diff --git a/openssh-configure-c99-1.patch b/openssh-configure-c99-1.patch
new file mode 100644
index 0000000..a2c69aa
--- /dev/null
+++ b/openssh-configure-c99-1.patch
@@ -0,0 +1,26 @@
+commit 40b0a5eb6e3edfa2886b60c09c7803353b0cc7f5
+Author: Sam James <sam@gentoo.org>
+Date:   Sun Nov 6 04:47:35 2022 +0000
+
+    configure.ac: Add <pty.h> include for openpty
+    
+    Another Clang 16ish fix (which makes -Wimplicit-function-declaration
+    an error by default).  github PR#355.
+    
+    See: 2efd71da49b9cfeab7987058cf5919e473ff466b
+    See: be197635329feb839865fdc738e34e24afd1fca8
+
+diff --git a/configure.ac b/configure.ac
+index 1e77ecfc..1866aea5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2373,6 +2373,9 @@ if test ! -z "$check_for_openpty_ctty_bug"; then
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#ifdef HAVE_PTY_H
++# include <pty.h>
++#endif
+ #include <sys/fcntl.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
diff --git a/openssh-configure-c99-2.patch b/openssh-configure-c99-2.patch
new file mode 100644
index 0000000..693e64f
--- /dev/null
+++ b/openssh-configure-c99-2.patch
@@ -0,0 +1,47 @@
+commit 32fddb982fd61b11a2f218a115975a87ab126d43
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Nov 7 10:39:01 2022 +1100
+
+    Fix setres*id checks to work with clang-16.
+    
+    glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE,
+    and clang 16 will error out on implicit function definitions, so add
+    _GNU_SOURCE and the required headers to the configure checks.  From
+    sam at @gentoo.org via bz#3497.
+
+diff --git a/configure.ac b/configure.ac
+index 4bf758ac..e172540a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -863,7 +863,8 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+ 	check_for_openpty_ctty_bug=1
+ 	dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
+ 	dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
+-	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
++	dnl _GNU_SOURCE is needed for setres*id prototypes.
++	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE"
+ 	AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels])
+ 	AC_DEFINE([PAM_TTY_KLUDGE], [1],
+ 		[Work around problematic Linux PAM modules handling of PAM_TTY])
+@@ -2168,8 +2169,9 @@ AC_CHECK_FUNCS([setresuid], [
+ 	AC_MSG_CHECKING([if setresuid seems to work])
+ 	AC_RUN_IFELSE(
+ 		[AC_LANG_PROGRAM([[
+-#include <stdlib.h>
+ #include <errno.h>
++#include <stdlib.h>
++#include <unistd.h>
+ 		]], [[
+ 	errno=0;
+ 	setresuid(0,0,0);
+@@ -2191,8 +2193,9 @@ AC_CHECK_FUNCS([setresgid], [
+ 	AC_MSG_CHECKING([if setresgid seems to work])
+ 	AC_RUN_IFELSE(
+ 		[AC_LANG_PROGRAM([[
+-#include <stdlib.h>
+ #include <errno.h>
++#include <stdlib.h>
++#include <unistd.h>
+ 		]], [[
+ 	errno=0;
+ 	setresgid(0,0,0);
diff --git a/openssh-configure-c99-3.patch b/openssh-configure-c99-3.patch
new file mode 100644
index 0000000..48ab14a
--- /dev/null
+++ b/openssh-configure-c99-3.patch
@@ -0,0 +1,41 @@
+commit 5eb796a369c64f18d55a6ae9b1fa9b35eea237fb
+Author: Harmen Stoppels <harmenstoppels@gmail.com>
+Date:   Thu Oct 13 16:08:46 2022 +0200
+
+    Fix snprintf configure test for clang 15
+    
+    Clang 15 -Wimplicit-int defaults to an error in C99 mode and above.
+    A handful of tests have "main(..." and not "int main(..." which caused
+    the tests to produce incorrect results.
+
+diff --git a/configure.ac b/configure.ac
+index de60a1b1..165c49de 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -713,7 +713,7 @@ case "$host" in
+ 	AC_RUN_IFELSE([AC_LANG_SOURCE([[
+ #include <mach-o/dyld.h>
+ #include <stdlib.h>
+-main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
++int main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+ 		exit(0);
+ 	else
+ 		exit(1);
+@@ -4259,7 +4259,7 @@ dnl test snprintf (broken on SCO w/gcc)
+ #include <stdlib.h>
+ #include <string.h>
+ #ifdef HAVE_SNPRINTF
+-main()
++int main()
+ {
+ 	char buf[50];
+ 	char expected_out[50];
+@@ -4276,7 +4276,7 @@ main()
+ 	exit(0);
+ }
+ #else
+-main() { exit(0); }
++int main() { exit(0); }
+ #endif
+ 		]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ],
+ 		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
diff --git a/openssh.spec b/openssh.spec
index e64875d..b483c3e 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -54,7 +54,7 @@
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}.1
+Release: %{openssh_rel}%{?dist}.2
 URL: http://www.openssh.com/portable.html
 #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -106,6 +106,7 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
 Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2070113
 Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
+Patch309: pam_ssh_agent-configure-c99.patch
 
