openssh: try resolving issues when starting sshd with root

packages/openssh/auth.c.patch

@@ -1,17 +1,24 @@
 diff -uNr openssh-portable-V_9_5_P1/auth.c openssh-portable-V_9_5_P1.mod/auth.c
 --- openssh-portable-V_9_5_P1/auth.c	2023-10-04 07:34:10.000000000 +0300
 +++ openssh-portable-V_9_5_P1.mod/auth.c	2023-11-23 16:29:34.257875879 +0200
-@@ -485,7 +485,13 @@
+@@ -484,7 +484,20 @@
  	aix_setauthdb(user);
  #endif
 
 +#ifdef __ANDROID__
-+        /* Effectively a single-user system, use current user no matter supplied user */
-+        pw = getpwuid(getuid());
++	int uid = getuid();
++	if (__predict_false(uid == 0)) {
++		/* If sshd is started as root user, get uid from the owner of TERMUX_PREFIX */
++		struct stat st;
++		if (stat("@TERMUX_PREFIX@", &st) != -1) {
++			uid = st.st_uid;
++		}
++	}
++	/* Effectively a single-user system, use current user no matter supplied user */
++	pw = getpwuid(uid);
 +#else
  	pw = getpwnam(user);
 +#endif
-+
 
  #if defined(_AIX) && defined(HAVE_SETAUTHDB)
  	aix_restoreauthdb();

packages/openssh/build.sh

@@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine"
 TERMUX_PKG_LICENSE="BSD"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION="9.8p1"
-TERMUX_PKG_REVISION=3
+TERMUX_PKG_REVISION=4
 TERMUX_PKG_SRCURL=https://github.com/openssh/openssh-portable/archive/refs/tags/V_$(sed 's/\./_/g; s/p/_P/g' <<< $TERMUX_PKG_VERSION).tar.gz
 TERMUX_PKG_SHA256=d8f6802914e4c344dc74599c29915651554bb318102d71cb4063e1f4a0d8286f
 TERMUX_PKG_AUTO_UPDATE=true

packages/openssh/session.c.patch

@@ -103,3 +103,28 @@ diff -uNr openssh-portable-V_9_5_P1/session.c openssh-portable-V_9_5_P1.mod/sess
  	/* Set custom environment options from pubkey authentication. */
  	if (options.permit_user_env) {
  		for (n = 0 ; n < auth_opts->nenv; n++) {
+@@ -1365,11 +1408,24 @@
+ 			exit(1);
+ 		}
+ 		/* Initialize the group list. */
++#ifndef __ANDROID__
+ 		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
+ 			perror("initgroups");
+ 			exit(1);
+ 		}
+ 		endgrent();
++#else
++		/* initgroups will only set one GID, so do not use it */
++		gid_t gidset[4];
++		gidset[0] = pw->pw_gid; /* AID_TERMUX_APP */
++		gidset[1] = 3003; /* AID_INET */
++		gidset[2] = 9997; /* AID_EVERYBODY */;
++		gidset[3] = pw->pw_gid - 10000 /* AID_APP_START */ + 50000 /* AID_SHARED_GID_START */;
++		if (setgroups(4, gidset) == -1) {
++			perror("setgroups");
++			exit(1);
++		}
++#endif
+ #endif
+
+ 		platform_setusercontext_post_groups(pw);

packages/openssh/sshd-session.c.patch

@@ -0,0 +1,23 @@
+https://github.com/termux/termux-packages/issues/20774
+
+--- a/sshd-session.c
++++ b/sshd-session.c
+@@ -1074,7 +1074,18 @@
+
+ 	/* Store privilege separation user for later use if required. */
+ 	privsep_chroot = (getuid() == 0 || geteuid() == 0);
++#ifdef __ANDROID__
++	/* Let the privilege separation user be Termux on Android */
++	do {
++		struct stat st;
++		if (stat("@TERMUX_PREFIX@", &st) != -1) {
++			privsep_pw = getpwuid(st.st_uid);
++		}
++	} while (0);
++	if (privsep_pw == NULL) {
++#else
+ 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
++#endif
+ 		if (privsep_chroot || options.kerberos_authentication)
+ 			fatal("Privilege separation user %s does not exist",
+ 			    SSH_PRIVSEP_USER);

packages/openssh/sshd.c.patch

@@ -6,7 +6,7 @@ diff -uNr openssh-portable-V_9_8_P1/sshd.c openssh-portable-V_9_8_P1.mod/sshd.c
  	rexec_argc = ac;
  	saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
 -	for (i = 0; (int)i < ac; i++)
-+	saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
++	saved_argv[0] = xstrdup("@TERMUX_PREFIX@/bin/sshd");
 +	for (i = 1; (int)i < ac; i++)
  		saved_argv[i] = xstrdup(av[i]);
  	saved_argv[i] = NULL;