bump(net-misc/openssh): sync with upstream

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1

@@ -9,6 +9,6 @@ LICENSE=BSD GPL-2
 RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
 REQUIRED_USE=pie? ( !static )
 SLOT=0
-SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz )
+SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz https://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz )
 _eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
-_md5_=99cf0d8b634db4e1f271aa7512b7bf8b
+_md5_=3f1c7586a018db2b5f6819ef4786b6a5

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r3

@@ -1,14 +0,0 @@
-DEFINED_PHASES=configure install postinst preinst prepare setup test
-DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.14.1:1.14 >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
-DESCRIPTION=Port of OpenBSD's free SSH release
-EAPI=4
-HOMEPAGE=http://www.openssh.org/
-IUSE=bindist +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509
-KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
-LICENSE=BSD GPL-2
-RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
-REQUIRED_USE=pie? ( !static )
-SLOT=0
-SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz )
-_eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
-_md5_=cce2c1d88bb21956b474c1f2c057ff08

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.7_p1-r4

@@ -9,6 +9,6 @@ LICENSE=BSD GPL-2
 RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
 REQUIRED_USE=pie? ( !static )
 SLOT=0
-SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz http://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz )
+SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.7p1.tar.gz mirror://gentoo/openssh-6.7_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.7p1-hpnssh14v5.tar.xz https://dev.gentoo.org/~vapier/dist/openssh-6.7p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.7p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.7p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.2/openssh-6.7p1+x509-8.2.diff.gz )
 _eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
-_md5_=5772ef3fca88f8e864f3b29e1a57d2dd
+_md5_=85fe40d6c2d6ed5f9650bf51595a75d4

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.8_p1-r5

@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install postinst preinst prepare setup test
+DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] ) >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.14.1:1.14 >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
+DESCRIPTION=Port of OpenBSD's free SSH release
+EAPI=4
+HOMEPAGE=http://www.openssh.org/
+IUSE=bindist debug +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey +ssh1 +ssl static X X509
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=BSD GPL-2
+RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
+REQUIRED_USE=pie? ( !static ) ssh1? ( ssl ) static? ( !kerberos !pam ) X509? ( !ldap ssl )
+SLOT=0
+SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.8p1.tar.gz mirror://gentoo/openssh-6.8_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.8p1-r5-hpnssh14v5.tar.xz https://dev.gentoo.org/~vapier/dist/openssh-6.8p1-r5-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.8p1-r5-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.8p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.3.1/openssh-6.8p1+x509-8.3.1.diff.gz mirror://gentoo/openssh-6.8_p1-x509-8.3.1-glue.patch.xz )
+_eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
+_md5_=4f13096f114d2bdb002442336eb33db3

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.9_p1-r1

@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install postinst preinst prepare setup test
+DEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) libedit? ( dev-libs/libedit[static-libs(+)] ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] ) >=sys-libs/zlib-1.2.3[static-libs(+)] ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) ) ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.14.1:1.14 >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
+DESCRIPTION=Port of OpenBSD's free SSH release
+EAPI=4
+HOMEPAGE=http://www.openssh.org/
+IUSE=bindist debug +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=BSD GPL-2
+RDEPEND=!static? ( sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) libedit? ( dev-libs/libedit ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ldns? ( !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
+REQUIRED_USE=pie? ( !static ) ssh1? ( ssl ) static? ( !kerberos !pam ) X509? ( !ldap ssl )
+SLOT=0
+SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.9p1.tar.gz mirror://gentoo/openssh-6.8_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.9p1-hpnssh14v5.tar.xz https://dev.gentoo.org/~polynomial-c/openssh-6.9p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.9p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.8p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.4/openssh-6.9p1+x509-8.4.diff.gz )
+_eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
+_md5_=a64dc5da5b75aadbaf049cea52bc8442

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-6.9_p1-r2

@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install postinst preinst prepare setup test
+DEPEND=!static? ( ldns? ( net-libs/ldns !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit ) sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( ldns? ( net-libs/ldns[static-libs(+)] !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit[static-libs(+)] ) sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] ) >=sys-libs/zlib-1.2.3[static-libs(+)] ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.14.1:1.14 >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
+DESCRIPTION=Port of OpenBSD's free SSH release
+EAPI=4
+HOMEPAGE=http://www.openssh.org/
+IUSE=bindist debug +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509
+KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=BSD GPL-2
+RDEPEND=!static? ( ldns? ( net-libs/ldns !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit ) sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
+REQUIRED_USE=ldns? ( ssl ) pie? ( !static ) ssh1? ( ssl ) static? ( !kerberos !pam ) X509? ( !ldap ssl )
+SLOT=0
+SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-6.9p1.tar.gz mirror://gentoo/openssh-6.8_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-6.9p1-r1-hpnssh14v5.tar.xz https://dev.gentoo.org/~polynomial-c/openssh-6.9p1-r1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-6.9p1-r1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.8p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.4/openssh-6.9p1+x509-8.4.diff.gz )
+_eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
+_md5_=458f165403f6097cfb3a593c85969cbb

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-7.0_p1

@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install postinst preinst prepare setup test
+DEPEND=!static? ( ldns? ( net-libs/ldns !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit ) sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( ldns? ( net-libs/ldns[static-libs(+)] !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit[static-libs(+)] ) sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] ) >=sys-libs/zlib-1.2.3[static-libs(+)] ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.14.1:1.14 >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
+DESCRIPTION=Port of OpenBSD's free SSH release
+EAPI=4
+HOMEPAGE=http://www.openssh.org/
+IUSE=bindist debug +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=BSD GPL-2
+RDEPEND=!static? ( ldns? ( net-libs/ldns !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit ) sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
+REQUIRED_USE=ldns? ( ssl ) pie? ( !static ) ssh1? ( ssl ) static? ( !kerberos !pam ) X509? ( !ldap ssl )
+SLOT=0
+SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-7.0p1.tar.gz mirror://gentoo/openssh-6.8_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-7.0p1-hpnssh14v5.tar.xz https://dev.gentoo.org/~polynomial-c/openssh-7.0p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-7.0p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.8p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.5/openssh-7.0p1+x509-8.5.diff.gz )
+_eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
+_md5_=ea4cc7c7967ebf1a7f0a858c4846d428

sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-misc/openssh-7.1_p1

@@ -0,0 +1,14 @@
+DEFINED_PHASES=configure install postinst preinst prepare setup test
+DEPEND=!static? ( ldns? ( net-libs/ldns !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit ) sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) static? ( ldns? ( net-libs/ldns[static-libs(+)] !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit[static-libs(+)] ) sctp? ( net-misc/lksctp-tools[static-libs(+)] ) selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl[static-libs(+)] ) >=sys-libs/zlib-1.2.3[static-libs(+)] ) virtual/pkgconfig virtual/os-headers sys-devel/autoconf !<sys-devel/gettext-0.18.1.1-r3 || ( >=sys-devel/automake-1.14.1:1.14 >=sys-devel/automake-1.15:1.15 ) >=sys-devel/autoconf-2.69 >=sys-devel/libtool-2.4 virtual/pkgconfig
+DESCRIPTION=Port of OpenBSD's free SSH release
+EAPI=4
+HOMEPAGE=http://www.openssh.org/
+IUSE=bindist debug +hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=BSD GPL-2
+RDEPEND=!static? ( ldns? ( net-libs/ldns !bindist? ( net-libs/ldns[ecdsa,ssl] ) bindist? ( net-libs/ldns[-ecdsa,ssl] ) ) libedit? ( dev-libs/libedit ) sctp? ( net-misc/lksctp-tools ) selinux? ( >=sys-libs/libselinux-1.28 ) skey? ( >=sys-auth/skey-1.1.5-r1 ) ssl? ( >=dev-libs/openssl-0.9.6d:0[bindist=] dev-libs/openssl ) >=sys-libs/zlib-1.2.3 ) pam? ( virtual/pam ) kerberos? ( virtual/krb5 ) ldap? ( net-nds/openldap ) pam? ( >=sys-auth/pambase-20081028 ) userland_GNU? ( virtual/shadow ) X? ( x11-apps/xauth )
+REQUIRED_USE=ldns? ( ssl ) pie? ( !static ) ssh1? ( ssl ) static? ( !kerberos !pam ) X509? ( !ldap ssl )
+SLOT=0
+SRC_URI=mirror://openbsd/OpenSSH/portable/openssh-7.1p1.tar.gz mirror://gentoo/openssh-6.8_p1-sctp.patch.xz hpn? ( mirror://gentoo/openssh-7.0p1-hpnssh14v5.tar.xz https://dev.gentoo.org/~polynomial-c/openssh-7.0p1-hpnssh14v5.tar.xz mirror://sourceforge/hpnssh/openssh-7.0p1-hpnssh14v5.tar.xz ) ldap? ( mirror://gentoo/openssh-lpk-6.8p1-0.3.14.patch.xz ) X509? ( http://roumenpetrov.info/openssh/x509-8.6/openssh-7.1p1+x509-8.6.diff.gz )
+_eclasses_=autotools	a9597abac7226d89ad9d010abeef6cfb	eutils	9fb270e417e0e83d64ca52586c4a79de	flag-o-matic	c9602887773166fe300444712fc7ff98	libtool	52d0e17251d04645ffaa61bfdd858944	multilib	62927b3db3a589b0806255f3a002d5d3	pam	aa1ebb3ab720ea04dbbdd6eaaf9554ed	systemd	090342761f573a8280dd5aa6b0345f3b	toolchain-funcs	42408102d713fbad60ca21349865edb4	user	f54e098dd38ba1c0847a13e685b87747	versionator	cd0bcdb170807e4a1984115e9d53a26f
+_md5_=3f40991bf6b20c924448af41d81ef693

sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog

@@ -1,6 +1,140 @@
 # ChangeLog for net-misc/openssh
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.544 2015/02/27 22:06:53 chutzpah Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.575 2015/08/05 08:21:17 vapier Exp $
+
+  05 Aug 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  Use the rlimit sandbox for x32 ABI until the seccomp one is fixed #553748 by
+  Kyle Sanderson.
+
+  28 Jul 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  List USE=ssl as a requirement for USE=ldns and clean up the ldns deps a bit
+  #555708 by Nicholas Fish.
+
+  23 Jul 2015; Agostino Sarubbo <ago@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  Stable for sparc, wrt bug #553724
+
+  23 Jul 2015; Agostino Sarubbo <ago@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  Stable for ppc, wrt bug #553724
+
+  20 Jul 2015; Tobias Klausmann <klausman@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  Stable on alpha, bug 553724
+
+  20 Jul 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  Mark arm64/ia64/m68k/s390/sh stable #553724.
+
+  19 Jul 2015; Markus Meier <maekke@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  arm stable, bug #554724
+
+  19 Jul 2015; Mikle Kolyada <zlogene@gentoo,org> openssh-6.9_p1-r2.ebuild:
+  x86 stable wrt bug #553724
+
+  19 Jul 2015; Jeroen Roovers <jer@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  Stable for HPPA (bug #553724).
+
+  19 Jul 2015; Jeroen Roovers <jer@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  Stable for PPC64 (bug #553724).
+
+  18 Jul 2015; Mikle Kolyada <zlogene@gentoo.org> openssh-6.9_p1-r2.ebuild:
+  amd64 stable wrt bug #553724
+
+*openssh-6.9_p1-r2 (08 Jul 2015)
+
+  08 Jul 2015; Mike Frysinger <vapier@gentoo.org> +openssh-6.9_p1-r2.ebuild:
+  Update hpn patchset and drop the server logging patch from it.
+
+*openssh-6.9_p1-r1 (01 Jul 2015)
+
+  01 Jul 2015; Patrick McLean <chutzpah@gentoo.org>
+  +files/openssh-6.9_p1-x509-warnings.patch, +openssh-6.9_p1-r1.ebuild,
+  -openssh-6.9_p1.ebuild:
+  Revision bump, add the updated X509 patch, drop 5.9_p1-r0 ebuild.
+
+*openssh-6.9_p1 (01 Jul 2015)
+
+  01 Jul 2015; Lars Wendler <polynomial-c@gentoo.org>
+  -openssh-6.7_p1-r3.ebuild, -openssh-6.8_p1.ebuild, -openssh-6.8_p1-r1.ebuild,
+  -openssh-6.8_p1-r2.ebuild, -openssh-6.8_p1-r3.ebuild,
+  -openssh-6.8_p1-r4.ebuild, +openssh-6.9_p1.ebuild:
+  Security bump (bug #553724). Removed old.
+
+  04 May 2015; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6.4:
+  Clean up depend scan logic a bit.
+
+*openssh-6.8_p1-r5 (28 Apr 2015)
+
+  28 Apr 2015; Mike Frysinger <vapier@gentoo.org>
+  +files/openssh-6.8_p1-teraterm-hpn-glue.patch,
+  +files/openssh-6.8_p1-teraterm.patch, +openssh-6.8_p1-r5.ebuild:
+  Add fix from upstream for old TeraTerm clients #547944 by William Hubbs. Pull
+  in some upstream hpn updates.
+
+  13 Apr 2015; Mike Frysinger <vapier@gentoo.org> files/sshd.rc6.4:
+  Use SSHD_CONFIG everywhere #546008 by Alexander Sulfrian.
+
+*openssh-6.8_p1-r4 (06 Apr 2015)
+
+  06 Apr 2015; Patrick McLean <chutzpah@gentoo.org> +openssh-6.8_p1-r4.ebuild:
+  Revision bump, bump the X509 patch to version 8.3.1.
+
+*openssh-6.8_p1-r3 (25 Mar 2015)
+
+  25 Mar 2015; Mike Frysinger <vapier@gentoo.org> +openssh-6.8_p1-r3.ebuild:
+  Fix the server logging patch to work on IPv6 & x86 (socketcall) #544254 by
+  Thomas D..
+
+  25 Mar 2015; Mike Frysinger <vapier@gentoo.org>
+  files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch:
+  Update to the version merged upstream that also fixes USE=-ssl behavior.
+
+  24 Mar 2015; Patrick Lauer <patrick@gentoo.org> openssh-6.8_p1-r1.ebuild,
+  openssh-6.8_p1-r2.ebuild:
+  Undo changes and use package.use.mask instead
+
+  24 Mar 2015; Patrick Lauer <patrick@gentoo.org> openssh-6.8_p1-r1.ebuild,
+  openssh-6.8_p1-r2.ebuild:
+  Disable hpn in 6.8 #544254
+
+  23 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.8_p1-r2.ebuild:
+  Fix building on systems w/out getpeername syscall #544196 by Patrick Lauer.
+
+*openssh-6.8_p1-r2 (22 Mar 2015)
+
+  22 Mar 2015; Mike Frysinger <vapier@gentoo.org>
+  +files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch, +openssh-6.8_p1-r2.ebuild:
+  Fix ssh-keygen -A behavior when USE=-ssh1 #544078 by Thomas D.  Update hpn
+  patchset to pass tests and work under seccomp sandbox.
+
+  22 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.8_p1-r1.ebuild:
+  Also note hosts.allow in the error message #531156#20 by Arfrever Frehtes
+  Taifersar Arahesis.
+
+  20 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.8_p1-r1.ebuild:
+  Also check /etc/hosts.allow for tcp-wrappers #531156#18 by Martin Mokrejš.
+
+  19 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.8_p1-r1.ebuild:
+  Refresh ldap patch #543822 by Anton Gubarkov. Move configure options to an
+  array so we can put inline comments; restore the X509/openssl configure check
+  as pointed out by Patrick.
+
+  19 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.8_p1-r1.ebuild:
+  Fix hpn usage of openssl checks #543736 by Andrei Slavoiu.
+
+  19 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.8_p1-r1.ebuild:
+  Move more conflicting USE flag checks to REQUIRED_USE.
+
+*openssh-6.8_p1-r1 (19 Mar 2015)
+
+  19 Mar 2015; Patrick McLean <chutzpah@gentoo.org>
+  +files/openssh-6.8_p1-sctp-x509-glue.patch, +openssh-6.8_p1-r1.ebuild:
+  Revision bump, re-enable X509 USE flag.
+
+*openssh-6.8_p1 (18 Mar 2015)
+
+  18 Mar 2015; Mike Frysinger <vapier@gentoo.org>
+  +files/openssh-6.8_p1-sshd-gssapi-multihomed.patch,
+  +files/openssh-6.8_p1-ssl-engine-configure.patch, +openssh-6.8_p1.ebuild,
+  metadata.xml:
+  Version bump #543694 by Jason A. Donenfeld.
 
 *openssh-6.7_p1-r4 (27 Feb 2015)
 

sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest

@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
 AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
 AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
 AUX openssh-6.6.1_p1-x509-glue.patch 635 SHA256 381794bdfc4880da4411041ab1f795cba303644b0a35e88f0f452fca8c2bfbb8 SHA512 6d3adefc5449f812052221b69c588f9948e6116dd5c5644db4e0426264f06fd9a15f04364c2484ce03267f4a84b8806de7d7a7c9140538d73be9e7b50f4eeb47 WHIRLPOOL 823249e96f7175eef09f86dbcc67f6158c23f453eaa940a33c18a838389204cd3a43f5dccd39b6004e05cb05ea327d33be91c2ee1eb4525f13dc29e6943ea6b6
@@ -10,9 +7,18 @@ AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f1
 AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967
 AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31
 AUX openssh-6.7_p1-xmalloc-include.patch 390 SHA256 ea43a6a211d8cae4a078b748736f43d4a9d11804ace65886dec826b878dec28e SHA512 b51d9149418217828bdc53c234e248f8be1703b480ccf808814d37cd2589bccdbecff0046d2f2d0e4626420d0d4c2e02d25a9cc07ae31b365cd0b848ccc02035 WHIRLPOOL 04b298eb481fef585b055eb3d706cca55ad6efed6168246f0031e5f614085ae5e70cbb77717047d6c70d7d13a6846657e4a0089d4b8cdf5d9d05652ee22f7209
+AUX openssh-6.8_p1-sctp-x509-glue.patch 2937 SHA256 fe79e3e828f8599e7bad787c6e35bce5f6781a0875c56b250f0d7fde83e2f841 SHA512 776a4eab916ff64d255fb19dca26f0cb1cebb0a5d0c2dbcb40ecbf97b122fb20123532897fb962b27fae375c059ef0dc00c771bf47b67bd092a5ebb3f2252216 WHIRLPOOL c8126624b4be260f8fe40a4a9d7142b6f77ee15504e2d280c6429360ebbf53103974746d5746fe4b27edec6246f01afa1d921d1b5a2d46ae808e4bb41afbb181
+AUX openssh-6.8_p1-ssh-keygen-no-ssh1.patch 1209 SHA256 2ef08a14aab7d5c761670321ed6c66fb8e66c467625ce22448b2d1c020686b66 SHA512 1fae1c0b36b5e792861e83868d55de9e3df85270fda4aaf465c83e2deaf47045429f94c84d1abd270be4fc7519a42e3676839edda588322273e6ebd3ff37a570 WHIRLPOOL 93619f61208f86cc3857a5d2283343645614d7285b56f4585e073405e16c396272cb590e96225f09046de8fe918de5e1a81504385dda2ca3a0d467d0fdfde76f
+AUX openssh-6.8_p1-sshd-gssapi-multihomed.patch 5464 SHA256 5f3506f0d45c22de85cf170c7dfeff134a144ec94f9fc1c57c5b3b797ee82756 SHA512 7bfbf720af2728abb55f73b67609967f34da27fea9a9dd6e0293e486a03d7d1167f506623771792d782707bfe58b46c69675bb3c5ad83332b7a50ee748176fbc WHIRLPOOL 81432c4ba7e34d216d73f63945f3c8d52d9113c07fb1f7c3dd5b39ac96223d38d2321a6d6de21b58b29767576c2a779a5703fa2e5727cd3fe4981581e822155d
+AUX openssh-6.8_p1-ssl-engine-configure.patch 936 SHA256 cb3f34ef031aa5360b082468b4afb8b7fd2c778c990c2f20fda250167725ff88 SHA512 4b7840f719ad58c1f196327a52534f0a21264ce47e8df4a335e9f58d9d5eae33dbb9a75a2a714c3bdae6bee04728e66020ed57eb521fc1164521c4c5aa4a9a93 WHIRLPOOL 662d6eedb091021d5da4cdbd6d623e3678e54fb75cb52d8afdc4ef9c31f98d95f8445c2fde834d622b0aabf8b9593244847da574201ed176c350747526a28fe5
+AUX openssh-6.8_p1-teraterm-hpn-glue.patch 536 SHA256 846aa1a470e27767103c8c390a3ed9087aeaffc1d2bf8d4f5779af6274dfbbc9 SHA512 26ebfa3e0c39ed62fc9eb81a95e47d2543714f731f0b983d8d79ff2b0c19ab1b0bf8f7ba13f360ec633bd1ee219da9a6b2a0027c72766188beb3a380fd6c3224 WHIRLPOOL 34ac035a9c059d72e94ff3efab763c8a50749b9497c644c7b4685e22295d0c517daaf4bfaace73deeb2d003bea1e53fd84c94bd67c3b89d1c1f085ef845bf486
+AUX openssh-6.8_p1-teraterm.patch 1814 SHA256 e73e938524f15c4dc3368e7ba6b7d74ee2e83a7f0e97ed5460787d7caad04be1 SHA512 f39134d2257d86c5bf128754f8c1024057b9b1882984d5d70b86d2676d761b4a16681e76ae3f47f3abd23a07a75b6ebde6652431d9a86d5c3b9745c36577b8dc WHIRLPOOL c7d4dc5f2843fb6bc462d733a841b52599a9d49b344dc0a6fa71348624060736c02489130ae16692c5e1619200c954278df73a3f1020a77fe8712f99b329faaa
+AUX openssh-6.9_p1-x509-warnings.patch 904 SHA256 6a52292b024704c7793188a0fc066336ec5cc7c8297071b2993618a332292c00 SHA512 11ea56ce2a7b87d046d1458e30947dd7f09c8959197e7fbadb57aec46fbd6a0694a2bd05b69978b1f719da2560f19e14d9ea10f6eca6f5b211f335505edd8c2b WHIRLPOOL 22dc4e2144534e180075e90ffe240a07bbd915b27a150e07f0d75889ad7a9103f8d1e5d477320df2b0f40e18d8c33fd99ad3cde7695557b69014318f219dc8dd
+AUX openssh-7.0_p1-sctp-x509-glue.patch 2655 SHA256 f01218be5cc344797d6a1db034e6916b0383ea7188d0341ec1e4a3281c5917a6 SHA512 b53aaca05e671be9d8456e7d1aea3ed32afd333922f39c58aa3f9c2539a2d40bdf02ec23c438602e9a590702bcdf96901fb09dfaad93f4ab3fc735d7d189752d WHIRLPOOL 1d6a1947accb77fbd5b578d9e57a51f6ffc9d0d30c806beabea9b2a672ce1af17a283422fb58c835edd8370a5dbe4500ef515ec59af8a3948af5fc15a58a6da0
+AUX openssh-7.1_p1-hpn-x509-glue.patch 535 SHA256 28fabcb503632c57f4f4dfdbdd3e5f2eea97a1f1f216e19125d382820db484b5 SHA512 7f81586e8f755a2451bee962da6a76285fa1609cf761e1ed335e14b07dc28dd0dd9741654a26039d1029e34a45950cdf869132a137461118d9fd1ca142675010 WHIRLPOOL 4e55dd712f7e24f03d7a72017e7238c7bbda53aa54e4068a37a7dadc0f73f4777f9a8c58fefe4d671755ab24c747108dc57af6a08918f70e3425abe7faadc96a
 AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
 AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
-AUX sshd.rc6.4 2313 SHA256 97221a017d8ee9de996277c5a794d973a0b5e8180c29c97b3652bd1984a7b5d0 SHA512 88826bc9923299ac4c1502e7076483d6c197fd5a0e693bc2e1690f82bcd7d1bbd144aae2ffd92acb28d6fe912233aa93346e00c72917de65c22811ce9cd5bff7 WHIRLPOOL a77bad5891eb74770ae12e79131a99e5645a83841d14f1d60e39581a23b9d86e66b2e5fb7d0c989afac410eb5c6a627b83389d54085d1b78c89fc07852f8eb66
+AUX sshd.rc6.4 2114 SHA256 b577e0ac07558205e2229b32bf52ab52d050acda3748708d9a36dc4365a3a725 SHA512 8bde7a1acf3a743982f0d1c951319adf9a401839a17c0bc55e5541940440187e08d46e0def650bcc758669841bcabb9d80afe81f37efee39bb451f131a58f0eb WHIRLPOOL fa4372c2673762bb5f2a9a67e0fea130b45ba7b76244c972fd14845b3689d9f841ffcd5ca21dcbaa58d547eea385936e65ef4a48279c95bc795c6b4cc90b2ddb
 AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
 AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
 AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
@@ -20,26 +26,28 @@ DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b
 DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8
 DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681
 DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518
+DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
+DIST openssh-6.8_p1-x509-8.3.1-glue.patch.xz 141096 SHA256 1e8c911b1403e47a37c24d0ebbfa36d46204c06b38d93ed9ae6d2a0953d3bba6 SHA512 942f09f20d898b4865707b5b48012545d7f8171353427ddb773cffaf1b8c664f48375cb85292592ccba63da695e99def42d17c52a61bb93b89827f53cf3ad918 WHIRLPOOL 66ace7a191a562485ee144516912dee52c84fcfbe8b710b3429211cd9d849dc24d4419c5fa6fd3968f9ab250cf474a692db326c2ac3ef930081b8a5777875a73
+DIST openssh-6.8p1+x509-8.3.1.diff.gz 351502 SHA256 64d0b7cd428352a2d77d9decb02ec744eca4433bcb35288745859eb19ccf4fcf SHA512 6525b7ddae13752f145bda42fe6d65ec40a8c9d44766b749cf49ff904d6b1941e088e560c2a532a3dc0003ac1e29d56a28ea3ed1533ee5abcd696cd80ae88d8e WHIRLPOOL 32f45411d250b7c46f2408bfca6b12223e901fa15c27db449c06cd5b1ab7a0e853fffed5971ca635c5080d1796196a8661b8d1503bdcdb28d61e0d082f28590b
+DIST openssh-6.8p1-r5-hpnssh14v5.tar.xz 27240 SHA256 4fe25701ea8717e88bf2355a76fb5370819f927af99efba3e4f06fe3264fbf58 SHA512 29a2086c6bf868bb1c8d2601e1ac83a82de48ed9f9cf6a3762b3f899112d939507b563d0117b4bec87008dd0434e0735e4a4f8c779a64d719d3873224918d16c WHIRLPOOL a4f3e841530d08363c94dfb55911e79f130668e459dc2e1ebb477c14dcf7d3bd71ad63c55e0ff2ba80684e67a8f40867b0a9fd01aabe3fe1533ef604f84a76b3
+DIST openssh-6.8p1.tar.gz 1475953 SHA256 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e SHA512 7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede WHIRLPOOL 3ac9cc4fe0b11ca66c0220618d0ef0c5925e5605d4d3d55c9579b708c478cf8613b7575fe213aba57054d97d3290baac4eba26b7a630d22477ec947f22327a5a
+DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256 0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512 596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c WHIRLPOOL 771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2
+DIST openssh-6.9p1-hpnssh14v5.tar.xz 25164 SHA256 67c0b043525c838522d17ba8ed3ffa81aa212ae0f43c3d989a3e649fd0a2ca48 SHA512 bef32f6dd97e949e0973d30248401b86233ca66ace750c5050158a748fe279db46c8ee59b6f3de2193f52bab3a1c19372296b86136d7d65a312769008d0acf3a WHIRLPOOL 65241de2409bfe452b0bcf6282f0571a2bbf6d02d4d5cb97db78bd42e8be439c47da8a54d33272a85d50d648e2e4af56b574bc8add56c65e2ff9ccd59b90f65c
+DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256 84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512 476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada WHIRLPOOL 74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7
+DIST openssh-6.9p1.tar.gz 1487617 SHA256 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512 68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d WHIRLPOOL 1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f
+DIST openssh-7.0p1+x509-8.5.diff.gz 411960 SHA256 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SHA512 1241419ea32a21b0ef15fb3845344c9b1126ecee94265b074e60af794eacdb39a98983040a61b9f169e0a6d5a0a248e1bbf9d9b3e56df50cb382441a26dddafd WHIRLPOOL 117e8c9bb05ded7fdf261e9aca709540e0a3817bc5b3e70472e8c802063e37ee24feae4c1b3a909177ab163e53c2d614b4f0fc75aad1ca44c0e0584eeff55a81
+DIST openssh-7.0p1-hpnssh14v5.tar.xz 21428 SHA256 6032c4547c9f83a6f648ac7c39cdad2bd6fd725e5f3ab2411c5b30298aae1451 SHA512 d4cf4a628c11515bfe8c3a91b4b7039fca28c2f89ad1dde062c4cb433b984b10dec2d37b1f338f18aa7813e60d8608b65ca95b930edc33086710b82780875942 WHIRLPOOL 7b686f243c98017453b3da3e98b7524650b4a0a75fda6add80c7c233d468194d1d1333ffa4445c20856d807548aaa356c87a03ca87d8995a4b7ba350c7714d1e
+DIST openssh-7.0p1.tar.gz 1493376 SHA256 fd5932493a19f4c81153d812ee4e042b49bbd3b759ab3d9344abecc2bc1485e5 SHA512 d82aa8e85630c3e2102e69da477185e0d30d84211d7d4ee0a1d9822bd234d649fe369bf91ce3d2b5ef0caee687d383cb761b682d3bf24bccbd2ce9a1fe9d9f50 WHIRLPOOL bb8007450ffee580df5a73e3d6ab9b54b7151c46c3b996516e5cb776034be21cbef1281a520279655137e218a757d8092cba3f66e216c6b4c6828876540cb5df
+DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc WHIRLPOOL 4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981
+DIST openssh-7.1p1.tar.gz 1493170 SHA256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 WHIRLPOOL a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05
 DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73
-EBUILD openssh-6.7_p1-r3.ebuild 10078 SHA256 1a58e95c28b5b938f2f15b3fec5688dc9509bb038805b0348b11ac31ed3c57e0 SHA512 add8eaebb3c91983a7bac78011700c110917dea6409bf46e784d7e17b1891facb3baacaa0bda71eb2c9b6017fbf1a21b5846434fba8d588724da871e7824f498 WHIRLPOOL 47e04a0644a592e29aaa9ac00b03a377e81cdb1d886119c21a77a0a351c0cea34018a24406449faa814c2f06e1c03b43ac16a78983bb4a9f57c36834ad7babcb
-EBUILD openssh-6.7_p1-r4.ebuild 10138 SHA256 e4f6c4e80485352cc75e62c0212670a0d7f4a19bcf1eed9972bbeaff8b7a2743 SHA512 fdcd7759a85412bdf05be5003d20289a862f13f945e1972e56a36602df426641ef3497399e06ff0da9a51cf2bd54831b6208ac399d42d3ce3e3b1493ffa7655c WHIRLPOOL ae24dbcc182627c356961f4ce290cb1b489e29fa13beaf27212bd4847a36f02af53a8508320cf2a76be88741297ac7533faf53c1d3b15d70299cff536ae8502f
