File: changelog

package info (click to toggle)
fail2ban 1.1.0-7
links: PTS, VCS
area: main
in suites: sid, trixie
size: 4,040 kB
sloc: python: 23,099; sh: 525; xml: 352; perl: 344; makefile: 191
file content (1577 lines) | stat: -rw-r--r-- 62,611 bytes
fail2ban (1.1.0-7) unstable; urgency=medium

  * Add python3-setuptools to the run time build deps
    (Closes: #1076494)
    Should be removed at some point when upstream removes the need

 -- Sylvestre Ledru <sylvestre@debian.org>  Sun, 01 Sep 2024 08:40:14 +0200

fail2ban (1.1.0-6) unstable; urgency=medium

  * Adjust the ssh configuration to work with openssh 9.8
    (closes: #1078208)
    Thanks to Vincent Lefèvre for the patch

 -- Sylvestre Ledru <sylvestre@debian.org>  Sat, 17 Aug 2024 07:40:22 +0100

fail2ban (1.1.0-5) unstable; urgency=medium

  * Follow upstream recommendation for ssh
    See
    https://github.com/fail2ban/fail2ban/issues/3747#issuecomment-2122420989
    https://github.com/fail2ban/fail2ban/issues/3812

 -- Sylvestre Ledru <sylvestre@debian.org>  Sun, 11 Aug 2024 11:59:06 +0200

fail2ban (1.1.0-4) unstable; urgency=medium

  * Fix spurious ">" character in paths-debian.conf
    (Fixes: #1071829)

 -- Sylvestre Ledru <sylvestre@debian.org>  Sat, 25 May 2024 12:06:07 +0200

fail2ban (1.1.0-3) unstable; urgency=medium

  * Restore the use of nftables and, for some jails,
    the systemd backend.
    Many thanks to Vincent Lefevre
    (Closes: #1070677)

 -- Sylvestre Ledru <sylvestre@debian.org>  Sat, 25 May 2024 08:34:39 +0200

fail2ban (1.1.0-2) unstable; urgency=medium

  * Fix Build-Depends: pkg-config => pkgconf
  * Switch Build-Depends to systemd-dev

 -- Sylvestre Ledru <sylvestre@debian.org>  Thu, 16 May 2024 09:56:41 +0200

fail2ban (1.1.0-1) unstable; urgency=medium

  * New upstream release
    (LP: #2055114)
  * Block ssh invalid keys too (Closes: #1038779)
  * Follow upstream advice
    https://github.com/fail2ban/fail2ban/issues/3292#issuecomment-2078361360
    to only have sshd as enabled = true in jail.d_defaults-debian.conf
  * Update lintian override info format in d/source/lintian-overrides on line 1-2.
  * Update standards version to 4.6.2, no changes needed.

 -- Sylvestre Ledru <sylvestre@debian.org>  Thu, 02 May 2024 13:57:06 +0200

fail2ban (1.0.2-3) unstable; urgency=medium

  * Add banaction = nftables in the defaults-debian.conf default
    see https://github.com/fail2ban/fail2ban/discussions/3575#discussioncomment-7045315
  * Move python3-systemd as depend (Closes: #770171, #1037437)
  * Add backend = systemd to jail.d/defaults-debian.conf

 -- Sylvestre Ledru <sylvestre@debian.org>  Tue, 19 Sep 2023 13:55:20 +0200

fail2ban (1.0.2-2) unstable; urgency=medium

  * Team upload.

  [ Pirate Praveen ]
  * Use systemd for correct /lib/systemd/system path (Closes: #1034230)

  [ Jochen Sprickerhof ]
  * Drop dependency on lsb-base. It is a transitional package to
    sysvinit-utils which is essential.

 -- Jochen Sprickerhof <jspricke@debian.org>  Fri, 21 Apr 2023 21:54:48 +0200

fail2ban (1.0.2-1) unstable; urgency=medium

  * New upstream release

 -- Sylvestre Ledru <sylvestre@debian.org>  Wed, 09 Nov 2022 17:42:47 +0100

fail2ban (1.0.1-1~exp1) experimental; urgency=medium

  [ Bastian Germann ]
  [ Gioele Barabucci ]
  * d/post{inst,rm},preinst: Remove code for ancient versions

  [ Debian Janitor ]
  * debian/watch: Use GitHub /tags rather than /releases page.
  * Update standards version to 4.6.1, no changes needed.

  [ Sylvestre Ledru ]
  * New upstream release
  * Fix debian/watch
  * Remove a bunch of patches (merged upstream)

 -- Sylvestre Ledru <sylvestre@debian.org>  Wed, 28 Sep 2022 07:16:20 -1000

fail2ban (0.11.2-6) unstable; urgency=medium

  * Cherry-pick upstream fix to fix a startup issue with Python 3.10
    (LP: #1958505)
  * Cherry-pick upstream fix for courier-auth (Closes: #1004466)
  * ignore false positive
    fail2ban: read-in-maintainer-script [postinst:41

 -- Sylvestre Ledru <sylvestre@debian.org>  Thu, 10 Mar 2022 22:52:59 +0100

fail2ban (0.11.2-5) unstable; urgency=medium

  * Revert the CVE-2021-32749 fix (Closes: #991449)
    Debian bookworm has the mailutils version with the proper fix

 -- Sylvestre Ledru <sylvestre@debian.org>  Thu, 20 Jan 2022 23:21:44 +0100

fail2ban (0.11.2-4) unstable; urgency=medium

  * Cherry pick 5ac303df8a171f748330d4c645ccbf1c2c7f3497
    to address the 2to3 issue.
    Thanks to Paul Wise for digging
    (Closes: #997601)

 -- Sylvestre Ledru <sylvestre@debian.org>  Tue, 11 Jan 2022 09:12:57 +0100

fail2ban (0.11.2-3) unstable; urgency=medium

  [ Debian Janitor ]
  * Remove constraints unnecessary since stretch:
    + Build-Depends: Drop versioned constraint on debhelper.
  * Bump debhelper from old 12 to 13.
  * Update standards version to 4.5.1, no changes needed.
  * Remove constraints unnecessary since buster:
    + fail2ban: Drop versioned constraint on lsb-base in Depends.

  [ Sylvestre Ledru ]
  * Fix the watch file
  * Fix systemd-service-in-odd-location
    lib/systemd/system/fail2ban.service => /usr/lib/systemd/system/fail2ban.service
  * Fix the roundcube debian custom path (Closes: #988323)
    Thanks to Kurt Fitzner for the patch
  * Do not fail the postinst if chown/chmod are failing (Closes: #926237)
    Thanks to Kim-Alexander Brodowski for the patch
  * Adjust the systemd path from /var/run => /run
    (Closes: #902413)
    Thanks to Gabriel Filion for the patch
  * Add support for scanlogd (taken from upstream)
    (Closes: #983399)
  * Standards-Version => 4.6.0

 -- Sylvestre Ledru <sylvestre@debian.org>  Sat, 23 Oct 2021 16:09:47 +0200

fail2ban (0.11.2-2) unstable; urgency=high

  * Fix a problem with mail

 -- Sylvestre Ledru <sylvestre@debian.org>  Mon, 12 Jul 2021 06:52:40 +0200

fail2ban (0.11.2-1) unstable; urgency=medium

  * New upstream release
    Remove python-3.9.patch (merged upstream)

 -- Sylvestre Ledru <sylvestre@debian.org>  Thu, 26 Nov 2020 13:47:53 +0100

fail2ban (0.11.1-4) unstable; urgency=medium

  * Fix the copyright file (Closes: #975644)
  * https for the Website field in Debian control

 -- Sylvestre Ledru <sylvestre@debian.org>  Tue, 24 Nov 2020 17:13:04 +0100

fail2ban (0.11.1-3) unstable; urgency=medium

  [ Ondřej Nový ]
  * Use debhelper-compat instead of debian/compat.
  * d/control: Update Maintainer field with new Debian Python Team
    contact address.
  * d/control: Update Vcs-* fields with new Debian Python Team Salsa
    layout.
  * d/watch: Use https protocol.

