-
fail2ban (1.1.0-1) unstable; urgency=medium
* New upstream release
(LP: #2055114)
* Block ssh invalid keys too (Closes: #1038779)
* Follow upstream advice
https://github.com/fail2ban/fail2ban/issues/3292#issuecomment-2078361360
to only have sshd as enabled = true in jail.d_defaults-debian.conf
* Update lintian override info format in d/source/lintian-overrides on line 1-2.
* Update standards version to 4.6.2, no changes needed.
-- Sylvestre Ledru <email address hidden> Thu, 02 May 2024 13:57:06 +0200
-
fail2ban (1.0.2-3) unstable; urgency=medium
* Add banaction = nftables in the defaults-debian.conf default
see https://github.com/fail2ban/fail2ban/discussions/3575#discussioncomment-7045315
* Move python3-systemd as depend (Closes: #770171, #1037437)
* Add backend = systemd to jail.d/defaults-debian.conf
-- Sylvestre Ledru <email address hidden> Tue, 19 Sep 2023 13:55:20 +0200
-
fail2ban (1.0.2-2) unstable; urgency=medium
* Team upload.
[ Pirate Praveen ]
* Use systemd for correct /lib/systemd/system path (Closes: #1034230)
[ Jochen Sprickerhof ]
* Drop dependency on lsb-base. It is a transitional package to
sysvinit-utils which is essential.
-- Jochen Sprickerhof <email address hidden> Fri, 21 Apr 2023 21:54:48 +0200
-
fail2ban (1.0.2-1) unstable; urgency=medium
* New upstream release
-- Sylvestre Ledru <email address hidden> Wed, 09 Nov 2022 17:42:47 +0100
-
fail2ban (0.11.2-6) unstable; urgency=medium
* Cherry-pick upstream fix to fix a startup issue with Python 3.10
(LP: #1958505)
* Cherry-pick upstream fix for courier-auth (Closes: #1004466)
* ignore false positive
fail2ban: read-in-maintainer-script [postinst:41
-- Sylvestre Ledru <email address hidden> Thu, 10 Mar 2022 22:52:59 +0100
-
fail2ban (0.11.2-5) unstable; urgency=medium
* Revert the CVE-2021-32749 fix (Closes: #991449)
Debian bookworm has the mailutils version with the proper fix
-- Sylvestre Ledru <email address hidden> Thu, 20 Jan 2022 23:21:44 +0100
-
fail2ban (0.11.2-4) unstable; urgency=medium
* Cherry pick 5ac303df8a171f748330d4c645ccbf1c2c7f3497
to address the 2to3 issue.
Thanks to Paul Wise for digging
(Closes: #997601)
-- Sylvestre Ledru <email address hidden> Tue, 11 Jan 2022 09:12:57 +0100
-
fail2ban (0.11.2-3) unstable; urgency=medium
[ Debian Janitor ]
* Remove constraints unnecessary since stretch:
+ Build-Depends: Drop versioned constraint on debhelper.
* Bump debhelper from old 12 to 13.
* Update standards version to 4.5.1, no changes needed.
* Remove constraints unnecessary since buster:
+ fail2ban: Drop versioned constraint on lsb-base in Depends.
