Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
2.4.3_2,1 25 Feb 2024 13:24:23 |
Muhammad Moinur Rahman (bofh) |
security/sshguard: Moved man to share/man
Approved by: portmgr (blanket) |
2.4.3_1,1 13 Nov 2023 11:34:36 |
Renato Botelho (garga) Author: Kevin Zheng |
security/sshguard: Fix build on FreeBSD 12
PR: 274985
Reported by: Yani Karydis <yani@pi-greece.eu> |
2.4.3,1 06 Nov 2023 11:36:49 |
Fernando Apesteguía (fernape) Author: Chris Moerz |
security/sshguard: fix logging of entries with hostnames
With work from martin@lispworks.com
PR: 272249
Reported by: martin@lispworks.com
Approved by: kevinz5000@gmail.com (maintainer) |
07 Sep 2022 21:58:51 |
Stefan Eßer (se) |
Remove WWW entries moved into port Makefiles
Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner) |
2.4.2_2,1 07 Sep 2022 21:10:59 |
Stefan Eßer (se) |
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above ) |
2.4.2_2,1 20 Jul 2022 14:22:56 |
Tobias C. Berner (tcberner) |
security: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <ports@c0decafe.net>
* Aaron Dalton <aaron@FreeBSD.org>
* Adam Weinberger <adamw@FreeBSD.org>
* Ade Lovett <ade@FreeBSD.org>
* Aldis Berjoza <aldis@bsdroot.lv>
* Alex Dupre <ale@FreeBSD.org>
* Alex Kapranoff <kappa@rambler-co.ru>
* Alex Samorukov <samm@freebsd.org>
* Alexander Botero-Lowry <alex@foxybanana.com>
* Alexander Kriventsov <avk@vl.ru>
* Alexander Leidinger <netchild@FreeBSD.org> (Only the first 15 lines of the commit message are shown above ) |
2.4.2_2,1 01 Apr 2022 15:09:49 |
Dmitry Marakasov (amdmi3) |
security/sshguard: disable blacklisting by default
Blacklisting is now disabled by default to avoid overriding the setting in
sshguard.conf. To enable blacklisting, uncomment the BLACKLIST_FILE line in
sshguard.conf.
PR: 221602
Reported by: bahlgren@beah.se
Submitted by: kevinz5000@gmail.com |
2.4.2_1,1 04 Oct 2021 04:15:18 |
Philip Paeps (philip) Author: Kevin Zheng |
security/sshguard: Fix memset() off-by-one
This bug causes a stack overflow (and crash due to failed stack check)
when certain IPv6 addresses are whitelisted on i386.
PR: 258179
Reported by: John Marshall <john@jmarshall.id.au>
MFH: 2021Q4 |
2.4.2,1 14 Jun 2021 21:20:14 |
Rodrigo Osorio (rodrigo) |
security/sshguard: Upgrade to 2.4.2
Major changes:
* Recognize rejections from Postfix's postscreen daemon
* The parser can now be changed using the PARSER and POST_PARSER options
* Remove some false positive attack signatures for SSH and Cyrus
* Adjust log verbosity of some log messages
* The firewalld backend now uses firewall-cmd instead of iptables to flush
block lists
Full changelog :
https://bitbucket.org/sshguard/sshguard/src/v2.4.2/CHANGELOG.rst
PR: 256575
Reported by: <sirdice@gmail.com>
Approved by: Kevin Zheng <kevinz5000@gmail.com> (maintainer) |
2.4.1,1 06 Apr 2021 14:31:13 |
Mathieu Arnold (mat) |
all: Remove all other $FreeBSD keywords. |
2.4.1,1 06 Apr 2021 14:31:07 |
Mathieu Arnold (mat) |
Remove # $FreeBSD$ from Makefiles. |
2.4.1,1 15 Aug 2020 19:31:34 |
swills |
security/sshguard: Update to 2.4.1
PR: 248404
Submitted by: Kevin Zheng <kevinz5000@gmail.com>
Approved by: maintainer timeout (dan.mcgregor@usask.ca, multiple timeouts) |
2.4.0_2,1 10 Nov 2019 18:34:55 |
delphij |
Remove redundant pidfile check.
This fixes an issue that SSHguard won't start after an incompelete
shutdown.
PR: ports/241751
Approved by: portmgr (bugfix blanket)
MFH: 2019Q4 |
2.4.0_1,1 14 Aug 2019 12:16:13 |
mat |
Convert to UCL & cleanup pkg-message (categories s) |
2.4.0_1,1 19 Jul 2019 02:09:11 |
adamw |
sshguard: Fix rc(8) script, broken in update and then broken further in followup
commits
Also clean up some comments while here.
