2Ban] : started  on " 
++              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started  on " 
+ 
+ # Option:  actionstop
+ # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
+@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
+ actionstop = printf %%b "Hi,\n
+              The jail  has been stopped.\n
+              Regards,\n
+-             Fail2Ban"|mail -s "[Fail2Ban] : stopped on " 
++             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " 
+ 
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
+             The IP  has just been banned by Fail2Ban after
+              attempts against .\n
+             Regards,\n
+-            Fail2Ban"|mail -s "[Fail2Ban] : banned  from " 
++            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned  from " 
+ 
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the

From 3f49a1709f7b21b5361a191533a2307e2a1b21d2 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Sat, 25 Dec 2021 10:35:01 -0600
Subject: [PATCH 147/201] Add patches / updates for various fixes:

* Add patch for Python 3.11 compatibilitys, fixes RHBZ#2034205.
* Comment out a few lines in the selinux files that broke building on
  EPEL and don't seem to be needed. Fixes RHBZ#2029193.
* Work around 2to3 being removed from Python setuptools.
---
 fail2ban-python311.patch | 21 +++++++++++++++++++++
 fail2ban.spec            | 12 ++++++++++--
 fail2ban.te              | 10 +++++-----
 3 files changed, 36 insertions(+), 7 deletions(-)
 create mode 100644 fail2ban-python311.patch

diff --git a/fail2ban-python311.patch b/fail2ban-python311.patch
new file mode 100644
index 0000000..bd5d050
--- /dev/null
+++ b/fail2ban-python311.patch
@@ -0,0 +1,21 @@
+Index: fail2ban-0.11.2/fail2ban/tests/actiontestcase.py
+===================================================================
+--- fail2ban-0.11.2.orig/fail2ban/tests/actiontestcase.py
++++ fail2ban-0.11.2/fail2ban/tests/actiontestcase.py
+@@ -244,14 +244,14 @@ class CommandActionTest(LogCaptureTestCa
+ 		setattr(self.__action, 'ab', "")
+ 		setattr(self.__action, 'x?family=inet6', "")
+ 		# produce self-referencing properties except:
+-		self.assertRaisesRegexp(ValueError, r"properties contain self referencing definitions",
++		self.assertRaisesRegex(ValueError, r"properties contain self referencing definitions",
+ 			lambda: self.__action.replaceTag("", 
+ 				self.__action._properties, conditional="family=inet4")
+ 		)
+ 		# remore self-referencing in props:
+ 		delattr(self.__action, 'ac')
+ 		# produce self-referencing query except:
+-		self.assertRaisesRegexp(ValueError, r"possible self referencing definitions in query",
++		self.assertRaisesRegex(ValueError, r"possible self referencing definitions in query",
+ 			lambda: self.__action.replaceTag(""*30,
+ 				self.__action._properties, conditional="family=inet6")
+ 		)
diff --git a/fail2ban.spec b/fail2ban.spec
index 93ad3d9..fc96869 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -23,6 +23,10 @@ Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf452771
 Patch2: https://github.com/fail2ban/fail2ban/compare/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
 # CVE-2021-32749 https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
 Patch3: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844.patch
+# https://github.com/fail2ban/fail2ban/issues/2882
+#Patch4: https://github.com/fail2ban/fail2ban/commit/ebf5784b8cd4b7c52d0f328b780833b8594f5567.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2034205
+Patch5: fail2ban-python311.patch
 
 
 BuildArch: noarch
@@ -217,6 +221,10 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 # SELinux sources
 cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
 
+# 2to3 has been removed from setuptools and we already use the binary in
+# %%prep.
+sed -i "/use_2to3/d" setup.py
+
 
 %build
 %if 0%{?rhel} && 0%{?rhel} < 8
@@ -263,8 +271,8 @@ cat > %{buildroot}%{_sysconfdir}/%{name}/jail.d/00-firewalld.conf <]
-banaction_allports = firewallcmd-rich-rules[actiontype=]
+banaction = firewallcmd-rich-rules
+banaction_allports = firewallcmd-rich-rules
 EOF
 
 # systemd journal configuration
diff --git a/fail2ban.te b/fail2ban.te
index 92615ca..8cbf7b3 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -45,7 +45,7 @@ allow fail2ban_t self:netlink_netfilter_socket create_socket_perms;
 
 read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
 
-allow fail2ban_t fail2ban_log_t:file watch;
+#allow fail2ban_t fail2ban_log_t:file watch;
 append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
@@ -100,10 +100,10 @@ logging_read_syslog_pid(fail2ban_t)
 logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
-logging_watch_audit_log_files(fail2ban_t)
-logging_watch_audit_log_dirs(fail2ban_t)
-logging_watch_generic_log_dirs(fail2ban_t)
-logging_watch_journal_dir(fail2ban_t)
+#logging_watch_audit_log_files(fail2ban_t)
+#logging_watch_audit_log_dirs(fail2ban_t)
+#logging_watch_generic_log_dirs(fail2ban_t)
+#logging_watch_journal_dir(fail2ban_t)
 
 mta_send_mail(fail2ban_t)
 

From 796f2eb44ee179b54528625884038f7c34bc42d8 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Thu, 20 Jan 2022 02:37:32 +0000
Subject: [PATCH 148/201] - Rebuilt for
 https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index fc96869..224a893 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 9%{?dist}
+Release: 10%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -407,6 +407,9 @@ fi
 
 
 %changelog
+* Thu Jan 20 2022 Fedora Release Engineering  - 0.11.2-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
 * Sun Sep 26 2021 Mikel Olasagasti Uranga  - 0.11.2-9
 - Fix CVE-2021-32749 RHBZ#1983223
 

From cc4f0a773da4af30f0e0e3bbbedd2fa0f2301347 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 27 Jan 2022 20:45:23 -0700
Subject: [PATCH 149/201] Require /usr/bin/mail instead of mailx

---
 fail2ban.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 224a893..79c2608 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 10%{?dist}
+Release: 11%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -162,7 +162,7 @@ This package contains Fail2Ban's testscases and scripts.
 %package mail
 Summary: Mail actions for Fail2Ban
 Requires: %{name}-server = %{version}-%{release}
-Requires: mailx
+Requires: /usr/bin/mail
 
 %description mail
 This package installs Fail2Ban's mail actions.  These are an alternative
@@ -407,6 +407,9 @@ fi
 
 
 %changelog
+* Fri Jan 28 2022 Orion Poplawski  - 0.11.2-11
+- Require /usr/bin/mail instead of mailx
+
 * Thu Jan 20 2022 Fedora Release Engineering  - 0.11.2-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 

From ec52ec24716b4d6e820431dbe7b33aceb20112d0 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 17 May 2022 21:46:41 -0600
Subject: [PATCH 150/201] Fix SELinux policy to allow watch on var_log_t
 (bz#2083923)

---
 fail2ban.spec |  5 ++++-
 fail2ban.te   | 13 ++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 79c2608..9603304 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -407,6 +407,9 @@ fi
 
 
 %changelog
+* Wed May 18 2022 Orion Poplawski  - 0.11.2-12
+- Fix SELinux policy to allow watch on var_log_t (bz#2083923)
+
 * Fri Jan 28 2022 Orion Poplawski  - 0.11.2-11
 - Require /usr/bin/mail instead of mailx
 
diff --git a/fail2ban.te b/fail2ban.te
index 8cbf7b3..6d36a70 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -45,7 +45,6 @@ allow fail2ban_t self:netlink_netfilter_socket create_socket_perms;
 
 read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
 
-#allow fail2ban_t fail2ban_log_t:file watch;
 append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
@@ -100,10 +99,18 @@ logging_read_syslog_pid(fail2ban_t)
 logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
+allow fail2ban_t fail2ban_log_t:file watch;
+# Not in EL9 yet
 #logging_watch_audit_log_files(fail2ban_t)
+gen_require(`
+	type var_log_t, auditd_log_t;
+')
+watch_files_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
 #logging_watch_audit_log_dirs(fail2ban_t)
-#logging_watch_generic_log_dirs(fail2ban_t)
-#logging_watch_journal_dir(fail2ban_t)
+allow fail2ban_t var_log_t:dir search_dir_perms;
+watch_dirs_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
+logging_watch_generic_log_dirs(fail2ban_t)
+logging_watch_journal_dir(fail2ban_t)
 
 mta_send_mail(fail2ban_t)
 

From 3673f99947ab3587437fe955102c8cd93b06c4af Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Wed, 15 Jun 2022 18:15:35 +0200
Subject: [PATCH 151/201] Rebuilt for Python 3.11

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 9603304..a0a6a11 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 12%{?dist}
+Release: 13%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -407,6 +407,9 @@ fi
 
 
 %changelog
+* Wed Jun 15 2022 Python Maint  - 0.11.2-13
+- Rebuilt for Python 3.11
+
 * Wed May 18 2022 Orion Poplawski  - 0.11.2-12
 - Fix SELinux policy to allow watch on var_log_t (bz#2083923)
 

From 872dd6642c5bfd153f4704c97f49d8db9ab22015 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Thu, 21 Jul 2022 02:43:48 +0000
Subject: [PATCH 152/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index a0a6a11..6d7b302 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 13%{?dist}
+Release: 14%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -407,6 +407,9 @@ fi
 
 
 %changelog
+* Thu Jul 21 2022 Fedora Release Engineering  - 0.11.2-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
 * Wed Jun 15 2022 Python Maint  - 0.11.2-13
 - Rebuilt for Python 3.11
 

From fb9a87495ac4dc2cbbae4ad703824bd6b3dd5a02 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 25 Jul 2022 21:29:30 -0500
Subject: [PATCH 153/201] Add patch for python 3.11.

---
 3267.patch    | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec |  1 +
 2 files changed, 87 insertions(+)
 create mode 100644 3267.patch

diff --git a/3267.patch b/3267.patch
new file mode 100644
index 0000000..9fa335e
--- /dev/null
+++ b/3267.patch
@@ -0,0 +1,86 @@
+From 500895dcfa31f11c81b3c9128781a49a05e3bd05 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Mon, 25 Apr 2022 18:53:19 +0200
+Subject: [PATCH 1/5] GHA: update python 3.11 version
+
+---
+ .github/workflows/main.yml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: fail2ban-0.11.2/fail2ban/server/datetemplate.py
+===================================================================
+--- fail2ban-0.11.2.orig/fail2ban/server/datetemplate.py
++++ fail2ban-0.11.2/fail2ban/server/datetemplate.py
+@@ -35,6 +35,7 @@ logSys = getLogger(__name__)
+ # check already grouped contains "(", but ignores char "\(" and conditional "(?(id)...)":
+ RE_GROUPED = re.compile(r'(?
Date: Wed, 23 Feb 2022 19:19:22 +0100
Subject: [PATCH 154/201] Add bash completion file

---
 fail2ban.spec | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fail2ban.spec b/fail2ban.spec
index d03608d..15154d5 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -48,6 +48,7 @@ BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
 BuildRequires: make
+BuildRequires: bash-completion
 
 # Default components
 Requires: %{name}-firewalld = %{version}-%{release}
@@ -294,6 +295,10 @@ rm -r %{buildroot}%{_docdir}/%{name}
 install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 install -m 0644 %{modulename}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}
 
+#BASH completion
+COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion)
+%__mkdir_p $COMPLETIONDIR
+%__install -p -m 644 files/bash-completion $COMPLETIONDIR/fail2ban
 
 %check
 %if 0%{?rhel} && 0%{?rhel} < 8
@@ -348,6 +353,7 @@ fi
 %exclude %{python3_sitelib}/fail2ban/tests
 %endif
 %{_unitdir}/fail2ban.service
+%{_datadir}/bash-completion/
 %{_mandir}/man1/fail2ban.1*
 %{_mandir}/man1/fail2ban-client.1*
 %{_mandir}/man1/fail2ban-python.1*

From c29152aa29767f9a52f76e89f2df6e9995234f3d Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Sun, 2 Oct 2022 21:26:37 -0500
Subject: [PATCH 155/201] Update to 1.0.1.

---
 .gitignore    |  1 +
 fail2ban.spec | 20 ++++++--------------
 sources       |  2 +-
 3 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0df6ce0..79e39c8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.10.5.tar.gz
 /fail2ban-0.11.1.tar.gz
 /fail2ban-0.11.2.tar.gz
+/fail2ban-1.0.1.tar.gz
diff --git a/fail2ban.spec b/fail2ban.spec
index 15154d5..ab21ecf 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
-Version: 0.11.2
-Release: 14%{?dist}
+Version: 1.0.1
+Release: 1%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -15,19 +15,8 @@ Source4: Makefile
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch0: fail2ban-partof.patch
-# Fixes century selector for tests
-# https://bugzilla.redhat.com/show_bug.cgi?id=1912472
-Patch1: https://github.com/fail2ban/fail2ban/commit/f259dac74721c00f0184bf45277137771fc747fe.patch
-# Python 3.10a5 compatibility
-# https://bugzilla.redhat.com/show_bug.cgi?id=1926201
-Patch2: https://github.com/fail2ban/fail2ban/compare/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
-# CVE-2021-32749 https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
-Patch3: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844.patch
-# https://github.com/fail2ban/fail2ban/issues/2882
-#Patch4: https://github.com/fail2ban/fail2ban/commit/ebf5784b8cd4b7c52d0f328b780833b8594f5567.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2034205
-Patch5: fail2ban-python311.patch
-Patch6: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3267.patch
+Patch1: fail2ban-python311.patch
 
 
 BuildArch: noarch
@@ -414,6 +403,9 @@ fi
 
 
 %changelog
+* Sun Oct 02 2022 Richard Shaw  - 1.0.1-1
+- Update to 1.0.1.
+
 * Thu Jul 21 2022 Fedora Release Engineering  - 0.11.2-14
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 
diff --git a/sources b/sources
index d48c0ea..90ff00d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-0.11.2.tar.gz) = 46b27abd947b00ea64106dbac563ef8afef38eec86684024d47d9a0e8c1969ff864ad6df7f4f8de2aa3eb1af6d769fb6796592d9f0e35521d5f95f17b8cade97
+SHA512 (fail2ban-1.0.1.tar.gz) = a4d0ee5405225b1ec950f3209bc304c1168c644d06309a187d77119f6bea12c382db046130a86411aad4210b458a16ee092269dc7953400950969a34550c6da5

From 97585e18cb8ac4eab074108bba221293ba3a2e9d Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 2 Nov 2022 09:28:22 -0500
Subject: [PATCH 156/201] Add patch for dovecot eating 100% CPU.

---
 ...94c5229bd474f612b57b67d796252a4aab7a.patch | 99 +++++++++++++++++++
 fail2ban.spec                                 |  7 +-
 2 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100644 ca2b94c5229bd474f612b57b67d796252a4aab7a.patch

diff --git a/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch b/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
new file mode 100644
index 0000000..a00358f
--- /dev/null
+++ b/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
@@ -0,0 +1,99 @@
+From ca2b94c5229bd474f612b57b67d796252a4aab7a Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Tue, 4 Oct 2022 14:03:07 +0200
+Subject: [PATCH] fixes gh-3370: resolve extremely long search by repeated
+ apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following
+ branches (it may be extremely slow up to infinite search depending on
+ message); added new regression tests amend to gh-3210: fixes regression and
+ matches new format in aggressive mode too
+
+---
+ ChangeLog                         |  4 ++++
+ config/filter.d/dovecot.conf      |  8 +++++---
+ fail2ban/tests/files/logs/dovecot | 22 ++++++++++++++++++++++
+ 3 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index fc4beade6e..04401ea866 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -11,6 +11,10 @@ ver. 1.0.2-dev-1 (20??/??/??) - development nightly edition
+ -----------
+ 
+ ### Fixes
++* `filter.d/dovecot.conf`:
++  - fixes regression introduced in gh-3210: resolve extremely long search by repeated apply of non-greedy RE-part
++    with following branches (it may be extremely slow up to infinite search depending on message), gh-3370
++  - fixes regression and matches new format in aggressive mode too (amend to gh-3210)
+ 
+ ### New Features and Enhancements
+ 
+diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
+index 0415ecb40a..dc3ebbcd42 100644
+--- a/config/filter.d/dovecot.conf
++++ b/config/filter.d/dovecot.conf
+@@ -7,19 +7,21 @@ before = common.conf
+ 
+ [Definition]
+ 
++_daemon = (?:dovecot(?:-auth)?|auth)
++
+ _auth_worker = (?:dovecot: )?auth(?:-worker)?
+ _auth_worker_info = (?:conn \w+:auth(?:-worker)? \([^\)]+\): auth(?:-worker)?<\d+>: )?
+-_daemon = (?:dovecot(?:-auth)?|auth)
++_bypass_reject_reason = (?:: (?:\w+\([^\):]*\) \w+|[^\(]+))*
+ 
+ prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap|managesieve|submission)-login: )?(?:Info: )?%(_auth_worker_info)s.+$
+ 
+ failregex = ^authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=(?:\s+user=\S*)?\s*$
+-            ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?:: (?:[^\(]+|\w+\([^\)]*\))+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
++            ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
+             ^pam\(\S+,(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$
+             ^[a-z\-]{3,15}\(\S*,(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch)
+             >
+ 
+-mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?::(?: [^ \(]+)+)? \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
++mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
+ 
+ mdre-normal = 
+ 
+diff --git a/fail2ban/tests/files/logs/dovecot b/fail2ban/tests/files/logs/dovecot
+index 75934c37bb..0e33296129 100644
+--- a/fail2ban/tests/files/logs/dovecot
++++ b/fail2ban/tests/files/logs/dovecot
+@@ -115,6 +115,17 @@ Aug 28 06:38:51 s166-62-100-187 dovecot: imap-login: Disconnected (auth failed,
+ # failJSON: { "time": "2004-08-28T06:38:52", "match": true , "host": "192.0.2.4", "desc": "open parenthesis in optional part between Disconnected and (auth failed ...), gh-3210" }
+ Aug 28 06:38:52 s166-62-100-187 dovecot: imap-login: Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=, rip=192.0.2.4, lip=127.0.0.19, session=
+ 
++# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer
++# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
++# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
++# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
++# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
++
+ # failJSON: { "time": "2004-08-29T03:17:18", "match": true , "host": "192.0.2.133" }
+ Aug 29 03:17:18 server dovecot: submission-login: Client has quit the connection (auth failed, 1 attempts in 2 secs): user=, method=LOGIN, rip=192.0.2.133, lip=0.0.0.0
+ # failJSON: { "time": "2004-08-29T03:53:52", "match": true , "host": "192.0.2.169" }
+@@ -128,6 +139,17 @@ Aug 29 15:33:53 server dovecot: managesieve-login: Disconnected: Too many invali
+ 
+ # filterOptions: [{"mode": "aggressive"}]
+ 
++# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer
++# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
++# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
++# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
++# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
++Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
++
+ # failJSON: { "time": "2004-08-29T16:06:58", "match": true , "host": "192.0.2.5" }
+ Aug 29 16:06:58 s166-62-100-187 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.0.2.5, lip=192.168.1.2, TLS handshaking: SSL_accept() syscall failed: Connection reset by peer
+ # failJSON: { "time": "2004-08-31T16:15:10", "match": true , "host": "192.0.2.6" }
diff --git a/fail2ban.spec b/fail2ban.spec
index ab21ecf..8bada15 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 1.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -17,6 +17,8 @@ Source4: Makefile
 Patch0: fail2ban-partof.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2034205
 Patch1: fail2ban-python311.patch
+# Patch for dovecot jail eating 100% CPU
+Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
 
 
 BuildArch: noarch
@@ -403,6 +405,9 @@ fi
 
 
 %changelog
+* Wed Nov 02 2022 Richard Shaw  - 1.0.1-2
+- Add patch for dovecot eating 100% CPU.
+
 * Sun Oct 02 2022 Richard Shaw  - 1.0.1-1
 - Update to 1.0.1.
 

From b0713d488e7d9d82d87e570ea82e2e4be441e5df Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 2 Nov 2022 12:30:15 -0500
Subject: [PATCH 157/201] Refresh patch to apply to archive.