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
 Patch400: openssh-7.8p1-role-mls.patch
@@ -236,6 +237,10 @@ Patch1004: openssh-8.7p1-gssapi-auth.patch
 # https://github.com/openssh/openssh-portable/pull/323
 Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
 
+Patch1007: openssh-configure-c99-1.patch
+Patch1008: openssh-configure-c99-2.patch
+Patch1009: openssh-configure-c99-3.patch
+
 # downstream only
 # we skip some ssh-rsa/ssh-dss tests to make native test suite pass
 #Patch1100: openssh-8.8p1-skip-some-tests.patch
@@ -314,7 +319,7 @@ Requires: openssh = %{version}-%{release}
 %package -n pam_ssh_agent_auth
 Summary: PAM module for authentication with ssh-agent
 Version: %{pam_ssh_agent_ver}
-Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1
+Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.2
 License: BSD
 
 %description
@@ -375,6 +380,7 @@ pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 %patch305 -p2 -b .psaa-agent
 %patch307 -p2 -b .psaa-deref
 %patch308 -p2 -b .rsasha2
+%patch309 -p1 -b .psaa-configure-c99
 # Remove duplicate headers and library files
 rm -f $(cat %{SOURCE5})
 popd
@@ -441,6 +447,10 @@ popd
 
 %patch1006 -p1 -b .negotiate-supported-algs
 
+%patch1007 -p1 -b .configure-c99-1
+%patch1008 -p1 -b .configure-c99-2
+%patch1009 -p1 -b .configure-c99-3
+
 #%patch1100 -p1 -b .skipsshrsadsstests
 
 %patch100 -p1 -b .coverity
@@ -749,6 +759,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Wed Apr 12 2023 Florian Weimer <fweimer@redhat.com> - 9.0p1-14.2
+- C99 compatiblity fixes
+
 * Tue Mar 14 2023 Timothée Ravier <tim@siosm.fr> - 9.0p1-14
 - Make sshd & sshd@ units want ssh-host-keys-migration.service
 
