From 20ffb9b0baa652e231840278536a748458e6d9d1 Mon Sep 17 00:00:00 2001
From: seuzw <930zhaowei@163.com>
Date: Tue, 18 Oct 2022 20:35:27 +0800
Subject: [PATCH] backport some upstream patches

---
 ...Avoid-false-positive-report-from-Cov.patch |  28 ++++
 backport-kdf-Avoid-endianess-issues.patch     | 125 ++++++++++++++++++
 ...port-misc-Fix-expanding-port-numbers.patch |  27 ++++
 ...x-format-truncation-in-ssh_path_expa.patch |  60 +++++++++
 ...port-misc-rename-gettimeofday-symbol.patch |  47 +++++++
 ...-Initialize-the-port-with-the-standa.patch |  27 ++++
 ...-socket_callbacks.data-will-be-set-t.patch |  29 ++++
 ...ket-Add-error-message-if-execv-fails.patch |  39 ++++++
 ...-Add-test-for-expanding-port-numbers.patch |  47 +++++++
 libssh.spec                                   |  26 +++-
 10 files changed, 454 insertions(+), 1 deletion(-)
 create mode 100644 backport-config-Avoid-false-positive-report-from-Cov.patch
 create mode 100644 backport-kdf-Avoid-endianess-issues.patch
 create mode 100644 backport-misc-Fix-expanding-port-numbers.patch
 create mode 100644 backport-misc-Fix-format-truncation-in-ssh_path_expa.patch
 create mode 100644 backport-misc-rename-gettimeofday-symbol.patch
 create mode 100644 backport-session-Initialize-the-port-with-the-standa.patch
 create mode 100644 backport-session-socket_callbacks.data-will-be-set-t.patch
 create mode 100644 backport-socket-Add-error-message-if-execv-fails.patch
 create mode 100644 backport-tests-Add-test-for-expanding-port-numbers.patch

diff --git a/backport-config-Avoid-false-positive-report-from-Cov.patch b/backport-config-Avoid-false-positive-report-from-Cov.patch
new file mode 100644
index 0000000..c242be0
--- /dev/null
+++ b/backport-config-Avoid-false-positive-report-from-Cov.patch
@@ -0,0 +1,28 @@
+From af85ee8e59798e178a9b2e763eaa5e9d3124eb3b Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 11 Aug 2022 15:46:49 +0200
+Subject: [PATCH] config: Avoid false positive report from Coveritt CID 1470006
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/config.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/config.c b/src/config.c
+index 8270b3a9..bc7afcc7 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -618,7 +618,8 @@ ssh_config_parse_line(ssh_session session,
+       opcode != SOC_MATCH &&
+       opcode != SOC_INCLUDE &&
+       opcode != SOC_IDENTITY &&
+-      opcode > SOC_UNSUPPORTED) { /* Ignore all unknown types here */
++      opcode > SOC_UNSUPPORTED &&
++      opcode < SOC_MAX) { /* Ignore all unknown types here */
+       /* Skip all the options that were already applied */
+       if (seen[opcode] != 0) {
+           SAFE_FREE(x);
+-- 
+2.33.0
+
diff --git a/backport-kdf-Avoid-endianess-issues.patch b/backport-kdf-Avoid-endianess-issues.patch
new file mode 100644
index 0000000..690a244
--- /dev/null
+++ b/backport-kdf-Avoid-endianess-issues.patch
@@ -0,0 +1,125 @@
+From 915df080588ce815c80da804780438ce9b2ac390 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 7 Sep 2022 12:40:00 +0200
+Subject: [PATCH] kdf: Avoid endianess issues
+
+The key_type is only a letter, if we use and `int` and then cast it to
+(const char *) we will end up with a 0 value on big endian.
