Bug 187595 - security/libssh should be updated to 0.6.3 (CVE-2014-0017)
Summary: security/libssh should be updated to 0.6.3 (CVE-2014-0017)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Dima Panov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-14 21:40 UTC by Florian Degner
Modified: 2014-10-30 16:33 UTC (History)
1 user (show)

See Also:

Attachments
file.diff (1.38 KB, patch)
2014-03-14 21:40 UTC, Florian Degner 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Degner 2014-03-14 21:40:00 UTC 
The current version of libssh (0.6.3) fixes CVE-2014-0017 which could lead to the leak of the private key.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2014-03-14 21:40:09 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->fluffy

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 commit-hook freebsd_committer freebsd_triage 2014-10-29 22:17:08 UTC 
A commit references this bug:

Author: rakuco
Date: Wed Oct 29 22:16:53 UTC 2014
New revision: 371716
URL: https://svnweb.freebsd.org/changeset/ports/371716

Log:
  Update to 0.6.3 to fix CVE-2014-0017.

  While here, get rid of a lot of cruft:
  - Use an https in MASTER_SITES and stop using a snapshot URL for the
    tarballs.
  - Switch to an out-of-source CMake build with USES=cmake:outsource, and get
    rid of all the messing around with CMAKE_SOURCE_PATH and *_WRKSRC.
  - Move the LICENSE block to the right place to pet portlint.
  - Explicitly set CMAKE_ARGS with some options which we were already
    implicitly assuming to be set.
  - Disable examples and tests via CMAKE_ARGS instead of using an ugly sed
    call.
  - Do not pass WITH_OPENSSL=ON/OFF to CMake, this has no effect in the build
    system.
  - Stop gratuitously including bsd.port.options.mk.
  - Remove sed calls and patches related to the libssh_threads. I fixed some
    of the problems a few releases ago upstream, and the things I've removed
    now just look unnecessary.

  PR:		187595
  Approved by:	fluffy (implicit, and 230 days of timeout)
  MFH:		2014Q4
  Security:	f8c88d50-5fb3-11e4-81bd-5453ed2e2b49

Changes:
  head/security/libssh/Makefile
  head/security/libssh/distinfo
  head/security/libssh/files/
  head/security/libssh/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2014-10-30 16:33:36 UTC 
A commit references this bug:

Author: rakuco
Date: Thu Oct 30 16:33:26 UTC 2014
New revision: 371760
URL: https://svnweb.freebsd.org/changeset/ports/371760

Log:
  MFH: r371716

  Update to 0.6.3 to fix CVE-2014-0017.

  While here, get rid of a lot of cruft:
  - Use an https in MASTER_SITES and stop using a snapshot URL for the
    tarballs.
  - Switch to an out-of-source CMake build with USES=cmake:outsource, and get
    rid of all the messing around with CMAKE_SOURCE_PATH and *_WRKSRC.
  - Move the LICENSE block to the right place to pet portlint.
  - Explicitly set CMAKE_ARGS with some options which we were already
    implicitly assuming to be set.
  - Disable examples and tests via CMAKE_ARGS instead of using an ugly sed
    call.
  - Do not pass WITH_OPENSSL=ON/OFF to CMake, this has no effect in the build
    system.
  - Stop gratuitously including bsd.port.options.mk.
  - Remove sed calls and patches related to the libssh_threads. I fixed some
    of the problems a few releases ago upstream, and the things I've removed
    now just look unnecessary.

  PR:		187595
  Approved by:	fluffy (implicit, and 230 days of timeout)
  Security:	f8c88d50-5fb3-11e4-81bd-5453ed2e2b49

  Approved by:	ports-secteam (ray)

Changes:
_U  branches/2014Q4/
  branches/2014Q4/security/libssh/Makefile
  branches/2014Q4/security/libssh/distinfo
  branches/2014Q4/security/libssh/files/
  branches/2014Q4/security/libssh/pkg-plist