---
 ...94c5229bd474f612b57b67d796252a4aab7a.patch | 35 ++++++-------------
 fail2ban-python311.patch                      |  8 ++---
 2 files changed, 14 insertions(+), 29 deletions(-)

diff --git a/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch b/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
index a00358f..02a9ae5 100644
--- a/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
+++ b/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
@@ -13,25 +13,10 @@ Subject: [PATCH] fixes gh-3370: resolve extremely long search by repeated
  fail2ban/tests/files/logs/dovecot | 22 ++++++++++++++++++++++
  3 files changed, 31 insertions(+), 3 deletions(-)
 
-diff --git a/ChangeLog b/ChangeLog
-index fc4beade6e..04401ea866 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -11,6 +11,10 @@ ver. 1.0.2-dev-1 (20??/??/??) - development nightly edition
- -----------
- 
- ### Fixes
-+* `filter.d/dovecot.conf`:
-+  - fixes regression introduced in gh-3210: resolve extremely long search by repeated apply of non-greedy RE-part
-+    with following branches (it may be extremely slow up to infinite search depending on message), gh-3370
-+  - fixes regression and matches new format in aggressive mode too (amend to gh-3210)
- 
- ### New Features and Enhancements
- 
-diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
-index 0415ecb40a..dc3ebbcd42 100644
---- a/config/filter.d/dovecot.conf
-+++ b/config/filter.d/dovecot.conf
+Index: fail2ban-1.0.1/config/filter.d/dovecot.conf
+===================================================================
+--- fail2ban-1.0.1.orig/config/filter.d/dovecot.conf
++++ fail2ban-1.0.1/config/filter.d/dovecot.conf
 @@ -7,19 +7,21 @@ before = common.conf
  
  [Definition]
@@ -57,11 +42,11 @@ index 0415ecb40a..dc3ebbcd42 100644
  
  mdre-normal = 
  
-diff --git a/fail2ban/tests/files/logs/dovecot b/fail2ban/tests/files/logs/dovecot
-index 75934c37bb..0e33296129 100644
---- a/fail2ban/tests/files/logs/dovecot
-+++ b/fail2ban/tests/files/logs/dovecot
-@@ -115,6 +115,17 @@ Aug 28 06:38:51 s166-62-100-187 dovecot: imap-login: Disconnected (auth failed,
+Index: fail2ban-1.0.1/fail2ban/tests/files/logs/dovecot
+===================================================================
+--- fail2ban-1.0.1.orig/fail2ban/tests/files/logs/dovecot
++++ fail2ban-1.0.1/fail2ban/tests/files/logs/dovecot
+@@ -115,6 +115,17 @@ Aug 28 06:38:51 s166-62-100-187 dovecot:
  # failJSON: { "time": "2004-08-28T06:38:52", "match": true , "host": "192.0.2.4", "desc": "open parenthesis in optional part between Disconnected and (auth failed ...), gh-3210" }
  Aug 28 06:38:52 s166-62-100-187 dovecot: imap-login: Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=, rip=192.0.2.4, lip=127.0.0.19, session=
  
@@ -79,7 +64,7 @@ index 75934c37bb..0e33296129 100644
  # failJSON: { "time": "2004-08-29T03:17:18", "match": true , "host": "192.0.2.133" }
  Aug 29 03:17:18 server dovecot: submission-login: Client has quit the connection (auth failed, 1 attempts in 2 secs): user=, method=LOGIN, rip=192.0.2.133, lip=0.0.0.0
  # failJSON: { "time": "2004-08-29T03:53:52", "match": true , "host": "192.0.2.169" }
-@@ -128,6 +139,17 @@ Aug 29 15:33:53 server dovecot: managesieve-login: Disconnected: Too many invali
+@@ -128,6 +139,17 @@ Aug 29 15:33:53 server dovecot: managesi
  
  # filterOptions: [{"mode": "aggressive"}]
  
diff --git a/fail2ban-python311.patch b/fail2ban-python311.patch
index bd5d050..8a89af7 100644
--- a/fail2ban-python311.patch
+++ b/fail2ban-python311.patch
@@ -1,8 +1,8 @@
-Index: fail2ban-0.11.2/fail2ban/tests/actiontestcase.py
+Index: fail2ban-1.0.1/fail2ban/tests/actiontestcase.py
 ===================================================================
---- fail2ban-0.11.2.orig/fail2ban/tests/actiontestcase.py
-+++ fail2ban-0.11.2/fail2ban/tests/actiontestcase.py
-@@ -244,14 +244,14 @@ class CommandActionTest(LogCaptureTestCa
+--- fail2ban-1.0.1.orig/fail2ban/tests/actiontestcase.py
++++ fail2ban-1.0.1/fail2ban/tests/actiontestcase.py
+@@ -242,14 +242,14 @@ class CommandActionTest(LogCaptureTestCa
  		setattr(self.__action, 'ab', "")
  		setattr(self.__action, 'x?family=inet6', "")
  		# produce self-referencing properties except:

From e0082e942bbd887e00f95d4399033ebfab7cfbe7 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Fri, 4 Nov 2022 07:17:37 -0500
Subject: [PATCH 158/201] Add Requires for selinux subpackage for EL 9.

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 8bada15..74e8a11 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -89,7 +89,7 @@ Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
 
-%if 0%{?fedora}
+%if 0%{?fedora} || 0%{?rhel} >= 9
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
 %endif
 

From 74ee613b996728c1e890b542c70c22f4196d523d Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Sat, 17 Dec 2022 17:14:39 -0600
Subject: [PATCH 159/201] Update to 1.0.2.

---
 .gitignore                                    |   1 +
 3267.patch                                    |  86 ----------
 ...6ce5c80dd981c22752da034f2529b5eee844.patch | 155 ------------------
 ...604d73bb42d0ecae2c...py-3-10-alpha-5.patch |  80 ---------
 ...dac74721c00f0184bf45277137771fc747fe.patch |  48 ------
 fail2ban.spec                                 |  14 +-
 sources                                       |   2 +-
 7 files changed, 12 insertions(+), 374 deletions(-)
 delete mode 100644 3267.patch
 delete mode 100644 410a6ce5c80dd981c22752da034f2529b5eee844.patch
 delete mode 100644 ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
 delete mode 100644 f259dac74721c00f0184bf45277137771fc747fe.patch

diff --git a/.gitignore b/.gitignore
index 79e39c8..7fbd936 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@ fail2ban-0.8.4.tar.bz2
 /fail2ban-0.11.1.tar.gz
 /fail2ban-0.11.2.tar.gz
 /fail2ban-1.0.1.tar.gz
+/fail2ban-1.0.2.tar.gz
diff --git a/3267.patch b/3267.patch
deleted file mode 100644
index 9fa335e..0000000
--- a/3267.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 500895dcfa31f11c81b3c9128781a49a05e3bd05 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" 
-Date: Mon, 25 Apr 2022 18:53:19 +0200
-Subject: [PATCH 1/5] GHA: update python 3.11 version
-
----
- .github/workflows/main.yml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: fail2ban-0.11.2/fail2ban/server/datetemplate.py
-===================================================================
---- fail2ban-0.11.2.orig/fail2ban/server/datetemplate.py
-+++ fail2ban-0.11.2/fail2ban/server/datetemplate.py
-@@ -35,6 +35,7 @@ logSys = getLogger(__name__)
- # check already grouped contains "(", but ignores char "\(" and conditional "(?(id)...)":
- RE_GROUPED = re.compile(r'(?
-Date: Mon, 21 Jun 2021 17:12:53 +0200
-Subject: [PATCH] fixed possible RCE vulnerability, unset escape variable
- (default tilde) stops consider "~" char after new-line as composing escape
- sequence
-
----
- config/action.d/complain.conf         | 2 +-
- config/action.d/dshield.conf          | 2 +-
- config/action.d/mail-buffered.conf    | 8 ++++----
- config/action.d/mail-whois-lines.conf | 2 +-
- config/action.d/mail-whois.conf       | 6 +++---
- config/action.d/mail.conf             | 6 +++---
- 6 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
-index 3a5f882c9f..4d73b05859 100644
---- a/config/action.d/complain.conf
-+++ b/config/action.d/complain.conf
-@@ -102,7 +102,7 @@ logpath = /dev/null
- # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
- # Values:  CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
- 
- # Option:  mailargs
- # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
-index c128bef348..3d5a7a53a9 100644
---- a/config/action.d/dshield.conf
-+++ b/config/action.d/dshield.conf
-@@ -179,7 +179,7 @@ tcpflags =
- # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
- # Values:  CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
- 
- # Option:  mailargs
- # Notes.:  Additional arguments to mail command. e.g. for standard Unix mail:
-diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
-index 325f185b2f..79b841049c 100644
---- a/config/action.d/mail-buffered.conf
-+++ b/config/action.d/mail-buffered.conf
-@@ -17,7 +17,7 @@ actionstart = printf %%b "Hi,\n
-               The jail  has been started successfully.\n
-               Output will be buffered until  lines are available.\n
-               Regards,\n
--              Fail2Ban"|mail -s "[Fail2Ban] : started on " 
-+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " 
- 
- # Option:  actionstop
- # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -28,13 +28,13 @@ actionstop = if [ -f  ]; then
-                  These hosts have been banned by Fail2Ban.\n
-                  `cat `
-                  Regards,\n
--                 Fail2Ban"|mail -s "[Fail2Ban] : Summary from " 
-+                 Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary from " 
-                  rm 
-              fi
-              printf %%b "Hi,\n
-              The jail  has been stopped.\n
-              Regards,\n
--             Fail2Ban"|mail -s "[Fail2Ban] : stopped on " 
-+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " 
- 
- # Option:  actioncheck
- # Notes.:  command executed once before each actionban command
-@@ -55,7 +55,7 @@ actionban = printf %%b "`date`:  ( failures)\n" >> 
-                 These hosts have been banned by Fail2Ban.\n
-                 `cat `
-                 \nRegards,\n
--                Fail2Ban"|mail -s "[Fail2Ban] : Summary" 
-+                Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : Summary" 
-                 rm 
-             fi
- 
-diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
-index 3a3e56b2c7..d2818cb9b9 100644
---- a/config/action.d/mail-whois-lines.conf
-+++ b/config/action.d/mail-whois-lines.conf
-@@ -72,7 +72,7 @@ actionunban =
- # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
- # Values:  CMD
- #
--mailcmd = mail -s
-+mailcmd = mail -E 'set escape' -s
- 
- # Default name of the chain
- #
-diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
-index 7fea34c40d..ab33b616dc 100644
---- a/config/action.d/mail-whois.conf
-+++ b/config/action.d/mail-whois.conf
-@@ -20,7 +20,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
-               The jail  has been started successfully.\n
-               Regards,\n
--              Fail2Ban"|mail -s "[Fail2Ban] : started on " 
-+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started on " 
- 
- # Option:  actionstop
- # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -29,7 +29,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
-              The jail  has been stopped.\n
-              Regards,\n
--             Fail2Ban"|mail -s "[Fail2Ban] : stopped on " 
-+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " 
- 
- # Option:  actioncheck
- # Notes.:  command executed once before each actionban command
-@@ -49,7 +49,7 @@ actionban = printf %%b "Hi,\n
-             Here is more information about  :\n
-             `%(_whois_command)s`\n
-             Regards,\n
--            Fail2Ban"|mail -s "[Fail2Ban] : banned  from " 
-+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned  from " 
- 
- # Option:  actionunban
- # Notes.:  command executed when unbanning an IP. Take care that the
-diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
-index 5d8c0e154c..f4838ddcb6 100644
---- a/config/action.d/mail.conf
-+++ b/config/action.d/mail.conf
-@@ -16,7 +16,7 @@ norestored = 1
- actionstart = printf %%b "Hi,\n
-               The jail  has been started successfully.\n
-               Regards,\n
--              Fail2Ban"|mail -s "[Fail2Ban] : started  on " 
-+              Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : started  on " 
- 
- # Option:  actionstop
- # Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
-@@ -25,7 +25,7 @@ actionstart = printf %%b "Hi,\n
- actionstop = printf %%b "Hi,\n
-              The jail  has been stopped.\n
-              Regards,\n
--             Fail2Ban"|mail -s "[Fail2Ban] : stopped on " 
-+             Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : stopped on " 
- 
- # Option:  actioncheck
- # Notes.:  command executed once before each actionban command
-@@ -43,7 +43,7 @@ actionban = printf %%b "Hi,\n
-             The IP  has just been banned by Fail2Ban after
-              attempts against .\n
-             Regards,\n
--            Fail2Ban"|mail -s "[Fail2Ban] : banned  from " 
-+            Fail2Ban"|mail -E 'set escape' -s "[Fail2Ban] : banned  from " 
- 
- # Option:  actionunban
- # Notes.:  command executed when unbanning an IP. Take care that the
diff --git a/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch b/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
deleted file mode 100644
index c7f2c0f..0000000
--- a/ea26509594a3220b012071604d73bb42d0ecae2c...py-3-10-alpha-5.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From ad74e1c628b4fa2f67d8f7e342138e6e103832ea Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" 
-Date: Mon, 8 Feb 2021 17:19:24 +0100
-Subject: [PATCH 2/4] follow bpo-37324:
- :ref:`collections-abstract-base-classes` moved to the :mod:`collections.abc`
- module
-
-(since 3.10-alpha.5 `MutableMapping` is missing in collections module)
----
- fail2ban/server/action.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py
-index 4615401ed..16ff66212 100644
---- a/fail2ban/server/action.py
-+++ b/fail2ban/server/action.py
-@@ -30,7 +30,10 @@
- import threading
- import time
- from abc import ABCMeta
--from collections import MutableMapping
-+try:
-+	from collections.abc import MutableMapping
-+except ImportError:
-+	from collections import MutableMapping
- 
- from .failregex import mapTag2Opt
- from .ipdns import DNSUtils
-
-From a785aab392d8de2ecb685d8bdd9266a0c7f8edf8 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" 
-Date: Mon, 8 Feb 2021 17:25:45 +0100
-Subject: [PATCH 3/4] amend for `Mapping`
-
----
- fail2ban/server/actions.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
-index 967908af6..91e1ebaf3 100644
---- a/fail2ban/server/actions.py
-+++ b/fail2ban/server/actions.py
-@@ -28,7 +28,10 @@
- import os
- import sys
- import time
--from collections import Mapping
-+try:
-+	from collections.abc import Mapping
-+except ImportError:
-+	from collections import Mapping
- try:
- 	from collections import OrderedDict
- except ImportError:
-
-From 0e2e2bf37da59649a1c3392b04b9480f84dac446 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" 
-Date: Mon, 8 Feb 2021 17:35:59 +0100
-Subject: [PATCH 4/4] amend for `Mapping` (jails)
-
----
- fail2ban/server/jails.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/fail2ban/server/jails.py b/fail2ban/server/jails.py
-index 972a8c4bd..27e12ddf6 100644
---- a/fail2ban/server/jails.py
-+++ b/fail2ban/server/jails.py
-@@ -22,7 +22,10 @@
- __license__ = "GPL"
- 
- from threading import Lock
--from collections import Mapping
-+try:
-+	from collections.abc import Mapping
-+except ImportError:
-+	from collections import Mapping
- 
- from ..exceptions import DuplicateJailException, UnknownJailException
- from .jail import Jail
diff --git a/f259dac74721c00f0184bf45277137771fc747fe.patch b/f259dac74721c00f0184bf45277137771fc747fe.patch
deleted file mode 100644
index ba399ae..0000000
--- a/f259dac74721c00f0184bf45277137771fc747fe.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 747d4683221b5584f9663695fb48145689b42ceb Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Mon, 4 Jan 2021 02:42:38 +0100
-Subject: [PATCH] fixes century selector of %ExY and %Exy in datepattern for
- tests, considering interval from 2005 (alternate now) to now; + better
- grouping algorithm for resulting century RE
-
----
- fail2ban/server/strptime.py | 24 ++++++++++++++++++++++--
- 1 file changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/fail2ban/server/strptime.py b/fail2ban/server/strptime.py
-index 1464a96d1..39fc79586 100644
---- a/fail2ban/server/strptime.py
-+++ b/fail2ban/server/strptime.py
-@@ -36,10 +36,30 @@ def _getYearCentRE(cent=(0,3), distance=3, now=(MyTime.now(), MyTime.alternateNo
- 	Thereby respect possible run in the test-cases (alternate date used there)
- 	"""
- 	cent = lambda year, f=cent[0], t=cent[1]: str(year)[f:t]
-+	def grp(exprset):
-+		c = None
-+		if len(exprset) > 1:
-+			for i in exprset:
-+				if c is None or i[0:-1] == c:
-+					c = i[0:-1]
-+				else:
-+					c = None
-+					break
-+			if not c:
-+				for i in exprset:
-+					if c is None or i[0] == c:
-+						c = i[0]
-+					else:
-+						c = None
-+						break
-+			if c:
-+				return "%s%s" % (c, grp([i[len(c):] for i in exprset]))
-+		return ("(?:%s)" % "|".join(exprset) if len(exprset[0]) > 1 else "[%s]" % "".join(exprset)) \
-+			if len(exprset) > 1 else "".join(exprset)
- 	exprset = set( cent(now[0].year + i) for i in (-1, distance) )
- 	if len(now) and now[1]:
--		exprset |= set( cent(now[1].year + i) for i in (-1, distance) )
--	return "(?:%s)" % "|".join(exprset) if len(exprset) > 1 else "".join(exprset)
-+		exprset |= set( cent(now[1].year + i) for i in xrange(-1, now[0].year-now[1].year+1, distance) )
-+	return grp(sorted(list(exprset)))
- 
- timeRE = TimeRE()
- 
diff --git a/fail2ban.spec b/fail2ban.spec
index 74e8a11..f11ef8c 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
-Version: 1.0.1
-Release: 2%{?dist}
+Version: 1.0.2
+Release: 1%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -11,6 +11,7 @@ Source1: fail2ban.fc
 Source2: fail2ban.if
 Source3: fail2ban.te
 Source4: Makefile
+
 # Give up being PartOf iptables and ipset for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
@@ -18,7 +19,7 @@ Patch0: fail2ban-partof.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2034205
 Patch1: fail2ban-python311.patch
 # Patch for dovecot jail eating 100% CPU
-Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
+#Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
 
 
 BuildArch: noarch
@@ -227,6 +228,7 @@ sed -i "/use_2to3/d" setup.py
 %endif
 make -f %SOURCE4
 
+
 %install
 %if 0%{?rhel} && 0%{?rhel} < 8
 %py2_install
@@ -291,6 +293,7 @@ COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion
 %__mkdir_p $COMPLETIONDIR
 %__install -p -m 644 files/bash-completion $COMPLETIONDIR/fail2ban
 
+
 %check
 %if 0%{?rhel} && 0%{?rhel} < 8
 %python2 bin/fail2ban-testcases --verbosity=2 --no-network
@@ -351,7 +354,7 @@ fi
 %{_mandir}/man1/fail2ban-regex.1*
 %{_mandir}/man1/fail2ban-server.1*
 %{_mandir}/man5/*.5*
-%config(noreplace) %{_sysconfdir}/fail2ban
+%config(noreplace) %{_sysconfdir}/fail2ban/
 %exclude %{_sysconfdir}/fail2ban/action.d/complain.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/hostsdeny.conf
 %exclude %{_sysconfdir}/fail2ban/action.d/mail.conf
@@ -405,6 +408,9 @@ fi
 
 
 %changelog
+* Sat Dec 17 2022 Richard Shaw  - 1.0.2-1
+- Update to 1.0.2.
+
 * Wed Nov 02 2022 Richard Shaw  - 1.0.1-2
 - Add patch for dovecot eating 100% CPU.
 
diff --git a/sources b/sources
index 90ff00d..6655594 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (fail2ban-1.0.1.tar.gz) = a4d0ee5405225b1ec950f3209bc304c1168c644d06309a187d77119f6bea12c382db046130a86411aad4210b458a16ee092269dc7953400950969a34550c6da5
+SHA512 (fail2ban-1.0.2.tar.gz) = 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb

From 5388f7c3d4ad9036688d2ac3319ca85266ffd0c6 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Thu, 19 Jan 2023 03:01:08 +0000
Subject: [PATCH 160/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index f11ef8c..108f1c9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 1.0.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -408,6 +408,9 @@ fi
 
 
 %changelog
+* Thu Jan 19 2023 Fedora Release Engineering  - 1.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
 * Sat Dec 17 2022 Richard Shaw  - 1.0.2-1
 - Update to 1.0.2.
 

