fail2ban/fail2ban.changes

-------------------------------------------------------------------
Tue May 28 06:46:54 UTC 2013 - jweberhofer@weberhofer.at

- Included logrotate configuration for fail2ban

-------------------------------------------------------------------
Tue May 14 10:06:35 UTC 2013 - jweberhofer@weberhofer.at

- Init-Script does no longer require $syslog to be started as file-base logging
  is the default. Synced with Debian script.

- Upgrade to version 0.8.9

- Fixes: Yaroslav Halchenko
   * [6f4dad46] python-2.4 is the minimal version.
   * [1eb23cf8] do not rely on scripts being under /usr -- might differ e.g.
     on Fedora. Closes gh-112. Thanks to Camusensei for the bug report.
   * [bf4d4af1] Changes for atomic writes. Thanks to Steven Hiscocks for
     insight. Closes gh-103.
   * [ab044b75] delay check for the existence of config directory until read.
   * [3b4084d4] fixing up for handling of TAI64N timestamps.
   * [154aa38e] do not shutdown logging until all jails stop.
   * [f2156604] pyinotify -- monitor IN_MOVED_TO events. Closes gh-184.
     Thanks to Jon Foster for report and troubleshooting.
  Orion Poplawski
   * [e4aedfdc00] pyinotify - use bitwise op on masks and do not try tracking
     newly created directories.
  Nicolas Collignon
   * [39667ff6] Avoid leaking file descriptors. Closes gh-167.
  Sergey Brester
   * [b6bb2f88 and d17b4153] invalid date recognition, irregular because of
     sorting template list.
  Steven Hiscocks
   * [7a442f07] When changing log target with python2.{4,5} handle KeyError.
     Closes gh-147, gh-148.
   * [b6a68f51] Fix delaction on server side. Closes gh-124.
  Daniel Black
   * [f0610c01] Allow more that a one word command when changing and Action via
     the fail2ban-client. Closes gh-134.
   * [945ad3d9] Fix dates on email actions to work in different locals. Closes
     gh-70. Thanks to iGeorgeX for the idea.
  blotus
   * [96eb8986] ' and " should also be escaped in action tags Closes gh-109
  Christoph Theis, Nick Hilliard, Daniel Black
   * [b3bd877d,cde71080] Make syslog -v and syslog -vv formats work on FreeBSD
- New features:
  Yaroslav Halchenko
   * [9ba27353] Add support for jail.d/{confilefile} and fail2ban.d/{configfile}
     to provide additional flexibility to system adminstrators. Thanks to
     beilber for the idea. Closes gh-114.
   * [3ce53e87] Add exim filter.
  Erwan Ben Souiden
   * [d7d5228] add nagios integration documentation and script to ensure
     fail2ban is running. Closes gh-166.
  Artur Penttinen
   * [29d0df5] Add mysqld filter. Closes gh-152.
  ArndRaphael Brandes
   * [bba3fd8] Add Sogo filter. Closes gh-117.
  Michael Gebetsriother
   * [f9b78ba] Add action route to block at routing level.
  Teodor Micu & Yaroslav Halchenko
   * [5f2d383] Add roundcube auth filter. Closes Debian bug #699442.
  Daniel Black
   * [be06b1b] Add action for iptables-ipsets. Closes gh-102.
  Nick Munger, Ken Menzel, Daniel Black, Christoph Theis & Fabian Wenk
   * [b6d0e8a] Add and enhance the bsd-ipfw action from
     FreeBSD ports.
  Soulard Morgan
   * [f336d9f] Add filter for webmin. Closes gh-99.
  Steven Hiscocks
   * [..746c7d9] bash interactive shell completions for fail2ban-*'s
  Nick Hilliard
   * [0c5a9c5] Add pf action.
- Enhancements:
  Enrico Labedzki
   * [24a8d07] Added new date format for ASSP SMTP Proxy.
  Steven Hiscocks
   * [3d6791f] Ensure restart of Actions after a check fails occurs
     consistently. Closes gh-172.
   * [MANY] Improvements to test cases, travis, and code coverage (coveralls).
   * [b36835f] Add get cinfo to fail2ban-client. Closes gh-124.
   * [ce3ab34] Added ability to specify PID file.
  Orion Poplawski
   * [ddebcab] Enhance fail2ban.service definition dependencies and Pidfile.
     Closes gh-142.
  Yaroslav Halchenko
   * [MANY] Lots of improvements to log messages, man pages and test cases.
   * [91d5736] Postfix filter improvements - empty helo, from and rcpt to.
     Closes gh-126. Bug report by Michael Heuberger.
   * [40c5a2d] adding more of diagnostic messages into -client while starting
     the daemon.
   * [8e63d4c] Compare against None with 'is' instead of '=='.
   * [6fef85f] Strip CR and LF while analyzing the log line
  Daniel Black
   * [3aeb1a9] Add jail.conf manual page. Closes gh-143.
   * [MANY] man page edits.
   * [7cd6dab] Added help command to fail2ban-client.
   * [c8c7b0b,23bbc60] Better logging of log file read errors.
   * [3665e6d] Added code coverage to development process.
   * [41b9f7b,32d10e9,39750b8] More complete ssh filter rules to match openssh
     source. Also include BSD changes.
   * [1d9abd1] Action files can have tags in definition that refer to other
     tags.
   * [10886e7,cec5da2,adb991a] Change actions to response with ICMP port
     unreachable rather than just a drop of the packet.
  Pascal Borreli
   * [a2b29b4] Fixed lots of typos in config files and documentation.
  hamilton5
   * [7ede1e8] Update dovecot filter config.
  Romain Riviere
   * [0ac8746] Enhance named-refused filter for views.
  James Stout
   * [..2143cdf] Solaris support enhancements:
     - README.Solaris
     - failregex'es tune ups (sshd.conf)
     - hostsdeny: do not rely on support of '-i' in sed

