backport some upstream patches

(cherry picked from commit 82f3d892a343814b705da8a61f69a238c3a3cbe2)

backport-config-Escape-brackets-in-ProxyCommand-build-from.patch

@@ -0,0 +1,93 @@
+From bccb8513fa4a836aef0519d65eb33bb212606fe1 Mon Sep 17 00:00:00 2001
+From: Thomas Baag <libssh-git@spam.b2ag.de>
+Date: Wed, 21 Sep 2022 20:55:27 +0200
+Subject: [PATCH] config: Escape brackets in ProxyCommand build from
+ProxyJump
+
+Missing escaping results in syntax errors in Zsh shell because of square
+brackets getting interpreted as being a pattern for globbing.
+
+Signed-off-by: Thomas Baag <libssh-git@spam.b2ag.de>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Conflict:NA
+Reference:https://git.libssh.org/projects/libssh.git/commit?id=bccb8513fa
+---
+ src/config.c                     |  2 +-
+ tests/unittests/torture_config.c | 12 ++++++------
+ 2 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/config.c b/src/config.c
+index d34ba5f..54a1a6e 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -351,7 +351,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
+     if (hostname != NULL && do_parsing) {
+         char com[512] = {0};
+ 
+-        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W [%%h]:%%p %s",
++        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W '[%%h]:%%p' %s",
+                       username ? " -l " : "",
+                       username ? username : "",
+                       port ? " -p " : "",
+diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
+index f91112a..b368a72 100644
+--- a/tests/unittests/torture_config.c
++++ b/tests/unittests/torture_config.c
+@@ -615,7 +615,7 @@ static void torture_config_proxyjump(void **state) {
+     ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code(session, ret);
+-    assert_string_equal(session->opts.ProxyCommand, "ssh -W [%h]:%p jumpbox");
++    assert_string_equal(session->opts.ProxyCommand, "ssh -W '[%h]:%p' jumpbox");
+ 
+     /* With username */
+     torture_reset_config(session);
+@@ -623,7 +623,7 @@ static void torture_config_proxyjump(void **state) {
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code(session, ret);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -l user -W [%h]:%p jumpbox");
++                        "ssh -l user -W '[%h]:%p' jumpbox");
+ 
+     /* With port */
+     torture_reset_config(session);
+@@ -631,7 +631,7 @@ static void torture_config_proxyjump(void **state) {
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code(session, ret);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -p 2222 -W [%h]:%p jumpbox");
++                        "ssh -p 2222 -W '[%h]:%p' jumpbox");
+ 
+     /* Two step jump */
+     torture_reset_config(session);
+@@ -639,7 +639,7 @@ static void torture_config_proxyjump(void **state) {
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code(session, ret);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -l u1 -p 222 -J u2@second:33 -W [%h]:%p first");
++                        "ssh -l u1 -p 222 -J u2@second:33 -W '[%h]:%p' first");
+ 
+     /* none */
+     torture_reset_config(session);
+@@ -661,7 +661,7 @@ static void torture_config_proxyjump(void **state) {
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code(session, ret);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -W [%h]:%p jumpbox");
++                        "ssh -W '[%h]:%p' jumpbox");
+ 
+     /* IPv6 address */
+     torture_reset_config(session);
+@@ -669,7 +669,7 @@ static void torture_config_proxyjump(void **state) {
+     ret = ssh_config_parse_file(session, LIBSSH_TESTCONFIG11);
+     assert_ssh_return_code(session, ret);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -W [%h]:%p 2620:52:0::fed");
++                        "ssh -W '[%h]:%p' 2620:52:0::fed");
+ 
+     /* Try to create some invalid configurations */
+     /* Non-numeric port */
+-- 
+2.23.0
+

backport-packet-do-not-enqueue-outgoing-packets-after-sending.patch

@@ -0,0 +1,58 @@
+From 346e6db31824571727c0fb76bb5747d7e9a28f89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= <carlosmn@github.com>
+Date: Wed, 7 Sep 2022 15:26:01 +0200
+Subject: [PATCH] packet: do not enqueue outgoing packets after sending
+ SSH2_MSG_NEWKEYS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When we decide we need to rekey, we enqueue any further packets until we've sent
+our SSH2_MSG_NEWKEYS message, after which we dequeue these packets and send them
+to the other side. This enqueueing is done based on ssh_packet_in_rekey checking
+the session flags and whether DH handshake state is marked as finished.
+
+However, the handshake state is not reset to DH_STATE_FINISHED until the other
+side has sent us their new keys. This leaves a gap between sending our new keys
+and receiving the other side's new keys where we would still decide to enqueue a
+packet.
+
+These enqueued packets will not be dequeued as we've already sent our new keys.
+Once we've received the other side's new keys, we'll go back to a finished
+handshake and we will send out our caller's new data, skipping however much data
+we've enqueued.
+
+Fix this by changing ssh_packet_in_rekey to return false once we've sent our new
+keys.
+
+Signed-off-by: Carlos Martín Nieto <carlosmn@github.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Conflict:NA
+Reference:https://git.libssh.org/projects/libssh.git/commit?id=346e6db318
+---
+ src/packet.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index f9d37dea..353b04e1 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -1755,10 +1755,12 @@ static bool
+ ssh_packet_in_rekey(ssh_session session)
+ {
+     /* We know we are rekeying if we are authenticated and the DH
+-     * status is not finished
++     * status is not finished, but we only queue packets until we've
++     * sent our NEWKEYS.
+      */
+     return (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) &&
+-           (session->dh_handshake_state != DH_STATE_FINISHED);
++           (session->dh_handshake_state != DH_STATE_FINISHED) &&
++           (session->dh_handshake_state != DH_STATE_NEWKEYS_SENT);
+ }
+ 
+ int ssh_packet_send(ssh_session session)
+-- 
+2.23.0
+

libssh.spec

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.9.6
-Release:        5
+Release:        6
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -27,6 +27,8 @@ Patch14:        backport-misc-Fix-expanding-port-numbers.patch
 Patch15:        backport-session-Initialize-the-port-with-the-standa.patch
 Patch16:        backport-tests-Add-test-for-expanding-port-numbers.patch
 Patch17:        backport-socket-Add-error-message-if-execv-fails.patch
+Patch18:        backport-config-Escape-brackets-in-ProxyCommand-build-from.patch
+Patch19:        backport-packet-do-not-enqueue-outgoing-packets-after-sending.patch
 
 BuildRequires:  cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
 BuildRequires:  krb5-devel libcmocka-devel openssh-clients openssh-server
@@ -112,6 +114,13 @@ popd
 %doc ChangeLog README
 
 %changelog
+* Tue Mar 28 2023 renmingshuai <renmingshuai@huawei.com> - 0.9.6-6
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:config: Escape brackets in ProxyCommand build
+       packet: do not enqueue outgoing packets
+
 * Tue Oct 18 2022 seuzw <930zhaowei@163.com> - 0.9.6-5
 - Type:bugfix
 - Id:NA