Bump libssh to master 2025-11-17#90362
Merged
rschu1ze merged 5 commits intoClickHouse:masterfrom Nov 20, 2025
Merged
Conversation
Closed
rschu1ze
reviewed
Nov 19, 2025
rschu1ze
reviewed
Nov 19, 2025
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
rschu1ze
changed the title
rschu1ze
approved these changes
Nov 19, 2025
rschu1ze
added
the
can be tested
Contributor
clickhouse-gh
Bot
added
pr-build
Member
|
@Revertionist Some build + tests were destroyed. Do you like to check? |
Contributor
Author
|
I will check, could you give me a brief idea on what these tests are? Before raising the PR I just tried building on a linux VM |
Contributor
Author
|
@rschu1ze Two required checks are failing but these seem unrelated to the libssh upgrade I made. Am I allowed to make changes to the |
Member
|
There is a weird build error, I merged from master once more. |
Member
Yes, but it is not needed to change anything in this directory. |
Member
|
I think we are good (test and build failures are unrelated). Merging. |
rschu1ze
added
the
pr-must-backport
robot-ch-test-poll
added
the
pr-synced-to-cloud
robot-clickhouse-ci-2
added
the
pr-must-backport-synced
robot-clickhouse
added a commit
that referenced
this pull request
Nov 20, 2025
This was referenced Nov 20, 2025
robot-clickhouse
added a commit
that referenced
this pull request
Nov 20, 2025
This was referenced Nov 20, 2025
robot-clickhouse
added a commit
that referenced
this pull request
Nov 20, 2025
This was referenced Nov 20, 2025
robot-clickhouse
added a commit
that referenced
this pull request
Nov 20, 2025
robot-ch-test-poll1
added
the
pr-backports-created
rschu1ze
pushed a commit
that referenced
this pull request
Nov 25, 2025
This is an amalgamation of - #90362 and - #90612 The first PR bumps libssh from 0.9.8 to dev (future 0.12). This fixes CVE-2025-5318. The second PR resolves a TSAN failure (*) that the first PR introduced. (*) #90663
Merged
rschu1ze
pushed a commit
that referenced
this pull request
Nov 25, 2025
This is an amalgamation of - #90362 and - #90612 The first PR bumps libssh from 0.9.8 to dev (future 0.12). This fixes CVE-2025-5318. The second PR resolves a TSAN failure (*) that the first PR introduced. (*) #90663
Merged
rschu1ze
pushed a commit
that referenced
this pull request
Nov 25, 2025
This is an amalgamation of - #90362 and - #90612 The first PR bumps libssh from 0.9.8 to dev (future 0.12). This fixes CVE-2025-5318. The second PR resolves a TSAN failure (*) that the first PR introduced. (*) #90663
Closed
rschu1ze
pushed a commit
that referenced
this pull request
Nov 25, 2025
This is an amalgamation of - #90362 and - #90612 The first PR bumps libssh from 0.9.8 to dev (future 0.12). This fixes CVE-2025-5318. The second PR resolves a TSAN failure (*) that the first PR introduced. (*) #90663
Closed
rschu1ze
pushed a commit
that referenced
this pull request
Nov 25, 2025
This is an amalgamation of - #90362 and - #90612 The first PR bumps libssh from 0.9.8 to dev (future 0.12). This fixes CVE-2025-5318. The second PR resolves a TSAN failure (*) that the first PR introduced. (*) #90663
This was referenced Nov 25, 2025
Closed
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes into CHANGELOG.md):
Bump libssh from 0.9.8 to
master(0.11.3). This resolves CVE-2025-5318.Details
Addresses CVE GHSA-98qw-prqm-9f4p
libssh master (libssh-0.12) contains 2 PKI signing functions that were until now manually implemented in ClickHouse's fork (see here). Instead of continuing to manage these custom patches, this PR uses the native signing functionality available in libssh (we need to bump to the development version of libssh for that). Reference: #89801 (comment)