-------------------------------------------------------------------
Thu Dec  6 15:32:02 UTC 2012 - jweberhofer@weberhofer.at

One of the important changes is escaping of the <matches> content -- so if you
crafted some custom action which uses it -- you must upgrade, or you
would be at a significant security risk.

- Fixes:
  Alan Jenkins
   * [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid
     banning due to misconfigured DNS. Close gh-64
  Yaroslav Halchenko
   * [83109bc] IMPORTANT: escape the content of <matches> (if used in
     custom action files) since its value could contain arbitrary
     symbols.  Thanks for discovery go to the NBS System security
     team
   * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close gh-83
   * [b159eab] do not enable pyinotify backend if pyinotify < 0.8.3
   * [37a2e59] store IP as a base, non-unicode str to avoid spurious messages
     in the console. Close gh-91

- New features:
  David Engeset
   * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching
     the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86

- Enhancements:
   * [2d66f31] replaced uninformative "Invalid command" message with warning log
     exception why command actually failed
   * [958a1b0] improved failregex to "support" auth.backend = "htdigest"
   * [9e7a3b7] until we make it proper module -- adjusted sys.path only if
     system-wide run
   * [f52ba99] downgraded "already banned" from WARN to INFO level. Closes gh-79
   * [f105379] added hints into the log on some failure return codes (e.g. 0x7f00
     for this gh-87)
   * Various others: travis-ci integration, script to run tests
     against all available Python versions, etc

-------------------------------------------------------------------
Mon Dec  3 16:06:56 UTC 2012 - jweberhofer@weberhofer.at

- Fixed initscript as discussed in bnc#790557

-------------------------------------------------------------------
Wed Oct  3 09:53:40 UTC 2012 - meissner@suse.com

- use Source URL pointing to github

-------------------------------------------------------------------
Tue Oct  2 12:09:08 UTC 2012 - jweberhofer@weberhofer.at

- Do not longer replace main config-files
- Use variables for directories in spec file

-------------------------------------------------------------------
Tue Oct  2 10:48:24 UTC 2012 - jweberhofer@weberhofer.at

- Added dependencies to python-pyinotifyi, python-gamin and iptables

-------------------------------------------------------------------
Tue Oct  2 08:09:20 UTC 2012 - jweberhofer@weberhofer.at

