aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/openssh/Manifest143
-rw-r--r--net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch90
-rw-r--r--net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch33
-rw-r--r--net-misc/openssh/files/openssh-6.9_p1-libseccomp.patch244
-rw-r--r--net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch24
-rw-r--r--net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch74
-rw-r--r--net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch51
-rw-r--r--net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch106
-rw-r--r--net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch74
-rw-r--r--net-misc/openssh/files/openssh-7.2_p1-x509-warnings.patch22
-rw-r--r--net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch20
-rw-r--r--net-misc/openssh/openssh-6.9_p1-r2.ebuild322
-rw-r--r--net-misc/openssh/openssh-7.1_p1-r2.ebuild340
-rw-r--r--net-misc/openssh/openssh-7.1_p2.ebuild340
-rw-r--r--net-misc/openssh/openssh-7.2_p2-r1.ebuild348
-rw-r--r--net-misc/openssh/openssh-7.2_p2.ebuild341
-rw-r--r--net-misc/openssh/openssh-7.5_p1-r4.ebuild1
17 files changed, 78 insertions, 2495 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 1a7757ef..97077bc9 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,86 +1,57 @@
-AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
-AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 SHA256 f5ae8419023d9e5f64c4273e43d60664d0079b5888ed999496038f295852e0ae SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d WHIRLPOOL cc4871e3fb91a8075a13b5e49d7d3e0e83106bae0820ae3cf19d3427aad3d701b8f25b2cc2cc881a6315f8e5114fb82da9ca335acccb24afe221d66574fb7685
-AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
-AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 SHA256 c79e3a201b2150e2fbc1e869233bac6acc27b2b126d4539cc09aa651fb2e60af SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec WHIRLPOOL 729c14b8d6f55d789ae2ea0e9cb2e0a4caba62dffced273de5c7254732e94673c1dc2d9e260d56e3a641e03ebab55d61c8ab7541fbf75957855b811def115677
-AUX openssh-6.6_p1-openssl-ignore-status.patch 741 SHA256 604b0a5365c1b01c9ab26bf1a60acfe43246e1e44e2f0e78d7ec1e47856599e4 SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d WHIRLPOOL d30c079eee59281aa87935ad948c59a4c01f858b88d701575d58737cfe555a5229a5f921bfebe34a69dcd15d2dc5efc062050d183ad5a90180aed4e5b3cdadf4
-AUX openssh-6.6_p1-x509-glue.patch 556 SHA256 b37b83b058ff9fb25742d202e0169afc204f135012624bb2811dcacfa9fb346b SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea WHIRLPOOL 4f01d975e598ce0fe2160e52dbd8251fd5cdf95880d1ef09b730457620f48038156d4bf21c0810978bfc65c9feb90cdfed97aa20018bc175759096dcd3a044d0
-AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 SHA256 748f7caa953028da111d6f18ba91652a4821bc9bca60f5d4a90a6501c0098853 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51 WHIRLPOOL c1d674b8e1cdc48dd0d8b2e7c8bf8e68cec757578f1217555e37eda8723e83e93b2ce183462499ad2165723eca2350544f810a1d6ec95ce4537a527f7918f117
-AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b
-AUX openssh-6.8_p1-sctp-x509-glue.patch 2937 SHA256 fe79e3e828f8599e7bad787c6e35bce5f6781a0875c56b250f0d7fde83e2f841 SHA512 776a4eab916ff64d255fb19dca26f0cb1cebb0a5d0c2dbcb40ecbf97b122fb20123532897fb962b27fae375c059ef0dc00c771bf47b67bd092a5ebb3f2252216 WHIRLPOOL c8126624b4be260f8fe40a4a9d7142b6f77ee15504e2d280c6429360ebbf53103974746d5746fe4b27edec6246f01afa1d921d1b5a2d46ae808e4bb41afbb181
-AUX openssh-6.8_p1-ssl-engine-configure.patch 936 SHA256 cb3f34ef031aa5360b082468b4afb8b7fd2c778c990c2f20fda250167725ff88 SHA512 4b7840f719ad58c1f196327a52534f0a21264ce47e8df4a335e9f58d9d5eae33dbb9a75a2a714c3bdae6bee04728e66020ed57eb521fc1164521c4c5aa4a9a93 WHIRLPOOL 662d6eedb091021d5da4cdbd6d623e3678e54fb75cb52d8afdc4ef9c31f98d95f8445c2fde834d622b0aabf8b9593244847da574201ed176c350747526a28fe5
-AUX openssh-6.9_p1-libseccomp.patch 7876 SHA256 5b2456aa88c2f077605b13e70aadc435a9b4383836538a866343a3e707f4654f SHA512 9158a7754e6e70523168fb2d30979ca007cb5d9c4247e4da8aaf6ecca84d0b677e2794d68d9927e5b31ab778d5c1a0a5be4a92f61cee2ab79bc4c55eddf09c25 WHIRLPOOL b3eeea3652b238db26d89695c3709425da20ffe199d2b9f31a52b13c1afb89314334ccb8e4d311692f5d16f8185b7600d39bb1dca8aa9d30476fde47e8ee7183
-AUX openssh-6.9_p1-x509-warnings.patch 904 SHA256 6a52292b024704c7793188a0fc066336ec5cc7c8297071b2993618a332292c00 SHA512 11ea56ce2a7b87d046d1458e30947dd7f09c8959197e7fbadb57aec46fbd6a0694a2bd05b69978b1f719da2560f19e14d9ea10f6eca6f5b211f335505edd8c2b WHIRLPOOL 22dc4e2144534e180075e90ffe240a07bbd915b27a150e07f0d75889ad7a9103f8d1e5d477320df2b0f40e18d8c33fd99ad3cde7695557b69014318f219dc8dd
-AUX openssh-7.0_p1-sctp-x509-glue.patch 2655 SHA256 f01218be5cc344797d6a1db034e6916b0383ea7188d0341ec1e4a3281c5917a6 SHA512 b53aaca05e671be9d8456e7d1aea3ed32afd333922f39c58aa3f9c2539a2d40bdf02ec23c438602e9a590702bcdf96901fb09dfaad93f4ab3fc735d7d189752d WHIRLPOOL 1d6a1947accb77fbd5b578d9e57a51f6ffc9d0d30c806beabea9b2a672ce1af17a283422fb58c835edd8370a5dbe4500ef515ec59af8a3948af5fc15a58a6da0
-AUX openssh-7.1_p1-hpn-x509-glue.patch 535 SHA256 28fabcb503632c57f4f4dfdbdd3e5f2eea97a1f1f216e19125d382820db484b5 SHA512 7f81586e8f755a2451bee962da6a76285fa1609cf761e1ed335e14b07dc28dd0dd9741654a26039d1029e34a45950cdf869132a137461118d9fd1ca142675010 WHIRLPOOL 4e55dd712f7e24f03d7a72017e7238c7bbda53aa54e4068a37a7dadc0f73f4777f9a8c58fefe4d671755ab24c747108dc57af6a08918f70e3425abe7faadc96a
-AUX openssh-7.1_p2-x509-hpn14v10-glue.patch 1451 SHA256 13eb0540a6cd951f2a1c59ea979201fd15ea22ed1c73d153b329f0c8eb9e306e SHA512 e649981c553275baafb34b4d7d05c733cf9a3a829b68dbee206bfde969fb827c54244e67650626915d3403f9d6df9d633eec9a4eebe67face492fa2b16dcb392 WHIRLPOOL 701f4ded357ac8497e60c39d78ef64cb7052f90a0c66748e3fb85713605acd00843f607993b6dc9ccec3af12623cfc9365eeddc274b5eadaaaca9db56a2cfa90
-AUX openssh-7.2_p1-GSSAPI-dns.patch 3555 SHA256 619c9f98b92ad1b4fb5fdb05129f100d2d99baaecda7c4c5199d260aa93dbf3d SHA512 de6728531ccafb3b66c8251ac3f9179478bf876ad2bad7274c1935e9e925a738a8569175b4cd4b3a8d9fd7b2ff4b854921f4b0df5abf743e30e3892f8762c975 WHIRLPOOL 4ab0a75577a50c244595b0130011819492e3772a551719cb92d7de5d8e9e20b76bc5334157ae34c79deb4f3cba5abf38f954f94434327b2dd458d71288b9acd5
-AUX openssh-7.2_p1-sctp-x509-glue.patch 2604 SHA256 7fc07af817ace057fbd4b7f0c5c4784a0156d834e73ea066f3f61aaaccc02469 SHA512 7de8a1a9720d091c45a4a4c1475e973901904475916de3dbade21580e747a23a475ec1b5789fec981dfeb8a706ecbd3df4ede27796e43f65852ca1de0abe93e4 WHIRLPOOL 39fce545d5d5e87738d1f0ae92585a252167f56d44d041440131c86f74b03a1fe4defea05dd368f88de9c8d8811073de2d6d50524a42bb8569c8f53f4ca7ea2b
-AUX openssh-7.2_p1-x509-warnings.patch 712 SHA256 506b0770e33540f6f6f79a506f403caeeee3cfe8e66830ed8226c9e649dbd95c SHA512 831b3765e1770ef1759ed70f17dbe6e36b67c77c70eaf045e9ce3815355a0fab925be9379ff78b1398f46fe9889bd9acaaa0aadf45c7d71c39096d1d697c0732 WHIRLPOOL d81e52b755d2b45393f3ef948b86990b0cd1bf64b3c9cdbd40c094fc7021579d38f4fa2a47d8224f7a70b8fa60b7718288d9527e401750e840bd7d67936fc294
-AUX openssh-7.3-mips-seccomp-n32.patch 634 SHA256 a3d63f394e9ea692a5a515983f1ce85d2ba79ea6e6b0fd5659e05a18b753316a SHA512 eba3e843d3714501a1df3161d02134c54c8ce584db3af698b87d303fc17c16635bd06db4d7c2d9bb47f461c3b211d870b480fd927f4563207e11c9ed2c446770 WHIRLPOOL d1f87fbfd24694617ef1a03a55ba8f32ac6ac8c62541208f754df41bb30065a9f1bba640a645d9ef184aae2f7b35759b84d2564f38f9ab130cc2d282be203f75
-AUX openssh-7.3_p1-GSSAPI-dns.patch 11137 SHA256 081c1cee62b43aae1d84ee67e3b510f0775081c9901c971a6f60a35bb92046f1 SHA512 70db76a409d5a11513f57c67671131b95c83164af2ecafa423986def42a1a2a31c4653d06f510b8c440a974e03f0acad8cbe20d5a17cfb2ed4598a9b8ae60b91 WHIRLPOOL bd3f32d7b795d9d5948d1a2d38a3e9fc6380369378988da095e096a54bf8c41209bfa7955c04b68b3966a30ca10fd522778d76a0621d0858639f3e09f075b708
-AUX openssh-7.3_p1-NEWKEYS_null_deref.patch 857 SHA256 0d612c16c7b1b3b45fbe1c1507c4e80cfe001ab4fd7fbcfc80fb9cecc893d94a SHA512 2230ddd7473feaa22544eae5c1074981e5ade322a22016f245ec3a6b3bf260104909021497a728fbfaf5dbd6e81269b9b815a3a3de2bf8104f7b3d1bdacbcc06 WHIRLPOOL b927971ec7c07a8d350690280d9766f71ebeb03fc6ffefa2457801abf160ee331ec3bafca02acc3697899d9e2a56ce7b01e68b745cb6f5b491d8b30aea0b9366
-AUX openssh-7.3_p1-Unregister-the-KEXINIT-handler-after-receive.patch 953 SHA256 76059e75ba5f5d00c6ac74aa12017e98d1b401efb9f1c6073fa8013e5fc4204a SHA512 c705b08fa269d21da261cc9fce2ebcc409e252064d789b63ba14685495e46cb472a81fa563a74c80e4bf76e4982fba98ff5329a037f1fa4f28c75b4db18e7691 WHIRLPOOL 826f2e520742f65e0e7a2f183917483f4dd96c2fc52360d3307c41cc307eddb434e8205c7665a65eadde2e20a7a4b71020d2925ea59518234da2cbda6afb2b3b
-AUX openssh-7.3_p1-fix-ssh1-with-no-ssh1-host-key.patch 1088 SHA256 5841cc4a42238202d6fa3ee5fbccacbfad7156eb9d9b361d251f693443a0b672 SHA512 967da12f9d15e8347d9832a7fc90e378e42a49c6fb63c8ff3a28e66601c9dab64d5d43c8da34aa3fb08466088eb725abebb4efcef95b1aa0ada86cab27584106 WHIRLPOOL 50bb4bd2ff23d9aff94fa12755aebd91d0088691fb9899169e3018d91679f014f012d3b2d9c5b87a8c3edcaa2b8a19f9ec49c6803d95731f8020442840d26bbf
-AUX openssh-7.3_p1-hpn-12-x509-9.2-glue.patch 1608 SHA256 9a85d7cd56be8276e6407fe70ea22554323143d57209e0881f6ec0cc16705765 SHA512 bbbeca5d683427347e9db8cdaa5c96bfdbae901245e508dec8927110e199798127b7c4df8ef2455c1fec53263d600c7957d5b55e1b78263776a45808b4c0b86a WHIRLPOOL 928a2603737c36a23d76145b0e11108645d13263ad955ad30de5a8ee7a008774cdb63ad144d141f7ed6f16f885ee427a7827ba7397a1cec465db3a32fd0ac215
-AUX openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch 7005 SHA256 44ae73966a98e0d7cf36f35b64472b62128040c86720a915b6e72ca269b72f13 SHA512 35cb90a5ebf85b31db902155a8d48a65d2734943cf46e2ac1fcbcb8a19e31d9bf6057ec3c0001a4cb14eac572e5d400087c3218c81df40146731472e406499d8 WHIRLPOOL ba47e8f157ecf448becef9f1c9dfb5bea9f6bd39b461c13cb265a7dc9fde31634a583db3849429ed27129e8c5e797eebe7141c310674126a9a0e2f232c92d8e1
