security/sshguard: Update to 2.0.0

PR:		219409

8 files changed, 76 insertions, 54 deletions

diff --git a/security/Makefile b/security/Makefile
index 2c614ee7b843..23555f95add0 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1153,9 +1153,6 @@
     SUBDIR += ssh_askpass_gtk2
     SUBDIR += sshblock
     SUBDIR += sshguard
-    SUBDIR += sshguard-ipfw
-    SUBDIR += sshguard-null
-    SUBDIR += sshguard-pf
     SUBDIR += sshpass
     SUBDIR += ssl-admin
     SUBDIR += sslscan
diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile
index be6746b25166..0ffc54e8b405 100644
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@@ -2,62 +2,28 @@
 # $FreeBSD$
 
 PORTNAME=	sshguard
-PORTVERSION=	1.7.1
-PORTREVISION=	0
+PORTVERSION=	2.0.0
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/${PORTVERSION}
 
-MAINTAINER=	ports@FreeBSD.org
-COMMENT?=	Protect hosts from brute force attacks against ssh and other services
-
-SSHGUARDFW?=	none
-
-# If SSHGUARDFW is not set by a slave port, then we only use the
-# following which makes this a metaport to choose a backend
-.if ${SSHGUARDFW} == none
-NO_BUILD=YES
-NO_INSTALL=YES
-NO_ARCH=YES
-
-OPTIONS_SINGLE=	BACKEND
-OPTIONS_SINGLE_BACKEND=	IPFW NULL PF
-OPTIONS_DEFAULT=	IPFW
-
-IPFW_DESC=	IPFW firewall backend
-NULL_DESC=	null firewall backend (detection only)
-PF_DESC=	pf firewall backend
-
-IPFW_RUN_DEPENDS=	sshguard-ipfw>0:security/sshguard-ipfw
-NULL_RUN_DEPENDS=	sshguard-null>0:security/sshguard-null
-PF_RUN_DEPENDS=		sshguard-pf>0:security/sshguard-pf
-
-.include <bsd.port.options.mk>
-
-# The remaining settings are used by the slave ports
-.else
+MAINTAINER=	dan.mcgregor@usask.ca
+COMMENT=	Protect hosts from brute force attacks against ssh and other services
 
 LICENSE=	BSD2CLAUSE
 
 USES=		autoreconf
 
-PLIST_FILES=	libexec/sshg-fw libexec/sshg-logtail libexec/sshg-parser \
-		sbin/sshguard man/man8/sshguard.8.gz
-
 USE_RC_SUBR=	sshguard
 MAKE_ARGS+=	ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW}
 
-SUB_LIST+=	PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
 SUB_FILES=	pkg-message
-.endif
-
-.if ${SSHGUARDFW} == pf
-PKGMSG_FWBLOCK="  To activate or configure PF see http://www.sshguard.net/docs/setup/firewall/pf/"
-.elif ${SSHGUARDFW} == ipfw
-PKGMSG_FWBLOCK="  IPFW support has been rewritten. Sshguard will now add entries to table 22."
-.elif ${SSHGUARDFW} == null
-PKGMSG_FWBLOCK="  Sshguard null backend does detection only. It does not take action."
-.endif
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|%PREFIX%|${PREFIX}|' ${WRKSRC}/doc/sshguard.8.rst
+
+post-install:
+	${INSTALL} -d ${STAGEDIR}${PREFIX}/etc
+	${INSTALL} -m 644 ${WRKSRC}/examples/sshguard.conf.sample ${STAGEDIR}${PREFIX}/etc
 
