Page MenuHomeFreeBSD

security/libssh: Update to 0.9.4
ClosedPublic

Authored by salvadore on Apr 11 2020, 10:15 PM.

Details

Summary

Security release to fix CVE-2020-1730.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

I already tested it successfully with poudriere on 11.3, 12.1, 13.0 both amd64 and i386.
According to https://www.freshports.org/security/libssh/ libssh is required by default for 20 ports. I know it is a small number but building all of them 6 times (3 OS versions and 2 architectures) is a real pain on my machine, so I still would like to ask for an exp-run if possible. Does the patch looks good enough? Can I ask the exp-run mentors? :-)

As for PORTREVISION bumps I think they are not necessary because the soname libssh.so.4 stays the same: is that right? On the contrary, when it will eventually become libssh.so.5 I will have to bump PORTREVISIONs, am I right?

Thanks!

Yes, please ask for the exp-run. If portmgr deems it not necessary, they will surely tell you :)

As you probably saw exp-run was successful. Shall we commit it? :)
Also please remember that although https://reviews.freebsd.org/D24377 is already approved I have a question about it, which is the reason why I am waiting to commit that one (it's the review about documenting the libssh's vulnerability in vuln.xml).

Oh, I thought you had committed this already. Please make sure you ack antoine@ for the exp-run.

This revision is now accepted and ready to land.Apr 19 2020, 1:17 PM

On the contrary, when it will eventually become libssh.so.5 I will have to bump PORTREVISIONs, am I right?

Yes.

This revision was automatically updated to reflect the committed changes.