- Upgraded to version 0.8.7.1

- Yaroslav Halchenko
  * [e9762f3] Removed sneaked in comment on sys.path.insert
    Tom Hendrikx & Jeremy Olexa
  * [0eaa4c2,444e4ac] Fix Gentoo init script: $opts variable is deprecated.
    See http://forums.gentoo.org/viewtopic-t-899018.html
- Chris Reffett
  * [a018a26] Fixed addBannedIP to add enough failures to trigger a ban,
    rather than just one failure.
- Yaroslav Halchenko
  * [4c76fb3] allow trailing white-spaces in lighttpd-auth.conf
  * [25f1e8d] allow trailing whitespace in few missing it regexes for sshd.conf
  * [ed16ecc] enforce "ip" field returned as str, not unicode so that log
    message stays non-unicode. Close gh-32
  * [b257be4] added %m-%d-%Y pattern + do not add %Y for Feb 29 fix if
    already present in the pattern
  * [47e956b] replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul to be
    friend to developers stuck with Windows (Closes gh-66)
  * [80b191c] anchor grep regexp in actioncheck to not match partial names
    of the jails (Closes: #672228) (Thanks Szépe Viktor for the report)
- New features:
- François Boulogne
  * [a7cb20e..] add lighttpd-auth filter/jail
- Lee Clemens & Yaroslav Halchenko
  * [e442503] pyinotify backend (default if backend='auto' and pyinotify
    is available)
  * [d73a71f,3989d24] usedns parameter for the jails to allow disabling
    use of DNS
- Tom Hendrikx
  * [f94a121..] 'recidive' filter/jail to monitor fail2ban.conf to ban
    repeated offenders. Close gh-19
- Xavier Devlamynck
  * [7d465f9..] Add asterisk support
- Zbigniew Jedrzejewski-Szmek
  * [de502cf..] allow running fail2ban as non-root user (disabled by
    default) via xt_recent. See doc/run-rootless.txt
- Enhancements
- Lee Clemens
  * [47c03a2] files/nagios - spelling/grammar fixes
  * [b083038] updated Free Software Foundation's address
  * [9092a63] changed TLDs to invalid domains, in accordance with RFC 2606
  * [642d9af,3282f86] reformated printing of jail's name to be consistent
    with init's info messages
  * [3282f86] uniform use of capitalized Jail in the messages
- Leonardo Chiquitto
  * [4502adf] Fix comments in dshield.conf and mynetwatchman.conf
    to reflect code
  * [a7d47e8] Update Free Software Foundation's address
- Petr Voralek
  * [4007751] catch failed ssh logins due to being listed in DenyUsers.
    Close gh-47 (Closes: #669063)
- Yaroslav Halchenko
  * [MANY]    extended and robustified unittests: test different backends
  * [d9248a6] refactored Filter's to avoid duplicate functionality
  * [7821174] direct users to issues on github
  * [d2ffee0..] re-factored fail2ban-regex -- more condensed output by
    default with -v to control verbosity
  * [b4099da] adjusted header for config/*.conf to mention .local and way
    to comment (Thanks Stefano Forli for the note)
  * [6ad55f6] added failregex for wu-ftpd to match against syslog instead
    of DoS-prone auth.log's rhost (Closes: #514239)
  * [2082fee] match possibly present "pam_unix(sshd:auth):" portion for
    sshd filter (Closes: #648020)
- Yehuda Katz & Yaroslav Halchenko
  * [322f53e,bd40cc7] ./DEVELOP -- documentation for developers

-------------------------------------------------------------------
Tue Jul 31 16:18:11 CEST 2012 - asemen@suse.de

- Adding to fail2ban.init remove of pid and sock files on stop 
  in case not removed before (prevents start fail)

-------------------------------------------------------------------
Sun Jun  3 13:08:36 UTC 2012 - jweberhofer@weberhofer.at

- Update to version 0.8.6. containing various fixes and enhancements

-------------------------------------------------------------------
Fri Nov 18 22:04:03 UTC 2011 - lchiquitto@suse.com

- Update to version 0.8.5: many bug fixes, enhancements and, as
  a bonus, drop two patches that are now upstream
- Update FSF address to silent rpmlint warnings
- Drop stale socket files on startup (bnc#537239, bnc#730044)

-------------------------------------------------------------------
Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de

- Apply packaging guidelines (remove redundant/obsolete
  tags/sections from specfile, etc.)

-------------------------------------------------------------------
Thu Sep  1 14:07:28 UTC 2011 - coolo@suse.com

- Use /var/run/fail2ban instead of /tmp for temp files in
  actions: see bugs.debian.org/544232, bnc#690853,
  CVE-2009-5023

-------------------------------------------------------------------
Thu Jan  6 16:56:30 UTC 2011 - lchiquitto@suse.com

- Use $FAIL2BAN_OPTIONS when starting (bnc#662495)
- Clean up sysconfig file

-------------------------------------------------------------------
Tue Jul 27 20:39:41 UTC 2010 - cristian.rodriguez@opensuse.org

- Use O_CLOEXEC on fds (patch from Fedora)

-------------------------------------------------------------------
Wed May  5 16:48:46 UTC 2010 - lchiquitto@suse.com

- Create /var/run/fail2ban during startup to support systems that
  mount /var/run as tmpfs
- Build package as noarch
- Spec file cleanup: fix a couple of rpmlint warnings
- Init script: look for fail2ban-server when checking if the
  daemon is running

-------------------------------------------------------------------
Thu Nov 26 16:05:42 CET 2009 - lchiquitto@suse.com

- Update to version 0.8.4. Important changes:
  * New "Ban IP" command
  * New filters: lighttpd-fastcgi php-url-fopen cyrus-imap sieve
  * Fixed the 'unexpected communication error' problem
  * Remove socket file on startup if fail2ban crashed (bnc#537239)

-------------------------------------------------------------------
Wed Feb  4 18:19:39 CET 2009 - kssingvo@suse.de

- Initial version: 0.8.3