-EBUILD openssh-6.7_p1.ebuild 10067 SHA256 970be3a06c0293262f6c59d068d290cc71935fe91f4295b1352b6c41c46c3bf7 SHA512 f2b689767c8da075f16e9e5d9fe258e22fb4019034539883d63632c1543d3141787883ec7013f87c23d709a554b4f994c4c2f41b1829e5301b55f7a5da3fbf46 WHIRLPOOL 8d70fd99a1f3307b801999a9c80be4bcc603cbc151170160d78a2fa8a50ceb701657cbb0b0eb9ccfe1287bff9299dcffb36f884b860a5ca88ac4a9936b21a574
-MISC ChangeLog 90520 SHA256 7c454f72794840d7da66364b62442136c3e91daf02055252c4f92b7cd9199c47 SHA512 572532d5c72adeff37a120419dc58e8d56252dafbc5f1bd8cdb8bf0547b81ddc2878a0b1944d9ff6d51fbabbee61f22c0283b38e09a60293c6ea7303cd4f94c2 WHIRLPOOL bc29ceca24b297a1f3cb2739bd0806564f792d1d58c2c781cbec437a75436b775ac2baf8985404a47fdf3129c9157ee35de18e7d8a50de5c66561df58d50e56b
-MISC metadata.xml 1912 SHA256 7b838285f09ad395f237a0d0b9963eee86d0e85b58e6e5b4d5edb093fa888a0a SHA512 e55c10ffd12488720c3da19e55942cfedec63fe767fc1608439b5a3932eeb5488086ad7ef4e1f858c89381e737426f035845ea5e8bede4ed8a0ccabdc656d9b5 WHIRLPOOL 5c07b3dd4a4002cff5df62133ecf570bf79f58e9477d0ad25d60f185ee029183d11118147e3adfec373542659d921e99e787054cfe9284031c974d694de6e9ed
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQIcBAEBCAAGBQJU8OqIAAoJEHy/RO9cNQiDxxsQAKcwgw0LRAp0fN2tCyitm0sW
-EQJfzjXV8bzPW1PRIVsru3SR5gkTaeig139jPDswmcxm3EDj+AEvQZW8UU9YnF4P
-o/RXaGkuwquOpvDEoJ4cE1qjIYzUIIsCiaMdBshweD/Gkur+gUOYI892kHuJXPUs
-+nTpCMyhcj7mW8Ueu65xvYXxndoJq3z5ULGivex1HEGz2lPLA1TAhIaPoxIjx/dj
-9IVLqw8pZiHYY3pgqqdA880xqIXWNmPPGPFFitt3jUrCR6kisiBLdGF1edIH5+4V
-3aogwWyvdoziiRN9iPtOetZT/q0KRewHUdYyEeKndtXNzb0naINOcR3IjX1RMg0V
-3Qcda+RwOnvG2NfsvkcYK59Ar8thQag3+xLEhTHV7K1Sgl7ndXmRA0e/Obj7TH5M
-0Ql7L/kLkNakpZ8GNv0ZjqX2dAsjdUe0eVYKn/I+2PxIR+aw7Hjz1dtfZnXKKQM1
-LMoVvQHJz4qR7fFu67edz3PybtOS+4BRy1Lw88I3eg1ql9hhsqQtneD2xXp8us03
-SbuKR3GLnW1o6Ax5VDMkkW0oY2VB9FQQ3pJybkFUzjejo8hn5PG6OiM6aP15iI/Z
-0GG7VGKasywc52HEj0hq3FI/sgJDmrqk0vPBfxdsdp5e0z8uMZCBhLV5I0MVBTbK
-Jdi46gtdvo7eCnXY8+Fk
-=nfVc
------END PGP SIGNATURE-----
+DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
+EBUILD openssh-6.7_p1-r4.ebuild 10028 SHA256 e48fedce516cf436d79232c97fe800d2c901756cfb42756bf2f6a6558de27fb0 SHA512 0ffa9599865398933aa5ca1ce2470bd6ba1a50caf37e3fd45756dfc5ea545cb1c389678268b864a53e5a3b572f4eea35085e0041df46cf629bc865fc654a47b9 WHIRLPOOL 0620b0e835d82ac61acdbec6c335855bb12546cde154ef829709745ee264958b6de3f6ee014986a782eaaea663711ae8cc3e9a5450d5875d914f79074b9fd6ba
+EBUILD openssh-6.7_p1.ebuild 9961 SHA256 9cd3e67a08864011a4fab1c799269eed94c016e92f189f25ab72f33fd89d699c SHA512 7c6696ab04e2ce9092d9e901a3190da714b767cbe273f35e02bac84fc8191a054b13a4ad9c6903d291344380ad53743028310f9a29c601af0f601063f229a1c5 WHIRLPOOL 217d14ea9194207de7d0e6cdb059cb6538bb4840b7d08a633e0933ae87b369704f76d7cd0ecfa19738bd46527090043d310ef6f4dd69c3c1794c755bb1f8c25f
+EBUILD openssh-6.8_p1-r5.ebuild 10469 SHA256 41a1abdfad988940ee048afaf4ab0b7ee1776394c7d47b99994816ad90db9475 SHA512 702cfa88170d5849789e932d64bee6513fce2b12431470eeb277f02403413fa5c5b1a55e2375f2faa42d25576565f5e805d1e66b4738b1bb6d434257428e930f WHIRLPOOL f5bd439eb59f80e84320e1b3d64ff04a4e25b2091469d1d6576d6a51096795bd47ce3d88e9bf6de0ce3054900dca4a450cf15d91ba88251912d04c7e8d9824e2
+EBUILD openssh-6.9_p1-r1.ebuild 10115 SHA256 213ae3b7b040763d8cb82c1ca36225bf25fca43917a95a1b942ac4fa16566b1b SHA512 44ac5e2d1f2ecadc0763df689334f2e004ee6f7042846b61f3c39723473adf15f1e402d6ecd06bbff76e78308d4bcb00148d7e3a0784986cfc5166a49f2904a1 WHIRLPOOL 564b45f359563a33980d9c70d9a52a9889e78c936f75ec1529cc63ee44b377bebf593c9d2671a13e5af6c7d1d4d4706bac02f7d292fb9edba551bf4d49b32df4
+EBUILD openssh-6.9_p1-r2.ebuild 9830 SHA256 91e4e2f1e2501410c949b6fd8fce24c93f548852cf830245c26eccb8b6fd841b SHA512 8212604b49409fa29727832004328c0c6b733a7ac8fc57259f8d6065b25391e549c02bbe139a58173485b9abc477f9457122ab4074f45781335d79989e44842f WHIRLPOOL ac45dcecb43a42f1744e0d17ada1e777225b2ab6f083fbfdd0e90fdd6bac5f65734da0bfb83bf61b2bd80d8d8ecebeb5530115304c6f9a177a7c8dc9327c19bd
+EBUILD openssh-7.0_p1.ebuild 10543 SHA256 7e0827ec1e3164dc2fe7578db675e9d03532dba950cfe40393a6da246ab53bca SHA512 d317203d5f40c964feca2f8fab7ad93332421594b1d70894c95966d7262bc6d838d8e0b13b268e6938e593d29dcbdda14300a5b3b446f8a4f94dfe3beeed045d WHIRLPOOL 80b96331739c4273b0c4f2e23f2ea7be612c2a55f7a712b9dbd12b885b2d437d669aa8a011fb60d8dc4ec30369ff5a97e38122f7140e2df10f6fb152f1c06c11
+EBUILD openssh-7.1_p1.ebuild 10535 SHA256 0bec0fd400356ddcd18312c4655e9222bd551200072475efed7f4f9ac3d32334 SHA512 4116aa7a9713ae9a7fb386c33115e098fe5879b384a3e8380aa566a456a6e3b1e6846b8d78e8efc99f6ea43fb7e8e16afca16c915a2e0459812d382e098627d5 WHIRLPOOL f2d6b8139958c65fe2fe806e23faff80eb3792c4100490f77b18ac1ad7496fd248ac219c9f7093f392db86f7d40b3a8a48daa185a38b6d1ba70db559800cae68
+MISC ChangeLog 95783 SHA256 53b51ee42a1faf42d80733382986e4fd606366b7bb6350c76f44df851e071890 SHA512 95a4f4243cb8cd8901208adc3632e191ab27a5ea2ce947e832264833262d8bd1e74a7e4f3545d6f2da8d2b473a59cfc7014aa88d5b0ea30e348c4f5d9323c8e5 WHIRLPOOL 5b56a38ddcf0308b681fc1c1fe8107c37ea1385e30ebc435d22f73c38947f9afdbb37ffb1c22bc48c83117cb91b946831cd83bab2807c248292fd2822002f828
+MISC metadata.xml 2129 SHA256 f786d2849baa9c48bf58e1e5d71dec826998961dc96ae13937c2853900b4a289 SHA512 a8ce6d4781f98279cc7666a36f0e80229358d61a2ef9f7486d26233b523780963d43b2cca332301901a22a15ac2e79d2abce399028b47c95d65bccc49f609376 WHIRLPOOL c59d747bc802dd8e3c3bcc3d0e7168c1ad00ba48f74226e5da5dd1a1ea769882861c0bcd9bcb117fc92d8fca746f7d69a39b77a4dfcb5c0279f672bba2cb3eec

