Hi, You will find a patch for security/sshguard attached, bringing sshguard up to the newly released 2.3.1 (2019-01-01).
As with the previous updates I've posted, this is a patch against sshguard 1.5 which we have in the ports tree, and it also adds me as the maintainer. The difference between 2.3.1 and the previous 2.3.0 release is minor, but I updated the patch because there was a commit fixing the handling of OpenSSH's "Did not receive identification string" message. The differences between 2.3.1 and the 1.5 release are too numerous to list here, but see [1]. [1] https://bitbucket.org/sshguard/sshguard/src/master/CHANGELOG.rst?fileviewer=file-view-default Regards, Andreas -- Andreas Kusalananda Kähäri, National Bioinformatics Infrastructure Sweden (NBIS), Uppsala University, Sweden.
Index: Makefile =================================================================== RCS file: /extra/cvs/ports/security/sshguard/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile 4 Sep 2018 12:46:21 -0000 1.13 +++ Makefile 26 Jan 2019 12:21:48 -0000 @@ -2,22 +2,29 @@ COMMENT= protect against brute force attacks on sshd and others -DISTNAME= sshguard-1.5 -REVISION= 6 +DISTNAME= sshguard-2.3.1 CATEGORIES= security +HOMEPAGE= https://www.sshguard.net/ + +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/} + +MAINTAINER= Andreas Kusalananda Kahari <andreas.kah...@abc.se> + # BSD PERMIT_PACKAGE_CDROM= Yes WANTLIB+= c pthread -HOMEPAGE= https://www.sshguard.net/ -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/} -EXTRACT_SUFX= .tar.bz2 - CONFIGURE_STYLE=gnu -CONFIGURE_ARGS= --with-firewall=pf -NO_TEST= Yes +post-patch: + ${SUBST_CMD} ${WRKSRC}/doc/sshguard.8 \ + ${WRKSRC}/examples/sshguard.conf.sample + +post-install: + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sshguard + ${INSTALL_DATA} ${WRKSRC}/examples/*.{example,sample} \ + ${PREFIX}/share/examples/sshguard .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /extra/cvs/ports/security/sshguard/distinfo,v retrieving revision 1.3 diff -u -p -r1.3 distinfo --- distinfo 27 Jan 2014 15:49:15 -0000 1.3 +++ distinfo 26 Jan 2019 12:27:45 -0000 @@ -1,2 +1,2 @@ -SHA256 (sshguard-1.5.tar.bz2) = tTf4dlRV/fhCT4fUvWleW2dbiOXRZIZUUhN5Rwk+fhk= -SIZE (sshguard-1.5.tar.bz2) = 303767 +SHA256 (sshguard-2.3.1.tar.gz) = dpBV4m33j0vKNMmnrPJl36IkwFWzPO1H9T1Vv2WdIKI= +SIZE (sshguard-2.3.1.tar.gz) = 765330 Index: patches/patch-configure =================================================================== RCS file: patches/patch-configure diff -N patches/patch-configure --- patches/patch-configure 24 Jun 2018 10:54:19 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,13 +0,0 @@ -$OpenBSD: patch-configure,v 1.1 2018/06/24 10:54:19 kn Exp $ - -Index: configure ---- configure.orig -+++ configure -@@ -5949,7 +5949,6 @@ then - STD99_CFLAGS="-xc99" - else - # other compiler (assume gcc-compatibile :( ) -- OPTIMIZER_CFLAGS="-O2" - WARNING_CFLAGS="-Wall" - STD99_CFLAGS="-std=c99" - fi Index: patches/patch-doc_sshguard_8 =================================================================== RCS file: patches/patch-doc_sshguard_8 diff -N patches/patch-doc_sshguard_8 --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-doc_sshguard_8 4 Dec 2018 21:52:04 -0000 @@ -0,0 +1,16 @@ +$OpenBSD$ + +Index: doc/sshguard.8 +--- doc/sshguard.8.orig ++++ doc/sshguard.8 +@@ -119,8 +119,8 @@ Set to enable verbose output from sshg\-blocker. + .SH FILES + .INDENT 0.0 + .TP +-.B %PREFIX%/etc/sshguard.conf +-See sample configuration file. ++.B ${SYSCONFDIR}/sshguard.conf ++See sample configuration file in ${PREFIX}/share/examples/sshguard/sshguard.conf.sample + .UNINDENT + .SH WHITELISTING + .sp Index: patches/patch-examples_sshguard_conf_sample =================================================================== RCS file: patches/patch-examples_sshguard_conf_sample diff -N patches/patch-examples_sshguard_conf_sample --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-examples_sshguard_conf_sample 4 Dec 2018 16:14:34 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ + +Index: examples/sshguard.conf.sample +--- examples/sshguard.conf.sample.orig ++++ examples/sshguard.conf.sample +@@ -7,9 +7,11 @@ + #### REQUIRED CONFIGURATION #### + # Full path to backend executable (required, no default) + #BACKEND="/usr/local/libexec/sshg-fw-iptables" ++BACKEND="${TRUEPREFIX}/libexec/sshg-fw-pf" + + # Space-separated list of log files to monitor. (optional, no default) + #FILES="/var/log/auth.log /var/log/authlog /var/log/maillog" ++FILES=/var/log/authlog + + # Shell command that provides logs on standard output. (optional, no default) + # Example 1: ssh and sendmail from systemd journal: Index: patches/patch-src_blocker_blocker_c =================================================================== RCS file: patches/patch-src_blocker_blocker_c diff -N patches/patch-src_blocker_blocker_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_blocker_blocker_c 6 Dec 2018 10:37:47 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ + +Index: src/blocker/blocker.c +--- src/blocker/blocker.c.orig ++++ src/blocker/blocker.c +@@ -139,7 +139,8 @@ int main(int argc, char *argv[]) { + + /* termination signals */ + signal(SIGTERM, sigfin_handler); +- signal(SIGHUP, sigfin_handler); ++ /* Don't install handler for HUP */ ++ /* signal(SIGHUP, sigfin_handler); */ + signal(SIGINT, sigfin_handler); + atexit(finishup); + Index: patches/patch-src_fwalls_command_c =================================================================== RCS file: patches/patch-src_fwalls_command_c diff -N patches/patch-src_fwalls_command_c --- patches/patch-src_fwalls_command_c 9 Sep 2011 20:13:28 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-src_fwalls_command_c,v 1.1 2011/09/09 20:13:28 naddy Exp $ - -Allow building with gcc3. - ---- src/fwalls/command.c.orig Fri Sep 9 22:07:56 2011 -+++ src/fwalls/command.c Fri Sep 9 22:08:12 2011 -@@ -59,7 +59,7 @@ int fw_block(const char *restrict addr, int addrkind, - return (run_command(COMMAND_BLOCK, addr, addrkind, service) == 0 ? FWALL_OK : FWALL_ERR); - } - --int fw_block_list(const char *restrict addresses[], int addrkind, const int service_codes[]) { -+int fw_block_list(const char *restrict *addresses, int addrkind, const int service_codes[]) { - /* block each address individually */ - int i; - Index: patches/patch-src_sshguard_fw_h =================================================================== RCS file: patches/patch-src_sshguard_fw_h diff -N patches/patch-src_sshguard_fw_h --- patches/patch-src_sshguard_fw_h 9 Sep 2011 20:13:28 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-src_sshguard_fw_h,v 1.1 2011/09/09 20:13:28 naddy Exp $ - -Allow building with gcc3. - ---- src/sshguard_fw.h.orig Fri Sep 9 22:07:03 2011 -+++ src/sshguard_fw.h Fri Sep 9 22:07:20 2011 -@@ -85,7 +85,7 @@ int fw_block(const char *restrict addr, int addrkind, - * - * @return FWALL_OK or FWALL_ERR - */ --int fw_block_list(const char *restrict addresses[], int addrkind, const int service_codes[]); -+int fw_block_list(const char *restrict *addresses, int addrkind, const int service_codes[]); - - - /** Index: patches/patch-src_sshguard_in =================================================================== RCS file: patches/patch-src_sshguard_in diff -N patches/patch-src_sshguard_in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_sshguard_in 6 Dec 2018 10:35:54 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ + +Index: src/sshguard.in +--- src/sshguard.in.orig ++++ src/sshguard.in +@@ -5,6 +5,9 @@ + # entire process group (subshell) on exit/interrupts. + trap "trap - TERM && kill 0" INT TERM EXIT + ++# Ignore HUP ++trap "" HUP ++ + libexec="@libexecdir@" + version="@sshguardversion@" + Index: patches/patch-src_sshguard_logsuck_c =================================================================== RCS file: patches/patch-src_sshguard_logsuck_c diff -N patches/patch-src_sshguard_logsuck_c --- patches/patch-src_sshguard_logsuck_c 7 Mar 2011 17:44:16 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-src_sshguard_logsuck_c,v 1.2 2011/03/07 17:44:16 rpointel Exp $ ---- src/sshguard_logsuck.c.orig Wed Feb 9 13:01:47 2011 -+++ src/sshguard_logsuck.c Sat Mar 5 19:27:53 2011 -@@ -242,7 +242,7 @@ int logsuck_getline(char *restrict buf, size_t buflen, - if (ret > 0) { - if (kevs[0].filter == EVFILT_READ) { - /* got data on this one. Read from it */ -- sshguard_log(LOG_DEBUG, "Searching for fd %lu in list.", kevs[0].ident); -+ sshguard_log(LOG_DEBUG, "Searching for fd %u in list.", kevs[0].ident); - readentry = list_seek(& sources_list, & kevs[0].ident); - assert(readentry != NULL); - assert(readentry->active); Index: patches/patch-src_sshguard_procauth_c =================================================================== RCS file: patches/patch-src_sshguard_procauth_c diff -N patches/patch-src_sshguard_procauth_c --- patches/patch-src_sshguard_procauth_c 7 Sep 2010 12:23:43 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-src_sshguard_procauth_c,v 1.1.1.1 2010/09/07 12:23:43 millert Exp $ ---- src/sshguard_procauth.c.orig Mon Aug 9 02:44:15 2010 -+++ src/sshguard_procauth.c Mon Aug 30 13:05:40 2010 -@@ -192,7 +192,7 @@ static int procauth_ischildof(pid_t child, pid_t paren - dup2(ps2me[1], 1); - - sshguard_log(LOG_DEBUG, "Running 'ps axo pid,ppid'."); -- execlp("ps", "ps", "axo", "pid,ppid", NULL); -+ execlp("ps", "ps", "axo", "pid,ppid", (char *)0); - - sshguard_log(LOG_ERR, "Unable to run 'ps axo pid,ppid': %s.", strerror(errno)); - exit(-1); Index: pkg/PLIST =================================================================== RCS file: /extra/cvs/ports/security/sshguard/pkg/PLIST,v retrieving revision 1.5 diff -u -p -r1.5 PLIST --- pkg/PLIST 4 Sep 2018 12:46:21 -0000 1.5 +++ pkg/PLIST 5 Dec 2018 08:15:56 -0000 @@ -1,6 +1,23 @@ @comment $OpenBSD: PLIST,v 1.5 2018/09/04 12:46:21 espie Exp $ @pkgpath security/sshguard,tcpd +@rcscript ${RCDIR}/sshguard +@bin libexec/sshg-blocker +libexec/sshg-fw-firewalld +@bin libexec/sshg-fw-hosts +libexec/sshg-fw-ipfilter +libexec/sshg-fw-ipfw +libexec/sshg-fw-ipset +libexec/sshg-fw-iptables +libexec/sshg-fw-nft-sets +libexec/sshg-fw-null +libexec/sshg-fw-pf +libexec/sshg-logtail +@bin libexec/sshg-parser +@man man/man7/sshguard-setup.7 @man man/man8/sshguard.8 -@bin sbin/sshguard +sbin/sshguard share/doc/pkg-readmes/${PKGSTEM} -@rcscript ${RCDIR}/sshguard +share/examples/sshguard/ +share/examples/sshguard/sshguard.conf.sample +@sample ${SYSCONFDIR}/sshguard.conf +share/examples/sshguard/whitelistfile.example Index: pkg/README =================================================================== RCS file: /extra/cvs/ports/security/sshguard/pkg/README,v retrieving revision 1.3 diff -u -p -r1.3 README --- pkg/README 4 Sep 2018 12:46:21 -0000 1.3 +++ pkg/README 5 Dec 2018 08:16:29 -0000 @@ -4,7 +4,8 @@ $OpenBSD: README,v 1.3 2018/09/04 12:46: | Running ${PKGSTEM} on OpenBSD +----------------------------------------------------------------------- -To use sshguard with pf(4), add the following to /etc/pf.conf: +To use ${PKGSTEM} with pf(4), add something similar to the following to +${SYSCONFDIR}/pf.conf: table <sshguard> persist Index: pkg/sshguard.rc =================================================================== RCS file: /extra/cvs/ports/security/sshguard/pkg/sshguard.rc,v retrieving revision 1.4 diff -u -p -r1.4 sshguard.rc --- pkg/sshguard.rc 11 Jan 2018 19:27:09 -0000 1.4 +++ pkg/sshguard.rc 6 Dec 2018 11:44:46 -0000 @@ -3,9 +3,10 @@ # $OpenBSD: sshguard.rc,v 1.4 2018/01/11 19:27:09 rpe Exp $ daemon="${TRUEPREFIX}/sbin/sshguard" -daemon_flags="-l /var/log/authlog" . /etc/rc.d/rc.subr + +pexp="${TRUEPREFIX}/libexec/sshg-blocker .*" rc_bg=YES rc_reload=NO