  [ Sylvestre Ledru ]
  * Fix the python 3.9 support (Closes: #975565)
  * remove deprecated package dh-systemd from the build deps
    (Closes: #958625)
  * Fix day-of-week for changelog entry 0.5.4-2.
  * Update watch file format version to 4.
  * Bump debhelper from deprecated 9 to 12.
  * Update standards version to 4.5.0, no changes needed.

 -- Sylvestre Ledru <sylvestre@debian.org>  Mon, 23 Nov 2020 21:45:34 +0100

fail2ban (0.11.1-2) unstable; urgency=medium

  * Do not rotate log if empty. Thanks to Ron Varburg for the patch
    (Closes: #956681)
  * Add Environment="PYTHONNOUSERSITE=yes" to the service file to avoid
    fail2ban to read /root/.local/. Thanks to Russell Coker for the
    investigation (Closes: #956177)

 -- Sylvestre Ledru <sylvestre@debian.org>  Tue, 14 Apr 2020 11:44:23 +0200

fail2ban (0.11.1-1) unstable; urgency=medium

  * Upload to unstable

 -- Sylvestre Ledru <sylvestre@debian.org>  Mon, 02 Mar 2020 14:20:11 +0100

fail2ban (0.11.1-1~exp3) experimental; urgency=medium

  * Add myself to the list of uploaders
  * nftables is now more important than iptables. Update of the priority
    and doc (Closes: #946257)
  * Trim trailing whitespace.
  * Fix package-installs-into-obsolete-dir
    Install bash_completion script in usr/share/bash-completion/completions
  * Remove patches neurodebian-backport.series, neurodebian_use_python2,
    saucy-dsc-patch, trusty-dsc-patch, utopic-dsc-patch, wheezy-dsc-
    patch that are missing from debian/patches/series.
  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
    Repository-Browse.

 -- Sylvestre Ledru <sylvestre@debian.org>  Thu, 23 Jan 2020 10:42:11 +0100

fail2ban (0.11.1-1~exp2) experimental; urgency=medium

  * Run the testsuite for real

 -- Sylvestre Ledru <sylvestre@debian.org>  Mon, 13 Jan 2020 11:09:08 +0100

fail2ban (0.11.1-1~exp1) experimental; urgency=medium

  [ Sylvestre Ledru ]
  * New upstream release (Closes: #922539)
  * Import fail2ban in the Debian Python Umbrella (Closes: #947926)
  * Remove the old dep to Python (Closes: #945670)
  * Run ./fail2ban-2to3 as part of the build to be Python 3 ready
  * Update to SV: 4.4.1

  [ Jelmer Vernooĳ ]
  * Use secure URI in Vcs control header.

 -- Sylvestre Ledru <sylvestre@debian.org>  Sun, 12 Jan 2020 23:13:31 +0100

fail2ban (0.10.2-2) unstable; urgency=medium

  [ Arturo Borrero Gonzalez ]
  * Recommend nftables as an alternative to iptables (Closes: #892472)

  [ Yaroslav Halchenko ]
  * debian/patches/deb_no_iptables_service (Closes: #871993)
    - remove all non-existing services from PartOf of fail2ban.service.
      Should resolve inability to restart firewalld (its .service is
      left in PartOf) upon upgrades.
  * debian/control
    - B-Depend on python3-setuptools and dh-python
  * debian/rules
    - Fixed up hardcoded path to the .build-ed package for testing

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 04 Apr 2018 00:47:53 -0400

fail2ban (0.10.2-1) unstable; urgency=medium

  [ Yaroslav Halchenko ]
  * New major upstream release (thanks to Ervin Hegedüs for help updating
    packaging)
    - Major performance improvements, especially in tests battery
      execution, and shutdown (Closes: #878038)
    - INCORRECT RECORD IN ORIGINAL changelog (will be fixed in 0.11):
      Incremental increase of bantime (Bug: #498164)
    - IPv6 support (Closes: #881648, #470417)
    - Some filters refactored/deprecated, e.g. to take advantage of new
      filter option mode
      - sshd-aggressive and sshd-ddos absorbed into sshd filter
        (modes: normal, ddos, extra, or aggressive)
      - postfix-rbl and postfix-sasl absorbed into postfix
        (modes: more, normal, auth, rbl, ddos, extra, or aggressive)
    - New actions: abuseipd, nginx-block-map
    - New filters: phpmyadmin-syslog, zoneminder
  * A number of new patches added to address failing tests from
    https://github.com/fail2ban/fail2ban/pull/2025
  * debian/control
    - Boosted policy to 4.1.3
    - sqlite3 is now needed for some tests, thus added to build-depends
      and suggests
  * debian/README.Debian
    - Instructions on how to establish correct startup/shutdown sequence
      in systemd for shorewall (Closes: #847728). Thanks Ben Coleman for the
      final recipe

  [ Viktor Szépe ]
  * Install provided config for monit under /etc/monit/conf-available
    (instead of /etc/monit/monitrc.d, location changed after monit 1:5.15-2)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 22 Jan 2018 10:38:19 -0500

fail2ban (0.9.7-2) unstable; urgency=medium

  * Upload to unstable (Closes: #870651)

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 03 Aug 2017 22:49:08 -0400

fail2ban (0.9.7-1) experimental; urgency=medium

  * Fresh upstream release, primarily bugfix but includes some enhancements
    to regexes and new filters

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 10 May 2017 21:40:16 -0400

fail2ban (0.9.6-2) unstable; urgency=medium

  * debian/patches/changeset_a639f0b083c213bde4ff3dcfbbb9fbcab0dd55f8.diff
    to resolve occasional FTBFSs if tzdata is not available (Closes: #855920)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 17 Apr 2017 10:27:28 -0400

fail2ban (0.9.6-1) unstable; urgency=medium

  * Fresh upstream release
    - should resolve outstanding FTBFS (Closes: #835707)

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 09 Dec 2016 09:37:54 -0500

fail2ban (0.9.5-1) unstable; urgency=medium

  * Fresh upstream release
  * debian/watch -- not using githubredir service any longer

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 14 Jul 2016 21:37:03 -0400

fail2ban (0.9.4-1) unstable; urgency=medium

  * Fresh upstream release.
    Debian's release codename  if-only-someone-helped-to-triage-DBTS

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 07 Mar 2016 21:50:50 -0500

fail2ban (0.9.3-1) unstable; urgency=medium

  * Fresh upstream release
  * debian/control -- adjusted description to mention what Recommends
    and Suggests are good for (Closes: #767114)

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 31 Jul 2015 21:34:10 -0400

fail2ban (0.9.2-1) unstable; urgency=medium

  * Fresh release to celebrate jessie release and upload to unstable
  * Moved python3-systemd to Recommends from Suggests given that systemd is
    the default init system now.  Should help people upgrading on Ubuntu 15.04
    as well
  * Added regular python to Recommends since apache-fakegooglebot still python2

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 29 Apr 2015 00:00:07 -0400

fail2ban (0.9.1+git44-gd65c4f8-1) experimental; urgency=medium

  [ Christoph Anton Mitterer ]
  * Do not install the following configuration files which are not used within
    the Debian package of fail2ban:
    /etc/fail2ban/paths-fedora.conf
    /etc/fail2ban/paths-freebsd.conf
    /etc/fail2ban/paths-osx.conf
    Closes: #767123

  [ Yaroslav Halchenko ]
  * New upstream snapshot from 0.9.1-44-gd65c4f8
    - carries a lot of fixes and improvements. Consult upstream ChangeLog
    - debian's init file is now maintained in upstream codebase (for manual
      deployments)
    - provides monit (now Suggest'ed) file which is now gets installed
      but not enabled by default:  ln -s /etc/monit/{monitrc,conf}.d/fail2ban
      to assure that fail2ban process is running

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 30 Dec 2014 18:32:16 -0500

fail2ban (0.9.1-1) unstable; urgency=medium

  * To become fresh upstream release (Closes: #742976)
    - 0.9 series is quite a big leap in development, especially since 0.8.6
      which made it to previous Debian stable wheezy.  Please consult upstream
      ChangeLog about changes
  * debian/control
    - boost policy to 3.9.6

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 27 Oct 2014 21:52:56 -0400

fail2ban (0.9.0+git252-g47441d1-1) experimental; urgency=medium

  [ Yaroslav Halchenko ]
  * New upstream snapshot from 0.9.0a2-814-g98dc084.

