Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1667510

Summary: Update to newer libssh 0.8.5
Product: [Retired] Restraint Reporter: Bill Peck <bpeck>
Component: generalAssignee: Carol Bouchard <cbouchar>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 0.1.37CC: asavkov, bpeck, breilly, cbeer, cbouchar, mastyk
Target Milestone: 0.2.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-02-26 06:35:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bill Peck 2019-01-18 16:26:50 UTC
Description of problem:
current libssh (0.7.3) includes at least one CVE and has different linking requirements from 0.8.5.  This makes it hard to dynamically link without adding conditions to the Makefile.

While we could add the conditions we should also move to the latest version which includes a fix for a CVE

Version-Release number of selected component (if applicable):
0.1.37

Comment 1 Tomas Klohna 🔧 2019-03-27 12:54:50 UTC
Bill, let me know if you'd like to complete this issue. I have unassigned it because we cleaning all the issues we got.

Comment 2 Bill Peck 2019-04-02 12:29:31 UTC
I have been working on a patch to remove libssh completely.  I'll push this to gerrit Today to start the review process.

Comment 3 Bill Peck 2019-04-15 20:07:45 UTC
I've pushed my stdin/stdout change for restraint client.  It still needs cleaning up and much more testing.  But I wanted to get some other eyes on it sooner than later.  Let me know if you have any questions