From owner-svn-ports-head@freebsd.org Fri Jul 21 04:10:35 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9858D7EEFC; Fri, 21 Jul 2017 04:10:35 +0000 (UTC) (envelope-from adamw@adamw.org) Received: from apnoea.adamw.org (apnoea.adamw.org [104.225.5.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "apnoea.adamw.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1FA083318; Fri, 21 Jul 2017 04:10:21 +0000 (UTC) (envelope-from adamw@adamw.org) Received: by apnoea.adamw.org (OpenSMTPD) with ESMTPSA id b3e90b4d TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; Thu, 20 Jul 2017 22:10:18 -0600 (MDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: svn commit: r446263 - in head: . security security/sshguard security/sshguard/files From: Adam Weinberger In-Reply-To: <201707201534.v6KFY9S4093093@repo.freebsd.org> Date: Thu, 20 Jul 2017 22:10:17 -0600 Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <201707201534.v6KFY9S4093093@repo.freebsd.org> To: Mark Felder , dan.mcgregor@usask.ca X-Mailer: Apple Mail (2.3273) X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Jul 2017 04:10:35 -0000 > On 20 Jul, 2017, at 9:34, Mark Felder wrote: >=20 > Author: feld > Date: Thu Jul 20 15:34:08 2017 > New Revision: 446263 > URL: https://svnweb.freebsd.org/changeset/ports/446263 >=20 > Log: > security/sshguard: Update to 2.0.0 >=20 > PR: 219409 Dan, Something for UPDATING would be pretty reasonable here, given that (a) = people will have to manually uninstall sshguard-* and install sshguard, = (b) user intervention is required to reconfigure sshguard in a new = sshguard.conf file, and (c) "service sshguard ..." is broken unless = PID_FILE is uncommented in that sshguard.conf. Can you write up some UPDATING text, and take a look at the PID_FILE = issue? # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org >=20 > Added: > head/security/sshguard/files/patch-examples-sshguard.conf.sample = (contents, props changed) > head/security/sshguard/files/patch-src-sshguard.in (contents, props = changed) > head/security/sshguard/pkg-plist (contents, props changed) > Modified: > head/MOVED > head/security/Makefile > head/security/sshguard/Makefile > head/security/sshguard/distinfo > head/security/sshguard/files/pkg-message.in > head/security/sshguard/files/sshguard.in >=20 > Modified: head/MOVED > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/MOVED Thu Jul 20 15:30:52 2017 (r446262) > +++ head/MOVED Thu Jul 20 15:34:08 2017 (r446263) > @@ -9466,3 +9466,6 @@ dns/opendnssec13|dns/opendnssec14|2017-07-13|Has = expir > multimedia/banshee||2017-07-13|Has expired: Project is not being = actively maintained upstream anymore > www/libhtp-suricata||2017-07-16|No longer required. security/suricata = now uses official (not forked) libhtp=20 > databases/py-odbc|databases/py-pyodbc|2017-07-18|Rename to comply with = PyPI scheme > +security/sshguard-ipfw|security/sshguard|2017-07-20|Merged with = security/sshguard > +security/sshguard-pf|security/sshguard|2017-07-20|Merged with = security/sshguard > +security/sshguard-null|security/sshguard|2017-07-20|Merged with = security/sshguard >=20 > Modified: head/security/Makefile > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/Makefile Thu Jul 20 15:30:52 2017 = (r446262) > +++ head/security/Makefile Thu Jul 20 15:34:08 2017 = (r446263) > @@ -1153,9 +1153,6 @@ > SUBDIR +=3D ssh_askpass_gtk2 > SUBDIR +=3D sshblock > SUBDIR +=3D sshguard > - SUBDIR +=3D sshguard-ipfw > - SUBDIR +=3D sshguard-null > - SUBDIR +=3D sshguard-pf > SUBDIR +=3D sshpass > SUBDIR +=3D ssl-admin > SUBDIR +=3D sslscan >=20 > Modified: head/security/sshguard/Makefile > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/sshguard/Makefile Thu Jul 20 15:30:52 2017 = (r446262) > +++ head/security/sshguard/Makefile Thu Jul 20 15:34:08 2017 = (r446263) > @@ -2,62 +2,28 @@ > # $FreeBSD$ >=20 > PORTNAME=3D sshguard > -PORTVERSION=3D 1.7.1 > -PORTREVISION=3D 0 > +PORTVERSION=3D 2.0.0 > CATEGORIES=3D security > MASTER_SITES=3D SF/sshguard/sshguard/${PORTVERSION} >=20 > -MAINTAINER=3D ports@FreeBSD.org > -COMMENT?