DOC: ChangeLog header and merge

2013-10-31 10:44:40 +11:00 · 2013-10-31 10:44:40 +11:00 · 3b2083b06d
parent a38be3f9ab f860307b57
commit 3b2083b06d
8 changed files with 90 additions and 42 deletions
--- a/25
+++ b/25
@ -4,16 +4,35 @@
                       |_| \__,_|_|_/___|_.__/\__,_|_||_|

 ================================================================================
-Fail2Ban (version 0.8.10)                                             2013/06/12
+Fail2Ban (version 0.8.11.pre)																					2013/10/30
 ================================================================================

-ver. 0.8.11 (2013/XX/XXX) - loves-unittests
+ver. 0.8.11 (2013/11/XXX) - loves-unittests and tight, DoS free, filter regexes
 -----------

+In light of CVE-2013-2178 that triggered our last release we have put a
+significant effort into tightening all of the regexs of our filters to avoid
+another similar vulnerability. All filters have been updated and some to
+include more failure regexs supporting previously unbanned failures and
+support for newer application versions too. There are test cases for most log
+cases of failures now.
+
+As usual if you have other examples that demonstrate that a filter is
+insufficient please give us an example log line on the github issue tracker
+http://github.com/fail2ban/fail2ban/issues and NOT on a random blog in some
+obscure corner of the Internet.
+
+During the tightening of the regexs to avoid DoS vulnerabilities there is the
+possibility that we have inadvertently, despite our best intentions,
+incorrectly allowed a failure to continue. We will fix this as quickly as
+humanly possible.
+
+IMPORTANT incompatible changes:
 	Filter name changes:
-   * IMPORTANT: 'lighttpd-fastcgi' filter has been renamed to 'suhosin'
+   *  'lighttpd-fastcgi' filter has been renamed to 'suhosin'
 	 * 'sasl' has been renamed to 'postfix-sasl'
   These will require changing in jail.{conf,local} if using these filters.
+	Exim filter has been split into an spam and a relay/auth filter.

 - Fixes:
  Daniel Black & Marcel Dopita
--- a/10
+++ b/10
@ -686,7 +686,7 @@ Releasing

 # Wait for feedback from distributors

-# Ensure the version is correct in ./common/version.py
+# Ensure the version is correct in ./common/version.py and at the top of ChangeLog

 # Ensure the MANIFEST is complete

@ -699,21 +699,21 @@ Look for errors like:

 Which indicates that testcases/files/logs/mysqld.log has been moved or is a directory

-  tar -C /tmp -jxf dist/fail2ban-0.8.10.dev.tar.bz2
+  tar -C /tmp -jxf dist/fail2ban-0.8.11.dev.tar.bz2

 # clean up current direcory

-  diff -rul --exclude \*.pyc . /tmp/fail2ban-0.8.10.dev/
+  diff -rul --exclude \*.pyc . /tmp/fail2ban-0.8.11.dev/

  # Only differences should be files that you don't want distributed.

-  cd /tmp/fail2ban-0.8.10.dev/ && ./fail2ban-testcases-all
+  cd /tmp/fail2ban-0.8.11.dev/ && ./fail2ban-testcases-all

 # Add/finalize the corresponding entry in the ChangeLog

  To generate a list of committers use e.g.

-  git shortlog -sn 0.8.10.. | sed -e 's,^[ 0-9\t]*,,g' | tr '\n' '\|' | sed -e 's:|:, :g'
+  git shortlog -sn 0.8.11.. | sed -e 's,^[ 0-9\t]*,,g' | tr '\n' '\|' | sed -e 's:|:, :g'

  Ensure the top of the ChangeLog has the right version and current date.

--- a/common/version.py
+++ b/common/version.py
@ -24,4 +24,4 @@ __author__ = "Cyril Jaquier, Yaroslav Halchenko"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko"
 __license__ = "GPL"

-version = "0.8.10.dev"
+version = "0.8.11.pre1"
--- a/12
+++ b/12
@ -23,7 +23,6 @@ and bans the corresponding IP addresses using firewall rules.

 This tools can test regular expressions for "fail2ban".

-Report bugs to https://github.com/fail2ban/fail2ban/issues
 """

 __author__ = "Cyril Jaquier, Yaroslav Halchenko"
@ -73,6 +72,7 @@ def pprint_list(l, header=None):
 		s = ''
 	print s + "|  " + "\n|  ".join(l) + '\n`-'

+
 def get_opt_parser():
 	# use module docstring for help output
 	p = OptionParser(
@ -89,6 +89,15 @@ REGEX:
 IGNOREREGEX:
    string                  a string representing an 'ignoreregex'
    filename                path to a filter file (filter.d/sshd.conf)
+
+Copyright (c) 2004-2008 Cyril Jaquier, 2008- Fail2Ban Contributors
+Copyright of modifications held by their respective authors.
+Licensed under the GNU General Public License v2 (GPL).
+
+Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
+Many contributions by Yaroslav O. Halchenko and Steven Hiscocks.
+
+Report bugs to https://github.com/fail2ban/fail2ban/issues
 """,
 				version="%prog " + version)