[ Sylvestre Ledru ]
* Fix the watch file
* Fix systemd-service-in-odd-location
lib/systemd/system/fail2ban.service => /usr/lib/systemd/system/fail2ban.service
* Fix the roundcube debian custom path (Closes: #988323)
Thanks to Kurt Fitzner for the patch
* Do not fail the postinst if chown/chmod are failing (Closes: #926237)
Thanks to Kim-Alexander Brodowski for the patch
* Adjust the systemd path from /var/run => /run
(Closes: #902413)
Thanks to Gabriel Filion for the patch
* Add support for scanlogd (taken from upstream)
(Closes: #983399)
* Standards-Version => 4.6.0
-- Sylvestre Ledru <email address hidden> Sat, 23 Oct 2021 16:09:47 +0200
-
fail2ban (0.11.2-2) unstable; urgency=high
* Fix a problem with mail
-- Sylvestre Ledru <email address hidden> Mon, 12 Jul 2021 06:52:40 +0200
-
fail2ban (0.11.2-1) unstable; urgency=medium
* New upstream release
Remove python-3.9.patch (merged upstream)
-- Sylvestre Ledru <email address hidden> Thu, 26 Nov 2020 13:47:53 +0100
-
fail2ban (0.11.1-4) unstable; urgency=medium
* Fix the copyright file (Closes: #975644)
* https for the Website field in Debian control
-- Sylvestre Ledru <email address hidden> Tue, 24 Nov 2020 17:13:04 +0100
-
fail2ban (0.11.1-3) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat.
* d/control: Update Maintainer field with new Debian Python Team
contact address.
* d/control: Update Vcs-* fields with new Debian Python Team Salsa
layout.
* d/watch: Use https protocol.
[ Sylvestre Ledru ]
* Fix the python 3.9 support (Closes: #975565)
* remove deprecated package dh-systemd from the build deps
(Closes: #958625)
* Fix day-of-week for changelog entry 0.5.4-2.
* Update watch file format version to 4.
* Bump debhelper from deprecated 9 to 12.
* Update standards version to 4.5.0, no changes needed.
-- Sylvestre Ledru <email address hidden> Mon, 23 Nov 2020 21:45:34 +0100
-
fail2ban (0.11.1-2) unstable; urgency=medium
* Do not rotate log if empty. Thanks to Ron Varburg for the patch
(Closes: #956681)
* Add Environment="PYTHONNOUSERSITE=yes" to the service file to avoid
fail2ban to read /root/.local/. Thanks to Russell Coker for the
investigation (Closes: #956177)
-- Sylvestre Ledru <email address hidden> Tue, 14 Apr 2020 11:44:23 +0200
-
fail2ban (0.11.1-1) unstable; urgency=medium
* Upload to unstable
-- Sylvestre Ledru <email address hidden> Mon, 02 Mar 2020 14:20:11 +0100
-
fail2ban (0.10.2-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Add patch from upstream to fix SyntaxError with Python 3.7. Closes: #902817
-- Mattia Rizzolo <email address hidden> Sun, 23 Sep 2018 20:14:23 +0200
-
fail2ban (0.10.2-2) unstable; urgency=medium
[ Arturo Borrero Gonzalez ]
* Recommend nftables as an alternative to iptables (Closes: #892472)
[ Yaroslav Halchenko ]
* debian/patches/deb_no_iptables_service (Closes: #871993)
- remove all non-existing services from PartOf of fail2ban.service.
Should resolve inability to restart firewalld (its .service is
left in PartOf) upon upgrades.
