Date: Mon, 29 Aug 2016 19:55:47 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r421094 - in head: . security/sshguard security/sshguard-ipfw security/sshguard-null security/sshguard-pf Message-ID: <201608291955.u7TJtlG9084581@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Mon Aug 29 19:55:47 2016 New Revision: 421094 URL: https://svnweb.freebsd.org/changeset/ports/421094 Log: security/sshguard: Unbreak build by making a metaport security/sshguard no longer provides hosts/TCP Wrappers support by default as this was removed upstream. It is now a metaport which will allow you to select a backend. Further details can be found in the UPDATING entry. Modified: head/UPDATING head/security/sshguard-ipfw/Makefile head/security/sshguard-null/Makefile head/security/sshguard-pf/Makefile head/security/sshguard/Makefile head/security/sshguard/pkg-descr Modified: head/UPDATING ============================================================================== --- head/UPDATING Mon Aug 29 19:27:44 2016 (r421093) +++ head/UPDATING Mon Aug 29 19:55:47 2016 (r421094) @@ -5,6 +5,29 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20160829: + AFFECTS: users of security/sshguard + AUTHOR: feld@FreeBSD.org + + Sshguard has been updated to 1.7.0. There have been several changes to + this release. Notably the hosts and ipfilter backends are no longer + supported. If you need these backends to be supported and you missed + the survey sent out by upstream I urge you to contact upstream. + + The hosts backend was previously served by security/sshguard directly. + The additional backends were slave ports with package name suffixes. I + have opted to keep the master/slave port relationship but not choose a + specific backend for security/sshguard. Instead it is now a metaport + which will prompt you for which backend you prefer. If no backend is + configured it will depend on security/sshguard-ipfw, which is the + native FreeBSD firewall. This my be surprising to users who depended + on security/sshguard which only provided hosts/TCP Wrappers blocking, + but there is no replacement at this time. + + If the removed backends return due to user demand they will be added + as slave ports for consistency. I apologize for any inconvenience and + lack of notice on the deprecation of these features. + 20160815: AFFECTS: users of mail/rspamd* AUTHOR: vsevolod@FreeBSD.org Modified: head/security/sshguard-ipfw/Makefile ============================================================================== --- head/security/sshguard-ipfw/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard-ipfw/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -ipfw COMMENT= Protect hosts from brute force attacks against ssh and other services using ipfw -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-pf-1.* sshguard-null-1.* +CONFLICTS= sshguard-pf-1.* sshguard-null-1.* SSHGUARDFW= ipfw MASTERDIR= ${.CURDIR}/../sshguard Modified: head/security/sshguard-null/Makefile ============================================================================== --- head/security/sshguard-null/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard-null/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -null COMMENT= Protect hosts from brute force attacks against ssh and other services -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* +CONFLICTS= sshguard-ipfw-1.* sshguard-pf-1.* SSHGUARDFW= null MASTERDIR= ${.CURDIR}/../sshguard Modified: head/security/sshguard-pf/Makefile ============================================================================== --- head/security/sshguard-pf/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard-pf/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -pf COMMENT= Protect hosts from brute force attacks against ssh and other services using pf -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-null-1.* +CONFLICTS= sshguard-ipfw-1.* sshguard-null-1.* SSHGUARDFW= pf MASTERDIR= ${.CURDIR}/../sshguard Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -3,16 +3,40 @@ PORTNAME= sshguard PORTVERSION= 1.7.0 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} MAINTAINER= feld@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services -LICENSE= BSD2CLAUSE +SSHGUARDFW?= none + +# If SSHGUARDFW is not set by a slave port, then we only use the +# following which makes this a metaport to choose a backend +.if ${SSHGUARDFW} == none +NO_BUILD=YES +NO_INSTALL=YES +NO_ARCH=YES + +OPTIONS_SINGLE= BACKEND +OPTIONS_SINGLE_BACKEND= IPFW NULL PF +OPTIONS_DEFAULT= IPFW + +IPFW_DESC= IPFW firewall backend +NULL_DESC= null firewall backend (detection only) +PF_DESC= pf firewall backend + +IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw +NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null +PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf -CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* sshguard-null-1.* +.include <bsd.port.options.mk> + +# The remaining settings are used by the slave ports +.else + +LICENSE= BSD2CLAUSE USES= autoreconf @@ -26,20 +50,14 @@ CONFIGURE_ARGS+=--with-firewall=${SSHGUA SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} SUB_FILES= pkg-message - -# backend type in { hosts, ipfw, null, pf } -SSHGUARDFW?= hosts +.endif .if ${SSHGUARDFW} == pf PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/" .elif ${SSHGUARDFW} == ipfw PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22." -.elif ${SSHGUARDFW} == hosts -PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!" -.elif ${SSHGUARDFW} == ipfilter -PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .elif ${SSHGUARDFW} == null -PKGMSG_FWBLOCK=" Sshguard null backend requires you provide your own script with the \"-e\" argument." +PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action." .endif .include <bsd.port.mk> Modified: head/security/sshguard/pkg-descr ============================================================================== --- head/security/sshguard/pkg-descr Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard/pkg-descr Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ Sshguard employs a clever parser that ca once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, FreeBSD's ftpd and dovecot. It can operate all the major firewalling systems, including -PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER. +PF, netfilter/iptables, and IPFIREWALL/ipfw. Sshguard has several relevant features like support for IPv6, whitelisting, suspension, log message authentication. It is reliable, easy to set up and
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608291955.u7TJtlG9084581>