From d94388bb16212d9063fdb4fcfc0ec3e05cfd8f6b Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 29 Mar 2023 18:17:35 -0600
Subject: [PATCH 161/201] Fix selinux requires for EPEL7/8

---
 fail2ban.spec | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 108f1c9..4814fb2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -89,9 +89,10 @@ Requires: nftables
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-
-%if 0%{?fedora} || 0%{?rhel} >= 9
+%if 0%{?fedora} || 0%{?rhel} >= 8
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
+%else
+Requires: %{name}-selinux
 %endif
 
 %description server

From af8f467d8f11ec0f313acf6978cd72d81b899d70 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 30 Mar 2023 10:24:26 -0600
Subject: [PATCH 162/201] Add upstream patch to remove warning about allowipv6
 (bz#2160781)

---
 28473.patch   | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec |   7 +-
 2 files changed, 220 insertions(+), 1 deletion(-)
 create mode 100644 28473.patch

diff --git a/28473.patch b/28473.patch
new file mode 100644
index 0000000..3b315cf
--- /dev/null
+++ b/28473.patch
@@ -0,0 +1,214 @@
+From 659cd9223bb9a04cc50986a3b371e22e2bac9a91 Mon Sep 17 00:00:00 2001
+From: hsk17 
+Date: Tue, 29 Nov 2022 12:11:59 +0100
+Subject: [PATCH 1/3] upstream configreader patch
+
+Signed-off-by: hsk17 
+---
+ .../fail2ban-1.0.2-configreader-warning.patch | 23 +++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+ create mode 100644 net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
+
+diff --git a/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
+new file mode 100644
+index 0000000000000..74f2739708ae7
+--- /dev/null
++++ b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
+@@ -0,0 +1,23 @@
++From 432e7e1e93936f09e349e80d94254e5f43d0cc8a Mon Sep 17 00:00:00 2001
++From: "Sergey G. Brester" 
++Date: Mon, 28 Nov 2022 13:21:15 +0100
++Subject: [PATCH] no warning if no config value but default (debug message now)
++
++closes #3420
++---
++ fail2ban/client/configreader.py | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
++index 1b5a56a27c..c7f965ce52 100644
++--- a/fail2ban/client/configreader.py
+++++ b/fail2ban/client/configreader.py
++@@ -277,7 +277,7 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False, convert=Tru
++ 				# TODO: validate error handling here.
++ 			except NoOptionError:
++ 				if not optvalue is None:
++-					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
+++					logSys.debug("'%s' not defined in '%s'. Using default one: %r"
++ 								% (optname, sec, optvalue))
++ 					values[optname] = optvalue
++ 				# elif logSys.getEffectiveLevel() <= logLevel:
+
+From 79a59ae91ece23711370af79dc820a801b05e56b Mon Sep 17 00:00:00 2001
+From: hsk17 
+Date: Tue, 29 Nov 2022 12:13:05 +0100
+Subject: [PATCH 2/3] rev bump to add upstream configreader patch
+
+Signed-off-by: hsk17 
+---
+ .../fail2ban/fail2ban-1.0.2-r1.ebuild         | 134 ++++++++++++++++++
+ 1 file changed, 134 insertions(+)
+ create mode 100644 net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
+
+diff --git a/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild b/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
+new file mode 100644
+index 0000000000000..64532f55baf31
+--- /dev/null
++++ b/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
+@@ -0,0 +1,134 @@
++# Copyright 1999-2022 Gentoo Authors
++# Distributed under the terms of the GNU General Public License v2
++
++EAPI=8
++
++DISTUTILS_SINGLE_IMPL=1
++PYTHON_COMPAT=( python3_{8..11} )
++
++inherit bash-completion-r1 distutils-r1 systemd tmpfiles
++
++DESCRIPTION="Scans log files and bans IPs that show malicious signs"
++HOMEPAGE="https://www.fail2ban.org/"
++
++if [[ ${PV} == *9999 ]] ; then
++	EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
++	inherit git-r3
++else
++	SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
++	KEYWORDS="~alpha amd64 arm arm64 hppa ppc ppc64 sparc x86"
++fi
++
++LICENSE="GPL-2"
++SLOT="0"
++IUSE="selinux systemd"
++
++RDEPEND="
++	virtual/logger
++	virtual/mta
++	selinux? ( sec-policy/selinux-fail2ban )
++	systemd? (
++		$(python_gen_cond_dep '
++			|| (
++				dev-python/python-systemd[${PYTHON_USEDEP}]
++				sys-apps/systemd[python(-),${PYTHON_USEDEP}]
++			)' 'python*' )
++	)
++"
++
++DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
++
++PATCHES=(
++	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
++	"${FILESDIR}"/${P}-configreader-warning.patch
++)
++
++python_prepare_all() {
++	distutils-r1_python_prepare_all
++
++	# Replace /var/run with /run, but not in the top source directory
++	find . -mindepth 2 -type f -exec \
++		sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
++}
++
++python_compile() {
++	./fail2ban-2to3 || die
++	distutils-r1_python_compile
++}
++
++python_test() {
++	bin/fail2ban-testcases \
++		--no-network \
++		--no-gamin \
++		--verbosity=4 || die "Tests failed with ${EPYTHON}"
++
++	# Workaround for bug #790251
++	rm -r fail2ban.egg-info || die
++}
++
++python_install_all() {
++	distutils-r1_python_install_all
++
++	rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
++
++	newconfd files/fail2ban-openrc.conf ${PN}
++
++	# These two are placed in the ${BUILD_DIR} after being "built"
++	# in install_scripts().
++	newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
++	systemd_dounit "${BUILD_DIR}/${PN}.service"
++
++	dotmpfiles files/${PN}-tmpfiles.conf
++
++	doman man/*.{1,5}
++
++	# Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
++	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
++	insinto /etc/logrotate.d
++	newins files/${PN}-logrotate ${PN}
++
++	keepdir /var/lib/${PN}
++
++	newbashcomp files/bash-completion ${PN}-client
++	bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
++}
++
++pkg_preinst() {
++	has_version "<${CATEGORY}/${PN}-0.7"
++	previous_less_than_0_7=$?
++}
++
++pkg_postinst() {
++	tmpfiles_process ${PN}-tmpfiles.conf
++
++	if [[ ${previous_less_than_0_7} = 0 ]] ; then
++		elog
++		elog "Configuration files are now in /etc/fail2ban/"
++		elog "You probably have to manually update your configuration"
++		elog "files before restarting Fail2Ban!"
++		elog
++		elog "Fail2Ban is not installed under /usr/lib anymore. The"
++		elog "new location is under /usr/share."
++		elog
++		elog "You are upgrading from version 0.6.x, please see:"
++		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
++	fi
++
++	if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then
++		elog "For most jail.conf configurations, it is recommended you install either"
++		elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
++		elog "to control how log file modifications are detected"
++	fi
++
++	if ! has_version dev-lang/python[sqlite] ; then
++		elog "If you want to use ${PN}'s persistent database, then reinstall"
++		elog "dev-lang/python with USE=sqlite. If you do not use the"
++		elog "persistent database feature, then you should set"
++		elog "dbfile = :memory: in fail2ban.conf accordingly."
++	fi
++
++	if has_version sys-apps/systemd[-python] ; then
++		elog "If you want to track logins through sys-apps/systemd's"
++		elog "journal backend, then reinstall sys-apps/systemd with USE=python"
++	fi
++}
+
+From ab30bb72cf1cdb0ccd717c417c10eae82381d6d7 Mon Sep 17 00:00:00 2001
+From: hsk17 
+Date: Tue, 27 Dec 2022 16:08:43 +0100
+Subject: [PATCH 3/3] Update fail2ban-1.0.2-configreader-warning.patch
+
+Signed-off-by: hsk17 
+---
+ .../fail2ban/files/fail2ban-1.0.2-configreader-warning.patch   | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
+index 74f2739708ae7..b53e604572cfd 100644
+--- a/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
++++ b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
+@@ -1,3 +1,6 @@
++
++https://github.com/fail2ban/fail2ban/commit/432e7e1
++
+ From 432e7e1e93936f09e349e80d94254e5f43d0cc8a Mon Sep 17 00:00:00 2001
+ From: "Sergey G. Brester" 
+ Date: Mon, 28 Nov 2022 13:21:15 +0100
diff --git a/fail2ban.spec b/fail2ban.spec
index 4814fb2..759fb73 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 1.0.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -20,6 +20,8 @@ Patch0: fail2ban-partof.patch
 Patch1: fail2ban-python311.patch
 # Patch for dovecot jail eating 100% CPU
 #Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
+# Remove warning about allowipv6 from startup
+Patch2: https://patch-diff.githubusercontent.com/raw/gentoo/gentoo/pull/28473.patch
 
 
 BuildArch: noarch
@@ -409,6 +411,9 @@ fi
 
 
 %changelog
+* Thu Mar 30 2023 Orion Poplawski  - 1.0.2-3
+- Add upstream patch to remove warning about allowipv6 (bz#2160781)
+
 * Thu Jan 19 2023 Fedora Release Engineering  - 1.0.2-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 

From bbf821b2c08ce258874d24cf16de616aba3cdfd6 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 30 Mar 2023 10:35:16 -0600
Subject: [PATCH 163/201] Use the proper patch

---
 28473.patch                                   | 214 ------------------
 ...7e1e93936f09e349e80d94254e5f43d0cc8a.patch |  23 ++
 fail2ban.spec                                 |   2 +-
 3 files changed, 24 insertions(+), 215 deletions(-)
 delete mode 100644 28473.patch
 create mode 100644 432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch

diff --git a/28473.patch b/28473.patch
deleted file mode 100644
index 3b315cf..0000000
--- a/28473.patch
+++ /dev/null
@@ -1,214 +0,0 @@
-From 659cd9223bb9a04cc50986a3b371e22e2bac9a91 Mon Sep 17 00:00:00 2001
-From: hsk17 
-Date: Tue, 29 Nov 2022 12:11:59 +0100
-Subject: [PATCH 1/3] upstream configreader patch
-
-Signed-off-by: hsk17 
----
- .../fail2ban-1.0.2-configreader-warning.patch | 23 +++++++++++++++++++
- 1 file changed, 23 insertions(+)
- create mode 100644 net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
-
-diff --git a/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
-new file mode 100644
-index 0000000000000..74f2739708ae7
---- /dev/null
-+++ b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
-@@ -0,0 +1,23 @@
-+From 432e7e1e93936f09e349e80d94254e5f43d0cc8a Mon Sep 17 00:00:00 2001
-+From: "Sergey G. Brester" 
-+Date: Mon, 28 Nov 2022 13:21:15 +0100
-+Subject: [PATCH] no warning if no config value but default (debug message now)
-+
-+closes #3420
-+---
-+ fail2ban/client/configreader.py | 2 +-
-+ 1 file changed, 1 insertion(+), 1 deletion(-)
-+
-+diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
-+index 1b5a56a27c..c7f965ce52 100644
-+--- a/fail2ban/client/configreader.py
-++++ b/fail2ban/client/configreader.py
-+@@ -277,7 +277,7 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False, convert=Tru
-+ 				# TODO: validate error handling here.
-+ 			except NoOptionError:
-+ 				if not optvalue is None:
-+-					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
-++					logSys.debug("'%s' not defined in '%s'. Using default one: %r"
-+ 								% (optname, sec, optvalue))
-+ 					values[optname] = optvalue
-+ 				# elif logSys.getEffectiveLevel() <= logLevel:
-
-From 79a59ae91ece23711370af79dc820a801b05e56b Mon Sep 17 00:00:00 2001
-From: hsk17 
-Date: Tue, 29 Nov 2022 12:13:05 +0100
-Subject: [PATCH 2/3] rev bump to add upstream configreader patch
-
-Signed-off-by: hsk17 
----
- .../fail2ban/fail2ban-1.0.2-r1.ebuild         | 134 ++++++++++++++++++
- 1 file changed, 134 insertions(+)
- create mode 100644 net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
-
-diff --git a/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild b/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
-new file mode 100644
-index 0000000000000..64532f55baf31
---- /dev/null
-+++ b/net-analyzer/fail2ban/fail2ban-1.0.2-r1.ebuild
-@@ -0,0 +1,134 @@
-+# Copyright 1999-2022 Gentoo Authors
-+# Distributed under the terms of the GNU General Public License v2
-+
-+EAPI=8
-+
-+DISTUTILS_SINGLE_IMPL=1
-+PYTHON_COMPAT=( python3_{8..11} )
-+
-+inherit bash-completion-r1 distutils-r1 systemd tmpfiles
-+
-+DESCRIPTION="Scans log files and bans IPs that show malicious signs"
-+HOMEPAGE="https://www.fail2ban.org/"
-+
-+if [[ ${PV} == *9999 ]] ; then
-+	EGIT_REPO_URI="https://github.com/fail2ban/fail2ban"
-+	inherit git-r3
-+else
-+	SRC_URI="https://github.com/fail2ban/fail2ban/archive/${PV}.tar.gz -> ${P}.tar.gz"
-+	KEYWORDS="~alpha amd64 arm arm64 hppa ppc ppc64 sparc x86"
-+fi
-+
-+LICENSE="GPL-2"
-+SLOT="0"
-+IUSE="selinux systemd"
-+
-+RDEPEND="
-+	virtual/logger
-+	virtual/mta
-+	selinux? ( sec-policy/selinux-fail2ban )
-+	systemd? (
-+		$(python_gen_cond_dep '
-+			|| (
-+				dev-python/python-systemd[${PYTHON_USEDEP}]
-+				sys-apps/systemd[python(-),${PYTHON_USEDEP}]
-+			)' 'python*' )
-+	)
-+"
-+
-+DOCS=( ChangeLog DEVELOP README.md THANKS TODO doc/run-rootless.txt )
-+
-+PATCHES=(
-+	"${FILESDIR}"/${PN}-0.11.2-adjust-apache-logs-paths.patch
-+	"${FILESDIR}"/${P}-configreader-warning.patch
-+)
-+
-+python_prepare_all() {
-+	distutils-r1_python_prepare_all
-+
-+	# Replace /var/run with /run, but not in the top source directory
-+	find . -mindepth 2 -type f -exec \
-+		sed -i -e 's|/var\(/run/fail2ban\)|\1|g' {} + || die
-+}
-+
-+python_compile() {
-+	./fail2ban-2to3 || die
-+	distutils-r1_python_compile
-+}
-+
-+python_test() {
-+	bin/fail2ban-testcases \
-+		--no-network \
-+		--no-gamin \
-+		--verbosity=4 || die "Tests failed with ${EPYTHON}"
-+
-+	# Workaround for bug #790251
-+	rm -r fail2ban.egg-info || die
-+}
-+
-+python_install_all() {
-+	distutils-r1_python_install_all
-+
-+	rm -rf "${ED}"/usr/share/doc/${PN} "${ED}"/run || die
-+
-+	newconfd files/fail2ban-openrc.conf ${PN}
-+
-+	# These two are placed in the ${BUILD_DIR} after being "built"
-+	# in install_scripts().
-+	newinitd "${BUILD_DIR}/fail2ban-openrc.init" "${PN}"
-+	systemd_dounit "${BUILD_DIR}/${PN}.service"
-+
-+	dotmpfiles files/${PN}-tmpfiles.conf
-+
-+	doman man/*.{1,5}
-+
-+	# Use INSTALL_MASK if you do not want to touch /etc/logrotate.d.
-+	# See http://thread.gmane.org/gmane.linux.gentoo.devel/35675
-+	insinto /etc/logrotate.d
-+	newins files/${PN}-logrotate ${PN}
-+
-+	keepdir /var/lib/${PN}
-+
-+	newbashcomp files/bash-completion ${PN}-client
-+	bashcomp_alias ${PN}-client ${PN}-server ${PN}-regex
-+}
-+
-+pkg_preinst() {
-+	has_version "<${CATEGORY}/${PN}-0.7"
-+	previous_less_than_0_7=$?
-+}
-+
-+pkg_postinst() {
-+	tmpfiles_process ${PN}-tmpfiles.conf
-+
-+	if [[ ${previous_less_than_0_7} = 0 ]] ; then
-+		elog
-+		elog "Configuration files are now in /etc/fail2ban/"
-+		elog "You probably have to manually update your configuration"
-+		elog "files before restarting Fail2Ban!"
-+		elog
-+		elog "Fail2Ban is not installed under /usr/lib anymore. The"
-+		elog "new location is under /usr/share."
-+		elog
-+		elog "You are upgrading from version 0.6.x, please see:"
-+		elog "http://www.fail2ban.org/wiki/index.php/HOWTO_Upgrade_from_0.6_to_0.8"
-+	fi
-+
-+	if ! has_version dev-python/pyinotify && ! has_version app-admin/gamin ; then
-+		elog "For most jail.conf configurations, it is recommended you install either"
-+		elog "dev-python/pyinotify or app-admin/gamin (in order of preference)"
-+		elog "to control how log file modifications are detected"
-+	fi
-+
-+	if ! has_version dev-lang/python[sqlite] ; then
-+		elog "If you want to use ${PN}'s persistent database, then reinstall"
-+		elog "dev-lang/python with USE=sqlite. If you do not use the"
-+		elog "persistent database feature, then you should set"
-+		elog "dbfile = :memory: in fail2ban.conf accordingly."
-+	fi
-+
-+	if has_version sys-apps/systemd[-python] ; then
-+		elog "If you want to track logins through sys-apps/systemd's"
-+		elog "journal backend, then reinstall sys-apps/systemd with USE=python"
-+	fi
-+}
-
-From ab30bb72cf1cdb0ccd717c417c10eae82381d6d7 Mon Sep 17 00:00:00 2001
-From: hsk17 
-Date: Tue, 27 Dec 2022 16:08:43 +0100
-Subject: [PATCH 3/3] Update fail2ban-1.0.2-configreader-warning.patch
-
-Signed-off-by: hsk17 
----
- .../fail2ban/files/fail2ban-1.0.2-configreader-warning.patch   | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
-index 74f2739708ae7..b53e604572cfd 100644
---- a/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
-+++ b/net-analyzer/fail2ban/files/fail2ban-1.0.2-configreader-warning.patch
-@@ -1,3 +1,6 @@
-+
-+https://github.com/fail2ban/fail2ban/commit/432e7e1
-+
- From 432e7e1e93936f09e349e80d94254e5f43d0cc8a Mon Sep 17 00:00:00 2001
- From: "Sergey G. Brester" 
- Date: Mon, 28 Nov 2022 13:21:15 +0100
diff --git a/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch b/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
new file mode 100644
index 0000000..74f2739
--- /dev/null
+++ b/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
@@ -0,0 +1,23 @@
+From 432e7e1e93936f09e349e80d94254e5f43d0cc8a Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Mon, 28 Nov 2022 13:21:15 +0100
+Subject: [PATCH] no warning if no config value but default (debug message now)
+
+closes #3420
+---
+ fail2ban/client/configreader.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
+index 1b5a56a27c..c7f965ce52 100644
+--- a/fail2ban/client/configreader.py
++++ b/fail2ban/client/configreader.py
+@@ -277,7 +277,7 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False, convert=Tru
+ 				# TODO: validate error handling here.
+ 			except NoOptionError:
+ 				if not optvalue is None:
+-					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
++					logSys.debug("'%s' not defined in '%s'. Using default one: %r"
+ 								% (optname, sec, optvalue))
+ 					values[optname] = optvalue
+ 				# elif logSys.getEffectiveLevel() <= logLevel:
diff --git a/fail2ban.spec b/fail2ban.spec
index 759fb73..266ad11 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -21,7 +21,7 @@ Patch1: fail2ban-python311.patch
 # Patch for dovecot jail eating 100% CPU
 #Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
 # Remove warning about allowipv6 from startup
-Patch2: https://patch-diff.githubusercontent.com/raw/gentoo/gentoo/pull/28473.patch
+Patch2: https://github.com/fail2ban/fail2ban/commit/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
 
 
 BuildArch: noarch

From 1c3fb523165bfc188b1496c11b2dbc4a0c380884 Mon Sep 17 00:00:00 2001
From: Todd Zullinger 
Date: Sun, 2 Apr 2023 00:12:52 -0400
Subject: [PATCH 164/201] verify upstream source signature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Per the packaging guidelines¹.