* debian/control
- B-Depend on python3-setuptools and dh-python
* debian/rules
- Fixed up hardcoded path to the .build-ed package for testing
-- Yaroslav Halchenko <email address hidden> Wed, 04 Apr 2018 00:47:53 -0400
-
fail2ban (0.10.2-1) unstable; urgency=medium
[ Yaroslav Halchenko ]
* New major upstream release (thanks to Ervin Hegedüs for help updating
packaging)
- Major performance improvements, especially in tests battery
execution, and shutdown (Closes: #878038)
- Incremental increase of bantime (Closes: #498164)
- IPv6 support (Closes: #881648, #470417)
- Some filters refactored/deprecated, e.g. to take advantage of new
filter option mode
- sshd-aggressive and sshd-ddos absorbed into sshd filter
(modes: normal, ddos, extra, or aggressive)
- postfix-rbl and postfix-sasl absorbed into postfix
(modes: more, normal, auth, rbl, ddos, extra, or aggressive)
- New actions: abuseipd, nginx-block-map
- New filters: phpmyadmin-syslog, zoneminder
* A number of new patches added to address failing tests from
https://github.com/fail2ban/fail2ban/pull/2025
* debian/control
- Boosted policy to 4.1.3
- sqlite3 is now needed for some tests, thus added to build-depends
and suggests
* debian/README.Debian
- Instructions on how to establish correct startup/shutdown sequence
in systemd for shorewall (Closes: #847728). Thanks Ben Coleman for the
final recipe
[ Viktor Szépe ]
* Install provided config for monit under /etc/monit/conf-available
(instead of /etc/monit/monitrc.d, location changed after monit 1:5.15-2)
-- Yaroslav Halchenko <email address hidden> Mon, 22 Jan 2018 10:38:19 -0500
-
fail2ban (0.9.7-2) unstable; urgency=medium
* Upload to unstable (Closes: #870651)
-- Yaroslav Halchenko <email address hidden> Thu, 03 Aug 2017 22:49:08 -0400
-
fail2ban (0.9.6-2) unstable; urgency=medium
* debian/patches/changeset_a639f0b083c213bde4ff3dcfbbb9fbcab0dd55f8.diff
to resolve occasional FTBFSs if tzdata is not available (Closes: #855920)
-- Yaroslav Halchenko <email address hidden> Mon, 17 Apr 2017 10:27:28 -0400
-
fail2ban (0.9.6-1) unstable; urgency=medium
* Fresh upstream release
- should resolve outstanding FTBFS (Closes: #835707)
-- Yaroslav Halchenko <email address hidden> Fri, 09 Dec 2016 09:37:54 -0500
-
fail2ban (0.9.5-1) unstable; urgency=medium
* Fresh upstream release
* debian/watch -- not using githubredir service any longer
-- Yaroslav Halchenko <email address hidden> Thu, 14 Jul 2016 21:37:03 -0400
-
fail2ban (0.9.4-1) unstable; urgency=medium
* Fresh upstream release.
Debian's release codename if-only-someone-helped-to-triage-DBTS
-- Yaroslav Halchenko <email address hidden> Mon, 07 Mar 2016 21:50:50 -0500
-
fail2ban (0.9.3-1) unstable; urgency=medium
* Fresh upstream release
* debian/control -- adjusted description to mention what Recommends
and Suggests are good for (Closes: #767114)
-- Yaroslav Halchenko <email address hidden> Fri, 31 Jul 2015 21:34:10 -0400
-
fail2ban (0.9.2-1) unstable; urgency=medium
* Fresh release to celebrate jessie release and upload to unstable
* Moved python3-systemd to Recommends from Suggests given that systemd is
the default init system now. Should help people upgrading on Ubuntu 15.04
as well
* Added regular python to Recommends since apache-fakegooglebot still python2
-- Yaroslav Halchenko <email address hidden> Wed, 29 Apr 2015 00:00:07 -0400
-
fail2ban (0.9.1-1) unstable; urgency=medium
* To become fresh upstream release (Closes: #742976)
- 0.9 series is quite a big leap in development, especially since 0.8.6
which made it to previous Debian stable wheezy. Please consult upstream
ChangeLog about changes
* debian/control
- boost policy to 3.9.6
-- Yaroslav Halchenko <email address hidden> Mon, 27 Oct 2014 21:52:56 -0400
-
fail2ban (0.8.13-1) unstable; urgency=low
* New upstream bug-fix release: but consider 0.9.0 (to be uploaded to
experimental)
* debian/jail:
- new jail definitions: apache-modsecurity, apache-nohome, freeswitch,
ejabberd-auth, ssh-blocklist, nagios
- new configuration option: ignorecommand
* debian/post{inst,rm},preinst:
- [thanks to Daniel Schaal]: take care about renaming config files
- firewall-cmd-direct-new.conf to firewallcmd-new.conf which happened
in 0.8.11-29-g56b6bf7
- lighttpd-fastcgi.conf to suhosin.conf and
sasl.conf to postfix-sasl.conf in the past 0.8.11 release
-- Yaroslav Halchenko <email address hidden> Tue, 18 Mar 2014 23:13:35 -0400
-
fail2ban (0.8.11-1) unstable; urgency=low
* Fresh upstream release
- this release tightens all shipped filters to preclude
possible injections leading to targetted DoS attacks.