 .include <bsd.port.mk>
diff --git a/security/sshguard/distinfo b/security/sshguard/distinfo
index 27a7b4bf3bf4..76b0428c3c3a 100644
--- a/security/sshguard/distinfo
+++ b/security/sshguard/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1483998292
-SHA256 (sshguard-1.7.1.tar.gz) = 2e527589c9b33219222d827dff63974229d044de945729aa47271c4a29aaa195
-SIZE (sshguard-1.7.1.tar.gz) = 832220
+TIMESTAMP = 1500391750
+SHA256 (sshguard-2.0.0.tar.gz) = e87c6c4a6dddf06f440ea76464eb6197869c0293f0a60ffa51f8a6a0d7b0cb06
+SIZE (sshguard-2.0.0.tar.gz) = 886995
diff --git a/security/sshguard/files/patch-examples-sshguard.conf.sample b/security/sshguard/files/patch-examples-sshguard.conf.sample
new file mode 100644
index 000000000000..65428e87047f
--- /dev/null
+++ b/security/sshguard/files/patch-examples-sshguard.conf.sample
@@ -0,0 +1,36 @@
+diff --git examples/sshguard.conf.sample examples/sshguard.conf.sample
+index d881e51..87b7acc 100644
+--- examples/sshguard.conf.sample
++++ examples/sshguard.conf.sample
+@@ -6,11 +6,13 @@
+ 
+ #### REQUIRED CONFIGURATION ####
+ # Full path to backend executable (required, no default)
+-#BACKEND="/usr/local/libexec/sshg-fw-hosts"
++BACKEND="/usr/local/libexec/sshg-fw-null"
++#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
++#BACKEND="/usr/local/libexec/sshg-fw-pf"
+ 
+ # Space-separated list of log files to monitor. Ignored if LOGREADER is set.
+ # (optional, no default)
+-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
++#FILES="/var/log/auth.log /var/log/maillog"
+ 
+ # Shell command that provides logs on standard output. Takes precedence over
+ # FILES. (optional, no default)
+@@ -36,12 +38,12 @@ DETECTION_TIME=1800
+ # !! Warning: These features may not work correctly with sandboxing. !!
+ 
+ # Full path to PID file (optional, no default)
+-#PID_FILE=/run/sshguard.pid
++#PID_FILE=/var/run/sshguard.pid
+ 
+ # Colon-separated blacklist threshold and full path to blacklist file.
+ # (optional, no default)
+-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies
++#BLACKLIST_FILE=30:/var/db/sshguard/blacklist.db
+ 
+ # IP addresses listed in the WHITELIST_FILE are considered to be
+ # friendlies and will never be blocked.
+-#WHITELIST_FILE=/etc/friends
++#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist
diff --git a/security/sshguard/files/patch-src-sshguard.in b/security/sshguard/files/patch-src-sshguard.in
new file mode 100644
index 000000000000..db40747fe390
--- /dev/null
+++ b/security/sshguard/files/patch-src-sshguard.in
@@ -0,0 +1,10 @@
+diff --git src/sshguard.in src/sshguard.in
+index 40c864b..249ddb5 100644
+--- src/sshguard.in
++++ src/sshguard.in
+@@ -85,4 +85,4 @@ elif [ -z "$tailcmd" ]; then
+ fi
+ 
+ eval $tailcmd | $libexec/sshg-parser | \
+-    $libexec/sshg-blocker $flags | ($BACKEND; kill -PIPE $$)
++    $libexec/sshg-blocker $flags | ($BACKEND ; pkill -PIPE -P $$)
diff --git a/security/sshguard/files/pkg-message.in b/security/sshguard/files/pkg-message.in
index 81169460c27c..b81a99a04e72 100644
--- a/security/sshguard/files/pkg-message.in
+++ b/security/sshguard/files/pkg-message.in
@@ -1,12 +1,10 @@
 ##########################################################################
   Sshguard installed successfully.
 
-%%PKGMSG_FWBLOCK%%
-
   You can start sshguard as a daemon by using the
   rc.d script installed at %%PREFIX%%/etc/rc.d/sshguard .
 
-  See sshguard(8) and http://www.sshguard.net/docs/setup for additional info.
+  See sshguard-setup(7) and http://www.sshguard.net/docs/setup for additional info.
 
   Please note that a few rc script parameters have been renamed to
   better reflect the documentation:
diff --git a/security/sshguard/files/sshguard.in b/security/sshguard/files/sshguard.in
index 6f54496c39a9..71431e95a202 100644
--- a/security/sshguard/files/sshguard.in
+++ b/security/sshguard/files/sshguard.in
@@ -81,7 +81,7 @@ pidfile=${sshguard_pidfile:="/var/run/sshguard.pid"}
 
 command=/usr/sbin/daemon
 actual_command="%%PREFIX%%/sbin/sshguard"
-procname="${actual_command}"
+procname="%%PREFIX%%/libexec/sshg-blocker"
 start_precmd=sshguard_prestart
 command_args="-c ${actual_command} \${sshguard_flags} \${sshguard_blacklist_params} \${sshguard_watch_params} -a ${sshguard_danger_thresh} -p ${sshguard_release_interval} -s ${sshguard_reset_interval} -w ${sshguard_whitelistfile} -i ${pidfile}"
 
diff --git a/security/sshguard/pkg-plist b/security/sshguard/pkg-plist
new file mode 100644
index 000000000000..2bbd20c9ffaa
--- /dev/null
+++ b/security/sshguard/pkg-plist
@@ -0,0 +1,15 @@
+@sample etc/sshguard.conf.sample
+sbin/sshguard
+libexec/sshg-blocker
+libexec/sshg-fw-firewalld
+libexec/sshg-fw-hosts
+libexec/sshg-fw-ipfilter
+libexec/sshg-fw-ipfw
+libexec/sshg-fw-ipset
+libexec/sshg-fw-iptables
+libexec/sshg-fw-null
+libexec/sshg-fw-pf
+libexec/sshg-logtail
+libexec/sshg-parser
+man/man7/sshguard-setup.7.gz
+man/man8/sshguard.8.gz