While adjusting the git ignore rules for the signature file, replace
many older tarball entries with a simple glob.  Ignore expanded source
directories as well.

¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
---
 .gitignore                                    | 28 ++---------------
 fail2ban.spec                                 | 30 ++++++++++++++-----
 ...38559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc | 29 ++++++++++++++++++
 sources                                       |  1 +
 4 files changed, 55 insertions(+), 33 deletions(-)
 create mode 100644 gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc

diff --git a/.gitignore b/.gitignore
index 7fbd936..e633b53 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,26 +1,2 @@
-fail2ban-FAIL2BAN-0_8.tar.bz2
-fail2ban-0.8.4.tar.bz2
-/fail2ban_0.8.7.1.orig.tar.gz
-/fail2ban_0.8.8.orig.tar.gz
-/fail2ban-0.8.10.tar.gz
-/fail2ban-0.8.11.tar.gz
-/fail2ban-0.9-d529151.tar.xz
-/fail2ban-0.9-1f1a561.tar.xz
-/fail2ban-0.9.tar.gz
-/fail2ban-0.9.1.tar.gz
-/fail2ban-0.9.2.tar.gz
-/fail2ban-0.9.3.tar.gz
-/fail2ban-0.9.4.tar.gz
-/fail2ban-0.9.5.tar.gz
-/fail2ban-0.9.6.tar.gz
-/fail2ban-0.9.7.tar.gz
-/fail2ban-0.10.0.tar.gz
-/fail2ban-0.10.1.tar.gz
-/fail2ban-0.10.2.tar.gz
-/fail2ban-0.10.3.1.tar.gz
-/fail2ban-0.10.4.tar.gz
-/fail2ban-0.10.5.tar.gz
-/fail2ban-0.11.1.tar.gz
-/fail2ban-0.11.2.tar.gz
-/fail2ban-1.0.1.tar.gz
-/fail2ban-1.0.2.tar.gz
+/fail2ban-*/
+/fail2ban-*.tar.gz*
diff --git a/fail2ban.spec b/fail2ban.spec
index 266ad11..51b8f91 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,16 +1,27 @@
 Name: fail2ban
 Version: 1.0.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
+# Releases are signed by Serg G. Brester (sebres) .  The
+# fingerprint can be found in a signature file:
+#   gpg --list-packets fail2ban-1.0.2.tar.gz.asc | grep 'issuer fpr'
+#
+# The following commands can be used to fetch the signing key via fingerprint
+# and extract it:
+#   fpr=8738559E26F671DF9E2C6D9E683BF1BEBD0A882C
+#   gpg --receive-keys $fpr
+#   gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
+Source2: gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc
 # SELinux policy
-Source1: fail2ban.fc
-Source2: fail2ban.if
-Source3: fail2ban.te
-Source4: Makefile
+Source3: fail2ban.fc
+Source4: fail2ban.if
+Source5: fail2ban.te
+Source6: Makefile
 
 # Give up being PartOf iptables and ipset for now
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
@@ -43,6 +54,7 @@ BuildRequires: systemd
 BuildRequires: selinux-policy-devel
 BuildRequires: make
 BuildRequires: bash-completion
+BuildRequires: gnupg2
 
 # Default components
 Requires: %{name}-firewalld = %{version}-%{release}
@@ -206,6 +218,7 @@ by default.
 
 
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1
 
 # Use Fedora paths
@@ -216,7 +229,7 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 %endif
 
 # SELinux sources
-cp -p %SOURCE1 %SOURCE2 %SOURCE3 .
+cp -p %SOURCE3 %SOURCE4 %SOURCE5 .
 
 # 2to3 has been removed from setuptools and we already use the binary in
 # %%prep.
@@ -229,7 +242,7 @@ sed -i "/use_2to3/d" setup.py
 %else
 %py3_build
 %endif
-make -f %SOURCE4
+make -f %SOURCE6
 
 
 %install
@@ -411,6 +424,9 @@ fi
 
 
 %changelog
+* Sun Apr 02 2023 Todd Zullinger  - 1.0.2-4
+- verify upstream source signature
+
 * Thu Mar 30 2023 Orion Poplawski  - 1.0.2-3
 - Add upstream patch to remove warning about allowipv6 (bz#2160781)
 
diff --git a/gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc b/gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc
new file mode 100644
index 0000000..14da565
--- /dev/null
+++ b/gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFeHbzIBCACWgr54J4t2fpI7EIrMTqso5kqPRTSY7eO2T0965JW6Zl4C0HZT
+Wz+9c5aGlKeotf4Fv7zOhpUwULFSGAq3tVbxAxW9++LAXPGad6uE4aPsXoQ6+0RV
+lJozNclURRal46vz3uuGLiSJ5+VQ1WD1sFLuw2/bMzE4GFR0z4w4UOc3ufAQ3obC
+i5szSy5JWtCsmvCdNlhXTxa66aUddN8/8IHJSB6QZabGEcG4WfsfhUiH38KUuqrO
+hYvT9ROY74pwSsHuWEzVRE00eJB4uxngsKHAGMYhkNxdKCG7Blu2IbJRcBE8QAs3
+BGqJR8FBify86COZYUZ7CuAyLyo1U6BZd7ohABEBAAG0KVNlcmcgRy4gQnJlc3Rl
+ciAoc2VicmVzKSA8aW5mb0BzZWJyZXMuZGU+iQE4BBMBAgAiBQJXh28yAhsDBgsJ
+CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoO/G+vQqILMThB/0YUr7Y+urJChgm
+NG9exjjmTayoNb+XiMR5T2+A919NrKulEaH2mb51B7XBmFuCj8x5O1wA3xYo7B6h
+RVuNyb2eI3+bRD33QsKcs6NsgK/I1xLD15NrEftPckWqYypR6//u9Tmz5o9n9+/n
+2dH7SU7UPW468/bRUhFp+SQ70B0XLdyDgGLEN9TNsAvnEi30Vtjbia4Lp/NXYRkq
+GEzvpgZ7Dt9YhT+qdSs6AwyN0ZhnvX+zqXi+Q18xlbnuq2ZZkwK8Es/HdEDu2HNJ
+3nn3l15pyMe/OxYhg646NcqGR6j1rEZ7jXyN2i5sEdspXfwv0lGtLr7ANElWqOvX
+XYBAspRvuQENBFeHbzIBCACyCMv4CQ+blzj53ZLPyBMnj38oQ7bbpAtDThfB8hEZ
+uk6Kmo799Zo2rLG2iqvy8SEuN/bLQKyzFTiB4UYWvRxne792N0nWLU24/bd7j/Gh
+Q4EHUhs38WRSYtu93XCKzvyzn5s3504luOBF6czNrLeDfWXGVGosBsBoASY7de7a
+kiXb7a28dNDSG0JaR+QwONjmde9hAzqOX0iOYHvJeu68UKaUp4IrJ+nTMHFhwUbf
+awCmz+NPPrm360j4BuvYSWhS06tM7c6+gfvXHOTtJ5TEGbrm+I8d2q7nhxg3nku6
+7qnddkW2OS8EQVlw7XFox929mTLzw0MEmjqmSRTx2Qk3ABEBAAGJAR8EGAECAAkF
+AleHbzICGwwACgkQaDvxvr0KiCwdxQf7BM7jo6v7uU7324ZkLQmtZndcXnXZMbSw
+2pDzR2h01Vx7dHppzNOkyv8DvUWttwaMaTU57cdzThTkQPk8Lx8sCvi40RmWS2vs
+IArgTS1HNStprPUg4sk99JOZg2y4LBqkLUxZveDsH+rXdFA/fp8048/M4ss6qj4O
+ySe4crABbbv5yRADBJZt4LQdFoNGEpSaOtcxJmwJ7hrV+wQhVMm9m+/JpgzNT4rb
+muPgveqzmSiTGJ6Yy2bEKyY0dCyPuWbWWPt4mCcT+9emZC1O8EjST0i9f9EUUU6c
+6UCy7zi5EQ9CVv1Dlz1qefm/5/iFAAFQ5DtYC3cwDq8CqgqzoHMtNg==
+=vqSW
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/sources b/sources
index 6655594..0300c30 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 SHA512 (fail2ban-1.0.2.tar.gz) = 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb
+SHA512 (fail2ban-1.0.2.tar.gz.asc) = 1c0af7e454d52879788d9728010a68159a94668d93799da5533999e8c821db87f651b3606347af16fd92a4540a7a343dc682f72bb3bab14e3666f848883d8644

From 1cb769fd250156cc41f10638f29d340e1e232453 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Tue, 4 Apr 2023 10:47:49 -0600
Subject: [PATCH 165/201] Drop downstream python3.11 patch, upstream went with
 a different fix

---
 fail2ban-python311.patch | 21 ---------------------
 fail2ban.spec            |  7 ++++---
 2 files changed, 4 insertions(+), 24 deletions(-)
 delete mode 100644 fail2ban-python311.patch

diff --git a/fail2ban-python311.patch b/fail2ban-python311.patch
deleted file mode 100644
index 8a89af7..0000000
--- a/fail2ban-python311.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Index: fail2ban-1.0.1/fail2ban/tests/actiontestcase.py
-===================================================================
---- fail2ban-1.0.1.orig/fail2ban/tests/actiontestcase.py
-+++ fail2ban-1.0.1/fail2ban/tests/actiontestcase.py
-@@ -242,14 +242,14 @@ class CommandActionTest(LogCaptureTestCa
- 		setattr(self.__action, 'ab', "")
- 		setattr(self.__action, 'x?family=inet6', "")
- 		# produce self-referencing properties except:
--		self.assertRaisesRegexp(ValueError, r"properties contain self referencing definitions",
-+		self.assertRaisesRegex(ValueError, r"properties contain self referencing definitions",
- 			lambda: self.__action.replaceTag("", 
- 				self.__action._properties, conditional="family=inet4")
- 		)
- 		# remore self-referencing in props:
- 		delattr(self.__action, 'ac')
- 		# produce self-referencing query except:
--		self.assertRaisesRegexp(ValueError, r"possible self referencing definitions in query",
-+		self.assertRaisesRegex(ValueError, r"possible self referencing definitions in query",
- 			lambda: self.__action.replaceTag(""*30,
- 				self.__action._properties, conditional="family=inet6")
- 		)
diff --git a/fail2ban.spec b/fail2ban.spec
index 51b8f91..795222b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 1.0.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -27,8 +27,6 @@ Source6: Makefile
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch0: fail2ban-partof.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2034205
-Patch1: fail2ban-python311.patch
 # Patch for dovecot jail eating 100% CPU
 #Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
 # Remove warning about allowipv6 from startup
@@ -424,6 +422,9 @@ fi
 
 
 %changelog
+* Tue Apr 04 2023 Orion Poplawski  - 1.0.2-5
+- Drop downstream python3.11 patch, upstream went with a different fix
+
 * Sun Apr 02 2023 Todd Zullinger  - 1.0.2-4
 - verify upstream source signature
 

From aeb9ac0019debbfeaa65fae716aa0bb1537cc3cf Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Wed, 14 Jun 2023 23:08:01 +0200
Subject: [PATCH 166/201] Rebuilt for Python 3.12

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 795222b..c4d8573 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 1.0.2
-Release: 5%{?dist}
+Release: 6%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -422,6 +422,9 @@ fi
 
 
 %changelog
+* Wed Jun 14 2023 Python Maint  - 1.0.2-6
+- Rebuilt for Python 3.12
+
 * Tue Apr 04 2023 Orion Poplawski  - 1.0.2-5
 - Drop downstream python3.11 patch, upstream went with a different fix
 

From 808902b9a9743b075b7e9553dc5c447ba04fe709 Mon Sep 17 00:00:00 2001
From: Todd Zullinger 
Date: Mon, 26 Jun 2023 16:14:49 -0400
Subject: [PATCH 167/201] exclude shorewall subpackage on epel9 (rhbz#2217649)

The shorewall package is not present in epel9.
---
 fail2ban.spec | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index c4d8573..d5ae29d 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -1,6 +1,12 @@
+%if 0%{?rhel} >= 9
+%bcond_with     shorewall
+%else
+%bcond_without  shorewall
+%endif
+
 Name: fail2ban
 Version: 1.0.2
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -120,7 +126,9 @@ Requires: %{name}-hostsdeny = %{version}-%{release}
 Requires: %{name}-mail = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
+%if %{with shorewall}
 Requires: %{name}-shorewall = %{version}-%{release}
+%endif
 # Currently this breaks jails that don't log to the journal
 #Requires: %{name}-systemd = %{version}-%{release}
 Requires: perl-interpreter
@@ -186,6 +194,7 @@ This package installs Fail2Ban's sendmail actions.  This is the default
 mail actions for Fail2Ban.
 
 
+%if %{with shorewall}
 %package shorewall
 Summary: Shorewall support for Fail2Ban
 Requires: %{name}-server = %{version}-%{release}
@@ -204,6 +213,7 @@ Conflicts: %{name}-shorewall
 
 %description shorewall-lite
 This package enables support for manipulating shorewall rules.
+%endif
 
 
 %package systemd
@@ -411,17 +421,22 @@ fi
 %files sendmail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/sendmail-*.conf
 
+%if %{with shorewall}
 %files shorewall
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
 
 %files shorewall-lite
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/shorewall.conf
+%endif
 
 %files systemd
 %config(noreplace) %{_sysconfdir}/fail2ban/jail.d/00-systemd.conf
 
 
 %changelog
+* Mon Jun 26 2023 Todd Zullinger  - 1.0.2-7
+- exclude shorewall subpackage on epel9 (rhbz#2217649)
+
 * Wed Jun 14 2023 Python Maint  - 1.0.2-6
 - Rebuilt for Python 3.12
 

From 658e0113bc63cbeb5e34ec64a112f0902d1bff42 Mon Sep 17 00:00:00 2001
From: Todd Zullinger 
Date: Mon, 26 Jun 2023 16:23:12 -0400
Subject: [PATCH 168/201] remove commented systemd subpackage deps

Avoid 'Macro expanded in comment' warnings from rpmbuild.  While we
could escape the macros, removing them makes more sense as they've been
commented since 4fa088d (Do not use systemd by default, 2015-02-22).
---
 fail2ban.spec | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d5ae29d..2518b11 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -64,8 +64,6 @@ BuildRequires: gnupg2
 Requires: %{name}-firewalld = %{version}-%{release}
 Requires: %{name}-sendmail = %{version}-%{release}
 Requires: %{name}-server = %{version}-%{release}
-# Currently this breaks jails that don't log to the journal
-#Requires: %{name}-systemd = %{version}-%{release}
 
 
 %description
@@ -129,8 +127,6 @@ Requires: %{name}-server = %{version}-%{release}
 %if %{with shorewall}
 Requires: %{name}-shorewall = %{version}-%{release}
 %endif
-# Currently this breaks jails that don't log to the journal
-#Requires: %{name}-systemd = %{version}-%{release}
 Requires: perl-interpreter
 %if 0%{?rhel} && 0%{?rhel} < 8
 Requires: python-inotify

From 9385a54f44016f787a12bae4d3784693a26a2307 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Wed, 19 Jul 2023 19:14:24 +0000
Subject: [PATCH 169/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild

Signed-off-by: Fedora Release Engineering 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 2518b11..abb603b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -430,6 +430,9 @@ fi
 
 
 %changelog
+* Wed Jul 19 2023 Fedora Release Engineering  - 1.0.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
 * Mon Jun 26 2023 Todd Zullinger  - 1.0.2-7
 - exclude shorewall subpackage on epel9 (rhbz#2217649)
 

From 24c973f252f6d1b4231ee49ee4d5efac785a2fe8 Mon Sep 17 00:00:00 2001
From: Adam Williamson 
Date: Wed, 27 Sep 2023 11:17:14 -0700
Subject: [PATCH 170/201] Fix build for F39+ (Python 3.12 and sqlite 3.42.0
 fixes)

Depend on pyasynchat and pyasyncore, as these are removed from
Python 3.12 but fail2ban is so heavily built on them we cannot
rewrite it in time for the Fedora 39 release. Drop the smtp tests
as they require the Python smptd module that was removed from
Python 3.12 and there's no drop-in replacement. Disable the
database repair test as it cannot work with sqlite 3.42.0.

Upstream references:
https://github.com/fail2ban/fail2ban/issues/3487
https://github.com/fail2ban/fail2ban/issues/3586

Signed-off-by: Adam Williamson 
---
 fail2ban.spec | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index abb603b..ab3b304 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 8%{?dist}
+Release: 9%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -53,6 +53,16 @@ BuildRequires: /usr/bin/2to3
 # For testcases
 BuildRequires: python3-inotify
 %endif
+# using a python3_version-based conditional does not work here, so
+# this is a proxy for "Python version greater than 3.12". asyncore
+# and asynchat were dropped from cpython core in 3.12, these modules
+# make them available again. See:
+# https://github.com/fail2ban/fail2ban/issues/3487
+# https://bugzilla.redhat.com/show_bug.cgi?id=2219991
+%if 0%{?fedora} > 38
+BuildRequires: python3-pyasyncore
+BuildRequires: python3-pyasynchat
+%endif
 BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
@@ -110,6 +120,11 @@ Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
 %else
 Requires: %{name}-selinux
 %endif
+# see note above in BuildRequires section
+%if v"0%{?python3_version}" >= v"3.12"
+Requires: python3-pyasyncore
+Requires: python3-pyasynchat
+%endif
 
 %description server
 This package contains the core server components for Fail2Ban with minimal
@@ -224,6 +239,11 @@ by default.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1
+# this test uses smtpd which is removed in Python 3.12, rewriting it
+# isn't trivial
+%if v"0%{?python3_version}" >= v"3.12"
+rm -f fail2ban/tests/action_d/test_smtp.py
+%endif
 
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
@@ -318,8 +338,14 @@ COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion
 %if 0%{?rhel} && 0%{?rhel} < 8
 %python2 bin/fail2ban-testcases --verbosity=2 --no-network
 %else
+%if 0%{?fedora} > 38
+# testRepairDb does not work with sqlite 3.42.0+
+# https://github.com/fail2ban/fail2ban/issues/3586
+%python3 bin/fail2ban-testcases --verbosity=2 --no-network -i testRepairDb
+%else
 %python3 bin/fail2ban-testcases --verbosity=2 --no-network
 %endif
+%endif
 
 
 %pre selinux
@@ -430,6 +456,11 @@ fi
 
 
 %changelog
+* Wed Sep 27 2023 Adam Williamson  - 1.0.2-9
+- Require pyasynchat and pyasyncore with Python 3.12+
+- Disable smtp tests on F39+ due to removal of smtpd from Python 3.12
+- Disable db repair test on F39+ as it's broken with sqlite 3.42.0+
+
 * Wed Jul 19 2023 Fedora Release Engineering  - 1.0.2-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 

From eea4f1a800b6544ef97fa9b9bcbde651a3923752 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Fri, 19 Jan 2024 18:50:22 +0000
Subject: [PATCH 171/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index ab3b304..7c703f6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 9%{?dist}
+Release: 10%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -456,6 +456,9 @@ fi
 
 
 %changelog
+* Fri Jan 19 2024 Fedora Release Engineering  - 1.0.2-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
 * Wed Sep 27 2023 Adam Williamson  - 1.0.2-9
 - Require pyasynchat and pyasyncore with Python 3.12+
 - Disable smtp tests on F39+ due to removal of smtpd from Python 3.12

From bdb628d410217ba78fbed891660d65134c7a520e Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Wed, 24 Jan 2024 11:09:24 +0000
Subject: [PATCH 172/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 7c703f6..0242655 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 10%{?dist}
+Release: 11%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -456,6 +456,9 @@ fi
 