- omitted entry for ~pre release changelog:
- asterisk filter was fixed (Closes: #719662),
- nginx filter/jail added (Closes: #668064)
- better detection of log rotation in polling backend (Closes: #696087)
- includes sever name (uname -n) into subject of sendmail actions
(Closes: #709196)
* debian/jail.conf
- dropbear jail: use dropbear filter (instead of ssh) and monitor
auth.log instead of non-existing /var/log/dropbear (Closes: #620760)
* debian/NEWS
- information for change of default iptables action to REJECT now
(Closes: #711463)
* debian/patches
- changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff
post-release change to support native proftpd date format which
includes milliseconds (Closes: #648276)
- changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff
absorbed upstream
-- Yaroslav Halchenko <email address hidden> Sun, 17 Nov 2013 17:29:06 -0500
-
fail2ban (0.8.11~pre1+git29-gccd2657-1) unstable; urgency=low
* Snapshot of the upcoming new release candidate
- improves dovecot (Closes: #709324), wuftpd (Closes: #665925)
failregex'es
- provides support for OpenSSH 6.3 (Closes: #722970)
* debian/watch
- restrict version matching only to numbers and period (to exclude
alpha releases of 0.9 series)
* debian/jail.conf
- slightly adjusted for changes in master (suhosin replaced
lighttpd-auth filer name, and postfix-sasl for sasl)
- added nginx-http-auth. More jails to be adopted from upsream.
-- Yaroslav Halchenko <email address hidden> Sun, 10 Nov 2013 12:16:51 -0800
-
fail2ban (0.8.10-3) unstable; urgency=low
* debian/jail.conf
- added "submission" (port 587) to all SMTP-related jails (Closes:
#714632). Thanks Tony den Haan for the report
-- Yaroslav Halchenko <email address hidden> Mon, 01 Jul 2013 14:36:24 -0400
-
fail2ban (0.8.10-1) unstable; urgency=high
* New upstream release
- addresses possible DoS for anyone enabling many of apache- filters
-- Yaroslav Halchenko <email address hidden> Wed, 12 Jun 2013 13:31:29 -0400
-
fail2ban (0.8.9-1) unstable; urgency=low
* New upstream release
- significant improvements in documentation (Closes: #400416)
- roundcube auth filter (Closes: #699442)
- enforces C locale for dates (Closes: #686341)
- provides bash_completion.d/fail2ban
* debian/jail.conf:
- added findtime and documentation on those basic options from jail.conf
(Closes: #704568)
- added new sample jails definitions for ssh-route, ssh-iptables-ipset{4,6},
roundcube-auth, sogo-auth, mysqld-auth
* debian/control:
- suggest system-log-daemon (Closes: #691001)
- boost policy compliance to 3.9.4
* debian/rules:
- run fail2ban's unittests at build time but ignore the failures
(there are still some known issues to fix up to guarantee robust testing
in clean chroots etc).
