From owner-svn-ports-head@freebsd.org Mon Aug 29 19:55:49 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3DB36BC8024; Mon, 29 Aug 2016 19:55:49 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E1E9283; Mon, 29 Aug 2016 19:55:48 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7TJtm6r084587; Mon, 29 Aug 2016 19:55:48 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7TJtlG9084581; Mon, 29 Aug 2016 19:55:47 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201608291955.u7TJtlG9084581@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Mon, 29 Aug 2016 19:55:47 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r421094 - in head: . security/sshguard security/sshguard-ipfw security/sshguard-null security/sshguard-pf X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 19:55:49 -0000 Author: feld Date: Mon Aug 29 19:55:47 2016 New Revision: 421094 URL: https://svnweb.freebsd.org/changeset/ports/421094 Log: security/sshguard: Unbreak build by making a metaport security/sshguard no longer provides hosts/TCP Wrappers support by default as this was removed upstream. It is now a metaport which will allow you to select a backend. Further details can be found in the UPDATING entry. Modified: head/UPDATING head/security/sshguard-ipfw/Makefile head/security/sshguard-null/Makefile head/security/sshguard-pf/Makefile head/security/sshguard/Makefile head/security/sshguard/pkg-descr Modified: head/UPDATING ============================================================================== --- head/UPDATING Mon Aug 29 19:27:44 2016 (r421093) +++ head/UPDATING Mon Aug 29 19:55:47 2016 (r421094) @@ -5,6 +5,29 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20160829: + AFFECTS: users of security/sshguard + AUTHOR: feld@FreeBSD.org + + Sshguard has been updated to 1.7.0. There have been several changes to + this release. Notably the hosts and ipfilter backends are no longer + supported. If you need these backends to be supported and you missed + the survey sent out by upstream I urge you to contact upstream. + + The hosts backend was previously served by security/sshguard directly. + The additional backends were slave ports with package name suffixes. I + have opted to keep the master/slave port relationship but not choose a + specific backend for security/sshguard. Instead it is now a metaport + which will prompt you for which backend you prefer. If no backend is + configured it will depend on security/sshguard-ipfw, which is the + native FreeBSD firewall. This my be surprising to users who depended + on security/sshguard which only provided hosts/TCP Wrappers blocking, + but there is no replacement at this time. + + If the removed backends return due to user demand they will be added + as slave ports for consistency. I apologize for any inconvenience and + lack of notice on the deprecation of these features. + 20160815: AFFECTS: users of mail/rspamd* AUTHOR: vsevolod@FreeBSD.org Modified: head/security/sshguard-ipfw/Makefile ============================================================================== --- head/security/sshguard-ipfw/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard-ipfw/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -ipfw COMMENT= Protect hosts from brute force attacks against ssh and other services using ipfw -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-pf-1.* sshguard-null-1.* +CONFLICTS= sshguard-pf-1.* sshguard-null-1.* SSHGUARDFW= ipfw MASTERDIR= ${.CURDIR}/../sshguard Modified: head/security/sshguard-null/Makefile ============================================================================== --- head/security/sshguard-null/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard-null/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -null COMMENT= Protect hosts from brute force attacks against ssh and other services -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* +CONFLICTS= sshguard-ipfw-1.* sshguard-pf-1.* SSHGUARDFW= null MASTERDIR= ${.CURDIR}/../sshguard Modified: head/security/sshguard-pf/Makefile ============================================================================== --- head/security/sshguard-pf/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard-pf/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -pf COMMENT= Protect hosts from brute force attacks against ssh and other services using pf -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-null-1.* +CONFLICTS= sshguard-ipfw-1.* sshguard-null-1.* SSHGUARDFW= pf MASTERDIR= ${.CURDIR}/../sshguard Modified: head/security/sshguard/Makefile ============================================================================== --- head/security/sshguard/Makefile Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard/Makefile Mon Aug 29 19:55:47 2016 (r421094) @@ -3,16 +3,40 @@ PORTNAME= sshguard PORTVERSION= 1.7.0 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} MAINTAINER= feld@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services -LICENSE= BSD2CLAUSE +SSHGUARDFW?= none + +# If SSHGUARDFW is not set by a slave port, then we only use the +# following which makes this a metaport to choose a backend +.if ${SSHGUARDFW} == none +NO_BUILD=YES +NO_INSTALL=YES +NO_ARCH=YES + +OPTIONS_SINGLE= BACKEND +OPTIONS_SINGLE_BACKEND= IPFW NULL PF +OPTIONS_DEFAULT= IPFW + +IPFW_DESC= IPFW firewall backend +NULL_DESC= null firewall backend (detection only) +PF_DESC= pf firewall backend + +IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw +NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null +PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf -CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* sshguard-null-1.* +.include + +# The remaining settings are used by the slave ports +.else + +LICENSE= BSD2CLAUSE USES= autoreconf @@ -26,20 +50,14 @@ CONFIGURE_ARGS+=--with-firewall=${SSHGUA SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} SUB_FILES= pkg-message - -# backend type in { hosts, ipfw, null, pf } -SSHGUARDFW?= hosts +.endif .if ${SSHGUARDFW} == pf PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/" .elif ${SSHGUARDFW} == ipfw PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22." -.elif ${SSHGUARDFW} == hosts -PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!" -.elif ${SSHGUARDFW} == ipfilter -PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .elif ${SSHGUARDFW} == null -PKGMSG_FWBLOCK=" Sshguard null backend requires you provide your own script with the \"-e\" argument." +PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action." .endif .include Modified: head/security/sshguard/pkg-descr ============================================================================== --- head/security/sshguard/pkg-descr Mon Aug 29 19:27:44 2016 (r421093) +++ head/security/sshguard/pkg-descr Mon Aug 29 19:55:47 2016 (r421094) @@ -5,7 +5,7 @@ Sshguard employs a clever parser that ca once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, FreeBSD's ftpd and dovecot. It can operate all the major firewalling systems, including -PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER. +PF, netfilter/iptables, and IPFIREWALL/ipfw. Sshguard has several relevant features like support for IPv6, whitelisting, suspension, log message authentication. It is reliable, easy to set up and