2012-12-06 17:46:44 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Dec 6 15:32:02 UTC 2012 - jweberhofer@weberhofer.at
|
|
|
|
|
|
|
|
|
|
One of the important changes is escaping of the <matches> content -- so if you
|
|
|
|
|
crafted some custom action which uses it -- you must upgrade, or you
|
|
|
|
|
would be at a significant security risk.
|
|
|
|
|
|
|
|
|
|
- Fixes:
|
|
|
|
|
Alan Jenkins
|
|
|
|
|
* [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid
|
|
|
|
|
banning due to misconfigured DNS. Close gh-64
|
|
|
|
|
Yaroslav Halchenko
|
|
|
|
|
* [83109bc] IMPORTANT: escape the content of <matches> (if used in
|
|
|
|
|
custom action files) since its value could contain arbitrary
|
|
|
|
|
symbols. Thanks for discovery go to the NBS System security
|
|
|
|
|
team
|
|
|
|
|
* [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close gh-83
|
|
|
|
|
* [b159eab] do not enable pyinotify backend if pyinotify < 0.8.3
|
|
|
|
|
* [37a2e59] store IP as a base, non-unicode str to avoid spurious messages
|
|
|
|
|
in the console. Close gh-91
|
|
|
|
|
|
|
|
|
|
- New features:
|
|
|
|
|
David Engeset
|
|
|
|
|
* [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching
|
|
|
|
|
the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86
|
|
|
|
|
|
|
|
|
|
- Enhancements:
|
|
|
|
|
* [2d66f31] replaced uninformative "Invalid command" message with warning log
|
|
|
|
|
exception why command actually failed
|
|
|
|
|
* [958a1b0] improved failregex to "support" auth.backend = "htdigest"
|
|
|
|
|
* [9e7a3b7] until we make it proper module -- adjusted sys.path only if
|
|
|
|
|
system-wide run
|
|
|
|
|
* [f52ba99] downgraded "already banned" from WARN to INFO level. Closes gh-79
|
|
|
|
|
* [f105379] added hints into the log on some failure return codes (e.g. 0x7f00
|
|
|
|
|
for this gh-87)
|
|
|
|
|
* Various others: travis-ci integration, script to run tests
|
|
|
|
|
against all available Python versions, etc
|
|
|
|
|
|
2012-12-04 10:00:14 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 3 16:06:56 UTC 2012 - jweberhofer@weberhofer.at
|
|
|
|
|
|
|
|
|
|
- Fixed initscript as discussed in bnc#790557
|
|
|
|
|
|
2012-10-03 11:45:50 +02:00
|
|
|
-------------------------------------------------------------------
|
2012-10-03 11:53:53 +02:00
|
|
|
Wed Oct 3 09:53:40 UTC 2012 - meissner@suse.com
|
|
|
|
|
|
|
|
|
|
- use Source URL pointing to github
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2012-10-03 11:45:50 +02:00
|
|
|
Tue Oct 2 12:09:08 UTC 2012 - jweberhofer@weberhofer.at
|
|
|
|
|
|
|
|
|
|
- Do not longer replace main config-files
|
|
|
|
|
- Use variables for directories in spec file
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 2 10:48:24 UTC 2012 - jweberhofer@weberhofer.at
|
|
|
|
|
|
|
|
|
|
- Added dependencies to python-pyinotifyi, python-gamin and iptables
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 2 08:09:20 UTC 2012 - jweberhofer@weberhofer.at
|
|
|
|
|
|
|
|
|
|
- Upgraded to version 0.8.7.1
|
|
|
|
|
|
|
|
|
|
- Yaroslav Halchenko
|
|
|
|
|
* [e9762f3] Removed sneaked in comment on sys.path.insert
|
|
|
|
|
Tom Hendrikx & Jeremy Olexa
|
|
|
|
|
* [0eaa4c2,444e4ac] Fix Gentoo init script: $opts variable is deprecated.
|
|
|
|
|
See http://forums.gentoo.org/viewtopic-t-899018.html
|
|
|
|
|
- Chris Reffett
|
|
|
|
|
* [a018a26] Fixed addBannedIP to add enough failures to trigger a ban,
|
|
|
|
|
rather than just one failure.