-AUX openssh-7.3_p1-hpn-x509-9.2-glue.patch 1611 SHA256 7d04d19e62e688c9c12c25fd479933dd2c707f838ac810263dd1dc79a5ff55f1 SHA512 3604f0f1ea6c74b8418ac158df47910dfb2d54c7ce77f78f1a6c072acd20dc5751e24156acd9dda02aecaac250f43c8d968382f2f4b15b4706e4c4bde8ebde9a WHIRLPOOL b327a94c5b37da296caaa925bf13adf81ab3a53dffe691b33010b89b07366445613e553b4f486bacab658e2dcec143971001b4158f493e9b7e5bd427f0e072fb
-AUX openssh-7.3_p1-libseccomp.patch 7374 SHA256 93205015ef8b28feb7379e94e5d46912224d4e341513f5a5b39de4a6d00699be SHA512 f86299cf3b24e88618dc0202a5d246a682a7f9e7647fa47b4f765641c2797ecf4a14a4ef6c9ea4a87bd98533db271af46d2d88e87dca553c0dbfe8729d0c2923 WHIRLPOOL 44c2d0098cd83e0c058b9c8fcaea33b793fca92cae7ce0af84760a4aef391b08d7f28a969fe544a9b6dbea47a91e88c44ab683110170d0b31a318cf5d1764e4c
-AUX openssh-7.3_p1-sctp-x509-glue.patch 2447 SHA256 a6758b9bff99022b1aa1bc729fcdcc8e4e91d0a617c903d72964cc1fca1ea061 SHA512 f48c2bba7707542741e52f5d794aaafe4468d088e28bc02878c0eb9aa76d31b57dca69b85705f7a9a2d745272df3fdc39a1d13ba337cab34dd0e9d545cee7d41 WHIRLPOOL 77e2574065a78a0f7014213f5e5d64651d41f24c7652542589f1106a6a114cf27d9922ef2cddee9e62c0f0f118691d91ebe9dc4a0ae04654843f18bdd20e2cef
-AUX openssh-7.3_p1-x509-9.2-warnings.patch 3060 SHA256 e7963f4946db01390831ee07a49c3a2291518b06144e95cfc47326c7209fa2e3 SHA512 f029d6f922e1632b32ac6e7b627378854f78c9d9b828dde37273b1b1a09167273fc6934bcb0653209b9e5ffd06c95d564d1bf5f1ea745993e19b062a4532f1c0 WHIRLPOOL cd4eb68bf861a50e9452c453c903946b8d067fd00171d39c6bad797d20c07631cda2379d9e41246bc93b22252a8d1bd55186e13ba492c7b8cf94048910f3a8a9
-AUX openssh-7.5_p1-CVE-2017-15906.patch 1180 SHA256 5780648a3d24bb9b6e333d0d5e6278ace43a53d05cfd8b5b0c56e05ad17ba1a6 SHA512 dfba25e9962e4398688d5e6f9311de44931ea5292d7d50c69d8056838ceb41ce099c44f849c204f7b421515c3aa40bde6e9b98b80b9e99aa113c222841daecd4 WHIRLPOOL 85b2e553803c4fb82de6849dfbf3e153d11411723d6cb707199f18ee3fb9ab37eef35b612f10df7b672e0213d3a3bc149dbb1cc96bcfa4ac6de320c9f415018c
-AUX openssh-7.5_p1-GSSAPI-dns.patch 11137 SHA256 e0b256646651edd7a4bf60ebe4cf2021d85a5f8f3d30393bd499655c0b0c64c1 SHA512 f84e1d3fdda7a534d9351884caaefc136be7599e735200f0393db0acad03a57abe6585f9402018b50e3454e6842c3281d630120d479ff819f591c4693252dd0e WHIRLPOOL 000276fe1e0cc9ac33da8974cc6e24803a69b3d63c20096a92d6d10206c6e27110bdcaa26c0dbd2e0d0feb501681a738d5adb9d57ae21c7c55f67396f8b26c0e
-AUX openssh-7.5_p1-cross-cache.patch 1220 SHA256 693c6e28d4c1da71c67b64ef25d286f0d5128f9aebb3450283fa9ce6887186a7 SHA512 03cf3b5556fcf43c7053d1550c8aa35189759a0a2274a67427b28176ba7938b8d0019992de25fb614dc556c5f45a67649bb5d2d82889ac2c37edd986fc632550 WHIRLPOOL f7a04e19816cadce138a0beec4f1ad5f975773a1802fd1db245846ce8d5d6ec5ddfdcfa099e391172457a29eedb30c416dfa7bf4a56e99cfe507be00d2e1e718
-AUX openssh-7.5_p1-hpn-x509-10.1-glue.patch 2741 SHA256 77901da67a2bfdffbe426074bbb0416c82e99a8693103cd0e7738ed8e46c6aed SHA512 940dd448f6768bb3e94987eb86b6002d17d918310ad5c1f38f1b3fd9df263439e0fecb9c8f09c05649bfd03cb507c31ef9320522e946850e954ffdd44fdd4b73 WHIRLPOOL fcd828f9f8b1dee78308b663bbacf17ca4741c94df5e469cdd529dddc3ba266713413e035bb81c8a49d6df4ab67a865634e466b0b4e1fbad766833dbf2776e80
-AUX openssh-7.5_p1-hpn-x509-10.2-glue.patch 2847 SHA256 bddb645e4ffe6f710c10fae9bbebad33fab3bf3533d401ec54d7b8a26113f6a5 SHA512 bc23fdf5995ae38ff166f12f64082f79a2135ca28f2240e89bee42b1e3ba39ce94467ece9ddea99173f1829b09b069dbf56a0bce7dfd1ae5f63c12f73b5ffba7 WHIRLPOOL e80f6ece056cb77768e24585549a601076e57d8c143afb0c6fecd31176bccbdcc552fb98a28c6b2f68180c26c4855f2e99dd48b38d6753071b6b868d071b5e96
-AUX openssh-7.5_p1-s390-seccomp.patch 624 SHA256 cc55b36d14fccccddbb09e045e83198a14f8a54aafbb3918826ad1aa62a63dac SHA512 058dc269eb032151e88e0ac79a0b0fd6fcd56d489e90e299ee431b1475a8f8080e8f4649244864af33e743820b081c9f90b32a1a93b8b60feeb491c0201a4d61 WHIRLPOOL 78233e1c9711c71688db6f4b9ba08b9f454b9362585eb17d21f9b2254e2ab73661a0c31c08340b1c3cc919128dda943c69ffa5392b3f76f6026af618dfe6a60c
-AUX openssh-7.5_p1-x32-typo.patch 772 SHA256 17f2baad36e5b6d270d7377db4ebdf157f2eb3bc99d596c32a47d584a1040307 SHA512 20d19301873d4b8e908527f462f40c2f4a513d0bb89d4c7b885f9fc7eb5d483eea544eb108d87ff6aaa3d988d360c2029910c18f7125c96e8367485553f59a5e WHIRLPOOL 5141fd3a19575593f84890aaa84123373ffb81aa3e860cda2468c7578754acf0a5d8ce0ea9c5ab25a83574ad5b272b9240cdcb29724c3b7cbdc059518da8c609
-AUX openssh-7.5p1-x509-libressl.patch 7027 SHA256 8e9a7f0c891ae2324d756dc4fb93943eb39f3799d2dedccdcfdff0ad1c0067d6 SHA512 0b5fcb58ee55de7ce61bf2bcad23e4a5cdc941d81121bbf8f0dadf5e1e158c055f45a2ef1aebe8fcb1856a33e079282f4c9f21d9da6892808d7e3c172dca3365 WHIRLPOOL f5d43a4de22c70f75607f2d22251072f88d4715d207e74052f2009e6073706da2978ecb183e6c4c10cebd328ac924f33cc8cd149c7072cda3c2f084ec8ef9948
-AUX sshd.confd 389 SHA256 761146acca3bc9914f118416d5c40903169fec0e2cc0695543e88c850a50dc17 SHA512 b17f915b17401a8f8f53e098d29baf729df6635ef10945f125bbd1d0fff2a334be4d778c430aaa84e7c188da74e39b47a85703b2c91b1a51410b0f1f57ebc4fd WHIRLPOOL 0e3b88adbc09ca015463412ef71f17b762b6e16eed77b5e55d32fc296a7305533ce27d50ceb84f3531a3566f3c4251ee14cdcc63978a4df02c554db685ac9008
-AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
-AUX sshd.rc6.4 2131 SHA256 60ec4328366a020db0d61538b9b173771e7e4761160b4c47a9e32f7925e8e551 SHA512 21e14851fd76d2ad281dc3a7ee36f4dca6895ca92e13ea189f97213dc9160c37e0b9af64b9238da7b03b0cddf299e7d7fe0d5e4db71dbae7cc0d14f460985bec WHIRLPOOL 6ccbe4f5d235a066a98373849c2d4dc8ce02811c64abc6c0c93a82f38f12fe9e4c420454b986a7e70a3fb570ef4c636de6b0d9313f8687f830898fb1e80c10b4
-AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
-AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
-AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
-DIST openssh-6.6p1+x509-7.9.diff.gz 224691 SHA256 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34 SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49 WHIRLPOOL 61158e0dac934d375758904382882e7cd276d076a95ba2be32d03f4a7c7969943bd8d63c269ff16ab78928d7c97465f6e417730be14b5efacf64a029e2f950d7
-DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 SHA256 16dcc68c399990ec0c801d421d022ceeae0e3aec1e6ffd3fecc5e2f4768cc91b SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d WHIRLPOOL 163ce9e319cef4dcaf6f38f42afc3b75c6e89c38b43c04189c64c72b4b58bc3f9d7042c7b67243879c87cbe410a607296917e94ff042df2c0a29f2ef82792774
-DIST openssh-6.6p1.tar.gz 1282502 SHA256 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b WHIRLPOOL 8630c81481a813a92da9c302d22135fe519fcc4826a892080e5a15368d13a6b47947ef47d53aad0a34e6ea49ce4caccc8f06e8afc2c90db0402fbcc2184efe89
-DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
-DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256 0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512 596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c WHIRLPOOL 771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2
-DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256 84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512 476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada WHIRLPOOL 74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7
-DIST openssh-6.9p1.tar.gz 1487617 SHA256 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512 68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d WHIRLPOOL 1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f
-DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc WHIRLPOOL 4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981
-DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256 a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512 6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec WHIRLPOOL 8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c
-DIST openssh-7.1p1.tar.gz 1493170 SHA256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 WHIRLPOOL a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05
-DIST openssh-7.1p2+x509-8.6.diff.xz 283964 SHA256 0848ceb42fa15f6197d5d81f9da6dea9cc3a7fda2fdb424447fa0f995a5197d1 SHA512 276f5738498ce9a559a5066cfeb670c48f275c2cbf7b007f213405b71349f1f77cc2c7bee6af5ee548b9443f0e44ede0e3d232a31b52ac834cf81cac855bfa87 WHIRLPOOL 024b9f0d9dda3ec2ae7da156f801c3735e5ff7198010fbc021ccde8adada28e45f076264c9f09fc34586adc52d8ad93689b4bdbecaaad7761bb9e26a8c4af231
-DIST openssh-7.1p2-hpnssh14v10.tar.xz 22388 SHA256 729e20a2627ca403da6cfff8ef251c03421022123a21c68003181b4e5409bcc5 SHA512 b8e88ac5891ed632416db8da6377512614f19f5f7a7c093b55ecfe3e3f50979c61c0674e9381c316632d8daed90f8cce958c9b77bd00084a4ee1b0297cf321ba WHIRLPOOL c466cc33dc4a40e9466148beb154c539e095ac1b9cdcc5b3d235cbcf12ca10255d63da2f0e1da10d1afa1a0d2ebd436ca0d9e542c732df6ef67fb8f4d2d0192c
-DIST openssh-7.1p2.tar.gz 1475829 SHA256 dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd SHA512 d5be60f3645ec238b21e1f2dfd801b2136146674bbc086ebdb14be516c613819bc87c84b5089f3a45fe6e137a7458404f79f42572c69d91571e45ebed9d5e3af WHIRLPOOL 9f48952b82db3983c20e84bcff5b6761f5b284174072c828698dced3a53ca8bbc2e1f89d2e82b62a68f4606b52c980fcf097250f86c1a67ad343d20e3ec9d1f4
-DIST openssh-7.2_p1-sctp.patch.xz 8088 SHA256 b9cc21336e23d44548e87964da9ff85ac83ce84693162abb172afb46be4a666e SHA512 b287684337a101a26ab8df6894b679b063cdaa7dfc7b78fcc0ce8350c27526f150a6463c515019beb0af2ff005cc109d2913998f95f828e553b835a4df8b64df WHIRLPOOL 16646a896f746946af84961974be08418b951c80249dce2fd4ae533a4d66e79d4372fd979aeda9c51aff51b86edf4178af18379e948195696a6fa114e2757306
