From b79434aa7270129e39e6db5290627bb620084868 Mon Sep 17 00:00:00 2001
From: Fredrik Fornwall <fredrik@fornwall.net>
Date: Fri, 24 Mar 2017 00:14:08 +0100
Subject: [PATCH] openssh: Disable privilege separation by patching

The UsePrivilegeSeparation option is no longer supported, so we
need to disable privilege separation by a code patch.
---
 packages/openssh/build.sh         |  2 +-
 packages/openssh/servconf.c.patch | 25 ++++++++++++++++++++-----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/packages/openssh/build.sh b/packages/openssh/build.sh
index 38950a9a..e7d67838 100755
--- a/packages/openssh/build.sh
+++ b/packages/openssh/build.sh
@@ -51,7 +51,7 @@ termux_step_post_configure() {
 
 termux_step_post_make_install () {
 	# OpenSSH 7.0 disabled ssh-dss by default, keep it for a while in Termux:
-        echo -e "PasswordAuthentication no\nUsePrivilegeSeparation no\nPubkeyAcceptedKeyTypes +ssh-dss\nSubsystem sftp $TERMUX_PREFIX/libexec/sftp-server" > $TERMUX_PREFIX/etc/ssh/sshd_config
+        echo -e "PasswordAuthentication no\nPubkeyAcceptedKeyTypes +ssh-dss\nSubsystem sftp $TERMUX_PREFIX/libexec/sftp-server" > $TERMUX_PREFIX/etc/ssh/sshd_config
         echo "PubkeyAcceptedKeyTypes +ssh-dss" > $TERMUX_PREFIX/etc/ssh/ssh_config
 	cp $TERMUX_PKG_BUILDER_DIR/source-ssh-agent.sh $TERMUX_PREFIX/bin/source-ssh-agent
 	cp $TERMUX_PKG_BUILDER_DIR/ssh-with-agent.sh $TERMUX_PREFIX/bin/ssha
diff --git a/packages/openssh/servconf.c.patch b/packages/openssh/servconf.c.patch
index 6e21904b..3bf53822 100644
--- a/packages/openssh/servconf.c.patch
+++ b/packages/openssh/servconf.c.patch
@@ -1,7 +1,7 @@
-diff -u -r ../openssh-6.9p1/servconf.c ./servconf.c
---- ../openssh-6.9p1/servconf.c	2015-06-30 22:35:31.000000000 -0400
-+++ ./servconf.c	2015-07-11 21:40:29.639988543 -0400
-@@ -208,7 +208,7 @@
+diff -u -r ../openssh-7.5p1/servconf.c ./servconf.c
+--- ../openssh-7.5p1/servconf.c	2017-03-20 03:39:27.000000000 +0100
++++ ./servconf.c	2017-03-24 00:08:05.880913398 +0100
+@@ -212,7 +212,7 @@
  	}
  	/* No certificates by default */
  	if (options->num_ports == 0)
@@ -10,7 +10,22 @@ diff -u -r ../openssh-6.9p1/servconf.c ./servconf.c
  	if (options->address_family == -1)
  		options->address_family = AF_UNSPEC;
  	if (options->listen_addrs == NULL)
-@@ -663,7 +663,7 @@
+@@ -336,9 +336,13 @@
+ 
+ 	assemble_algorithms(options);
+ 
+-	/* Turn privilege separation and sandboxing on by default */
+ 	if (use_privsep == -1)
++#ifdef __ANDROID__
++		use_privsep = PRIVSEP_OFF;
++#else
++		/* Turn privilege separation and sandboxing on by default */
+ 		use_privsep = PRIVSEP_ON;
++#endif
+ 
+ #define CLEAR_ON_NONE(v) \
+ 	do { \
+@@ -675,7 +679,7 @@
  	u_int i;
  
  	if (options->num_ports == 0)
-- 
2.11.0