|
|
|
|
|
- Yaroslav Halchenko
|
|
|
|
|
* [4c76fb3] allow trailing white-spaces in lighttpd-auth.conf
|
|
|
|
|
* [25f1e8d] allow trailing whitespace in few missing it regexes for sshd.conf
|
|
|
|
|
* [ed16ecc] enforce "ip" field returned as str, not unicode so that log
|
|
|
|
|
message stays non-unicode. Close gh-32
|
|
|
|
|
* [b257be4] added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if
|
|
|
|
|
already present in the pattern
|
|
|
|
|
* [47e956b] replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul to be
|
|
|
|
|
friend to developers stuck with Windows (Closes gh-66)
|
|
|
|
|
* [80b191c] anchor grep regexp in actioncheck to not match partial names
|
|
|
|
|
of the jails (Closes: #672228) (Thanks Szépe Viktor for the report)
|
|
|
|
|
- New features:
|
|
|
|
|
- François Boulogne
|
|
|
|
|
* [a7cb20e..] add lighttpd-auth filter/jail
|
|
|
|
|
- Lee Clemens & Yaroslav Halchenko
|
|
|
|
|
* [e442503] pyinotify backend (default if backend='auto' and pyinotify
|
|
|
|
|
is available)
|
|
|
|
|
* [d73a71f,3989d24] usedns parameter for the jails to allow disabling
|
|
|
|
|
use of DNS
|
|
|
|
|
- Tom Hendrikx
|
|
|
|
|
* [f94a121..] 'recidive' filter/jail to monitor fail2ban.conf to ban
|
|
|
|
|
repeated offenders. Close gh-19
|
|
|
|
|
- Xavier Devlamynck
|
|
|
|
|
* [7d465f9..] Add asterisk support
|
|
|
|
|
- Zbigniew Jedrzejewski-Szmek
|
|
|
|
|
* [de502cf..] allow running fail2ban as non-root user (disabled by
|
|
|
|
|
default) via xt_recent. See doc/run-rootless.txt
|
|
|
|
|
- Enhancements
|
|
|
|
|
- Lee Clemens
|
|
|
|
|
* [47c03a2] files/nagios - spelling/grammar fixes
|
|
|
|
|
* [b083038] updated Free Software Foundation's address
|
|
|
|
|
* [9092a63] changed TLDs to invalid domains, in accordance with RFC 2606
|
|
|
|
|
* [642d9af,3282f86] reformated printing of jail's name to be consistent
|
|
|
|
|
with init's info messages
|
|
|
|
|
* [3282f86] uniform use of capitalized Jail in the messages
|
|
|
|
|
- Leonardo Chiquitto
|
|
|
|
|
* [4502adf] Fix comments in dshield.conf and mynetwatchman.conf
|
|
|
|
|
to reflect code
|
|
|
|
|
* [a7d47e8] Update Free Software Foundation's address
|
|
|
|
|
- Petr Voralek
|
|
|
|
|
* [4007751] catch failed ssh logins due to being listed in DenyUsers.
|
|
|
|
|
Close gh-47 (Closes: #669063)
|
|
|
|
|
- Yaroslav Halchenko
|
|
|
|
|
* [MANY] extended and robustified unittests: test different backends
|
|
|
|
|
* [d9248a6] refactored Filter's to avoid duplicate functionality
|
|
|
|
|
* [7821174] direct users to issues on github
|
|
|
|
|
* [d2ffee0..] re-factored fail2ban-regex -- more condensed output by
|
|
|
|
|
default with -v to control verbosity
|
|
|
|
|
* [b4099da] adjusted header for config/*.conf to mention .local and way
|
|
|
|
|
to comment (Thanks Stefano Forli for the note)
|
|
|
|
|
* [6ad55f6] added failregex for wu-ftpd to match against syslog instead
|
|
|
|
|
of DoS-prone auth.log's rhost (Closes: #514239)
|
|
|
|
|
* [2082fee] match possibly present "pam_unix(sshd:auth):" portion for
|
|
|
|
|
sshd filter (Closes: #648020)
|
|
|
|
|
- Yehuda Katz & Yaroslav Halchenko
|
|
|
|
|
* [322f53e,bd40cc7] ./DEVELOP -- documentation for developers
|
|
|
|
|
|
2012-08-07 09:33:36 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jul 31 16:18:11 CEST 2012 - asemen@suse.de
|
|
|
|
|
|
|
|
|
|
- Adding to fail2ban.init remove of pid and sock files on stop
|
|
|
|
|
in case not removed before (prevents start fail)
|
|
|
|
|
|
2011-11-23 17:46:37 +01:00
|
|
|
-------------------------------------------------------------------
|
2012-06-03 19:51:16 +02:00
|
|
|
Sun Jun 3 13:08:36 UTC 2012 - jweberhofer@weberhofer.at
|
|
|
|
|
|
|
|
|
|
- Update to version 0.8.6. containing various fixes and enhancements
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2011-11-23 17:46:37 +01:00
|
|
|
Fri Nov 18 22:04:03 UTC 2011 - lchiquitto@suse.com
|
|
|
|
|
|
|
|
|
|
- Update to version 0.8.5: many bug fixes, enhancements and, as
|
|
|
|
|
a bonus, drop two patches that are now upstream
|
|
|
|
|
- Update FSF address to silent rpmlint warnings
|
|
|
|
|
- Drop stale socket files on startup (bnc#537239, bnc#730044)
|
|
|
|
|
|
2011-09-21 17:41:41 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- Apply packaging guidelines (remove redundant/obsolete
|
|
|
|
|
tags/sections from specfile, etc.)