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+---
+ include/libssh/crypto.h  | 2 +-
+ include/libssh/wrapper.h | 2 +-
+ src/kdf.c                | 5 ++---
+ src/libcrypto.c          | 4 ++--
+ src/libgcrypt.c          | 2 +-
+ src/libmbedcrypto.c      | 2 +-
+ 6 files changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
+index f40d76b9..1d73613b 100644
+--- a/include/libssh/crypto.h
++++ b/include/libssh/crypto.h
+@@ -219,7 +219,7 @@ struct ssh_cipher_struct {
+ const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
+ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
+                       unsigned char *key, size_t key_len,
+-                      int key_type, unsigned char *output,
++                      uint8_t key_type, unsigned char *output,
+                       size_t requested_len);
+ 
+ #endif /* _CRYPTO_H_ */
+diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+index fd57cdb1..f4a33d2d 100644
+--- a/include/libssh/wrapper.h
++++ b/include/libssh/wrapper.h
+@@ -103,7 +103,7 @@ size_t hmac_digest_len(enum ssh_hmac_e type);
+ 
+ int ssh_kdf(struct ssh_crypto_struct *crypto,
+             unsigned char *key, size_t key_len,
+-            int key_type, unsigned char *output,
++            uint8_t key_type, unsigned char *output,
+             size_t requested_len);
+ 
+ int crypt_set_algorithms_client(ssh_session session);
+diff --git a/src/kdf.c b/src/kdf.c
+index a88c92f8..44f06631 100644
+--- a/src/kdf.c
++++ b/src/kdf.c
+@@ -116,14 +116,13 @@ static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
+ 
+ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
+                       unsigned char *key, size_t key_len,
+-                      int key_type, unsigned char *output,
++                      uint8_t key_type, unsigned char *output,
+                       size_t requested_len)
+ {
+     /* Can't use VLAs with Visual Studio, so allocate the biggest
+      * digest buffer we can possibly need */
+     unsigned char digest[DIGEST_MAX_LEN];
+     size_t output_len = crypto->digest_len;
+-    char letter = key_type;
+     ssh_mac_ctx ctx;
+ 
+     if (DIGEST_MAX_LEN < crypto->digest_len) {
+@@ -137,7 +136,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
+ 
+     ssh_mac_update(ctx, key, key_len);
+     ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
+-    ssh_mac_update(ctx, &letter, 1);
++    ssh_mac_update(ctx, &key_type, 1);
+     ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
+     ssh_mac_final(digest, ctx);
+ 
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index 5fef5209..468b63f0 100644
+--- a/src/libcrypto.c
++++ b/src/libcrypto.c
+@@ -214,7 +214,7 @@ static const char *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
+ 
+ int ssh_kdf(struct ssh_crypto_struct *crypto,
+             unsigned char *key, size_t key_len,
+-            int key_type, unsigned char *output,
++            uint8_t key_type, unsigned char *output,
+             size_t requested_len)
+ {
+     EVP_KDF_CTX *ctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
+@@ -330,7 +330,7 @@ out:
+ #else
+ int ssh_kdf(struct ssh_crypto_struct *crypto,
+             unsigned char *key, size_t key_len,
+-            int key_type, unsigned char *output,
++            uint8_t key_type, unsigned char *output,
+             size_t requested_len)
+ {
+     return sshkdf_derive_key(crypto, key, key_len,
+diff --git a/src/libgcrypt.c b/src/libgcrypt.c
+index b8b86593..da5588ad 100644
+--- a/src/libgcrypt.c
++++ b/src/libgcrypt.c
+@@ -124,7 +124,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
+ 
+ int ssh_kdf(struct ssh_crypto_struct *crypto,
+             unsigned char *key, size_t key_len,
+-            int key_type, unsigned char *output,
++            uint8_t key_type, unsigned char *output,
+             size_t requested_len)
+ {
+     return sshkdf_derive_key(crypto, key, key_len,
+diff --git a/src/libmbedcrypto.c b/src/libmbedcrypto.c
+index c8137ce0..6d84bd51 100644
+--- a/src/libmbedcrypto.c
++++ b/src/libmbedcrypto.c
+@@ -127,7 +127,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
+ 
+ int ssh_kdf(struct ssh_crypto_struct *crypto,
+             unsigned char *key, size_t key_len,
+-            int key_type, unsigned char *output,
++            uint8_t key_type, unsigned char *output,
+             size_t requested_len)
+ {
+     return sshkdf_derive_key(crypto, key, key_len,
+-- 
+2.33.0
+
diff --git a/backport-misc-Fix-expanding-port-numbers.patch b/backport-misc-Fix-expanding-port-numbers.patch
new file mode 100644
index 0000000..6f67555
--- /dev/null
+++ b/backport-misc-Fix-expanding-port-numbers.patch
@@ -0,0 +1,27 @@
+From 648baf0f3c567280e6decfa49ebc6fa01b635bdd Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Mon, 29 Aug 2022 10:03:40 +0200
+Subject: [PATCH] misc: Fix expanding port numbers
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/misc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/misc.c b/src/misc.c
+index a2fdf31a..11a7479c 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -1237,7 +1237,7 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
+                 x = strdup(session->opts.username);
+                 break;
+             case 'p':
+-                if (session->opts.port > 0) {
++                {
+                   char tmp[6];
+ 
+                   snprintf(tmp, sizeof(tmp), "%hu",
+-- 
+2.33.0
+
diff --git a/backport-misc-Fix-format-truncation-in-ssh_path_expa.patch b/backport-misc-Fix-format-truncation-in-ssh_path_expa.patch
new file mode 100644
index 0000000..2f7cd07
--- /dev/null
+++ b/backport-misc-Fix-format-truncation-in-ssh_path_expa.patch
@@ -0,0 +1,60 @@
+From 20406e51c9e1e096dc8ba47975abad448a51bfc1 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Fri, 26 Aug 2022 13:07:28 +0200
+Subject: [PATCH] misc: Fix format truncation in ssh_path_expand_escape()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+error: ‘%u’ directive output may be truncated writing between 1 and 10
+bytes into a region of size 6.
