meta-security: subtree update:6053e8b8e2..9504d02694

Armin Kuster (19):
      softhsm: drop pkg as meta-oe has it
      apparmor: Inherit python3targetconfig
      python3-suricata-update: Inherit python3targetconfig
      openscap: Inherit python3targetconfig
      scap-security-guide: Inherit python3targetconfig
      nikito: Update common-licenses references to match new names
      kas-security-base.yml: build setting updates
      kas-security-base.yml: drop DL_DIR
      arpwatch: upgrade 3.0 -> 3.1
      checksec: upgrade 2.1.0 -> 2.4.0
      ding-libs: upgrade 0.5.0 -> 0.6.1
      fscryptctl: upgrade 0.1.0 -> 1.0.0
      libseccomp: upgrade 2.5.0 -> 2.5.1
      python3-privacyidea: upgrade 3.3 -> 3.5.1
      python3-scapy: upgrade 2.4.3 -> 2.4.4
      samhain: update to 4.4.3
      opendnssec: update to 2.1.8
      suricata: update to 4.10.0
      python3-fail2ban: update to 0.11.2

Jate Sujjavanich (1):
      scap-security-guide: Fix openembedded platform tests and build

Ming Liu (9):
      ima-evm-utils: set native REQUIRED_DISTRO_FEATURES to empty
      initramfs-framework-ima: fix a wrong path
      ima-evm-keys: add recipe
      initramfs-framework-ima: RDEPENDS on ima-evm-keys
      meta: refactor IMA/EVM sign rootfs
      README.md: update according to the refactoring in ima-evm-rootfs.bbclass
      initramfs-framework-ima: let ima_enabled return 0
      ima-evm-rootfs.bbclass: avoid generating /etc/fstab for wic
      ima-policy-hashed: add CGROUP2_SUPER_MAGIC fsmagic

Yi Zhao (1):
      ibmswtpm2: disable camellia algorithm

Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ic7dc6f5425a1493ac0534e10ed682662d109e60c
diff --git a/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
new file mode 100644
index 0000000..6767d80
--- /dev/null
+++ b/meta-security/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -0,0 +1,52 @@
+SUMMARY = "Daemon to ban hosts that cause multiple authentication errors."
+DESCRIPTION = "Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too \
+many failed login attempts. It does this by updating system firewall rules to reject new \
+connections from those IP addresses, for a configurable amount of time. Fail2Ban comes \
+out-of-the-box ready to read many standard log files, such as those for sshd and Apache, \
+and is easy to configure to read any log file you choose, for any error you choose."
+HOMEPAGE = "http://www.fail2ban.org"
+
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ecabc31e90311da843753ba772885d9f"
+
+SRCREV ="eea1881b734b73599a21df2bfbe58b11f78d0a46"
+SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11 \
+        file://initd \
+        file://fail2ban_setup.py \
+        file://run-ptest \
+"
+
+inherit update-rc.d ptest setuptools3
+
+S = "${WORKDIR}/git"
+
+do_compile_prepend () {
+    cp ${WORKDIR}/fail2ban_setup.py ${S}/setup.py
+    cd ${S}
+    ./fail2ban-2to3
+}
+
+do_install_append () {
+    install -d ${D}/${sysconfdir}/fail2ban
+    install -d ${D}/${sysconfdir}/init.d
+    install -m 0755 ${WORKDIR}/initd ${D}${sysconfdir}/init.d/fail2ban-server
+    chown -R root:root ${D}/${bindir}
+}
+
+do_install_ptest_append () {
+    install -d ${D}${PTEST_PATH}
+    sed -i -e 's/##PYTHON##/${PYTHON_PN}/g' ${D}${PTEST_PATH}/run-ptest
+    install -D ${S}/fail2ban-testcases-all-python3 ${D}${PTEST_PATH}
+}
+
+FILES_${PN} += "/run"
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME = "fail2ban-server"
+INITSCRIPT_PARAMS = "defaults 25"
+
+INSANE_SKIP_${PN}_append = "already-stripped"
+
+RDEPENDS_${PN} = "${VIRTUAL-RUNTIME_base-utils-syslog} iptables sqlite3 python3-core python3-pyinotify"
+RDEPENDS_${PN} += " python3-logging python3-fcntl python3-json"
+RDEPENDS_${PN}-ptest = "python3-core python3-io python3-modules python3-fail2ban"