From 777cd4573c774ed7b04c26852f450a1006e95a28 Mon Sep 17 00:00:00 2001
From: Mathieu Rene <mathieu.rene@gmail.com>
Date: Fri, 27 Dec 2024 13:22:02 -0500
Subject: [PATCH] pam_ssh_agent_auth: fix build with gcc14

---
 .../by-name/pa/pam_ssh_agent_auth/package.nix | 46 ++++++++++++++++---
 1 file changed, 40 insertions(+), 6 deletions(-)

diff --git a/pkgs/by-name/pa/pam_ssh_agent_auth/package.nix b/pkgs/by-name/pa/pam_ssh_agent_auth/package.nix
index 178deb281d4d5..6ba71b483e24b 100644
--- a/pkgs/by-name/pa/pam_ssh_agent_auth/package.nix
+++ b/pkgs/by-name/pa/pam_ssh_agent_auth/package.nix
@@ -3,9 +3,11 @@
   stdenv,
   nixosTests,
   fetchFromGitHub,
+  fetchDebianPatch,
   pam,
   openssl,
   perl,
+  autoreconfHook,
 }:
 
 stdenv.mkDerivation rec {
@@ -26,18 +28,50 @@ stdenv.mkDerivation rec {
     sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM=";
   };
 
+  # Required because of fix-configure.patch
+  nativeBuildInputs = [
+    autoreconfHook
+  ];
+
   buildInputs = [
     pam
     openssl
     perl
   ];
 
-  patches = [
-    # Allow multiple colon-separated authorized keys files to be
-    # specified in the file= option.
-    ./multiple-key-files.patch
-    ./edcsa-crash-fix.patch
-  ];
+  patches =
+    let
+      fetchDebianPatch' =
+        args:
+        fetchDebianPatch (
+          {
+            pname = "pam-ssh-agent-auth";
+            version = "0.10.3";
+            debianRevision = "11";
+          }
+          // args
+        );
+    in
+    [
+      # Allow multiple colon-separated authorized keys files to be
+      # specified in the file= option.
+      ./multiple-key-files.patch
+      ./edcsa-crash-fix.patch
+
+      # Patch configure to remove implicit function declaration errors under gcc14
+      # Requires autoreconfHook
+      (fetchDebianPatch' {
+        patch = "fix-configure.patch";
+        hash = "sha256-ymXv2o/NpFeVQ6r0hvJEeMpvs5Ht9jq4RSw8ssv43FY=";
+      })
+
+      # Avoided incompatible pointer passing to fix GCC 14 build errors. Add missing 'const', cast to expected pointer type (DSA_SIG) and avoid
+      # pointer to pointer when pointer is required.
+      (fetchDebianPatch' {
+        patch = "1000-gcc-14.patch";
+        hash = "sha256-EvdaIhrfKZ1mB7qvNiGx/hYdthStgnhK7xvJEhhAFDQ=";
+      })
+    ];
 
   configureFlags = [
     # It's not clear to me why this is necessary, but without it, you see: