From 99809e836edc6885634bf9b089ca89059bc6b998 Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Thu, 7 Sep 2023 11:43:36 -0700
Subject: Updated to 9.4p1-3

---
 00-archlinux.conf               |  4 ++
 PKGBUILD                        | 94 +++++++++++++++++++++++++----------------
 openssh-9.0p1-sshd_config.patch | 30 -------------
 3 files changed, 62 insertions(+), 66 deletions(-)
 create mode 100644 00-archlinux.conf
 delete mode 100644 openssh-9.0p1-sshd_config.patch

diff --git a/00-archlinux.conf b/00-archlinux.conf
new file mode 100644
index 0000000..365f115
--- /dev/null
+++ b/00-archlinux.conf
@@ -0,0 +1,4 @@
+# sshd_config defaults on Arch Linux
+KbdInteractiveAuthentication no
+UsePAM yes
+PrintMotd no
diff --git a/PKGBUILD b/PKGBUILD
index dd5565a..086697c 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -10,58 +10,76 @@
 # Arch version lacks openrc support
 
 pkgname=openssh
-pkgver=9.3p2
-pkgrel=1
+pkgver=9.4p1
+pkgrel=3
 pkgdesc="SSH protocol implementation for remote login, command execution and file transfer"
-arch=('x86_64')
+arch=(x86_64)
 url='https://www.openssh.com/portable.html'
-license=('custom:BSD')
+license=(
+  BSD-2-Clause
+  BSD-3-Clause
+  ISC
+  MIT
+)
 depends=(
-  'glibc'
-  'krb5' 'libkrb5.so' 'libgssapi_krb5.so'
-  'ldns'
-  'libedit'
-  'libxcrypt' 'libcrypt.so'
-  'openssl'
-  'pam' 'libpam.so'
-  'zlib'
+  glibc
+  krb5 libkrb5.so libgssapi_krb5.so
+  ldns
+  libedit
+  libxcrypt libcrypt.so
+  openssl
+  pam libpam.so
+  zlib
+)
+makedepends=(
+  libfido2
+  linux-headers
 )
-makedepends=('libfido2' 'linux-headers')
 optdepends=(
   'libfido2: FIDO/U2F support'
+  'sh: for ssh-copy-id and findssl.sh'
   'x11-ssh-askpass: input passphrase in X'
   'xorg-xauth: X11 forwarding'
 )
 backup=(
-  'etc/pam.d/sshd'
-  'etc/ssh/ssh_config'
-  'etc/ssh/sshd_config'
+  etc/pam.d/sshd
+  etc/ssh/ssh_config
+  etc/ssh/sshd_config
 )
 # # For some reason this breaks compiling. "error: C compiler cannot create executables"
 # # But old-fashioned raw injection of -flto=auto via export doesn't.
 #options=('lto')
 #options=('debug')
 source=(
-  "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
-  "$pkgname-9.0p1-sshd_config.patch"
-  'sshd.conf'
-  'sshd.pam'
+  https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz{,.asc}
+  00-archlinux.conf
+  sshd.conf
+  sshd.pam
 )
-sha256sums=('200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8'
+sha256sums=('3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85'
             'SKIP'
-            '27e43dfd1506c8a821ec8186bae65f2dc43ca038616d6de59f322bd14aa9d07f'
+            '78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30'
             '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6'
             '64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846')
-b2sums=('38f8d4ada263112b318fafccabf0a33a004d8290a867434004eb3d37127c9bdabe6e0225fca9d6d68fb54338fec81dcc9313ca7c91d3a033311db44174dc9f6f'
+b2sums=('d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53'
         'SKIP'
-        '29e1a1c2744e0234830c6f93a46338ea8dc943370e20a24883d207d611025e54643da678f2826050c073a36be48dfdc7329d4cfb144c2ff90607a5f10f73dc59'
+        '1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97'
         '27571f728c3c10834a81652f3917188436474b588f8b047462e44b6c7a424f60d06ce8cb74839b691870177d7261592207d7f35d4ae6c79af87d6a7ea156d395'
         '557d015bca7008ce824111f235da67b7e0051a693aaab666e97b78e753ed7928b72274af03d7fde12033986b733d5f996faf2a4feb6ecf53f39accae31334930')
 validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA')  # Damien Miller <djm@mindrot.org>
 # https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
 
