fail2ban (1.0.2-3) unstable; urgency=medium . * Add banaction = nftables in the defaults-debian.conf default see https://github.com/fail2ban/fail2ban/discussions/3575#discussioncomment-7045315 * Move python3-systemd as depend (Closes: #770171, #1037437) * Add backend = systemd to jail.d/defaults-debian.conf fail2ban (1.0.2-2) unstable; urgency=medium . * Team upload. . [ Pirate Praveen ] * Use systemd for correct /lib/systemd/system path (Closes: #1034230) . [ Jochen Sprickerhof ] * Drop dependency on lsb-base. It is a transitional package to sysvinit-utils which is essential. fail2ban (1.0.2-1) unstable; urgency=medium . * New upstream release fail2ban (1.0.1-1~exp1) experimental; urgency=medium . [ Bastian Germann ] [ Gioele Barabucci ] * d/post{inst,rm},preinst: Remove code for ancient versions . [ Debian Janitor ] * debian/watch: Use GitHub /tags rather than /releases page. * Update standards version to 4.6.1, no changes needed. . [ Sylvestre Ledru ] * New upstream release * Fix debian/watch * Remove a bunch of patches (merged upstream) fail2ban (0.11.2-6) unstable; urgency=medium . * Cherry-pick upstream fix to fix a startup issue with Python 3.10 (LP: #1958505) * Cherry-pick upstream fix for courier-auth (Closes: #1004466) * ignore false positive fail2ban: read-in-maintainer-script [postinst:41 fail2ban (0.11.2-5) unstable; urgency=medium . * Revert the CVE-2021-32749 fix (Closes: #991449) Debian bookworm has the mailutils version with the proper fix fail2ban (0.11.2-4) unstable; urgency=medium . * Cherry pick 5ac303df8a171f748330d4c645ccbf1c2c7f3497 to address the 2to3 issue. Thanks to Paul Wise for digging (Closes: #997601) fail2ban (0.11.2-3) unstable; urgency=medium . [ Debian Janitor ] * Remove constraints unnecessary since stretch: + Build-Depends: Drop versioned constraint on debhelper. * Bump debhelper from old 12 to 13. * Update standards version to 4.5.1, no changes needed. * Remove constraints unnecessary since buster: + fail2ban: Drop versioned constraint on lsb-base in Depends. . [ Sylvestre Ledru ] * Fix the watch file * Fix systemd-service-in-odd-location lib/systemd/system/fail2ban.service => /usr/lib/systemd/system/fail2ban.service * Fix the roundcube debian custom path (Closes: #988323) Thanks to Kurt Fitzner for the patch * Do not fail the postinst if chown/chmod are failing (Closes: #926237) Thanks to Kim-Alexander Brodowski for the patch * Adjust the systemd path from /var/run => /run (Closes: #902413) Thanks to Gabriel Filion for the patch * Add support for scanlogd (taken from upstream) (Closes: #983399) * Standards-Version => 4.6.0 fail2ban (0.11.2-2) unstable; urgency=high . * Fix a problem with mail fail2ban (0.11.2-1) unstable; urgency=medium . * New upstream release Remove python-3.9.patch (merged upstream) fail2ban (0.11.1-4) unstable; urgency=medium . * Fix the copyright file (Closes: #975644) * https for the Website field in Debian control fail2ban (0.11.1-3) unstable; urgency=medium . [ Ondřej Nový ] * Use debhelper-compat instead of debian/compat. * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. * d/watch: Use https protocol. . [ Sylvestre Ledru ] * Fix the python 3.9 support (Closes: #975565) * remove deprecated package dh-systemd from the build deps (Closes: #958625) * Fix day-of-week for changelog entry 0.5.4-2. * Update watch file format version to 4. * Bump debhelper from deprecated 9 to 12. * Update standards version to 4.5.0, no changes needed. fail2ban (0.11.1-2) unstable; urgency=medium . * Do not rotate log if empty. Thanks to Ron Varburg for the patch (Closes: #956681) * Add Environment="PYTHONNOUSERSITE=yes" to the service file to avoid fail2ban to read /root/.local/. Thanks to Russell Coker for the investigation (Closes: #956177) fail2ban (0.11.1-1) unstable; urgency=medium . * Upload to unstable fail2ban (0.11.1-1~exp3) experimental; urgency=medium . * Add myself to the list of uploaders * nftables is now more important than iptables. Update of the priority and doc (Closes: #946257) * Trim trailing whitespace. * Fix package-installs-into-obsolete-dir Install bash_completion script in usr/share/bash-completion/completions * Remove patches neurodebian-backport.series, neurodebian_use_python2, saucy-dsc-patch, trusty-dsc-patch, utopic-dsc-patch, wheezy-dsc- patch that are missing from debian/patches/series. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. fail2ban (0.11.1-1~exp2) experimental; urgency=medium . * Run the testsuite for real fail2ban (0.11.1-1~exp1) experimental; urgency=medium . [ Sylvestre Ledru ] * New upstream release (Closes: #922539) * Import fail2ban in the Debian Python Umbrella (Closes: #947926) * Remove the old dep to Python (Closes: #945670) * Run ./fail2ban-2to3 as part of the build to be Python 3 ready * Update to SV: 4.4.1 . [ Jelmer Vernooij ] * Use secure URI in Vcs control header. fail2ban (0.10.2-2.1) unstable; urgency=medium . * Non-maintainer upload. * Add patch from upstream to fix SyntaxError with Python 3.7. Closes: #902817 fail2ban (0.10.2-2) unstable; urgency=medium . [ Arturo Borrero Gonzalez ] * Recommend nftables as an alternative to iptables (Closes: #892472) . [ Yaroslav Halchenko ] * debian/patches/deb_no_iptables_service (Closes: #871993) - remove all non-existing services from PartOf of fail2ban.service. Should resolve inability to restart firewalld (its .service is left in PartOf) upon upgrades. * debian/control - B-Depend on python3-setuptools and dh-python * debian/rules - Fixed up hardcoded path to the .build-ed package for testing fail2ban (0.10.2-1) unstable; urgency=medium . [ Yaroslav Halchenko ] * New major upstream release (thanks to Ervin Hegedüs for help updating packaging) - Major performance improvements, especially in tests battery execution, and shutdown (Closes: #878038) - Incremental increase of bantime (Closes: #498164) - IPv6 support (Closes: #881648, #470417) - Some filters refactored/deprecated, e.g. to take advantage of new filter option mode - sshd-aggressive and sshd-ddos absorbed into sshd filter (modes: normal, ddos, extra, or aggressive) - postfix-rbl and postfix-sasl absorbed into postfix (modes: more, normal, auth, rbl, ddos, extra, or aggressive) - New actions: abuseipd, nginx-block-map - New filters: phpmyadmin-syslog, zoneminder * A number of new patches added to address failing tests from https://github.com/fail2ban/fail2ban/pull/2025 * debian/control - Boosted policy to 4.1.3 - sqlite3 is now needed for some tests, thus added to build-depends and suggests * debian/README.Debian - Instructions on how to establish correct startup/shutdown sequence in systemd for shorewall (Closes: #847728). Thanks Ben Coleman for the final recipe . [ Viktor Szépe ] * Install provided config for monit under /etc/monit/conf-available (instead of /etc/monit/monitrc.d, location changed after monit 1:5.15-2) fail2ban (0.9.7-2) unstable; urgency=medium . * Upload to unstable (Closes: #870651) fail2ban (0.9.7-1) experimental; urgency=medium . * Fresh upstream release, primarily bugfix but includes some enhancements to regexes and new filters fail2ban (0.9.6-2) unstable; urgency=medium . * debian/patches/changeset_a639f0b083c213bde4ff3dcfbbb9fbcab0dd55f8.diff to resolve occasional FTBFSs if tzdata is not available (Closes: #855920) fail2ban (0.9.6-1) unstable; urgency=medium . * Fresh upstream release - should resolve outstanding FTBFS (Closes: #835707) fail2ban (0.9.5-1) unstable; urgency=medium . * Fresh upstream release * debian/watch -- not using githubredir service any longer fail2ban (0.9.4-1) unstable; urgency=medium . * Fresh upstream release. Debian's release codename if-only-someone-helped-to-triage-DBTS fail2ban (0.9.3-1) unstable; urgency=medium . * Fresh upstream release * debian/control -- adjusted description to mention what Recommends and Suggests are good for (Closes: #767114) fail2ban (0.9.2-1) unstable; urgency=medium . * Fresh release to celebrate jessie release and upload to unstable * Moved python3-systemd to Recommends from Suggests given that systemd is the default init system now. Should help people upgrading on Ubuntu 15.04 as well * Added regular python to Recommends since apache-fakegooglebot still python2 fail2ban (0.9.1+git44-gd65c4f8-1) experimental; urgency=medium . [ Christoph Anton Mitterer ] * Do not install the following configuration files which are not used within the Debian package of fail2ban: /etc/fail2ban/paths-fedora.conf /etc/fail2ban/paths-freebsd.conf /etc/fail2ban/paths-osx.conf Closes: #767123 . [ Yaroslav Halchenko ] * New upstream snapshot from 0.9.1-44-gd65c4f8 - carries a lot of fixes and improvements. Consult upstream ChangeLog - debian's init file is now maintained in upstream codebase (for manual deployments) - provides monit (now Suggest'ed) file which is now gets installed but not enabled by default: ln -s /etc/monit/{monitrc,conf}.d/fail2ban to assure that fail2ban process is running fail2ban (0.9.1-1) unstable; urgency=medium . * To become fresh upstream release (Closes: #742976) - 0.9 series is quite a big leap in development, especially since 0.8.6 which made it to previous Debian stable wheezy. Please consult upstream ChangeLog about changes * debian/control - boost policy to 3.9.6 fail2ban (0.9.0+git252-g47441d1-1) experimental; urgency=medium . [ Yaroslav Halchenko ] * New upstream snapshot from 0.9.0a2-814-g98dc084. . [ Daniel Schaal ] * debian/{control,rules} - switching to python3 as the interpreter for Fail2Ban so we could use python3-systemd which is N/A for Python2 any longer fail2ban (0.9.0+git48-gabcab00-1) experimental; urgency=medium . [ Daniel Schaal ] * debian/ updated for 0.9 release 0.9 release introduced big changes in internal organization (Python module now), and new features, and stock jail.conf now follows Debian's style, thus custom Debian jail.conf was deprecated. See NEWS file and upstream ChangeLog for further details. . [ Yaroslav Halchenko ] * Post 0.9 release snapshot. * debian/rules - do not ignore tests failures - run only tests not requiring network access - nagios and cacti examples get installed fail2ban (0.8.13-1) unstable; urgency=low . * New upstream bug-fix release: but consider 0.9.0 (to be uploaded to experimental) * debian/jail: - new jail definitions: apache-modsecurity, apache-nohome, freeswitch, ejabberd-auth, ssh-blocklist, nagios - new configuration option: ignorecommand * debian/post{inst,rm},preinst: - [thanks to Daniel Schaal]: take care about renaming config files - firewall-cmd-direct-new.conf to firewallcmd-new.conf which happened in 0.8.11-29-g56b6bf7 - lighttpd-fastcgi.conf to suhosin.conf and sasl.conf to postfix-sasl.conf in the past 0.8.11 release fail2ban (0.8.11-1) unstable; urgency=low . * Fresh upstream release - this release tightens all shipped filters to preclude possible injections leading to targetted DoS attacks. - omitted entry for ~pre release changelog: - asterisk filter was fixed (Closes: #719662), - nginx filter/jail added (Closes: #668064) - better detection of log rotation in polling backend (Closes: #696087) - includes sever name (uname -n) into subject of sendmail actions (Closes: #709196) * debian/jail.conf - dropbear jail: use dropbear filter (instead of ssh) and monitor auth.log instead of non-existing /var/log/dropbear (Closes: #620760) * debian/NEWS - information for change of default iptables action to REJECT now (Closes: #711463) * debian/patches - changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff post-release change to support native proftpd date format which includes milliseconds (Closes: #648276) - changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff absorbed upstream fail2ban (0.8.11~pre1+git29-gccd2657-1) unstable; urgency=low . * Snapshot of the upcoming new release candidate - improves dovecot (Closes: #709324), wuftpd (Closes: #665925) failregex'es - provides support for OpenSSH 6.3 (Closes: #722970) * debian/watch - restrict version matching only to numbers and period (to exclude alpha releases of 0.9 series) * debian/jail.conf - slightly adjusted for changes in master (suhosin replaced lighttpd-auth filer name, and postfix-sasl for sasl) - added nginx-http-auth. More jails to be adopted from upsream. fail2ban (0.8.10-3) unstable; urgency=low . * debian/jail.conf - added "submission" (port 587) to all SMTP-related jails (Closes: #714632). Thanks Tony den Haan for the report fail2ban (0.8.10-1) unstable; urgency=high . * New upstream release - addresses possible DoS for anyone enabling many of apache- filters fail2ban (0.8.9-1) unstable; urgency=low . * New upstream release - significant improvements in documentation (Closes: #400416) - roundcube auth filter (Closes: #699442) - enforces C locale for dates (Closes: #686341) - provides bash_completion.d/fail2ban * debian/jail.conf: - added findtime and documentation on those basic options from jail.conf (Closes: #704568) - added new sample jails definitions for ssh-route, ssh-iptables-ipset{4,6}, roundcube-auth, sogo-auth, mysqld-auth * debian/control: - suggest system-log-daemon (Closes: #691001) - boost policy compliance to 3.9.4 * debian/rules: - run fail2ban's unittests at build time but ignore the failures (there are still some known issues to fix up to guarantee robust testing in clean chroots etc). Only pyinotify was added to build-depends since gamin might still be buggy on older releases and get stuck, which would complicate backporting fail2ban (0.8.8-1) experimental; urgency=low . * Primarily a bugfix upstream release fail2ban (0.8.7.1-1) experimental; urgency=low * Minor upstream bugfix release fail2ban (0.8.7-1) experimental; urgency=low * New upstream release: - inotify backend is supported (and the default if pyinotify is present). It should bring number of wakeups to minimum (Closes: #481265) - usedns jail.conf parameter to disable reverse DNS mapping to avoid of DoS (see #588431, #514239 for related discussions) - enforces non-unicode logging (Closes: #657286) - new jail "recidive" to ban repeated offenders (Closes: #333557) - catch failed ssh logins due to being listed in DenyUsers (Closes: #669063) - document in config/*.conf on how to inline comments (Closes: #676146) - match possibly present "pam_unix(sshd:auth):" portion for sshd (Closes: #648020) - wu-ftpd: added failregex for use against syslog. Switch to monitor syslog (instead of auth.log) by default (Closes: #514239) - anchor chain name in actioncheck's for iptables actions (Closes: #672228) * debian/jail.conf: - adopted few jails from "upstreams" jail.conf: asterisk, recidive, lighttpd, php-url-open - provide instructions in jail.conf on how to comment (Closes: #676146) Thanks Stefano Forli for a report * debian/fail2ban.init: - Should-(start|stop): iptables-persistent (Closes: #598109), ferm (Closes: #604843) - 'status' exits with code 3 if fail2ban is not running (Closes: #653074) Thanks Glenn Aaldering for the patch * debian/source: - switch to 3.0 (quilt) format * debian/control,rules: - switch to use dh_python2 (Closes: #616803) - boost policy compliance to 3.9.3 - recommend python-pyinotify and only suggest python-gamin fail2ban (0.8.6-3wheezy1) unstable; urgency=high . * CVE-2012-5642: Escape the content of since its value could contain arbitrary symbols (Closes: #696184) * Since package source format remained 1.0, manpages patch (deb_manpages_reportbug) was not applied -- fold it into .diff.gz fail2ban (0.8.6-3) unstable; urgency=low * Added dovecot section to Debian's jail.conf. Thanks to Laurent Léonard (Closes: #655182) * init.d script now returns non-0 exit codes upon status command with not running / failed to connect server. Thanks to Glenn Aaldering for the patch fail2ban (0.8.6-2) unstable; urgency=low * Added pure-ftpd section to Debian's jail.conf. Thanks to Laurent Léonard (Closes: #654412) * Enhancement: action to use /proc/net/xt_recent and run f2b as a normal user. Many many thanks to Zbyszek Szmek (Closes: #602016) fail2ban (0.8.6-1) unstable; urgency=low * [1efe1bc] Fresh upstream release (Closes: #648324) * Boosted policy compliance to 3.9.2 -- no changes * Adjusted debian/watch to fetch tarballs from github fail2ban (0.8.5-2) unstable; urgency=low * [5242e73] BF: (cherry-picked from upstream, DEP-3 yet TODO) Lock server's executeCmd to prevent racing among iptables calls (Closes: #554162) Many kudos go to Michael Saavedra for the patch fail2ban (0.8.5-1) unstable; urgency=low * [de95777] Fresh upstream release FAIL2BAN-0_8_5: - [00e1827] BF: use addfailregex instead of failregex while processing per-jail "failregex" parameter (Closes: #635830) (LP: #635036) Thanks Marat Khayrullin for the patch and Daniel T Chen for forwarding to Debian. * [1cbdafc] Set backend to auto and recommends python-gamin (Closes: #524425) * [ef449f4] Added a note on diverting logrotate configuration for custom logtarget=SYSLOG (Closes: #631917). Thanks Kenyon Ralph for report fail2ban (0.8.4+svn20110323-1) unstable; urgency=low * Fresh upstream snapshot which absorbed some of the patches from Debian and - [c6d64e9] debug entry for lines ignored due to falling below findtime (v2) - [fc20f12] Tai64N stores time in GMT, we need to convert to local time before returning - [b0331bb] default ignoreip to ignore entire loopback zone (/8) (Closes: #598200) - [b9f15f6] ENH: dovecot filter - [69165b1] ENH: add to action.d/iptables*. Thanks Matthijs Kooijman - [8330a20] ENH: make filter.d/apache-overflows.conf catch more (Closes: #574182) - [66cc6cb] BF: allow space in the trailing of failregex for sasl.conf (Closes: #573314) - [2714019] ENH: dropbear filter (Closes: #546913) - [ea7d352] BF: Use /var/run/fail2ban instead of /tmp for temp files in actions (Closes: #544232) * debian/jail.conf: - [bc8e22d] spellcheck (Closes: #598206). Thanks Christoph Anton Mitterer - [d7f3e23] adjusted description for sasl jail (Closes: #615952) - [92fb484] debian/jail.conf: closing " for protocol specification - [f828c31] debian/jail.conf: got 'chain' parameter to be specified for iptables actions (Closes: #515599) * debian/control: - [858af30] slight rewordings of the long description (Closes: #588176) - [167dfd4] Boosted policy compliance version to 3.9.1 (no changes seems to be due) * [4e1e845] debian/copyright: updated copyright years fail2ban (0.8.4-3) unstable; urgency=low * Commenting out named-refused-udp jail and providing even fatter WARNING against using it (Closes: #583364) * Merging upstream's commit for fixing missing import fail2ban (0.8.4-2) unstable; urgency=low * Merged few upstream patches (svn rev ) which fixed: - Patch to make log file descriptors cloexec to stop leaking file descriptors on fork/exec. * debian/rules,control: -install-layout=deb for setup.py + python (>= 2.5.4-1~) to fix install with python2.6 (Closes: #571213). * Boosted policy to 3.8.4 (no changes seems to be due). fail2ban (0.8.4-1) unstable; urgency=low * New upstream release. Fixes compatibility issue with python2.6 * Yet only in Debian fixes: - escaping () in pure-ftpd. Thanks Teodor (Closes: #544744) - use "set logtarget" instead of "reload" while logrotate. Thanks J.M.Roth (Closes: #537773) - be able to detect time for VNC recording only 2 letters of year (Closes: #537610) - proftpd filter: count all failed logins regardless of the reason * Debian-specific changes: - adjusted README.Debian - multiport is default (closes: #545971) - Boosted policy to 3.8.3 (no changes seems to be due) fail2ban (0.8.3-6) unstable; urgency=low * Time to shake the ground with upload to unstable. * Merged upstream's development as of SVN revision 732: - Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714. - Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea. - Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct fix but seems to work. Tracker #2500276. - Changed template to be more restrictive (closes: #514163). - Added cyrus-imap and sieve filters. Thanks to Jan Wagner. (closes: #513953). - Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193). - Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko. - Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115. - Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410. (closes: #507990) - Added CPanel date format. Thanks to David Collins. Tracker #1967610. - Added nagios script. Thanks to Sebastian Mueller. - Removed print. - Removed begin-line anchor for "standard" timestamp (closes: #500824) - Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt. * Added a comment into Debian-shipped jail.conf about sasl logpath -- it might preferable to monitor warn.log in case of postfix (To complete react to #507990) (git branch up/fixes). Also added sasl example log file (git branch up/log_examples). * Removing minor bashism in ipmasq example file (closes: #530078). Thanks Raphael Geissert (git branch up/ipmasq) * Allow for trailing spaces in proftpd logs (closes: #507986) (git branch up/fixes). * Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557) (git branch up/fixes). * Adjusted Git-vcs field to point to git:// . * Thanks lintian fixes: - Boosted policy to 3.8.2 (no changes are due). - Boosted debhelper compatibility to 5. - Misspell in README.Debian - Removing stale /var/run/fail2ban from dirs -- should be created by init script fail2ban (0.8.3-3) experimental; urgency=low * BF: addressed added bang to ssh log (closes: #512193). Thanks Silvestre Zabala. * Adjusted description of bantime/findtime in README.Debian (closes: #507771) * Synced current debian revision to FAIL2BAN-0_8@717 of upstream, since it includes fixes to some forwarded bugs. Total list of functional changes - Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom. - Added apache-nohome.conf. Thanks to Yaroslav Halchenko. - Added new time format. No idea from where it comes... - Added new regex. Thanks to Tobias Offermann. - Try to match the regex even if the line does not contain a valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko. - Removed "timeregex" and "timepattern" stuff that is not needed anymore. - Added date template for Day-Month-Year Hour:Minute:Second (closes: #491253) - Added date pattern for Hour:Minute:Second. Thanks to Andreas Itzchak Rehberg. - Use current day and month instead of Jan 1st if both are not available in the log. Thanks to Andreas Itzchak Rehberg. - Improved pattern. Thanks to Yaroslav Halchenko. - Merged patches from Debian package. Thanks to Yaroslav Halchenko. fail2ban (0.8.1-3) unstable; urgency=low * Added Vcs- fields, moved Homepage into source header's field * Propagated patch from 0.9 upstream branch: "Replaced ssocket.py with asyncore/asynchat implementation. Correct fix for bug #1769616. That is supposed to resolve spontaneous 100% CPU utilization by fail2ban-server." * BF: removed sftp from ssh jails (closes: #436053) * NF: new filter for 'refused connect' (closes: #451093). Thanks Guido Bozzetto * Moved iptables into recommends since fail2ban can work without iptables using some other action (e.g hosts.deny) fail2ban (0.8.1-1) unstable; urgency=low * New upstream release. Patches absorbed upstream: 00_daemon_pids.dpatch 00_iptables_allports.dpatch 00_vsftp_filter_spaces.dpatch 