 
 %changelog
+* Wed Jan 24 2024 Fedora Release Engineering  - 1.0.2-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
 * Fri Jan 19 2024 Fedora Release Engineering  - 1.0.2-10
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 

From f04bf03ceaf7f4a407c189b2732354e729fede52 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Fri, 23 Feb 2024 13:31:03 -0700
Subject: [PATCH 173/201] Allow watch on more logfiles

---
 fail2ban.spec | 13 ++++++++++---
 fail2ban.te   |  5 +++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 0242655..aea220e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -67,7 +67,11 @@ BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
 BuildRequires: make
+%if 0%{?fedora} >= 41
+BuildRequires: bash-completion-devel
+%else
 BuildRequires: bash-completion
+%endif
 BuildRequires: gnupg2
 
 # Default components
@@ -121,7 +125,7 @@ Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
 Requires: %{name}-selinux
 %endif
 # see note above in BuildRequires section
-%if v"0%{?python3_version}" >= v"3.12"
+%if 0%{?fedora} > 38
 Requires: python3-pyasyncore
 Requires: python3-pyasynchat
 %endif
@@ -241,7 +245,7 @@ by default.
 %autosetup -p1
 # this test uses smtpd which is removed in Python 3.12, rewriting it
 # isn't trivial
-%if v"0%{?python3_version}" >= v"3.12"
+%if 0%{?fedora} > 38
 rm -f fail2ban/tests/action_d/test_smtp.py
 %endif
 
@@ -456,6 +460,9 @@ fi
 
 
 %changelog
+* Thu Feb 22 2024 Orion Poplawski  - 1.0.2-12
+- Allow watch on more logfiles
+
 * Wed Jan 24 2024 Fedora Release Engineering  - 1.0.2-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff --git a/fail2ban.te b/fail2ban.te
index 6d36a70..1c02960 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -100,6 +100,11 @@ logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
 allow fail2ban_t fail2ban_log_t:file watch;
+gen_require(`
+        attribute logfile;
+')
+allow fail2ban_t logfile:dir { watch_dir_perms };
+allow fail2ban_t logfile:file { watch_file_perms };
 # Not in EL9 yet
 #logging_watch_audit_log_files(fail2ban_t)
 gen_require(`

From 7a1cec5b814149d44e00ac443246d81ac86a3aea Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Thu, 25 Apr 2024 06:34:59 -0500
Subject: [PATCH 174/201] Add nftables patch and fix selinux /var/run->/run
 issue, fixes RHBZ#1850164

  and RHBZ#2272476.
---
 ...94c5229bd474f612b57b67d796252a4aab7a.patch | 84 -------------------
 fail2ban-nftables.patch                       | 62 ++++++++++++++
 fail2ban.fc                                   |  2 +-
 fail2ban.spec                                 | 11 ++-
 4 files changed, 71 insertions(+), 88 deletions(-)
 delete mode 100644 ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
 create mode 100644 fail2ban-nftables.patch

diff --git a/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch b/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
deleted file mode 100644
index 02a9ae5..0000000
--- a/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From ca2b94c5229bd474f612b57b67d796252a4aab7a Mon Sep 17 00:00:00 2001
-From: sebres 
-Date: Tue, 4 Oct 2022 14:03:07 +0200
-Subject: [PATCH] fixes gh-3370: resolve extremely long search by repeated
- apply of non-greedy RE `(?:: (?:[^\(]+|\w+\([^\)]*\))+)?` with following
- branches (it may be extremely slow up to infinite search depending on
- message); added new regression tests amend to gh-3210: fixes regression and
- matches new format in aggressive mode too
-
----
- ChangeLog                         |  4 ++++
- config/filter.d/dovecot.conf      |  8 +++++---
- fail2ban/tests/files/logs/dovecot | 22 ++++++++++++++++++++++
- 3 files changed, 31 insertions(+), 3 deletions(-)
-
-Index: fail2ban-1.0.1/config/filter.d/dovecot.conf
-===================================================================
---- fail2ban-1.0.1.orig/config/filter.d/dovecot.conf
-+++ fail2ban-1.0.1/config/filter.d/dovecot.conf
-@@ -7,19 +7,21 @@ before = common.conf
- 
- [Definition]
- 
-+_daemon = (?:dovecot(?:-auth)?|auth)
-+
- _auth_worker = (?:dovecot: )?auth(?:-worker)?
- _auth_worker_info = (?:conn \w+:auth(?:-worker)? \([^\)]+\): auth(?:-worker)?<\d+>: )?
--_daemon = (?:dovecot(?:-auth)?|auth)
-+_bypass_reject_reason = (?:: (?:\w+\([^\):]*\) \w+|[^\(]+))*
- 
- prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_auth)s(?:\(dovecot:auth\))?: |(?:pop3|imap|managesieve|submission)-login: )?(?:Info: )?%(_auth_worker_info)s.+$
- 
- failregex = ^authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=(?:\s+user=\S*)?\s*$
--            ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?:: (?:[^\(]+|\w+\([^\)]*\))+)? \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
-+            ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
-             ^pam\(\S+,(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$
-             ^[a-z\-]{3,15}\(\S*,(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch)
-             >
- 
--mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)(?::(?: [^ \(]+)+)? \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
-+mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:no auth attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
- 
- mdre-normal = 
- 
-Index: fail2ban-1.0.1/fail2ban/tests/files/logs/dovecot
-===================================================================
---- fail2ban-1.0.1.orig/fail2ban/tests/files/logs/dovecot
-+++ fail2ban-1.0.1/fail2ban/tests/files/logs/dovecot
-@@ -115,6 +115,17 @@ Aug 28 06:38:51 s166-62-100-187 dovecot:
- # failJSON: { "time": "2004-08-28T06:38:52", "match": true , "host": "192.0.2.4", "desc": "open parenthesis in optional part between Disconnected and (auth failed ...), gh-3210" }
- Aug 28 06:38:52 s166-62-100-187 dovecot: imap-login: Disconnected: Connection closed: read(size=1003) failed: Connection reset by peer (auth failed, 1 attempts in 0 secs): user=, rip=192.0.2.4, lip=127.0.0.19, session=
- 
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
-+
- # failJSON: { "time": "2004-08-29T03:17:18", "match": true , "host": "192.0.2.133" }
- Aug 29 03:17:18 server dovecot: submission-login: Client has quit the connection (auth failed, 1 attempts in 2 secs): user=, method=LOGIN, rip=192.0.2.133, lip=0.0.0.0
- # failJSON: { "time": "2004-08-29T03:53:52", "match": true , "host": "192.0.2.169" }
-@@ -128,6 +139,17 @@ Aug 29 15:33:53 server dovecot: managesi
- 
- # filterOptions: [{"mode": "aggressive"}]
- 
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026) failed: Connection reset by peer
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Connection closed: read(size=1007) failed: Connection reset by peer (no auth attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
-+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host": "192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
-+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol (no auth attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
-+
- # failJSON: { "time": "2004-08-29T16:06:58", "match": true , "host": "192.0.2.5" }
- Aug 29 16:06:58 s166-62-100-187 dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.0.2.5, lip=192.168.1.2, TLS handshaking: SSL_accept() syscall failed: Connection reset by peer
- # failJSON: { "time": "2004-08-31T16:15:10", "match": true , "host": "192.0.2.6" }
diff --git a/fail2ban-nftables.patch b/fail2ban-nftables.patch
new file mode 100644
index 0000000..1124e85
--- /dev/null
+++ b/fail2ban-nftables.patch
@@ -0,0 +1,62 @@
+Index: fail2ban-1.0.2/config/action.d/firewallcmd-rich-rules.conf
+===================================================================
+--- fail2ban-1.0.2.orig/config/action.d/firewallcmd-rich-rules.conf
++++ fail2ban-1.0.2/config/action.d/firewallcmd-rich-rules.conf
+@@ -37,8 +37,8 @@ actioncheck =
+ 
+ fwcmd_rich_rule = rule family='' source address='' port port='$p' protocol='' %(rich-suffix)s
+ 
+-actionban = ports=""; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="%(fwcmd_rich_rule)s"; done
++actionban = ports=""; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="%(fwcmd_rich_rule)s"; done
+ 	   
+-actionunban = ports=""; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="%(fwcmd_rich_rule)s"; done
++actionunban = ports=""; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="%(fwcmd_rich_rule)s"; done
+ 
+-rich-suffix = 
+\ No newline at end of file
++rich-suffix = 
+Index: fail2ban-1.0.2/fail2ban/tests/servertestcase.py
+===================================================================
+--- fail2ban-1.0.2.orig/fail2ban/tests/servertestcase.py
++++ fail2ban-1.0.2/fail2ban/tests/servertestcase.py
+@@ -2051,32 +2051,32 @@ class ServerConfigReaderTests(LogCapture
+ 			('j-fwcmd-rr', 'firewallcmd-rich-rules[port="22:24", protocol="tcp"]', {
+ 				'ip4': ("family='ipv4'", "icmp-port-unreachable",), 'ip6': ("family='ipv6'", 'icmp6-port-unreachable',),
+ 				'ip4-ban': (
+-					"""`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
++					"""`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
+ 				),
+ 				'ip4-unban': (
+-					"""`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
++					"""`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`""",
+ 				),
+ 				'ip6-ban': (
+-					""" `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
++					""" `ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
+ 				),
+ 				'ip6-unban': (
+-					"""`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
++					"""`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`""",
+ 				),					
+ 			}),
+ 			# firewallcmd-rich-logging --
+ 			('j-fwcmd-rl', 'firewallcmd-rich-logging[port="22:24", protocol="tcp"]', {
+ 				'ip4': ("family='ipv4'", "icmp-port-unreachable",), 'ip6': ("family='ipv6'", 'icmp6-port-unreachable',),
+ 				'ip4-ban': (
+-					"""`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
++					"""`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
+ 				),
+ 				'ip4-unban': (
+-					"""`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
++					"""`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`""",
+ 				),
+ 				'ip6-ban': (
+-					""" `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
++					""" `ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
+ 				),
+ 				'ip6-unban': (
+-					"""`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
++					"""`ports="22:24"; for p in $(echo $ports | tr ":, " "- "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`""",
+ 				),					
+ 			}),
+ 		)
diff --git a/fail2ban.fc b/fail2ban.fc
index 4da938f..1379b6e 100644
--- a/fail2ban.fc
+++ b/fail2ban.fc
@@ -6,4 +6,4 @@
 
 /var/lib/fail2ban(/.*)?	gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
 /var/log/fail2ban\.log.*	--	gen_context(system_u:object_r:fail2ban_log_t,s0)
-/var/run/fail2ban.*	gen_context(system_u:object_r:fail2ban_var_run_t,s0)
+/run/fail2ban.*	gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff --git a/fail2ban.spec b/fail2ban.spec
index aea220e..45feacd 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 12%{?dist}
+Release: 13%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -33,10 +33,11 @@ Source6: Makefile
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch0: fail2ban-partof.patch
-# Patch for dovecot jail eating 100% CPU
-#Patch2: https://github.com/fail2ban/fail2ban/commit/ca2b94c5229bd474f612b57b67d796252a4aab7a.patch
 # Remove warning about allowipv6 from startup
 Patch2: https://github.com/fail2ban/fail2ban/commit/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
+# default port in jail.conf is not compatible with firewalld-cmd syntax
+# https://bugzilla.redhat.com/show_bug.cgi?id=1850164
+Patch3: fail2ban-nftables.patch
 
 
 BuildArch: noarch
@@ -460,6 +461,10 @@ fi
 
 
 %changelog
+* Thu Apr 25 2024 Richard Shaw  - 1.0.2-13
+- Add nftables patch and fix selinux /var/run->/run issue, fixes RHBZ#1850164
+  and RHBZ#2272476.
+
 * Thu Feb 22 2024 Orion Poplawski  - 1.0.2-12
 - Allow watch on more logfiles
 

From f982d901c25a62264833bf6d7e0bb4d705b6aea6 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Mon, 6 May 2024 21:01:00 -0500
Subject: [PATCH 175/201] Increment SELinux module version.

Tweak selinux regex for /run/fail2ban.
---
 fail2ban.fc   | 5 +++--
 fail2ban.if   | 4 ++--
 fail2ban.spec | 6 +++++-
 fail2ban.te   | 2 +-
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/fail2ban.fc b/fail2ban.fc
index 1379b6e..f481c4a 100644
--- a/fail2ban.fc
+++ b/fail2ban.fc
@@ -1,4 +1,4 @@
-/etc/rc\.d/init\.d/fail2ban	--	gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0)
+#/etc/rc\.d/init\.d/fail2ban	--	gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0)
 
 /usr/bin/fail2ban	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
 /usr/bin/fail2ban-client	--	gen_context(system_u:object_r:fail2ban_client_exec_t,s0)
@@ -6,4 +6,5 @@
 
 /var/lib/fail2ban(/.*)?	gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
 /var/log/fail2ban\.log.*	--	gen_context(system_u:object_r:fail2ban_log_t,s0)
-/run/fail2ban.*	gen_context(system_u:object_r:fail2ban_var_run_t,s0)
+
+/run/fail2ban(/.*)?				gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff --git a/fail2ban.if b/fail2ban.if
index 94e1936..82c627f 100644
--- a/fail2ban.if
+++ b/fail2ban.if
@@ -243,7 +243,7 @@ interface(`fail2ban_read_pid_files',`
 
 ########################################
 ## 
-##	dontaudit read and write an leaked file descriptors
+##	dontaudit read and write leaked file descriptors
 ## 
 ## 
 ##	
@@ -264,7 +264,7 @@ interface(`fail2ban_dontaudit_leaks',`
 ########################################
 ## 
 ##	All of the rules required to administrate 
-##	an fail2ban environment
+##	a fail2ban environment
 ## 
 ## 
 ##	
diff --git a/fail2ban.spec b/fail2ban.spec
index 45feacd..eaab4d4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 13%{?dist}
+Release: 14%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -461,6 +461,10 @@ fi
 
 
 %changelog
+* Sun May 05 2024 Richard Shaw  - 1.0.2-14
+- Increment SELinux module version.
+- Tweak selinux regex for /run/fail2ban.
+
 * Thu Apr 25 2024 Richard Shaw  - 1.0.2-13
 - Add nftables patch and fix selinux /var/run->/run issue, fixes RHBZ#1850164
   and RHBZ#2272476.
diff --git a/fail2ban.te b/fail2ban.te
index 1c02960..b19bdaa 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -1,4 +1,4 @@
-policy_module(fail2ban, 1.5.0)
+policy_module(fail2ban, 1.5.1)
 
 ########################################
 #

From 43888bfadea10e094e2053f9921a66d556cbdd6a Mon Sep 17 00:00:00 2001
From: Todd Zullinger 
Date: Sun, 12 May 2024 00:01:23 -0400
Subject: [PATCH 176/201] Handle /var/run->/run transition in older Fedora and
 EPEL (RHBZ#2279054)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In Fedora 40 and RHEL 10, SELinux rules for /var/run have moved to /run.
Previous commits have adjusted for this but we need to gracefully handle
the differences in file context equivalence for older releases.

Borrow similar code from the container-selinux package, upstream 6200ed9
(Rename all /var/run file context entries to /run (#298), 2024-03-11)¹
to revert the /var/run -> /run changes in the SElinux file contexts for
older releases.

¹ https://github.com/containers/container-selinux/commit/6200ed9
---
 fail2ban.spec | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index eaab4d4..5754b2c 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -4,9 +4,17 @@
 %bcond_without  shorewall
 %endif
 
+# RHEL < 10 and Fedora < 40 use file context entries in /var/run
+%if %{defined rhel} && 0%{?rhel} < 10
+%define legacy_var_run 1
+%endif
+%if %{defined fedora} && 0%{?fedora} < 40
+%define legacy_var_run 1
+%endif
+
 Name: fail2ban
 Version: 1.0.2
-Release: 14%{?dist}
+Release: 15%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -260,6 +268,10 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
 # SELinux sources
 cp -p %SOURCE3 %SOURCE4 %SOURCE5 .
 
+%if %{defined legacy_var_run}
+sed -i 's|^/run/|/var/run/|' %{name}.fc
+%endif
+
 # 2to3 has been removed from setuptools and we already use the binary in
 # %%prep.
 sed -i "/use_2to3/d" setup.py
@@ -461,6 +473,9 @@ fi
 
 
 %changelog
+* Sat May 11 2024 Todd Zullinger  - 1.0.2-15
+- Handle /var/run->/run transition in older Fedora and EPEL (RHBZ#2279054)
+
 * Sun May 05 2024 Richard Shaw  - 1.0.2-14
 - Increment SELinux module version.
 - Tweak selinux regex for /run/fail2ban.

From 349c5c98fa6358e7d23e71356500e92f17fb8508 Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Fri, 7 Jun 2024 18:57:17 +0200
Subject: [PATCH 177/201] Rebuilt for Python 3.13

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 5754b2c..7211057 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 15%{?dist}
+Release: 16%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -473,6 +473,9 @@ fi
 
 
 %changelog
+* Fri Jun 07 2024 Python Maint  - 1.0.2-16
+- Rebuilt for Python 3.13
+
 * Sat May 11 2024 Todd Zullinger  - 1.0.2-15
 - Handle /var/run->/run transition in older Fedora and EPEL (RHBZ#2279054)
 

From a5fe885227924681832861ebb50c620d472ba943 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Fri, 14 Jun 2024 19:39:10 -0500
Subject: [PATCH 178/201] Update to 1.1.0 for Python 3.13 support.