 prepare() {
-  patch -Np1 -d "$pkgname-$pkgver" -i ../$pkgname-9.0p1-sshd_config.patch
+  cd $pkgname-$pkgver
+  # remove variable (but useless) first line in config (related to upstream VCS)
+  sed '/^#.*\$.*\$$/d' -i ssh{,d}_config
+
+  # prepend configuration option to include drop-in configuration files for sshd_config
+  printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp
+  mv -v sshd_config.tmp sshd_config
+  # prepend configuration option to include drop-in configuration files for ssh_config
+  printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp
+  mv -v ssh_config.tmp ssh_config
 }
 
 build() {
@@ -81,9 +99,10 @@ build() {
     --with-xauth=/usr/bin/xauth
     --with-pid-dir=/run
     --with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin'
+    --without-zlib-version-check
   )
 
-  cd "${pkgname}-${pkgver}"
+  cd $pkgname-$pkgver
 
   # -fPIE causes test errors
   export CFLAGS="$CFLAGS -O3 -fstack-protector-all -flto=auto -fPIC"
@@ -95,24 +114,27 @@ build() {
 }
 
 check() {
-  cd "${pkgname}-${pkgver}"
+  cd $pkgname-$pkgver
 
   # NOTE: make t-exec does not work in our build environment
   make file-tests interop-tests unit
 }
 
 package() {
-  cd "${pkgname}-${pkgver}"
+  cd $pkgname-$pkgver
+
+  make DESTDIR="$pkgdir" install
 
-  make DESTDIR="${pkgdir}" install
+  install -vDm 644 ../00-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/"
+  install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d"
 
-  ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
-  install -Dm644 LICENCE -t "${pkgdir}/usr/share/licenses/${pkgname}/"
+  ln -sf ssh.1.gz "$pkgdir"/usr/share/man/man1/slogin.1.gz
+  install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/$pkgname/"
 
-  install -Dm644 ../sshd.conf -t "${pkgdir}"/usr/lib/tmpfiles.d/
-  install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+  install -Dm644 ../sshd.conf -t "$pkgdir"/usr/lib/tmpfiles.d/
+  install -Dm644 ../sshd.pam "$pkgdir"/etc/pam.d/sshd
 
-  install -Dm755 contrib/findssl.sh -t "${pkgdir}"/usr/bin/
-  install -Dm755 contrib/ssh-copy-id -t "${pkgdir}"/usr/bin/
-  install -Dm644 contrib/ssh-copy-id.1 -t "${pkgdir}"/usr/share/man/man1/
+  install -Dm755 contrib/findssl.sh -t "$pkgdir"/usr/bin/
+  install -Dm755 contrib/ssh-copy-id -t "$pkgdir"/usr/bin/
+  install -Dm644 contrib/ssh-copy-id.1 -t "$pkgdir"/usr/share/man/man1/
 }
diff --git a/openssh-9.0p1-sshd_config.patch b/openssh-9.0p1-sshd_config.patch
deleted file mode 100644
index 9100149..0000000
--- a/openssh-9.0p1-sshd_config.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -ruN a/sshd_config b/sshd_config
---- a/sshd_config	2022-04-06 02:47:48.000000000 +0200
-+++ b/sshd_config	2022-10-10 19:55:58.961117951 +0200
-@@ -58,7 +58,7 @@
- #PermitEmptyPasswords no
- 
- # Change to no to disable s/key passwords
--#KbdInteractiveAuthentication yes
-+KbdInteractiveAuthentication no
- 
- # Kerberos options
- #KerberosAuthentication no
-@@ -79,7 +79,7 @@
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and KbdInteractiveAuthentication to 'no'.
--#UsePAM no
-+UsePAM yes
- 
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
-@@ -88,7 +88,7 @@
- #X11DisplayOffset 10
- #X11UseLocalhost yes
- #PermitTTY yes
--#PrintMotd yes
-+PrintMotd no
- #PrintLastLog yes
- #TCPKeepAlive yes
- #PermitUserEnvironment no
-- 
cgit v1.2.1