-DIST openssh-7.2p2+x509-8.9.diff.gz 449308 SHA256 bd77fcd285d10a86fb2934e90776fe39e4cd2da043384ec2ca45296a60669589 SHA512 c7ed07aae72fd4f967ab5717831c51ad639ca59633c3768f6930bab0947f5429391e3911a7570288a1c688c8c21747f3cb722538ae96de6b50a021010e1506fa WHIRLPOOL 7c1328e471b0e5e9576117ec563b66fea142886b0666b6d51ac9b8ec09286ba7a965b62796c32206e855e484180797a2c31d500c27289f3bc8c7db2d3af95e6f
-DIST openssh-7.2p2.tar.gz 1499808 SHA256 a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c SHA512 44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b WHIRLPOOL 95e16af6d1d82f4a660b56854b8e9da947b89e47775c06fe277a612cd1a7cabe7454087eb45034aedfb9b08096ce4aa427b9a37f43f70ccf1073664bdec13386
-DIST openssh-7.3_p1-hpn-14.10-r1.patch.xz 20584 SHA256 0bbbfeb1f9f975ad591ed4ec74927172c5299ec1a76210197c14575204efa85d SHA512 f0a1c84af85f7cfc7cb58b5117b3d0f57fc25ae0dd608e38b48ef42da43780fd5cf243d26ff9b3fbd6f4cb1567852b87bcb75f98791cf3ad1892e8579a7834d3 WHIRLPOOL b1a8bae14c8189745056c15c9ed45207aa06af1f4c598a1af7dc3cc56e47bd0211a63989a920727e20311a148bbcf3202c202eae94cd1512c7d87816a9f44bcb
-DIST openssh-7.3_p1-sctp.patch.xz 9968 SHA256 18c3db45ed1e5495db29626938d8432aee509e88057494f052cfc09d40824c7f SHA512 f249b76898af0c6f1f65f2a1cfb422648aa712818d0dc051b85a171f26bdddf7980fff5de7761161aa41c309e528b3801b4234f5cdd9f79f8eef173ae83f1e3c WHIRLPOOL 1d92b969154b77d8ce9e3a6d0302aa17ec95e2d5ea4de72c0fb5680a8ee12f518ee5b1c47f22ad5d1a923a74c43829ed36cf478fe75fe400de967ab48d93dc99
-DIST openssh-7.3p1+x509-9.2.diff.gz 588078 SHA256 45f054cbb2b77ac8cc7ab01439e34083382137d47b840ca274555b7e2cf7098b SHA512 fab0da148b0833a651e8a7c36f344aacecef6fa92f8f1cb6302272d98c1ab018831f5850dcaa8f54a39f9ada9b7d5b0a0ea01defc3c6f603bbe211f6bff6a841 WHIRLPOOL 53f63d879f563909c57d23ced273e23eda1eace2a2ddfd54edf5f2ef15218cc7e5d927e54714b6850db541f361c459de50d79b0a4516b43ce4cba8eb66b49485
-DIST openssh-7.3p1-hpnssh14v12.tar.xz 23448 SHA256 45b8e10f731f160ea44126bf64314d850048d98059dc22f89b3f14f46f0dcc67 SHA512 f1ee37dfd1b717963ae519b725d481de2486c9c94fd80ccd12da2ac00d13be7b6e0284a1e9239a4704014810c086eaaa81cd02344372c65d0122a3eb1c2be83c WHIRLPOOL 1fdb4e99f9d6450af73a1202c2f80d4be454fbeab723a1cf833a37fc040dc8ede592129d4e4087cf247095dbf5fa782286ab0338fe8a55675efb4ea9bfaf651c
-DIST openssh-7.3p1.tar.gz 1522617 SHA256 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc SHA512 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801 WHIRLPOOL f852026638d173d455f74e3fce16673fc4b10f32d954d5bb8c7c65df8d1ca7efd0938177dd9fb6e1f7354383f21c7bca8a2f01e89793e32f8ca68c30456a611c
-DIST openssh-7.4_p1-sctp.patch.xz 8220 SHA256 18fa77f79ccae8b9a76bc877e9602113d91953bd487b6cc8284bfd1217438a23 SHA512 0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4 WHIRLPOOL 0f0ea1d36523b35d3be33d22fb84daa05fd14c464d69c19695235f81d26326bc53d6804bf34d0cc0c2584f412bfdac361d2b018032447d1033a4ff4fd9458a09
-DIST openssh-7.5p1+x509-10.1.diff.gz 460721 SHA256 e7abe401e7f651779c680491cfefbfcf4f26743202641b2bda934f80bb4464d2 SHA512 d3b5a8f5e3a88eda7989b002236811867b7e2c39bf7cd29a6dbbce277fca3fbedbfdbeaf1fba7d8c19f3dea32a17790e90604765f18576bcc5627a9c1d39109c WHIRLPOOL 2d4f96b47bcde9eabd19cad2fdc4da01a3d207f6ad5f4f1ea5a7dbd708d61783ae6a53e4cb622feed838106f57dbe6a7ecd1b41426325870378caf44803ff9ef
-DIST openssh-7.5p1+x509-10.2.diff.gz 467040 SHA256 24d5c1949d245b432abf2db6c28554a09bcffdcb4f4247826c0a33bdbee8b92c SHA512 ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a WHIRLPOOL 3291a3e39b1a47efe149cdf805de11217fd55c4260477f2a6c6cc0bfa376b98a5dc7f56a49ae184fb57bae6226c73d1794db7b2285e3ea26a8fea4bc9304655b
-DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 SHA256 8a1ed99c121a4ad21d7a26cd32627a8dd51595fd3ee9f95dc70e6b50fe779ce2 SHA512 45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9 WHIRLPOOL 6089ad8ae16c112a6f15d168c092e7f057b9e6d815724346b5a6a1cd0de932f779d5f410d48c904d935fcb3bad3f597fa4de075ab1f49cadc9842ce7bd8fdf42
-DIST openssh-7.5p1.tar.gz 1510857 SHA256 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0 SHA512 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 WHIRLPOOL 1a42c68d8e350bc4790dd4c1a98dd6571bfa353ad6871b1462c53b6412f752719daabd1a13bb4434d294de966a00428ac66334bab45f371420029b5e34a6914c
-DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
-DIST openssh-lpk-7.1p2-0.3.14.patch.xz 17704 SHA256 fbf2e1560cac707f819a539999c758a444ba6bfe140ef80d1af7ef1c9a95f0df SHA512 95851baa699da16720358249d54d2f6a3c57b0ae082375bef228b97697c501c626ab860916c5b17e3c649b44f14f4009ff369962597438dfd60480a0e4882471 WHIRLPOOL 4629b3a7d1f373a678935e889a6cd0d66d70b420e93e40ae0ad19aa7f91be7dcf2169fb797d89df93005a885d54ebaa0d46c2e5418bd2d0a77ad64e65897b518
-DIST openssh-lpk-7.2p2-0.3.14.patch.xz 17692 SHA256 2cd4108d60112bd97402f9c27aac2c24d334a37afe0933ad9c6377a257a68aee SHA512 e6a25f8f0106fadcb799300452d6f22034d3fc69bd1c95a3365884873861f41b1e9d49f2c5223dde6fcd00562c652ba466bc8c48833ce5ab353af3a041f75b15 WHIRLPOOL 237343b320772a1588b64c4135758af840199214129d7e8cfa9798f976c32902ca5493ee0c33b16003854fea243556997bc688640a9872b82c06f72c86f2586d
-DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 SHA256 cf1f60235cb8b0e561cd36cbf9e4f437e16fd748c2616d3f511c128c02deb76c SHA512 e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd WHIRLPOOL bbdeadbed8f901148713bd9e4a082a4be2992c3151f995febd8be89bbb85d91185e1f0413b5a94a9340f2f404d18c9cee2aa6e032adaee0306aa1c624f6cc09c
-DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 SHA256 11060be996b291b8d78de698c68a92428430e4ff440553f5045c6de5c0e1dab3 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b WHIRLPOOL 58526777475786bb5efa193f3a3ec0500c4d48b18fef67698f8b1999cb07f04fbca7b7d3ece469f3a1e1ceca5152cdd08d3dbe7cfa4e7494740dc2c233101b93
-EBUILD openssh-6.6_p1-r1.ebuild 9904 SHA256 7cf5ad6aa05c239df6d18dafb3a2f8467190c7f592f458d0afd6c884f5eff24d SHA512 7f9028a2ee883c571c0b1b8aad7e869888bf0adcc690ff922204bdb1dee25c19b78b2ae61e0ca07ab3b8e91093fa9a6c03338293ee04647768574c39d0dde621 WHIRLPOOL 77d18b1602963b7044b7f504bb498b6c38c7d8bb6dbb65d04d025f079ffc9c61a41706d01d2902e1c4151aa70cc3d47091fbb4f7204ef42ff73192c3508c5790
-EBUILD openssh-6.9_p1-r2.ebuild 10513 SHA256 4e9ca0a1ea7dbed3185450ee4ab15318b03a6b12e7bce1c152e5413c37a780c1 SHA512 3f611a10e7853dcc3a3a0e2d922f6be8f693a6823f457fecf031e7f5c16e74ce3e3a5ce8ae1cd3d02acb338376830123505dc1b9bc5d12ed4bee4faa456983fd WHIRLPOOL ed9335e67ecd188b082c86ea5c6438a4d2038ace2f423d46ab7b82161deab4f1c05b45d8c960e01ec3b42b8fbf1ce3ce3487f83a96f0a9297a1779bf23cd9fc4
-EBUILD openssh-7.1_p1-r2.ebuild 11377 SHA256 a87cfdb70f33bcc82167fdda5204378f949c935b01473d2889011e5422c3ce28 SHA512 ff43a853ea10b096240e6c70dd6a95e865ca0f7e7131f14b19accbb794b56c7b807df80ffbdf4e2f36e259c34994322f9393390473f5b1ee96782eb2d01059df WHIRLPOOL 132bb75d8d845936b4dbbd0c34ec3317ab4fec72dd0c0ed896a01bae93505ea8b069dfe9b557774ca105c1958df27b9bd4f6fcf616937790d9596f05490ec2bb
-EBUILD openssh-7.1_p2.ebuild 11234 SHA256 7b6988caa6bd87d1db71f4d05926e45b2adfeeaf7b5c50212139519374cd995c SHA512 3465c27f3b22b42a81b000c40ed1d392587a127aead4699947dd451119c3ccfb0b34ea166917227c1a7dc700e9f380059b06de6c3d28756b179a587a2e32840a WHIRLPOOL 89a0a5df12b99d1ac3cd5d26f66d95a2bb2b49c6ee7a228181f7ab4145f6af61ea7f6f7fa5dcf527773b78be1a9e9021131e2fcbe88ccd7b862dd9ace19505aa
-EBUILD openssh-7.2_p2-r1.ebuild 11491 SHA256 49043465fcdadd915ff3c508266d77fae9e71e23d44a2fa23b9e8780e5e21cda SHA512 c3692f44162618b7ca6d268e8f8c5ed6a3976a1897f149690dea41a491d75c10316d7f686d893795798b9eb3f5e55ac1d795067aba19e99482eaa803ff64a29a WHIRLPOOL 2de3d82fc8703f2651ff5e8ec47fe125c89df36e32ea1a4905edfdf6c0371c849a757b1dd34ef4ae7eb0cca637ac6382f652cbec6d77ae853041c5a4fed76a07
-EBUILD openssh-7.2_p2.ebuild 11375 SHA256 e12b05c4f68064e1aa7a156052ba793205d90f4760bb5769e6cf251ff2fedb7d SHA512 1b41950cb0e3323e0a3a6386249289b201c89fb3898a413f71737de393d4781cd9ae956304cc807f1c7ca5a4eb00d99c91a5d0d984bcb87cf218a0d93a035569 WHIRLPOOL d881cad5492c042539b78e9640ef4ca6de6ca20ab8877fec25ad81058a36929d60c3b8ee2828121a036855542983fee5c3b49153ea8dfcae9f1e0b5bef3d65f5
-EBUILD openssh-7.3_p1-r6.ebuild 12351 SHA256 3936337de83df759ffe6f272f93dd5f7b040d473a1de77c95c39093ad4e7b683 SHA512 5e73f4480ec3fe71cda2dd22a9e84e85000d45fc4da09948d07a731ffb1c849b4bb8f2cf415e5aede12c6f6d8b8dac10c17f6b05f8b333a0d566a8fc517dab6b WHIRLPOOL 8ab8cb061408dbfb8703a96c673f7364583ab97ae592dc5a522d2e7fa37b9922c9f2ee99a4a9231dd6b2c1f5e28492f820e3676500e4477e9ac457ba76914db0
-EBUILD openssh-7.3_p1-r7.ebuild 12318 SHA256 341436884a5f5f882fa9fea41f0709266edd7c1a0f3668facc09030f76aea85d SHA512 150242d9245f183e2d5e957c37248f50afbccb1c1df45ecb6b03ea2603b47d9c5e25e80e42f0106945a196a6d1e02f76cd07ed19e02c78a15377d3567faa6cc0 WHIRLPOOL 2c86de2c41d6e20e891cf9a1f95ab7585dc45d1180982d002c80d5f082052feb7490f50ffdfb29c8cc91afb98efe2aebb78a971629bf227565ce3775f5624dbe
-EBUILD openssh-7.3_p1-r8.ebuild 12049 SHA256 bfb052aac5ea11c0d0d0f17a44415d1c6cae3711f72821d67843d726760f93f1 SHA512 0524386c7c4e607680b56b7416e2f27ce151ef55e3597896896e2df698776f4a0568201b273cfc858dd96906891243571d6ef19ff0a6e947514b1773ad281390 WHIRLPOOL 865ebf7490472a219cd2f26610104d925be32cd1e4b1e76d81c6ae6d8147a80a7849b8d13b8aa5f8d3a26385b211167f53122efbdfa33df5d330dc1173abddf4
-EBUILD openssh-7.5_p1-r1.ebuild 11845 SHA256 e22c8bab744ad76cc78f6b1a9e0cb50704d1dd79764ac359fe02778ff7c5463a SHA512 2a1db0d8c34d8833a8822110656b42f2024c5c3832ea882b42b325bb1061fc6383fef6e64d1eda78f96adb5dbec331d589ab09cbd9e9d151a30a1d908e617e4e WHIRLPOOL 93051fe260da5d8e59c5136022456eab1fd60c4c1dbc5ba669401f5612bbb2681b6655420a7681ad408bef4c751a52e8774e9f5cf714fb27f539ac1bca8cd257
-EBUILD openssh-7.5_p1-r3.ebuild 11934 SHA256 10f3f65dbe5d5c5f6b51f24fa85ad1f98afa4d3f41b2d16224ef8ddedd9dcb83 SHA512 559bd7ca53849fefa9a54b306eef38a8952a1aad0c1f11883bd4a88c1cb29786d5f6f04a173a40995096aa7b93680b1c1917dee3eb7509187bb497a2fe89063e WHIRLPOOL cad8f1ea253c1a5de29391a63f45f3bcc9c6964d6c7153a106f40131065c1a678a76077fa91c9df1848eb5c47d699ca8effa38cd1a16a46a1230cdd888e99900
