CVS commit: pkgsrc/security/libssh

["Ignatios Souvatzis" <is%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   is
Date:           Fri Feb  1 13:33:49 UTC 2013

Modified Files:
        pkgsrc/security/libssh: DESCR Makefile PLIST buildlink3.mk distinfo
        pkgsrc/security/libssh/patches: patch-aa
Removed Files:
        pkgsrc/security/libssh/patches: patch-ab

Log Message:
Update libssh to (upstream) 0.5.4 == (our) 0.54.

(We need to keep the old numbering syntax to make versions compare
correctly.)

There are only two consumers in pkgsrc; one of them (remmina and
remmina-plugins) actually needed library version 0.4 or later, and
didn't build the ssh/sftp/nx plugins without. Hydra is also supposed
to build with 0.4.x and later.)

Upstream changelogs:

0.5.4:
        CVE-2013-0176 - NULL dereference leads to denial of service
        Fixed several NULL pointer dereferences in SSHv1.
        Fixed a free crash bug in options parsing.

and for completeness 0.5.3:

        This is an important SECURITY and maintenance release in
        order to address CVE-2012-4559, CVE-2012-4560, CVE-2012-4561
        and CVE-2012-4562.

        CVE-2012-4559 - Fix multiple double free() flaws
        CVE-2012-4560 - Fix multiple buffer overflow flaws
        CVE-2012-4561 - Fix multiple invalid free() flaws
        CVE-2012-4562 - Fix multiple improper overflow checks

        (...)


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/libssh/DESCR
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/libssh/Makefile
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/libssh/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/libssh/buildlink3.mk
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/libssh/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/security/libssh/patches/patch-aa
cvs rdiff -u -r1.1 -r0 pkgsrc/security/libssh/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.