  [ Daniel Schaal ]
  * debian/{control,rules}
    - switching to python3 as the interpreter for Fail2Ban so we could use
      python3-systemd which is N/A for Python2 any longer

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 12 Oct 2014 16:45:36 -0400

fail2ban (0.9.0+git48-gabcab00-1) experimental; urgency=medium

  [ Daniel Schaal ]
  * debian/ updated for 0.9 release
    0.9 release introduced big changes in internal organization (Python
    module now), and new features, and stock jail.conf now follows
    Debian's style, thus custom Debian jail.conf was deprecated.  See NEWS
    file and upstream ChangeLog for further details.

  [ Yaroslav Halchenko ]
  * Post 0.9 release snapshot.
  * debian/rules
    - do not ignore tests failures
    - run only tests not requiring network access
    - nagios and cacti examples get installed

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 25 Mar 2014 00:43:46 -0400

fail2ban (0.8.13-1) unstable; urgency=low

  * New upstream bug-fix release: but consider 0.9.0 (to be uploaded to
    experimental)
  * debian/jail:
    - new jail definitions: apache-modsecurity, apache-nohome, freeswitch,
      ejabberd-auth, ssh-blocklist, nagios
    - new configuration option: ignorecommand
  * debian/post{inst,rm},preinst:
    - [thanks to Daniel Schaal]: take care about renaming config files
      - firewall-cmd-direct-new.conf to firewallcmd-new.conf which happened
        in 0.8.11-29-g56b6bf7
      - lighttpd-fastcgi.conf to suhosin.conf and
        sasl.conf to postfix-sasl.conf in the past 0.8.11 release

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 18 Mar 2014 23:13:35 -0400

fail2ban (0.8.12-1) UNRELEASED; urgency=low

  * New upstream release
    - provides "fail2ban-client flushlogs" command, debian/fail2ban.logrotate
      was adjusted to use it.  Helps to mitigate #697333
    - removes indentation of name and loglevel while logging to SYSLOG
      (Closes: #730202)
    - fixes apache-common.conf (Closes: #739364)
  * /etc/default/fail2ban -- minor typo. Thanks Vincent Lefevre for report
    (Closes: #734421)
  * debian/patches:
    - dropping cherry-picked changeset*

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 07 Feb 2014 00:45:38 -0500

fail2ban (0.8.11-1) unstable; urgency=low

  * Fresh upstream release
    - this release tightens all shipped filters to preclude
      possible injections leading to targeted DoS attacks.
    - omitted entry for ~pre release changelog:
      - asterisk filter was fixed (Closes: #719662),
      - nginx filter/jail added (Closes: #668064)
      - better detection of log rotation in polling backend (Closes: #696087)
      - includes sever name (uname -n) into subject of sendmail actions
        (Closes: #709196)
  * debian/jail.conf
    - dropbear jail: use dropbear filter (instead of ssh) and monitor
      auth.log instead of non-existing /var/log/dropbear (Closes: #620760)
  * debian/NEWS
    - information for change of default iptables action to REJECT now
      (Closes: #711463)
  * debian/patches
    - changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff
      post-release change to support native proftpd date format which
      includes milliseconds (Closes: #648276)
    - changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff
      absorbed upstream

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 17 Nov 2013 17:29:06 -0500

fail2ban (0.8.11~pre1+git29-gccd2657-1) unstable; urgency=low

  * Snapshot of the upcoming new release candidate
    - improves dovecot (Closes: #709324), wuftpd (Closes: #665925)
      failregex'es
    - provides support for OpenSSH 6.3 (Closes: #722970)
  * debian/watch
    - restrict version matching only to numbers and period (to exclude
      alpha releases of 0.9 series)
  * debian/jail.conf
    - slightly adjusted for changes in master (suhosin replaced
      lighttpd-auth filer name, and postfix-sasl for sasl)
    - added nginx-http-auth.  More jails to be adopted from upstream.

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 10 Nov 2013 12:16:51 -0800

fail2ban (0.8.10-3) unstable; urgency=low

  * debian/jail.conf
    - added "submission" (port 587) to all SMTP-related jails (Closes:
      #714632).  Thanks Tony den Haan for the report

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 01 Jul 2013 14:36:24 -0400

fail2ban (0.8.10-2) unstable; urgency=low

  * debian/fail2ban.init:
    - fixed handling of the return code from do_start/do_stop
    - status calls would dump all output to /dev/null
  * debian/jail.conf:
    - pure-ftpd jail should monitor syslog not auth.log. Thanks Laurent
      Léonard for the report

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 21 Jun 2013 10:47:56 -0400

fail2ban (0.8.10-1) unstable; urgency=high

  * New upstream release
    - addresses possible DoS for anyone enabling many of apache- filters

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 12 Jun 2013 13:31:29 -0400

fail2ban (0.8.9-1) unstable; urgency=low

  * New upstream release
    - significant improvements in documentation (Closes: #400416)
    - roundcube auth filter (Closes: #699442)
    - enforces C locale for dates (Closes: #686341)
    - provides bash_completion.d/fail2ban
  * debian/jail.conf:
    - added findtime and documentation on those basic options from jail.conf
      (Closes: #704568)
    - added new sample jails definitions for ssh-route, ssh-iptables-ipset{4,6},
      roundcube-auth, sogo-auth, mysqld-auth
  * debian/control:
    - suggest system-log-daemon (Closes: #691001)
    - boost policy compliance to 3.9.4
  * debian/rules:
    - run fail2ban's unittests at build time but ignore the failures
      (there are still some known issues to fix up to guarantee robust testing
      in clean chroots etc).
      Only pyinotify was added to build-depends since gamin might still be
      buggy on older releases and get stuck, which would complicate
      backporting