-EBUILD openssh-7.5_p1-r4.ebuild 11934 SHA256 10f3f65dbe5d5c5f6b51f24fa85ad1f98afa4d3f41b2d16224ef8ddedd9dcb83 SHA512 559bd7ca53849fefa9a54b306eef38a8952a1aad0c1f11883bd4a88c1cb29786d5f6f04a173a40995096aa7b93680b1c1917dee3eb7509187bb497a2fe89063e WHIRLPOOL cad8f1ea253c1a5de29391a63f45f3bcc9c6964d6c7153a106f40131065c1a678a76077fa91c9df1848eb5c47d699ca8effa38cd1a16a46a1230cdd888e99900
+AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 BLAKE2B 62f82339a7f9a9e6aa1dac06a312e6df5615f295e1b33db2f236b35161504974a785914d17559f9577e555819ca0002a8790c6fd6ca94da51cabf5351d4743c9 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11
+AUX openssh-5.9_p1-sshd-gssapi-multihomed.patch 6622 BLAKE2B 33637f108a1538681e0df1d025e95fb015277b74178adcc13d271ea0cfee4bc379b2ba0118ef8c5c5a2937435d01ec51189646d6fbda0997101c90d3679a8203 SHA512 ffa45e97e585c8624792e039e7571b2bb5f38e4554de8bfc1d532f3348fa4a712ea1b6ca054e6a59ed1321a15cf1a9d3bdf3f399cec315346db89bae77abf57d
+AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 BLAKE2B d3cd90336e2f3eb2a93a562267dfb879007b0525db402584d05838bc80dda4be1237638923734b62dbf25a8f407c448f094d21acc1ec8a0198a4d707a0559d31 SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3
+AUX openssh-6.5_p1-hpn-cipher-align.patch 3024 BLAKE2B 073cd93ba4bb3f497901d2926d508742f0b01871415b4e17e0455a0c2fb884c56a7c1a389bae6c113ad4b31b8e8a7ba10ebd355a2c43e8c361aa24d1f546839e SHA512 6efc2fa5f0e9b508e162bf20ab21d2c639888250387fa58ec0d812c7b1db125d8c654a0286a8ffc0d5530e5f0ec0ed723f3a5c0b7bd593b356aee2e811a1f4ec
+AUX openssh-6.6_p1-openssl-ignore-status.patch 741 BLAKE2B 299f6309cdb18f89922da70e2bd40bb4410f630769821dbcf3b8518000f5f78c3db6a302ffb45c1b3bdfc7a96450c0d3d51d8caff785628edaaa4a984970433f SHA512 578afe9ddb836d16d90eb8b0cf10e9282d9c5c5e639962034490cec0aab1bf98cae9b46fe7850446d0cdd93e848d98ca7ed0bdf2bfec6aad418f4c962d4ea08d
+AUX openssh-6.6_p1-x509-glue.patch 556 BLAKE2B 887560a10a9fe57754a6596a60da1342e5e91de1f9517a8313834b50e9c0e7db92de0a6574c840fd3ede2bcd0263875de608f0522fa1cf4e8779ca31fdd8c438 SHA512 e9535477fe4b0232d2a06edb9f73d8c50baa77ddcffd166624ea8352f298ad119622347c62c1d1e555318e9e6c7d981d2e9b03c388281b6347943861e8813aea
+AUX openssh-6.6_p1-x509-hpn14v4-glue-p2.patch 999 BLAKE2B 2c1df72e9c153e5870502f6e2bdbfb109e3fdaacf1516d701ed4ab890b31e935b27824556c3f8542e9bd52100e2a68be0e3694e7f8e98e7696484c926383bac0 SHA512 d1b3790fc164c803e81c803b9e19e0bc351d2b9f353edb1d3531139898b372731b46fab5974a084830b2bab889b06fa33ce23b7d941f7d61da073c1bbfc5ff51
+AUX openssh-6.7_p1-openssl-ignore-status.patch 765 BLAKE2B 6ddc498cef115a38054eb8f1fddac34048b94592e54f8e31dc11717fe872f3d66a7e6877d2449102fbe18a0ee2a35732991abe946b1fe10abfa48bbec6871b26 SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7
+AUX openssh-7.1_p1-hpn-x509-glue.patch 535 BLAKE2B 25512c87690fa68589eb7d3b8ff838e631dbf571428efc485099757f316f816940b3cf23ec55da823995d0fad85e4fa8dfafa4e59fcd09da3d7d4f0687c3fc6d SHA512 7f81586e8f755a2451bee962da6a76285fa1609cf761e1ed335e14b07dc28dd0dd9741654a26039d1029e34a45950cdf869132a137461118d9fd1ca142675010
+AUX openssh-7.3-mips-seccomp-n32.patch 634 BLAKE2B 12e931e6c2364d4cdd3f0d9ef8cf72665b65fedc7e8211a75250abe1bf359460afdf9707fdd7f9be8b8f8fd8fe40fdaddcd842da741c4b63fef94c364738cd26 SHA512 eba3e843d3714501a1df3161d02134c54c8ce584db3af698b87d303fc17c16635bd06db4d7c2d9bb47f461c3b211d870b480fd927f4563207e11c9ed2c446770
+AUX openssh-7.3_p1-GSSAPI-dns.patch 11137 BLAKE2B 63f06b41e922a55208fb263ec4cfe2b2ba7af2590ea123ed4821efe3758b69180f5e45d96adac56d717f57439ccc1a5b6d9b03db608236d57a7b4429514c16c0 SHA512 70db76a409d5a11513f57c67671131b95c83164af2ecafa423986def42a1a2a31c4653d06f510b8c440a974e03f0acad8cbe20d5a17cfb2ed4598a9b8ae60b91
+AUX openssh-7.3_p1-NEWKEYS_null_deref.patch 857 BLAKE2B bbbaadd8ba49181c6dd556ae01951b88de8b45699b876a450a05ad1601f1343eac6a6b847b477b02ce4bdab8eab857be0dfe0227e9da4f118025e487377b3a0f SHA512 2230ddd7473feaa22544eae5c1074981e5ade322a22016f245ec3a6b3bf260104909021497a728fbfaf5dbd6e81269b9b815a3a3de2bf8104f7b3d1bdacbcc06
+AUX openssh-7.3_p1-Unregister-the-KEXINIT-handler-after-receive.patch 953 BLAKE2B 0db98ab1a35dfae9065d80b51556b5171112a4de8b94d746a5379773670c646eb922c7bc41b1684459853b7c3139828c26c5092306bf1facdf9d2c5a95901bd0 SHA512 c705b08fa269d21da261cc9fce2ebcc409e252064d789b63ba14685495e46cb472a81fa563a74c80e4bf76e4982fba98ff5329a037f1fa4f28c75b4db18e7691
+AUX openssh-7.3_p1-fix-ssh1-with-no-ssh1-host-key.patch 1088 BLAKE2B 8c1842be7120a16b5f4e6a28d3fdb19f0714ef83c78ddd034668246617c79db42bfcb0f723dbf6526a6687e83d942b235bc4f873f6d38803a0363b7730fdcbc2 SHA512 967da12f9d15e8347d9832a7fc90e378e42a49c6fb63c8ff3a28e66601c9dab64d5d43c8da34aa3fb08466088eb725abebb4efcef95b1aa0ada86cab27584106
+AUX openssh-7.3_p1-hpn-12-x509-9.2-glue.patch 1608 BLAKE2B ee744a8b7b01ef6170d8ace16694182c89ff70af429f4123fb54478a167ae12c54f08abc77b065719cdd4320437aca44ba390d204e1215442cb3be90c7ea4e15 SHA512 bbbeca5d683427347e9db8cdaa5c96bfdbae901245e508dec8927110e199798127b7c4df8ef2455c1fec53263d600c7957d5b55e1b78263776a45808b4c0b86a
+AUX openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch 7005 BLAKE2B 5a39b45b1b26488be6f69adddf46a410f1cb5ec45d8f0ed7869da8a04b409500a6b59ef5408643f9db8e6a890a1727aa3d5687266a2a69eae9b91fe0e48943ca SHA512 35cb90a5ebf85b31db902155a8d48a65d2734943cf46e2ac1fcbcb8a19e31d9bf6057ec3c0001a4cb14eac572e5d400087c3218c81df40146731472e406499d8
+AUX openssh-7.3_p1-hpn-x509-9.2-glue.patch 1611 BLAKE2B c0daaefd15bba3ea25f1a737dd8d6396a292b0686fcc0bf653bab987bb0d4eef01bf1d164927f8347c7465c9c700f94ca53843a77b2b17cb512e3fb9505fe576 SHA512 3604f0f1ea6c74b8418ac158df47910dfb2d54c7ce77f78f1a6c072acd20dc5751e24156acd9dda02aecaac250f43c8d968382f2f4b15b4706e4c4bde8ebde9a
+AUX openssh-7.3_p1-libseccomp.patch 7374 BLAKE2B e605f9f2148d7cbd1ad2722e47239dfd54fbcc3c90220ee75d630d738f10cd81d703931d6d76922ee4bfbed543277244761ef1c599ee8b164115ccb251beabfc SHA512 f86299cf3b24e88618dc0202a5d246a682a7f9e7647fa47b4f765641c2797ecf4a14a4ef6c9ea4a87bd98533db271af46d2d88e87dca553c0dbfe8729d0c2923
+AUX openssh-7.3_p1-sctp-x509-glue.patch 2447 BLAKE2B 89c0e85e10bb90932ba87338e16d63b269b1fa698e20576b67ad929fabf42f4447136fe879104a33b9f353e5ed781c61f3cd2861db3137aff7367cd793417906 SHA512 f48c2bba7707542741e52f5d794aaafe4468d088e28bc02878c0eb9aa76d31b57dca69b85705f7a9a2d745272df3fdc39a1d13ba337cab34dd0e9d545cee7d41
+AUX openssh-7.3_p1-x509-9.2-warnings.patch 3060 BLAKE2B 3a799b9e511665e0504cc633eded939da32ed3a727440af267ccc1e187bdcfb3a6fb73b6ca7d52ba3cc747c56040e56d1e6c770f662d6d1426a1ef40fc79be77 SHA512 f029d6f922e1632b32ac6e7b627378854f78c9d9b828dde37273b1b1a09167273fc6934bcb0653209b9e5ffd06c95d564d1bf5f1ea745993e19b062a4532f1c0
+AUX openssh-7.5_p1-CVE-2017-15906.patch 1180 BLAKE2B 37fca347fc1fa969f410d514a76b3d7133914aa14c7ef577e6eb0b2f96b936313b20635c6cc23b5e91e3643e26c899e992b82769a5df6568d058eb4f7a43fab8 SHA512 dfba25e9962e4398688d5e6f9311de44931ea5292d7d50c69d8056838ceb41ce099c44f849c204f7b421515c3aa40bde6e9b98b80b9e99aa113c222841daecd4
+AUX openssh-7.5_p1-GSSAPI-dns.patch 11137 BLAKE2B a54ed4d6f81632ae03523b7b61f750402d178d3213ec310bc0e57c0705ed67607a89a786d429599395722eaf40b2fb591c5b8de87ffc4f1dd7f6713b543c31c2 SHA512 f84e1d3fdda7a534d9351884caaefc136be7599e735200f0393db0acad03a57abe6585f9402018b50e3454e6842c3281d630120d479ff819f591c4693252dd0e
+AUX openssh-7.5_p1-cross-cache.patch 1220 BLAKE2B 7176b86024b072ff601421143f8567e4e47de3d89b1d865bc92405da75bf7c64fa50b9f746d9c494dbf64bc09e04afc1960f673e68ea1d072a5381027afea63d SHA512 03cf3b5556fcf43c7053d1550c8aa35189759a0a2274a67427b28176ba7938b8d0019992de25fb614dc556c5f45a67649bb5d2d82889ac2c37edd986fc632550
+AUX openssh-7.5_p1-disable-conch-interop-tests.patch 554 BLAKE2B f5f45c000ec26c1f783669c3447ea3c80c5c0f9b971b86ca1e79e99e906a90a519abb6b14db462f5766572e9759180719ea44f048ef5aa8efc37efb61d2b6ef7 SHA512 f35b15f1e8d0eb276d748ee14c71004c6599ddb124c33e2f84623bc9eb02bb4fd4680d25d0ba0289d6a723a526c95c9a56b30496bdaa565bae853bf3d1bab61f
+AUX openssh-7.5_p1-hpn-x509-10.1-glue.patch 2741 BLAKE2B 832a176c8c696981a4668a9c63786d09b6adf89bc82c2a3019d77f8550504c62c86e9ed2aae51d7a4b3054d7d368f79f8af6ac0c234736827872b9ce1ceb04d7 SHA512 940dd448f6768bb3e94987eb86b6002d17d918310ad5c1f38f1b3fd9df263439e0fecb9c8f09c05649bfd03cb507c31ef9320522e946850e954ffdd44fdd4b73
+AUX openssh-7.5_p1-hpn-x509-10.2-glue.patch 2847 BLAKE2B 8a6151ab121871e4f2d93ace0e07dce1106c6841031cacfb197e00cc76fc1d0cf153aae52757dcf98a5fb89971125493d0572bd4964d0e59cb3f391fd1256aef SHA512 bc23fdf5995ae38ff166f12f64082f79a2135ca28f2240e89bee42b1e3ba39ce94467ece9ddea99173f1829b09b069dbf56a0bce7dfd1ae5f63c12f73b5ffba7
+AUX openssh-7.5_p1-s390-seccomp.patch 624 BLAKE2B 0bf595d72cd65993dde4e5aae0a3e091bb48021ef8affa84c988d55d9fe6a823b0329b6d9707c88e1556d45c304b6630ade7008f63fd649975594a75f570bb33 SHA512 058dc269eb032151e88e0ac79a0b0fd6fcd56d489e90e299ee431b1475a8f8080e8f4649244864af33e743820b081c9f90b32a1a93b8b60feeb491c0201a4d61
+AUX openssh-7.5_p1-x32-typo.patch 772 BLAKE2B 3f27d669ee76e191f2f6f7c7d86b1d9cb7297cecf17b2d88d86ef498c9ca35231adb0edc9fb811698ec86fd65527cc3fe9f2ce514836aebe5dc27bca2a3a55dc SHA512 20d19301873d4b8e908527f462f40c2f4a513d0bb89d4c7b885f9fc7eb5d483eea544eb108d87ff6aaa3d988d360c2029910c18f7125c96e8367485553f59a5e
+AUX openssh-7.5p1-x509-libressl.patch 7027 BLAKE2B 28c51fb88259f7fce097e72dbbafb9623935cb8aaa5d9cf13432051971bf78e792c81c6b4ec7c3a90a6dc287dbfd95e13d682f100e2a0d8f13613ec87d728509 SHA512 0b5fcb58ee55de7ce61bf2bcad23e4a5cdc941d81121bbf8f0dadf5e1e158c055f45a2ef1aebe8fcb1856a33e079282f4c9f21d9da6892808d7e3c172dca3365
