!32 backport upstream patches

From: @eaglegai 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw

backport-Add-errno-reset-with-strtoul-call.patch

@@ -0,0 +1,62 @@
+From eb9dc8cfc45875ddf8dd193eb16e506937ce5355 Mon Sep 17 00:00:00 2001
+From: Norbert Pocs <npocs@redhat.com>
+Date: Tue, 7 Jun 2022 14:28:30 +0200
+Subject: [PATCH] Add errno reset with strtoul call
+
+Contaminated errno can happen before strtoul call, thereofore
+cleaning it before the call.
+The errno is not used for checking later in code if fail happens,
+therefore cleaning it right after error.
+
+Signed-off-by: Norbert Pocs <npocs@redhat.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/misc.c           | 4 ++++
+ tests/pkd/pkd_util.c | 1 +
+ 2 files changed, 5 insertions(+)
+
+diff --git a/src/misc.c b/src/misc.c
+index f7efb9df..e890e829 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -1361,21 +1361,25 @@ int ssh_analyze_banner(ssh_session session, int server)
+          * 012345678901234567890
+          */
+         if (strlen(openssh) > 9) {
++            errno = 0;
+             major = strtoul(openssh + 8, &tmp, 10);
+             if ((tmp == (openssh + 8)) ||
+                 ((errno == ERANGE) && (major == ULONG_MAX)) ||
+                 ((errno != 0) && (major == 0)) ||
+                 ((major < 1) || (major > 100))) {
+                 /* invalid major */
++                errno = 0;
+                 goto done;
+             }
+ 
++            errno = 0;
+             minor = strtoul(openssh + 10, &tmp, 10);
+             if ((tmp == (openssh + 10)) ||
+                 ((errno == ERANGE) && (major == ULONG_MAX)) ||
+                 ((errno != 0) && (major == 0)) ||
+                 (minor > 100)) {
+                 /* invalid minor */
++                errno = 0;
+                 goto done;
+             }
+ 
+diff --git a/tests/pkd/pkd_util.c b/tests/pkd/pkd_util.c
+index 0e3b19b4..e8e6fbb7 100644
+--- a/tests/pkd/pkd_util.c
++++ b/tests/pkd/pkd_util.c
+@@ -81,6 +81,7 @@ static int is_openssh_client_new_enough(void) {
+         ((major < 1) || (major > 100))) {
+         fprintf(stderr, "failed to parse OpenSSH client version, "
+                         "errno %d\n", errno);
++        errno = 0;
+         goto errversion;
+     }
+ 
+-- 
+2.33.0
+

backport-auth-Fix-error-returned-in-ssh_userauth_try_publicke.patch

@@ -0,0 +1,27 @@
+From f6ad8057a71e7a690d31d43c3797081ff544e3fd Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 22 Jun 2022 15:22:37 +0200
+Subject: [PATCH] auth: Fix error returned in ssh_userauth_try_publickey()
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/auth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/auth.c b/src/auth.c
+index 2e48cfc6..6343c6a9 100644
+--- a/src/auth.c
++++ b/src/auth.c
+@@ -518,7 +518,7 @@ int ssh_userauth_try_publickey(ssh_session session,
+                           SSH_FATAL,
+                           "Wrong state (%d) during pending SSH call",
+                           session->pending_call_state);
+-            return SSH_ERROR;
++            return SSH_AUTH_ERROR;
+     }
+ 
+     /* Check if the given public key algorithm is allowed */
+-- 
+2.33.0
+

backport-client-Do-not-close-the-socket-if-it-was-set-via-opt.patch

@@ -0,0 +1,32 @@
+From 4b20d7ad1882feafb28e4371cd7c7c1c9c499153 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Tue, 19 Apr 2022 16:22:12 +0200
+Subject: [PATCH] client: Do not close the socket if it was set via options
+
+Fixes #122
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/client.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/client.c b/src/client.c
+index 4e2a299d..a41764f1 100644
+--- a/src/client.c
++++ b/src/client.c
+@@ -720,7 +720,10 @@ ssh_disconnect(ssh_session session)
+     }
+ 
+     ssh_packet_send(session);
+-    ssh_socket_close(session->socket);
++    /* Do not close the socket, if the fd was set via options. */
++    if (session->opts.fd == SSH_INVALID_SOCKET) {
++        ssh_socket_close(session->socket);
++    }
+   }
+ error:
+   session->recv_seq = 0;
+-- 
+2.33.0
+