PR: 238458
Submitted by: Kevin Zheng |
2.4.0,1 06 Jul 2019 15:33:11 |
adamw |
sshguard: Update to 2.4.0 and fix rc(8) script
There is some strange new behaviour on the rc script in 2.4.0. It
would either hang on start, or hang on stop. A custom stop function
seemed the easiest way to achieve both.
PR: 238458 |
2.3.1,1 01 Jul 2019 17:56:48 |
adamw |
Back out r505456. sshguard 2.4.0 misbehaves
SSHGuard has always exited cleanly on FreeBSD. In 2.4.0, sshguard fixed that.
It is impossible to terminate sshguard without manually killing each process.
So, apologies to everyone who's already updated, but you'll have to manually
kill all the processes:
pkill -f sshguard
pkill -f sshg-
pkill -f tail
rm /var/run/sshguard.pid
So, back this out while awaiting upstream fix.
PR: 238458 |
2.4.0_1 01 Jul 2019 00:57:10 |
adamw |
Fix rc(8) script process detection
The pidfile points to a process named sh, not sshg-blocker
PR: 238458 |
2.4.0 30 Jun 2019 19:50:10 |
swills |
security/sshguard: update to 2.4.0
PR: 238458
Submitted by: Kevin Zheng <kevinz5000@gmail.com>
Approved by: maintainer timeout (dan.mcgregor@usask.ca, >2 weeks) |
2.3.1 29 Mar 2019 12:24:32 |
garga |
security/sshguard: Update to 2.3.1
PR: 236496
Approved by: maintainer timeout (> 2 weeks)
Sponsored by: Rubicon Communications, LLC (Netgate) |
2.2.0 28 Sep 2018 11:20:29 |
garga |
Update security/sshguard to 2.2.0
While here, break some long lines, Use INSTALL_DATA to install sample config
file since it's not supposed to be changed and re-generate patches using
`make makepatch`
PR: 230861
Approved by: maintainer timeout (> 1 month)
Obtained from: pfSense
Sponsored by: Rubicon Communications, LLC (Netgate) |
2.1.0_1 28 May 2018 01:30:40 |
adamw |
Increase the default blacklist threshold from 30 to 120, which is the upstream
default. 30 makes it far too easy to get locked out of your own server. 120 is
simply a safer starting point.
PR: 227016
Submitted by: Dan McGregor (maintainer)
MFH: 2018Q2 |
2.1.0 18 Jan 2018 01:15:48 |
dbaio |
security/sshguard: Update to 2.1.0
Improve descriptions, pkg-message and update WWW.
Changes: https://sourceforge.net/p/sshguard/mailman/message/36109171/
PR: 224153
Submitted by: Kevin Zheng <kevinz5000@gmail.com>
Approved by: maintainer timeout (dan.mcgregor@usask.ca, > 2 weeks) |
2.0.0_1 24 Jul 2017 10:56:16 |
woodsb02 |
security/sshguard: Fix rc script, add UPDATING entry
sshguard usually looks at sshguard.conf for a list of files to monitor,
but lets you override it via the command line using -l arguments.
This change fixes an issue with the previous rc script which was
*always* setting the '-l' arguments even if sshguard_watch_logs wasn't
set in rc.conf.
This change also sets the defaults in the config file to match the
former defaults in the rc script, and adds an UPDATING entry to warn
of the change from default configuration via rc.conf the config file.
