diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f89838b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/libssh2-1.8.0.tar.gz
diff --git a/.libssh2.metadata b/.libssh2.metadata
new file mode 100644
index 0000000..121a71c
--- /dev/null
+++ b/.libssh2.metadata
@@ -0,0 +1 @@
+baf2d1fb338eee531ba9b6b121c64235e089e0f5 SOURCES/libssh2-1.8.0.tar.gz
diff --git a/SOURCES/0001-libssh2-1.8.0-CVE-2019-3855.patch b/SOURCES/0001-libssh2-1.8.0-CVE-2019-3855.patch
new file mode 100644
index 0000000..746b515
--- /dev/null
+++ b/SOURCES/0001-libssh2-1.8.0-CVE-2019-3855.patch
@@ -0,0 +1,33 @@
+From db657a96ca37d87cceff14db66645ba17024803c Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:16:53 +0100
+Subject: [PATCH] Resolves: CVE-2019-3855 - fix integer overflow in transport read
+
+... resulting in out of bounds write
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
+---
+ src/transport.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/transport.c b/src/transport.c
+index 8725da0..5349284 100644
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -434,8 +434,12 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+ * and we can extract packet and padding length from it
+ */
+ p->packet_length = _libssh2_ntohu32(block);
+- if (p->packet_length < 1)
++ if(p->packet_length < 1) {
+ return LIBSSH2_ERROR_DECRYPT;
++ }
++ else if(p->packet_length > LIBSSH2_PACKET_MAXPAYLOAD) {
++ return LIBSSH2_ERROR_OUT_OF_BOUNDARY;
++ }
+
+ p->padding_length = block[4];
+
+--
+2.17.2
+
diff --git a/SOURCES/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch b/SOURCES/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
new file mode 100644
index 0000000..a6881dd
--- /dev/null
+++ b/SOURCES/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
@@ -0,0 +1,45 @@
+From 819ef4f2037490b6aa2e870aea851b6364184090 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Mon, 11 Sep 2017 21:13:45 +0200
+Subject: [PATCH] scp: do not NUL-terminate the command for remote exec (#208)
+
+It breaks SCP download/upload from/to certain server implementations.
+
+The bug does not manifest with OpenSSH, which silently drops the NUL
+byte (eventually with any garbage that follows the NUL byte) before
+executing it.
+
+Bug: https://bugzilla.redhat.com/1489736
+---
+ src/scp.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/scp.c b/src/scp.c
+index 22778dd..d1665a6 100644
+--- a/src/scp.c
++++ b/src/scp.c
+@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
+ &session->scpRecv_command[cmd_len],
+ session->scpRecv_command_len - cmd_len);
+
+- session->scpRecv_command[cmd_len] = '\0';
+- session->scpRecv_command_len = cmd_len + 1;
++ /* the command to exec should _not_ be NUL-terminated */
++ session->scpRecv_command_len = cmd_len;
+
+ _libssh2_debug(session, LIBSSH2_TRACE_SCP,
+ "Opening channel for SCP receive");
+@@ -845,8 +845,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode,
+ &session->scpSend_command[cmd_len],
+ session->scpSend_command_len - cmd_len);
+
+- session->scpSend_command[cmd_len] = '\0';
+- session->scpSend_command_len = cmd_len + 1;
++ /* the command to exec should _not_ be NUL-terminated */
++ session->scpSend_command_len = cmd_len;
+
+ _libssh2_debug(session, LIBSSH2_TRACE_SCP,
+ "Opening channel for SCP send");
+--
+2.9.5
+
diff --git a/SOURCES/0002-libssh2-1.8.0-CVE-2019-3856.patch b/SOURCES/0002-libssh2-1.8.0-CVE-2019-3856.patch
new file mode 100644
index 0000000..40c9e9b
--- /dev/null
+++ b/SOURCES/0002-libssh2-1.8.0-CVE-2019-3856.patch
@@ -0,0 +1,44 @@
+From cc573aafb6f4b24bce9b82f308e92b9723a73024 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:22:24 +0100
+Subject: [PATCH] Resolves: CVE-2019-3856 - fix integer overflow in keyboard
+ interactive handling
+
+... resulting in out of bounds write
