diff --git a/CVE-2019-17498.patch b/0001-libssh2-CVE-2019-17498.patch
similarity index 80%
rename from CVE-2019-17498.patch
rename to 0001-libssh2-CVE-2019-17498.patch
index fc08648..4c91708 100644
--- a/CVE-2019-17498.patch
+++ b/0001-libssh2-CVE-2019-17498.patch
@@ -1,19 +1,29 @@
-diff -Nur old-libssh2-1.9.0/src/packet.c libssh2-1.9.0/src/packet.c
---- old-libssh2-1.9.0/src/packet.c      2019-12-24 03:06:34.642095230 -0500
-+++ libssh2-1.9.0/src/packet.c  2019-12-24 03:16:50.554095230 -0500
-@@ -419,8 +419,8 @@
+From ae6b894e43dabed9a93c1b5e47ab564de3f00d6c Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Sat, 21 Dec 2019 19:31:58 +0800
+Subject: [PATCH] packet.c: improve message parsing (#402)
+
+---
+ src/packet.c | 66 +++++++++++++++++++++++++-----------------------------------
+ 1 file changed, 27 insertions(+), 39 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index 38ab629..52eed32 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                      size_t datalen, int macstate)
  {
      int rc = 0;
 -    char *message = NULL;
 -    char *language = NULL;
-+    unsigned char *message = NULL;
++    unsigned char *message = NULL;    
 +    unsigned char *language = NULL;
      size_t message_len = 0;
      size_t language_len = 0;
      LIBSSH2_CHANNEL *channelp = NULL;
-@@ -472,33 +472,23 @@
-
+@@ -472,32 +472,21 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
+ 
          case SSH_MSG_DISCONNECT:
              if(datalen >= 5) {
 -                size_t reason = _libssh2_ntohu32(data + 1);
@@ -23,14 +33,13 @@ diff -Nur old-libssh2-1.9.0/src/packet.c libssh2-1.9.0/src/packet.c
 +                buf.dataptr = buf.data;
 +                buf.len = datalen;
 +                buf.dataptr++; /* advance past type */
-+
+ 
+-                if(datalen >= 9) {
+-                    message_len = _libssh2_ntohu32(data + 5);
 +                _libssh2_get_u32(&buf, &reason);
 +                _libssh2_get_string(&buf, &message, &message_len);
 +                _libssh2_get_string(&buf, &language, &language_len);
-
--                if(datalen >= 9) {
--                    message_len = _libssh2_ntohu32(data + 5);
--
+ 
 -                    if(message_len < datalen-13) {
 -                        /* 9 = packet_type(1) + reason(4) + message_len(4) */
 -                        message = (char *) data + 9;
@@ -53,24 +62,17 @@ diff -Nur old-libssh2-1.9.0/src/packet.c libssh2-1.9.0/src/packet.c
 -                    LIBSSH2_DISCONNECT(session, reason, message,
 -                                       message_len, language, language_len);
 +                    LIBSSH2_DISCONNECT(session, reason, (const char *)message,
-+                                       message_len, (const char *)language,
++                                       message_len, (const char *)language, 
 +                                       language_len);
                  }
-+
                  _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
                                 "Disconnect(%d): %s(%s)", reason,
-                                message, language);
-@@ -539,22 +529,21 @@
+@@ -539,22 +528,21 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                  int always_display = data[1];
-
+ 
                  if(datalen >= 6) {
 -                    message_len = _libssh2_ntohu32(data + 2);
-+                    struct string_buf buf;
-+                    buf.data = (unsigned char *)data;
-+                    buf.dataptr = buf.data;
-+                    buf.len = datalen;
-+                    buf.dataptr += 2; /* advance past type & always display */
-
+-
 -                    if(message_len <= (datalen - 10)) {
 -                        /* 6 = packet_type(1) + display(1) + message_len(4) */
 -                        message = (char *) data + 6;
@@ -80,21 +82,27 @@ diff -Nur old-libssh2-1.9.0/src/packet.c libssh2-1.9.0/src/packet.c