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ include/libssh/session.h |  2 +-
+ src/misc.c               | 15 +++++++--------
+ 2 files changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/include/libssh/session.h b/include/libssh/session.h
+index 0a6fb080..d3e5787c 100644
+--- a/include/libssh/session.h
++++ b/include/libssh/session.h
+@@ -223,7 +223,7 @@ struct ssh_session_struct {
+         char *custombanner;
+         unsigned long timeout; /* seconds */
+         unsigned long timeout_usec;
+-        unsigned int port;
++        uint16_t port;
+         socket_t fd;
+         int StrictHostKeyChecking;
+         char compressionlevel;
+diff --git a/src/misc.c b/src/misc.c
+index e6264101..a2fdf31a 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -1237,14 +1237,13 @@ char *ssh_path_expand_escape(ssh_session session, const char *s)
+                 x = strdup(session->opts.username);
+                 break;
+             case 'p':
+-                if (session->opts.port < 65536) {
+-                    char tmp[6];
+-
+-                    snprintf(tmp,
+-                             sizeof(tmp),
+-                             "%u",
+-                             session->opts.port > 0 ? session->opts.port : 22);
+-                    x = strdup(tmp);
++                if (session->opts.port > 0) {
++                  char tmp[6];
++
++                  snprintf(tmp, sizeof(tmp), "%hu",
++                           (uint16_t)(session->opts.port > 0 ? session->opts.port
++                                                             : 22));
++                  x = strdup(tmp);
+                 }
+                 break;
+             default:
+-- 
+2.33.0
+
diff --git a/backport-misc-rename-gettimeofday-symbol.patch b/backport-misc-rename-gettimeofday-symbol.patch
new file mode 100644
index 0000000..c95ea74
--- /dev/null
+++ b/backport-misc-rename-gettimeofday-symbol.patch
@@ -0,0 +1,47 @@
+From 17aec429f539517468446191e3da91df40e352d1 Mon Sep 17 00:00:00 2001
+From: Timo Rothenpieler <timo@rothenpieler.org>
+Date: Sat, 20 Aug 2022 16:00:15 +0200
+Subject: [PATCH] misc: rename gettimeofday symbol
+
+mingw does have this function, even though it appears to be deprecated.
+So the symbol has to have a different name, or linking becomes
+impossible.
