diff options
| author | Mark Felder <feld@FreeBSD.org> | 2016-08-29 19:55:47 +0000 |
|---|---|---|
| committer | Mark Felder <feld@FreeBSD.org> | 2016-08-29 19:55:47 +0000 |
| commit | 8e2c40afaaaccff6ac3a6acf4113e9d52b1aec6f (patch) | |
| tree | d79d6a496de5d89e7bb3540788e80f77fd1fbbdd | |
| parent | 1c6c8e6f8830f08a2b04e1bcea285fe12948e22c (diff) | |
| download | ports-8e2c40afaaaccff6ac3a6acf4113e9d52b1aec6f.tar.gz ports-8e2c40afaaaccff6ac3a6acf4113e9d52b1aec6f.zip | |
security/sshguard: Unbreak build by making a metaport
security/sshguard no longer provides hosts/TCP Wrappers support by
default as this was removed upstream. It is now a metaport which will
allow you to select a backend. Further details can be found in the
UPDATING entry.
Notes
Notes:
svn path=/head/; revision=421094
| -rw-r--r-- | UPDATING | 23 | ||||
| -rw-r--r-- | security/sshguard-ipfw/Makefile | 2 | ||||
| -rw-r--r-- | security/sshguard-null/Makefile | 2 | ||||
| -rw-r--r-- | security/sshguard-pf/Makefile | 2 | ||||
| -rw-r--r-- | security/sshguard/Makefile | 40 | ||||
| -rw-r--r-- | security/sshguard/pkg-descr | 2 |
6 files changed, 56 insertions, 15 deletions
@@ -5,6 +5,29 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20160829: + AFFECTS: users of security/sshguard + AUTHOR: feld@FreeBSD.org + + Sshguard has been updated to 1.7.0. There have been several changes to + this release. Notably the hosts and ipfilter backends are no longer + supported. If you need these backends to be supported and you missed + the survey sent out by upstream I urge you to contact upstream. + + The hosts backend was previously served by security/sshguard directly. + The additional backends were slave ports with package name suffixes. I + have opted to keep the master/slave port relationship but not choose a + specific backend for security/sshguard. Instead it is now a metaport + which will prompt you for which backend you prefer. If no backend is + configured it will depend on security/sshguard-ipfw, which is the + native FreeBSD firewall. This my be surprising to users who depended + on security/sshguard which only provided hosts/TCP Wrappers blocking, + but there is no replacement at this time. + + If the removed backends return due to user demand they will be added + as slave ports for consistency. I apologize for any inconvenience and + lack of notice on the deprecation of these features. + 20160815: AFFECTS: users of mail/rspamd* AUTHOR: vsevolod@FreeBSD.org diff --git a/security/sshguard-ipfw/Makefile b/security/sshguard-ipfw/Makefile index 4dfe96d9f4a7..4aa8d7a92810 100644 --- a/security/sshguard-ipfw/Makefile +++ b/security/sshguard-ipfw/Makefile @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -ipfw COMMENT= Protect hosts from brute force attacks against ssh and other services using ipfw -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-pf-1.* sshguard-null-1.* +CONFLICTS= sshguard-pf-1.* sshguard-null-1.* SSHGUARDFW= ipfw MASTERDIR= ${.CURDIR}/../sshguard diff --git a/security/sshguard-null/Makefile b/security/sshguard-null/Makefile index e1b654ca61c3..c4f252aa5bf2 100644 --- a/security/sshguard-null/Makefile +++ b/security/sshguard-null/Makefile @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -null COMMENT= Protect hosts from brute force attacks against ssh and other services -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* +CONFLICTS= sshguard-ipfw-1.* sshguard-pf-1.* SSHGUARDFW= null MASTERDIR= ${.CURDIR}/../sshguard diff --git a/security/sshguard-pf/Makefile b/security/sshguard-pf/Makefile index a96a5f0bf32c..04c1d64a9c6b 100644 --- a/security/sshguard-pf/Makefile +++ b/security/sshguard-pf/Makefile @@ -5,7 +5,7 @@ PKGNAMESUFFIX= -pf COMMENT= Protect hosts from brute force attacks against ssh and other services using pf -CONFLICTS= sshguard-1.* sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-null-1.* +CONFLICTS= sshguard-ipfw-1.* sshguard-null-1.* SSHGUARDFW= pf MASTERDIR= ${.CURDIR}/../sshguard diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile index 778233c14cff..382ffcfa9899 100644 --- a/security/sshguard/Makefile +++ b/security/sshguard/Makefile @@ -3,16 +3,40 @@ PORTNAME= sshguard PORTVERSION= 1.7.0 -PORTREVISION= 0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} MAINTAINER= feld@FreeBSD.org COMMENT?= Protect hosts from brute force attacks against ssh and other services -LICENSE= BSD2CLAUSE +SSHGUARDFW?= none + +# If SSHGUARDFW is not set by a slave port, then we only use the +# following which makes this a metaport to choose a backend +.if ${SSHGUARDFW} == none +NO_BUILD=YES +NO_INSTALL=YES +NO_ARCH=YES + +OPTIONS_SINGLE= BACKEND +OPTIONS_SINGLE_BACKEND= IPFW NULL PF +OPTIONS_DEFAULT= IPFW + +IPFW_DESC= IPFW firewall backend +NULL_DESC= null firewall backend (detection only) +PF_DESC= pf firewall backend + +IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw +NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null +PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf -CONFLICTS?= sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.* sshguard-null-1.* +.include <bsd.port.options.mk> + +# The remaining settings are used by the slave ports +.else + +LICENSE= BSD2CLAUSE USES= autoreconf @@ -26,20 +50,14 @@ CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW} SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} SUB_FILES= pkg-message - -# backend type in { hosts, ipfw, null, pf } -SSHGUARDFW?= hosts +.endif .if ${SSHGUARDFW} == pf PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/" .elif ${SSHGUARDFW} == ipfw PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22." -.elif ${SSHGUARDFW} == hosts -PKGMSG_FWBLOCK=" Sshguard is going to use /etc/hosts.allow. Please remember to touch /etc/hosts.allow\!" -.elif ${SSHGUARDFW} == ipfilter -PKGMSG_FWBLOCK=" Sshguard will use /etc/ipf.rules as ruleset." .elif ${SSHGUARDFW} == null -PKGMSG_FWBLOCK=" Sshguard null backend requires you provide your own script with the \"-e\" argument." +PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action." .endif .include <bsd.port.mk> diff --git a/security/sshguard/pkg-descr b/security/sshguard/pkg-descr index e10cb4081a63..e94a4d26c54a 100644 --- a/security/sshguard/pkg-descr +++ b/security/sshguard/pkg-descr @@ -5,7 +5,7 @@ Sshguard employs a clever parser that can recognize several logging formats at once transparently (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, FreeBSD's ftpd and dovecot. It can operate all the major firewalling systems, including -PF, netfilter/iptables, IPFIREWALL/ipfw, IPFILTER. +PF, netfilter/iptables, and IPFIREWALL/ipfw. Sshguard has several relevant features like support for IPv6, whitelisting, suspension, log message authentication. It is reliable, easy to set up and |