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 13 May 2013 11:58:56 -0400

fail2ban (0.8.8-1+lucid0) UNRELEASED; urgency=low

  * Added lucid-dsc-patch to use pycentral on systems without dh_python2

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 06 Dec 2012 12:52:30 -0500

fail2ban (0.8.8-1) experimental; urgency=low

  * Primarily a bugfix upstream release

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 05 Dec 2012 22:53:15 -0500

fail2ban (0.8.7.1-1) experimental; urgency=low

  * Minor upstream bugfix release

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 31 Jul 2012 21:46:19 -0400

fail2ban (0.8.7-1) experimental; urgency=low

  * New upstream release:
    - inotify backend is supported (and the default if pyinotify is present).
      It should bring number of wakeups to minimum (Closes: #481265)
    - usedns jail.conf parameter to disable reverse DNS mapping to
      avoid of DoS (see #588431, #514239 for related discussions)
    - enforces non-unicode logging (Closes: #657286)
    - new jail "recidive" to ban repeated offenders (Closes: #333557)
    - catch failed ssh logins due to being listed in DenyUsers (Closes: #669063)
    - document in config/*.conf on how to inline comments (Closes: #676146)
    - match possibly present "pam_unix(sshd:auth):" portion for sshd
      (Closes: #648020)
    - wu-ftpd: added failregex for use against syslog. Switch to monitor syslog
      (instead of auth.log) by default (Closes: #514239)
    - anchor chain name in actioncheck's for iptables actions (Closes: #672228)
  * debian/jail.conf:
    - adopted few jails from "upstreams" jail.conf: asterisk, recidive,
      lighttpd, php-url-open
    - provide instructions in jail.conf on how to comment (Closes: #676146)
      Thanks Stefano Forli for a report
  * debian/fail2ban.init:
    - Should-(start|stop): iptables-persistent (Closes: #598109),
      ferm (Closes: #604843)
    - 'status' exits with code 3 if fail2ban is not running (Closes: #653074)
      Thanks Glenn Aaldering for the patch
  * debian/source:
    - switch to 3.0 (quilt) format
  * debian/control,rules:
    - switch to use dh_python2 (Closes: #616803)
    - boost policy compliance to 3.9.3
    - recommend python-pyinotify and only suggest python-gamin

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 31 Jul 2012 16:51:40 -0400

fail2ban (0.8.6-3) unstable; urgency=low

  * Added dovecot section to Debian's jail.conf.  Thanks to Laurent
    Léonard (Closes: #655182)
  * init.d script now returns non-0 exit codes upon status command
    with not running / failed to connect server.  Thanks to
    Glenn Aaldering for the patch

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 08 Jan 2012 21:46:24 -0500

fail2ban (0.8.6-2) unstable; urgency=low

  * Added pure-ftpd section to Debian's jail.conf.  Thanks to Laurent
    Léonard (Closes: #654412)
  * Enhancement: action to use /proc/net/xt_recent and run f2b as a normal
    user. Many many thanks to Zbyszek Szmek (Closes: #602016)

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 03 Jan 2012 10:36:24 -0500

fail2ban (0.8.6-1) unstable; urgency=low

  * [1efe1bc] Fresh upstream release (Closes: #648324)
  * Boosted policy compliance to 3.9.2 -- no changes
  * Adjusted debian/watch to fetch tarballs from github

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 28 Nov 2011 22:27:18 -0500

fail2ban (0.8.5-2) unstable; urgency=low

  * [5242e73] BF: (cherry-picked from upstream, DEP-3 yet TODO) Lock
    server's executeCmd to prevent racing among iptables calls (Closes:
    #554162) Many kudos go to Michael Saavedra for the patch

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 23 Sep 2011 22:12:08 -0400

fail2ban (0.8.5-1) unstable; urgency=low

  * [de95777] Fresh upstream release FAIL2BAN-0_8_5:
    - [00e1827] BF: use addfailregex instead of failregex while processing
      per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
      Thanks Marat Khayrullin for the patch and Daniel T Chen for forwarding to
      Debian.
  * [1cbdafc] Set backend to auto and recommends python-gamin (Closes: #524425)
  * [ef449f4] Added a note on diverting logrotate configuration for custom
    logtarget=SYSLOG (Closes: #631917).  Thanks Kenyon Ralph for report

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 28 Jul 2011 23:20:55 -0400

fail2ban (0.8.4+svn20110323-1) unstable; urgency=low

  * Fresh upstream snapshot which absorbed some of the patches from Debian
    and
    - [c6d64e9] debug entry for lines ignored due to falling below
      findtime (v2)
    - [fc20f12] Tai64N stores time in GMT, we need to convert to
      local time before returning
    - [b0331bb] default ignoreip to ignore entire loopback zone (/8)
      (Closes: #598200)
    - [b9f15f6] ENH: dovecot filter
    - [69165b1] ENH: add <chain> to action.d/iptables*. Thanks
      Matthijs Kooijman
    - [8330a20] ENH: make filter.d/apache-overflows.conf catch more
      (Closes: #574182)
    - [66cc6cb] BF: allow space in the trailing of failregex for sasl.conf
      (Closes: #573314)
    - [2714019] ENH: dropbear filter (Closes: #546913)
    - [ea7d352] BF: Use /var/run/fail2ban instead of /tmp for temp files in
      actions (Closes: #544232)
  * debian/jail.conf:
    - [bc8e22d] spellcheck (Closes: #598206). Thanks Christoph Anton Mitterer
    - [d7f3e23] adjusted description for sasl jail (Closes: #615952)
    - [92fb484] debian/jail.conf: closing " for protocol specification
    - [f828c31] debian/jail.conf: got 'chain' parameter to be specified for
      iptables actions (Closes: #515599)
  * debian/control:
    - [858af30] slight rewordings of the long description (Closes: #588176)
    - [167dfd4] Boosted policy compliance version to 3.9.1 (no changes seems
      to be due)
  * [4e1e845] debian/copyright: updated copyright years

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 23 Mar 2011 17:04:56 -0400

fail2ban (0.8.4-3) unstable; urgency=low

  * Commenting out named-refused-udp jail and providing even fatter
    WARNING against using it (Closes: #583364)
  * Merging upstream's commit for fixing missing import

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 28 Jun 2010 21:50:20 -0400

fail2ban (0.8.4-2) unstable; urgency=low

  * Merged few upstream patches (svn rev ) which fixed:
    - Patch to make log file descriptors cloexec to stop leaking file
      descriptors on fork/exec.
  * debian/rules,control: -install-layout=deb for setup.py +  python (>=
    2.5.4-1~) to fix install with python2.6 (Closes: #571213).
  * Boosted policy to 3.8.4 (no changes seems to be due).

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 25 Feb 2010 00:17:07 -0500

fail2ban (0.8.4-1) unstable; urgency=low

  * New upstream release. Fixes compatibility issue with python2.6
  * Yet only in Debian fixes:
   - escaping () in pure-ftpd. Thanks Teodor (Closes: #544744)
   - use "set logtarget" instead of "reload" while logrotate. Thanks
     J.M.Roth (Closes: #537773)
   - be able to detect time for VNC recording only 2 letters of year
     (Closes: #537610)
   - proftpd filter: count all failed logins regardless of the reason
  * Debian-specific changes:
   - adjusted README.Debian - multiport is default (closes: #545971)
   - Boosted policy to 3.8.3 (no changes seems to be due)

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 10 Sep 2009 11:16:51 -0400

fail2ban (0.8.3-6) unstable; urgency=low

  * Time to shake the ground with upload to unstable.
  * Merged upstream's development as of SVN revision 732:
     - Fixed maxretry/findtime rate. Many thanks to Christos Psonis.
       Tracker #2019714.
     - Made the named-refused regex a bit less restrictive in order to match
       logs with "view". Thanks to Stephen Gildea.
     - Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100%
       correct fix but seems to work. Tracker #2500276.
     - Changed <HOST> template to be more restrictive (closes: #514163).
     - Added cyrus-imap and sieve filters. Thanks to Jan Wagner.  (closes:
       #513953).
     - Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh
       log (closes: #512193).
     - Added missing semi-colon in the bind9 example. Thanks to Yaroslav
       Halchenko.
     - Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker
       #2484115.
     - Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
       (closes: #507990)
     - Added CPanel date format. Thanks to David Collins. Tracker #1967610.
     - Added nagios script. Thanks to Sebastian Mueller.
     - Removed print.
     - Removed begin-line anchor for "standard" timestamp (closes: #500824)
     - Remove socket file on startup is fail2ban crashed. Thanks to Detlef
       Reichelt.
  * Added a comment into Debian-shipped jail.conf about sasl logpath -- it
    might preferable to monitor warn.log in case of postfix (To complete react
    to #507990) (git branch up/fixes). Also added sasl example log file (git
    branch up/log_examples).
  * Removing minor bashism in ipmasq example file (closes: #530078).
    Thanks Raphael Geissert (git branch up/ipmasq)
  * Allow for trailing spaces in proftpd logs (closes: #507986)
    (git branch up/fixes).
  * Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
    (git branch up/fixes).
  * Adjusted Git-vcs field to point to git:// .
  * Thanks lintian fixes:
    - Boosted policy to 3.8.2 (no changes are due).
    - Boosted debhelper compatibility to 5.
    - Misspell in README.Debian
    - Removing stale /var/run/fail2ban from dirs -- should be created by
      init script