00_resolve_all_names.dpatch 00_HOST_ignoreregex.dpatch Patches which needed some tune-up: 00_ssh_strong_re.dpatch 00_mail-whois-lines.dpatch 00_named_refused.dpatch fail2ban (0.8.0-4) unstable; urgency=low * Moved expansion into regex.py (closes: #429263). Thanks James Andrewartha. * Added optional regexp entry for process PID in some entries (closes: #426050). Thanks Roderick Schertler. * Added a filter pam_generic to catch any login errors. * Added iptables-allports. * Use /var/run to keep socket file (closes: #425746) * Added a filter for named to catch refused/denied queries * Added new time template matching named log entries * jail.conf has specification of protocol (default to tcp) to be provided to banaction * Adjusted failregex for sshd filter: - anchored properly at the end of line, and source code has .examples files to perform testing of the rules. - added new explicit rule for users not in the AllowUsers lists fail2ban (0.8.0-2) unstable; urgency=low * Manually changing the order of debhelper inserted scripts in prerm (Closes: #422655) * Removed obsolete hack to have /bin/env invocation of python for fail2ban-* scripts * Applied changes submitted by Bernd Zeimetz (thanks Bernd): - Removed obsolete Build-Depends-Indep on help2man, python-dev - Explicit removal of *.pyc files compiled during build - Invoke 'python setup.py clean' in clean target, which required also to move python into Build-Depends * Minor clean up of debian/rules fail2ban (0.8.0-1) unstable; urgency=low * New stable upstream release fail2ban (0.7.9-1) unstable; urgency=low * New upstream release * Updated copyright to include current year * Removed patches absorbed upstream fail2ban (0.7.8-1) unstable; urgency=low * New upstream release * Applied post-release upstream changes to resolve issues with - Fix to close opened handlers to log file - Tentative incomplete gamin fix - Fix to "reload" bug fail2ban (0.7.7-1) unstable; urgency=low * New upstream release (included most of the debian-provided patches -- new filters and actions) * Refreshed and made verbatim homepage in description fail2ban (0.7.6-3) unstable; urgency=low * Synchronized action.d/iptables-* rules from upstream SVN (closes: #407561) * Minor: options renames in the comments to be in sync with upstream * Use /usr/bin/python interpreter instead of wrapped call to python by /usr/bin/env fail2ban (0.7.6-2) unstable; urgency=low * iptables-multiport is default action to take since Debian kernel arrives with multiport module. That is to address the fact that most services listen on multiple port (for encrypted and non-encrypted connections) * Added [courierauth] jail (First 2 items are to partially address #407404 fail2ban (0.7.6-1) unstable; urgency=low * New upstream release, which incorporates fixes introduced in 3~pre non-released versions (which were suggested to the users to overcome problems reported in bug reports). In particular attention should be paid to upstream changelog entries - Several "failregex" and "ignoreregex" are now accepted. Creation of rules should be easier now. This is an alternative solution to 'multiple ' entries fix, which is not applied to this shipped version - pay caution if upgrading from 0.7.5-3~pre? - Allow comma in action options. The value of the option must be escaped with " or '. That allowed to implement requested ability to ban multiple ports at once (See 373592). README.Debian and jail.conf adjusted to reflect possible use of iptables-mport - Now Fail2ban goes in /usr/share/fail2ban instead of /usr/lib/fail2ban. This is more compliant with FHS. Patch 00_share_insteadof_lib no longer applied * Refactored installed by debian package jail.conf: - Added option banaction which is to incorporate banning agent (usually some flavor of iptables rule), which can then be easily overriden globally or per section - Multiple actions are defined as action_* to serve as shortcuts * Initd script was modified to inform about present socket file which would forbid fail2ban-server from starting * Adjusted default log file for postfix to be /var/log/mail.log (Closes: #404921) fail2ban (0.7.5-3~pre6) unstable; urgency=low * Fail2ban now bans vsftpd logins (corrected logfile path and failregex) (Closes: #404060) * Made fail2ban-server tollerate multiple entries in failregex * Moved call to dh_pycentral before dh_installinit * Removed unnecessary call of dh_shlibdeps * Added filter ssh-ddos to fight DDOS attacks. Must be used with caution if there is a possibility of valid clients accessing through unreliable connection or faulty firewall (Closes: #404487) * Not applying