PR: 220906
Submitted by: Dan McGregor (maintainer)
Reported by: chris@cretaforce.gr |
2.0.0 20 Jul 2017 15:34:09 |
feld |
security/sshguard: Update to 2.0.0
PR: 219409 |
1.7.1 20 Jul 2017 13:53:57 |
feld |
security/sshguard: reset MAINTAINER |
1.7.1 09 Jan 2017 21:50:36 |
feld |
security/sshguard: Update to 1.7.1 |
1.7.0_1 29 Aug 2016 19:55:47 |
feld |
security/sshguard: Unbreak build by making a metaport
security/sshguard no longer provides hosts/TCP Wrappers support by
default as this was removed upstream. It is now a metaport which will
allow you to select a backend. Further details can be found in the
UPDATING entry. |
1.7.0 26 Aug 2016 21:07:15 |
feld |
security/sshguard: Update to 1.7.0
Changelog:
Added
Add sshg-logtail
Add sshg-parser
Control firewall using sshg-fw
Match "no matching key exchange method" for SSH
Deprecated
Hosts backend is deprecated
Logsuck (-l option) is deprecated, use sshg-logtail instead
Process validation (-f option) is deprecated
(Only the first 15 lines of the commit message are shown above ) |
1.6.4_1 19 May 2016 11:09:14 |
amdmi3 |
- Fix trailing whitespace in pkg-messages
Approved by: portmgr blanket |
1.6.4_1 02 May 2016 16:49:08 |
feld |
security/sshguard: Update man page, fix sshguard_reset_interval default
Upstream responded to my submitted man page patch and indicated that
sshguard_reset_interval (-s) has been changed to 1800 (30 mins) as well. |
1.6.4 02 May 2016 16:26:04 |
feld |
security/sshguard: Update to 1.6.4
- Add PID file support back to rc script
- Rename some rc script parameters to better align with sshguard(8)
sshguard_safety_thresh -> sshguard_danger_thresh
sshguard_pardon_min_interval -> sshguard_release_interval
sshguard_prescribe_interval -> sshguard_reset_interval
Release notes:
This release brings updated signatures, usability improvements, and bug
fixes. Highlights in this release include:
- Match Postfix pre-authentication disconnects (Only the first 15 lines of the commit message are shown above ) |
1.6.3_1 19 Mar 2016 13:04:29 |
feld |
security/sshguard: Add patch to prevent log flooding with error messages
PR: 208133 |
1.6.3 08 Mar 2016 16:20:03 |
feld |
security/sshguard: Update to 1.6.3
Changelog: https://sourceforge.net/p/sshguard/mailman/message/34733464/
PR: 207511
Submitted by: <dcarmich@dcarmichael.net> |
1.6.2 15 Dec 2015 21:18:52 |
feld |
security/sshguard-pf Fix documentation URL in pkg-message
Submitted by: Johan <johan jails se> |
1.6.2 13 Oct 2015 01:14:26 |
feld |
security/sshgaurd: Update to 1.6.2
* Remove recommendation of using syslog pipes
* IPFW support has been rewritten and entries now are added to table 22
PR: 203452 |
1.6.1 01 Aug 2015 23:24:56 |
feld |
security/sshguard: update to 1.6.1 |
1.6.0_1 26 Jul 2015 15:04:34 |
feld |
security/sshguard-null
portable do-nothing backend for applying detection but not prevention
PR: 201323 |
1.6.0_1 17 May 2015 13:47:41 |
feld |
Add patch to support syslog in verbose mode
This was previously a patch in the FreeBSD ports tree and was sent
upstream but did not make it into 1.6.0
Submitted by: gregp@n0qds.org |
1.6.0 05 May 2015 01:59:51 |
feld |
Update to 1.6.0 |
1.5_12 24 Mar 2015 02:23:30 |
feld |
Restore lost changes to patch-src-parser-attack_scanner.l
PR: 197854 |
1.5_11 24 Mar 2015 02:11:26 |
feld |
Enable matching of syslog entries with <facility.level>
PR: 197854 |
1.5_10 23 Jan 2015 20:15:34 |
feld |
Patch parser to fix matching for Cyrus IMAP login attempts which are not
plaintext.
PR: 196943
Submitted by: jakob.alvermark@bsdlabs.com |
1.5_9 08 Jan 2015 13:42:53 |
feld |
Add ability to pass additional custom arguments to sshguard daemon via
sshguard_flags in rc.conf
Declare LICENSE while here
Submitted by: wjw@digiware.nl |
1.5_8 10 Dec 2014 14:04:24 |
feld |
Update "BSD" license in security category |
1.5_7 03 Nov 2014 21:56:18 |
feld |
Make it possible to run sshguard without blacklist database by setting
in rc.conf:
sshguard_blacklist=""
This may fix reliability for some users.
PR: 174018 |
1.5_6 03 Nov 2014 21:11:34 |
feld |
Do not hide stdout from users by sending it to syslog. Users need to be
able to readily view errors if they happen at startup.
PR: 193378 |
1.5_6 02 Oct 2014 12:28:03 |
feld |
The default pardon and prescribe settings in the rc script were swapped
and did not match the documentation. Users should tune to their needs
instead of relying on the defaults, but if they are this will be an
improvement.
Submitted by: John Vinopal |
1.5_5 22 May 2014 13:17:34 |
feld |
Adopting security/sshguard
rc script passes rclint
Removed clever built-in sysadmin countermeasure:
Previously sshguard would automatically add a line to your
/etc/syslog.conf file. You could activate sshguard by uncommenting this
line. However, every time you reinstall/update sshguard this line will
also be automatically removed rendering the program inactive and your
system unprotected.
