Hi, this is the diff to update sshguard to latest release.
I quickly test and "works fine for me"©.There are lot of changes so I would appreciate if some people who used it could test.
Cheers, Remi.
Index: Makefile =================================================================== RCS file: /cvs/ports/security/sshguard/Makefile,v retrieving revision 1.10 diff -u -p -u -p -r1.10 Makefile --- Makefile 27 May 2017 19:57:06 -0000 1.10 +++ Makefile 13 Dec 2017 14:16:41 -0000 @@ -2,8 +2,7 @@ COMMENT= protect against brute force attacks on sshd and others -DISTNAME= sshguard-1.5 -REVISION= 3 +DISTNAME= sshguard-2.1.0 CATEGORIES= security # BSD @@ -13,11 +12,19 @@ WANTLIB+= c pthread HOMEPAGE= http://www.sshguard.net/ MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/} -EXTRACT_SUFX= .tar.bz2 CONFIGURE_STYLE=gnu -NO_TEST= Yes -CONFIGURE_ARGS = --with-firewall=pf +RUN_DEPENDS = shells/bash + +pre-fake: + ${SUBST_CMD} ${WRKSRC}/examples/sshguard.conf.sample + sed -i "1s#/bin/sh#${LOCALBASE}/bin/bash#" ${WRKSRC}/src/sshguard + sed -i "1s#/bin/sh#${LOCALBASE}/bin/bash#" ${WRKSRC}/src/fw/sshg-fw-pf + sed -i "1s#/bin/sh#${LOCALBASE}/bin/bash#" ${WRKSRC}/examples/sshguard.conf.sample + +post-install: + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sshguard/ + ${INSTALL_DATA} ${WRKDIST}/examples/sshguard.conf.sample ${PREFIX}/share/doc/sshguard/ .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/security/sshguard/distinfo,v retrieving revision 1.3 diff -u -p -u -p -r1.3 distinfo --- distinfo 27 Jan 2014 15:49:15 -0000 1.3 +++ distinfo 13 Dec 2017 14:16:41 -0000 @@ -1,2 +1,2 @@ -SHA256 (sshguard-1.5.tar.bz2) = tTf4dlRV/fhCT4fUvWleW2dbiOXRZIZUUhN5Rwk+fhk= -SIZE (sshguard-1.5.tar.bz2) = 303767 +SHA256 (sshguard-2.1.0.tar.gz) = ISUqSDSthAjfOE7k3fRoYkqp3pzq1a/eHHc4CkjPAoo= +SIZE (sshguard-2.1.0.tar.gz) = 1117466 Index: patches/patch-examples_sshguard_conf_sample =================================================================== RCS file: patches/patch-examples_sshguard_conf_sample diff -N patches/patch-examples_sshguard_conf_sample --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-examples_sshguard_conf_sample 13 Dec 2017 14:16:41 -0000 @@ -0,0 +1,25 @@ +$OpenBSD$ + +Index: examples/sshguard.conf.sample +--- examples/sshguard.conf.sample.orig ++++ examples/sshguard.conf.sample +@@ -7,9 +7,11 @@ + #### REQUIRED CONFIGURATION #### + # Full path to backend executable (required, no default) + #BACKEND="/usr/local/libexec/sshg-fw-iptables" ++BACKEND="${LOCALBASE}/libexec/sshg-fw-pf" + + # Space-separated list of log files to monitor. (optional, no default) + #FILES="/var/log/auth.log /var/log/authlog /var/log/maillog" ++FILES="/var/log/authlog" + + # Shell command that provides logs on standard output. (optional, no default) + # Example 1: ssh and sendmail from systemd journal: +@@ -41,6 +43,7 @@ DETECTION_TIME=1800 + + # Full path to PID file (optional, no default) + #PID_FILE=/run/sshguard.pid ++PID_FILE=/var/run/sshguard.pid + + # Colon-separated blacklist threshold and full path to blacklist file. + # (optional, no default) Index: patches/patch-src_fwalls_command_c =================================================================== RCS file: patches/patch-src_fwalls_command_c diff -N patches/patch-src_fwalls_command_c --- patches/patch-src_fwalls_command_c 9 Sep 2011 20:13:28 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-src_fwalls_command_c,v 1.1 2011/09/09 20:13:28 naddy Exp $ - -Allow building with gcc3. - ---- src/fwalls/command.c.orig Fri Sep 9 22:07:56 2011 -+++ src/fwalls/command.c Fri Sep 9 22:08:12 2011 -@@ -59,7 +59,7 @@ int fw_block(const char *restrict addr, int addrkind, - return (run_command(COMMAND_BLOCK, addr, addrkind, service) == 0 ? FWALL_OK : FWALL_ERR); - } - --int fw_block_list(const char *restrict addresses[], int addrkind, const int service_codes[]) { -+int fw_block_list(const char *restrict *addresses, int addrkind, const int service_codes[]) { - /* block each address individually */ - int i; - Index: patches/patch-src_sshguard_fw_h =================================================================== RCS file: patches/patch-src_sshguard_fw_h diff -N patches/patch-src_sshguard_fw_h --- patches/patch-src_sshguard_fw_h 9 Sep 2011 20:13:28 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-src_sshguard_fw_h,v 1.1 2011/09/09 20:13:28 naddy Exp $ - -Allow building with gcc3. - ---- src/sshguard_fw.h.orig Fri Sep 9 22:07:03 2011 -+++ src/sshguard_fw.h Fri Sep 9 22:07:20 2011 -@@ -85,7 +85,7 @@ int fw_block(const char *restrict addr, int addrkind, - * - * @return FWALL_OK or FWALL_ERR - */ --int fw_block_list(const char *restrict addresses[], int addrkind, const int service_codes[]); -+int fw_block_list(const char *restrict *addresses, int addrkind, const int service_codes[]); - - - /** Index: patches/patch-src_sshguard_logsuck_c =================================================================== RCS file: patches/patch-src_sshguard_logsuck_c diff -N patches/patch-src_sshguard_logsuck_c --- patches/patch-src_sshguard_logsuck_c 7 Mar 2011 17:44:16 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-src_sshguard_logsuck_c,v 1.2 2011/03/07 17:44:16 rpointel Exp $ ---- src/sshguard_logsuck.c.orig Wed Feb 9 13:01:47 2011 -+++ src/sshguard_logsuck.c Sat Mar 5 19:27:53 2011 -@@ -242,7 +242,7 @@ int logsuck_getline(char *restrict buf, size_t buflen, - if (ret > 0) { - if (kevs[0].filter == EVFILT_READ) { - /* got data on this one. Read from it */ -- sshguard_log(LOG_DEBUG, "Searching for fd %lu in list.", kevs[0].ident); -+ sshguard_log(LOG_DEBUG, "Searching for fd %u in list.", kevs[0].ident); - readentry = list_seek(& sources_list, & kevs[0].ident); - assert(readentry != NULL); - assert(readentry->active); Index: patches/patch-src_sshguard_procauth_c =================================================================== RCS file: patches/patch-src_sshguard_procauth_c diff -N patches/patch-src_sshguard_procauth_c --- patches/patch-src_sshguard_procauth_c 7 Sep 2010 12:23:43 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-src_sshguard_procauth_c,v 1.1.1.1 2010/09/07 12:23:43 millert Exp $ ---- src/sshguard_procauth.c.orig Mon Aug 9 02:44:15 2010 -+++ src/sshguard_procauth.c Mon Aug 30 13:05:40 2010 -@@ -192,7 +192,7 @@ static int procauth_ischildof(pid_t child, pid_t paren - dup2(ps2me[1], 1); - - sshguard_log(LOG_DEBUG, "Running 'ps axo pid,ppid'."); -- execlp("ps", "ps", "axo", "pid,ppid", NULL); -+ execlp("ps", "ps", "axo", "pid,ppid", (char *)0); - - sshguard_log(LOG_ERR, "Unable to run 'ps axo pid,ppid': %s.", strerror(errno)); - exit(-1); Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/sshguard/pkg/PLIST,v retrieving revision 1.4 diff -u -p -u -p -r1.4 PLIST --- pkg/PLIST 25 Mar 2014 12:33:31 -0000 1.4 +++ pkg/PLIST 13 Dec 2017 14:16:41 -0000 @@ -1,6 +1,22 @@ @comment $OpenBSD: PLIST,v 1.4 2014/03/25 12:33:31 ajacoutot Exp $ @pkgpath security/sshguard,tcpd +@bin libexec/sshg-blocker +@comment libexec/sshg-fw-firewalld +@bin libexec/sshg-fw-hosts +@comment libexec/sshg-fw-ipfilter +@comment libexec/sshg-fw-ipfw +@comment libexec/sshg-fw-ipset +@comment libexec/sshg-fw-iptables +@comment libexec/sshg-fw-nft-sets +libexec/sshg-fw-null +libexec/sshg-fw-pf +libexec/sshg-logtail +@bin libexec/sshg-parser +@man man/man7/sshguard-setup.7 @man man/man8/sshguard.8 -@bin sbin/sshguard +sbin/sshguard share/doc/pkg-readmes/${FULLPKGNAME} +share/doc/sshguard/ +share/doc/sshguard/sshguard.conf.sample +@sample ${SYSCONFDIR}/sshguard.conf @rcscript ${RCDIR}/sshguard Index: pkg/sshguard.rc =================================================================== RCS file: /cvs/ports/security/sshguard/pkg/sshguard.rc,v retrieving revision 1.3 diff -u -p -u -p -r1.3 sshguard.rc --- pkg/sshguard.rc 27 May 2017 19:57:07 -0000 1.3 +++ pkg/sshguard.rc 13 Dec 2017 14:16:41 -0000 @@ -3,7 +3,6 @@ # $OpenBSD: sshguard.rc,v 1.3 2017/05/27 19:57:07 ajacoutot Exp $ daemon="${TRUEPREFIX}/sbin/sshguard" -daemon_flags="-l /var/log/authlog" . /etc/rc.d/rc.subr
