FreeBSD Bugzilla – Attachment 184549 Details for
Bug 219409
security/SSHGuard Out of Date
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Update to 2.0.0
0001-sshguard-update-to-2.0.0.patch (text/plain), 10.64 KB, created by
Dan McGregor
on 2017-07-20 15:02:03 UTC
(
hide
)
Description:
Update to 2.0.0
Filename:
MIME Type:
Creator:
Dan McGregor
Created:
2017-07-20 15:02:03 UTC
Size:
10.64 KB
patch
obsolete
>From 50afdaa9e732bcdda121aac66d104118d7e6852e Mon Sep 17 00:00:00 2001 >From: Dan McGregor <dan.mcgregor@usask.ca> >Date: Tue, 18 Jul 2017 09:31:25 -0600 >Subject: [PATCH] sshguard: update to 2.0.0 > >--- > MOVED | 3 ++ > security/sshguard-ipfw/Makefile | 13 ------ > security/sshguard-null/Makefile | 13 ------ > security/sshguard-pf/Makefile | 13 ------ > security/sshguard/Makefile | 54 ++++------------------ > security/sshguard/distinfo | 6 +-- > .../files/patch-examples-sshguard.conf.sample | 36 +++++++++++++++ > security/sshguard/files/patch-src-sshguard.in | 10 ++++ > security/sshguard/files/sshguard.in | 2 +- > .../sshguard/{files/pkg-message.in => pkg-message} | 4 +- > security/sshguard/pkg-plist | 13 ++++++ > 11 files changed, 77 insertions(+), 90 deletions(-) > delete mode 100644 security/sshguard-ipfw/Makefile > delete mode 100644 security/sshguard-null/Makefile > delete mode 100644 security/sshguard-pf/Makefile > create mode 100644 security/sshguard/files/patch-examples-sshguard.conf.sample > create mode 100644 security/sshguard/files/patch-src-sshguard.in > rename security/sshguard/{files/pkg-message.in => pkg-message} (78%) > create mode 100644 security/sshguard/pkg-plist > >diff --git a/MOVED b/MOVED >index ba32461612da..0f0df0dec428 100644 >--- a/MOVED >+++ b/MOVED >@@ -9466,3 +9466,6 @@ dns/opendnssec13|dns/opendnssec14|2017-07-13|Has expired: Approaching EOL, upgra > multimedia/banshee||2017-07-13|Has expired: Project is not being actively maintained upstream anymore > www/libhtp-suricata||2017-07-16|No longer required. security/suricata now uses official (not forked) libhtp > databases/py-odbc|databases/py-pyodbc|2017-07-18|Rename to comply with PyPI scheme >+security/sshguard-ipfw|security/sshguard|2017-07-18|Merged with security/sshguard >+security/sshguard-pf|security/sshguard|2017-07-18|Merged with security/sshguard >+security/sshguard-null|security/sshguard|2017-07-18|Merged with security/sshguard >diff --git a/security/sshguard-ipfw/Makefile b/security/sshguard-ipfw/Makefile >deleted file mode 100644 >index 4aa8d7a92810..000000000000 >--- a/security/sshguard-ipfw/Makefile >+++ /dev/null >@@ -1,13 +0,0 @@ >-# Created by: Mij <mij@bitchx.it> >-# $FreeBSD$ >- >-PKGNAMESUFFIX= -ipfw >- >-COMMENT= Protect hosts from brute force attacks against ssh and other services using ipfw >- >-CONFLICTS= sshguard-pf-1.* sshguard-null-1.* >- >-SSHGUARDFW= ipfw >-MASTERDIR= ${.CURDIR}/../sshguard >- >-.include "${MASTERDIR}/Makefile" >diff --git a/security/sshguard-null/Makefile b/security/sshguard-null/Makefile >deleted file mode 100644 >index c4f252aa5bf2..000000000000 >--- a/security/sshguard-null/Makefile >+++ /dev/null >@@ -1,13 +0,0 @@ >-# Created by: Mij <mij@bitchx.it> >-# $FreeBSD$ >- >-PKGNAMESUFFIX= -null >- >-COMMENT= Protect hosts from brute force attacks against ssh and other services >- >-CONFLICTS= sshguard-ipfw-1.* sshguard-pf-1.* >- >-SSHGUARDFW= null >-MASTERDIR= ${.CURDIR}/../sshguard >- >-.include "${MASTERDIR}/Makefile" >diff --git a/security/sshguard-pf/Makefile b/security/sshguard-pf/Makefile >deleted file mode 100644 >index 04c1d64a9c6b..000000000000 >--- a/security/sshguard-pf/Makefile >+++ /dev/null >@@ -1,13 +0,0 @@ >-# Created by: Mij <mij@bitchx.it> >-# $FreeBSD$ >- >-PKGNAMESUFFIX= -pf >- >-COMMENT= Protect hosts from brute force attacks against ssh and other services using pf >- >-CONFLICTS= sshguard-ipfw-1.