-
fail2ban (0.8.13-1) unstable; urgency=low
* New upstream bug-fix release: but consider 0.9.0 (to be uploaded to
experimental)
* debian/jail:
- new jail definitions: apache-modsecurity, apache-nohome, freeswitch,
ejabberd-auth, ssh-blocklist, nagios
- new configuration option: ignorecommand
* debian/post{inst,rm},preinst:
- [thanks to Daniel Schaal]: take care about renaming config files
- firewall-cmd-direct-new.conf to firewallcmd-new.conf which happened
in 0.8.11-29-g56b6bf7
- lighttpd-fastcgi.conf to suhosin.conf and
sasl.conf to postfix-sasl.conf in the past 0.8.11 release
-- Yaroslav Halchenko <email address hidden> Tue, 18 Mar 2014 23:13:35 -0400
-
fail2ban (0.8.11-1) unstable; urgency=low
* Fresh upstream release
- this release tightens all shipped filters to preclude
possible injections leading to targetted DoS attacks.
- omitted entry for ~pre release changelog:
- asterisk filter was fixed (Closes: #719662),
- nginx filter/jail added (Closes: #668064)
- better detection of log rotation in polling backend (Closes: #696087)
- includes sever name (uname -n) into subject of sendmail actions
(Closes: #709196)
* debian/jail.conf
- dropbear jail: use dropbear filter (instead of ssh) and monitor
auth.log instead of non-existing /var/log/dropbear (Closes: #620760)
* debian/NEWS
- information for change of default iptables action to REJECT now
(Closes: #711463)
* debian/patches
- changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff
post-release change to support native proftpd date format which
includes milliseconds (Closes: #648276)
- changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff
absorbed upstream
-- Yaroslav Halchenko <email address hidden> Sun, 17 Nov 2013 17:29:06 -0500
-
fail2ban (0.8.10-3) unstable; urgency=low
* debian/jail.conf
- added "submission" (port 587) to all SMTP-related jails (Closes:
#714632). Thanks Tony den Haan for the report
-- Yaroslav Halchenko <email address hidden> Mon, 01 Jul 2013 14:36:24 -0400
-
fail2ban (0.8.10-1) unstable; urgency=high
* New upstream release
- addresses possible DoS for anyone enabling many of apache- filters
-- Yaroslav Halchenko <email address hidden> Wed, 12 Jun 2013 13:31:29 -0400
-
fail2ban (0.8.9-1) unstable; urgency=low
* New upstream release
- significant improvements in documentation (Closes: #400416)
- roundcube auth filter (Closes: #699442)
- enforces C locale for dates (Closes: #686341)
- provides bash_completion.d/fail2ban
* debian/jail.conf:
- added findtime and documentation on those basic options from jail.conf
(Closes: #704568)
- added new sample jails definitions for ssh-route, ssh-iptables-ipset{4,6},
roundcube-auth, sogo-auth, mysqld-auth
* debian/control:
- suggest system-log-daemon (Closes: #691001)
- boost policy compliance to 3.9.4
* debian/rules:
- run fail2ban's unittests at build time but ignore the failures
(there are still some known issues to fix up to guarantee robust testing
in clean chroots etc).
Only pyinotify was added to build-depends since gamin might still be
buggy on older releases and get stuck, which would complicate
backporting
-- Yaroslav Halchenko <email address hidden> Mon, 13 May 2013 11:58:56 -0400
-
fail2ban (0.8.6-3wheezy1) unstable; urgency=high
* CVE-2012-5642: Escape the content of <matches> since its value could
contain arbitrary symbols (Closes: #696184)
* Since package source format remained 1.0, manpages patch
(deb_manpages_reportbug) was not applied -- fold it into .diff.gz
-- Yaroslav Halchenko <email address hidden> Mon, 17 Dec 2012 13:19:32 -0500
