Created attachment 156619 [details] Patch v1 The attached patch updated libssh to 0.6.5, which was released at the end of April to address CVE-2015-3146. The changelog can be found here: https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/ It includes a fix for the issue that caused the GCRYPT option to fail with 0.6.4 as well. security/vuxml needs an entry, and the fix needs to be MFH'ed to the stable branch too.
Approved.
A commit references this bug: Author: rakuco Date: Sun May 10 20:25:59 UTC 2015 New revision: 386027 URL: https://svnweb.freebsd.org/changeset/ports/386027 Log: Update to 0.6.5 to fix CVE-2015-3146 (null pointer dereference). This release also fixed the bug in 0.6.4 that prevented the GCRYPT option from working. PR: 200106 Approved by: johans MFH: 2015Q2 Security: 0b040e24-f751-11e4-b24d-5453ed2e2b49 Changes: head/security/libssh/Makefile head/security/libssh/distinfo head/security/libssh/pkg-plist
*** Bug 200107 has been marked as a duplicate of this bug. ***
Assign to committer and close.
A commit references this bug: Author: rakuco Date: Tue May 12 06:46:13 UTC 2015 New revision: 386123 URL: https://svnweb.freebsd.org/changeset/ports/386123 Log: MFH: r386027 Update to 0.6.5 to fix CVE-2015-3146 (null pointer dereference). This release also fixed the bug in 0.6.4 that prevented the GCRYPT option from working. PR: 200106 Approved by: johans Security: 0b040e24-f751-11e4-b24d-5453ed2e2b49 Approved by: portmgr (erwin) Changes: _U branches/2015Q2/ branches/2015Q2/security/libssh/Makefile branches/2015Q2/security/libssh/distinfo branches/2015Q2/security/libssh/pkg-plist