Yaroslav Halchenko
93f30fe4f6
added patch changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff to "cherry-pick" ac061155f0
(BF: anchor introduced nginx-http-auth at the end)
2013-11-08 17:30:35 -08:00
Yaroslav Halchenko
521f8062bc
Changelog entry/new version
2013-11-08 17:29:55 -08:00
Yaroslav Halchenko
128c4c978d
Merge commit '0.8.11.pre1-29-gccd2657' into debian
...
* commit '0.8.11.pre1-29-gccd2657': (363 commits)
DOC: minor typos in ChangeLog
DOC: adding DEV Notes for for non-greedy matchin within sshd.conf
BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy
Changelog for prior changes (gen_buildbots)
ENH: condense asterisk regexs for speed
BF: missed action in nginx-http-auth
ENH: add filter.d/nginx-http-auth. Partially forfills #405
ENH: regenerated config/filter.d/apache-badbots.conf
NF: gen_badbots script to (re)generate/update config/filter.d/apache-badbots.conf
DOC: keeping Changelog release-phrases uniform, simplified intro, unified
DOC: Untabifying and reindenting a bit ChangeLog
DOC: few more links for DEVELOP
BF: fix dovecot filter for newer failure message. Closes Debian bug #709324
BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925
Add Fedora git repo of fail2ban package to DEVELOP
firewalld-0.3.8 release that support --remove-rules out so documenting this.
BF: remove duplication definition secion in webmin-auth
DOC: alter release notes a bit more and versions in README.md
BF/DOC: fix hopefully final MANIFEST and release instructions
...
2013-11-08 17:25:40 -08:00
Yaroslav Halchenko
ccd26578ec
Merge pull request #425 from grooverdan/asterisk-simplify
...
ENH: condense asterisk regexs for speed
2013-11-08 14:42:35 -08:00
Yaroslav Halchenko
49024fe6ea
DOC: minor typos in ChangeLog
2013-11-08 14:36:56 -08:00
Yaroslav Halchenko
ea8fce6308
Merge pull request #426 from yarikoptic/bf/openssh6.3-regex-injection
...
openssh 6.3 regex injection vectors: inject into ruser and/or exploiting pre-specified limits set for user provided data
2013-11-08 14:35:18 -08:00
Yaroslav Halchenko
bf245f9640
DOC: adding DEV Notes for for non-greedy matchin within sshd.conf
2013-11-08 14:34:31 -08:00
Daniel Black
d6bbe03861
Merge pull request #424 from grooverdan/nginx-auth
...
ENH: add filter.d/nginx-http-auth. Partially forfils #405
2013-11-08 14:24:02 -08:00
Yaroslav Halchenko
a169badb95
Merge pull request #423 from yarikoptic/enh/gen_badbots
...
badbots filter: adding the script which was used + updated filter
2013-11-08 10:10:46 -08:00
Yaroslav Halchenko
750e0c1e3d
BF: disallow exploiting of non-greedy .* in previous fix by providing too long rhost -- do not impose length limits for user-provided input
...
since daemon might eventually change reported length and we would need to adjust anyways. So limiting
in length does not provide additional security but allows for a possible injection vector
2013-11-08 10:10:33 -08:00
Yaroslav Halchenko
abb012ae5c
BF: fixing injection for OpenSSH 6.3 -- making .* before <HOST> non-greedy
2013-11-08 10:00:37 -08:00
Yaroslav Halchenko
eace931c19
Changelog for prior changes (gen_buildbots)
2013-11-07 15:47:25 -08:00
Daniel Black
d7560d4041
ENH: condense asterisk regexs for speed
2013-11-08 10:24:50 +11:00
Daniel Black
ab9d921162
BF: missed action in nginx-http-auth
2013-11-08 10:09:19 +11:00
Daniel Black
a148d35d70
ENH: add filter.d/nginx-http-auth. Partially forfills #405
2013-11-08 10:06:40 +11:00
Yaroslav Halchenko
4522308354
ENH: regenerated config/filter.d/apache-badbots.conf
2013-11-07 14:26:18 -08:00
Yaroslav Halchenko
6f321068f1
NF: gen_badbots script to (re)generate/update config/filter.d/apache-badbots.conf
2013-11-07 14:25:57 -08:00
Daniel Black
e91d40ee34
Merge pull request #420 from yarikoptic/enh/release-0.8.11
...
DOC: release 0.8.11 - ChangeLog tidy
2013-11-06 12:48:09 -08:00
Yaroslav Halchenko
28ee7ba123
DOC: keeping Changelog release-phrases uniform, simplified intro, unified
2013-11-06 14:04:30 -05:00
Yaroslav Halchenko
f26fba9c19
DOC: Untabifying and reindenting a bit ChangeLog
2013-11-06 13:47:45 -05:00
Daniel Black
0730db9b2b
Merge pull request #416 from grooverdan/debian-bug-665925-wuftpd-pam
...
