{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Move action.d/mail-whois-common.conf into fail2ban-server\n\n----\n\nver. 0.10.5 (2020/01/10) - deserve-more-respect-a-jedis-weapon-must\n-----------\n\nYes, Hrrrm...\n\n### Fixes\n* [compatibility] systemd backend: default flags changed to SYSTEM_ONLY(4), fixed in gh-2444 in order to ignore\n  user session files per default, so could prevent \"Too many open files\" errors on a lot of user sessions (see gh-2392)\n* [grave] fixed parsing of multi-line filters (`maxlines` > 1) together with systemd backend,\n  now systemd-filter replaces newlines in message from systemd journal with `\\n` (otherwise \n  multi-line parsing may be broken, because removal of matched string from multi-line buffer window\n  is confused by such extra new-lines, so they are retained and got matched on every followed \n  message, see gh-2431)\n* [stability] prevent race condition - no unban if the bans occur continuously (gh-2410);\n  now an unban-check will happen not later than 10 tickets get banned regardless there are\n  still active bans available (precedence of ban over unban-check is 10 now)\n* fixed read of included config-files (`.local` overwrites options of `.conf` for config-files \n  included with before/after)\n* `action.d/abuseipdb.conf`: switched to use AbuseIPDB API v2 (gh-2302)\n* `action.d/badips.py`: fixed start of banaction on demand (which may be IP-family related), gh-2390\n* `action.d/helpers-common.conf`: rewritten grep arguments, now options `-wF` used to match only\n  whole words and fixed string (not as pattern), gh-2298\n* `filter.d/apache-auth.conf`:\n  - ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);\n  - extended with option `mode` - `normal` (default) and `aggressive`\n* `filter.d/sshd.conf`:\n  - matches `Bad protocol version identification` in `ddos` and `aggressive` modes (gh-2404).\n  - captures `Disconnecting ...: Change of username or service not allowed` (gh-2239, gh-2279)\n  - captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra`\n    (with supplied user only) and `ddos`/`aggressive` mode (gh-2115, gh-2239, gh-2279)\n* `filter.d/mysqld-auth.conf`: \n  - MYSQL 8.0.13 compatibility (log-error-verbosity = 3), log-format contains few additional words\n    enclosed in brackets after \"[Note]\" (gh-2314)\n* `filter.d/sendmail-reject.conf`:\n  - `mode=extra` now captures port IDs of `TLSMTA` and `MSA` (defaults for ports 465 and 587 on some distros)\n* `files/fail2ban.service.in`: fixed systemd-unit template - missing nftables dependency (gh-2313)\n* several `action.d/mail*`: fixed usage with multiple log files (ultimate fix for gh-976, gh-2341)\n* `filter.d/sendmail-reject.conf`: fixed journal usage for some systems (e. g. CentOS): if only identifier \n  set to `sm-mta` (no unit `sendmail`) for some messages (gh-2385)\n* `filter.d/asterisk.conf`: asterisk can log additional timestamp if logs into systemd-journal\n  (regex extended with optional part matching this, gh-2383)\n* `filter.d/postfix.conf`:\n    - regexp's accept variable suffix code in status of postfix for precise messages (gh-2442)\n    - extended with new postfix filter mode `errors` to match \"too many errors\" (gh-2439),\n      also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix\n      parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)\n* `filter.d/named-refused.conf`:\n    - support BIND 9.11.0 log format (includes an additional field @0xXXX..., gh-2406);\n    - `prefregex` extended, more selective now (denied/NOTAUTH suffix moved from failregex, so no catch-all there anymore)\n* `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :\n  - ID in prefix can be longer as 14 characters (gh-2563);\n* all filters would accept square brackets around IPv4 addresses also (e. g. monit-filter, gh-2494)\n* avoids unhandled exception during flush (gh-2588)\n* fixes pass2allow-ftp jail - due to inverted handling, action should prohibit access per default for any IP,\n  therefore reset start on demand parameter for this action (it will be started immediately by repair);\n* auto-detection of IPv6 subsystem availability (important for not on-demand actions or jails, like pass2allow);\n\n### New Features\n* new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559):\n  - `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask);\n  - `<SUBNET>` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);\n* grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets\n* new failregex-flag tag `<F-MLFGAINED>` for failregex, signaled that the access to service was gained\n  (ATM used similar to tag `<F-NOFAIL>`, but it does not add the log-line to matches, gh-2279)\n* filters: introduced new configuration parameter `logtype` (default `file` for file-backends, and \n  `journal` for journal-backends, gh-2387); can be also set to `rfc5424` to force filters (which include common.conf)\n  to use RFC 5424 conform prefix-line per default (gh-2467);\n* for better performance and safety the option `logtype` can be also used to\n  select short prefix-line for file-backends too for all filters using `__prefix_line` (`common.conf`),\n  if message logged only with `hostname svc[nnnn]` prefix (often the case on several systems):\n```ini\n[jail]\nbackend = auto\nfilter = flt[logtype=short]\n```\n* `filter.d/common.conf`: differentiate `__prefix_line` for file/journal logtype's (speedup and fix parsing\n  of systemd-journal);\n* `filter.d/traefik-auth.conf`: used to ban hosts, that were failed through traefik\n* `filter.d/znc-adminlog.conf`: new filter for ZNC (IRC bouncer); requires the adminlog module to be loaded\n\n### Enhancements\n* introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf) to contol\n  how many matches per ticket fail2ban can hold in memory and store in database (gh-2402, gh-2118);\n* fail2ban.conf: introduced new section `[Thread]` and option `stacksize` to configure default size\n  of the stack for threads running in fail2ban (gh-2356), it could be set in `fail2ban.local` to\n  avoid runtime error \"can't start new