diff --git a/pam_ssh_agent-configure-c99.patch b/pam_ssh_agent-configure-c99.patch
new file mode 100644
index 0000000..bc40434
--- /dev/null
+++ b/pam_ssh_agent-configure-c99.patch
@@ -0,0 +1,249 @@
+configure.ac: Improve C99 compatibility
+
+Future compilers will not support implicit declarations and implicit
+ints by default.  This means that configure probes which rely on them
+will fail unconditionally, without actually testing anything.
+
+The changes mostly mirror what has been implemented in the openssh
+repository, but had to be adapted somewhat because of drift between
+the two versions of configure.ac.
+
+Sam James has submitted similar fixes upstream:
+
+  <https://github.com/jbeverly/pam_ssh_agent_auth/pull/41>
+
+diff --git a/configure.ac b/configure.ac
+index 6496679..d927b62 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -500,10 +500,10 @@ int main(void) { exit(0); }
+ 	AC_DEFINE(HAVE_BUNDLE, 1, [Define if your system uses bundles instead of ELF shared objects])
+ 	AC_MSG_CHECKING(if we have working getaddrinfo)
+ 	AC_TRY_RUN([#include <mach-o/dyld.h>
+-main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+-		exit(0);
++int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
++		return 0;
+ 	else
+-		exit(1);
++		return 1;
+ }], [AC_MSG_RESULT(working)],
+ 	[AC_MSG_RESULT(buggy)
+ 	AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
+@@ -917,8 +917,8 @@ AC_SUBST(LDFLAGS_SHARED)
+ AC_MSG_CHECKING(compiler and flags for sanity)
+ AC_RUN_IFELSE(
+ 	[AC_LANG_SOURCE([
+-#include <stdio.h>
+-int main(){exit(0);}
++#include <stdlib.h>
++int main(void){exit(0);}
+ 	])],
+ 	[	AC_MSG_RESULT(yes) ],
+ 	[
+@@ -951,9 +951,9 @@ int main(int argc, char **argv) {
+     strncpy(buf,"/etc", 32);
+     s = dirname(buf);
+     if (!s || strncmp(s, "/", 32) != 0) {
+-	exit(1);
++	return 1;
+     } else {
+-	exit(0);
++	return 0;
+     }
+ }
+ 				]])],
+@@ -1102,7 +1102,7 @@ AC_RUN_IFELSE(
+ 	[AC_LANG_SOURCE([[
+ #include <sys/types.h>
+ #include <dirent.h>
+-int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
++int main(void){struct dirent d;return sizeof(d.d_name)<=sizeof(char);}
+ 	]])],
+ 	[AC_MSG_RESULT(yes)],
+ 	[
+@@ -1327,8 +1327,10 @@ AC_CHECK_FUNCS(setresuid, [
+ 	AC_MSG_CHECKING(if setresuid seems to work)
+ 	AC_RUN_IFELSE(
+ 		[AC_LANG_SOURCE([[
++#define _GNU_SOURCE
+ #include <stdlib.h>
+ #include <errno.h>
++#include <unistd.h>
+ int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ 		]])],
+ 		[AC_MSG_RESULT(yes)],
+@@ -1344,8 +1346,10 @@ AC_CHECK_FUNCS(setresgid, [
+ 	AC_MSG_CHECKING(if setresgid seems to work)
+ 	AC_RUN_IFELSE(
+ 		[AC_LANG_SOURCE([[
++#define _GNU_SOURCE
+ #include <stdlib.h>
+ #include <errno.h>
++#include <unistd.h>
+ int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
+ 		]])],
+ 		[AC_MSG_RESULT(yes)],
+@@ -1384,7 +1388,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
+ 	AC_RUN_IFELSE(
+ 		[AC_LANG_SOURCE([[
+ #include <stdio.h>
+-int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
++int main(void){char b[5];snprintf(b,5,"123456789");return b[4]!='\0';}
+ 		]])],
+ 		[AC_MSG_RESULT(yes)],
+ 		[
+@@ -1418,7 +1422,7 @@ int x_snprintf(char *str,size_t count,const char *fmt,...)
+ int main(void)
+ {
+ 	char x[1];
+-	exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
++	return x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1;
+ } ]])],
+ 		[AC_MSG_RESULT(yes)],
+ 		[
+@@ -1467,7 +1471,8 @@ AC_MSG_CHECKING([for (overly) strict mkstemp])
+ AC_RUN_IFELSE(
+ 	[AC_LANG_SOURCE([[
+ #include <stdlib.h>
+-main() { char template[]="conftest.mkstemp-test";
++#include <unistd.h>
++int main(void) { char template[]="conftest.mkstemp-test";
