svn commit: r421094 - in head: . security/sshguard security/sshguard-ipfw security/sshguard-null security/sshguard-pf

Mark Felder feld at FreeBSD.org
Mon Aug 29 19:55:49 UTC 2016 

Author: feld
Date: Mon Aug 29 19:55:47 2016
New Revision: 421094
URL: https://svnweb.freebsd.org/changeset/ports/421094

Log:
  security/sshguard: Unbreak build by making a metaport
  
  security/sshguard no longer provides hosts/TCP Wrappers support by
  default as this was removed upstream. It is now a metaport which will
  allow you to select a backend. Further details can be found in the
  UPDATING entry.

Modified:
  head/UPDATING
  head/security/sshguard-ipfw/Makefile
  head/security/sshguard-null/Makefile
  head/security/sshguard-pf/Makefile
  head/security/sshguard/Makefile
  head/security/sshguard/pkg-descr

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Mon Aug 29 19:27:44 2016	(r421093)
+++ head/UPDATING	Mon Aug 29 19:55:47 2016	(r421094)
@@ -5,6 +5,29 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20160829:
+  AFFECTS: users of security/sshguard
+  AUTHOR: feld at FreeBSD.org
+
+  Sshguard has been updated to 1.7.0. There have been several changes to
+  this release. Notably the hosts and ipfilter backends are no longer
+  supported. If you need these backends to be supported and you missed
+  the survey sent out by upstream I urge you to contact upstream.
+
+  The hosts backend was previously served by security/sshguard directly. 
+  The additional backends were slave ports with package name suffixes. I
+  have opted to keep the master/slave port relationship but not choose a
+  specific backend for security/sshguard. Instead it is now a metaport
+  which will prompt you for which backend you prefer. If no backend is
+  configured it will depend on security/sshguard-ipfw, which is the
+  native FreeBSD firewall. This my be surprising to users who depended
+  on security/sshguard which only provided hosts/TCP Wrappers blocking,
+  but there is no replacement at this time.
+
+  If the removed backends return due to user demand they will be added
+  as slave ports for consistency. I apologize for any inconvenience and
+  lack of notice on the deprecation of these features.
+
 20160815:
   AFFECTS: users of mail/rspamd*
   AUTHOR: vsevolod at FreeBSD.org

Modified: head/security/sshguard-ipfw/Makefile
==============================================================================
--- head/security/sshguard-ipfw/Makefile	Mon Aug 29 19:27:44 2016	(r421093)
+++ head/security/sshguard-ipfw/Makefile	Mon Aug 29 19:55:47 2016	(r421094)
@@ -5,7 +5,7 @@ PKGNAMESUFFIX=	-ipfw
 
 COMMENT=	Protect hosts from brute force attacks against ssh and other services using ipfw
 
-CONFLICTS=	sshguard-1.* sshguard-ipfilter-1.* sshguard-pf-1.* sshguard-null-1.*
+CONFLICTS=	sshguard-pf-1.* sshguard-null-1.*
 
 SSHGUARDFW=	ipfw
 MASTERDIR=	${.CURDIR}/../sshguard

Modified: head/security/sshguard-null/Makefile
==============================================================================
--- head/security/sshguard-null/Makefile	Mon Aug 29 19:27:44 2016	(r421093)
+++ head/security/sshguard-null/Makefile	Mon Aug 29 19:55:47 2016	(r421094)
@@ -5,7 +5,7 @@ PKGNAMESUFFIX=	-null
 
 COMMENT=	Protect hosts from brute force attacks against ssh and other services
 
-CONFLICTS=	sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.*
+CONFLICTS=	sshguard-ipfw-1.* sshguard-pf-1.*
 
 SSHGUARDFW=	null
 MASTERDIR=	${.CURDIR}/../sshguard

Modified: head/security/sshguard-pf/Makefile
==============================================================================
--- head/security/sshguard-pf/Makefile	Mon Aug 29 19:27:44 2016	(r421093)
+++ head/security/sshguard-pf/Makefile	Mon Aug 29 19:55:47 2016	(r421094)
@@ -5,7 +5,7 @@ PKGNAMESUFFIX=	-pf
 
