lp:debian/wheezy/fail2ban
- Get this branch:
- bzr branch lp:debian/wheezy/fail2ban
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 25. By Yaroslav Halchenko
-
* Use anchored failregex for filters to avoid possible DoS. Manually
picked up from the current status of 0.8 branch (as of
0.8.13-29-g09b2016) :
- CVE-2013-7176: postfix.conf - anchored on the front, expects
"postfix/smtpd" prefix in the log line
- CVE-2013-7177: cyrus-imap.conf - anchored on the front, and
refactored to have a single failregex
- couriersmtp.conf - anchored on both sides
- exim.conf - front-anchored versions picked up from exim.conf
and exim-spam.conf
- lighttpd-fastcgi. conf - front-anchored picked up from suhosin.conf - 24. By Yaroslav Halchenko
-
Anchor apache- filters failregexes to avoid possible DoS on servers
which enabled corresponding jails. Fix cherry-picked from upstream
0.8.9-29-g6ccd578 . See http://seclists. org/fulldisclos ure/2013/ Jun/66 - 23. By Yaroslav Halchenko
-
* CVE-2012-5642: Escape the content of <matches> since its value could
contain arbitrary symbols (Closes: #696184)
* Since package source format remained 1.0, manpages patch
(deb_manpages_ reportbug) was not applied -- fold it into .diff.gz - 22. By Yaroslav Halchenko
-
* Added dovecot section to Debian's jail.conf. Thanks to Laurent
Léonard (Closes: #655182)
* init.d script now returns non-0 exit codes upon status command
with not running / failed to connect server. Thanks to
Glenn Aaldering for the patch - 21. By Yaroslav Halchenko
-
* Added pure-ftpd section to Debian's jail.conf. Thanks to Laurent
Léonard (Closes: #654412)
* Enhancement: action to use /proc/net/xt_recent and run f2b as a normal
user. Many many thanks to Zbyszek Szmek (Closes: #602016) - 20. By Yaroslav Halchenko
-
* [1efe1bc] Fresh upstream release (Closes: #648324)
* Boosted policy compliance to 3.9.2 -- no changes
* Adjusted debian/watch to fetch tarballs from github - 19. By Yaroslav Halchenko
-
[5242e73] BF: (cherry-picked from upstream, DEP-3 yet TODO) Lock
server's executeCmd to prevent racing among iptables calls (Closes:
#554162) Many kudos go to Michael Saavedra for the patch - 18. By Yaroslav Halchenko
-
* [de95777] Fresh upstream release FAIL2BAN-0_8_5:
- [00e1827] BF: use addfailregex instead of failregex while processing
per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
Thanks Marat Khayrullin for the patch and Daniel T Chen for forwarding to
Debian.
* [1cbdafc] Set backend to auto and recommends python-gamin (Closes: #524425)
* [ef449f4] Added a note on diverting logrotate configuration for custom
logtarget=SYSLOG (Closes: #631917). Thanks Kenyon Ralph for report - 17. By Yaroslav Halchenko
-
* Fresh upstream snapshot which absorbed some of the patches from Debian
and
- [c6d64e9] debug entry for lines ignored due to falling below
findtime (v2)
- [fc20f12] Tai64N stores time in GMT, we need to convert to
local time before returning
- [b0331bb] default ignoreip to ignore entire loopback zone (/8)
(Closes: #598200)
- [b9f15f6] ENH: dovecot filter
- [69165b1] ENH: add <chain> to action.d/iptables*. Thanks
Matthijs Kooijman
- [8330a20] ENH: make filter.d/apache- overflows. conf catch more
(Closes: #574182)
- [66cc6cb] BF: allow space in the trailing of failregex for sasl.conf
(Closes: #573314)
- [2714019] ENH: dropbear filter (Closes: #546913)
- [ea7d352] BF: Use /var/run/fail2ban instead of /tmp for temp files in
actions (Closes: #544232)
* debian/jail.conf:
- [bc8e22d] spellcheck (Closes: #598206). Thanks Christoph Anton Mitterer
- [d7f3e23] adjusted description for sasl jail (Closes: #615952)
- [92fb484] debian/jail.conf: closing " for protocol specification
- [f828c31] debian/jail.conf: got 'chain' parameter to be specified for
iptables actions (Closes: #515599)
* debian/control:
- [858af30] slight rewordings of the long description (Closes: #588176)
- [167dfd4] Boosted policy compliance version to 3.9.1 (no changes seems
to be due)
* [4e1e845] debian/copyright: updated copyright years - 16. By Yaroslav Halchenko
-
* Commenting out named-refused-udp jail and providing even fatter
WARNING against using it (Closes: #583364)
* Merging upstream's commit for fixing missing import
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/fail2ban