BF: wuftpd pam filter fix (Debian bug 665925)
2013-11-05 18:39:01 -08:00
Daniel Black
20693ffb8e
Merge pull request #417 from grooverdan/debian-bug-709324-dovecot
...
BF: dovecot allow for newer fail message - Debian bug 709324
2013-11-05 18:38:29 -08:00
Daniel Black
5ebc386833
DOC: few more links for DEVELOP
2013-11-06 13:35:04 +11:00
Daniel Black
e55b24c533
BF: fix dovecot filter for newer failure message. Closes Debian bug #709324
2013-11-06 12:51:21 +11:00
Daniel Black
8b54523316
BF: fix to filter.d/wuftp to support pam authentication - Debian bug #665925
2013-11-06 12:13:37 +11:00
Daniel Black
d22214da79
Add Fedora git repo of fail2ban package to DEVELOP
2013-11-06 12:03:19 +11:00
Daniel Black
ac1f45d18c
Merge pull request #412 from grooverdan/firewalld
...
ENH: enhance firewall-cmd to use firewall-0.8.3's --remove-rules
2013-11-05 16:46:18 -08:00
Daniel Black
87f68d7564
firewalld-0.3.8 release that support --remove-rules out so documenting this.
2013-11-06 11:37:56 +11:00
Daniel Black
ee1edfbf0c
BF: remove duplication definition secion in webmin-auth
2013-11-04 17:54:36 +11:00
Daniel Black
a9fe3d5df9
DOC: alter release notes a bit more and versions in README.md
2013-10-31 14:44:14 +11:00
Daniel Black
5cefb8aff9
BF/DOC: fix hopefully final MANIFEST and release instructions
2013-10-31 11:30:07 +11:00
Daniel Black
6db9e64934
DOC: final updates to release doco
2013-10-31 10:56:45 +11:00
Daniel Black
4ec0e3f087
DOC: version 0.8.11.pre1
2013-10-31 10:51:37 +11:00
Daniel Black
3b2083b06d
DOC: ChangeLog header and merge
2013-10-31 10:44:40 +11:00
Daniel Black
f860307b57
DOC: update man pages. Add references to jail.conf from fail2ban-client man page
2013-10-31 10:27:30 +11:00
Daniel Black
fff996c8df
ENH: fix fail2ban-regex output to generate a man page with copyright notices
2013-10-31 10:26:49 +11:00
Daniel Black
a38be3f9ab
Merge branch 'master' of https://github.com/fail2ban/fail2ban
2013-10-31 09:13:57 +11:00
Daniel Black
b5c10488c1
Merge pull request #409 from grooverdan/filter-doco
...
DOC: in filters, put user relevant doc at top, and developer info at bot...
2013-10-30 15:11:46 -07:00
Daniel Black
5eddd5d12d
DOC: document required firewalld version as > 0.3.7.1
2013-10-31 09:10:59 +11:00
Daniel Black
2810f97fe5
DOC: merge ChangeLog
2013-10-31 09:07:06 +11:00
Daniel Black
27d257d5a6
Merge pull request #408 from grooverdan/dropbear
...
BF: filter.d/dropbear
2013-10-30 14:43:07 -07:00
Daniel Black
8ac6081555
ENH: fix to use upstream --remove-rules
...
https://fedorahosted.org/firewalld/ticket/10
2013-10-31 01:23:00 +11:00
Daniel Black
a5ac0a49e7
DOC: Version number changes in DEVELOP
2013-10-31 01:12:04 +11:00
Daniel Black
3a4ba2dba6
DOC: ChangeLog - TODO top summary before final release
2013-10-31 01:11:42 +11:00
Daniel Black
363d53e8d7
update man pages for release
2013-10-31 01:00:38 +11:00
Daniel Black
c19a685ee3
DOC: version 0.8.11.pre
2013-10-31 00:58:48 +11:00
Daniel Black
93de46ac72
BF: maxretry=5 for ssh as per DEVELOP. align = in jail.conf
2013-10-31 00:52:47 +11:00
Daniel Black
8441539988
DOC: reorder bits of changelog
...
The enhancements list was too long an maybe not always appropriate.
Reclassified changes to filters to catch new versions as bug fixes
since the new version of the application is effectively broken.
Moved large enhancements to New Features.
2013-10-31 00:43:02 +11:00
Daniel Black
c3f9c9aa60
BF: filter.d/dropbear
...
Add PAM failures which is in dropbear-2013.60 in srv-authpam.c
Patch
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
obviously has exit with lower case e so adjust regex for both.
svr-authpasswd.c in 2013.60 (at bottom) for second regex ends after the
IP so the regex was altered.
.*\s* can be compressed to .*
2013-10-31 00:21:30 +11:00
Daniel Black
89fd792dfb
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page
2013-10-31 00:02:59 +11:00