|
|
|
|
|
|
2011-09-01 16:09:21 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Sep 1 14:07:28 UTC 2011 - coolo@suse.com
|
|
|
|
|
|
2011-11-23 17:46:37 +01:00
|
|
|
- Use /var/run/fail2ban instead of /tmp for temp files in
|
2011-09-01 16:09:21 +02:00
|
|
|
actions: see bugs.debian.org/544232, bnc#690853,
|
|
|
|
|
CVE-2009-5023
|
|
|
|
|
|
2010-08-02 11:47:24 +02:00
|
|
|
-------------------------------------------------------------------
|
2011-11-23 17:46:37 +01:00
|
|
|
Thu Jan 6 16:56:30 UTC 2011 - lchiquitto@suse.com
|
2011-01-07 14:28:41 +01:00
|
|
|
|
|
|
|
|
- Use $FAIL2BAN_OPTIONS when starting (bnc#662495)
|
|
|
|
|
- Clean up sysconfig file
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2010-08-02 11:47:24 +02:00
|
|
|
Tue Jul 27 20:39:41 UTC 2010 - cristian.rodriguez@opensuse.org
|
|
|
|
|
|
2011-11-23 17:46:37 +01:00
|
|
|
- Use O_CLOEXEC on fds (patch from Fedora)
|
2010-08-02 11:47:24 +02:00
|
|
|
|
2010-05-07 16:09:42 +02:00
|
|
|
-------------------------------------------------------------------
|
2011-11-23 17:46:37 +01:00
|
|
|
Wed May 5 16:48:46 UTC 2010 - lchiquitto@suse.com
|
2010-05-07 16:09:42 +02:00
|
|
|
|
|
|
|
|
- Create /var/run/fail2ban during startup to support systems that
|
|
|
|
|
mount /var/run as tmpfs
|
|
|
|
|
- Build package as noarch
|
|
|
|
|
- Spec file cleanup: fix a couple of rpmlint warnings
|
|
|
|
|
- Init script: look for fail2ban-server when checking if the
|
|
|
|
|
daemon is running
|
|
|
|
|
|
2010-01-12 15:46:47 +01:00
|
|
|
-------------------------------------------------------------------
|
2011-11-23 17:46:37 +01:00
|
|
|
Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.com
|
2010-01-12 15:46:47 +01:00
|
|
|
|
|
|
|
|
- Update to version 0.8.4. Important changes:
|
|
|
|
|
* New "Ban IP" command
|
|
|
|
|
* New filters: lighttpd-fastcgi php-url-fopen cyrus-imap sieve
|
|
|
|
|
* Fixed the 'unexpected communication error' problem
|
|
|
|
|
* Remove socket file on startup if fail2ban crashed (bnc#537239)
|
2011-11-23 17:46:37 +01:00
|
|
|
|
2009-02-11 04:32:18 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 4 18:19:39 CET 2009 - kssingvo@suse.de
|
|
|
|
|
|
2010-01-12 15:46:47 +01:00
|
|
|
- Initial version: 0.8.3
|
2009-02-11 04:32:18 +01:00
|
|
|
|
