From 1c96c5d5afb963abc92d51a8e413f6cf1f5dceba Mon Sep 17 00:00:00 2001
From: Nick Owens <mischief@coreos.com>
Date: Mon, 28 Mar 2016 14:16:05 -0700
Subject: [PATCH] net-misc/openssh: drop dss (dsa) support

---
 .../files/openssh-7.1_p1-enable-dss.patch     | 43 -------------------
 ..._p1-r4.ebuild => openssh-7.1_p1-r5.ebuild} |  4 --
 2 files changed, 47 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-enable-dss.patch
 rename sdk_container/src/third_party/coreos-overlay/net-misc/openssh/{openssh-7.1_p1-r4.ebuild => openssh-7.1_p1-r5.ebuild} (98%)

diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-enable-dss.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-enable-dss.patch
deleted file mode 100644
index 577d392f64..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-enable-dss.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c3fa4699b9b761be1b406dcdd22344d56efd703b Mon Sep 17 00:00:00 2001
-From: Nick Owens <mischief@coreos.com>
-Date: Mon, 30 Nov 2015 18:48:05 -0800
-Subject: [PATCH] partial revert of 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9
-
-in 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 from
-git://anongit.mindrot.org/openssh.git, DSA (ssh-dss) key support was
-removed. re-enable DSA key suport by adding back
-ssh-dss-cert-v01@openssh.com and ssh-dss back to KEX_DEFAULT_PK_ALG.
-
-this patch was generated with the following command on the above repo:
-
-git diff -R 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9^..3a1638dda19bbc73d0ae02b4c251ce08e564b4b9 -- myproposal.h
----
- myproposal.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/myproposal.h b/myproposal.h
-index 46e5b98..371f27c 100644
---- a/myproposal.h
-+++ b/myproposal.h
-@@ -1,4 +1,4 @@
--/* $OpenBSD: myproposal.h,v 1.47 2015/07/10 06:21:53 markus Exp $ */
-+/* $OpenBSD: myproposal.h,v 1.46 2015/07/03 03:47:00 djm Exp $ */
- 
- /*
-  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
-@@ -99,9 +99,11 @@
- 	HOSTKEY_ECDSA_CERT_METHODS \
- 	"ssh-ed25519-cert-v01@openssh.com," \
- 	"ssh-rsa-cert-v01@openssh.com," \
-+	"ssh-dss-cert-v01@openssh.com," \
- 	HOSTKEY_ECDSA_METHODS \
- 	"ssh-ed25519," \
--	"ssh-rsa" \
-+	"ssh-rsa," \
-+	"ssh-dss"
- 
- /* the actual algorithms */
- 
--- 
-2.4.10
-
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r5.ebuild
similarity index 98%
rename from sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r5.ebuild
index 54c2f25e50..8ebf0393ad 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r4.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r5.ebuild
@@ -155,10 +155,6 @@ src_prepare() {
 	)
 	sed -i "${sed_args[@]}" configure{.ac,} || die
 
-	# in CoreOS, we wish to keep ssh-dss around for a while longer while we give
-	# users time to get rid of their ssh-dss keys.
-	epatch "${FILESDIR}"/${PN}-7.1_p1-enable-dss.patch
-
 	epatch_user #473004
 
 	# Now we can build a sane merged version.h