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
+
+I believe that:
+
+ `(session->userauth_kybd_num_prompts && session->userauth_kybd_num_prompts > 100)`
+
+... can be simplified as:
+
+ `(session->userauth_kybd_num_prompts > 100)`
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ src/userauth.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/userauth.c b/src/userauth.c
+index cdfa25e..3946cf9 100644
+--- a/src/userauth.c
++++ b/src/userauth.c
+@@ -1734,6 +1734,13 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
+ /* int num-prompts */
+ session->userauth_kybd_num_prompts = _libssh2_ntohu32(s);
+ s += 4;
++ if(session->userauth_kybd_num_prompts &&
++ session->userauth_kybd_num_prompts > 100) {
++ _libssh2_error(session, LIBSSH2_ERROR_OUT_OF_BOUNDARY,
++ "Too many replies for "
++ "keyboard-interactive prompts");
++ goto cleanup;
++ }
+
+ if(session->userauth_kybd_num_prompts) {
+ session->userauth_kybd_prompts =
+--
+2.17.2
+
diff --git a/SOURCES/0003-libssh2-1.8.0-CVE-2019-3857.patch b/SOURCES/0003-libssh2-1.8.0-CVE-2019-3857.patch
new file mode 100644
index 0000000..ea264d2
--- /dev/null
+++ b/SOURCES/0003-libssh2-1.8.0-CVE-2019-3857.patch
@@ -0,0 +1,124 @@
+From cbd8d5c44701f97eccd6602e3d745fc37a8d7ff4 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:29:35 +0100
+Subject: [PATCH 1/2] Resolves: CVE-2019-3857 - fix integer overflow in SSH
+ packet processing channel
+
+... resulting in out of bounds write
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
+---
+ include/libssh2.h | 12 ++++++++++++
+ src/packet.c | 11 +++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/include/libssh2.h b/include/libssh2.h
+index 34d2842..e25c380 100644
+--- a/include/libssh2.h
++++ b/include/libssh2.h
+@@ -145,6 +145,18 @@ typedef int libssh2_socket_t;
+ #define LIBSSH2_INVALID_SOCKET -1
+ #endif /* WIN32 */
+
++#ifndef SIZE_MAX
++#if _WIN64
++#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
++#else
++#define SIZE_MAX 0xFFFFFFFF
++#endif
++#endif
++
++#ifndef UINT_MAX
++#define UINT_MAX 0xFFFFFFFF
++#endif
++
+ /*
+ * Determine whether there is small or large file support on windows.
+ */
+diff --git a/src/packet.c b/src/packet.c
+index 5f1feb8..aa10633 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -815,8 +815,15 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ /* set signal name (without SIG prefix) */
+ uint32_t namelen =
+ _libssh2_ntohu32(data + 9 + sizeof("exit-signal"));
+- channelp->exit_signal =
+- LIBSSH2_ALLOC(session, namelen + 1);
++
++ if(namelen <= UINT_MAX - 1) {
++ channelp->exit_signal =
++ LIBSSH2_ALLOC(session, namelen + 1);
++ }
++ else {
++ channelp->exit_signal = NULL;
++ }
++
+ if (!channelp->exit_signal)
+ rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+ "memory for signal name");
+--
+2.17.2
+
+
+From 0708c71871976ccf6d45fd0971a079d271413f92 Mon Sep 17 00:00:00 2001
+From: Michael Buckley <michael@buckleyisms.com>
+Date: Mon, 18 Mar 2019 15:07:12 -0700
+Subject: [PATCH 2/2] Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h
+
+Upstream-commit: 31d0b1a8530b959bd12c2074dc6e883e1eda8207
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ include/libssh2.h | 12 ------------
+ src/libssh2_priv.h | 12 ++++++++++++
+ 2 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/include/libssh2.h b/include/libssh2.h
+index e25c380..34d2842 100644
+--- a/include/libssh2.h
++++ b/include/libssh2.h
+@@ -145,18 +145,6 @@ typedef int libssh2_socket_t;
+ #define LIBSSH2_INVALID_SOCKET -1
+ #endif /* WIN32 */
+
+-#ifndef SIZE_MAX
+-#if _WIN64
+-#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
+-#else
+-#define SIZE_MAX 0xFFFFFFFF
+-#endif
+-#endif
+-
+-#ifndef UINT_MAX
+-#define UINT_MAX 0xFFFFFFFF
+-#endif
+-
+ /*
+ * Determine whether there is small or large file support on windows.