+AUX sshd.confd 389 BLAKE2B 7ebd5f15889151c476fee9b933554efaa005ee5ede477c6bbc909972c0c85b8ff87517288554ed991818dff8625654485f51302080f283515bf4e0699dc5958c SHA512 b17f915b17401a8f8f53e098d29baf729df6635ef10945f125bbd1d0fff2a334be4d778c430aaa84e7c188da74e39b47a85703b2c91b1a51410b0f1f57ebc4fd
+AUX sshd.pam_include.2 156 BLAKE2B 91ebefbb1264fe3fe98df0a72ac22a4cd8a787b3b391af5769798e0b0185f0a588bc089d229c76138fd2db39fbe6bd33924f0d53e0513074d9c2d7abf88dcb78 SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c
+AUX sshd.rc6.4 2131 BLAKE2B 83bf9010c5416abe7b40245aa8362e863f6ec11c2a203237cfddb72f32b3c9348d7bffb4dbbf3ab122cb1a8ad29cd2eb95f0b3449e259aad784c12c47dd9463f SHA512 21e14851fd76d2ad281dc3a7ee36f4dca6895ca92e13ea189f97213dc9160c37e0b9af64b9238da7b03b0cddf299e7d7fe0d5e4db71dbae7cc0d14f460985bec
+AUX sshd.service 242 BLAKE2B e77eb1e0adad0641b60a59d243e911e0a6286a87acda25f3e478582068d8a7a2a12ec88e14bf2c01c7f4c2025ce2d2ce1b1273a93c096bc96da47a69878a823e SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c
+AUX sshd.socket 136 BLAKE2B 22e218c831fc384a3151ef97c391253738fa9002e20cf4628c6fe3d52d4b0ac3b957da58f816950669d0a6f8f2786251c6dfc31bbb863f837a3f52631341dc2e SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42
+AUX sshd_at.service 176 BLAKE2B 316c2de6af05e97ad2271dfda9fc3276b5c049aa1e56ea7c4acc20d5dd6f4444b0ed3122db90959dc8c009e36f59dbe8e8b969f21eaca98c513ac46b4f80f46e SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a
+DIST openssh-6.6p1+x509-7.9.diff.gz 224691 BLAKE2B 6d96428406f04ec1592dbd4a072aa180c2c4612af28d696eb21ecd4324ec7e18d0691ded580df06eb4b42f925df90e4f0893ef41c64a16b58f140c64f0aaa27b SHA512 dc9ee7f0589aa0ba8d3c1c40c505f99a811845d8952bf6bf6b8bd3a00ef4813f3b71db32aadf252d7a320a8bf9cdcdf30b71292869d7830cc42f15ce3d1f3c49
+DIST openssh-6.6p1-hpnssh14v4.diff.xz 20932 BLAKE2B 718a1dab1741f32d2c1e408b192421e77299675a426cb787f056d2801f83805067e944c7fd8302d2cec6b945b0df497c3912629d53ab52893f03ccc91100e1c9 SHA512 7900ccf5ba5fcef5e6f3ed1b3263ad348a4bf63879905bbf9ce5212af64c7f4dae396989c67361ef1b5dfaf97a2d340b3bf75bf37f206b9a18ebee5d84044e2d
+DIST openssh-6.6p1.tar.gz 1282502 BLAKE2B 8a61191d768ee80eab1c11d5a20de47348b1d5e7dc12bc35a083dd0df30e2c4265042cd66b918a9a582b2ac4c49d533625d773f8bd2d442d6070d72572393415 SHA512 3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b
+DIST openssh-7.3_p1-hpn-14.10-r1.patch.xz 20584 BLAKE2B f7530317b1d6cd9aae980b479dcf81e0546337f7c294c2edef5932bd2023ab9e30c7fa9f6fcbdbb1e5d59c0326858a64e59bef726cd8b135e7b8ce5ccf2b2800 SHA512 f0a1c84af85f7cfc7cb58b5117b3d0f57fc25ae0dd608e38b48ef42da43780fd5cf243d26ff9b3fbd6f4cb1567852b87bcb75f98791cf3ad1892e8579a7834d3
+DIST openssh-7.3_p1-sctp.patch.xz 9968 BLAKE2B 28c831cbe0cda4dbb83d58154c4bb7b5d4f430846fcf09f947c42e8ab2594893b7ce5b4d580902e85d0744dca1cbc2405a742546f3282fc73bf8642eebdeac84 SHA512 f249b76898af0c6f1f65f2a1cfb422648aa712818d0dc051b85a171f26bdddf7980fff5de7761161aa41c309e528b3801b4234f5cdd9f79f8eef173ae83f1e3c
+DIST openssh-7.3p1+x509-9.2.diff.gz 588078 BLAKE2B 7c48e102bc98415b9a6eb1aa83a2c1d3ce47ec3f439a48bfa3abd6c06289ce3772535648d1de5be7cee4614edd9e61849c12479f62b376d8bd6481c807ae3846 SHA512 fab0da148b0833a651e8a7c36f344aacecef6fa92f8f1cb6302272d98c1ab018831f5850dcaa8f54a39f9ada9b7d5b0a0ea01defc3c6f603bbe211f6bff6a841
+DIST openssh-7.3p1-hpnssh14v12.tar.xz 23448 BLAKE2B bc839aaabfad6d246d540220bcfc52860831c492be95e1ed541db5cc15874f127d5e0cf27d640efcfc7329a5dccb3ee867a6e3a9275455fe079ae75aff745dc0 SHA512 f1ee37dfd1b717963ae519b725d481de2486c9c94fd80ccd12da2ac00d13be7b6e0284a1e9239a4704014810c086eaaa81cd02344372c65d0122a3eb1c2be83c
+DIST openssh-7.3p1.tar.gz 1522617 BLAKE2B 495e37af7a2ba7ae4082fb9d4c0a1380d4f7c71cbb699370e8e4c1ffa7a67ce5e92a9f37bfedfff7719a7b20b6b3c0b3e36c80fc9f6224ec6819d76f9c9b11d6 SHA512 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801
+DIST openssh-7.4_p1-sctp.patch.xz 8220 BLAKE2B 2d571cacaab342b7950b42ec826bd896edf78780e9ee73fcd441cbc9764eb59e408e295062862db986918824d10498383bf34ae7c93df0da2c056eaec4d2c031 SHA512 0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4
+DIST openssh-7.5p1+x509-10.1.diff.gz 460721 BLAKE2B e3bd5f6539647327d35c90bf0ebf86559a00bf426f49dca4d7d0580d02e0727fe78177974ccddb6103c0e75752165cf51a96f721203dd9c23dce6648431c501e SHA512 d3b5a8f5e3a88eda7989b002236811867b7e2c39bf7cd29a6dbbce277fca3fbedbfdbeaf1fba7d8c19f3dea32a17790e90604765f18576bcc5627a9c1d39109c
+DIST openssh-7.5p1+x509-10.2.diff.gz 467040 BLAKE2B 4048b0f016bf7d43276f88117fc266d1a450d298563bfc6ce705ec2829b8f9d91af5c5232941d55004b5aea2d3e0fb682a9d4acd9510c9761ba7ede2f2f0e37f SHA512 ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a
+DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 BLAKE2B 15702338877e50c2143b33b93bfc87d0aa0fa55915db1f0cab9c22e55f8aa0c6eeb5a56f438d849544d1650bdc574384b851292d621b79f673b78bc37617aa0b SHA512 45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9
+DIST openssh-7.5p1.tar.gz 1510857 BLAKE2B 505764a210018136456c0f5dd40ad9f1383551c3ae037593d4296305df189e0a6f1383adc89b1970d58b8dcfff391878b7a29b848cc244a99705a164bec5d734 SHA512 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
+DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 BLAKE2B 1803611337d53442f51ac4fb1851a9f96ed2b6ccc03567ea52fd5829ee1e85a9e5eb44a7fc4d413d5aa1897d3735b342cd9642c88156fa174e470013322a8aa9 SHA512 e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd
+DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b
+EBUILD openssh-6.6_p1-r1.ebuild 9904 BLAKE2B 80701f1b0d3b1015949e88e0ca85ee6312959909a0f77685b0a9cfc2b1edf6b06d0ce20f18111fc0dc7c032c9300556e898d26b4580393e8151b5eb8d64a8c38 SHA512 7f9028a2ee883c571c0b1b8aad7e869888bf0adcc690ff922204bdb1dee25c19b78b2ae61e0ca07ab3b8e91093fa9a6c03338293ee04647768574c39d0dde621
+EBUILD openssh-7.3_p1-r6.ebuild 12351 BLAKE2B 3d6ce055d165d3336888d0f0377e84d7f0c1e1aa5d49d459f7d8f21a348c358024d448757e8c5335297e5a4dba9a8cc150fd71483728ec8db06f19d2c18e7295 SHA512 5e73f4480ec3fe71cda2dd22a9e84e85000d45fc4da09948d07a731ffb1c849b4bb8f2cf415e5aede12c6f6d8b8dac10c17f6b05f8b333a0d566a8fc517dab6b
+EBUILD openssh-7.3_p1-r7.ebuild 12318 BLAKE2B c4f393ca68606e0a7a3ab1595e1af7e88cecd1f5e1fbe02ed4c042c68294e9a4cfc2ecbfc8ba0e641039abbb845b167282056c8a22b444dd78cdc3cfa293bf23 SHA512 150242d9245f183e2d5e957c37248f50afbccb1c1df45ecb6b03ea2603b47d9c5e25e80e42f0106945a196a6d1e02f76cd07ed19e02c78a15377d3567faa6cc0
+EBUILD openssh-7.3_p1-r8.ebuild 12049 BLAKE2B 3c2f4c7bc4077255e49ffc40053d341358ad84e9f6410aea2ed15fc886b07bd0b674d9503b530b8033a8612f6fd026630bcb5d5bae264bd3b6b3ede81b48e66e SHA512 0524386c7c4e607680b56b7416e2f27ce151ef55e3597896896e2df698776f4a0568201b273cfc858dd96906891243571d6ef19ff0a6e947514b1773ad281390
+EBUILD openssh-7.5_p1-r1.ebuild 11845 BLAKE2B c8c4abccf8557cf2928474590453588d6ec254dd784c20ca61fd9ad08129544ecc127ed752879ffba2fcd3eb5b68f5b1b416cf13da0b9a9b13890f1997586051 SHA512 2a1db0d8c34d8833a8822110656b42f2024c5c3832ea882b42b325bb1061fc6383fef6e64d1eda78f96adb5dbec331d589ab09cbd9e9d151a30a1d908e617e4e
+EBUILD openssh-7.5_p1-r3.ebuild 11934 BLAKE2B c35d57d923c8b334c596bc6eb046f51436c88065e126d4891a861dd9c14c7faeecb5213230ae673412fbf5be0f9dce81ed63d2e08e8418ff1c06a60520332c4f SHA512 559bd7ca53849fefa9a54b306eef38a8952a1aad0c1f11883bd4a88c1cb29786d5f6f04a173a40995096aa7b93680b1c1917dee3eb7509187bb497a2fe89063e
+EBUILD openssh-7.5_p1-r4.ebuild 12003 BLAKE2B 961e3e4371adf867930b47308551a6f14761a119d488d11c7625792a646c5929121be424cf3a7a07ce1042fcfeb8f1f690259bbb9244b30ef2dd3d1df59f2b3b SHA512 2b0b440cc90549610c9bce787510902f314c2d8171dee82873db049f679e2e8ed7792274fd512003c4446fca3ba0016bfb03c851862e0e992de05917d52e6c06
diff --git a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch
deleted file mode 100644
index 7b12e9a6..00000000
--- a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,90 +0,0 @@
---- openssh-6.8_p1-sctp.patch.orig 2015-03-18 17:52:40.563506822 -0700
-+++ openssh-6.8_p1-sctp.patch 2015-03-18 18:14:30.919753194 -0700
-@@ -184,34 +184,6 @@
- int port; /* Port to connect. */
- int address_family;
- int connection_attempts; /* Max attempts (seconds) before
----- a/scp.1
--+++ b/scp.1
--@@ -19,7 +19,7 @@
-- .Sh SYNOPSIS
-- .Nm scp
-- .Bk -words
---.Op Fl 12346BCpqrv
--+.Op Fl 12346BCpqrvz
-- .Op Fl c Ar cipher
-- .Op Fl F Ar ssh_config
-- .Op Fl i Ar identity_file
--@@ -178,6 +178,7 @@ For full details of the options listed b
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UpdateHostKeys
-- .It UsePrivilegedPort
-- .It User
--@@ -218,6 +219,8 @@ and
-- to print debugging messages about their progress.
-- This is helpful in
-- debugging connection, authentication, and configuration problems.
--+.It Fl z
--+Use the SCTP protocol for connection instead of TCP which is the default.
-- .El
-- .Sh EXIT STATUS
-- .Ex -std scp
- --- a/scp.c
- +++ b/scp.c
- @@ -395,7 +395,11 @@ main(int argc, char **argv)
-@@ -471,34 +443,6 @@
- int protocol; /* Supported protocol versions. */
- struct ForwardOptions fwd_opts; /* forwarding options */
- SyslogFacility log_facility; /* Facility for system logging. */
----- a/ssh.1
--+++ b/ssh.1
--@@ -43,7 +43,7 @@
-- .Sh SYNOPSIS
-- .Nm ssh
-- .Bk -words
---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
--+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
-- .Op Fl b Ar bind_address
-- .Op Fl c Ar cipher_spec
-- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -473,6 +473,7 @@ For full details of the options listed b
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UsePrivilegedPort
--@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
-- controls.
-- .It Fl y
-- Send log information using the
--+.It Fl z
--+Use the SCTP protocol for connection instead of TCP which is the default.
-- .Xr syslog 3
-- system module.
-- By default this information is sent to stderr.