* sshguard-null-1.* >- >-SSHGUARDFW= pf >-MASTERDIR= ${.CURDIR}/../sshguard >- >-.include "${MASTERDIR}/Makefile" >diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile >index be6746b25166..d014d44fd5d4 100644 >--- a/security/sshguard/Makefile >+++ b/security/sshguard/Makefile >@@ -2,62 +2,26 @@ > # $FreeBSD$ > > PORTNAME= sshguard >-PORTVERSION= 1.7.1 >-PORTREVISION= 0 >+PORTVERSION= 2.0.0 > CATEGORIES= security > MASTER_SITES= SF/sshguard/sshguard/${PORTVERSION} > > MAINTAINER= ports@FreeBSD.org >-COMMENT?= Protect hosts from brute force attacks against ssh and other services >- >-SSHGUARDFW?= none >- >-# If SSHGUARDFW is not set by a slave port, then we only use the >-# following which makes this a metaport to choose a backend >-.if ${SSHGUARDFW} == none >-NO_BUILD=YES >-NO_INSTALL=YES >-NO_ARCH=YES >- >-OPTIONS_SINGLE= BACKEND >-OPTIONS_SINGLE_BACKEND= IPFW NULL PF >-OPTIONS_DEFAULT= IPFW >- >-IPFW_DESC= IPFW firewall backend >-NULL_DESC= null firewall backend (detection only) >-PF_DESC= pf firewall backend >- >-IPFW_RUN_DEPENDS= sshguard-ipfw>0:security/sshguard-ipfw >-NULL_RUN_DEPENDS= sshguard-null>0:security/sshguard-null >-PF_RUN_DEPENDS= sshguard-pf>0:security/sshguard-pf >- >-.include <bsd.port.options.mk> >- >-# The remaining settings are used by the slave ports >-.else >+COMMENT= Protect hosts from brute force attacks against ssh and other services > > LICENSE= BSD2CLAUSE > > USES= autoreconf > >-PLIST_FILES= libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser \ >- sbin/sshguard man/man8/sshguard.8.gz >- > USE_RC_SUBR= sshguard > MAKE_ARGS+= ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}" > GNU_CONFIGURE= yes >-CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW} >- >-SUB_LIST+= PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK} >-SUB_FILES= pkg-message >-.endif >- >-.if ${SSHGUARDFW} == pf >-PKGMSG_FWBLOCK=" To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/" >-.elif ${SSHGUARDFW} == ipfw >-PKGMSG_FWBLOCK=" IPFW support has been rewritten. Sshguard will now add entries to table 22." >-.elif ${SSHGUARDFW} == null >-PKGMSG_FWBLOCK=" Sshguard null backend does detection only. It does not take action." >-.endif >+ >+post-patch: >+ @${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst >+ >+post-install: >+ ${INSTALL} -d ${STAGEDIR}${PREFIX}/etc >+ ${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDIR}${PREFIX}/etc > > .include <bsd.port.mk> >diff --git a/security/sshguard/distinfo b/security/sshguard/distinfo >index 27a7b4bf3bf4..76b0428c3c3a 100644 >--- a/security/sshguard/distinfo >+++ b/security/sshguard/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1483998292 >-SHA256 (sshguard-1.7.1.tar.gz) = 2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195 >-SIZE (sshguard-1.7.1.tar.gz) = 832220 >+TIMESTAMP = 1500391750 >+SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06 >+SIZE (sshguard-2.0.0.tar.gz) = 886995 >diff --git a/security/sshguard/files/patch-examples-sshguard.conf.sample b/security/sshguard/files/patch-examples-sshguard.conf.sample >new file mode 100644 >index 000000000000..65428e87047f >--- /dev/null >+++ b/security/sshguard/files/patch-examples-sshguard.conf.sample >@@ -0,0 +1,36 @@ >+diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample >+index d881e51..87b7acc 100644 >+--- examples/sshguard.conf.sample >++++ examples/sshguard.conf.sample >+@@ -6,11 +6,13 @@ >+ >+ #### REQUIRED CONFIGURATION #### >+ # Full path to backend executable (required, no default) >+-#BACKEND="/usr/local/libexec/sshg-fw-hosts" >++BACKEND="/usr/local/libexec/sshg-fw-null" >++#BACKEND="/usr/local/libexec/sshg-fw-ipfw" >++#BACKEND="/usr/local/libexec/sshg-fw-pf" >+ >+ # Space-separated list of log files to monitor. Ignored if LOGREADER is set. >+ # (optional, no default) >+-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog" >++#FILES="/var/log/auth.log /var/log/maillog" >+ >+ # Shell command that provides logs on standard output. Takes precedence over >+ # FILES. (optional, no default) >+@@ -36,12 +38,12 @@ DETECTION_TIME=1800 >+ # !! Warning: These features may not work correctly with sandboxing. !! >+ >+ # Full path to PID file (optional, no default) >+-#PID_FILE=/run/sshguard.pid >++#PID_FILE=/var/run/sshguard.pid >+ >+ # Colon-separated blacklist threshold and full path to blacklist file. >+ # (optional, no default) >+-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies >++#BLACKLIST_FILE=30:/var/db/sshguard/blacklist.db >+ >+ # IP addresses listed in the WHITELIST_FILE are considered to be >+ # friendlies and will never be blocked. >+-#WHITELIST_FILE=/etc/friends >++#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist >diff --git a/security/sshguard/files/patch-src-sshguard.in b/security/sshguard/files/patch-src-sshguard.in >new file mode 100644 >index 000000000000..db40747fe390 >--- /dev/null >+++ b/security/sshguard/files/patch-src-sshguard.in >@@ -0,0 +1,10 @@ >+diff --git src/sshguard.in src/sshguard.in >+index 40c864b..249ddb5 100644 >+--- src/sshguard.in >++++ src/sshguard.in >+@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then >+ fi >+ >+ eval $tailcmd | $libexec/sshg-parser | \ >+- $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$) >++ $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$) >diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in >index 6f54496c39a9..71431e95a202 100644 >--- a/security/sshguard/files/sshguard.in >+++ b/security/sshguard/files/sshguard.in >@@ -81,7 +81,7 @@ pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"} > > command=/usr/sbin/daemon > actual_command="%%PREFIX%%/sbin/sshguard" >-procname="${actual_command}" >+procname="%%PREFIX%%/libexec/sshg-blocker" > start_precmd=sshguard_prestart > command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}" > >diff --git a/security/sshguard/files/pkg-message.in b/security/sshguard/pkg-message >similarity index 78% >rename from security/sshguard/files/pkg-message.in >rename to security/sshguard/pkg-message >index 81169460c27c..4f823a13a10b 100644 >--- a/security/sshguard/files/pkg-message.in >+++ b/security/sshguard/pkg-message >@@ -1,12 +1,12 @@ > ########################################################################## > Sshguard installed successfully. > >-%%PKGMSG_FWBLOCK%% >+ Sshguard now installs all supported backends (null, ipfw, pf, hosts) > > You can start sshguard as a daemon by using the > rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard . > >- See sshguard(8) and http://www.sshguard.net/docs/setup for additional info. >+ See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info. > > Please note that a few rc script parameters have been renamed to > better reflect the documentation: >diff --git a/security/sshguard/pkg-plist b/security/sshguard/pkg-plist >new file mode 100644 >index 000000000000..0741d7ae97d9 >--- /dev/null >+++ b/security/sshguard/pkg-plist >@@ -0,0 +1,13 @@ >+etc/sshguard.conf.sample >+@sample etc/sshguard.conf.sample >+etc/rc.d/sshguard >+sbin/sshguard >+libexec/sshg-blocker >+libexec/sshg-fw-hosts >+libexec/sshg-fw-ipfw >+libexec/sshg-fw-null >+libexec/sshg-fw-pf >+libexec/sshg-logtail >+libexec/sshg-parser >+%%PORTDOCS%%man/man8/sshguard.8.gz >+%%PORTDOCS%%man/man7/sshguard-setup.7.gz >-- >2.14.0.rc0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=184549">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 219409
: 184549