thread\" (see gh-969);\n* jail-reader extended (amend to gh-1622): actions support multi-line options now (interpolations\n  containing new-line);\n* fail2ban-client: extended to ban/unban multiple tickets (see gh-2351, gh-2349);\n  Syntax:\n  - `fail2ban-client set <jain> banip <ip1> ... <ipN>`\n  - `fail2ban-client set <jain> unbanip [--report-absent] <ip1> ... <ipN>`\n* fail2ban-client: extended with new feature which allows to inform fail2ban about single or multiple\n  attempts (failure) for IP (resp. failure-ID), see gh-2351;\n  Syntax:\n  - `fail2ban-client set <jail> attempt <ip> [<failure-message1> ... <failure-messageN>]`\n* `action.d/nftables.conf`:\n  - isolate fail2ban rules into a dedicated table and chain (gh-2254)\n  - `nftables-allports` supports multiple protocols in single rule now\n  - combined nftables actions to single action `nftables`:\n    * `nftables-common` is removed (replaced with single action `nftables` now)\n    * `nftables-allports` is obsolete, superseded by `nftables[type=allports]`\n    * `nftables-multiport` is obsolete, superseded by `nftables[type=multiport]`\n  - allowed multiple protocols in `nftables[type=multiport]` action (single set with multiple rules\n    in chain), following configuration in jail would replace 3 separate actions, see\n    https://github.com/fail2ban/fail2ban/pull/2254#issuecomment-534684675\n* `action.d/badips.py`: option `loglevel` extended with level of summary message,\n  following example configuration logging summary with NOTICE and rest with DEBUG log-levels:\n  `action = badips.py[loglevel=\"debug, notice\"]`\n* samplestestcase.py (testSampleRegexsFactory) extended:\n  - allow coverage of journal logtype;\n  - new option `fileOptions` to set common filter/test options for whole test-file;\n* large enhancement: auto-reban, improved invariant check and conditional operations (gh-2588):\n  - improves invariant check and repair (avoid unhandled exception, consider family on conditional operations, etc),\n    prepared for bulk re-ban in repair case (if bulk-ban becomes implemented);\n  - automatic reban (repeat banning action) after repair/restore sane environment, if already logged ticket causes\n    new failures (via new action operation `actionreban` or `actionban` if still not defined in action);\n  * introduces banning epoch for actions and tickets (to distinguish or recognize removed set of the tickets);\n  * invariant check avoids repair by unban/stop (unless parameter `actionrepair_on_unban` set to `true`);\n  * better handling for all conditional operations (distinguish families for certain operations like \n    repair/flush/stop, prepared for other families, e. g. if different handling for subnets expected, etc);\n  * partially implements gh-980 (more breakdown safe handling);\n  * closes gh-1680 (better as large-scale banning implementation with on-demand reban by failure, \n    at least unless a bulk-ban gets implemented);\n* fail2ban-regex - several enhancements and fixes:\n  - improved usage output (don't put a long help if an error occurs);\n  - new option `--no-check-all` to avoid check of all regex's (first matched only);\n  - new option `-o`, `--out` to set token only provided in output (disables check-all and outputs only expected data).\n", "type": "unspecified", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2020-01-21 04:29:44", "date_modified": null, "date_approved": null, "date_testing": "2020-01-24 05:49:08", "date_stable": "2020-02-01 01:30:01", "alias": "FEDORA-2020-96a2030c7d", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2020-02-01 01:30:01", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2020-96a2030c7d", "title": "fail2ban-0.10.5-2.fc31", "version_hash": "456589958d97b23109d2117ae66b70d04d26575a", "release": {"name": "F31", "long_name": "Fedora 31", "version": "31", "id_prefix": "FEDORA", "branch": "f31", "dist_tag": "f31", "stable_tag": "f31-updates", "testing_tag": "f31-updates-testing", "candidate_tag": "f31-updates-candidate", "pending_signing_tag": "f31-signing-pending", "pending_testing_tag": "f31-updates-testing-pending", "pending_stable_tag": "f31-updates-pending", "override_tag": "f31-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "orion", "email": "orion@nwra.com", "id": 97, "avatar": "https://seccdn.libravatar.org/avatar/4dbef71827789c946f87277314d67676f0629ea0b689a0d0a55f326ae3a4cd72?s=24&d=retro", "openid": "orion.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "astro-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "epel-packagers-sig"}, {"name": "scitech_sig"}, {"name": "packaging-committee"}, {"name": "scitech"}, {"name": "clamav"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by orion. ", "timestamp": "2020-01-21 04:29:44", "update_id": 179688, "user_id": 91, "id": 1204193, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2020-01-21 04:29:45", "update_id": 179688, "user_id": 91, "id": 1204194, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2020-01-21 04:29:47", "update_id": 179688, "user_id": 91, "id": 1204202, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [fail2ban-0.10.5-1.fc31](https://bodhi.fedoraproject.org/updates/FEDORA-2020-a5b06e4c5a), and has inherited its bugs and notes.", "timestamp": "2020-01-21 04:29:48", "update_id": 179688, "user_id": 91, "id": 1204204, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2020-01-24 05:49:51", "update_id": 179688, "user_id": 91, "id": 1207222, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2020-01-31 05:51:11", "update_id": 179688, "user_id": 91, "id": 1214259, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2020-01-31 05:51:12", "update_id": 179688, "user_id": 91, "id": 1214260, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2020-02-01 01:31:00", "update_id": 179688, "user_id": 91, "id": 1215727, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "fail2ban-0.10.5-2.fc31", "signed": true, "release_id": 33, "type": "rpm", "epoch": 0}], "bugs": [], "updateid": "FEDORA-2020-96a2030c7d", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}