 COMMENT=	Protect hosts from brute force attacks against ssh and other services using pf
 
-CONFLICTS=	sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-null-1.*
+CONFLICTS=	sshguard-ipfw-1.* sshguard-null-1.*
 
 SSHGUARDFW=	pf
 MASTERDIR=	${.CURDIR}/../sshguard

Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile	Mon Aug 29 19:27:44 2016	(r421093)
+++ head/security/sshguard/Makefile	Mon Aug 29 19:55:47 2016	(r421094)
@@ -3,16 +3,40 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	1.7.0
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
 
 MAINTAINER=	feld at FreeBSD.org
 COMMENT?=	Protect hosts from brute force attacks against ssh and other services
 
-LICENSE=	BSD2CLAUSE
+SSHGUARDFW?=	none
+
+# If SSHGUARDFW is not set by a slave port, then we only use the
+# following which makes this a metaport to choose a backend
+.if ${SSHGUARDFW} == none
+NO_BUILD=YES
+NO_INSTALL=YES
+NO_ARCH=YES
+
+OPTIONS_SINGLE=	BACKEND
+OPTIONS_SINGLE_BACKEND=	IPFW NULL PF
+OPTIONS_DEFAULT=	IPFW
+
+IPFW_DESC=	IPFW firewall backend
+NULL_DESC=	null firewall backend (detection only)
+PF_DESC=	pf firewall backend
+
+IPFW_RUN_DEPENDS=	sshguard-ipfw>0:security/sshguard-ipfw
+NULL_RUN_DEPENDS=	sshguard-null>0:security/sshguard-null
+PF_RUN_DEPENDS=		sshguard-pf>0:security/sshguard-pf
 
-CONFLICTS?=	sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* sshguard-null-1.*
+.include <bsd.port.options.mk>
+
+# The remaining settings are used by the slave ports
+.else
+
+LICENSE=	BSD2CLAUSE
 
 USES=		autoreconf
 
@@ -26,20 +50,14 @@ CONFIGURE_ARGS+=--with-firewall=${SSHGUA
 
 SUB_LIST+=	PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
 SUB_FILES=	pkg-message
-
-# backend type in { hosts, ipfw, null, pf }
-SSHGUARDFW?=	hosts
+.endif
 
 .if ${SSHGUARDFW} == pf
 PKGMSG_FWBLOCK="  To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
 .elif ${SSHGUARDFW} == ipfw
 PKGMSG_FWBLOCK="  IPFW support has been rewritten. Sshguard will now add entries to table 22."
-.elif ${SSHGUARDFW} == hosts
-PKGMSG_FWBLOCK="  Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!"
-.elif ${SSHGUARDFW} == ipfilter
-PKGMSG_FWBLOCK="  Sshguard will use /etc/ipf.rules as ruleset."
 .elif ${SSHGUARDFW} == null
-PKGMSG_FWBLOCK="  Sshguard null backend requires you provide your own script with the \"-e\" argument."
+PKGMSG_FWBLOCK="  Sshguard null backend does detection only. It does not take action."
 .endif
 
 .include <bsd.port.mk>

Modified: head/security/sshguard/pkg-descr
==============================================================================
--- head/security/sshguard/pkg-descr	Mon Aug 29 19:27:44 2016	(r421093)
+++ head/security/sshguard/pkg-descr	Mon Aug 29 19:55:47 2016	(r421094)
@@ -5,7 +5,7 @@ Sshguard employs a clever parser that ca
 once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and
 detects attacks for many services out of the box, including SSH, FreeBSD's
 ftpd and dovecot.  It can operate all the major firewalling systems, including
-PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER.
+PF, netfilter/iptables, and IPFIREWALL/ipfw.
 
 Sshguard has several relevant features like support for IPv6, whitelisting,
 suspension, log message authentication. It is reliable, easy to set up and

More information about the svn-ports-all mailing list