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 09 Jul 2009 01:08:40 -0400

fail2ban (0.8.3-5) experimental; urgency=low

  * BF: anchoring regex for IP with " *$" at the end + adjust regexp for
    <HOST> (closes: #514163)
  * NF: adding unittests for previous BF

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 05 Feb 2009 09:51:45 -0500

fail2ban (0.8.3-4) experimental; urgency=low

  * BF: added missing semicolon in a logging template for bind within
    jail.conf (thanks to anonymous on www.debian-administration.org)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 02 Feb 2009 23:02:56 -0500

fail2ban (0.8.3-3) experimental; urgency=low

  * BF: addressed added bang to ssh log (closes: #512193).
    Thanks Silvestre Zabala.
  * Adjusted description of bantime/findtime in README.Debian (closes:
    #507771)
  * Synced current debian revision to FAIL2BAN-0_8@717 of upstream,
    since it includes fixes to some forwarded bugs. Total list of
    functional changes
    - Added actions to report abuse to ISP, DShield and myNetWatchman.
      Thanks to Russell Odom.
    - Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
    - Added new time format. No idea from where it comes...
    - Added new regex. Thanks to Tobias Offermann.
    - Try to match the regex even if the line does not contain a valid
      date/time. Described in Debian #491253. Thanks to Yaroslav
      Halchenko.
    - Removed "timeregex" and "timepattern" stuff that is not needed
      anymore.
    - Added date template for Day-Month-Year Hour:Minute:Second
      (closes: #491253)
    - Added date pattern for Hour:Minute:Second. Thanks to Andreas
      Itzchak Rehberg.
    - Use current day and month instead of Jan 1st if both are not
      available in the log. Thanks to Andreas Itzchak Rehberg.
    - Improved pattern. Thanks to Yaroslav Halchenko.
    - Merged patches from Debian package. Thanks to Yaroslav Halchenko.

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 18 Jan 2009 11:31:01 -0500

fail2ban (0.8.3-2) unstable; urgency=low

  * BF in apache-noscript.conf - regexp matched in referrer (Closes: #492319).
    Thanks Bernd Zeimetz.
  * BF: extended apache-noscript with additional regexp

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 25 Jul 2008 13:33:56 -0400

fail2ban (0.8.3-1) unstable; urgency=low

  * Fresh upstream release
  * Boosted policy compliance to 3.8.0 (no changes needed)
  * Specify explicitly facilities in "Failed .. for". Thanks Dean
    Gaudet. (closes: #481760)
  * Added failregex for "User not known" in sshd.conf. thanks Alexander
    Gerasiov (closes: #479966)


 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 21 Jul 2008 10:27:12 -0400

fail2ban (0.8.2-3) unstable; urgency=low

  * Changes propagated from upstream trunk (future 0.8.3):
    - Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
    - Changed some log level.
    - Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to
      Dennis Winter.
    - Fixed PID file while started in daemon mode. Thanks to Christian
      Jobic who submitted a similar patch (closes: #479703)
    - Added gssftpd filter. Thanks to Kevin Zembower.
    - Process failtickets as long as failmanager is not empty.
  * Assure that /var/run/fail2ban exists upon start (LP: #222804, #223706)

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 06 May 2008 10:49:34 -0400

fail2ban (0.8.2-2) unstable; urgency=low

  * BF: Recommends whois, which is used in some actions (LP: #213227)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 07 Apr 2008 10:25:52 -0400

fail2ban (0.8.2-1) unstable; urgency=low

  * New upstream release! Divergence from Debian version descreased
    considerably, Major changes:
     - "full line failregex"
     - Moved socket to /var/run/fail2ban.
     - Removed Python 2.4. Minimum required version is now Python 2.3.
     - New log rotation detection algorithm.
     - Some wishlists got accepted (closes: #456567, #468477, #462060,
     #461426)
     - Leap year issue (closes: #468452)
  * debian/watch: switched to git-import-orig
  * 2 new jails: xinetd-fail, apache-overflows added to jails.conf

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 05 Mar 2008 23:30:56 -0500

fail2ban (0.8.1-5) unstable; urgency=low

  * manually "cherry picked" f6639981:  Fixed "Feb 29" bug. Thanks to
    James Andrewartha who pointed this out. Thanks to Yaroslav Halchenko
    for the fix (closes: #468382)

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 28 Feb 2008 19:51:53 -0500

fail2ban (0.8.1-4) unstable; urgency=low

  * Debian packaging switched from git+dpatch into pure git way via
    feature-branches. That revealed the true amount of accumulated patching
    done of top of vanilla upstream, thus this is the last Debian release
    prior 0.8.2 upstream release which will hopefully absorb most of the
    patches
  * vsftp filter anchoring
  * Fix/extension of proftpd failrexes (Closes: #461412). Thanks Guido
    Bozzetto
  * Added ipmasq rule file (in the examples) to restart fail2ban when
    iptables are wiped out (closes: #461417). Thanks Guido Bozzetto
  * Extended apache-noscript filter with more file extensions and to
    react to "script not found or unable to stat" log message (closes:
    #456565). Thanks Tim Connors
  * Fixed == bashism (Closes: #464647). Thanks Raphael Geisser
  * Confirms to policy 3.7.3 (no changes)

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 09 Feb 2008 22:08:55 -0500

fail2ban (0.8.1-3) unstable; urgency=low

  * Added Vcs- fields, moved Homepage into source header's field
  * Propagated patch from 0.9 upstream branch: "Replaced ssocket.py with
    asyncore/asynchat implementation.  Correct fix for bug #1769616. That is
    supposed to resolve spontaneous 100% CPU utilization by fail2ban-server."
  * BF: removed sftp from ssh jails (closes: #436053)
  * NF: new filter for 'refused connect' (closes: #451093). Thanks Guido
    Bozzetto
  * Moved iptables into recommends since fail2ban can work without iptables
    using some other action (e.g hosts.deny)

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 23 Nov 2007 11:42:24 -0500

fail2ban (0.8.1-2) unstable; urgency=low

  * Fixed named-refused filter.
  * Added force-start action to init script, so it could be forced
    to start if previous run crashed and left a socket file. Must to be
    used with caution.