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch

@@ -0,0 +1,90 @@
+--- openssh-6.8_p1-sctp.patch.orig	2015-03-18 17:52:40.563506822 -0700
++++ openssh-6.8_p1-sctp.patch	2015-03-18 18:14:30.919753194 -0700
+@@ -184,34 +184,6 @@
+  	int     port;		/* Port to connect. */
+  	int     address_family;
+  	int     connection_attempts;	/* Max attempts (seconds) before
+---- a/scp.1
+-+++ b/scp.1
+-@@ -19,7 +19,7 @@
+- .Sh SYNOPSIS
+- .Nm scp
+- .Bk -words
+--.Op Fl 12346BCpqrv
+-+.Op Fl 12346BCpqrvz
+- .Op Fl c Ar cipher
+- .Op Fl F Ar ssh_config
+- .Op Fl i Ar identity_file
+-@@ -178,6 +178,7 @@ For full details of the options listed b
+- .It ServerAliveCountMax
+- .It StrictHostKeyChecking
+- .It TCPKeepAlive
+-+.It Transport
+- .It UpdateHostKeys
+- .It UsePrivilegedPort
+- .It User
+-@@ -218,6 +219,8 @@ and
+- to print debugging messages about their progress.
+- This is helpful in
+- debugging connection, authentication, and configuration problems.
+-+.It Fl z
+-+Use the SCTP protocol for connection instead of TCP which is the default.
+- .El
+- .Sh EXIT STATUS
+- .Ex -std scp
+ --- a/scp.c
+ +++ b/scp.c
+ @@ -395,7 +395,11 @@ main(int argc, char **argv)
+@@ -471,34 +443,6 @@
+  	int	protocol;	/* Supported protocol versions. */
+  	struct ForwardOptions fwd_opts;	/* forwarding options */
+  	SyslogFacility log_facility;	/* Facility for system logging. */
+---- a/ssh.1
+-+++ b/ssh.1
+-@@ -43,7 +43,7 @@
+- .Sh SYNOPSIS
+- .Nm ssh
+- .Bk -words
+--.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
+-+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
+- .Op Fl b Ar bind_address
+- .Op Fl c Ar cipher_spec
+- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
+-@@ -473,6 +473,7 @@ For full details of the options listed b
+- .It StreamLocalBindUnlink
+- .It StrictHostKeyChecking
+- .It TCPKeepAlive
+-+.It Transport
+- .It Tunnel
+- .It TunnelDevice
+- .It UsePrivilegedPort
+-@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
+- controls.
+- .It Fl y
+- Send log information using the
+-+.It Fl z
+-+Use the SCTP protocol for connection instead of TCP which is the default.
+- .Xr syslog 3
+- system module.
+- By default this information is sent to stderr.
+ --- a/ssh.c
+ +++ b/ssh.c
+ @@ -194,12 +194,17 @@ extern int muxserver_sock;
+@@ -520,13 +464,11 @@
+  "           [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
+  "           [-F configfile] [-I pkcs11] [-i identity_file]\n"
+  "           [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
+-@@ -506,7 +512,7 @@ main(int ac, char **av)
+- 	argv0 = av[0];
++@@ -506,4 +512,4 @@ main(int ac, char **av)
+  
+-  again:
+--	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+-+	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
+- 	    "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
++-	while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
+++	while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
++ 	    "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+  		switch (opt) {
+  		case '1':
+ @@ -732,6 +738,11 @@ main(int ac, char **av)