- --- a/ssh.c
- +++ b/ssh.c
- @@ -194,12 +194,17 @@ extern int muxserver_sock;
-@@ -520,13 +464,11 @@
- " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
- " [-F configfile] [-I pkcs11] [-i identity_file]\n"
- " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
--@@ -506,7 +512,7 @@ main(int ac, char **av)
-- argv0 = av[0];
-+@@ -506,4 +512,4 @@ main(int ac, char **av)
-
-- again:
--- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
-++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
-+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
- switch (opt) {
- case '1':
- @@ -732,6 +738,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch b/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch
deleted file mode 100644
index a355e2c9..00000000
--- a/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://github.com/openssh/openssh-portable/pull/29
-
-From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Wed, 18 Mar 2015 12:37:24 -0400
-Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is
- set
-
----
- configure.ac | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index b4d6598..7806d20 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2276,10 +2276,10 @@ openssl_engine=no
- AC_ARG_WITH([ssl-engine],
- [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
- [
-- if test "x$openssl" = "xno" ; then
-- AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
-- fi
- if test "x$withval" != "xno" ; then
-+ if test "x$openssl" = "xno" ; then
-+ AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
-+ fi
- openssl_engine=yes
- fi
- ]
---
-2.3.2
-
diff --git a/net-misc/openssh/files/openssh-6.9_p1-libseccomp.patch b/net-misc/openssh/files/openssh-6.9_p1-libseccomp.patch
deleted file mode 100644
index 2993c0e3..00000000
--- a/net-misc/openssh/files/openssh-6.9_p1-libseccomp.patch
+++ /dev/null
@@ -1,244 +0,0 @@
-diff --git a/Makefile.in b/Makefile.in
-index 06be3d5..b1f0931 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -106,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
- sftp-server.o sftp-common.o \
- roaming_common.o roaming_serv.o \
- sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-- sandbox-seccomp-filter.o sandbox-capsicum.o
-+ sandbox-seccomp-filter.o sandbox-libseccomp-filter.o sandbox-capsicum.o
-
- MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
- MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-diff --git a/configure.ac b/configure.ac
-index 67c4486..ddaf7c0 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2867,11 +2867,22 @@ else
- fi
- AC_SUBST([SSH_PRIVSEP_USER])
-
-+AC_CHECK_DECL([SCMP_ARCH_NATIVE], [have_libseccomp_filter=1], , [
-+ #include <sys/types.h>
-+ #include <seccomp.h>
-+])
-+if test "x$have_libseccomp_filter" = "x1" ; then
-+ AC_CHECK_LIB([seccomp], [seccomp_init],
-+ [LIBS="$LIBS -lseccomp"],
-+ [have_libseccomp_filter=0])
-+fi
-+
- if test "x$have_linux_no_new_privs" = "x1" ; then
- AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
- #include <sys/types.h>
- #include <linux/seccomp.h>
- ])
-+
- fi
- if test "x$have_seccomp_filter" = "x1" ; then
- AC_MSG_CHECKING([kernel for seccomp_filter support])
-@@ -2898,7 +2909,7 @@ fi
- # Decide which sandbox style to use
- sandbox_arg=""
- AC_ARG_WITH([sandbox],
-- [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)],
-+ [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, libseccomp_filter, capsicum)],
- [
- if test "x$withval" = "xyes" ; then
- sandbox_arg=""
-@@ -3008,6 +3019,13 @@ elif test "x$sandbox_arg" = "xdarwin" || \
- AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
- SANDBOX_STYLE="darwin"
- AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
-+elif test "x$sandbox_arg" = "xlibseccomp_filter" || \
-+ ( test -z "$sandbox_arg" && \
-+ test "x$have_libseccomp_filter" = "x1" ) ; then
-+ test "x$have_libseccomp_filter" != "x1" && \
-+ AC_MSG_ERROR([libseccomp_filter sandbox not supported on $host])
-+ SANDBOX_STYLE="libseccomp_filter"
-+ AC_DEFINE([SANDBOX_LIBSECCOMP_FILTER], [1], [Sandbox using libseccomp filter])
- elif test "x$sandbox_arg" = "xseccomp_filter" || \
- ( test -z "$sandbox_arg" && \
- test "x$have_seccomp_filter" = "x1" && \
-diff --git a/sandbox-libseccomp-filter.c b/sandbox-libseccomp-filter.c
-new file mode 100644
-index 0000000..d03856b
---- /dev/null
-+++ b/sandbox-libseccomp-filter.c
-@@ -0,0 +1,175 @@
-+/*
-+ * Copyright (c) 2012 Will Drewry <wad@dataspill.org>
-+ *
-+ * Permission to use, copy, modify, and distribute this software for any
-+ * purpose with or without fee is hereby granted, provided that the above
-+ * copyright notice and this permission notice appear in all copies.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-+ */
-+
-+#include "includes.h"
-+
-+#ifdef SANDBOX_LIBSECCOMP_FILTER
-+
-+#include <sys/types.h>
-+#include <sys/resource.h>
-+#include <seccomp.h>
-+
-+#include <errno.h>
-+#include <signal.h>
-+#include <stdarg.h>
-+#include <stddef.h> /* for offsetof */
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+
-+#include "log.h"
-+#include "ssh-sandbox.h"
-+#include "xmalloc.h"
-+
-+struct ssh_sandbox {
-+ pid_t child_pid;
-+};
-+
-+struct ssh_sandbox *
-+ssh_sandbox_init(struct monitor *monitor)
-+{
-+ struct ssh_sandbox *box;
-+
-+ /*
-+ * Strictly, we don't need to maintain any state here but we need
-+ * to return non-NULL to satisfy the API.
-+ */
-+ debug3("%s: preparing libseccomp filter sandbox", __func__);
-+ box = xcalloc(1, sizeof(*box));
-+ box->child_pid = 0;
-+
-+ return box;
-+}
-+
-+static int
-+seccomp_add_secondary_archs(scmp_filter_ctx *c)
-+{
-+#if defined(__i386__) || defined(__x86_64__)
-+ int r;
-+ r = seccomp_arch_add(c, SCMP_ARCH_X86);
-+ if (r < 0 && r != -EEXIST)
-+ return r;
-+ r = seccomp_arch_add(c, SCMP_ARCH_X86_64);
-+ if (r < 0 && r != -EEXIST)
-+ return r;
-+ r = seccomp_arch_add(c, SCMP_ARCH_X32);
-+ if (r < 0 && r != -EEXIST)
-+ return r;
-+#endif
-+ return 0;
-+}
-+
-+struct scmp_action_def {
-+ uint32_t action;
-+ int syscall;
-+};
-+
-+static const struct scmp_action_def preauth_insns[] = {
-+ {SCMP_ACT_ERRNO(EACCES), SCMP_SYS(open)},
-+ {SCMP_ACT_ERRNO(EACCES), SCMP_SYS(stat)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(getpid)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(getpid)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(gettimeofday)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime)},
-+#ifdef __NR_time /* not defined on EABI ARM */
-+ {SCMP_ACT_ALLOW, SCMP_SYS(time)},
-+#endif
-+ {SCMP_ACT_ALLOW, SCMP_SYS(read)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(write)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(close)},
-+#ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */
-+ {SCMP_ACT_ALLOW, SCMP_SYS(shutdown)},
-+#endif
-+ {SCMP_ACT_ALLOW, SCMP_SYS(brk)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(poll)},
-+#ifdef __NR__newselect
-+ {SCMP_ACT_ALLOW, SCMP_SYS(_newselect)},
-+#endif
-+ {SCMP_ACT_ALLOW, SCMP_SYS(select)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(madvise)},
-+#ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
-+ {SCMP_ACT_ALLOW, SCMP_SYS(mmap2)},
-+#endif
-+#ifdef __NR_mmap
-+ {SCMP_ACT_ALLOW, SCMP_SYS(mmap)},
-+#endif
-+#ifdef __dietlibc__
-+ {SCMP_ACT_ALLOW, SCMP_SYS(mremap)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(exit)},
-+#endif
-+ {SCMP_ACT_ALLOW, SCMP_SYS(munmap)},
-+ {SCMP_ACT_ALLOW, SCMP_SYS(exit_group)},
-+#ifdef __NR_rt_sigprocmask
-+ {SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask)},
-+#else
-+ {SCMP_ACT_ALLOW, SCMP_SYS(sigprocmask)},
-+#endif
-+ {0, 0}
-+};
-+
-+
-+void
-+ssh_sandbox_child(struct ssh_sandbox *box)
-+{
-+ scmp_filter_ctx *seccomp;
-+ struct rlimit rl_zero;
-+ const struct scmp_action_def *insn;
-+ int r;
-+
-+ /* Set rlimits for completeness if possible. */
-+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
-+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
-+ fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
-+ __func__, strerror(errno));
-+ if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
-+ fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
-+ __func__, strerror(errno));
-+ if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
-+ fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
-+ __func__, strerror(errno));
-+
-+ seccomp = seccomp_init(SCMP_ACT_KILL);
-+ if (!seccomp)
-+ fatal("%s:libseccomp activation failed", __func__);
-+ if (seccomp_add_secondary_archs(seccomp))
-+ fatal("%s:libseccomp secondary arch setup failed", __func__);
-+
-+ for (insn = preauth_insns; insn->action; insn++) {
-+ if (seccomp_rule_add(seccomp, insn->action, insn->syscall, 0) < 0)
-+ fatal("%s:libseccomp rule failed", __func__);
-+ }
-+
-+ if ((r = seccomp_load(seccomp)) < 0)
-+ fatal("%s:libseccomp unable to load filter %d", __func__, r);
-+
-+ seccomp_release(seccomp);
-+}
-+
-+void
-+ssh_sandbox_parent_finish(struct ssh_sandbox *box)
-+{
-+ free(box);
-+ debug3("%s: finished", __func__);
-+}
-+
-+void
-+ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
-+{
-+ box->child_pid = child_pid;
-+}
-+
-+#endif /* SANDBOX_LIBSECCOMP_FILTER */
diff --git a/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch b/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch
deleted file mode 100644
index 9ce2967a..00000000
--- a/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -ur openssh-6.9p1.orig/sshconnect2.c openssh-6.9p1/sshconnect2.c
---- openssh-6.9p1.orig/sshconnect2.c 2015-07-01 14:56:26.766316866 -0700
-+++ openssh-6.9p1/sshconnect2.c 2015-07-01 14:59:22.828692366 -0700
-@@ -1404,7 +1404,7 @@
- static int
- get_allowed_keytype(Key *k) {
- char *pattern;
-- char *alg;
-+ const char *alg;
-
- if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC)
- return KEY_UNSPEC;
-diff -ur openssh-6.9p1.orig/x509_nm_cmp.c openssh-6.9p1/x509_nm_cmp.c
---- openssh-6.9p1.orig/x509_nm_cmp.c 2015-07-01 14:56:26.129311890 -0700
-+++ openssh-6.9p1/x509_nm_cmp.c 2015-07-01 14:59:14.086624068 -0700
-@@ -133,7 +133,7 @@
- tag = M_ASN1_STRING_type(in);
- if (tag != V_ASN1_UTF8STRING) {
- /*OpenSSL method surprisingly require non-const(!?) ASN1_STRING!*/
-- return(ASN1_STRING_to_UTF8(out, in));
-+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in));
- }
-
- l = M_ASN1_STRING_length(in);
diff --git a/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch
deleted file mode 100644
index d793f908..00000000
--- a/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,74 +0,0 @@
---- openssh-6.8_p1-sctp.patch.1 2015-08-12 16:01:13.854769013 -0700
-+++ openssh-6.8_p1-sctp.patch 2015-08-12 16:00:38.208488789 -0700
-@@ -195,14 +195,6 @@
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
--@@ -178,6 +178,7 @@ For full details of the options listed b
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UpdateHostKeys
-- .It UsePrivilegedPort
-- .It User
- @@ -218,6 +219,8 @@ and
- to print debugging messages about their progress.
- This is helpful in
-@@ -477,19 +469,11 @@
- .Sh SYNOPSIS
- .Nm ssh
- .Bk -words
---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
--+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
-+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy
-++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz
- .Op Fl b Ar bind_address
- .Op Fl c Ar cipher_spec
- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -473,6 +473,7 @@ For full details of the options listed b
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UsePrivilegedPort
- @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
- controls.
- .It Fl y
-@@ -501,7 +485,7 @@
- By default this information is sent to stderr.