+ */
+diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
+index b4296a2..bb5d1a5 100644
+--- a/src/libssh2_priv.h
++++ b/src/libssh2_priv.h
+@@ -146,6 +146,18 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
+
+ #endif
+
++#ifndef SIZE_MAX
++#if _WIN64
++#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
++#else
++#define SIZE_MAX 0xFFFFFFFF
++#endif
++#endif
++
++#ifndef UINT_MAX
++#define UINT_MAX 0xFFFFFFFF
++#endif
++
+ /* RFC4253 section 6.1 Maximum Packet Length says:
+ *
+ * "All implementations MUST be able to process packets with
+--
+2.17.2
+
diff --git a/SOURCES/0004-libssh2-1.8.0-CVE-2019-3858.patch b/SOURCES/0004-libssh2-1.8.0-CVE-2019-3858.patch
new file mode 100644
index 0000000..04914c5
--- /dev/null
+++ b/SOURCES/0004-libssh2-1.8.0-CVE-2019-3858.patch
@@ -0,0 +1,30 @@
+From f06cf3a20dc3f54b7a9fc8127eb7719462caab39 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:32:05 +0100
+Subject: [PATCH] Resolves: CVE-2019-3858 - fix zero-byte allocation
+
+... with a specially crafted SFTP packet leading to an out-of-bounds read
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
+---
+ src/sftp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/sftp.c b/src/sftp.c
+index 7c44116..65cef85 100644
+--- a/src/sftp.c
++++ b/src/sftp.c
+@@ -345,6 +345,10 @@ sftp_packet_read(LIBSSH2_SFTP *sftp)
+ return _libssh2_error(session,
+ LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED,
+ "SFTP packet too large");
++ if (sftp->partial_len == 0)
++ return _libssh2_error(session,
++ LIBSSH2_ERROR_ALLOC,
++ "Unable to allocate empty SFTP packet");
+
+ _libssh2_debug(session, LIBSSH2_TRACE_SFTP,
+ "Data begin - Packet Length: %lu",
+--
+2.17.2
+
diff --git a/SOURCES/0007-libssh2-1.8.0-CVE-2019-3861.patch b/SOURCES/0007-libssh2-1.8.0-CVE-2019-3861.patch
new file mode 100644
index 0000000..d40bb71
--- /dev/null
+++ b/SOURCES/0007-libssh2-1.8.0-CVE-2019-3861.patch
@@ -0,0 +1,28 @@
+From 77bc71f4ca2949a11110092034dd0705faa6d7b5 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:43:34 +0100
+Subject: [PATCH] Resolves: CVE-2019-3861 - fix out-of-bounds reads with
+ specially crafted SSH packets
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
+---
+ src/transport.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/transport.c b/src/transport.c
+index 5349284..6224c4f 100644
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -442,6 +442,9 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
+ }
+
+ p->padding_length = block[4];
++ if ( p->padding_length > p->packet_length - 1 ) {
++ return LIBSSH2_ERROR_DECRYPT;
++ }
+
+ /* total_num is the number of bytes following the initial
+ (5 bytes) packet length and padding length fields */
+--
+2.17.2
+
diff --git a/SOURCES/0008-libssh2-1.8.0-CVE-2019-3862.patch b/SOURCES/0008-libssh2-1.8.0-CVE-2019-3862.patch
new file mode 100644
index 0000000..f1632a5
--- /dev/null
+++ b/SOURCES/0008-libssh2-1.8.0-CVE-2019-3862.patch
@@ -0,0 +1,75 @@
+From 0e4e9825e637a15707a910539d71fe65e7e12d7b Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:45:22 +0100
+Subject: [PATCH] Resolves: CVE-2019-3862 - fix out-of-bounds memory comparison
+
+... with specially crafted message channel request
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
+---
+ src/packet.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index aa10633..c950b5d 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -775,8 +775,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ uint32_t len = _libssh2_ntohu32(data + 5);
+ unsigned char want_reply = 1;
+
+- if(len < (datalen - 10))
+- want_reply = data[9 + len];
++ if((len + 9) < datalen)
++ want_reply = data[len + 9];
+
+ _libssh2_debug(session,
+ LIBSSH2_TRACE_CONN,
+@@ -784,6 +784,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ channel, len, data + 9, want_reply);
+
+ if (len == sizeof("exit-status") - 1
++ && (sizeof("exit-status") - 1 + 9) <= datalen
+ && !memcmp("exit-status", data + 9,
+ sizeof("exit-status") - 1)) {
+
+@@ -792,7 +793,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ channelp =