Only pyinotify was added to build-depends since gamin might still be
buggy on older releases and get stuck, which would complicate
backporting
-- Yaroslav Halchenko <email address hidden> Mon, 13 May 2013 11:58:56 -0400
-
fail2ban (0.8.6-3wheezy1) unstable; urgency=high
* CVE-2012-5642: Escape the content of <matches> since its value could
contain arbitrary symbols (Closes: #696184)
* Since package source format remained 1.0, manpages patch
(deb_manpages_reportbug) was not applied -- fold it into .diff.gz
-- Yaroslav Halchenko <email address hidden> Mon, 17 Dec 2012 13:19:32 -0500
-
fail2ban (0.8.6-3) unstable; urgency=low
* Added dovecot section to Debian's jail.conf. Thanks to Laurent
Léonard (Closes: #655182)
* init.d script now returns non-0 exit codes upon status command
with not running / failed to connect server. Thanks to
Glenn Aaldering for the patch
-- Yaroslav Halchenko <email address hidden> Sun, 08 Jan 2012 21:46:24 -0500
-
fail2ban (0.8.6-2) unstable; urgency=low
* Added pure-ftpd section to Debian's jail.conf. Thanks to Laurent
Léonard (Closes: #654412)
* Enhancement: action to use /proc/net/xt_recent and run f2b as a normal
user. Many many thanks to Zbyszek Szmek (Closes: #602016)
-- Yaroslav Halchenko <email address hidden> Tue, 03 Jan 2012 10:36:24 -0500
-
fail2ban (0.8.6-1) unstable; urgency=low
* [1efe1bc] Fresh upstream release (Closes: #648324)
* Boosted policy compliance to 3.9.2 -- no changes
* Adjusted debian/watch to fetch tarballs from github
-- Yaroslav Halchenko <email address hidden> Mon, 28 Nov 2011 22:27:18 -0500
-
fail2ban (0.8.5-2) unstable; urgency=low
* [5242e73] BF: (cherry-picked from upstream, DEP-3 yet TODO) Lock
server's executeCmd to prevent racing among iptables calls (Closes:
#554162) Many kudos go to Michael Saavedra for the patch
-- Yaroslav Halchenko <email address hidden> Fri, 23 Sep 2011 22:12:08 -0400
-
fail2ban (0.8.5-1) unstable; urgency=low
* [de95777] Fresh upstream release FAIL2BAN-0_8_5: - [00e1827] BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036) Thanks Marat Khayrullin for the patch and Daniel T Chen for forwarding to Debian. * [1cbdafc] Set backend to auto and recommends python-gamin (Closes: #524425) * [ef449f4] Added a note on diverting logrotate configuration for custom logtarget=SYSLOG (Closes: #631917). Thanks Kenyon Ralph for report -- Yaroslav Halchenko <email address hidden> Thu, 28 Jul 2011 23:20:55 -0400
-
fail2ban (0.8.4+svn20110323-1) unstable; urgency=low
* Fresh upstream snapshot which absorbed some of the patches from Debian and - [c6d64e9] debug entry for lines ignored due to falling below findtime (v2) - [fc20f12] Tai64N stores time in GMT, we need to convert to local time before returning - [b0331bb] default ignoreip to ignore entire loopback zone (/8) (Closes: #598200) - [b9f15f6] ENH: dovecot filter - [69165b1] ENH: add <chain> to action.d/iptables*. Thanks Matthijs Kooijman - [8330a20] ENH: make filter.d/apache-overflows.conf catch more (Closes: #574182) - [66cc6cb] BF: allow space in the trailing of failregex for sasl.conf (Closes: #573314) - [2714019] ENH: dropbear filter (Closes: #546913) - [ea7d352] BF: Use /var/run/fail2ban instead of /tmp for temp files in actions (Closes: #544232) * debian/jail.conf: - [bc8e22d] spellcheck (Closes: #598206). Thanks Christoph Anton Mitterer - [d7f3e23] adjusted description for sasl jail (Closes: #615952) - [92fb484] debian/jail.conf: closing " for protocol specification - [f828c31] debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599) * debian/control: - [858af30] slight rewordings of the long description (Closes: #588176) - [167dfd4] Boosted policy compliance version to 3.9.1 (no changes seems to be due) * [4e1e845] debian/copyright: updated copyright years -- Yaroslav Halchenko <email address hidden> Wed, 23 Mar 2011 17:04:56 -0400
-
fail2ban (0.8.4-3) unstable; urgency=low
* Commenting out named-refused-udp jail and providing even fatter
WARNING against using it (Closes: #583364)
* Merging upstream's commit for fixing missing import
-- Yaroslav Halchenko <email address hidden> Mon, 28 Jun 2010 21:50:20 -0400
-
fail2ban (0.8.4-2) unstable; urgency=low
* Merged few upstream patches (svn rev ) which fixed:
- Patch to make log file descriptors cloexec to stop leaking file
descriptors on fork/exec.