- --- a/ssh.c
- +++ b/ssh.c
--@@ -194,12 +194,17 @@ extern int muxserver_sock;
-+@@ -194,11 +194,16 @@ extern int muxserver_sock;
- extern u_int muxclient_command;
-
- /* Prints a help message to the user. This function never returns. */
-@@ -515,18 +499,17 @@
- usage(void)
- {
- fprintf(stderr,
---"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
--+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
-+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
-++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
- " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
- " [-F configfile] [-I pkcs11] [-i identity_file]\n"
-- " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
- @@ -506,7 +512,7 @@ main(int ac, char **av)
-- argv0 = av[0];
-+ # define ENGCONFIG ""
-+ #endif
-
-- again:
--- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
-++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
-+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
- switch (opt) {
- case '1':
- @@ -732,6 +738,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch b/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch
deleted file mode 100644
index 51245697..00000000
--- a/net-misc/openssh/files/openssh-7.1_p2-x509-hpn14v10-glue.patch
+++ /dev/null
@@ -1,51 +0,0 @@
---- openssh-7.1p2/Makefile.in
-+++ openssh-7.1p2/Makefile.in
-@@ -45,7 +45,7 @@
- CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
--CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
-+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
- K5LIBS=@K5LIBS@
- GSSLIBS=@GSSLIBS@
-@@ -53,6 +53,7 @@
- SSHDLIBS=@SSHDLIBS@
- LIBEDIT=@LIBEDIT@
- LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
-+CPPFLAGS+=@LDAP_CPPFLAGS@
- AR=@AR@
- AWK=@AWK@
- RANLIB=@RANLIB@
---- openssh-7.1p2/sshconnect.c
-+++ openssh-7.1p2/sshconnect.c
-@@ -465,7 +465,7 @@
- {
- /* Send our own protocol version identification. */
- if (compat20) {
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n",
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
- } else {
- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
---- openssh-7.1p2/sshd.c
-+++ openssh-7.1p2/sshd.c
-@@ -472,8 +472,8 @@
- comment = "";
- }
-
-- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
-- major, minor, SSH_VERSION, comment,
-+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-+ major, minor, SSH_VERSION,
- *options.version_addendum == '\0' ? "" : " ",
- options.version_addendum, newline);
-
---- openssh-7.1p2/version.h
-+++ openssh-7.1p2/version.h
-@@ -3,4 +3,5 @@
- #define SSH_VERSION "OpenSSH_7.1"
-
- #define SSH_PORTABLE "p2"
-+#define SSH_X509 " PKIX"
- #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
diff --git a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch
deleted file mode 100644
index 29e94e43..00000000
--- a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-http://bugs.gentoo.org/165444
-https://bugzilla.mindrot.org/show_bug.cgi?id=1008
-
---- openssh-7.2p1/readconf.c
-+++ openssh-7.2p1/readconf.c
-@@ -148,6 +148,7 @@
- oClearAllForwardings, oNoHostAuthenticationForLocalhost,
- oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
- oAddressFamily, oGssAuthentication, oGssDelegateCreds,
-+ oGssTrustDns,
- oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
- oSendEnv, oControlPath, oControlMaster, oControlPersist,
- oHashKnownHosts,
-@@ -194,9 +195,11 @@
- #if defined(GSSAPI)
- { "gssapiauthentication", oGssAuthentication },
- { "gssapidelegatecredentials", oGssDelegateCreds },
-+ { "gssapitrustdns", oGssTrustDns },
- #else
- { "gssapiauthentication", oUnsupported },
- { "gssapidelegatecredentials", oUnsupported },
-+ { "gssapitrustdns", oUnsupported },
- #endif
- { "fallbacktorsh", oDeprecated },
- { "usersh", oDeprecated },
-@@ -930,6 +933,10 @@
- intptr = &options->gss_deleg_creds;
- goto parse_flag;
-
-+ case oGssTrustDns:
-+ intptr = &options->gss_trust_dns;
-+ goto parse_flag;
-+
- case oBatchMode:
- intptr = &options->batch_mode;
- goto parse_flag;
-@@ -1649,6 +1656,7 @@
- options->challenge_response_authentication = -1;
- options->gss_authentication = -1;
- options->gss_deleg_creds = -1;
-+ options->gss_trust_dns = -1;
- options->password_authentication = -1;
- options->kbd_interactive_authentication = -1;
- options->kbd_interactive_devices = NULL;
-@@ -1779,6 +1787,8 @@
- options->gss_authentication = 0;
- if (options->gss_deleg_creds == -1)
- options->gss_deleg_creds = 0;
-+ if (options->gss_trust_dns == -1)
-+ options->gss_trust_dns = 0;
- if (options->password_authentication == -1)
- options->password_authentication = 1;
- if (options->kbd_interactive_authentication == -1)
---- openssh-7.2p1/readconf.h
-+++ openssh-7.2p1/readconf.h
-@@ -46,6 +46,7 @@
- /* Try S/Key or TIS, authentication. */
- int gss_authentication; /* Try GSS authentication */
- int gss_deleg_creds; /* Delegate GSS credentials */
-+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
- int password_authentication; /* Try password
- * authentication. */
- int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
---- openssh-7.2p1/ssh_config.5
-+++ openssh-7.2p1/ssh_config.5
-@@ -830,6 +830,16 @@
- Forward (delegate) credentials to the server.
- The default is
- .Dq no .
-+Note that this option applies to protocol version 2 connections using GSSAPI.
-+.It Cm GSSAPITrustDns
-+Set to
-+.Dq yes to indicate that the DNS is trusted to securely canonicalize
-+the name of the host being connected to. If
-+.Dq no, the hostname entered on the
-+command line will be passed untouched to the GSSAPI library.
-+The default is
-+.Dq no .
-+This option only applies to protocol version 2 connections using GSSAPI.
- .It Cm HashKnownHosts
- Indicates that
- .Xr ssh 1
---- openssh-7.2p1/sshconnect2.c
-+++ openssh-7.2p1/sshconnect2.c
-@@ -656,6 +656,12 @@
- static u_int mech = 0;
- OM_uint32 min;
- int ok = 0;
-+ const char *gss_host;
-+
-+ if (options.gss_trust_dns)
-+ gss_host = get_canonical_hostname(1);
-+ else
-+ gss_host = authctxt->host;
-
- /* Try one GSSAPI method at a time, rather than sending them all at
- * once. */
-@@ -668,7 +674,7 @@
- /* My DER encoding requires length<128 */
- if (gss_supported->elements[mech].length < 128 &&
- ssh_gssapi_check_mechanism(&gssctxt,
-- &gss_supported->elements[mech], authctxt->host)) {
-+ &gss_supported->elements[mech], gss_host)) {
- ok = 1; /* Mechanism works */
- } else {
- mech++;
diff --git a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch
deleted file mode 100644
index 2884ee92..00000000
--- a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,74 +0,0 @@
---- openssh-7.2_p1-sctp.patch
-+++ openssh-7.2_p1-sctp.patch
-@@ -195,14 +195,6 @@
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
--@@ -181,6 +181,7 @@ For full details of the options listed below, and their possible values, see
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UpdateHostKeys
-- .It UsePrivilegedPort
-- .It User
- @@ -222,6 +223,8 @@ and
- to print debugging messages about their progress.
- This is helpful in
-@@ -477,19 +469,11 @@
- .Sh SYNOPSIS
- .Nm ssh
- .Bk -words
---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
--+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
-+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy
-++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz
- .Op Fl b Ar bind_address
- .Op Fl c Ar cipher_spec
- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -536,6 +536,7 @@ For full details of the options listed below, and their possible values, see
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UpdateHostKeys
- @@ -770,6 +771,8 @@ controls.
- .Pp
- .It Fl y
-@@ -501,7 +485,7 @@
- index f9ff91f..d0d92ce 100644
- --- a/ssh.c
- +++ b/ssh.c
--@@ -195,12 +195,17 @@ extern int muxserver_sock;
-+@@ -195,11 +195,16 @@ extern int muxserver_sock;
- extern u_int muxclient_command;
-
- /* Prints a help message to the user. This function never returns. */
-@@ -515,18 +499,17 @@
- usage(void)
- {
- fprintf(stderr,
---"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
--+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
-+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
-++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
- " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
- " [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n"
-- " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
- @@ -605,7 +610,7 @@ main(int ac, char **av)
-- argv0 = av[0];
-+ # define ENGCONFIG ""
-+ #endif
-
-- again:
--- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
-++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
-+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
- switch (opt) {
- case '1':
- @@ -845,6 +850,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-7.2_p1-x509-warnings.patch b/net-misc/openssh/files/openssh-7.2_p1-x509-warnings.patch
deleted file mode 100644
index 9e51f6cd..00000000
--- a/net-misc/openssh/files/openssh-7.2_p1-x509-warnings.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- sshconnect2.c.dist 2016-07-16 12:24:22.784369522 +0100
-+++ sshconnect2.c 2016-07-16 12:29:42.459637342 +0100
-@@ -1456,7 +1456,7 @@ pubkey_cleanup(Authctxt *authctxt)
- static int
- get_allowed_keytype(Key *k) {
- char *pattern;
-- char *alg;
-+ const char *alg;
-
- if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC)
- return KEY_UNSPEC;
---- x509_nm_cmp.c.dist 2016-07-16 12:27:40.188114003 +0100
-+++ x509_nm_cmp.c 2016-07-16 12:27:43.298067968 +0100
-@@ -166,7 +166,7 @@ ssh_ASN1_STRING_to_UTF8(unsigned char **
-
- tag = ASN1_STRING_type(in);
- if (tag != V_ASN1_UTF8STRING) {
-- return(ASN1_STRING_to_UTF8(out, in));
-+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in));
- }
-
- l = ASN1_STRING_length(in);
diff --git a/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch b/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch
new file mode 100644
index 00000000..a5647ce9
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.5_p1-disable-conch-interop-tests.patch
@@ -0,0 +1,20 @@
+Disable conch interop tests which are failing when called
+via portage for yet unknown reason and because using conch
+seems to be flaky (test is failing when using Python2 but
+passing when using Python3).
+
+Bug: https://bugs.gentoo.org/605446
+
+--- a/regress/conch-ciphers.sh
++++ b/regress/conch-ciphers.sh
+@@ -3,6 +3,10 @@
+
+ tid="conch ciphers"
+
++# https://bugs.gentoo.org/605446
++echo "conch interop tests skipped due to Gentoo bug #605446"
++exit 0
++
+ if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then
+ echo "conch interop tests not enabled"
+ exit 0
diff --git a/net-misc/openssh/openssh-6.9_p1-r2.ebuild b/net-misc/openssh/openssh-6.9_p1-r2.ebuild
deleted file mode 100644
index 471894af..00000000
--- a/net-misc/openssh/openssh-6.9_p1-r2.ebuild
+++ /dev/null
@@ -1,322 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id: 40ad0d2d4e4735f9cbac13ea37d98cd589f98e86 $
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PN}-6.9p1-r1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit -libseccomp pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- libseccomp? ( sys-libs/libseccomp )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
- ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use libseccomp; then
- epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch
- fi
- if use X509 ; then
- pushd .. >/dev/null
- #epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
- epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
- addpredict /etc/skey/skeykeys # skey configure code triggers this
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"/var/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass --without-ldap # ' # <-- Syntax highlight fail
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- $(use_with libseccomp sandbox libseccomp_filter)
- )
- if use abi_x86_x32 && ! use libseccomp; then
- ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without"
- ewarn "experimental libseccomp support at least - it is required that this build"
- ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from"
- ewarn "forking or opening new network connections by having setrlimit() called to reset"
- ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a"
- ewarn "very basic fallback choice where no better alternative is available."
- myconf+=( --with-sandbox=rlimit )
- fi
-
- # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
- if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
- myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
- append-ldflags -lutil
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
- fi
- ewarn "Remember to merge your config files in /etc/ssh/ and then"
- ewarn "reload sshd: '/etc/init.d/sshd reload'."
- elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
- elog " dropped it. Make sure to update any configs that you might have."
-}
diff --git a/net-misc/openssh/openssh-7.1_p1-r2.ebuild b/net-misc/openssh/openssh-7.1_p1-r2.ebuild
deleted file mode 100644
index 02e4d1c4..00000000
--- a/net-misc/openssh/openssh-7.1_p1-r2.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id: 40ee3c8aa5efdc3d0ce3f58700f84b1fecc5c016 $
-
-EAPI="4"
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PARCH}-hpnssh14v9.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
-X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- libseccomp? ( sys-libs/libseccomp )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- !libressl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- libressl? ( dev-libs/libressl[static-libs(+)] )
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
- ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use libseccomp; then
- epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch
- fi
- if use X509 ; then
- pushd .. >/dev/null
- if use hpn ; then
- pushd ${HPN_PATCH%.*.*} >/dev/null
- epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
- popd >/dev/null
- fi
- epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
- addpredict /etc/skey/skeykeys # skey configure code triggers this
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"/var/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass --without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- # The X509 patch deletes this option entirely.
- $(use X509 || use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- $(use_with libseccomp sandbox libseccomp_filter)
- )
- if use abi_x86_x32 && ! use libseccomp; then
- ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without"
- ewarn "experimental libseccomp support at least - it is required that this build"
- ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from"
- ewarn "forking or opening new network connections by having setrlimit() called to reset"
- ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a"
- ewarn "very basic fallback choice where no better alternative is available."
- myconf+=( --with-sandbox=rlimit )
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
- fi
- if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
- elog "Make sure to update any configs that you might have. Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
- elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
- elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
- elog "adding to your sshd_config or ~/.ssh/config files:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or ed25519."
-
- elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
- elog "to 'prohibit-password'. That means password auth for root users no longer works"
- elog "out of the box. If you need this, please update your sshd_config explicitly."
- fi
- if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
- elog "Be aware that by disabling openssl support in openssh, the server and clients"
- elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
- elog "and update all clients/servers that utilize them."
- fi
-}
diff --git a/net-misc/openssh/openssh-7.1_p2.ebuild b/net-misc/openssh/openssh-7.1_p2.ebuild
deleted file mode 100644
index 21b33964..00000000
--- a/net-misc/openssh/openssh-7.1_p2.ebuild
+++ /dev/null
@@ -1,340 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id: 762e35d9e2fd6bc06c3f813ddbc18f91ef76d0f8 $
-
-EAPI="5"
-
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-HPN_PATCH="${PARCH}-hpnssh14v10.tar.xz"
-LDAP_PATCH="${PN}-lpk-7.1p2-0.3.14.patch.xz"
-X509_VER="8.6" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.xz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp pam +pie sctp selinux skey ssh1 +ssl static systemd X X509 abi_x86_x32"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- libseccomp? ( sys-libs/libseccomp )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- !libressl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- libressl? ( dev-libs/libressl[static-libs(+)] )
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
- die "booooo"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
- ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use libseccomp; then
- epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch
- fi
- if use X509 ; then
- pushd .. >/dev/null
- if use hpn ; then
- pushd ${HPN_PATCH%.*.*} >/dev/null
- epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
- popd >/dev/null
- fi
- epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch
- epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
- save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- # The X509 patchset fixes this independently.
- use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
- epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"/var/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass --without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- $(use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- $(use_with libseccomp sandbox libseccomp_filter)
- )
- if use abi_x86_x32 && ! use libseccomp; then
- ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without"
- ewarn "experimental libseccomp support at least - it is required that this build"
- ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from"
- ewarn "forking or opening new network connections by having setrlimit() called to reset"
- ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a"
- ewarn "very basic fallback choice where no better alternative is available."
- myconf+=( --with-sandbox=rlimit )
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- if use systemd; then
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
- fi
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
- fi
- if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
- elog "Make sure to update any configs that you might have. Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
- elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
- elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
- elog "adding to your sshd_config or ~/.ssh/config files:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or ed25519."
-
- elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
- elog "to 'prohibit-password'. That means password auth for root users no longer works"
- elog "out of the box. If you need this, please update your sshd_config explicitly."
- fi
- if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
- elog "Be aware that by disabling openssl support in openssh, the server and clients"
- elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
- elog "and update all clients/servers that utilize them."