+ _libssh2_channel_locate(session, channel);
+
+- if (channelp) {
++ if (channelp && (sizeof("exit-status") + 13) <= datalen) {
+ channelp->exit_status =
+ _libssh2_ntohu32(data + 9 + sizeof("exit-status"));
+ _libssh2_debug(session, LIBSSH2_TRACE_CONN,
+@@ -805,13 +806,14 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+
+ }
+ else if (len == sizeof("exit-signal") - 1
++ && (sizeof("exit-signal") - 1 + 9) <= datalen
+ && !memcmp("exit-signal", data + 9,
+ sizeof("exit-signal") - 1)) {
+ /* command terminated due to signal */
+ if(datalen >= 20)
+ channelp = _libssh2_channel_locate(session, channel);
+
+- if (channelp) {
++ if (channelp && (sizeof("exit-signal") + 13) <= datalen) {
+ /* set signal name (without SIG prefix) */
+ uint32_t namelen =
+ _libssh2_ntohu32(data + 9 + sizeof("exit-signal"));
+@@ -827,9 +829,9 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ if (!channelp->exit_signal)
+ rc = _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+ "memory for signal name");
+- else {
++ else if ((sizeof("exit-signal") + 13 + namelen <= datalen)) {
+ memcpy(channelp->exit_signal,
+- data + 13 + sizeof("exit_signal"), namelen);
++ data + 13 + sizeof("exit-signal"), namelen);
+ channelp->exit_signal[namelen] = '\0';
+ /* TODO: save error message and language tag */
+ _libssh2_debug(session, LIBSSH2_TRACE_CONN,
+--
+2.17.2
+
diff --git a/SOURCES/0009-libssh2-1.8.0-CVE-2019-3863.patch b/SOURCES/0009-libssh2-1.8.0-CVE-2019-3863.patch
new file mode 100644
index 0000000..77615fd
--- /dev/null
+++ b/SOURCES/0009-libssh2-1.8.0-CVE-2019-3863.patch
@@ -0,0 +1,40 @@
+From 9ed3c716b63c77e9b52f71f2dae5464ade6143df Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 19 Mar 2019 13:47:41 +0100
+Subject: [PATCH] Resolves: CVE-2019-3863 - fix integer overflow in user
+ authenticate keyboard interactive
+
+... that allows out-of-bounds writes
+
+Upstream-Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch
+---
+ src/userauth.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/src/userauth.c b/src/userauth.c
+index 3946cf9..ee924c5 100644
+--- a/src/userauth.c
++++ b/src/userauth.c
+@@ -1808,8 +1808,17 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
+
+ for(i = 0; i < session->userauth_kybd_num_prompts; i++) {
+ /* string response[1] (ISO-10646 UTF-8) */
+- session->userauth_kybd_packet_len +=
+- 4 + session->userauth_kybd_responses[i].length;
++ if(session->userauth_kybd_responses[i].length <=
++ (SIZE_MAX - 4 - session->userauth_kybd_packet_len) ) {
++ session->userauth_kybd_packet_len +=
++ 4 + session->userauth_kybd_responses[i].length;
++ }
++ else {
++ _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
++ "Unable to allocate memory for keyboard-"
++ "interactive response packet");
++ goto cleanup;
++ }
+ }
+
+ /* A new userauth_kybd_data area is to be allocated, free the
+--
+2.17.2
+
diff --git a/SPECS/libssh2.spec b/SPECS/libssh2.spec
new file mode 100644
index 0000000..fdf8594
--- /dev/null
+++ b/SPECS/libssh2.spec
@@ -0,0 +1,488 @@
+Name: libssh2
+Version: 1.8.0
+Release: 8%{?dist}
+Summary: A library implementing the SSH2 protocol
+License: BSD
+URL: http://www.libssh2.org/
+Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
+
+# fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
+Patch1: 0001-libssh2-1.8.0-CVE-2019-3855.patch
+
+# fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
+Patch2: 0002-libssh2-1.8.0-CVE-2019-3856.patch
+
+# fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
+Patch3: 0003-libssh2-1.8.0-CVE-2019-3857.patch
+
+# fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858)
+Patch4: 0004-libssh2-1.8.0-CVE-2019-3858.patch
+
+# fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
+Patch7: 0007-libssh2-1.8.0-CVE-2019-3861.patch
+
+# fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)
+Patch8: 0008-libssh2-1.8.0-CVE-2019-3862.patch
+
+# fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
+Patch9: 0009-libssh2-1.8.0-CVE-2019-3863.patch
+