---
 ...7e1e93936f09e349e80d94254e5f43d0cc8a.patch |  23 ---
 ...41e5309b417a3c7a84fa8f03cf4f93831f1b.patch | 148 ++++++++++++++++++
 fail2ban.spec                                 |  18 +--
 sources                                       |   3 +-
 4 files changed, 157 insertions(+), 35 deletions(-)
 delete mode 100644 432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
 create mode 100644 ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch

diff --git a/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch b/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
deleted file mode 100644
index 74f2739..0000000
--- a/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 432e7e1e93936f09e349e80d94254e5f43d0cc8a Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" 
-Date: Mon, 28 Nov 2022 13:21:15 +0100
-Subject: [PATCH] no warning if no config value but default (debug message now)
-
-closes #3420
----
- fail2ban/client/configreader.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
-index 1b5a56a27c..c7f965ce52 100644
---- a/fail2ban/client/configreader.py
-+++ b/fail2ban/client/configreader.py
-@@ -277,7 +277,7 @@ def getOptions(self, sec, options, pOptions=None, shouldExist=False, convert=Tru
- 				# TODO: validate error handling here.
- 			except NoOptionError:
- 				if not optvalue is None:
--					logSys.warning("'%s' not defined in '%s'. Using default one: %r"
-+					logSys.debug("'%s' not defined in '%s'. Using default one: %r"
- 								% (optname, sec, optvalue))
- 					values[optname] = optvalue
- 				# elif logSys.getEffectiveLevel() <= logLevel:
diff --git a/ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch b/ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch
new file mode 100644
index 0000000..3dc9890
--- /dev/null
+++ b/ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch
@@ -0,0 +1,148 @@
+From ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Fri, 14 Jun 2024 14:31:21 +0200
+Subject: [PATCH] beautifier detect whether it can use unicode chars in stats
+ table; asciified output of beautifier in test suite; closes gh-3750
+
+---
+ fail2ban/client/beautifier.py              | 51 ++++++++++++++--------
+ fail2ban/tests/clientbeautifiertestcase.py | 22 ++++++----
+ 2 files changed, 45 insertions(+), 28 deletions(-)
+
+diff --git a/fail2ban/client/beautifier.py b/fail2ban/client/beautifier.py
+index 7ef173a655..21c49b9483 100644
+--- a/fail2ban/client/beautifier.py
++++ b/fail2ban/client/beautifier.py
+@@ -21,8 +21,10 @@
+ __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2013- Yaroslav Halchenko"
+ __license__ = "GPL"
+ 
++import sys
++
+ from ..exceptions import UnknownJailException, DuplicateJailException
+-from ..helpers import getLogger, logging
++from ..helpers import getLogger, logging, PREFER_ENC
+ 
+ # Gets the instance of the logger.
+ logSys = getLogger(__name__)
+@@ -36,6 +38,11 @@
+ 
+ class Beautifier:
+ 
++	stdoutEnc = PREFER_ENC
++	if sys.stdout and sys.stdout.encoding is not None:
++		stdoutEnc = sys.stdout.encoding
++	encUtf = 1 if stdoutEnc.lower() == 'utf-8' else 0
++
+ 	def __init__(self, cmd = None):
+ 		self.__inputCmd = cmd
+ 
+@@ -104,7 +111,11 @@ def jail_stat(response, pref=""):
+ 							jail_stat(j, "      " if i == len(jstat) else "   |  ")
+ 				msg = "\n".join(msg)
+ 			elif inC[0:1] == ['stats'] or inC[0:1] == ['statistics']:
+-				def _statstable(response):
++				chrTable = [
++					['|', '-', '|', 'x', 'x', '-', '|', '-'], ## ascii
++					["\u2551", "\u2550", "\u255F", "\u256B", "\u256C", "\u2569", "\u2502", "\u2500"] ## utf-8
++				];
++				def _statstable(response, ct):
+ 					tophead = ["Jail", "Backend", "Filter", "Actions"]
+ 					headers = ["", "", "cur", "tot", "cur", "tot"]
+ 					minlens = [8, 8, 3, 3, 3, 3]
+@@ -120,29 +131,31 @@ def _statstable(response):
+ 						f = "%%%ds" if ralign[i] else "%%-%ds"
+ 						rfmt.append(f % lens[i])
+ 						hfmt.append(f % lens[i])
+-					rfmt = [rfmt[0], rfmt[1], "%s \u2502 %s" % (rfmt[2], rfmt[3]), "%s \u2502 %s" % (rfmt[4], rfmt[5])]
+-					hfmt = [hfmt[0], hfmt[1], "%s \u2502 %s" % (hfmt[2], hfmt[3]), "%s \u2502 %s" % (hfmt[4], hfmt[5])]
++					rfmt = [rfmt[0], rfmt[1], "%s %s %s" % (rfmt[2], ct[6], rfmt[3]), "%s %s %s" % (rfmt[4], ct[6], rfmt[5])]
++					hfmt = [hfmt[0], hfmt[1], "%s %s %s" % (hfmt[2], ct[6], hfmt[3]), "%s %s %s" % (hfmt[4], ct[6], hfmt[5])]
+ 					tlens = [lens[0], lens[1], 3 + lens[2] + lens[3], 3 + lens[4] + lens[5]]
+ 					tfmt = [hfmt[0], hfmt[1], "%%-%ds" % (tlens[2],), "%%-%ds" % (tlens[3],)]
+ 					tsep = tfmt[0:2]
+-					rfmt = " \u2551 ".join(rfmt)
+-					hfmt = " \u2551 ".join(hfmt)
+-					tfmt = " \u2551 ".join(tfmt)
+-					tsep = " \u2551 ".join(tsep)
+-					separator = ((tsep % tuple(tophead[0:2])) + " \u255F\u2500" + 
+-						("\u2500\u256B\u2500".join(['\u2500' * n for n in tlens[2:]])) + '\u2500')
++					rfmt = (" "+ct[0]+" ").join(rfmt)
++					hfmt = (" "+ct[0]+" ").join(hfmt)
++					tfmt = (" "+ct[0]+" ").join(tfmt)
++					tsep = (" "+ct[0]+" ").join(tsep)
++					separator = ((tsep % tuple(tophead[0:2])) + " "+ct[2]+ct[7] + 
++						((ct[7]+ct[3]+ct[7]).join([ct[7] * n for n in tlens[2:]])) + ct[7])
+ 					ret = []
+-					ret.append(tfmt % tuple(["", ""]+tophead[2:]))
+-					ret.append(separator)
+-					ret.append(hfmt % tuple(headers))
+-					separator = "\u2550\u256C\u2550".join(['\u2550' * n for n in tlens]) + '\u2550'
+-					ret.append(separator)
++					ret.append(" "+tfmt % tuple(["", ""]+tophead[2:]))
++					ret.append(" "+separator)
++					ret.append(" "+hfmt % tuple(headers))
++					separator = (ct[1]+ct[4]+ct[1]).join([ct[1] * n for n in tlens]) + ct[1]
++					ret.append(ct[1]+separator)
+ 					for row in rows:
+-						ret.append(rfmt % tuple(row))
+-					separator = "\u2550\u2569\u2550".join(['\u2550' * n for n in tlens]) + '\u2550'
+-					ret.append(separator)
++						ret.append(" "+rfmt % tuple(row))
++					separator = (ct[1]+ct[5]+ct[1]).join([ct[1] * n for n in tlens]) + ct[1]
++					ret.append(ct[1]+separator)
+ 					return ret
+-				msg = "\n".join(_statstable(response))
++				if not response:
++					return "No jails found."
++				msg = "\n".join(_statstable(response, chrTable[self.encUtf]))
+ 			elif len(inC) < 2:
+ 				pass # to few cmd args for below
+ 			elif inC[1] == "syslogsocket":
+diff --git a/fail2ban/tests/clientbeautifiertestcase.py b/fail2ban/tests/clientbeautifiertestcase.py
+index defedbe1bf..5fcb240479 100644
+--- a/fail2ban/tests/clientbeautifiertestcase.py
++++ b/fail2ban/tests/clientbeautifiertestcase.py
+@@ -34,6 +34,7 @@ def setUp(self):
+ 		""" Call before every test case """
+ 		super(BeautifierTest, self).setUp()
+ 		self.b = Beautifier()
++		self.b.encUtf = 0; ## we prefer ascii in test suite (see #3750)
+ 
+ 	def tearDown(self):
+ 		""" Call after every test case """
+@@ -170,22 +171,25 @@ def testStatus(self):
+ 
+ 	def testStatusStats(self):
+ 		self.b.setInputCmd(["stats"])
++		## no jails:
++		self.assertEqual(self.b.beautify({}), "No jails found.")
++		## 3 jails:
+ 		response = {
+ 			"ssh": ["systemd", (3, 6), (12, 24)],
+ 			"exim4": ["pyinotify", (6, 12), (20, 20)],
+ 			"jail-with-long-name": ["polling", (0, 0), (0, 0)]
+ 		}
+ 		output = (""
+-			+ "                    ?           ? Filter    ? Actions  \n"
+-			+ "Jail                ? Backend   ????????????????????????\n"
+-			+ "                    ?           ? cur ? tot ? cur ? tot\n"
+-			+ "????????????????????????????????????????????????????????\n"
+-			+ "ssh                 ? systemd   ?   3 ?   6 ?  12 ?  24\n"
+-			+ "exim4               ? pyinotify ?   6 ?  12 ?  20 ?  20\n"
+-			+ "jail-with-long-name ? polling   ?   0 ?   0 ?   0 ?   0\n"
+-			+ "????????????????????????????????????????????????????????"
++			+ "                     |           | Filter    | Actions  \n"
++			+ " Jail                | Backend   |-----------x-----------\n"
++			+ "                     |           | cur | tot | cur | tot\n"
++			+ "---------------------x-----------x-----------x-----------\n"
++			+ " ssh                 | systemd   |   3 |   6 |  12 |  24\n"
++			+ " exim4               | pyinotify |   6 |  12 |  20 |  20\n"
++			+ " jail-with-long-name | polling   |   0 |   0 |   0 |   0\n"
++			+ "---------------------------------------------------------"
+ 		)
+-		response = self.b.beautify(response).encode('ascii', 'replace').decode('ascii')
++		response = self.b.beautify(response)
+ 		self.assertEqual(response, output)
+ 			
+ 
diff --git a/fail2ban.spec b/fail2ban.spec
index 7211057..bfda77b 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -13,8 +13,8 @@
 %endif
 
 Name: fail2ban
-Version: 1.0.2
-Release: 16%{?dist}
+Version: 1.1.0
+Release: 1%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -41,11 +41,11 @@ Source6: Makefile
 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
 # https://bugzilla.redhat.com/show_bug.cgi?id=1573185
 Patch0: fail2ban-partof.patch
-# Remove warning about allowipv6 from startup
-Patch2: https://github.com/fail2ban/fail2ban/commit/432e7e1e93936f09e349e80d94254e5f43d0cc8a.patch
 # default port in jail.conf is not compatible with firewalld-cmd syntax
 # https://bugzilla.redhat.com/show_bug.cgi?id=1850164
-Patch3: fail2ban-nftables.patch
+Patch1: fail2ban-nftables.patch
+# Work around encoding issues during tests
+Patch2: https://github.com/fail2ban/fail2ban/commit/ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch
 
 
 BuildArch: noarch
@@ -58,7 +58,6 @@ BuildRequires: python-inotify
 %else
 BuildRequires: python3-devel
 BuildRequires: python3-setuptools
-BuildRequires: /usr/bin/2to3
 # For testcases
 BuildRequires: python3-inotify
 %endif
@@ -260,10 +259,6 @@ rm -f fail2ban/tests/action_d/test_smtp.py
 
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
-%if 0%{?fedora} || 0%{?rhel} >= 8
-2to3 --write --nobackups .
-find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3_version},' {} +
-%endif
 
 # SELinux sources
 cp -p %SOURCE3 %SOURCE4 %SOURCE5 .
@@ -473,6 +468,9 @@ fi
 
 
 %changelog
+* Wed Jun 12 2024 Richard Shaw  - 1.1.0-1
+- Update to 1.1.0 for Python 3.13 support.
+
 * Fri Jun 07 2024 Python Maint  - 1.0.2-16
 - Rebuilt for Python 3.13
 
diff --git a/sources b/sources
index 0300c30..934b139 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-SHA512 (fail2ban-1.0.2.tar.gz) = 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb
-SHA512 (fail2ban-1.0.2.tar.gz.asc) = 1c0af7e454d52879788d9728010a68159a94668d93799da5533999e8c821db87f651b3606347af16fd92a4540a7a343dc682f72bb3bab14e3666f848883d8644
+SHA512 (fail2ban-1.1.0.tar.gz) = 9bff7b9c41e58a953901800468e5c4153c9db6af01c7eb18111ad8620b40d03a0771020472fb759b2809d250e2bb45471e6c7e8283e72ea48290ecf7bf921821

From a9e460f2e2eb080b8435d52130406721fec7a17c Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Fri, 14 Jun 2024 19:53:30 -0500
Subject: [PATCH 179/201] Upload checksum file.

---
 .gitignore                |  1 -
 fail2ban-1.1.0.tar.gz.asc | 11 +++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 fail2ban-1.1.0.tar.gz.asc

diff --git a/.gitignore b/.gitignore
index e633b53..082f70a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
 /fail2ban-*/
-/fail2ban-*.tar.gz*
diff --git a/fail2ban-1.1.0.tar.gz.asc b/fail2ban-1.1.0.tar.gz.asc
new file mode 100644
index 0000000..f764f97
--- /dev/null
+++ b/fail2ban-1.1.0.tar.gz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEhzhVnib2cd+eLG2eaDvxvr0KiCwFAmYqzEoACgkQaDvxvr0K
+iCwMfQf9GcxsuVs/LiHeDYmmvFOxCmS2zO4K5pzDuX1JmtSzKCj9HbPSxUWbIZIc
+yJv+x8t6QNBPBMnxI70TP+RcxKpCO4Fc2WRcrYS5B6gDTKy9Ty0fHorHlA4QQthu
+ywoqxf1eddQKcwlk+lw/wI1QPwZ1xA93BkasJht/bTnhAvXJBeN1Tgf+jZ23bHHf
+9FIGV8zt8fvaAIG8lB22AD/+PhSYEkp1TRuRx9VEuBbkH00u1i054I0cHTrsu3Fr
+jTIljf5TgpmFyXHBCA6JT6nnGn0jsaNDT/lBNxUmw5BmMxGWUTv4SlKbcjKjgXRH
+MTZipOHHYPx/7IyKJJvB1p1gvmOxyg==
+=qvry
+-----END PGP SIGNATURE-----

From ee0aa3906976fbbe49516aa0ff3aa4529fd2e763 Mon Sep 17 00:00:00 2001
From: Nils Philippsen 
Date: Fri, 12 Jul 2024 11:06:05 +0200
Subject: [PATCH 180/201] Use SPDX license identifier

Signed-off-by: Nils Philippsen 
---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index bfda77b..0c46fbb 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -17,7 +17,7 @@ Version: 1.1.0
 Release: 1%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
-License: GPLv2+
+License: GPL-2.0-or-later
 URL: http://fail2ban.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
@@ -468,6 +468,9 @@ fi
 
 
 %changelog
+* Fri Jul 12 2024 Nils Philippsen 
+- Use SPDX license identifier
+
 * Wed Jun 12 2024 Richard Shaw  - 1.1.0-1
 - Update to 1.1.0 for Python 3.13 support.
 

From 2620a99049a9008a6b32ddafd83845c594dff74e Mon Sep 17 00:00:00 2001
From: Nils Philippsen 
Date: Fri, 12 Jul 2024 11:07:15 +0200
Subject: [PATCH 181/201] Use https upstream URL

Signed-off-by: Nils Philippsen 
---
 fail2ban.spec | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 0c46fbb..b28b250 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -18,7 +18,7 @@ Release: 1%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
-URL: http://fail2ban.sourceforge.net/
+URL: https://fail2ban.sourceforge.net
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
 # Releases are signed by Serg G. Brester (sebres) .  The
@@ -470,6 +470,7 @@ fi
 %changelog
 * Fri Jul 12 2024 Nils Philippsen 
 - Use SPDX license identifier
+- Use https upstream URL
 
 * Wed Jun 12 2024 Richard Shaw  - 1.1.0-1
 - Update to 1.1.0 for Python 3.13 support.

From a549d7607bfebe1f34e4da1097a5cebd370812aa Mon Sep 17 00:00:00 2001
From: Nils Philippsen 
Date: Fri, 12 Jul 2024 11:07:31 +0200
Subject: [PATCH 182/201] Bump release

Signed-off-by: Nils Philippsen 
---
 fail2ban.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index b28b250..6bbcde7 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -468,7 +468,7 @@ fi
 
 
 %changelog
-* Fri Jul 12 2024 Nils Philippsen 
+* Fri Jul 12 2024 Nils Philippsen  - 1.1.0-2
 - Use SPDX license identifier
 - Use https upstream URL
 

From 6d7a157679b87ebd5e2a7d6b2af816f563299687 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Wed, 17 Jul 2024 22:41:28 +0000
Subject: [PATCH 183/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 6bbcde7..5045b2e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -468,6 +468,9 @@ fi
 
 
 %changelog
+* Wed Jul 17 2024 Fedora Release Engineering  - 1.1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
 * Fri Jul 12 2024 Nils Philippsen  - 1.1.0-2
 - Use SPDX license identifier
 - Use https upstream URL

From f5c4652fbf39e280dc9332057fe6c8ef67003b3e Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Sat, 28 Sep 2024 15:00:29 -0500
Subject: [PATCH 184/201] Add patch to deal with changes to OpenSSL log output.

---
 3782.patch    | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++
 fail2ban.spec |  7 +++-
 2 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 3782.patch

diff --git a/3782.patch b/3782.patch
new file mode 100644
index 0000000..764db01
--- /dev/null
+++ b/3782.patch
@@ -0,0 +1,94 @@
+From 2fed408c05ac5206b490368d94599869bd6a056d Mon Sep 17 00:00:00 2001
+From: Fabian Dellwing 
+Date: Tue, 2 Jul 2024 07:54:15 +0200
+Subject: [PATCH 1/5] Adjust sshd filter for OpenSSH 9.8 new daemon name
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index 1c8a02deb5..a1fd749aed 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+ 
+ [DEFAULT]
+ 
+-_daemon = sshd
++_daemon = (?:sshd(?:-session)?)
+ 
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
+
+From 7b335f47ea112e2a36e59287582e613aef2fa0a3 Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Wed, 3 Jul 2024 19:09:28 +0200
+Subject: [PATCH 2/5] sshd: add test coverage for new format, gh-3782
+
+---
+ fail2ban/tests/files/logs/sshd | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd
+index ed54ded4d4..7d3948ed80 100644
+--- a/fail2ban/tests/files/logs/sshd
++++ b/fail2ban/tests/files/logs/sshd
+@@ -20,6 +20,9 @@ Feb 25 14:34:10 belka sshd[31603]: Failed password for invalid user ROOT from aa
+ # failJSON: { "time": "2005-02-25T14:34:11", "match": true , "host": "aaaa:bbbb:cccc:1234::1:1" }
+ Feb 25 14:34:11 belka sshd[31603]: Failed password for invalid user ROOT from aaaa:bbbb:cccc:1234::1:1
+ 
++# failJSON: { "time": "2005-07-03T14:59:17", "match": true , "host": "192.0.2.1", "desc": "new log with session in daemon prefix, gh-3782" }
++Jul  3 14:59:17 host sshd-session[1571]: Failed password for root from 192.0.2.1 port 56502 ssh2
++
+ #3
+ # failJSON: { "time": "2005-01-05T01:31:41", "match": true , "host": "1.2.3.4" }
+ Jan  5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM 1.2.3.4
+
+From 8360776ce1b119d519a842069c73bec7f5e24fad Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Wed, 3 Jul 2024 19:33:39 +0200
+Subject: [PATCH 3/5] zzz-sshd-obsolete-multiline.conf: adjusted to new
+ sshd-session log format
+
+---
+ fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf b/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf
+index ad8adeb69f..14256ba68c 100644
+--- a/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf
++++ b/fail2ban/tests/config/filter.d/zzz-sshd-obsolete-multiline.conf
+@@ -9,7 +9,7 @@ before = ../../../../config/filter.d/common.conf
+ 
+ [DEFAULT]
+ 
+-_daemon = sshd
++_daemon = sshd(?:-session)?
+ 
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
+
+From 50ff131a0fd8f54fdeb14b48353f842ee8ae8c1a Mon Sep 17 00:00:00 2001
+From: "Sergey G. Brester" 
+Date: Wed, 3 Jul 2024 19:35:28 +0200
+Subject: [PATCH 4/5] filter.d/sshd.conf: ungroup (unneeded for _daemon)
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index a1fd749aed..3a84b1ba52 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -16,7 +16,7 @@ before = common.conf
+ 
+ [DEFAULT]
+ 
+-_daemon = (?:sshd(?:-session)?)
++_daemon = sshd(?:-session)?
+ 
+ # optional prefix (logged from several ssh versions) like "error: ", "error: PAM: " or "fatal: "
+ __pref = (?:(?:error|fatal): (?:PAM: )?)?
+
diff --git a/fail2ban.spec b/fail2ban.spec
index 5045b2e..796cec2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -46,6 +46,8 @@ Patch0: fail2ban-partof.patch
 Patch1: fail2ban-nftables.patch
 # Work around encoding issues during tests
 Patch2: https://github.com/fail2ban/fail2ban/commit/ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2315252
+Patch3: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3782.patch
 
 
 BuildArch: noarch
@@ -468,6 +470,9 @@ fi
 
 
 %changelog
+* Sat Sep 28 2024 Richard Shaw  - 1.1.0-4
+- Add patch to deal with changes to OpenSSL log output.
+
 * Wed Jul 17 2024 Fedora Release Engineering  - 1.1.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
 

From aeb6d90f3c4097da942e35b359b8645e283b0c3d Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Tue, 15 Oct 2024 21:07:36 -0500
Subject: [PATCH 185/201] Add upstream patch for python distutils removal.

---
 fail2ban.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 796cec2..bd0cde2 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -48,6 +48,8 @@ Patch1: fail2ban-nftables.patch
 Patch2: https://github.com/fail2ban/fail2ban/commit/ab9d41e5309b417a3c7a84fa8f03cf4f93831f1b.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2315252
 Patch3: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3782.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2295265
+Patch4: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3728.patch
 
 
 BuildArch: noarch
@@ -470,6 +472,9 @@ fi
 
 
 %changelog
+* Wed Oct 16 2024 Richard Shaw  - 1.1.0-5
+- Add upstream patch for python distutils removal.
+
 * Sat Sep 28 2024 Richard Shaw  - 1.1.0-4
 - Add patch to deal with changes to OpenSSL log output.
 

