Security release to fix CVE-2020-1730.
I already tested it successfully with poudriere on 11.3, 12.1, 13.0 both amd64 and i386.
According to https://www.freshports.org/security/libssh/ libssh is required by default for 20 ports. I know it is a small number but building all of them 6 times (3 OS versions and 2 architectures) is a real pain on my machine, so I still would like to ask for an exp-run if possible. Does the patch looks good enough? Can I ask the exp-run mentors? :-)
As for PORTREVISION bumps I think they are not necessary because the soname libssh.so.4 stays the same: is that right? On the contrary, when it will eventually become libssh.so.5 I will have to bump PORTREVISIONs, am I right?
As you probably saw exp-run was successful. Shall we commit it? :)
Also please remember that although https://reviews.freebsd.org/D24377 is already approved I have a question about it, which is the reason why I am waiting to commit that one (it's the review about documenting the libssh's vulnerability in vuln.xml).