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 18 Oct 2007 18:31:58 -0400

fail2ban (0.8.1-1) unstable; urgency=low

  * New upstream release.
     Patches absorbed upstream:
      00_daemon_pids.dpatch
      00_iptables_allports.dpatch
      00_vsftp_filter_spaces.dpatch
      00_resolve_all_names.dpatch
      00_HOST_ignoreregex.dpatch
     Patches which needed some tune-up:
      00_ssh_strong_re.dpatch
      00_mail-whois-lines.dpatch
      00_named_refused.dpatch

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 14 Aug 2007 23:15:21 -0400

fail2ban (0.8.0-5~pre1) UNRELEASED; urgency=low

  * Added optional spaces at the end of failregex for vsftpd.
  * Resolve all "names" which became a part of <HOST>. Previousely only fqdn's
    were resolved

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 05 Aug 2007 21:38:44 -0400

fail2ban (0.8.0-4) unstable; urgency=low

  * Moved <HOST> expansion into regex.py (closes: #429263). Thanks James
    Andrewartha.
  * Added optional regexp entry for process PID in some entries (closes:
    #426050). Thanks Roderick Schertler.
  * Added a filter pam_generic to catch any login errors.
  * Added iptables-allports.
  * Use /var/run to keep socket file (closes: #425746)
  * Added a filter for named to catch refused/denied queries
  * Added new time template matching named log entries
  * jail.conf has specification of protocol (default to tcp) to be provided to
    banaction
  * Adjusted failregex for sshd filter:
    - anchored properly at the end of line, and source code has .examples
      files to perform testing of the rules.
    - added new explicit rule for users not in the AllowUsers lists


 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 19 Jun 2007 23:04:02 -0400

fail2ban (0.8.0-2) unstable; urgency=low

  * Manually changing the order of debhelper inserted scripts in prerm
    (Closes: #422655)
  * Removed obsolete hack to have /bin/env invocation of python for
    fail2ban-* scripts
  * Applied changes submitted by Bernd Zeimetz (thanks Bernd):
    - Removed obsolete Build-Depends-Indep on help2man, python-dev
    - Explicit removal of *.pyc files compiled during build
    - Invoke 'python setup.py clean' in clean target, which required also
      to move python into Build-Depends
  * Minor clean up of debian/rules

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 16 May 2007 14:13:57 -0400

fail2ban (0.8.0-1) unstable; urgency=low

  * New stable upstream release

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 05 May 2007 12:35:02 -0400

fail2ban (0.7.9-1) unstable; urgency=low

  * New upstream release
  * Updated copyright to include current year
  * Removed patches absorbed upstream

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 19 Apr 2007 21:44:28 -0400

fail2ban (0.7.8-1) unstable; urgency=low

  * New upstream release
  * Applied post-release upstream changes to resolve issues with
   - Fix to close opened handlers to log file
   - Tentative incomplete gamin fix
   - Fix to "reload" bug

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 26 Mar 2007 17:52:23 -0400

fail2ban (0.7.7-1) unstable; urgency=low

  * New upstream release (included most of the debian-provided patches -- new
    filters and actions)
  * Refreshed and made verbatim homepage in description

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  8 Feb 2007 22:20:49 -0500

fail2ban (0.7.6-3) unstable; urgency=low

  * Synchronized action.d/iptables-* rules from upstream SVN (closes:
    #407561)
  * Minor: options renames in the comments to be in sync with upstream
  * Use /usr/bin/python interpreter instead of wrapped call to python by
    /usr/bin/env

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 19 Jan 2007 10:43:59 -0500

fail2ban (0.7.6-2) unstable; urgency=low

  * iptables-multiport is default action to take since Debian kernel arrives
    with multiport module. That is to address the fact that most services
    listen on multiple port (for encrypted and non-encrypted connections)
  * Added [courierauth] jail (First 2 items are to partially address #407404

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 18 Jan 2007 10:35:36 -0500

fail2ban (0.7.6-1) unstable; urgency=low

  * New upstream release, which incorporates fixes introduced in 3~pre
    non-released versions (which were suggested to the users to overcome
    problems reported in bug reports). In particular attention should be paid
    to upstream changelog entries
    - Several "failregex" and "ignoreregex" are now accepted.
      Creation of rules should be easier now.
      This is an alternative solution to 'multiple <HOST>' entries fix,
      which is not applied to this shipped version - pay caution if upgrading
      from 0.7.5-3~pre?
    - Allow comma in action options. The value of the option must
      be escaped with " or '.
      That allowed to implement requested ability to ban multiple ports
      at once (See 373592). README.Debian and jail.conf adjusted to reflect
      possible use of iptables-mport
    - Now Fail2ban goes in /usr/share/fail2ban instead of
      /usr/lib/fail2ban. This is more compliant with FHS.
      Patch 00_share_insteadof_lib no longer applied
  * Refactored installed by debian package jail.conf:
    - Added option banaction which is to incorporate banning agent
      (usually some flavor of iptables rule), which can then be easily
      overridden globally or per section
    - Multiple actions are defined as action_* to serve as shortcuts
  * Initd script was modified to inform about present socket file which
    would forbid fail2ban-server from starting
  * Adjusted default log file for postfix to be /var/log/mail.log
    (Closes: #404921)

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  4 Jan 2007 15:24:52 -0500

fail2ban (0.7.5-3~pre6) unstable; urgency=low

  * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
    (Closes: #404060)
  * Made fail2ban-server tollerate multiple <HOST> entries in failregex
  * Moved call to dh_pycentral before dh_installinit
  * Removed unnecessary call of dh_shlibdeps
  * Added filter ssh-ddos to fight DDOS attacks. Must be used with caution
    if there is a possibility of valid clients accessing through
    unreliable connection or faulty firewall (Closes: #404487)
  * Not applying patch any more for rigid python2.4 - it is default now in
    sid/etch
  * Moving waiting loop for fail2ban-server to stop under do_stop
    function, so it gets invoked by both 'restart' and 'stop' commands
  * do_status action of init script is now using 'fail2ban-client ping'
    instead of '... status' since we don't really use returned status
    information, besides the return error code

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 26 Dec 2006 21:56:58 -0500

fail2ban (0.7.5-2) unstable; urgency=low

  * NEWS.Debian confusions - the latest NEWS entry and postinst message were
    rephrased (Closes: #402350)
  * Added mail-whois-lines action, which emails log lines containing abuser
    IP. Those lines are often required for proper abuse reports sent to the
    Internet providers.  Forwarding of such received emails to the email
    addresses of abuse departments present in the output of whois is a
    tentative solution for semi-automatic abuse reporting (Closes: #358810)

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 10 Dec 2006 18:55:37 -0500

fail2ban (0.7.5-1) unstable; urgency=low

  * New upstream release which fixes next issues
   + Socket parameter not work with other path (Closes: #400162)
   + fail2ban does not start with /etc/init.d/fail2ban start but
     with fail2ban-client start (Closes: #400278)
  * Removed obsolete patches left from 0.6
  * Adjusted wsftpd patch to use <HOST> tag to be in line with the other
    filter definitions

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  7 Dec 2006 20:19:09 -0500

fail2ban (0.7.4-5) unstable; urgency=low

  * Added Suggests on mailx and relevant comments in README.Debian about
    invoking mail actions (closes: #396668)
  * Removed obsolete entries in TODO and README
  * README.Debian describes the use of interpolations vs parameters passed
    from jail.{conf,local} into an action definitions (closes:
    #398739)
  * Initial version of postfix filter has been present in 0.7 (closes:
    #377711)
  * Removed Uploaded field from control since I am a DD now. Big thanks to
    Barak Pearlmutter for being the sponsor of my packages for few years.

