From 996bfe13eda575d7ff07158808d6b7cdb82a75ea Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue, 6 Nov 2007 15:03:37 -0500
Subject: [PATCH] BF: Added patch 00_numeric_iptables-L to avoid possible DoS
 attacks   (introduced upstream in 0.7.6)

---
 debian/changelog                            |  6 ++++--
 debian/patches/00_numeric_iptables-L.dpatch | 19 +++++++++++++++++++
 debian/patches/00list                       |  1 +
 3 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100755 debian/patches/00_numeric_iptables-L.dpatch

diff --git a/debian/changelog b/debian/changelog
index 2fdb1dcf9..ee5c87f29 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,13 @@
-fail2ban (0.7.5-2etch1~pre2) stable-security; urgency=low
+fail2ban (0.7.5-2etch1~pre3) stable-security; urgency=low
 
   * NOT RELEASED YET
   * Propagated fix for asctime pattern from 0.7.8 release (closes: #421848)
-  * Propagated fix for not closed log files from 0.7.8-1 
+  * Propagated fix for not closed log files from 0.7.8-1
     (closes: #439962,434368)
   * Propagated fix for "reload" bug which is as sever as #439962 and just
     never was hit by any Debian user yet
+  * Added patch 00_numeric_iptables-L to avoid possible DoS attacks
+    (introduced upstream in 0.7.6)
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 01 May 2007 22:18:03 -0400
 
diff --git a/debian/patches/00_numeric_iptables-L.dpatch b/debian/patches/00_numeric_iptables-L.dpatch
new file mode 100755
index 000000000..46f3ef96d
--- /dev/null
+++ b/debian/patches/00_numeric_iptables-L.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 00_numeric_iptables-L.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fail2ban~/config/action.d/iptables.conf fail2ban/config/action.d/iptables.conf
+--- fail2ban~/config/action.d/iptables.conf	2007-11-06 15:00:04.000000000 -0500
++++ fail2ban/config/action.d/iptables.conf	2007-11-06 15:01:33.000000000 -0500
+@@ -27,7 +27,7 @@
+ # Notes.:  command executed once before each fwban command
+ # Values:  CMD
+ #
+-actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
++actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+ 
+ # Option:  fwban
+ # Notes.:  command executed when banning an IP. Take care that the
diff --git a/debian/patches/00list b/debian/patches/00list
index 43971dfbb..1f81dbcef 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -3,6 +3,7 @@ X00_rigid_python24
 00_iptables_NEW
 00_close_log
 00_reload
+00_numeric_iptables-L
 10_dbts_manpages
 10_wuftpd_section
 00_mail-whois-lines