backport-libsshpp-Fix-openForward-to-not-set-sourcehost-to-NU.patch

@@ -0,0 +1,32 @@
+From a889527c1b8f9831b47ceac510057585cdc81d39 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 15 Jun 2022 15:10:08 +0200
+Subject: [PATCH] libsshpp: Fix openForward to not set sourcehost to NULL by
+ default
+
+This parameter is required.
+
+Fixes #25
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ include/libssh/libsshpp.hpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/libssh/libsshpp.hpp b/include/libssh/libsshpp.hpp
+index a678d375..602c7aec 100644
+--- a/include/libssh/libsshpp.hpp
++++ b/include/libssh/libsshpp.hpp
+@@ -523,7 +523,7 @@ public:
+     return ssh_channel_is_open(channel) != 0;
+   }
+   int openForward(const char *remotehost, int remoteport,
+-      const char *sourcehost=NULL, int localport=0){
++      const char *sourcehost, int localport=0){
+     int err=ssh_channel_open_forward(channel,remotehost,remoteport,
+         sourcehost, localport);
+     ssh_throw(err);
+-- 
+2.33.0
+

backport-sftp-fix-the-length-calculation-of-packet-in-sftp_wr.patch

@@ -0,0 +1,29 @@
+From 332f1c2e093de27e7fcfe22d80f0660c57e002eb Mon Sep 17 00:00:00 2001
+From: tatataeki <shengzeyu19_98@163.com>
+Date: Wed, 29 Jun 2022 14:20:48 +0800
+Subject: [PATCH] sftp: fix the length calculation of packet in sftp_write
+
+Signed-off-by: tatataeki <shengzeyu19_98@163.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+---
+ src/sftp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/sftp.c b/src/sftp.c
+index b1fa931e..e01012a8 100644
+--- a/src/sftp.c
++++ b/src/sftp.c
+@@ -2178,8 +2178,8 @@ ssize_t sftp_write(sftp_file file, const void *buf, size_t count) {
+     sftp_set_error(sftp, SSH_FX_FAILURE);
+     return -1;
+   }
+-  packetlen=ssh_buffer_get_len(buffer);
+   len = sftp_packet_write(file->sftp, SSH_FXP_WRITE, buffer);
++  packetlen=ssh_buffer_get_len(buffer);
+   SSH_BUFFER_FREE(buffer);
+   if (len < 0) {
+     return -1;
+-- 
+2.33.0
+

libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.4
-Release:        5
+Release:        6
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -14,7 +14,12 @@ Patch2:         CVE-2020-16135-1.patch
 Patch3:         CVE-2020-16135-2.patch
 Patch4:         CVE-2020-16135-3.patch
 Patch5:         CVE-2020-16135-4.patch
-Patch6000:      CVE-2021-3634.patch
+Patch6:         CVE-2021-3634.patch
+Patch7:         backport-Add-errno-reset-with-strtoul-call.patch
+Patch8:         backport-auth-Fix-error-returned-in-ssh_userauth_try_publicke.patch
+Patch9:         backport-client-Do-not-close-the-socket-if-it-was-set-via-opt.patch
+Patch10:        backport-libsshpp-Fix-openForward-to-not-set-sourcehost-to-NU.patch
+Patch11:        backport-sftp-fix-the-length-calculation-of-packet-in-sftp_wr.patch
 
 BuildRequires:  cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
 BuildRequires:  krb5-devel libcmocka-devel openssh-clients openssh-server
@@ -99,6 +104,17 @@ popd
 %doc ChangeLog README
 
 %changelog
+* Fri Sep 02 2022 gaihuiying <eaglegai@163.com> - 0.9.4-6
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:backport upstream patches:
+       add errno while reset with strtoul call
+       fix error returned in ssh_userauth_try_publicke
+       client do not close the socket if it was set via opt
+       fix openForward to not set sourcehost to NULL
+       fix the length calculation of packet in sftp_write
+
 * Mon Sep 13 2021 heyaohua<heyaohua1@huawei.com> - 0.9.4-5
 - Type:CVE
 - CVE:CVE-2021-3634