+
+Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ include/libssh/priv.h | 4 +++-
+ src/misc.c            | 2 +-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/include/libssh/priv.h b/include/libssh/priv.h
+index ad932d2f..bab761b0 100644
+--- a/include/libssh/priv.h
++++ b/include/libssh/priv.h
+@@ -152,7 +152,9 @@ char *strndup(const char *s, size_t n);
+ # endif /* _MSC_VER */
+ 
+ struct timeval;
+-int gettimeofday(struct timeval *__p, void *__t);
++int ssh_gettimeofday(struct timeval *__p, void *__t);
++
++#define gettimeofday ssh_gettimeofday
+ 
+ #define _XCLOSESOCKET closesocket
+ 
+diff --git a/src/misc.c b/src/misc.c
+index 81b23f25..e6264101 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -160,7 +160,7 @@ int ssh_dir_writeable(const char *path)
+ #define SSH_USEC_IN_SEC         1000000LL
+ #define SSH_SECONDS_SINCE_1601  11644473600LL
+ 
+-int gettimeofday(struct timeval *__p, void *__t) {
++int ssh_gettimeofday(struct timeval *__p, void *__t) {
+   union {
+     unsigned long long ns100; /* time since 1 Jan 1601 in 100ns units */
+     FILETIME ft;
+-- 
+2.33.0
+
diff --git a/backport-session-Initialize-the-port-with-the-standa.patch b/backport-session-Initialize-the-port-with-the-standa.patch
new file mode 100644
index 0000000..ea952b2
--- /dev/null
+++ b/backport-session-Initialize-the-port-with-the-standa.patch
@@ -0,0 +1,27 @@
+From f306aafdc6a6730538ca10a510fe3bd18714342c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Mon, 29 Aug 2022 10:05:22 +0200
+Subject: [PATCH] session: Initialize the port with the standard port (22)
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/session.c b/src/session.c
+index 9e1da5cd..6025c133 100644
+--- a/src/session.c
++++ b/src/session.c
+@@ -104,7 +104,7 @@ ssh_session ssh_new(void)
+ 
+     /* OPTIONS */
+     session->opts.StrictHostKeyChecking = 1;
+-    session->opts.port = 0;
++    session->opts.port = 22;
+     session->opts.fd = -1;
+     session->opts.compressionlevel = 7;
+     session->opts.nodelay = 0;
+-- 
+2.33.0
+
diff --git a/backport-session-socket_callbacks.data-will-be-set-t.patch b/backport-session-socket_callbacks.data-will-be-set-t.patch
new file mode 100644
index 0000000..b747a4c
--- /dev/null
+++ b/backport-session-socket_callbacks.data-will-be-set-t.patch
@@ -0,0 +1,29 @@
+From 0799775185c4d9a26bbf074f11bf17aa5b055b3f Mon Sep 17 00:00:00 2001
+From: renmingshuai <renmingshuai@huawei.com>
+Date: Thu, 18 Aug 2022 20:00:25 +0800
+Subject: [PATCH] session->socket_callbacks.data will be set to
+ ssh_packet_socket_callback
+
+in ssh_packet_register_socket_callback. Here is redundant.
+
+Signed-off-by: renmingshuai <renmingshuai@huawei.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/server.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/server.c b/src/server.c
+index e33c9366..04949a94 100644
+--- a/src/server.c
++++ b/src/server.c
+@@ -361,7 +361,6 @@ static void ssh_server_connection_callback(ssh_session session){
+             }
+ 
+             /* from now, the packet layer is handling incoming packets */
+-            session->socket_callbacks.data=ssh_packet_socket_callback;
+             ssh_packet_register_socket_callback(session, session->socket);
+ 
+             ssh_packet_set_default_callbacks(session);
+-- 
+2.33.0
+
diff --git a/backport-socket-Add-error-message-if-execv-fails.patch b/backport-socket-Add-error-message-if-execv-fails.patch
new file mode 100644
index 0000000..73f5f0e
--- /dev/null
+++ b/backport-socket-Add-error-message-if-execv-fails.patch
@@ -0,0 +1,39 @@
+From 2546b6224223890af669c272c70ab45ec0298659 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Mon, 29 Aug 2022 13:32:09 +0200
+Subject: [PATCH] socket: Add error message if execv fails
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/socket.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/socket.c b/src/socket.c
+index bd2cd28c..525b304f 100644
+--- a/src/socket.c
++++ b/src/socket.c
+@@ -891,6 +891,7 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
+ ssh_execute_command(const char *command, socket_t in, socket_t out)
+ {
+     const char *args[] = {"/bin/sh", "-c", command, NULL};
++    int rc;
+     /* Prepare /dev/null socket for the stderr redirection */
+     int devnull = open("/dev/null", O_WRONLY);