 -- Yaroslav O. Halchenko <debian@onerussian.com>  Wed,  6 Dec 2006 22:14:26 -0500

fail2ban (0.7.4-4) unstable; urgency=low

  * Added debian/backports to contain patches necessary for backporting. It
    gets used by pbuilder-ssh to create package for backports.org

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon,  4 Dec 2006 08:55:48 -0500

fail2ban (0.7.4-3) unstable; urgency=low

  * Reincarnated logrotate configuration (Closes: #397878)
  * Only block new connects by using a new action iptables-new instead of
    iptables (Closes: #350746)
  * Updated README.Debian to reflect transition over to 0.7 branch and to
    comment on 350746
  * "Clean" target removes generated .pyc files now (Closes: #398146)
  * Cleaned up debian/rules a bit

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 11 Nov 2006 21:00:18 -0500

fail2ban (0.7.4-2) unstable; urgency=low

  * Added reload/force-reload actions to init script
  * Adjusted jail.conf a bit
  * Warning NEWS entry for 0.7.1 was not shown during installation on test
    boxes, thus postinst was adjusted accordingly to inform the user about the
    changes in the configuration files since 0.6.
  * no logrotation anymore? (Closes: #397878)

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 10 Nov 2006 10:53:23 -0500

fail2ban (0.7.4-1) experimental; urgency=low

  * New upstream release

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed,  1 Nov 2006 20:54:14 -0500

fail2ban (0.7.4~pre20061023.2-3) experimental; urgency=low

  * Corrected init.d script to properly perform restart due to server delay to
    react to client command to stop. Handling of status was adjusted as well

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 29 Oct 2006 22:29:27 -0500

fail2ban (0.7.4~pre20061023.2-2) experimental; urgency=low

  * Added apache-noscript to jail.conf
  * Default action does not send emails to be inline with previous (0.6.x)
    behavior

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 26 Oct 2006 13:27:20 -0400

fail2ban (0.7.4~pre20061023.2-1) experimental; urgency=low

  * Fresh upstream: fixed a bug with not handling error producing
    actioncheck call

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 23 Oct 2006 17:00:03 -0400

fail2ban (0.7.4~pre2006102-1) experimental; urgency=low

  * Current snapshot of trunk
  * Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches
    from debian/patches
  * Adjusted rule to install man pages -- only .1 files since there are also
    h2m sources
  * debian/{rules,control} adjusted to conform all points in recent python
    policy changes
  * install under /usr/share instead of /usr/lib

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 23 Oct 2006 00:17:55 -0400

fail2ban (0.7.3-2) experimental; urgency=low

  * Added wuftpd section

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 18 Oct 2006 01:15:00 -0400

fail2ban (0.7.3-1) experimental; urgency=low

  * New upstream release
  * Debian shipped jail.conf
  * Refreshen init.d script

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 28 Sep 2006 22:17:16 -0400

fail2ban (0.7.1-0.2) experimental; urgency=low

  * New upstream release (closes: #370095,#366307)

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue,  5 Sep 2006 00:26:08 -0400

fail2ban (0.6.1-11) unstable; urgency=low

  * Adjusted manpage for fail2ban.conf to point to shipped examples of
    configuration files as the source of details about available configuration
    options (closes: #382403)
  * Changes in man/fail2ban.conf.5 are managed via dpatch now

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 16 Aug 2006 00:18:59 +0300

fail2ban (0.6.1-10) unstable; urgency=low

  * Adjusted to comply with recent changes in debian python policy and use
    pycentral to byte compile modules
  * Filtered out empty entries for ignoreip to reduce confusing WARNING log
    message
  * Added configuration parameter "locale" to specify LC_TIME for time
    pattern matching (closes: #367990,363391)
  * Verbosity is chosen to be max between cmdline parameters and config file

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  6 Jul 2006 20:19:54 -0400

fail2ban (0.6.1-9) unstable; urgency=low

  * Adjusted rm commands in init script to don't use -r for removal of
    the pidfile (thanks Stephen Gran)
  * Added clarification about multiport banning to README.Debian
    (closes: #373592)

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 14 Jun 2006 12:05:44 -0400

fail2ban (0.6.1-8) unstable; urgency=low

  * Removed bashism (arrays) from init.d script to make it POSIX shell
    compliant (closes: #368218)
  * Added new proftpd section
  * Added new saslauthd section. Thanks to martin f krafft
    <madduck@debian.org> (closes: #369483)
  * Mentioned apache2 log file in Other. comment field for FILE in
    apache section.  Nothing has to be changed besides the logfile path to
    work with apache2 (closes: #342144)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 22 May 2006 15:37:17 -0400

fail2ban (0.6.1-5) unstable; urgency=low

  * Further fixed debian packaging: to comply with policy empty target
    binary-arch was provided

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 16 May 2006 16:43:37 -0400

fail2ban (0.6.1-4) unstable; urgency=low

  * Adjusted debian packaging:
    - Clean up of debian/rules: removed commented out dh_ scripts which
      definitely will never be used
    - debhelper and dpatch moved to Build-Depends
    - added --no-compile for python setup.py install, and removed explicit
      cleaning of .pyc's
    - fixed separation binary-indep and binary-arch in debian/rules
    - restricted depends on python >= 2.3

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 16 May 2006 15:53:06 -0400

fail2ban (0.6.1-3) unstable; urgency=low

  * Fixed vsftpd failregexp (closes: #366687)
  * Started to use dpatch

 -- Yaroslav Halchenko <debian@onerussian.com>  Wed, 10 May 2006 11:45:57 -0400

fail2ban (0.6.1-2) unstable; urgency=low

  * Assigned maxreinits to 1000 to be reasonable since otherwise logfile grows
    indefinitely if there is a real problem on the system (closes: #359218)
  * Adjusted debian/{copyright,watch}
  * New version of init.d script (Thanks to Aaron Isotton) (closes: #364278)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 27 Mar 2006 12:55:39 -0500

fail2ban (0.6.1-1) unstable; urgency=low

  * New upstream release
  * In config file added fwchain to ease switching to another input chain
    (closes: #357164)

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 18 Mar 2006 23:11:53 -0500

fail2ban (0.6.0-8) unstable; urgency=low

  * Minor adjustments to reduce the deviation from the upstream code

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 11 Mar 2006 00:48:14 -0500

fail2ban (0.6.0-7) unstable; urgency=low

  * Fixed a typo in failregex for SSH section (closes: #356112)

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  9 Mar 2006 15:13:48 -0500

fail2ban (0.6.0-6) unstable; urgency=low

  * Updated README.Debian with information about some cases with
    not-as-shipped configurations of sshd on the boxes running older versions
    of openssh server
  * Included regexps for SSH in case iff authentication as root using keys was
    attempted whenever PermitRootLogin is set to something else than "yes" and
    key authentication fails
  * Included postrm script to remove log files during purge to comply with
    policy 10.8 (closes: #355443)

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri,  3 Mar 2006 16:32:38 -0500

fail2ban (0.6.0-5) unstable; urgency=low

  * Fixed Apache section: changed filepath to point at error.log, thus I had
    to revert timeregex and timepattern to user RFC 2822 format (closes:
    #354346)

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 25 Feb 2006 19:56:46 -0500

fail2ban (0.6.0-4) unstable; urgency=low

  * Modifications in README.Debian to reflect a "finding" on
    not-AllowedUsers banning which requires default Debian configuration
    of "ChallengeResponseAuthentication no" and "PasswordAuthentication
    yes"
  * Fixed Apache timeregex and timepattern to confirm
    the format of time stamp used in Debian's access.log (error.log uses
    RFC 2822 format)
  * Added section ApacheAttacks to specify some common patterns of attacks on
    a webserver (awstats.pl as a try). This section stays split from Apache
    since it is of different nature and might be not appropriate for some
    users
  * Forced owner/permissions of log file to be root:adm/640 in postinst and
    logrotate (closes: #352053)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 16 Jan 2006 04:05:19 -0500

fail2ban (0.6.0-3) unstable; urgency=low

  * ignoreip is now empty by default (closes: #347766)
  * increased verbosity in verbose=2 mode: now prints options accepted
    from the config file
  * to make fail2ban.conf more compact, thus to improve its readability,
    fail2ban.conf was converted to use "interpolations" provided by
    ConfigParser class. fw{start,end,{,un}ban} options were moved into
    DEFAULT section and required options (port, protocol) were added

