From 1071db2256e5a39e5b0cbbe3dc37434e378bbffb Mon Sep 17 00:00:00 2001
From: "Serg G. Brester" <github@sebres.de>
Date: Tue, 20 Sep 2016 00:00:26 +0200
Subject: [PATCH 1/2] filter.py: easy-fix to use sha1 instead of md5 if its
 usage prohibited by some systems following strict standards (like FIPS)

closes gh-1540
---
 fail2ban/server/filter.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py
index b2031096..459a47d0 100644
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@@ -742,7 +742,12 @@ class FileFilter(Filter):
 
 try:
 	import hashlib
-	md5sum = hashlib.md5
+	try:
+		md5sum = hashlib.md5
+		# try to use it (several standards like FIPS forbid it):
+		md5sum(' ').hexdigest()
+	except: # pragma: no cover
+		md5sum = hashlib.sha1
 except ImportError: # pragma: no cover
 	# hashlib was introduced in Python 2.5.  For compatibility with those
 	# elderly Pythons, import from md5

From 0f1d1a0d4d4943317b8b5d1457b29c93a7a37dc8 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Wed, 21 Sep 2016 09:22:18 +0200
Subject: [PATCH 2/2] ChangeLog: FIPS compliant

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index ff68bab8..c46e795e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@ releases.
 * Fixed test case "testSetupInstallRoot" for not default python version (also
   using direct call, out of virtualenv);
 * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
+* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
 * `filter.d/asterisk.conf`
     - Fixed to match different asterisk log prefix (source file: method:)
 * `filter.d/ignorecommands/apache-fakegooglebot`