patch any more for rigid python2.4 - it is default now in sid/etch * Moving waiting loop for fail2ban-server to stop under do_stop function, so it gets invoked by both 'restart' and 'stop' commands * do_status action of init script is now using 'fail2ban-client ping' instead of '... status' since we don't really use returned status information, besides the return error code fail2ban (0.7.5-2) unstable; urgency=low * NEWS.Debian confusions - the latest NEWS entry and postinst message were rephrased (Closes: #402350) * Added mail-whois-lines action, which emails log lines containing abuser IP. Those lines are often required for proper abuse reports sent to the Internet providers. Forwarding of such received emails to the email addresses of abuse departments present in the output of whois is a tentative solution for semi-automatic abuse reporting (Closes: #358810) fail2ban (0.7.5-1) unstable; urgency=low * New upstream release which fixes next issues + Socket parameter not work with other path (Closes: #400162) + fail2ban does not start with /etc/init.d/fail2ban start but with fail2ban-client start (Closes: #400278) * Removed obsolete patches left from 0.6 * Adjusted wsftpd patch to use tag to be in line with the other filter definitions fail2ban (0.7.4-5) unstable; urgency=low * Added Suggests on mailx and relevant comments in README.Debian about invoking mail actions (closes: #396668) * Removed obsolete entries in TODO and README * README.Debian describes the use of interpolations vs parameters passed from jail.{conf,local} into an action definitions (closes: #398739) * Initial version of postfix filter has been present in 0.7 (closes: #377711) * Removed Uploaded field from control since I am a DD now. Big thanks to Barak Pearlmutter for being the sponsor of my packages for few years. fail2ban (0.7.4-4) unstable; urgency=low * Added debian/backports to contain patches necessary for backporting. It gets used by pbuilder-ssh to create package for backports.org fail2ban (0.7.4-3) unstable; urgency=low * Reincarnated logrotate configuration (Closes: #397878) * Only block new connects by using a new action iptables-new instead of iptables (Closes: #350746) * Updated README.Debian to reflect transition over to 0.7 branch and to comment on 350746 * "Clean" target removes generated .pyc files now (Closes: #398146) * Cleaned up debian/rules a bit fail2ban (0.7.4-2) unstable; urgency=low * Added reload/force-reload actions to init script * Adjusted jail.conf a bit * Warning NEWS entry for 0.7.1 was not shown during installation on test boxes, thus postinst was adjusted accordingly to inform the user about the changes in the configuration files since 0.6. fail2ban (0.7.4-1) experimental; urgency=low * New upstream release fail2ban (0.7.4~pre20061023.2-3) experimental; urgency=low * Corrected init.d script to properly perform restart due to server delay to react to client command to stop. Handling of status was adjusted as well fail2ban (0.7.4~pre20061023.2-2) experimental; urgency=low * Added apache-noscript to jail.conf * Default action does not send emails to be inline with previous (0.6.x) behavior fail2ban (0.7.4~pre20061023.2-1) experimental; urgency=low * Fresh upstream: fixed a bug with not handling error producing actioncheck call fail2ban (0.7.4~pre2006102-1) experimental; urgency=low * Currrent snapshot of trunk * Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches from debian/patches * Adjusted rule to install man pages -- only .1 files since there are also h2m sources * debian/{rules,control} adjusted to conform all points in recent python policy changes * install under /usr/share instead of /usr/lib fail2ban (0.7.3-2) experimental; urgency=low * Added wuftpd section fail2ban (0.7.3-1) experimental; urgency=low * New upstream release * Debian shipped jail.conf * Refreshen init.d script fail2ban (0.7.1-0.2) experimental; urgency=low * New upstream release (closes: #370095,#366307) fail2ban (0.6.1-11) unstable; urgency=low * Adjusted manpage for fail2ban.conf to point to shipped examples of configuration files as the source of details about available configuration options (closes: #382403) * Changes in man/fail2ban.conf.5 are managed via dpatch now fail2ban (0.6.1-10) unstable; urgency=low * Adjusted to comply with recent changes in debian python policy and use pycentral to byte compile modules * Filtered out empty entries for ignoreip to reduce confusing WARNING log message * Added configuration parameter "locale" to specify LC_TIME for time pattern matching (closes: #367990,363391) * Verbosity is chosen to be max between cmdline parameters