gnu: libssh: Apply upstream patch and enable all tests.

* gnu/packages/patches/libssh-openssh-banner.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/ssh.scm (libssh) [source]: Apply it.
[arguments] <#:phase>: Remove disable-problematic-tests phase.  Add
patch-commands and prepare-for-tests phases.

Change-Id: Iaead28f77b81fdf42b77f15dd37e6450537cba30

3 files changed, 81 insertions, 12 deletions

diff --git a/gnu/local.mk b/gnu/local.mk
index fafe69f609..c4bc084b7e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1765,6 +1765,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libsecret-fix-test-paths.patch		\
   %D%/packages/patches/libsepol-versioned-docbook.patch		\
   %D%/packages/patches/libskk-fix-invalid-escape.patch		\
+  %D%/packages/patches/libssh-openssh-banner.patch		\
   %D%/packages/patches/libtar-CVE-2013-4420.patch 		\
   %D%/packages/patches/libtar-CVE-2021-33643-CVE-2021-33644.patch	\
   %D%/packages/patches/libtar-CVE-2021-33645-CVE-2021-33646.patch	\
diff --git a/gnu/packages/patches/libssh-openssh-banner.patch b/gnu/packages/patches/libssh-openssh-banner.patch
new file mode 100644
index 0000000000..2a05f6ec67
--- /dev/null
+++ b/gnu/packages/patches/libssh-openssh-banner.patch
@@ -0,0 +1,61 @@
+From 78d536c150bd7f327e0de45a1246bb1f03cd2f48 Mon Sep 17 00:00:00 2001
+From: Lucas Mulling <lucas.mulling@suse.com>
+Date: Thu, 24 Apr 2025 15:48:32 -0300
+Subject: [PATCH] misc: Fix OpenSSH banner parsing
+
+Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
+---
+ src/misc.c                     | 6 ++++--
+ tests/unittests/torture_misc.c | 5 +++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/misc.c b/src/misc.c
+index 95512f0d3..b1ebc0c44 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -1426,6 +1426,7 @@ int ssh_analyze_banner(ssh_session session, int server)
+         char *tmp = NULL;
+         unsigned long int major = 0UL;
+         unsigned long int minor = 0UL;
++        int off = 0;
+ 
+         /*
+          * The banner is typical:
+@@ -1445,8 +1446,9 @@ int ssh_analyze_banner(ssh_session session, int server)
+             }
+ 
+             errno = 0;
+-            minor = strtoul(openssh + 10, &tmp, 10);
+-            if ((tmp == (openssh + 10)) ||
++            off = major >= 10 ? 11 : 10;
++            minor = strtoul(openssh + off, &tmp, 10);
++            if ((tmp == (openssh + off)) ||
+                 ((errno == ERANGE) && (major == ULONG_MAX)) ||
+                 ((errno != 0) && (major == 0)) ||
+                 (minor > 100)) {
+diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
+index bd6bf96e8..b2320a94e 100644
+--- a/tests/unittests/torture_misc.c
++++ b/tests/unittests/torture_misc.c
+@@ -448,6 +448,7 @@ static void torture_ssh_analyze_banner(void **state) {
+     assert_server_banner_accepted("SSH-2.0-OpenSSH");
+     assert_int_equal(0, session->openssh);
+ 
++
+     /* OpenSSH banners: big enough to extract major and minor versions */
+     assert_client_banner_accepted("SSH-2.0-OpenSSH_5.9p1");
+     assert_int_equal(SSH_VERSION_INT(5, 9, 0), session->openssh);
+@@ -487,6 +488,10 @@ static void torture_ssh_analyze_banner(void **state) {
+     assert_server_banner_accepted("SSH-2.0-OpenSSH-keyscan");
+     assert_int_equal(0, session->openssh);
+ 
++    /* OpenSSH banners: Double digit in major version */
++    assert_server_banner_accepted("SSH-2.0-OpenSSH_10.0p1");
++    assert_int_equal(SSH_VERSION_INT(10, 0, 0), session->openssh);
++
+     ssh_free(session);
+ }
+ 
+-- 
+GitLab
+
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 0b1ebfad56..9fa765c210 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -154,7 +154,8 @@ file names.
                     (string-append all "\n"
                                    "#ifndef PATH_MAX\n"
                                    "# define PATH_MAX 4096\n"
-                                   "#endif\n"))))))
+                                   "#endif\n"))))
+              (patches (search-patches "libssh-openssh-banner.patch"))))
     (build-system cmake-build-system)
     (outputs '("out" "debug"))
     (arguments
@@ -172,19 +173,25 @@ file names.
                      #~()))
       #:phases
       #~(modify-phases %standard-phases
-          (add-after 'unpack 'disable-problematic-tests
+          (add-after 'unpack 'patch-commands
+            (lambda* (#:key inputs #:allow-other-keys)
+              ;; Runtime sources.
+              (substitute* '("src/config.c"
+                             "src/socket.c")
+                (("\"/bin/sh\"")
+                 (format #f "~s" (search-input-file inputs "/bin/sh"))))
+              ;; Test sources.
+              (substitute* '("tests/server/test_server/default_cb.c")
+                (("\"/bin/sh\"")
+                 (format #f "~s" (which "sh"))))))
+          (add-before 'check 'prepare-for-tests
+            ;; A few test rely on the assumption that HOME == user's pw_dir,
+            ;; which is not satisfied in Guix, where `pw_dir' is '/' while
+            ;; HOME is '/homeless-shelter'.
             (lambda _
-              ;; XXX: There is no finer-grain control on skipping tests using
-              ;; cmocka, short of patching sources, which isn't trivial with
-              ;; substitute*/sed.
-              (substitute* "tests/unittests/CMakeLists.txt"
-                ;; Some torture tests fail due to assuming the user directory
-                ;; (from the passwd database) matches HOME, and other fail for
-                ;; unknown reasons (see:
-                ;; https://gitlab.com/libssh/libssh-mirror/-/issues/302).
-                (("^    torture_(config|misc|options).*$") "")))))))
+              (setenv "HOME" "/"))))))
     (native-inputs (list cmocka))
-    (inputs (list zlib libgcrypt mit-krb5))
+    (inputs (list bash-minimal mit-krb5 libgcrypt zlib))
     (synopsis "SSH client library")
     (description
      "libssh is a C library implementing the SSHv2 and SSHv1 protocol for client