From 086c68ba34b53602d7b8dbc56ba7637f5fa83d8f Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Tue, 15 Oct 2024 21:11:32 -0500
Subject: [PATCH 186/201] Add patch.

---
 3728.patch | 160 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 160 insertions(+)
 create mode 100644 3728.patch

diff --git a/3728.patch b/3728.patch
new file mode 100644
index 0000000..b25c4a9
--- /dev/null
+++ b/3728.patch
@@ -0,0 +1,160 @@
+From a763fbbdfd6486e372965b4009eb3fe5db346718 Mon Sep 17 00:00:00 2001
+From: Branch Vincent 
+Date: Sat, 27 Apr 2024 10:24:01 -0700
+Subject: [PATCH 1/3] replace distutils for python 3.12
+
+---
+ doc/conf.py                        | 5 +----
+ fail2ban/server/filterpyinotify.py | 3 +--
+ fail2ban/server/filtersystemd.py   | 3 +--
+ 3 files changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/doc/conf.py b/doc/conf.py
+index 20845a5a0e..48d27f7062 100644
+--- a/doc/conf.py
++++ b/doc/conf.py
+@@ -47,12 +47,9 @@
+ #
+ 
+ from fail2ban.version import version as fail2ban_version
+-from distutils.version import LooseVersion
+-
+-fail2ban_loose_version = LooseVersion(fail2ban_version)
+ 
+ # The short X.Y version.
+-version = ".".join(str(_) for _ in fail2ban_loose_version.version[:2])
++version = ".".join(str(_) for _ in fail2ban_version.split(".")[:2])
+ # The full version, including alpha/beta/rc tags.
+ release = fail2ban_version
+ 
+diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py
+index 81bc7de393..c6972ced3f 100644
+--- a/fail2ban/server/filterpyinotify.py
++++ b/fail2ban/server/filterpyinotify.py
+@@ -24,7 +24,6 @@
+ __license__ = "GPL"
+ 
+ import logging
+-from distutils.version import LooseVersion
+ import os
+ from os.path import dirname, sep as pathsep
+ 
+@@ -38,7 +37,7 @@
+ 
+ 
+ if not hasattr(pyinotify, '__version__') \
+-  or LooseVersion(pyinotify.__version__) < '0.8.3': # pragma: no cover
++  or pyinotify.__version__.split(".") < '0.8.3'.split("."): # pragma: no cover
+   raise ImportError("Fail2Ban requires pyinotify >= 0.8.3")
+ 
+ # Verify that pyinotify is functional on this system
+diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
+index 5aea9fdadc..2d4f862b97 100644
+--- a/fail2ban/server/filtersystemd.py
++++ b/fail2ban/server/filtersystemd.py
+@@ -24,10 +24,9 @@
+ 
+ import os
+ import time
+-from distutils.version import LooseVersion
+ 
+ from systemd import journal
+-if LooseVersion(getattr(journal, '__version__', "0")) < '204':
++if getattr(journal, "__version__", "0").split(".") < "204".split("."):
+ 	raise ImportError("Fail2Ban requires systemd >= 204")
+ 
+ from .failmanager import FailManagerEmpty
+
+From ed20a9a5b9039319dd8913dfecf640e6eafee28b Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Tue, 7 May 2024 12:51:14 +0200
+Subject: [PATCH 2/3] there is no systemd < 204 and pyinotify < 0.8.3 for
+ supported python3 versions anymore
+
+---
+ fail2ban/server/filterpyinotify.py | 4 ----
+ fail2ban/server/filtersystemd.py   | 2 --
+ 2 files changed, 6 deletions(-)
+
+diff --git a/fail2ban/server/filterpyinotify.py b/fail2ban/server/filterpyinotify.py
+index c6972ced3f..f2f31e6fb5 100644
+--- a/fail2ban/server/filterpyinotify.py
++++ b/fail2ban/server/filterpyinotify.py
+@@ -36,10 +36,6 @@
+ from ..helpers import getLogger
+ 
+ 
+-if not hasattr(pyinotify, '__version__') \
+-  or pyinotify.__version__.split(".") < '0.8.3'.split("."): # pragma: no cover
+-  raise ImportError("Fail2Ban requires pyinotify >= 0.8.3")
+-
+ # Verify that pyinotify is functional on this system
+ # Even though imports -- might be dysfunctional, e.g. as on kfreebsd
+ try:
+diff --git a/fail2ban/server/filtersystemd.py b/fail2ban/server/filtersystemd.py
+index 2d4f862b97..abd66e1f76 100644
+--- a/fail2ban/server/filtersystemd.py
++++ b/fail2ban/server/filtersystemd.py
+@@ -26,8 +26,6 @@
+ import time
+ 
+ from systemd import journal
+-if getattr(journal, "__version__", "0").split(".") < "204".split("."):
+-	raise ImportError("Fail2Ban requires systemd >= 204")
+ 
+ from .failmanager import FailManagerEmpty
+ from .filter import JournalFilter, Filter
+
+From 0185e1c7d5e6534ab212462dd2aeab6f89e2fb50 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Tue, 7 May 2024 13:06:50 +0200
+Subject: [PATCH 3/3] setup.py: no distutils anymore
+
+---
+ setup.py | 25 ++++++-------------------
+ 1 file changed, 6 insertions(+), 19 deletions(-)
+
+diff --git a/setup.py b/setup.py
+index 9f7bd8fb59..ee9ea4df82 100755
+--- a/setup.py
++++ b/setup.py
+@@ -24,23 +24,10 @@
+ 
+ import platform
+ 
+-try:
+-	import setuptools
+-	from setuptools import setup
+-	from setuptools.command.install import install
+-	from setuptools.command.install_scripts import install_scripts
+-	from setuptools.command.build_py import build_py
+-	build_scripts = None
+-except ImportError:
+-	setuptools = None
+-	from distutils.core import setup
+-
+-# older versions
+-if setuptools is None:
+-	from distutils.command.build_py import build_py
+-	from distutils.command.build_scripts import build_scripts
+-	from distutils.command.install import install
+-	from distutils.command.install_scripts import install_scripts
++import setuptools
++from setuptools import setup
++from setuptools.command.install import install
++from setuptools.command.install_scripts import install_scripts
+ 
+ import os
+ from os.path import isfile, join, isdir, realpath
+@@ -207,9 +194,9 @@ def run(self):
+ 	url = "http://www.fail2ban.org",
+ 	license = "GPL",
+ 	platforms = "Posix",
+-	cmdclass = dict({'build_py': build_py, 'build_scripts': build_scripts} if build_scripts else {}, **{
++	cmdclass = {
+ 		'install_scripts': install_scripts_f2b, 'install': install_command_f2b
+-	}),
++	},
+ 	scripts = [
+ 		'bin/fail2ban-client',
+ 		'bin/fail2ban-server',

From ffd8fd89f46b7ccae21928d275de989807a29c82 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 18 Dec 2024 21:57:34 -0700
Subject: [PATCH 187/201] Update URL to www.fail2ban.org

---
 fail2ban.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index bd0cde2..0db84f9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -18,7 +18,7 @@ Release: 5%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
-URL: https://fail2ban.sourceforge.net
+URL: https://www.fail2ban.org
 Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
 # Releases are signed by Serg G. Brester (sebres) .  The

From f82f7572438d40d2bb803bd772944ea8074b8d46 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Wed, 18 Dec 2024 22:06:26 -0700
Subject: [PATCH 188/201] Add upstream fix for sshd filter (rhbz#2332945)

---
 ...effceb998b73545073ac59c479d9d9bf19a4.patch | 23 +++++++++++++++++++
 fail2ban.spec                                 |  8 ++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 54c0effceb998b73545073ac59c479d9d9bf19a4.patch

diff --git a/54c0effceb998b73545073ac59c479d9d9bf19a4.patch b/54c0effceb998b73545073ac59c479d9d9bf19a4.patch
new file mode 100644
index 0000000..e606591
--- /dev/null
+++ b/54c0effceb998b73545073ac59c479d9d9bf19a4.patch
@@ -0,0 +1,23 @@
+From 54c0effceb998b73545073ac59c479d9d9bf19a4 Mon Sep 17 00:00:00 2001
+From: sebres 
+Date: Sun, 11 Aug 2024 12:10:12 +0200
+Subject: [PATCH] filter.d/sshd.conf: amend to #3747/#3812 (new ssh version
+ would log with `_COMM=sshd-session`)
+
+---
+ config/filter.d/sshd.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
+index 206b913a78..595e957f0b 100644
+--- a/config/filter.d/sshd.conf
++++ b/config/filter.d/sshd.conf
+@@ -126,7 +126,7 @@ ignoreregex =
+ 
+ maxlines = 1
+ 
+-journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd
++journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd + _COMM=sshd-session
+ 
+ # DEV Notes:
+ #
diff --git a/fail2ban.spec b/fail2ban.spec
index 0db84f9..d9176f1 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 5%{?dist}
+Release: 6%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -50,6 +50,9 @@ Patch2: https://github.com/fail2ban/fail2ban/commit/ab9d41e5309b417a3c7a84fa8f03
 Patch3: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3782.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2295265
 Patch4: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3728.patch
+# Upstream fix to also catch sshd-session logs
+# https://bugzilla.redhat.com/show_bug.cgi?id=2332945
+Patch5: https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c479d9d9bf19a4.patch
 
 
 BuildArch: noarch
@@ -472,6 +475,9 @@ fi
 
 
 %changelog
+* Thu Dec 19 2024 Orion Poplawski  - 1.1.0-6
+- Add upstream fix for sshd filter (rhbz#2332945)
+
 * Wed Oct 16 2024 Richard Shaw  - 1.1.0-5
 - Add upstream patch for python distutils removal.
 

From 427d59c82c26c01625dd7ce55fcd392b61177785 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Thu, 16 Jan 2025 17:46:20 +0000
Subject: [PATCH 189/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index d9176f1..4c25528 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 6%{?dist}
+Release: 7%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -475,6 +475,9 @@ fi
 
 
 %changelog
+* Thu Jan 16 2025 Fedora Release Engineering  - 1.1.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
 * Thu Dec 19 2024 Orion Poplawski  - 1.1.0-6
 - Add upstream fix for sshd filter (rhbz#2332945)
 

From e05e420f1136e7e279af42e8fb87ada5ea61c7f3 Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Tue, 3 Jun 2025 12:20:18 +0200
Subject: [PATCH 190/201] Rebuilt for Python 3.14

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 4c25528..3c8abf9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 7%{?dist}
+Release: 8%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -475,6 +475,9 @@ fi
 
 
 %changelog
+* Tue Jun 03 2025 Python Maint  - 1.1.0-8
+- Rebuilt for Python 3.14
+
 * Thu Jan 16 2025 Fedora Release Engineering  - 1.1.0-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
 

From 8ca2e0c0934f7780584cca2fff51ff66c918c5f1 Mon Sep 17 00:00:00 2001
From: Fedora Release Engineering 
Date: Wed, 23 Jul 2025 20:16:38 +0000
Subject: [PATCH 191/201] Rebuilt for
 https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 3c8abf9..fa917b6 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 8%{?dist}
+Release: 9%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -475,6 +475,9 @@ fi
 
 
 %changelog
+* Wed Jul 23 2025 Fedora Release Engineering  - 1.1.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
 * Tue Jun 03 2025 Python Maint  - 1.1.0-8
 - Rebuilt for Python 3.14
 

From 787d2fc9453d827e9e4d4e15b83cd9773bc1c4ff Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Fri, 15 Aug 2025 12:46:21 +0200
Subject: [PATCH 192/201] Rebuilt for Python 3.14.0rc2 bytecode

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index fa917b6..018f5d0 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 9%{?dist}
+Release: 10%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -475,6 +475,9 @@ fi
 
 
 %changelog
+* Fri Aug 15 2025 Python Maint  - 1.1.0-10
+- Rebuilt for Python 3.14.0rc2 bytecode
+
 * Wed Jul 23 2025 Fedora Release Engineering  - 1.1.0-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
 

From 96f951a7b46e32315c0018a874e2634dcf6154f8 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 20 Aug 2025 21:01:27 -0500
Subject: [PATCH 193/201] Migrate from from Python setup.py to Wheels.

---
 fail2ban.spec | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 3c8abf9..64847f0 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -279,11 +279,15 @@ sed -i 's|^/run/|/var/run/|' %{name}.fc
 sed -i "/use_2to3/d" setup.py
 
 
+%generate_buildrequires
+%pyproject_buildrequires
+
+
 %build
 %if 0%{?rhel} && 0%{?rhel} < 8
 %py2_build
 %else
-%py3_build
+%pyproject_wheel
 %endif
 make -f %SOURCE6
 
@@ -294,8 +298,11 @@ make -f %SOURCE6
 # Make symbolic link relative
 ln -fs python2 %{buildroot}%{_bindir}/fail2ban-python
 %else
-%py3_install
+%pyproject_install
 ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
+mv %{buildroot}%{python3_sitelib}/etc %{buildroot}
+mv %{buildroot}%{python3_sitelib}/%{_datadir} %{buildroot}%{_datadir}
+rmdir %{buildroot}%{python3_sitelib}%{_prefix}
 %endif
 
 mkdir -p %{buildroot}%{_unitdir}
@@ -310,6 +317,7 @@ install -m 0600 /dev/null %{buildroot}/run/fail2ban/fail2ban.pid
 install -d -m 0755 %{buildroot}%{_localstatedir}/lib/fail2ban/
 mkdir -p %{buildroot}%{_tmpfilesdir}
 install -p -m 0644 files/fail2ban-tmpfiles.conf %{buildroot}%{_tmpfilesdir}/fail2ban.conf
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}/jail.d
 
 # Remove non-Linux actions
 rm %{buildroot}%{_sysconfdir}/%{name}/action.d/*ipfw.conf

From 1e81dc17a061fe1481bc42c4a0a02886e5081805 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 20 Aug 2025 21:05:46 -0500
Subject: [PATCH 194/201] Move from setup.py to wheels per

  https://fedoraproject.org/wiki/Changes/DeprecateSetuppyMacros.
---
 fail2ban.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index c30c794..1747ec4 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 10%{?dist}
+Release: 11%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -483,6 +483,10 @@ fi
 
 
 %changelog
+* Thu Aug 21 2025 Richard Shaw  - 1.1.0-11
+- Move from setup.py to wheels per
+  https://fedoraproject.org/wiki/Changes/DeprecateSetuppyMacros.
+
 * Fri Aug 15 2025 Python Maint  - 1.1.0-10
 - Rebuilt for Python 3.14.0rc2 bytecode
 

From 3534afe23c6cb3eaa5af4845e27755761737a9c8 Mon Sep 17 00:00:00 2001
From: Python Maint 
Date: Fri, 19 Sep 2025 12:15:56 +0200
Subject: [PATCH 195/201] Rebuilt for Python 3.14.0rc3 bytecode

---
 fail2ban.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 1747ec4..a0850e3 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -483,6 +483,9 @@ fi
 
 
 %changelog
+* Fri Sep 19 2025 Python Maint  - 1.1.0-12
+- Rebuilt for Python 3.14.0rc3 bytecode
+
 * Thu Aug 21 2025 Richard Shaw  - 1.1.0-11
 - Move from setup.py to wheels per
   https://fedoraproject.org/wiki/Changes/DeprecateSetuppyMacros.

From 497c1cf25ac0e6fa9b5fb6e183728df50e2fcf05 Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Thu, 9 Oct 2025 21:36:47 -0600
Subject: [PATCH 196/201] Fix paths in fail2ban.service (rhbz#2399981)

---
 fail2ban.spec | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index a0850e3..44bf5d9 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 12%{?dist}
+Release: 13%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -306,7 +306,9 @@ rmdir %{buildroot}%{python3_sitelib}%{_prefix}
 %endif
 
 mkdir -p %{buildroot}%{_unitdir}
-cp -p build/fail2ban.service %{buildroot}%{_unitdir}/
+# Note that the tests rewrite build/fail2ban.service, but it uses build/ paths before the rewrite
+# so we will do our own modification
+sed -e 's,@BINDIR@,%{_bindir},' files/fail2ban.service.in > %{buildroot}%{_unitdir}/fail2ban.service
 mkdir -p %{buildroot}%{_mandir}/man{1,5}
 install -p -m 644 man/*.1 %{buildroot}%{_mandir}/man1
 install -p -m 644 man/*.5 %{buildroot}%{_mandir}/man5
@@ -483,6 +485,9 @@ fi
 
 
 %changelog
+* Fri Oct 10 2025 Orion Poplawski  - 1.1.0-13
+- Fix paths in fail2ban.service (rhbz#2399981)
+
 * Fri Sep 19 2025 Python Maint  - 1.1.0-12
 - Rebuilt for Python 3.14.0rc3 bytecode
 

From cef4e690dbfee185c71854313a257ede2c103bae Mon Sep 17 00:00:00 2001
From: Orion Poplawski 
Date: Sat, 11 Oct 2025 17:24:44 -0600
Subject: [PATCH 197/201] Cleanup old confitionals

---
 fail2ban.spec | 71 +++++----------------------------------------------
 1 file changed, 7 insertions(+), 64 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 44bf5d9..59c39ca 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -8,13 +8,10 @@
 %if %{defined rhel} && 0%{?rhel} < 10
 %define legacy_var_run 1
 %endif
-%if %{defined fedora} && 0%{?fedora} < 40
-%define legacy_var_run 1
-%endif
 
 Name: fail2ban
 Version: 1.1.0
-Release: 13%{?dist}
+Release: 14%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -57,24 +54,17 @@ Patch5: https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c4
 
 BuildArch: noarch
 
-%if 0%{?rhel} && 0%{?rhel} < 8
-BuildRequires: python-devel
-BuildRequires: python-setuptools
-# For testcases
-BuildRequires: python-inotify
-%else
 BuildRequires: python3-devel
 BuildRequires: python3-setuptools
 # For testcases
 BuildRequires: python3-inotify
-%endif
 # using a python3_version-based conditional does not work here, so
 # this is a proxy for "Python version greater than 3.12". asyncore
 # and asynchat were dropped from cpython core in 3.12, these modules
 # make them available again. See:
 # https://github.com/fail2ban/fail2ban/issues/3487
 # https://bugzilla.redhat.com/show_bug.cgi?id=2219991
-%if 0%{?fedora} > 38
+%if 0%{?fedora} || 0%{?rhel} >= 10
 BuildRequires: python3-pyasyncore
 BuildRequires: python3-pyasynchat
 %endif
@@ -82,7 +72,7 @@ BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
 BuildRequires: make
-%if 0%{?fedora} >= 41
+%if 0%{?fedora} || 0%{?rhel} >= 11
 BuildRequires: bash-completion-devel
 %else
 BuildRequires: bash-completion
@@ -123,24 +113,14 @@ SELinux policies for Fail2Ban.
 
