svn commit: r421094 - in head: . security/sshguard security/sshguard-ipfw security/sshguard-null security/sshguard-pf
Mark Felder
feld at FreeBSD.org
Mon Aug 29 19:55:49 UTC 2016
Author: feld
Date: Mon Aug 29 19:55:47 2016
New Revision: 421094
URL: https://svnweb.freebsd.org/changeset/ports/421094
Log:
security/sshguard: Unbreak build by making a metaport
security/sshguard no longer provides hosts/TCP Wrappers support by
default as this was removed upstream. It is now a metaport which will
allow you to select a backend. Further details can be found in the
UPDATING entry.
Modified:
head/UPDATING
head/security/sshguard-ipfw/Makefile
head/security/sshguard-null/Makefile
head/security/sshguard-pf/Makefile
head/security/sshguard/Makefile
head/security/sshguard/pkg-descr
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Mon Aug 29 19:27:44 2016 (r421093)
+++ head/UPDATING Mon Aug 29 19:55:47 2016 (r421094)
@@ -5,6 +5,29 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20160829:
+ AFFECTS: users of security/sshguard
+ AUTHOR: feld at FreeBSD.org
+
+ Sshguard has been updated to 1.7.0. There have been several changes to
+ this release. Notably the hosts and ipfilter backends are no longer
+ supported. If you need these backends to be supported and you missed
+ the survey sent out by upstream I urge you to contact upstream.
+
+ The hosts backend was previously served by security/sshguard directly.
+ The additional backends were slave ports with package name suffixes. I
+ have opted to keep the master/slave port relationship but not choose a
+ specific backend for security/sshguard. Instead it is now a metaport
+ which will prompt you for which backend you prefer. If no backend is
+ configured it will depend on security/sshguard-ipfw, which is the
+ native FreeBSD firewall. This my be surprising to users who depended
+ on security/sshguard which only provided hosts/TCP Wrappers blocking,
+ but there is no replacement at this time.
+
+ If the removed backends return due to user demand they will be added
+ as slave ports for consistency. I apologize for any inconvenience and
+ lack of notice on the deprecation of these features.
+
20160815:
AFFECTS: users of mail/rspamd*
AUTHOR: vsevolod at FreeBSD.org
Modified: head/security/sshguard-ipfw/Makefile
==============================================================================
--- head/security/sshguard-ipfw/Makefile Mon Aug 29 19:27:44 2016 (r421093)
+++ head/security/sshguard-ipfw/Makefile Mon Aug 29 19:55:47 2016 (r421094)
@@ -5,7 +5,7 @@ PKGNAMESUFFIX= -ipfw
COMMENT= Protect hosts from brute force attacks against ssh and other services using ipfw
-CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-pf-1.* sshguard-null-1.*
+CONFLICTS= sshguard-pf-1.* sshguard-null-1.*
SSHGUARDFW= ipfw
MASTERDIR= ${.CURDIR}/../sshguard
Modified: head/security/sshguard-null/Makefile
==============================================================================
--- head/security/sshguard-null/Makefile Mon Aug 29 19:27:44 2016 (r421093)
+++ head/security/sshguard-null/Makefile Mon Aug 29 19:55:47 2016 (r421094)
@@ -5,7 +5,7 @@ PKGNAMESUFFIX= -null
COMMENT= Protect hosts from brute force attacks against ssh and other services
-CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.*
+CONFLICTS= sshguard-ipfw-1.* sshguard-pf-1.*
SSHGUARDFW= null
MASTERDIR= ${.CURDIR}/../sshguard
Modified: head/security/sshguard-pf/Makefile
==============================================================================
--- head/security/sshguard-pf/Makefile Mon Aug 29 19:27:44 2016 (r421093)
+++ head/security/sshguard-pf/Makefile Mon Aug 29 19:55:47 2016 (r421094)
@@ -5,7 +5,7 @@ PKGNAMESUFFIX= -pf
COMMENT= Protect hosts from brute force attacks against ssh and other services using pf
-CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-null-1.*
+CONFLICTS= sshguard-ipfw-1.* sshguard-null-1.*
SSHGUARDFW= pf
MASTERDIR= ${.CURDIR}/../sshguard
Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile Mon Aug 29 19:27:44 2016 (r421093)
+++ head/security/sshguard/Makefile Mon Aug 29 19:55:47 2016 (r421094)
@@ -3,16 +3,40 @@
PORTNAME= sshguard
PORTVERSION= 1.7.0
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION}
MAINTAINER= feld at FreeBSD.org
COMMENT?= Protect hosts from brute force attacks against ssh and other services
-LICENSE= BSD2CLAUSE
+SSHGUARDFW?= none
+
+# If SSHGUARDFW is not set by a slave port, then we only use the
+# following which makes this a metaport to choose a backend
+.if ${SSHGUARDFW} == none
+NO_BUILD=YES
+NO_INSTALL=YES
+NO_ARCH=YES
+
+OPTIONS_SINGLE= BACKEND
+OPTIONS_SINGLE_BACKEND= IPFW NULL PF
+OPTIONS_DEFAULT= IPFW
+
+IPFW_DESC= IPFW firewall backend
+NULL_DESC= null firewall backend (detection only)
+PF_DESC= pf firewall backend
+
+IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw
+NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null
+PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf
-CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* sshguard-null-1.*
+.include <bsd.port.options.mk>
+
+# The remaining settings are used by the slave ports
+.else
+
+LICENSE= BSD2CLAUSE
USES= autoreconf
@@ -26,20 +50,14 @@ CONFIGURE_ARGS+=--with-firewall=${SSHGUA
SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
SUB_FILES= pkg-message
-
-# backend type in { hosts, ipfw, null, pf }
-SSHGUARDFW?= hosts
+.endif
.if ${SSHGUARDFW} == pf
PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
.elif ${SSHGUARDFW} == ipfw
PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22."
-.elif ${SSHGUARDFW} == hosts
-PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!"
-.elif ${SSHGUARDFW} == ipfilter
-PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset."
.elif ${SSHGUARDFW} == null
-PKGMSG_FWBLOCK=" Sshguard null backend requires you provide your own script with the \"-e\" argument."
+PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action."
.endif
.include <bsd.port.mk>
Modified: head/security/sshguard/pkg-descr
==============================================================================
--- head/security/sshguard/pkg-descr Mon Aug 29 19:27:44 2016 (r421093)
+++ head/security/sshguard/pkg-descr Mon Aug 29 19:55:47 2016 (r421094)
@@ -5,7 +5,7 @@ Sshguard employs a clever parser that ca
once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and
detects attacks for many services out of the box, including SSH, FreeBSD's
ftpd and dovecot. It can operate all the major firewalling systems, including
-PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER.
+PF, netfilter/iptables, and IPFIREWALL/ipfw.
Sshguard has several relevant features like support for IPv6, whitelisting,
suspension, log message authentication. It is reliable, easy to set up and
More information about the svn-ports-head
mailing list