Sponsored by: SupraNet Communications, Inc |
25 Apr 2014 13:08:34
|
crees |
Fix rc script, which I made a bit of a mess of. Really sorry :(
Submitted by: se
While here, add error checking in pkg-install before replacing
syslog.conf with an unknown file! |
1.5_3 08 Apr 2014 19:03:02 |
crees |
Fix old sshguard bug; does not detect ssh invalid users logins
PR: ports/174571
Submitted by: Francois Charlier <fcharlier@ploup.net>
Reset maintainer after 16 month timeout
While here, stage, remove some insanity and fixup rc script |
1.5_2 20 Sep 2013 22:55:26 |
bapt |
Add NO_STAGE all over the place in preparation for the staging support (cat:
security) |
1.5_2 01 Feb 2013 15:04:01 |
ak |
- Fix all cases of 'No newline at end of file' in ports tree
Approved by: portmgr (bapt) |
1.5_2 27 Jun 2012 00:22:55 |
delphij |
Add a rc.d script to daemonize sshguard.
Submitted by: delphij
PR: ports/166471
Approved by: maintainer timeout (~3 months) |
1.5_1 24 Jul 2011 18:16:30 |
arved |
Fix sshguared-ipfw -b option
PR: 157807
Submitted by: Dmitry <smallcms@gmail.com>
Approved by: maintainer timeout |
1.5 12 Jun 2011 02:35:49 |
miwi |
- Update to 1.5
PR: 155607
Submitted by: Matthias Fechner <idefix@fechner.net> |
1.4 10 Jan 2010 00:36:33 |
danger |
- update to 1.4
PR: ports/142469
Approved by: gabor, Maintainer |
1.3 22 Aug 2009 00:35:32 |
amdmi3 |
- Switch SourceForge ports to the new File Release System: categories starting
with P,R,S |
1.3 03 Oct 2008 14:28:11 |
amdmi3 |
- Update to 1.3, which also fixes build problem with autoconf
PR: 127599
Submitted by: Jeremy Johnston <jeremy at smart-serv dot net>
Suggested by: Mij <mij at bitchx dot it> (maintainer) |
1.2 23 Sep 2008 18:58:35 |
amdmi3 |
- Update to 1.2. Changes:
- support for Cyrus IMAP
- support for SSH "possible break-in attempt" messages
- updated support for dovecot to include logging format of new versions
- fix of IPF backend causing sshguard not to update /etc/ipf.rules (disallow
IPv6)
- fix detection of password when sshd doesn't log anything more than PAM
- While here, use SF macro
PR: 127456
Submitted by: Mij <mij at bitchx dot it> (maintainer) |
1.1_1 28 Jul 2008 07:35:02 |
lwhsu |
- Install man page to ${MANPREFIX}/man . Thanks to pav@ for notification
- Update description reflecting additions of version 1.1
PR: ports/126001
Submitted by: Mij <mij AT bitchx.it> (maintainer) |
1.1 26 Jul 2008 13:49:02 |
lwhsu |
- Update to 1.1
PR: ports/125973
Submitted by: Mij <mij AT bitchx.it> (maintainer) |
1.0_1 04 Jan 2008 20:35:08 |
arved |
Prevent the port from running automake if it is installed
PR: 118065
Submitted by: Mij <mij@bitchx.it> |
1.0_1 17 Jun 2007 21:55:21 |
itetcu |
- add patch for:
The regex used to recognize IPv6 addresses in security/sshguard{,-ipfw,-pf}
doesn't catch all IPv6 addresses. The author (and port maintainer) is aware of
this issue and supplied the patch, which fixes the issue. The patch will be
part of sshguard-1.1, which is due soonish.
- bump PORTREVISION
PR: 113800
Submitted by: Henrik Brix Andersen
Approved by: Mij (maintainer) |
1.0 12 Jun 2007 22:13:32 |
itetcu |
Shorten COMMENT
Submitted by: sat@ |
1.0 12 Jun 2007 22:09:47 |
itetcu |
Allow slave ports to overwrite the COMMENT.
Submitted by: sat@ |
1.0 12 Jun 2007 20:05:42 |
itetcu |
- upgrade to version 1.0
- the port is no longer interactive, it uses the default blocking backend
(hosts)
- for pf and ipfw see the new ports sshguard-[pf|ipfw]
PR: ports/112749
Submitted by: Mij (maintainer)
Reviewed by: leeym@ |
0.91_1 01 Mar 2007 10:06:14 |
clsung |
- respect maintainer's insist on interactive part,
even IS_INTERACTIVE is discouraged
- PORTREVISION is thus bumped.
Approved by: maintainer (implicit) |
0.91 01 Mar 2007 01:36:56 |
clsung |
Add sshguard 0.91, protect networked hosts from brute force attacks
against ssh.
PR: ports/109439
Submitted by: Mij <mij at bitchx.it> |