+     if (devnull == -1) {
+@@ -915,7 +916,11 @@ ssh_execute_command(const char *command, socket_t in, socket_t out)
+     dup2(devnull, STDERR_FILENO);
+     close(in);
+     close(out);
+-    execv(args[0], (char * const *)args);
++    rc = execv(args[0], (char * const *)args);
++    if (rc < 0) {
++        SSH_LOG(SSH_LOG_WARN, "Failed to execute command %s: %s",
++                command, strerror(errno));
++    }
+     exit(1);
+ }
+ 
+-- 
+2.33.0
+
diff --git a/backport-tests-Add-test-for-expanding-port-numbers.patch b/backport-tests-Add-test-for-expanding-port-numbers.patch
new file mode 100644
index 0000000..e542836
--- /dev/null
+++ b/backport-tests-Add-test-for-expanding-port-numbers.patch
@@ -0,0 +1,47 @@
+From 8c0be750db787d70863ad3bbbc1e70e75a8e223f Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Mon, 29 Aug 2022 10:08:58 +0200
+Subject: [PATCH] tests: Add test for expanding port numbers
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ tests/unittests/torture_misc.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
+index 354f37bc..6fdf3ab5 100644
+--- a/tests/unittests/torture_misc.c
++++ b/tests/unittests/torture_misc.c
+@@ -168,17 +168,25 @@ static void torture_path_expand_tilde_unix(void **state) {
+ 
+ static void torture_path_expand_escape(void **state) {
+     ssh_session session = *state;
+-    const char *s = "%d/%h/by/%r";
++    const char *s = "%d/%h/%p/by/%r";
+     char *e;
+ 
+     session->opts.sshdir = strdup("guru");
+     session->opts.host = strdup("meditation");
++    session->opts.port = 0;
+     session->opts.username = strdup("root");
+ 
+     e = ssh_path_expand_escape(session, s);
+     assert_non_null(e);
+-    assert_string_equal(e, "guru/meditation/by/root");
+-    free(e);
++    assert_string_equal(e, "guru/meditation/22/by/root");
++    ssh_string_free_char(e);
++
++    session->opts.port = 222;
++
++    e = ssh_path_expand_escape(session, s);
++    assert_non_null(e);
++    assert_string_equal(e, "guru/meditation/222/by/root");
++    ssh_string_free_char(e);
+ }
+ 
+ static void torture_path_expand_known_hosts(void **state) {
+-- 
+2.33.0
+
diff --git a/libssh.spec b/libssh.spec
index 21e10b9..1b2cc92 100644
--- a/libssh.spec
+++ b/libssh.spec
@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.6
-Release:        4
+Release:        5
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -18,6 +18,15 @@ Patch5:         backport-options-Parse-hostname-by-last.patch
 Patch6:         backport-torture_options-Add-test-for-in-login-name.patch
 Patch7:         backport-session-Initialize-pointers.patch
 Patch8:         backport-tests-Ensure-the-mode-of-the-created-file-is.patch
+Patch9:         backport-session-socket_callbacks.data-will-be-set-t.patch
+Patch10:        backport-config-Avoid-false-positive-report-from-Cov.patch
+Patch11:        backport-kdf-Avoid-endianess-issues.patch
+Patch12:        backport-misc-rename-gettimeofday-symbol.patch
+Patch13:        backport-misc-Fix-format-truncation-in-ssh_path_expa.patch
+Patch14:        backport-misc-Fix-expanding-port-numbers.patch
+Patch15:        backport-session-Initialize-the-port-with-the-standa.patch
+Patch16:        backport-tests-Add-test-for-expanding-port-numbers.patch
+Patch17:        backport-socket-Add-error-message-if-execv-fails.patch
 
 BuildRequires:  cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
 BuildRequires:  krb5-devel libcmocka-devel openssh-clients openssh-server
@@ -103,6 +112,21 @@ popd
 %doc ChangeLog README
 
 %changelog
+* Tue Oct 18 2022 seuzw <930zhaowei@163.com> - 0.9.6-5
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:backport some upstream patches:
+       Avoid false positive report from Coveritt CID 1470006
+       kdf: Avoid endianess issues
+       misc: Fix format truncation in ssh_path_expand_escape()
+       misc: Fix expanding port numbers
+       misc: rename gettimeofday symbol
+       session: Initialize the port with the standard port (22)
+       session->socket_callbacks.data will be set to ssh_packet_socket_callback
+       socket: Add error message if execv fails
+       tests: Add test for expanding port numbers
+
 * Thu Oct 13 2022 xinghe <xinghe2@h-partners.com> - 0.9.6-4
 - Type:bugfix
 - Id:NA
-- 
Gitee