* debian/rules,control: -install-layout=deb for setup.py + python (>=
2.5.4-1~) to fix install with python2.6 (Closes: #571213).
* Boosted policy to 3.8.4 (no changes seems to be due).
-- Yaroslav Halchenko <email address hidden> Thu, 25 Feb 2010 00:17:07 -0500
-
fail2ban (0.8.4-1) unstable; urgency=low
* New upstream release. Fixes compatibility issue with python2.6
* Yet only in Debian fixes:
- escaping () in pure-ftpd. Thanks Teodor (Closes: #544744)
- use "set logtarget" instead of "reload" while logrotate. Thanks
J.M.Roth (Closes: #537773)
- be able to detect time for VNC recording only 2 letters of year
(Closes: #537610)
- proftpd filter: count all failed logins regardless of the reason
* Debian-specific changes:
- adjusted README.Debian - multiport is default (closes: #545971)
- Boosted policy to 3.8.3 (no changes seems to be due)
-- Yaroslav Halchenko <email address hidden> Thu, 10 Sep 2009 11:16:51 -0400
-
fail2ban (0.8.3-6) unstable; urgency=low
* Time to shake the ground with upload to unstable.
* Merged upstream's development as of SVN revision 732:
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis.
Tracker #2019714.
- Made the named-refused regex a bit less restrictive in order to match
logs with "view". Thanks to Stephen Gildea.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100%
correct fix but seems to work. Tracker #2500276.
- Changed <HOST> template to be more restrictive (closes: #514163).
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. (closes:
#513953).
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh
log (closes: #512193).
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav
Halchenko.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker
#2484115.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
(closes: #507990)
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
- Added nagios script. Thanks to Sebastian Mueller.
- Removed print.
- Removed begin-line anchor for "standard" timestamp (closes: #500824)
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef
Reichelt.
* Added a comment into Debian-shipped jail.conf about sasl logpath -- it
might preferable to monitor warn.log in case of postfix (To complete react
to #507990) (git branch up/fixes). Also added sasl example log file (git
branch up/log_examples).
* Removing minor bashism in ipmasq example file (closes: #530078).
Thanks Raphael Geissert (git branch up/ipmasq)
* Allow for trailing spaces in proftpd logs (closes: #507986)
(git branch up/fixes).
* Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
(git branch up/fixes).
* Adjusted Git-vcs field to point to git:// .
* Thanks lintian fixes:
- Boosted policy to 3.8.2 (no changes are due).
- Boosted debhelper compatibility to 5.
- Misspell in README.Debian
- Removing stale /var/run/fail2ban from dirs -- should be created by
init script
-- Yaroslav Halchenko <email address hidden> Thu, 09 Jul 2009 01:08:40 -0400
-
fail2ban (0.8.3-2sid1) unstable; urgency=low
* NF: adding unittests for previous commit
* BF: anchoring regex for IP with " *$" at the end + adjust regexp for
<HOST> (closes: #514163)
-- Yaroslav Halchenko <email address hidden> Thu, 05 Feb 2009 10:23:12 -0500
-
fail2ban (0.8.3-2) unstable; urgency=low
* BF in apache-noscript.conf - regexp matched in referer (Closes: #492319).
Thanks Bernd Zeimetz.
* BF: extended apache-noscript with additional regexp
-- Yaroslav Halchenko <email address hidden> Fri, 25 Jul 2008 13:33:56 -0400