+Patch14: 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
+
+BuildRequires: coreutils
+BuildRequires: findutils
+BuildRequires: gcc
+BuildRequires: make
+BuildRequires: openssl-devel
+BuildRequires: sed
+BuildRequires: zlib-devel
+BuildRequires: /usr/bin/man
+
+# Test suite requirements - we run the OpenSSH server and try to connect to it
+BuildRequires: openssh-server
+# We use matchpathcon to get the correct SELinux context for the ssh server
+# initialization script so that it can transition correctly in an SELinux
+# environment
+%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
+BuildRequires: libselinux-utils
+BuildRequires: selinux-policy-targeted
+%endif
+
+%description
+libssh2 is a library implementing the SSH2 protocol as defined by
+Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
+SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
+SECSH-DHGEX(04), and SECSH-NUMBERS(10).
+
+%package devel
+Summary: Development files for libssh2
+Requires: %{name}%{?_isa} = %{version}-%{release}
+Requires: pkgconfig
+
+%description devel
+The libssh2-devel package contains libraries and header files for
+developing applications that use libssh2.
+
+%package docs
+Summary: Documentation for libssh2
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+
+%description docs
+The libssh2-docs package contains man pages and examples for
+developing applications that use libssh2.
+
+%prep
+%setup -q
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+
+# Replace hard wired port number in the test suite to avoid collisions
+# between 32-bit and 64-bit builds running on a single build-host
+sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
+
+# scp: send valid commands for remote execution (#1489733)
+%patch14 -p1
+
+# Make sshd transition appropriately if building in an SELinux environment
+%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
+chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
+chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
+chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || :
+%endif
+
+%build
+%configure --disable-silent-rules --disable-static --enable-shared
+make %{?_smp_mflags}
+
+%install
+make install DESTDIR=%{buildroot} INSTALL="install -p"
+find %{buildroot} -name '*.la' -delete
+
+# clean things up a bit for packaging
+make -C example clean
+rm -rf example/.deps
+find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete
+
+# avoid multilib conflict on libssh2-devel
+mv -v example example.%{_arch}
+
+%check
+echo "Running tests for %{_arch}"
+# The SSH test will fail if we don't have /dev/tty, as is the case in some
+# versions of mock (#672713)
+if [ ! -c /dev/tty ]; then
+ echo Skipping SSH test due to missing /dev/tty
+ echo "exit 0" > tests/ssh2.sh
+fi
+# Apparently it fails in the sparc and arm buildsystems too
+%ifarch %{sparc} %{arm}
+echo Skipping SSH test on sparc/arm
+echo "exit 0" > tests/ssh2.sh
+%endif
+# mansyntax check fails on PPC* and aarch64 with some strange locale error
+%ifarch ppc %{power64} aarch64
+echo "Skipping mansyntax test on PPC* and aarch64"
+echo "exit 0" > tests/mansyntax.sh
+%endif
+make -C tests check
+
+%ldconfig_scriptlets
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%doc docs/AUTHORS README RELEASE-NOTES
+%{_libdir}/libssh2.so.1
+%{_libdir}/libssh2.so.1.*
+
+%files docs
+%doc docs/BINDINGS docs/HACKING docs/TODO NEWS
+%{_mandir}/man3/libssh2_*.3*
+
+%files devel
+%doc example.%{_arch}/
+%{_includedir}/libssh2.h
+%{_includedir}/libssh2_publickey.h
+%{_includedir}/libssh2_sftp.h
+%{_libdir}/libssh2.so
+%{_libdir}/pkgconfig/libssh2.pc
+
+%changelog
+* Tue Apr 02 2019 Kamil Dudka <kdudka@redhat.com> 1.8.0-8
+- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
+- fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)
+- fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
+- fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858)
+- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
+- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
+- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.0-6
+- Switch to %%ldconfig_scriptlets
+
+* Tue Sep 12 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-5
+- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208)
+- Make devel package dependency on main package arch-specific
+- Drop EL-5 support
+ - noarch sub-packages always available now
+ - Drop legacy Group: and BuildRoot: tags
+ - Drop explicit buildroot cleaning
+ - %%{__isa_bits} always defined now
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Oct 25 2016 Paul Howarth <paul@city-fan.org> - 1.8.0-1
+- Update to 1.8.0
+ - Added a basic dockerised test suite
+ - crypto: Add support for the mbedTLS backend
+ - See RELEASE-NOTES for details of bug fixes
+
+* Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-7
+- Make curl test-suite work again with valgrind enabled
+
+* Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 1.7.0-6
+- Rebuild with OpenSSL 1.1.0
+
+* Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5
+- Revert parts of previous change that broke EL-5 compatibility
+- Include NEWS in docs package, it's much more than RELEASE-NOTES
+
+* Sat Mar 5 2016 Peter Robinson <pbrobinson@fedoraproject.org> - 1.7.0-4
+- Modernise spec (no we really don't care about el4/fc4)
+- Don't ship ChangeLog/NEWS, duplicates of RELEASE-NOTES
+
+* Wed Feb 24 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-3
+- Drop UTF-8 patch, which breaks things rather than fixes them
+
+* Wed Feb 24 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-2
+- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787)
+
+* Tue Feb 23 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-1
+- Update to 1.7.0
+ - diffie_hellman_sha256: Convert bytes to bits (CVE-2016-0787); see
+ http://www.libssh2.org/adv_20160223.html
+ - libssh2_session_set_last_error: Add function
+ - See RELEASE-NOTES for details of bug fixes
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Nov 10 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-3
+- Fix pkg-config --libs output (#1279966)
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Jun 14 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-1
+- Update to 1.6.0
+ - Added CMake build system
+ - Added libssh2_userauth_publickey_frommemory()
+ - See RELEASE-NOTES for details of bug fixes
+
+* Wed Mar 11 2015 Paul Howarth <paul@city-fan.org> - 1.5.0-1
+- Update to 1.5.0
+ - See RELEASE-NOTES for details of bug fixes and enhancements
+ - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
+
+* Fri Oct 10 2014 Kamil Dudka <kdudka@redhat.com> 1.4.3-16
+- prevent a not-connected agent from closing STDIN (#1147717)
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.3-14
+- fix license handling
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Apr 30 2014 Kamil Dudka <kdudka@redhat.com> 1.4.3-12
+- Fix curl's excessive memory consumption during scp download
+
+* Mon Feb 17 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-11
+- The aarch64 buildroot seems to have the same locale issue as the PPC one
+
+* Mon Feb 17 2014 Karsten Hopp <karsten@redhat.com> 1.4.3-10
+- Next attempt to work around a self check problem on PPC*
+
+* Mon Feb 17 2014 Karsten Hopp <karsten@redhat.com> 1.4.3-9
+- Skip self checks on ppc*
+
+* Wed Aug 14 2013 Kamil Dudka <kdudka@redhat.com> 1.4.3-8
+- Fix very slow sftp upload to localhost
+- Fix a use after free in channel.c
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Tue Apr 9 2013 Paul Howarth <paul@city-fan.org> 1.4.3-6
+- Revert 'Modernize the spec file' so as to retain EL-5 spec compatibility
+
+* Tue Apr 9 2013 Richard W.M. Jones <rjones@redhat.com> 1.4.3-5
+- Add three patches from upstream git required for qemu ssh block driver
+- Modernize the spec file:
+ * Remove BuildRoot
+ * Remove Group
+ * Remove clean section
+ * Don't need to clean up buildroot before installing
+
+* Wed Apr 3 2013 Paul Howarth <paul@city-fan.org> 1.4.3-4
+- Avoid polluting libssh2.pc with linker options (#947813)
+
+* Tue Mar 26 2013 Kamil Dudka <kdudka@redhat.com> 1.4.3-3