 %package server
 Summary: Core server component for Fail2Ban
-%if 0%{?rhel} && 0%{?rhel} < 8
-Requires: systemd-python
-Requires: ipset
-Requires: iptables
-%else
 Requires: python3-systemd
 Requires: nftables
-%endif
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-%if 0%{?fedora} || 0%{?rhel} >= 8
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
-%else
-Requires: %{name}-selinux
-%endif
 # see note above in BuildRequires section
-%if 0%{?fedora} > 38
+%if 0%{?fedora} || 0%{?rhel} >= 10
 Requires: python3-pyasyncore
 Requires: python3-pyasynchat
 %endif
@@ -162,13 +142,7 @@ Requires: %{name}-server = %{version}-%{release}
 Requires: %{name}-shorewall = %{version}-%{release}
 %endif
 Requires: perl-interpreter
-%if 0%{?rhel} && 0%{?rhel} < 8
-Requires: python-inotify
-# No python3 support for gamin so epel only
-Requires: gamin-python
-%else
 Requires: python3-inotify
-%endif
 Requires: /usr/bin/whois
 
 %description all
@@ -258,11 +232,6 @@ by default.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1
-# this test uses smtpd which is removed in Python 3.12, rewriting it
-# isn't trivial
-%if 0%{?fedora} > 38
-rm -f fail2ban/tests/action_d/test_smtp.py
-%endif
 
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
@@ -284,26 +253,16 @@ sed -i "/use_2to3/d" setup.py
 
 
 %build
-%if 0%{?rhel} && 0%{?rhel} < 8
-%py2_build
-%else
 %pyproject_wheel
-%endif
 make -f %SOURCE6
 
 
 %install
-%if 0%{?rhel} && 0%{?rhel} < 8
-%py2_install
-# Make symbolic link relative
-ln -fs python2 %{buildroot}%{_bindir}/fail2ban-python
-%else
 %pyproject_install
 ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
 mv %{buildroot}%{python3_sitelib}/etc %{buildroot}
 mv %{buildroot}%{python3_sitelib}/%{_datadir} %{buildroot}%{_datadir}
 rmdir %{buildroot}%{python3_sitelib}%{_prefix}
-%endif
 
 mkdir -p %{buildroot}%{_unitdir}
 # Note that the tests rewrite build/fail2ban.service, but it uses build/ paths before the rewrite
@@ -364,17 +323,7 @@ COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion
 
 
 %check
-%if 0%{?rhel} && 0%{?rhel} < 8
-%python2 bin/fail2ban-testcases --verbosity=2 --no-network
-%else
-%if 0%{?fedora} > 38
-# testRepairDb does not work with sqlite 3.42.0+
-# https://github.com/fail2ban/fail2ban/issues/3586
-%python3 bin/fail2ban-testcases --verbosity=2 --no-network -i testRepairDb
-%else
 %python3 bin/fail2ban-testcases --verbosity=2 --no-network
-%endif
-%endif
 
 
 %pre selinux
@@ -414,13 +363,8 @@ fi
 %{_bindir}/fail2ban-python
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-server
-%if 0%{?rhel} && 0%{?rhel} < 8
-%{python2_sitelib}/*
-%exclude %{python2_sitelib}/fail2ban/tests
-%else
 %{python3_sitelib}/*
 %exclude %{python3_sitelib}/fail2ban/tests
-%endif
 %{_unitdir}/fail2ban.service
 %{_datadir}/bash-completion/
 %{_mandir}/man1/fail2ban.1*
@@ -456,11 +400,7 @@ fi
 %files tests
 %{_bindir}/fail2ban-testcases
 %{_mandir}/man1/fail2ban-testcases.1*
-%if 0%{?rhel} && 0%{?rhel} < 8
-%{python2_sitelib}/fail2ban/tests
-%else
 %{python3_sitelib}/fail2ban/tests
-%endif
 
 %files mail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf
@@ -485,6 +425,9 @@ fi
 
 
 %changelog
+* Sat Oct 11 2025 Orion Poplawski  - 1.1.0-14
+- Cleanup old conditionals
+
 * Fri Oct 10 2025 Orion Poplawski  - 1.1.0-13
 - Fix paths in fail2ban.service (rhbz#2399981)
 

From 283bb7f670f399e08fc7624d42e3d9e24f75d255 Mon Sep 17 00:00:00 2001
From: Filippo Bonazzi 
Date: Wed, 15 Oct 2025 12:27:20 +0200
Subject: [PATCH 198/201] fail2ban: allow fail2ban to watch all log files and
 dirs (bsc#1251952)

---
 fail2ban.te | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/fail2ban.te b/fail2ban.te
index b19bdaa..5bc2394 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -99,22 +99,12 @@ logging_read_syslog_pid(fail2ban_t)
 logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
-allow fail2ban_t fail2ban_log_t:file watch;
-gen_require(`
-        attribute logfile;
-')
-allow fail2ban_t logfile:dir { watch_dir_perms };
-allow fail2ban_t logfile:file { watch_file_perms };
 # Not in EL9 yet
 #logging_watch_audit_log_files(fail2ban_t)
-gen_require(`
-	type var_log_t, auditd_log_t;
-')
-watch_files_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
-#logging_watch_audit_log_dirs(fail2ban_t)
-allow fail2ban_t var_log_t:dir search_dir_perms;
-watch_dirs_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
-logging_watch_generic_log_dirs(fail2ban_t)
+logging_watch_all_log_files(fail2ban_t)
+logging_watch_all_log_dirs(fail2ban_t)
+logging_watch_audit_log_files(fail2ban_t)
+logging_watch_audit_log_dirs(fail2ban_t)
 logging_watch_journal_dir(fail2ban_t)
 
 mta_send_mail(fail2ban_t)

From 1243b0dcffbaa69d475a2f5c6e340cee73d34cf9 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 31 Dec 2025 09:07:24 -0600
Subject: [PATCH 199/201] Remove obsolete distro version related conditionals.

---
 fail2ban.spec | 68 ---------------------------------------------------
 1 file changed, 68 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 44bf5d9..d7945ec 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -57,36 +57,17 @@ Patch5: https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c4
 
 BuildArch: noarch
 
-%if 0%{?rhel} && 0%{?rhel} < 8
-BuildRequires: python-devel
-BuildRequires: python-setuptools
-# For testcases
-BuildRequires: python-inotify
-%else
 BuildRequires: python3-devel
 BuildRequires: python3-setuptools
 # For testcases
 BuildRequires: python3-inotify
-%endif
-# using a python3_version-based conditional does not work here, so
-# this is a proxy for "Python version greater than 3.12". asyncore
-# and asynchat were dropped from cpython core in 3.12, these modules
-# make them available again. See:
-# https://github.com/fail2ban/fail2ban/issues/3487
-# https://bugzilla.redhat.com/show_bug.cgi?id=2219991
-%if 0%{?fedora} > 38
 BuildRequires: python3-pyasyncore
 BuildRequires: python3-pyasynchat
-%endif
 BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
 BuildRequires: make
-%if 0%{?fedora} >= 41
 BuildRequires: bash-completion-devel
-%else
-BuildRequires: bash-completion
-%endif
 BuildRequires: gnupg2
 
 # Default components
@@ -123,27 +104,15 @@ SELinux policies for Fail2Ban.
 
 %package server
 Summary: Core server component for Fail2Ban
-%if 0%{?rhel} && 0%{?rhel} < 8
-Requires: systemd-python
-Requires: ipset
-Requires: iptables
-%else
 Requires: python3-systemd
 Requires: nftables
-%endif
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-%if 0%{?fedora} || 0%{?rhel} >= 8
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
-%else
-Requires: %{name}-selinux
-%endif
 # see note above in BuildRequires section
-%if 0%{?fedora} > 38
 Requires: python3-pyasyncore
 Requires: python3-pyasynchat
-%endif
 
 %description server
 This package contains the core server components for Fail2Ban with minimal
@@ -162,13 +131,7 @@ Requires: %{name}-server = %{version}-%{release}
 Requires: %{name}-shorewall = %{version}-%{release}
 %endif
 Requires: perl-interpreter
-%if 0%{?rhel} && 0%{?rhel} < 8
-Requires: python-inotify
-# No python3 support for gamin so epel only
-Requires: gamin-python
-%else
 Requires: python3-inotify
-%endif
 Requires: /usr/bin/whois
 
 %description all
@@ -260,9 +223,7 @@ by default.
 %autosetup -p1
 # this test uses smtpd which is removed in Python 3.12, rewriting it
 # isn't trivial
-%if 0%{?fedora} > 38
 rm -f fail2ban/tests/action_d/test_smtp.py
-%endif
 
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
@@ -284,26 +245,16 @@ sed -i "/use_2to3/d" setup.py
 
 
 %build
-%if 0%{?rhel} && 0%{?rhel} < 8
-%py2_build
-%else
 %pyproject_wheel
-%endif
 make -f %SOURCE6
 
 
 %install
-%if 0%{?rhel} && 0%{?rhel} < 8
-%py2_install
-# Make symbolic link relative
-ln -fs python2 %{buildroot}%{_bindir}/fail2ban-python
-%else
 %pyproject_install
 ln -fs python3 %{buildroot}%{_bindir}/fail2ban-python
 mv %{buildroot}%{python3_sitelib}/etc %{buildroot}
 mv %{buildroot}%{python3_sitelib}/%{_datadir} %{buildroot}%{_datadir}
 rmdir %{buildroot}%{python3_sitelib}%{_prefix}
-%endif
 
 mkdir -p %{buildroot}%{_unitdir}
 # Note that the tests rewrite build/fail2ban.service, but it uses build/ paths before the rewrite
@@ -364,17 +315,7 @@ COMPLETIONDIR=%{buildroot}$(pkg-config --variable=completionsdir bash-completion
 
 
 %check
-%if 0%{?rhel} && 0%{?rhel} < 8
-%python2 bin/fail2ban-testcases --verbosity=2 --no-network
-%else
-%if 0%{?fedora} > 38
-# testRepairDb does not work with sqlite 3.42.0+
-# https://github.com/fail2ban/fail2ban/issues/3586
-%python3 bin/fail2ban-testcases --verbosity=2 --no-network -i testRepairDb
-%else
 %python3 bin/fail2ban-testcases --verbosity=2 --no-network
-%endif
-%endif
 
 
 %pre selinux
@@ -414,13 +355,8 @@ fi
 %{_bindir}/fail2ban-python
 %{_bindir}/fail2ban-regex
 %{_bindir}/fail2ban-server
-%if 0%{?rhel} && 0%{?rhel} < 8
-%{python2_sitelib}/*
-%exclude %{python2_sitelib}/fail2ban/tests
-%else
 %{python3_sitelib}/*
 %exclude %{python3_sitelib}/fail2ban/tests
-%endif
 %{_unitdir}/fail2ban.service
 %{_datadir}/bash-completion/
 %{_mandir}/man1/fail2ban.1*
@@ -456,11 +392,7 @@ fi
 %files tests
 %{_bindir}/fail2ban-testcases
 %{_mandir}/man1/fail2ban-testcases.1*
-%if 0%{?rhel} && 0%{?rhel} < 8
-%{python2_sitelib}/fail2ban/tests
-%else
 %{python3_sitelib}/fail2ban/tests
-%endif
 
 %files mail
 %config(noreplace) %{_sysconfdir}/fail2ban/action.d/complain.conf

From 6d5ba5175848a0110fc723eca675f51401a6bfff Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 31 Dec 2025 11:56:31 -0600
Subject: [PATCH 200/201] Add patch for Dovecot 2.4 jail. Fixes BZ#2426440.

---
 ...4c060cdc233af9a6deeb85a6523da0416f31.patch | 60 +++++++++++++++++++
 fail2ban.spec                                 |  8 ++-
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 04ff4c060cdc233af9a6deeb85a6523da0416f31.patch

diff --git a/04ff4c060cdc233af9a6deeb85a6523da0416f31.patch b/04ff4c060cdc233af9a6deeb85a6523da0416f31.patch
new file mode 100644
index 0000000..cb6d5c2
--- /dev/null
+++ b/04ff4c060cdc233af9a6deeb85a6523da0416f31.patch
@@ -0,0 +1,60 @@
+From 04ff4c060cdc233af9a6deeb85a6523da0416f31 Mon Sep 17 00:00:00 2001
+From: Nic Boet 
+Date: Fri, 13 Jun 2025 16:44:57 -0500
+Subject: [PATCH] Dovecot 2.4 filter support
+
+Dovecot 2.4 release is a major upgrade
+Logger event structure has changed, all messages are now
+prefixed with:
+
+        "Login aborted: "  "auth failed"
+
+Maintain 2.3 support as many folks have yet to migrate,
+community edition is still receiving cretial security patches
+
+Dovecot 2.4.1
+Python 3.12.10
+
+Signed-off-by: Nic Boet 
+---
+ config/filter.d/dovecot.conf      | 2 ++
+ fail2ban/tests/files/logs/dovecot | 6 ++++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
+index dc3ebbcd42..f49eebe726 100644
+--- a/config/filter.d/dovecot.conf
++++ b/config/filter.d/dovecot.conf
+@@ -17,6 +17,7 @@ prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?: )?(?:%(__pam_a
+ 
+ failregex = ^authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=(?:\s+user=\S*)?\s*$
+             ^(?:Aborted login|Disconnected|Remote closed connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\):(?: user=<[^>]*>,)?(?: method=\S+,)? rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
++            ^(?:Login aborted):\s*%(_bypass_reject_reason)s.*?\((?:auth failed, \d+ attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth failed)\)(?:\s*\([^)]+\))?:\s*(?:user=<[^>]*>,?\s*)?(?:,?\s*method=\S+,\s*)?rip=(?:[^>]*(?:, session=<\S+>)?)\s*$
+             ^pam\(\S+,(?:,\S*)?\): pam_authenticate\(\) failed: (?:User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \([Pp]assword mismatch\?\)|Permission denied)\s*$
+             ^[a-z\-]{3,15}\(\S*,(?:,\S*)?\): (?:[Uu]nknown user|[Ii]nvalid credentials|[Pp]assword mismatch)
+             >
+@@ -43,6 +44,7 @@ datepattern = {^LN-BEG}TAI64N
+ # DEV Notes:
+ # * the first regex is essentially a copy of pam-generic.conf
+ # * Probably doesn't do dovecot sql/ldap backends properly (resolved in edit 21/03/2016)
++# * Dovecot version 2.4 changed event log structure, line prior needed to maintain 2.3 support
+ #
+ # Author: Martin Waschbuesch
+ #         Daniel Black (rewrote with begin and end anchors)
+diff --git a/fail2ban/tests/files/logs/dovecot b/fail2ban/tests/files/logs/dovecot
+index 0e33296129..4f5a0b7867 100644
+--- a/fail2ban/tests/files/logs/dovecot
++++ b/fail2ban/tests/files/logs/dovecot
+@@ -22,6 +22,12 @@ Jun 14 00:48:21 platypus dovecot: imap-login: Disconnected (auth failed, 1 attem
+ # failJSON: { "time": "2005-06-23T00:52:43", "match": true , "host": "193.95.245.163" }
+ Jun 23 00:52:43 vhost1-ua dovecot: pop3-login: Disconnected: Inactivity (auth failed, 1 attempts): user=, method=PLAIN, rip=193.95.245.163, lip=176.214.13.210
+ 
++# Dovecot version 2.4
++# failJSON: { "time": "2005-06-12T19:07:29", "match": true , "host": "192.0.2.241" }
++Jun 12 19:07:29 hostname dovecot[241]: imap-login: Login aborted: Connection closed (auth failed, 3 attempts in 16 secs) (auth_failed): user=, method=PLAIN, rip=192.0.2.241, lip=203.0.113.104, TLS, session=<9ZHq02g3J8S60fan>
++# failJSON: { "time": "2005-06-13T16:35:56", "match": true , "host": "192.0.2.241" }
++Jun 13 16:35:56 mx dovecot[241]: managesieve-login: Login aborted: Logged out (auth failed, 1 attempts in 10 secs) (auth_failed): user=, method=PLAIN, rip=192.0.2.241, lip=203.0.113.104, TLS, session=
++
+ # failJSON: { "time": "2005-07-02T13:49:31", "match": true , "host": "192.51.100.13" }
+ Jul 02 13:49:31 hostname dovecot[442]: pop3-login: Aborted login (auth failed, 1 attempts in 17 secs): user=, method=PLAIN, rip=192.51.100.13, lip=203.0.113.17, session=
+ 
diff --git a/fail2ban.spec b/fail2ban.spec
index d7945ec..6ca2a95 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -14,7 +14,7 @@
 
 Name: fail2ban
 Version: 1.1.0
-Release: 13%{?dist}
+Release: 14%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -53,6 +53,9 @@ Patch4: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3728
 # Upstream fix to also catch sshd-session logs
 # https://bugzilla.redhat.com/show_bug.cgi?id=2332945
 Patch5: https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c479d9d9bf19a4.patch
+# Needed for Dovecot change to loging format in 2.4 but has not fail2ban version 1.1.0
+# https://bugzilla.redhat.com/show_bug.cgi?id=2426440
+Patch6: https://github.com/fail2ban/fail2ban/commit/04ff4c060cdc233af9a6deeb85a6523da0416f31.patch
 
 
 BuildArch: noarch
@@ -417,6 +420,9 @@ fi
 
 
 %changelog
+* Wed Dec 31 2025 Richard Shaw  - 1.1.0-14
+- Add patch for Dovecot 2.4 jail. Fixes BZ#2426440.
+
 * Fri Oct 10 2025 Orion Poplawski  - 1.1.0-13
 - Fix paths in fail2ban.service (rhbz#2399981)
 

From 800dd5db0fa0fd497dcd325d2cb628606b327a03 Mon Sep 17 00:00:00 2001
From: Richard Shaw 
Date: Wed, 31 Dec 2025 12:04:38 -0600
Subject: [PATCH 201/201] Add patch for Dovecot 2.4 jail. Fixes BZ#2426440.

---
 fail2ban.spec | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 6ca2a95..6ca56b5 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -8,13 +8,10 @@
 %if %{defined rhel} && 0%{?rhel} < 10
 %define legacy_var_run 1
 %endif
-%if %{defined fedora} && 0%{?fedora} < 40
-%define legacy_var_run 1
-%endif
 
 Name: fail2ban
 Version: 1.1.0
-Release: 14%{?dist}
+Release: 15%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPL-2.0-or-later
@@ -53,7 +50,7 @@ Patch4: https://patch-diff.githubusercontent.com/raw/fail2ban/fail2ban/pull/3728
 # Upstream fix to also catch sshd-session logs
 # https://bugzilla.redhat.com/show_bug.cgi?id=2332945
 Patch5: https://github.com/fail2ban/fail2ban/commit/54c0effceb998b73545073ac59c479d9d9bf19a4.patch
-# Needed for Dovecot change to loging format in 2.4 but has not fail2ban version 1.1.0
+# Needed for Dovecot change to loging format in 2.4, fixed in f2b version 1.1.1.
 # https://bugzilla.redhat.com/show_bug.cgi?id=2426440
 Patch6: https://github.com/fail2ban/fail2ban/commit/04ff4c060cdc233af9a6deeb85a6523da0416f31.patch
 
@@ -64,13 +61,25 @@ BuildRequires: python3-devel
 BuildRequires: python3-setuptools
 # For testcases
 BuildRequires: python3-inotify
+# using a python3_version-based conditional does not work here, so
+# this is a proxy for "Python version greater than 3.12". asyncore
+# and asynchat were dropped from cpython core in 3.12, these modules
+# make them available again. See:
+# https://github.com/fail2ban/fail2ban/issues/3487
+# https://bugzilla.redhat.com/show_bug.cgi?id=2219991
+%if 0%{?fedora} || 0%{?rhel} >= 10
 BuildRequires: python3-pyasyncore
 BuildRequires: python3-pyasynchat
+%endif
 BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
 BuildRequires: make
+%if 0%{?fedora} || 0%{?rhel} >= 11
 BuildRequires: bash-completion-devel
+%else
+BuildRequires: bash-completion
+%endif
 BuildRequires: gnupg2
 
 # Default components
@@ -114,8 +123,10 @@ Requires(preun): systemd
 Requires(postun): systemd
 Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
 # see note above in BuildRequires section
+%if 0%{?fedora} || 0%{?rhel} >= 10
 Requires: python3-pyasyncore
 Requires: python3-pyasynchat
+%endif
 
 %description server
 This package contains the core server components for Fail2Ban with minimal
@@ -224,9 +235,6 @@ by default.
 %prep
 %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1
-# this test uses smtpd which is removed in Python 3.12, rewriting it
-# isn't trivial
-rm -f fail2ban/tests/action_d/test_smtp.py
 
 # Use Fedora paths
 sed -i -e 's/^before = paths-.*/before = paths-fedora.conf/' config/jail.conf
@@ -420,9 +428,12 @@ fi
 
 
 %changelog
-* Wed Dec 31 2025 Richard Shaw  - 1.1.0-14
+* Wed Dec 31 2025 Richard Shaw  - 1.1.0-15
 - Add patch for Dovecot 2.4 jail. Fixes BZ#2426440.
 
+* Sat Oct 11 2025 Orion Poplawski  - 1.1.0-14
+- Cleanup old conditionals
+
 * Fri Oct 10 2025 Orion Poplawski  - 1.1.0-13
 - Fix paths in fail2ban.service (rhbz#2399981)