- fi
-}
diff --git a/net-misc/openssh/openssh-7.2_p2-r1.ebuild b/net-misc/openssh/openssh-7.2_p2-r1.ebuild
deleted file mode 100644
index 8918f6f9..00000000
--- a/net-misc/openssh/openssh-7.2_p2-r1.ebuild
+++ /dev/null
@@ -1,348 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id: 282823eb3a85723e252eb5abc11543c4d8045f34 $
-
-EAPI="5"
-
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-#HPN_PATCH="${PARCH}-hpnssh14v10.tar.xz"
-LDAP_PATCH="${PN}-lpk-7.2p2-0.3.14.patch.xz"
-X509_VER="8.9" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-7.2_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp livecd pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- libseccomp? ( sys-libs/libseccomp )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- !libressl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- libressl? ( dev-libs/libressl[static-libs(+)] )
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
- die "This version of OpenSSH does not yet have all previous functionality enabled"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
- ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use libseccomp; then
- epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch
- fi
- if use X509 ; then
- pushd .. >/dev/null
- if use hpn ; then
- pushd ${HPN_PATCH%.*.*} >/dev/null
- epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
- popd >/dev/null
- fi
- epatch "${FILESDIR}"/${PN}-7.2_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- #epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch
- epatch "${FILESDIR}"/${PN}-7.2_p1-x509-warnings.patch
- #save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-7.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- epatch "${WORKDIR}"/${PN}-7.2_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"/var/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass --without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- $(use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- $(use_with libseccomp sandbox libseccomp_filter)
- )
-
- # The seccomp sandbox is broken on x32, so use the older method for now. #553748
- if use abi_x86_x32 && ! use libseccomp; then
- ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without"
- ewarn "experimental libseccomp support at least - it is required that this build"
- ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from"
- ewarn "forking or opening new network connections by having setrlimit() called to reset"
- ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a"
- ewarn "very basic fallback choice where no better alternative is available."
- myconf+=( --with-sandbox=rlimit )
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- # Allow root password logins for live-cds
- if use livecd ; then
- sed -i \
- -e "/PermitRootLogin/c\\
-\\
-# By popular demand, we're allowing root login with password on livecds\\
-PermitRootLogin Yes\\
-" "${ED}"/etc/ssh/sshd_config
- fi
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
- fi
- if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
- elog "Make sure to update any configs that you might have. Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
- elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
- elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
- elog "adding to your sshd_config or ~/.ssh/config files:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or ed25519."
-
- elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
- elog "to 'prohibit-password'. That means password auth for root users no longer works"
- elog "out of the box. If you need this, please update your sshd_config explicitly."
- fi
- if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
- elog "Be aware that by disabling openssl support in openssh, the server and clients"
- elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
- elog "and update all clients/servers that utilize them."
- fi
-}
diff --git a/net-misc/openssh/openssh-7.2_p2.ebuild b/net-misc/openssh/openssh-7.2_p2.ebuild
deleted file mode 100644
index 56399367..00000000
--- a/net-misc/openssh/openssh-7.2_p2.ebuild
+++ /dev/null
@@ -1,341 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id: 62f1026c91950fdaec3f2989a4650c750d5fee16 $
-
-EAPI="5"
-
-inherit eutils user flag-o-matic multilib autotools pam systemd versionator
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-#HPN_PATCH="${PARCH}-hpnssh14v10.tar.xz"
-LDAP_PATCH="${PN}-lpk-7.2p2-0.3.14.patch.xz"
-X509_VER="8.9" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.org/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
- mirror://gentoo/${PN}-7.2_p1-sctp.patch.xz
- ${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- mirror://sourceforge/hpnssh/${HPN_PATCH}
- )}
- ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
- ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
- "
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-[[ -z "${HPN_PATCH}" || -z "${LDAP_PATCH}" || -z "${X509_PATCH}" ]] && \
- { KEYWORDS="~${KEYWORDS// / ~}" ; KEYWORDS="${KEYWORDS//~~/~}" ; }
-
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos ldap ldns libedit libressl -libseccomp pam +pie sctp selinux skey ssh1 +ssl static X X509 abi_x86_x32"
-REQUIRED_USE="ldns? ( ssl )
- pie? ( !static )
- ssh1? ( ssl )
- static? ( !kerberos !pam )
- X509? ( !ldap ssl )"
-
-LIB_DEPEND="
- ldns? (
- net-libs/ldns[static-libs(+)]
- !bindist? ( net-libs/ldns[ecdsa,ssl] )
- bindist? ( net-libs/ldns[-ecdsa,ssl] )
- )
- libedit? ( dev-libs/libedit[static-libs(+)] )
- libseccomp? ( sys-libs/libseccomp )
- sctp? ( net-misc/lksctp-tools[static-libs(+)] )
- selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
- skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
- ssl? (
- !libressl? (
- >=dev-libs/openssl-0.9.8f:0[bindist=]
- dev-libs/openssl:0[static-libs(+)]
- )
- libressl? ( dev-libs/libressl[static-libs(+)] )
- )
- >=sys-libs/zlib-1.2.3[static-libs(+)]"
-RDEPEND="
- !static? ( ${LIB_DEPEND//\[static-libs(+)]} )
- pam? ( virtual/pam )
- kerberos? ( virtual/krb5 )
- ldap? ( net-nds/openldap )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- virtual/pkgconfig
- virtual/os-headers
- sys-devel/autoconf"
-RDEPEND="${RDEPEND}
- pam? ( >=sys-auth/pambase-20081028 )
- userland_GNU? ( virtual/shadow )
- X? ( x11-apps/xauth )"
-
-S=${WORKDIR}/${PARCH}
-
-pkg_setup() {
- # this sucks, but i'd rather have people unable to `emerge -u openssh`
- # than not be able to log in to their server any more
- maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
- local fail="
- $(use X509 && maybe_fail X509 X509_PATCH)
- $(use ldap && maybe_fail ldap LDAP_PATCH)
- $(use hpn && maybe_fail hpn HPN_PATCH)
- "
- fail=$(echo ${fail})
- if [[ -n ${fail} ]] ; then
- eerror "Sorry, but this version does not yet support features"
- eerror "that you requested: ${fail}"
- eerror "Please mask ${PF} for now and check back later:"
- eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
- die "This version of OpenSSH does not yet have all previous functionality enabled"
- fi
-
- # Make sure people who are using tcp wrappers are notified of its removal. #531156
- if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
- ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
- ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
- fi
-}
-
-save_version() {
- # version.h patch conflict avoidence
- mv version.h version.h.$1
- cp -f version.h.pristine version.h
-}
-
-src_prepare() {
- sed -i \
- -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
- pathnames.h || die
- # keep this as we need it to avoid the conflict between LPK and HPN changing
- # this file.
- cp version.h version.h.pristine
-
- # don't break .ssh/authorized_keys2 for fun
- sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
- if use libseccomp; then
- epatch "${FILESDIR}"/${PN}-6.9_p1-libseccomp.patch
- fi
- if use X509 ; then
- pushd .. >/dev/null
- if use hpn ; then
- pushd ${HPN_PATCH%.*.*} >/dev/null
- epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
- popd >/dev/null
- fi
- epatch "${FILESDIR}"/${PN}-7.2_p1-sctp-x509-glue.patch
- popd >/dev/null
- epatch "${WORKDIR}"/${X509_PATCH%.*}
- #epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch
- epatch "${FILESDIR}"/${PN}-7.2_p1-x509-warnings.patch
- #save_version X509
- fi
- if use ldap ; then
- epatch "${WORKDIR}"/${LDAP_PATCH%.*}
- save_version LPK
- fi
- epatch "${FILESDIR}"/${PN}-7.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex
- epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
- epatch "${WORKDIR}"/${PN}-7.2_p1-sctp.patch
- if use hpn ; then
- EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
- EPATCH_MULTI_MSG="Applying HPN patchset ..." \
- epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- save_version HPN
- fi
-
- tc-export PKG_CONFIG
- local sed_args=(
- -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
- # Disable PATH reset, trust what portage gives us #254615
- -e 's:^PATH=/:#PATH=/:'
- # Disable fortify flags ... our gcc does this for us
- -e 's:-D_FORTIFY_SOURCE=2::'
- )
- # The -ftrapv flag ICEs on hppa #505182
- use hppa && sed_args+=(
- -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
- -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
- )
- sed -i "${sed_args[@]}" configure{.ac,} || die
-
- epatch_user #473004
-
- # Now we can build a sane merged version.h
- (
- sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
- macros=()
- for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
- printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
- ) > version.h
-
- eautoreconf
-}
-
-src_configure() {
- addwrite /dev/ptmx
-
- use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
- use static && append-ldflags -static
-
- local myconf=(
- --with-ldflags="${LDFLAGS}"
- --disable-strip
- --with-pid-dir="${EPREFIX}"/var/run
- --sysconfdir="${EPREFIX}"/etc/ssh
- --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
- --datadir="${EPREFIX}"/usr/share/openssh
- --with-privsep-path="${EPREFIX}"/var/empty
- --with-privsep-user=sshd
- $(use_with kerberos kerberos5 "${EPREFIX}"/usr)
- # We apply the ldap patch conditionally, so can't pass --without-ldap
- # unconditionally else we get unknown flag warnings.
- $(use ldap && use_with ldap)
- $(use_with ldns)
- $(use_with libedit)
- $(use_with pam)
- $(use_with pie)
- $(use_with sctp)
- $(use_with selinux)
- $(use_with skey)
- $(use_with ssh1)
- $(use_with ssl openssl)
- $(use_with ssl md5-passwords)
- $(use_with ssl ssl-engine)
- $(use_with libseccomp sandbox libseccomp_filter)
- )
-
- # The seccomp sandbox is broken on x32, so use the older method for now. #553748
- if use abi_x86_x32 && ! use libseccomp; then
- ewarn "The default 'seccomp' sandbox does not work correctly on x32, and so - without"
- ewarn "experimental libseccomp support at least - it is required that this build"
- ewarn "fallback to the basic 'rlimit' sandbox, where a child process is prevented from"
- ewarn "forking or opening new network connections by having setrlimit() called to reset"
- ewarn "its hard-limit of file descriptors and processes to zero. As such, this is a"
- ewarn "very basic fallback choice where no better alternative is available."
- myconf+=( --with-sandbox=rlimit )
- fi
-
- econf "${myconf[@]}"
-}
-
-src_install() {
- emake install-nokeys DESTDIR="${D}"
- fperms 600 /etc/ssh/sshd_config
- dobin contrib/ssh-copy-id
- newinitd "${FILESDIR}"/sshd.rc6.4 sshd
- newconfd "${FILESDIR}"/sshd.confd sshd
- keepdir /var/empty
-
- newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
- if use pam ; then
- sed -i \
- -e "/^#UsePAM /s:.*:UsePAM yes:" \
- -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
- -e "/^#PrintMotd /s:.*:PrintMotd no:" \
- -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
- "${ED}"/etc/ssh/sshd_config || die
- fi
-
- # Gentoo tweaks to default config files
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
- # Allow client to pass locale environment variables #367017
- AcceptEnv LANG LC_*
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
- # Send locale environment variables #367017
- SendEnv LANG LC_*
- EOF
-
- if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
- insinto /etc/openldap/schema/
- newins openssh-lpk_openldap.schema openssh-lpk.schema
- fi
-
- doman contrib/ssh-copy-id.1
- dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
- diropts -m 0700
- dodir /etc/skel/.ssh
-
- systemd_dounit "${FILESDIR}"/sshd.{service,socket}
- systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-src_test() {
- local t tests skipped failed passed shell
- tests="interop-tests compat-tests"
- skipped=""
- shell=$(egetshell ${UID})
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- elog "Running the full OpenSSH testsuite"
- elog "requires a usable shell for the 'portage'"
- elog "user, so we will run a subset only."
- skipped="${skipped} tests"
- else
- tests="${tests} tests"
- fi
- # It will also attempt to write to the homedir .ssh
- local sshhome=${T}/homedir
- mkdir -p "${sshhome}"/.ssh
- for t in ${tests} ; do
- # Some tests read from stdin ...
- HOMEDIR="${sshhome}" \
- emake -k -j1 ${t} </dev/null \
- && passed="${passed}${t} " \
- || failed="${failed}${t} "
- done
- einfo "Passed tests: ${passed}"
- ewarn "Skipped tests: ${skipped}"
- if [[ -n ${failed} ]] ; then
- ewarn "Failed tests: ${failed}"
- die "Some tests failed: ${failed}"
- else
- einfo "Failed tests: ${failed}"
- return 0
- fi
-}
-
-pkg_preinst() {
- enewgroup sshd 22
- enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
- if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
- elog "Starting with openssh-5.8p1, the server will default to a newer key"
- elog "algorithm (ECDSA). You are encouraged to manually update your stored"
- elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
- fi
- if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
- elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
- fi
- if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
- elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
- elog "Make sure to update any configs that you might have. Note that xinetd might"
- elog "be an alternative for you as it supports USE=tcpd."
- fi
- if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
- elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
- elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
- elog "adding to your sshd_config or ~/.ssh/config files:"
- elog " PubkeyAcceptedKeyTypes=+ssh-dss"
- elog "You should however generate new keys using rsa or ed25519."
-
- elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
- elog "to 'prohibit-password'. That means password auth for root users no longer works"
- elog "out of the box. If you need this, please update your sshd_config explicitly."
- fi
- if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
- elog "Be aware that by disabling openssl support in openssh, the server and clients"
- elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
- elog "and update all clients/servers that utilize them."
- fi
-}
diff --git a/net-misc/openssh/openssh-7.5_p1-r4.ebuild b/net-misc/openssh/openssh-7.5_p1-r4.ebuild
index a30722e8..377d249c 100644
--- a/net-misc/openssh/openssh-7.5_p1-r4.ebuild
+++ b/net-misc/openssh/openssh-7.5_p1-r4.ebuild
@@ -131,6 +131,7 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-7.5_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
+ epatch "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
epatch "${FILESDIR}"/${PN}-7.5_p1-cross-cache.patch
epatch "${FILESDIR}"/${PN}-7.5_p1-CVE-2017-15906.patch
use X509 || epatch "${FILESDIR}"/${PN}-7.5_p1-s390-seccomp.patch # already included in X509 patch set, #644252