 -                        if(language_len <= (datalen - 10 - message_len))
 -                            language = (char *) data + 10 + message_len;
 -                    }
++                    struct string_buf buf;
++                    buf.data = (unsigned char *)data;
++                    buf.dataptr = buf.data;
++                    buf.len = datalen;
++                    buf.dataptr += 2; /* advance past type & always display */
++
 +                    _libssh2_get_string(&buf, &message, &message_len);
 +                    _libssh2_get_string(&buf, &language, &language_len);
                  }
-
+ 
                  if(session->ssh_msg_debug) {
 -                    LIBSSH2_DEBUG(session, always_display, message,
 -                                  message_len, language, language_len);
-+                    LIBSSH2_DEBUG(session, always_display,
-+                                  (const char *)message,
-+                                  message_len, (const char *)language,
++                    LIBSSH2_DEBUG(session, always_display, 
++                                 (const char *)message,
++                                  message_len, (const char *)language, 
 +                                  language_len);
                  }
              }
              /*
-@@ -579,7 +568,7 @@
+@@ -579,7 +567,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                  uint32_t len = 0;
                  unsigned char want_reply = 0;
                  len = _libssh2_ntohu32(data + 1);
@@ -103,3 +111,6 @@ diff -Nur old-libssh2-1.9.0/src/packet.c libssh2-1.9.0/src/packet.c
                      want_reply = data[5 + len];
                      _libssh2_debug(session,
                                     LIBSSH2_TRACE_CONN,
+-- 
+1.8.3.1
+
diff --git a/0001-libssh2-misc.c-_libssh2_ntohu32-cast-bit-shifting-40.patch b/0001-libssh2-misc.c-_libssh2_ntohu32-cast-bit-shifting-40.patch
new file mode 100644
index 0000000..50e5a34
--- /dev/null
+++ b/0001-libssh2-misc.c-_libssh2_ntohu32-cast-bit-shifting-40.patch
@@ -0,0 +1,28 @@
+From c2304e1ed951644bbe559348030bbb2844b348de Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Sat, 21 Dec 2019 19:35:22 +0800
+Subject: [PATCH] misc.c: _libssh2_ntohu32 cast bit shifting (#401)
+
+---
+ src/misc.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/misc.c b/src/misc.c
+index bd084c8..b307260 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -196,7 +196,10 @@ _libssh2_send(libssh2_socket_t sock, const void *buffer, size_t length,
+ unsigned int
+ _libssh2_ntohu32(const unsigned char *buf)
+ {
+-    return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3];
++    return (((unsigned int)buf[0] << 24)
++           | ((unsigned int)buf[1] << 16)
++           | ((unsigned int)buf[2] << 8)
++           | ((unsigned int)buf[3]));
+ }
+ 
+ 
+-- 
+1.8.3.1
+
diff --git a/libssh2.spec b/libssh2.spec
index e9691d4..7f106c5 100644
--- a/libssh2.spec
+++ b/libssh2.spec
@@ -6,7 +6,8 @@ License:	BSD
 URL:		https://www.libssh2.org/
 Source0:	https://libssh2.org/download/libssh2-%{version}.tar.gz
 
-Patch6000:      CVE-2019-17498.patch
+Patch9000:      0001-libssh2-CVE-2019-17498.patch
+Patch9001:      0001-libssh2-misc.c-_libssh2_ntohu32-cast-bit-shifting-40.patch
 
 BuildRequires:	coreutils findutils /usr/bin/man zlib-devel
 BuildRequires:	gcc make sed openssl-devel > 1:1.0.1 openssh-server
@@ -86,11 +87,11 @@ LC_ALL=en_US.UTF-8 make -C tests check
 %{_mandir}/man3/libssh2_*.3*
 
 %changelog
-* Tue Dec 24 2019 zhouyihang<zhouyihang1@huawei.com> - 1.9.0-2
-- Type:cves
-- ID:CVE-2019-17498
-- SUG:restart
-- DESC: fix CVE-2019-17498
+* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.0-2
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC: add patches
 
 * Sun Sep 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.0-1
 - Package init