and config file fail2ban (0.6.1-8) unstable; urgency=low * Removed bashism (arrays) from init.d script to make it POSIX shell complient (closes: #368218) * Added new proftpd section * Added new saslauthd section. Thanks to martin f krafft (closes: #369483) * Mentioned apache2 log file in Other. comment field for FILE in apache section. Nothing has to be changed besides the logfile path to work with apache2 (closes: #342144) fail2ban (0.6.1-3) unstable; urgency=low * Fixed vsftpd failregexp (closes: #366687) * Started to use dpatch fail2ban (0.6.1-1) unstable; urgency=low * New upstream release * In config file added fwchain to ease switching to another input chain (closes: #357164) fail2ban (0.6.0-7) unstable; urgency=low * Fixed a typo in failregex for SSH section (closes: #356112) fail2ban (0.6.0-6) unstable; urgency=low * Updated README.Debian with information about some cases with not-as-shipped configurations of sshd on the boxes running older versions of openssh server * Included regexps for SSH in case iff authentication as root using keys was attempted whenever PermitRootLogin is set to something else than "yes" and key authentication fails * Included postrm script to remove log files during purge to comply with policy 10.8 (closes: #355443) fail2ban (0.6.0-5) unstable; urgency=low * Fixed Apache section: changed filepath to point at error.log, thus I had to revert timeregex and timepattern to user RFC 2822 format (closes: #354346) fail2ban (0.6.0-4) unstable; urgency=low * Modifications in README.Debian to reflect a "finding" on not-AllowedUsers banning which requires default Debian configuration of "ChallengeResponseAuthentication no" and "PasswordAuthentication yes" * Fixed Apache timeregex and timepattern to confirm the fomat of time stamp used in Debian's acccess.log (error.log uses RFC 2822 format) * Added section ApacheAttacks to specify some common patterns of attacks on a webserver (awstats.pl as a try). This section stays split from Apache since it is of different nature and might be not appropriate for some users * Forced owner/permissions of log file to be root:adm/640 in postinst and logrotate (closes: #352053) fail2ban (0.6.0-3) unstable; urgency=low * ignoreip is now empty by default (closes: #347766) * increased verbosity in verbose=2 mode: now prints options accepted from the config file * to make fail2ban.conf more compact, thus to improve its readability, fail2ban.conf was converted to use "interpolations" provided by ConfigParser class. fw{start,end,{,un}ban} options were moved into DEFAULT section and required options (port, protocol) were added fail2ban (0.6.0-2) unstable; urgency=low * fail2ban path is inserted first in the list to avoid a conflict with existing elsewhere modules with the same names. (Thanks for report and patch to Nick Craig-Wood) (closes: #343821) minimap2 (2.27+dfsg-1) unstable; urgency=medium . * Team upload. * d/rules, d/clean: simply cleanup code. * d/rules: clean using pybuild. Closes: #1046060 minimap2 (2.26+dfsg-1) unstable; urgency=medium . * Team upload. * New upstream version * Standards-Version: 4.6.2 (routine-update) * Build-Depends: s/dh-python/dh-sequence-python3/ (routine-update) * d/control: specify gnuplot-nox build-dep option first for consistency. * d/patches: forward some patches, update metadata minimap2 (2.24+dfsg-4~0exp) experimental; urgency=medium . * Team upload. * Experimental rebuild with SIMDe 0.7.3~0git20230118123246.d1e75cd python-dateutil (2.9.0-2) unstable; urgency=medium . * Team upload. * Register pytest marks (add setup.cfg to test environment) python-dateutil (2.9.0-1) unstable; urgency=medium . [ Andreas Tille ] * Team upload. * Add patch that should solve some DeprecationWarning in Python3.12 which affects: #1058414 (of package python-itsdangerous) The patch is *not* applied since it is not sufficient and breaks several other tests in dateutil * Test all supported Python3 versions in autopkgtest (to show the DeprecationWarning for Python3.12) . [ Julian Gilbey ] * New upstream version (closes: #1063971) * Refresh patches * Remove ancient Breaks field from d/control and update Standards-Version * Remove unused upstream signing-key (no longer appears to be signed upstream) * Add d/upstream/metadata file ruby-dbf (4.3.2-1) unstable; urgency=medium . * Team upload. * New upstream version. + Upstream fix ruby3.2 compatibility (tested using sbuild). * d/patches/0001-default-external-encoding.patch: Merged (applied by upstream). See https://github.com/infused/dbf/pull/77 * d/control: Remove deprecated fields XS and XB Ruby versions. REMOVED: fcitx5-keyman 1.0.7-1