+- Avoid collisions between 32-bit and 64-bit builds running on a single build
+ host
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Nov 28 2012 Paul Howarth <paul@city-fan.org> 1.4.3-1
+- Update to 1.4.3
+ - compression: add support for zlib@openssh.com
+ - sftp_read: return error if a too large package arrives
+ - libssh2_hostkey_hash.3: update the description of return value
+ - Fixed MSVC NMakefile
+ - examples: use stderr for messages, stdout for data
+ - openssl: do not leak memory when handling errors
+ - improved handling of disabled MD5 algorithm in OpenSSL
+ - known_hosts: Fail when parsing unknown keys in known_hosts file
+ - configure: gcrypt doesn't come with pkg-config support
+ - session_free: wrong variable used for keeping state
+ - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
+ - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
+- Drop upstreamed patches
+
+* Wed Nov 07 2012 Kamil Dudka <kdudka@redhat.com> 1.4.2-4
+- examples: use stderr for messages, stdout for data (upstream commit b31e35ab)
+- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb)
+
+* Wed Sep 26 2012 Kamil Dudka <kdudka@redhat.com> 1.4.2-3
+- Fix basic functionality of libssh2 in FIPS mode
+- Skip SELinux-related quirks on recent distros to prevent a test-suite failure
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sun May 20 2012 Paul Howarth <paul@city-fan.org> 1.4.2-1
+- Update to 1.4.2
+ - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
+ - userauth.c: fread() from public key file to correctly detect any errors
+ - configure.ac: add option to disable build of the example applications
+ - added 'Requires.private:' line to libssh2.pc
+ - SFTP: filter off incoming "zombie" responses
+ - gettimeofday: no need for a replacement under cygwin
+ - SSH_MSG_CHANNEL_REQUEST: default to want_reply
+ - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB
+
+* Fri Apr 27 2012 Paul Howarth <paul@city-fan.org> 1.4.1-2
+- Fix multi-arch conflict again (#816969)
+
+* Thu Apr 5 2012 Paul Howarth <paul@city-fan.org> 1.4.1-1
+- Update to 1.4.1
+ - Build error with gcrypt backend
+ - Always do "forced" window updates to avoid corner case stalls
+ - aes: the init function fails when OpenSSL has AES support
+ - transport_send: finish in-progress key exchange before sending data
+ - channel_write: acknowledge transport errors
+ - examples/x11.c: make sure sizeof passed to read operation is correct
+ - examples/x11.c: fix suspicious sizeof usage
+ - sftp_packet_add: verify the packet before accepting it
+ - SFTP: preserve the original error code more
+ - sftp_packet_read: adjust window size as necessary
+ - Use safer snprintf rather then sprintf in several places
+ - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
+ - sftp_write: cannot return acked data *and* EAGAIN
+ - sftp_read: avoid data *and* EAGAIN
+ - libssh2.h: add missing prototype for libssh2_session_banner_set()
+- Drop upstream patches now included in release tarball
+
+* Mon Mar 19 2012 Kamil Dudka <kdudka@redhat.com> 1.4.0-4
+- Don't ignore transport errors when writing to channel (#804150)
+
+* Sun Mar 18 2012 Paul Howarth <paul@city-fan.org> 1.4.0-3
+- Don't try to use openssl's AES-CTR functions
+ (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml)
+
+* Fri Mar 16 2012 Paul Howarth <paul@city-fan.org> 1.4.0-2
+- fix libssh2 failing key re-exchange when write channel is saturated (#804156)
+- drop %%defattr, redundant since rpm 4.4
+
+* Wed Feb 1 2012 Paul Howarth <paul@city-fan.org> 1.4.0-1
+- update to 1.4.0
+ - added libssh2_session_supported_algs()
+ - added libssh2_session_banner_get()
+ - added libssh2_sftp_get_channel()
+ - libssh2.h: bump the default window size to 256K
+ - sftp-seek: clear EOF flag
+ - userauth: provide more informations if ssh pub key extraction fails
+ - ssh2_exec: skip error outputs for EAGAIN
+ - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000
+ - knownhost_check(): don't dereference ext if NULL is passed