@ -110,7 +119,6 @@ IGNOREREGEX:
 			   help="Enrich log-messages with compressed tracebacks"),
 		Option("--full-traceback", action='store_true',
 			   help="Either to make the tracebacks full, not compressed (as by default)"),
-
 		])

 	return p
--- a/man/fail2ban-client.1
+++ b/man/fail2ban-client.1
@ -1,12 +1,12 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.41.2.
-.TH FAIL2BAN-CLIENT "1" "June 2013" "fail2ban-client v0.8.10" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.40.12.
+.TH FAIL2BAN-CLIENT "1" "October 2013" "fail2ban-client v0.8.11.pre1" "User Commands"
 .SH NAME
 fail2ban-client \- configure and control the server
 .SH SYNOPSIS
 .B fail2ban-client
 [\fIOPTIONS\fR] \fI<COMMAND>\fR
 .SH DESCRIPTION
-Fail2Ban v0.8.10 reads log file that contains password failure report
+Fail2Ban v0.8.11.pre1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .SH OPTIONS
 .TP
@ -274,3 +274,4 @@ Licensed under the GNU General Public License v2 (GPL).
 .SH "SEE ALSO"
 .br 
 fail2ban-server(1)
+jail.conf(5)
--- a/man/fail2ban-client.h2m
+++ b/man/fail2ban-client.h2m
@ -10,3 +10,4 @@ fail2ban-client \- configure and control the server
 [see also]
 .br 
 fail2ban-server(1)
+jail.conf(5)
--- a/man/fail2ban-regex.1
+++ b/man/fail2ban-regex.1
@ -1,53 +1,72 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.41.2.
-.TH FAIL2BAN-REGEX "1" "June 2013" "fail2ban-regex v0.8.10" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.40.12.
+.TH FAIL2BAN-REGEX "1" "October 2013" "fail2ban-regex 0.8.11.pre1" "User Commands"
 .SH NAME
 fail2ban-regex \- test Fail2ban "failregex" option
 .SH SYNOPSIS
 .B fail2ban-regex
 [\fIOPTIONS\fR] \fI<LOG> <REGEX> \fR[\fIIGNOREREGEX\fR]
 .SH DESCRIPTION
-Fail2Ban v0.8.10 reads log file that contains password failure report
+Fail2Ban  reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 This tools can test regular expressions for "fail2ban".
-.SH OPTIONS
+.SS "LOG:"
 .TP
-\fB\-h\fR, \fB\-\-help\fR
-display this help message
-.TP
-\fB\-V\fR, \fB\-\-version\fR
-print the version
-.TP
-\fB\-v\fR, \fB\-\-verbose\fR
-verbose output
-.SH LOG
-.TP
-\fBstring\fR
+string
 a string representing a log line
 .TP
-\fBfilename\fR
-path to a log file (\fI/var/log/auth.log\fP)
-.SH REGEX
+filename
+path to a log file (/var/log/auth.log)
+.SS "REGEX:"
 .TP
-\fBstring\fR
+string
 a string representing a 'failregex'
 .TP
-\fBfilename\fR
+filename
 path to a filter file (filter.d/sshd.conf)
-.SS "IgnoreRegex:"
+.SS "IGNOREREGEX:"
 .TP
-\fBstring\fR
+string
 a string representing an 'ignoreregex'
 .TP
-\fBfilename\fR
+filename
 path to a filter file (filter.d/sshd.conf)
+.SH OPTIONS
+.TP
+\fB\-\-version\fR
+show program's version number and exit
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+show this help message and exit
+.TP
+\fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fILOG_LEVEL\fR
+Log level for the Fail2Ban logger to use
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Be verbose in output
+.TP
+\fB\-D\fR, \fB\-\-debuggex\fR
+Produce debuggex.com urls for debugging there
+.TP
+\fB\-\-print\-all\-missed\fR
+Either to print all missed lines
+.TP
+\fB\-\-print\-all\-ignored\fR
+Either to print all ignored lines
+.TP
+\fB\-t\fR, \fB\-\-log\-traceback\fR
+Enrich log\-messages with compressed tracebacks
+.TP
+\fB\-\-full\-traceback\fR
+Either to make the tracebacks full, not compressed (as
+by default)
 .SH AUTHOR
 Written by Cyril Jaquier <cyril.jaquier@fail2ban.org>.
-Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
+Many contributions by Yaroslav O. Halchenko and Steven Hiscocks.
 .SH "REPORTING BUGS"
 Report bugs to https://github.com/fail2ban/fail2ban/issues
 .SH COPYRIGHT
-Copyright \(co 2004\-2008 Cyril Jaquier
+Copyright \(co 2004\-2008 Cyril Jaquier, 2008\- Fail2Ban Contributors
 .br
 Copyright of modifications held by their respective authors.
 Licensed under the GNU General Public License v2 (GPL).
--- a/man/fail2ban-server.1
+++ b/man/fail2ban-server.1
@ -1,12 +1,12 @@
-.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.41.2.
-.TH FAIL2BAN-SERVER "1" "June 2013" "fail2ban-server v0.8.10" "User Commands"
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.40.12.
+.TH FAIL2BAN-SERVER "1" "October 2013" "fail2ban-server v0.8.11.pre1" "User Commands"
 .SH NAME
 fail2ban-server \- start the server
 .SH SYNOPSIS
 .B fail2ban-server
 [\fIOPTIONS\fR]
 .SH DESCRIPTION
-Fail2Ban v0.8.10 reads log file that contains password failure report
+Fail2Ban v0.8.11.pre1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 Only use this command for debugging purpose. Start the server with