+ if (mkstemp(template) == -1)
+ 	exit(1);
+ unlink(template); exit(0);
+@@ -1492,10 +1497,14 @@ if test ! -z "$check_for_openpty_ctty_bug"; then
+ 	AC_MSG_CHECKING(if openpty correctly handles controlling tty)
+ 	AC_RUN_IFELSE(
+ 		[AC_LANG_SOURCE([[
++#include <stdlib.h>
+ #include <stdio.h>
+ #include <sys/fcntl.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
++#ifdef HAVE_PTY_H
++#include <pty.h>
++#endif
+ 
+ int
+ main()
+@@ -1543,6 +1552,7 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
+ 	AC_RUN_IFELSE(
+ 		[AC_LANG_SOURCE([[
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <sys/socket.h>
+ #include <netdb.h>
+ #include <errno.h>
+@@ -1748,6 +1758,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
+ AC_MSG_CHECKING([OpenSSL header version])
+ AC_RUN_IFELSE(
+ 	[AC_LANG_SOURCE([[
++#include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <openssl/opensslv.h>
+@@ -1794,12 +1805,12 @@ int main(void) {
+ 
+ 	fd = fopen(DATA,"w");
+ 	if(fd == NULL)
+-		exit(1);
++		return 1;
+ 
+ 	if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
+-		exit(1);
++		return 1;
+ 
+-	exit(0);
++	return 0;
+ }
+ 	]])],
+ 	[
+@@ -1829,7 +1840,7 @@ AC_RUN_IFELSE(
+ 	[AC_LANG_SOURCE([[
+ #include <string.h>
+ #include <openssl/opensslv.h>
+-int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
++int main(void) { return SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1; }
+ 	]])],
+ 	[
+ 		AC_MSG_RESULT(yes)
+@@ -2598,7 +2609,7 @@ dnl test snprintf (broken on SCO w/gcc)
+ #include <stdio.h>
+ #include <string.h>
+ #ifdef HAVE_SNPRINTF
+-main()
++int main(void)
+ {
+ 	char buf[50];
+ 	char expected_out[50];
+@@ -2611,11 +2622,11 @@ main()
+ 	strcpy(expected_out, "9223372036854775807");
+ 	snprintf(buf, mazsize, "%lld", num);
+ 	if(strcmp(buf, expected_out) != 0)
+-		exit(1);
+-	exit(0);
++		return 1;
++	return 0;
+ }
+ #else
+-main() { exit(0); }
++int main(void) { return 0; }
+ #endif
+ 		]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ],
+ 		AC_MSG_WARN([cross compiling: Assuming working snprintf()])
+@@ -2746,11 +2757,11 @@ AC_CACHE_CHECK([for msg_accrights field in struct msghdr],
+ int main() {
+ #ifdef msg_accrights
+ #error "msg_accrights is a macro"
+-exit(1);
++return 1;
+ #endif
+ struct msghdr m;
+ m.msg_accrights = 0;
+-exit(0);
++return 0;
+ }
+ 		])],
+ 		[ ac_cv_have_accrights_in_msghdr="yes" ],
+@@ -2773,11 +2784,11 @@ AC_CACHE_CHECK([for msg_control field in struct msghdr],
+ int main() {
+ #ifdef msg_control
+ #error "msg_control is a macro"
+-exit(1);
++return 1;
+ #endif
+ struct msghdr m;
+ m.msg_control = 0;
+-exit(0);
++return 0;
+ }
+ 		])],
+ 		[ ac_cv_have_control_in_msghdr="yes" ],
+@@ -2791,7 +2802,7 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
+ fi
+ 
+ AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
+-	AC_TRY_LINK([],
++	AC_TRY_LINK([#include <stdio.h>],
+ 		[ extern char *__progname; printf("%s", __progname); ],
+ 		[ ac_cv_libc_defines___progname="yes" ],
+ 		[ ac_cv_libc_defines___progname="no" ]
+@@ -2871,7 +2882,7 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
+ fi
+ 
+ AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
+-	AC_TRY_LINK([],
++	AC_TRY_LINK([#include <stdio.h>],
+ 		[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);],
+ 		[ ac_cv_libc_defines_sys_errlist="yes" ],
+ 		[ ac_cv_libc_defines_sys_errlist="no" ]
+@@ -2884,7 +2895,7 @@ fi
+ 
+ 
+ AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
+-	AC_TRY_LINK([],
++	AC_TRY_LINK([#include <stdio.h>],
+ 		[ extern int sys_nerr; printf("%i", sys_nerr);],
+ 		[ ac_cv_libc_defines_sys_nerr="yes" ],
+ 		[ ac_cv_libc_defines_sys_nerr="no" ]