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 12 Jan 2006 18:32:14 -0500

fail2ban (0.6.0-2) unstable; urgency=low

  * fail2ban path is inserted first in the list to avoid a conflict with
    existing elsewhere modules with the same names. (Thanks for report and
    patch to Nick Craig-Wood) (closes: #343821)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 19 Dec 2005 17:44:58 +0200

fail2ban (0.6.0-1) unstable; urgency=low

  * Merged with the latest stable upstream release. That incur some
    changes for the Debian configuration of the package to be more
    upstream-like. Visible one is: subject in the sent email includes
    section outside of "[Fail2Ban]"
  * Updated README.Debian to answer possible question regarding effective
    bantime starting moment

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 20 Nov 2005 14:56:41 -0500

fail2ban (0.5.4-10) unstable; urgency=low

  * Fixed the order of ssh and apache rules to avoid possible race
    condition (Thanks to Jefferson Cowart for the bug report) (closes:
    #339133)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 14 Nov 2005 23:44:45 -0500

fail2ban (0.5.4-9) unstable; urgency=low

  * Fixed init.d script so it doesn't return non-0 status if fail2ban is not
    running. That fixes issues with purging the package and leaving garbage in
    /usr/share/fail2ban (Thanx to Justin Pryzby for the insight)
    (closes: #337223)

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  3 Nov 2005 17:05:20 -0500

fail2ban (0.5.4-8) unstable; urgency=low

  * Added config option MAIL.localtime (closes: #336449)

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 31 Oct 2005 16:53:19 -0500

fail2ban (0.5.4-7) unstable; urgency=low

  * Adjusted init.d script so it is resistant to delayed shutdowns of
    fail2ban and in general more stable

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 20 Oct 2005 21:22:03 -0400

fail2ban (0.5.4-6.2) unstable; urgency=low

  * Fixed typos (thanx to Ross Boylan).
  * Robust startup: if iptables module gets fully initialized after
    startup of fail2ban, fail2ban will do "maxreinit" attempts to
    initialize its own firewall. It will sleep between attempts for
    "polltime" number of seconds (closes: #334272).
  * To overcome possible conflict with other firewall solutions and as a
    secondary solution for the bug 334272, fail2ban startup is moved
    during bootup to the latest (S99) sequenece position. That should not
    cause any discomfort I believe.

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 18 Oct 2005 15:54:38 -0400

fail2ban (0.5.4-5.14) unstable; urgency=low

  * Added a notification regarding the importance of 0.5.4-5 change of
    failregex in the config file.
  * Adjusted address to FSF.
  * Adjusted failregex for SSH so it bans "Illegal user" entries as well, and
    restricted full failregex more to include ":" at the beginning, because
    otherwise it might not be sufficient and would revive bug 330827 (closes:
    #333056).
  * Adjusted failregex for SSH to accommodate recent changes in logging of
    SSH: Illegal -> Invalid. Should match both now.
  * Fixed a problem of raise AttributeError exception reported as a side
    effect of crash during parsing of the config file.
  * Introduced fwcheck option to verify consistency of the
    chains. Implemented automatic restart of fail2ban main function in
    case check of fwban or fwunban command failed (closes: #329163, #331695).
    (Introduced patch was further adjusted by upstream author).
  * Added -f command line parameter for [findtime].
  * Fixed the issue of not respecting command line parameters for parameters
    within sections.
  * Added -e command line parameter to provide enabled sections from command
    line.
  * Added a cleanup of firewall rules on emergency shutdown when unknown
    exception is caught.
  * Fail2ban should not crash now if a wrong file name is specified in
    config.

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon,  3 Oct 2005 22:26:28 -1000

fail2ban (0.5.4-5) unstable; urgency=low

  * Made failregex'es more specific to don't allow usernames to be used as a
    tool for denial of service attacks. Config files (or at least
    failregex'es) must be updated from this package, otherwise the security
    breach would remain open and only warning gets issued (closes: #330827)

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat,  1 Oct 2005 02:42:23 -1000

fail2ban (0.5.4-4) unstable; urgency=low

  * On a request from Calum Mackay added reporting of the enabled sections

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 29 Sep 2005 11:20:43 -1000

fail2ban (0.5.4-3) unstable; urgency=low

  * Resolved the mystery of debug mode in which commands are not really
    executed: added verbose option to config file, removed -v from
    /etc/default/fail2ban, reordered code a bit so that log targets are
    setup right after background and then only loglevel (verbose,debug) is
    processed, so the warning could be seen in the logs

 -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 29 Sep 2005 00:20:43 -1000

fail2ban (0.5.4-2) unstable; urgency=low

  * Now exporting PATH explicitly in init.d/fail2ban script, to avoid
    problems finding iptables in the cases when PATH was not exported outside
    (cfengine, broken shell environment) (closes: #329304)
  * Removed -b from start-stop-daemon because fail2ban detahes on its own
  * Added @localhost to MAIL:from and MAIL:to in fail2ban.conf and placed
    a note to README.Debian regarding necessity to specify full email
    address in MAIL:from (closes: #329722)
  * Added a keyword <section> in parsing of the subject and the body of an
    email sent out by fail2ban (closes: #330311)

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 27 Sep 2005 08:09:06 -0400

fail2ban (0.5.4-1) unstable; urgency=low

  * New upstream release

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 20 Sep 2005 12:19:19 -0400

fail2ban (0.5.3-2) unstable; urgency=low

  * Refined comments in README.Debian
  * Reindented init.d script
  P.S. Was not released

 -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 11 Sep 2005 15:19:44 -0400

fail2ban (0.5.3-1) unstable; urgency=low

  * New upstream release

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri,  9 Sep 2005 16:55:00 -0400

fail2ban (0.5.2-5) unstable; urgency=low

  * Included a patch from Stephen Gildea to provide "status" report by
    init.d script
  * Included a note in README.Debian regarding the fail2ban iptable's
    chains

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri,  9 Sep 2005 14:52:24 -0400

fail2ban (0.5.2-4) unstable; urgency=low

  * Format of SYSLOG entries is up to the standard now

 -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 19 Aug 2005 00:06:44 -1000

fail2ban (0.5.2-3) unstable; urgency=low

  * Fixed errata in /etc/default/fail2ban (closes: #323451)
  * Fixed handling of SYSLOG logging target. Now it can log to any syslog
    target and facility as directed by the config (revisions 160:166 patch
    from syslog branch) (closes: #323543)
  * Included upstream README and TODO
  * Mentioned in README.Debian that apache section is disabled by default
  * Adjusted man pages to cross-reference each other
  * Moved fail2ban man page under section 8 as in upstream
  * Introduced findtime configuration variable to control the lifetime
    of caught "failed" log entries (closes: #323840)

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 16 Aug 2005 11:23:28 -1000

fail2ban (0.5.2-2) unstable; urgency=low

  * Updated description to reflect flexibility in application of fail2ban
  * Included logrotate (Thanks to Baruch Even)

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 13 Aug 2005 04:51:57 -0400

fail2ban (0.5.2-1) unstable; urgency=low

  * New upstream release
  * No log4py any more
  * removed -i eth0 from config

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat,  6 Aug 2005 09:21:07 -1000

fail2ban (0.5.1-1) unstable; urgency=low

  * New upstream release

 -- Yaroslav Halchenko <debian@onerussian.com>  Sat, 23 Jul 2005 08:50:00 -1000

fail2ban (0.5.0-1) unstable; urgency=low

  * New upstream release
  * Libraries placed under /usr/share/fail2ban instead of /usr/lib/fail2ban
  * Corrections to the description of the package

 -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 12 Jul 2005 23:33:20 -1000

fail2ban (0.4.1-1) unstable; urgency=low

  * First upstream release of a Debian package

 -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 04 Jul 2005 11:47:23 +0300