=3D Protect hosts from brute force attacks against ssh and = other services > +MAINTAINER=3D dan.mcgregor@usask.ca > +COMMENT=3D Protect hosts from brute force attacks against ssh and = other services >=20 > -SSHGUARDFW?=3D none > - > -# If SSHGUARDFW is not set by a slave port, then we only use the > -# following which makes this a metaport to choose a backend > -.if ${SSHGUARDFW} =3D=3D none > -NO_BUILD=3DYES > -NO_INSTALL=3DYES > -NO_ARCH=3DYES > - > -OPTIONS_SINGLE=3D BACKEND > -OPTIONS_SINGLE_BACKEND=3D IPFW NULL PF > -OPTIONS_DEFAULT=3D IPFW > - > -IPFW_DESC=3D IPFW firewall backend > -NULL_DESC=3D null firewall backend (detection only) > -PF_DESC=3D pf firewall backend > - > -IPFW_RUN_DEPENDS=3D sshguard-ipfw>0:security/sshguard-ipfw > -NULL_RUN_DEPENDS=3D sshguard-null>0:security/sshguard-null > -PF_RUN_DEPENDS=3D sshguard-pf>0:security/sshguard-pf > - > -.include > - > -# The remaining settings are used by the slave ports > -.else > - > LICENSE=3D BSD2CLAUSE >=20 > USES=3D autoreconf >=20 > -PLIST_FILES=3D libexec/sshg-fw libexec/sshg-logtail = libexec/sshg-parser \ > - sbin/sshguard man/man8/sshguard.8.gz > - > USE_RC_SUBR=3D sshguard > MAKE_ARGS+=3D ACLOCAL=3D"${TRUE}" AUTOCONF=3D"${TRUE}" = AUTOMAKE=3D"${TRUE}" > GNU_CONFIGURE=3D yes > -CONFIGURE_ARGS+=3D--with-firewall=3D${SSHGUARDFW} >=20 > -SUB_LIST+=3D PKGMSG_FWBLOCK=3D${PKGMSG_FWBLOCK} > SUB_FILES=3D pkg-message > -.endif >=20 > -.if ${SSHGUARDFW} =3D=3D pf > -PKGMSG_FWBLOCK=3D" To activate or configure PF see = http://www.sshguard.net/docs/setup/firewall/pf/" > -.elif ${SSHGUARDFW} =3D=3D ipfw > -PKGMSG_FWBLOCK=3D" IPFW support has been rewritten. Sshguard will = now add entries to table 22." > -.elif ${SSHGUARDFW} =3D=3D null > -PKGMSG_FWBLOCK=3D" Sshguard null backend does detection only. It = does not take action." > -.endif > +post-patch: > + @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' = ${WRKSRC}/doc/sshguard.8.rst > + > +post-install: > + ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc > + ${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample = ${STAGEDIR}${PREFIX}/etc >=20 > .include >=20 > Modified: head/security/sshguard/distinfo > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/sshguard/distinfo Thu Jul 20 15:30:52 2017 = (r446262) > +++ head/security/sshguard/distinfo Thu Jul 20 15:34:08 2017 = (r446263) > @@ -1,3 +1,3 @@ > -TIMESTAMP =3D 1483998292 > -SHA256 (sshguard-1.7.1.tar.gz) =3D = 2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195 > -SIZE (sshguard-1.7.1.tar.gz) =3D 832220 > +TIMESTAMP =3D 1500391750 > +SHA256 (sshguard-2.0.0.tar.gz) =3D = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06 > +SIZE (sshguard-2.0.0.tar.gz) =3D 886995 >=20 > Added: = head/security/sshguard/files/patch-examples-sshguard.conf.sample > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/sshguard/files/patch-examples-sshguard.conf.sample = Thu Jul 20 15:34:08 2017 (r446263) > @@ -0,0 +1,36 @@ > +diff --git examples/sshguard.conf.sample = examples/sshguard.conf.sample > +index d881e51..87b7acc 100644 > +--- examples/sshguard.conf.sample > ++++ examples/sshguard.conf.sample > +@@ -6,11 +6,13 @@ > +=20 > + #### REQUIRED CONFIGURATION #### > + # Full path to backend executable (required, no default) > +-#BACKEND=3D"/usr/local/libexec/sshg-fw-hosts" > ++BACKEND=3D"/usr/local/libexec/sshg-fw-null" > ++#BACKEND=3D"/usr/local/libexec/sshg-fw-ipfw" > ++#BACKEND=3D"/usr/local/libexec/sshg-fw-pf" > +=20 > + # Space-separated list of log files to monitor. Ignored if LOGREADER = is set. > + # (optional, no default) > +-#FILES=3D"/var/log/auth.log /var/log/authlog /var/log/maillog" > ++#FILES=3D"/var/log/auth.log /var/log/maillog" > +=20 > + # Shell command that provides logs on standard output. Takes = precedence over > + # FILES. (optional, no default) > +@@ -36,12 +38,12 @@ DETECTION_TIME=3D1800 > + # !! Warning: These features may not work correctly with sandboxing. = !! > +=20 > + # Full path to PID file (optional, no default) > +-#PID_FILE=3D/run/sshguard.pid > ++#PID_FILE=3D/var/run/sshguard.pid > +=20 > + # Colon-separated blacklist threshold and full path to blacklist = file. > + # (optional, no default) > +-#BLACKLIST_FILE=3D90:/var/lib/sshguard/enemies > ++#BLACKLIST_FILE=3D30:/var/db/sshguard/blacklist.db > +=20 > + # IP addresses listed in the WHITELIST_FILE are considered to be > + # friendlies and will never be blocked. > +-#WHITELIST_FILE=3D/etc/friends > ++#WHITELIST_FILE=3D/usr/local/etc/sshguard.whitelist >=20 > Added: head/security/sshguard/files/patch-src-sshguard.in > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/sshguard/files/patch-src-sshguard.in Thu Jul = 20 15:34:08 2017 (r446263) > @@ -0,0 +1,10 @@ > +diff --git src/sshguard.in src/sshguard.in > +index 40c864b..249ddb5 100644 > +--- src/sshguard.in > ++++ src/sshguard.in > +@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then > + fi > +=20 > + eval $tailcmd | $libexec/sshg-parser | \ > +- $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$) > ++ $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$) >=20 > Modified: head/security/sshguard/files/pkg-message.in > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/sshguard/files/pkg-message.in Thu Jul 20 = 15:30:52 2017 (r446262) > +++ head/security/sshguard/files/pkg-message.in Thu Jul 20 = 15:34:08 2017 (r446263) > @@ -1,12 +1,10 @@ > = ##########################################################################= > Sshguard installed successfully. >=20 > -%%PKGMSG_FWBLOCK%% > - > You can start sshguard as a daemon by using the > rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . >=20 > - See sshguard(8) and http://www.sshguard.net/docs/setup for = additional info. > + See sshguard-setup(7) and http://www.sshguard.net/docs/setup for = additional info. >=20 > Please note that a few rc script parameters have been renamed to > better reflect the documentation: >=20 > Modified: head/security/sshguard/files/sshguard.in > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/sshguard/files/sshguard.in Thu Jul 20 15:30:52 2017 = (r446262) > +++ head/security/sshguard/files/sshguard.in Thu Jul 20 15:34:08 2017 = (r446263) > @@ -81,7 +81,7 @@ pidfile=3D${sshguard_pidfile:=3D"/var/run/sshguard.pid= "} >=20 > command=3D/usr/sbin/daemon > actual_command=3D"%%PREFIX%%/sbin/sshguard" > -procname=3D"${actual_command}" > +procname=3D"%%PREFIX%%/libexec/sshg-blocker" > start_precmd=3Dsshguard_prestart > command_args=3D"-c ${actual_command} \${sshguard_flags} = \${sshguard_blacklist_params} \${sshguard_watch_params} -a = ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s = ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" >=20 >=20 > Added: head/security/sshguard/pkg-plist > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/sshguard/pkg-plist Thu Jul 20 15:34:08 2017 = (r446263) > @@ -0,0 +1,15 @@ > +@sample etc/sshguard.conf.sample > +sbin/sshguard > +libexec/sshg-blocker > +libexec/sshg-fw-firewalld > +libexec/sshg-fw-hosts > +libexec/sshg-fw-ipfilter > +libexec/sshg-fw-ipfw > +libexec/sshg-fw-ipset > +libexec/sshg-fw-iptables > +libexec/sshg-fw-null > +libexec/sshg-fw-pf > +libexec/sshg-logtail > +libexec/sshg-parser > +man/man7/sshguard-setup.7.gz > +man/man8/sshguard.8.gz >=20