Subject: CVS commit: pkgsrc/security/libssh
From: Ignatios Souvatzis
Date: 2013-02-01 14:33:49
Message id: 20130201133350.05ADE175DD@cvs.netbsd.org
Log Message:
Update libssh to (upstream) 0.5.4 == (our) 0.54.

(We need to keep the old numbering syntax to make versions compare
correctly.)

There are only two consumers in pkgsrc; one of them (remmina and
remmina-plugins) actually needed library version 0.4 or later, and
didn't build the ssh/sftp/nx plugins without. Hydra is also supposed
to build with 0.4.x and later.)

Upstream changelogs:

0.5.4:
	CVE-2013-0176 - NULL dereference leads to denial of service
	Fixed several NULL pointer dereferences in SSHv1.
	Fixed a free crash bug in options parsing.

and for completeness 0.5.3:

	This is an important SECURITY and maintenance release in
	order to address CVE-2012-4559, CVE-2012-4560, CVE-2012-4561
	and CVE-2012-4562.

	CVE-2012-4559 - Fix multiple double free() flaws
	CVE-2012-4560 - Fix multiple buffer overflow flaws
	CVE-2012-4561 - Fix multiple invalid free() flaws
	CVE-2012-4562 - Fix multiple improper overflow checks

	(...)
Files:
RevisionActionfile
1.3modifypkgsrc/security/libssh/DESCR
1.12modifypkgsrc/security/libssh/Makefile
1.4modifypkgsrc/security/libssh/PLIST
1.11modifypkgsrc/security/libssh/buildlink3.mk
1.6modifypkgsrc/security/libssh/distinfo
1.4modifypkgsrc/security/libssh/patches/patch-aa
1.1removepkgsrc/security/libssh/patches/patch-ab