|Summary:||security/rubygem-net-ssh: Update to 5.2.0, Add pkg-message|
|Product:||Ports & Packages||Reporter:||Romain Tartière <romain>|
|Component:||Individual Port(s)||Assignee:||freebsd-ruby mailing list <ruby>|
|Severity:||Affects Only Me||Keywords:||easy, needs-qa|
Description Romain Tartière 2019-04-13 00:07:20 UTC
Created attachment 203630 [details] Update to 5.2.0 A new release of security/rubygem-net-ssh is available (5.2.0). The attached patch add a pkg-message entry to inform end-users about net-ssh not validating ssh keys the same way as OpenSSH itself and leading to authentication failures; and include a workaround for this issue. The issue is expected to vanish with the removal of the extra checks which are planned for a future major release.
Comment 1 Sunpoet Po-Chuan Hsieh 2019-04-24 17:27:32 UTC
The patch looks good to me. Did you test all dependent ports? I checked some and noticed that sysutils/vagrant requires "net-ssh ~> 5.1.0".
Comment 2 Romain Tartière 2019-04-24 17:44:32 UTC
Good catch: I only tested this through poudriere with the packages I am using… Do you think we should ask for an exp-run?
Comment 3 Sunpoet Po-Chuan Hsieh 2019-04-24 17:52:32 UTC
The dependent ports are: devel/rubygem-cheffish devel/rubygem-pdk net-mgmt/rubygem-oxidized net/rubygem-rye security/metasploit security/rubygem-metasploit-credential security/rubygem-net-scp security/rubygem-net-sftp security/rubygem-net-ssh-gateway security/rubygem-net-ssh-gateway1 security/rubygem-net-ssh-multi security/rubygem-sshkit sysutils/rhc sysutils/rubygem-backup sysutils/rubygem-specinfra sysutils/vagrant www/gitlab-ce It seems sysutils/vagrant is the only one needs gemspec patch.
Comment 4 Romain Tartière 2019-04-24 18:10:44 UTC
net-ssh is using semver (at least, 3.0.0 entry in the ChangeLog says so), vagrant requests "~> 5.1.0", so I guess this cna be changed to "~> 5.1" without causing any issue. I am starting a build of vagrant with such a change and will report back.
Comment 5 Romain Tartière 2019-04-25 02:24:22 UTC
Created attachment 203995 [details] Patch for vragrant It looks like we have to patch vagrant: with the attached patch, I am able to `vagrant up` and `vagrant ssh` into a box.
Comment 6 Sunpoet Po-Chuan Hsieh 2019-04-25 13:00:12 UTC