This update for fail2ban fixes the following issues:

Fail2Ban was updated to version 0.9.7.

Additional fixes included:

- Updated roundcube authentication filter
- Postfix RBL: 554 & SMTP fixes boo#1036928 " fail2ban-rbl regex incorrect, takes no
action as a result".

Version changes on 0.9.7:

* Fixed a systemd-journal handling in fail2ban-regex (gh#fail2ban/fail2ban#1657)
* filter.d/sshd.conf
- Fixed non-anchored part of failregex (misleading match of colon inside
IPv6 address instead of `: ` in the reason-part by missing space,
gh#fail2ban/fail2ban#1658)
(0.10th resp. IPv6 relevant only, amend for gh#fail2ban/fail2ban#1479)
* config/pathes-freebsd.conf
- Fixed filenames for apache and nginx log files (gh#fail2ban/fail2ban#1667)
* filter.d/exim.conf
- optional part `(...)` after host-name before `[IP]`
(gh#fail2ban/fail2ban#1751)
- new reason "Unrouteable address" for "rejected RCPT" regex
(gh#fail2ban/fail2ban#1762)
- match of complex time like `D=2m42s` in regex "no MAIL in SMTP
connection" (gh#fail2ban/fail2ban#1766)
* filter.d/sshd.conf
- new aggressive rules (gh#fail2ban/fail2ban#864):
- Connection reset by peer (multi-line rule during authorization process)
- No supported authentication methods available
- single line and multi-line expression optimized, added optional prefixes
and suffix (logged from several ssh versions), according
to gh#fail2ban/fail2ban#1206;
- fixed expression received disconnect auth fail (optional space after port
part, gh#fail2ban/fail2ban#1652)
and suffix (logged from several ssh versions), according to gh#fail2ban/fail2ban#1206;
* filter.d/suhosin.conf
- greedy catch-all before `` fixed (potential vulnerability)
* filter.d/cyrus-imap.conf
- accept entries without login-info resp. hostname before IP address (#fail2ban/fail2ban#707)
* Filter tests extended with check of all config-regexp, that contains greedy catch-all
before ``, that is hard-anchored at end or precise sub expression after ``

* New Actions:
- action.d/netscaler: Block IPs on a Citrix Netscaler ADC (gh#fail2ban/fail2ban#1663)

* New Filters:
- filter.d/domino-smtp: IBM Domino SMTP task (gh#fail2ban/fail2ban#1603)
* Introduced new log-level `MSG` (as INFO-2, equivalent to 18)

- rename nagios-plugins-fail2ban to monitoring-plugins-fail2ban

fail2ban version update to 0.9.6 (2016/12/10) included:

Fixes:

* Misleading add resp. enable of (already available) jail in database, that
induced a subsequent error: last position of log file will be never retrieved (gh-795)
* Fixed a distribution related bug within testReadStockJailConfForceEnabled
(e.g. test-cases faults on Fedora, see gh-1353)
* Fixed pythonic filters and test scripts (running via wrong python version,
uses "fail2ban-python" now);
* Fixed test case "testSetupInstallRoot" for not default python version (also
using direct call, out of virtualenv);
* Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512);
* FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540)
* Monit config: scripting is not supported in path (gh-1556)
* `filter.d/apache-modsecurity.conf`
- Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all
replaced for safer match, unneeded catch-all anchoring removed, non-capturing
* `filter.d/asterisk.conf`
- Fixed to match different asterisk log prefix (source file: method:)
* `filter.d/dovecot.conf`
- Fixed failregex ignores failures through some not relevant info (gh-1623)
* `filter.d/ignorecommands/apache-fakegooglebot`
- Fixed error within apache-fakegooglebot, that will be called
with wrong python version (gh-1506)
* `filter.d/assp.conf`
- Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494)
* `filter.d/postfix-sasl.conf`
- Allow for having no trailing space after 'failed:' (gh-1497)
* `filter.d/vsftpd.conf`
- Optional reason part in message after FAIL LOGIN (gh-1543)
* `filter.d/sendmail-reject.conf`
- removed mandatory double space (if dns-host available, gh-1579)
* filter.d/sshd.conf
- recognized "Failed publickey for" (gh-1477);
- optimized failregex to match all of "Failed any-method for ... from " (gh-1479)
- eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
- optional port part after host (see gh-1533, gh-1581)

New Features:

* New Actions:
- `action.d/npf.conf` for NPF, the latest packet filter for NetBSD
* New Filters:
- `filter.d/mongodb-auth.conf` for MongoDB (document-oriented NoSQL database engine)
(gh-1586, gh-1606 and gh-1607)

Enhancements:

* DateTemplate regexp extended with the word-end boundary, additionally to
word-start boundary
* Introduces new command "fail2ban-python", as automatically created symlink to
python executable, where fail2ban currently installed (resp. its modules are located):
- allows to use the same version, fail2ban currently running, e.g. in
external scripts just via replace python with fail2ban-python:
```diff
-#!/usr/bin/env python
+#!/usr/bin/env fail2ban-python
```
- always the same pickle protocol
- the same (and also guaranteed available) fail2ban modules
- simplified stand-alone install, resp. stand-alone installation possibility
via setup (like gh-1487) is getting closer
* Several test cases rewritten using new methods assertIn, assertNotIn
* New forward compatibility method assertRaisesRegexp (normally python >= 2.7).
Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged
are test covered now
* Jail configuration extended with new syntax to pass options to the backend (see gh-1408),
examples:
- `backend = systemd[journalpath=/run/log/journal/machine-1]`
- `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]`
- `backend = systemd[journalflags=2]`