+ - knownhost_add: avoid dereferencing uninitialized memory on error path
+ - OpenSSL EVP: fix threaded use of structs
+ - _libssh2_channel_read: react on errors from receive_window_adjust
+ - sftp_read: cap the read ahead maximum amount
+ - _libssh2_channel_read: fix non-blocking window adjusting
+- add upstream patch fixing undefined function reference in libgcrypt backend
+- BR: /usr/bin/man for test suite
+
+* Sun Jan 15 2012 Peter Robinson <pbrobinson@fedoraproject.org> 1.3.0-4
+- skip the ssh test on ARM too
+
+* Fri Jan 13 2012 Paul Howarth <paul@city-fan.org> 1.3.0-3
+- make docs package noarch where possible
+- example includes arch-specific bits, so move to devel package
+- use patch rather than scripted iconv to fix character encoding
+- don't make assumptions about SELinux context types used for the ssh server
+ in the test suite
+- skip the ssh test if /dev/tty isn't present, as in some versions of mock
+- make the %%files list more explicit
+- use tabs for indentation
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 1.3.0-2
+- rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Sep 08 2011 Kamil Dudka <kdudka@redhat.com> 1.3.0-1
+- update to 1.3.0
+
+* Sat Jun 25 2011 Dennis Gilmore <dennis@ausil.us> 1.2.7-2
+- sshd/loopback test fails in the sparc buildsystem
+
+* Tue Oct 12 2010 Kamil Dudka <kdudka@redhat.com> 1.2.7-1
+- update to 1.2.7 (#632916)
+- avoid multilib conflict on libssh2-docs
+- avoid build failure in mock with SELinux in the enforcing mode (#558964)
+
+* Fri Mar 12 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.4-1
+- update to 1.2.4
+- drop old patch0
+- be more aggressive about keeping .deps from intruding into -docs
+
+* Wed Jan 20 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-5
+- pkgconfig dep should be with -devel, not -docs
+
+* Mon Jan 18 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-4
+- enable tests; conditionalize sshd test, which fails with a funky SElinux
+ error when run locally
+
+* Mon Jan 18 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-3
+- patch w/1aba38cd7d2658146675ce1737e5090f879f306; not yet in a GA release
+
+* Thu Jan 14 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-2
+- correct bad file entry under -devel
+
+* Thu Jan 14 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.2-1
+- update to 1.2.2
+- drop old patch now in upstream
+- add new pkgconfig file to -devel
+
+* Mon Sep 21 2009 Chris Weyl <cweyl@alumni.drew.edu> 1.2-2
+- patch based on 683aa0f6b52fb1014873c961709102b5006372fc
+- disable tests (*sigh*)
+
+* Tue Aug 25 2009 Chris Weyl <cweyl@alumni.drew.edu> 1.2-1
+- update to 1.2
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.0-4
+- rebuilt with new openssl
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Feb 16 2009 Chris Weyl <cweyl@alumni.drew.edu> 1.0-1
+- update to 1.0
+
+* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 0.18-8
+- rebuild with new openssl
+
+* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.18-7
+- Autorebuild for GCC 4.3
+
+* Wed Dec 05 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-6
+- rebuild for new openssl...
+
+* Tue Nov 27 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-5
+- bump
+
+* Tue Nov 27 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-4
+- add INSTALL arg to make install vs env. var
+
+* Mon Nov 26 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-3
+- run tests; don't package test
+
+* Sun Nov 18 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-2
+- split docs into -docs (they seemed... large.)
+
+* Tue Nov 13 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.18-1
+- update to 0.18
+
+* Sun Oct 14 2007 Chris Weyl <cweyl@alumni.drew.edu> 0.17-1
+- update to 0.17
+- many spec file changes
+
+* Wed May 23 2007 Sindre Pedersen Bjørdal <foolish[AT]guezz.net> - 0.15-0.2.20070506
+- Fix release tag
+- Move manpages to -devel package
+- Add Examples dir to -devel package
+
+* Sun May 06 2007 Sindre Pedersen Bjørdal <foolish[AT]guezz.net> - 0.15-0.20070506.1
+- Initial build