automatic version update by autodist [release 1.1.0-1mamba;Tue Apr 30 2024]

fail2ban-0.11.2-ufw-0.36-ipv6-2.patch

@@ -1,37 +0,0 @@
-From 5debaa4cac2723fa863ede9ed32c19cc82c71786 Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" <serg.brester@sebres.de>
-Date: Thu, 6 May 2021 20:23:58 +0200
-Subject: [PATCH] option "add", can be set to "insert <num>" instead of prepend
- (customization or backwards compat)
-
----
- config/action.d/ufw.conf | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
-index b47fa7e77..bf06fe679 100644
---- a/config/action.d/ufw.conf
-+++ b/config/action.d/ufw.conf
-@@ -19,9 +19,9 @@ actioncheck =
- 
- actionban = if [ -n "<application>" ] && ufw app info "<application>"
-             then
--              ufw prepend <blocktype> from <ip> to <destination> app "<application>" comment "<comment>"
-+              ufw <add> <blocktype> from <ip> to <destination> app "<application>" comment "<comment>"
-             else
--              ufw prepend <blocktype> from <ip> to <destination> comment "<comment>"
-+              ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
-             fi
-             ss -K dst [<ip>]
- 
-@@ -33,6 +33,10 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
-               fi
- 
- [Init]
-+# Option: add
-+# Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):
-+add = prepend
-+
- # Option: blocktype
- # Notes.: reject or deny
- blocktype = reject

fail2ban-0.11.2-ufw-0.36-ipv6.patch

@@ -1,58 +0,0 @@
-From e4e7a83cffb4fb5cbb35c204795fba45c8f40c61 Mon Sep 17 00:00:00 2001
-From: usernamepi <53445688+usernamepi@users.noreply.github.com>
-Date: Thu, 6 May 2021 13:44:36 +0200
-Subject: [PATCH] Update ufw.conf
-
-Prerequisites:
-* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
-* Ufw version is => 0.36 (released in 2018)
-
-* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
-* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
-* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
-   Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
-   My system apparently is compiled that way.
----
- config/action.d/ufw.conf | 27 ++++++++++++++++++---------
- 1 file changed, 18 insertions(+), 9 deletions(-)
-
-diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
-index d2f731f2e6..b47fa7e772 100644
---- a/config/action.d/ufw.conf
-+++ b/config/action.d/ufw.conf
-@@ -13,17 +13,26 @@ actionstop =
- 
- actioncheck = 
- 
--actionban = [ -n "<application>" ] && app="app <application>"
--            ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
--
--actionunban = [ -n "<application>" ] && app="app <application>"
--              ufw delete <blocktype> from <ip> to <destination> $app
-+# ufw does "quickly process packets for which we already have a connection" in before.rules,
-+# therefore all related sockets should be closed
-+# actionban is using `ss` to do so, this only handles IPv4 and IPv6.
-+
-+actionban = if [ -n "<application>" ] && ufw app info "<application>"
-+            then
-+              ufw prepend <blocktype> from <ip> to <destination> app "<application>" comment "<comment>"
-+            else
-+              ufw prepend <blocktype> from <ip> to <destination> comment "<comment>"
-+            fi
-+            ss -K dst [<ip>]
-+
-+actionunban = if [ -n "<application>" ] && ufw app info "<application>"
-+              then
-+                ufw delete <blocktype> from <ip> to <destination> app "<application>"
-+              else
-+                ufw delete <blocktype> from <ip> to <destination>
-+              fi
- 
- [Init]
--# Option: insertpos
--# Notes.:  The position number in the firewall list to insert the block rule
--insertpos = 1
--
- # Option: blocktype
- # Notes.: reject or deny
- blocktype = reject

fail2ban-0.11.2-ufw-add-kill-options.patch

@@ -1,45 +0,0 @@
-From 8f6a8df3a45395620e434fd15b4ede694a1d00aa Mon Sep 17 00:00:00 2001
-From: "Sergey G. Brester" <serg.brester@sebres.de>
-Date: Thu, 6 May 2021 21:47:06 +0200
-Subject: [PATCH] added new options `kill-mode` and `kill`, which makes the
- drop of all connections optional
-
----
- config/action.d/ufw.conf | 17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
-index bf06fe679..cf8c22bec 100644
---- a/config/action.d/ufw.conf
-+++ b/config/action.d/ufw.conf
-@@ -23,7 +23,7 @@ actionban = if [ -n "<application>" ] && ufw app info "<application>"
-             else
-               ufw <add> <blocktype> from <ip> to <destination> comment "<comment>"
-             fi
--            ss -K dst [<ip>]
-+            <kill>
- 
- actionunban = if [ -n "<application>" ] && ufw app info "<application>"
-               then
-@@ -32,6 +32,21 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
-                 ufw delete <blocktype> from <ip> to <destination>
-               fi
- 
-+# Option: kill-mode
-+# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
-+# Example: banaction = ufw[kill-mode=ss]
-+kill-mode =
-+
-+# intern conditional parameter used to provide killing mode after ban:
-+_kill_ =
-+_kill_ss = ss -K dst "[<ip>]"
-+
-+# Option: kill
-+# Notes.: can be used to specify custom killing feature, by default depending on option kill-mode
-+# Examples: banaction = ufw[kill='ss -K "( sport = :http || sport = :https )" dst "[<ip>]"']
-+            banaction = ufw[kill='cutter "<ip>"']
-+kill = <_kill_<kill-mode>>
-+
- [Init]
- # Option: add
- # Notes.: can be set to "insert 1" to insert a rule at certain position (here 1):

fail2ban.spec

@@ -1,6 +1,6 @@
 Name:          fail2ban
-Version:       1.0.2
-Release:       2mamba
+Version:       1.1.0
+Release:       1mamba
 Summary:       Daemon to ban hosts that cause multiple authentication errors
 Group:         Applications/Security
 Vendor:        openmamba
@@ -9,9 +9,6 @@ Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           https://github.com/fail2ban/fail2ban
 Source:        https://github.com/fail2ban/fail2ban.git/%{version}/fail2ban-%{version}.tar.bz2
 Source1:       fail2ban-paths-openmamba.conf
-Patch0:        fail2ban-0.11.2-ufw-0.36-ipv6.patch
-Patch1:        fail2ban-0.11.2-ufw-0.36-ipv6-2.patch
-Patch2:        fail2ban-0.11.2-ufw-add-kill-options.patch
 License:       GPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: libpython311-devel
@@ -25,9 +22,6 @@ Daemon to ban hosts that cause multiple authentication errors.
 
 %prep
 %setup -q
-#%patch0 -p1
-#%patch1 -p1
-#%patch2 -p1
 
 sed -i "s|/var/run/|/run/|" files/fail2ban.service.in \
    files/fail2ban-tmpfiles.conf fail2ban/server/*.py \
@@ -37,7 +31,6 @@ sed -i "s|/var/run/|/run/|" files/fail2ban.service.in \
 sed -i "s|paths-debian.conf|paths-openmamba.conf|" config/jail.conf
 
 %build
-./fail2ban-2to3
 CFLAGS="%{optflags}" %{__python3} setup.py build
 
 %install
@@ -119,6 +112,9 @@ rm -f %{buildroot}%{_sysconfdir}/paths-{arch,debian,fedora,freebsd,opensuse,osx}
 %doc COPYING THANKS
 
 %changelog
+* Tue Apr 30 2024 Automatic Build System <autodist@openmamba.org> 1.1.0-1mamba
+- automatic version update by autodist
+
 * Mon Oct 09 2023 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0.2-2mamba
 - rebuilt with python3 == 3.11