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch

@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/544078
+https://bugzilla.mindrot.org/show_bug.cgi?id=2369
+
+From 117c961c8d1f0537973df5a6a937389b4b7b61b4 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 23 Mar 2015 06:06:38 +0000
+Subject: [PATCH] upstream commit
+
+for ssh-keygen -A, don't try (and fail) to generate ssh
+ v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
+ without OpenSSL based on patch by Mike Frysinger; bz#2369
+---
+ ssh-keygen.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index a3c2362..96dd8b4 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -948,12 +948,16 @@ do_gen_all_hostkeys(struct passwd *pw)
+ 		char *key_type_display;
+ 		char *path;
+ 	} key_types[] = {
++#ifdef WITH_OPENSSL
++#ifdef WITH_SSH1
+ 		{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
++#endif /* WITH_SSH1 */
+ 		{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
+ 		{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
+ #ifdef OPENSSL_HAS_ECC
+ 		{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
+-#endif
++#endif /* OPENSSL_HAS_ECC */
++#endif /* WITH_OPENSSL */
+ 		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
+ 		{ NULL, NULL, NULL }
+ 	};
+-- 
+2.3.3
+

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch

@@ -0,0 +1,162 @@
+https://bugs.gentoo.org/378361
+https://bugzilla.mindrot.org/show_bug.cgi?id=928
+
+--- a/gss-serv.c
++++ b/gss-serv.c
+@@ -41,9 +41,12 @@
+ #include "channels.h"
+ #include "session.h"
+ #include "misc.h"
++#include "servconf.h"
+ 
+ #include "ssh-gss.h"
+ 
++extern ServerOptions options;
++
+ static ssh_gssapi_client gssapi_client =
+     { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
+     GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
+@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
+ 	char lname[NI_MAXHOST];
+ 	gss_OID_set oidset;
+ 
+-	gss_create_empty_oid_set(&status, &oidset);
+-	gss_add_oid_set_member(&status, ctx->oid, &oidset);
+-
+-	if (gethostname(lname, sizeof(lname))) {
+-		gss_release_oid_set(&status, &oidset);
+-		return (-1);
+-	}
++	if (options.gss_strict_acceptor) {
++		gss_create_empty_oid_set(&status, &oidset);
++		gss_add_oid_set_member(&status, ctx->oid, &oidset);
++
++		if (gethostname(lname, MAXHOSTNAMELEN)) {
++			gss_release_oid_set(&status, &oidset);
++			return (-1);
++		}
++
++		if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
++			gss_release_oid_set(&status, &oidset);
++			return (ctx->major);
++		}
++
++		if ((ctx->major = gss_acquire_cred(&ctx->minor,
++		    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
++		    NULL, NULL)))
++			ssh_gssapi_error(ctx);
+ 
+-	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+ 		gss_release_oid_set(&status, &oidset);
+ 		return (ctx->major);
++	} else {
++		ctx->name = GSS_C_NO_NAME;
++		ctx->creds = GSS_C_NO_CREDENTIAL;
+ 	}
+-
+-	if ((ctx->major = gss_acquire_cred(&ctx->minor,
+-	    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
+-		ssh_gssapi_error(ctx);
+-
+-	gss_release_oid_set(&status, &oidset);
+-	return (ctx->major);
++	return GSS_S_COMPLETE;
+ }
+ 
+ /* Privileged */
+--- a/servconf.c
++++ b/servconf.c
+@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions 
+ 	options->kerberos_get_afs_token = -1;
+ 	options->gss_authentication=-1;
+ 	options->gss_cleanup_creds = -1;
++	options->gss_strict_acceptor = -1;
+ 	options->password_authentication = -1;
+ 	options->kbd_interactive_authentication = -1;
+ 	options->challenge_response_authentication = -1;
+@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
+ 		options->gss_authentication = 0;
+ 	if (options->gss_cleanup_creds == -1)
+ 		options->gss_cleanup_creds = 1;
++	if (options->gss_strict_acceptor == -1)
++		options->gss_strict_acceptor = 0;
+ 	if (options->password_authentication == -1)
+ 		options->password_authentication = 1;
+ 	if (options->kbd_interactive_authentication == -1)
+@@ -277,7 +280,8 @@ typedef enum {
+ 	sBanner, sUseDNS, sHostbasedAuthentication,
+ 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
+ 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
+-	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
++	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
++	sAcceptEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ 	sUsePrivilegeSeparation, sAllowAgentForwarding,
+ 	sHostCertificate,
+@@ -327,9 +331,11 @@ static struct {
+ #ifdef GSSAPI
+ 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+ 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
++	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+ #else
+ 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
+ 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
++	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ #endif
+ 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
+ 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
+@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
+ 
+ 	case sGssCleanupCreds:
+ 		intptr = &options->gss_cleanup_creds;
++		goto parse_flag;
++
++	case sGssStrictAcceptor:
++		intptr = &options->gss_strict_acceptor;
+ 		goto parse_flag;
+ 
+ 	case sPasswordAuthentication:
+--- a/servconf.h
++++ b/servconf.h
+@@ -92,6 +92,7 @@ typedef struct {
+ 						 * authenticated with Kerberos. */
+ 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
+ 	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
++	int     gss_strict_acceptor;	/* If true, restrict the GSSAPI acceptor name */
+ 	int     password_authentication;	/* If true, permit password
+ 						 * authentication. */
+ 	int     kbd_interactive_authentication;	/* If true, permit */
+--- a/sshd_config
++++ b/sshd_config
+@@ -69,6 +69,7 @@
+ # GSSAPI options
+ #GSSAPIAuthentication no
+ #GSSAPICleanupCredentials yes
++#GSSAPIStrictAcceptorCheck yes
+ 
+ # Set this to 'yes' to enable PAM authentication, account processing,
+ # and session processing. If this is enabled, PAM authentication will
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -386,6 +386,21 @@ on logout.
+ The default is
+ .Dq yes .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIStrictAcceptorCheck
++Determines whether to be strict about the identity of the GSSAPI acceptor
++a client authenticates against.
++If set to
++.Dq yes
++then the client must authenticate against the
++.Pa host
++service on the current hostname.
++If set to
++.Dq no
++then the client may authenticate against any service key stored in the
++machine's default store.
++This facility is provided to assist with operation on multi homed machines.
++The default is
++.Dq yes .
+ .It Cm HostbasedAcceptedKeyTypes
+ Specifies the key types that will be accepted for hostbased authentication
+ as a comma-separated pattern list.

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch

@@ -0,0 +1,33 @@
+https://github.com/openssh/openssh-portable/pull/29
+
+From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Wed, 18 Mar 2015 12:37:24 -0400
+Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is
+ set
+
+---
+ configure.ac | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index b4d6598..7806d20 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2276,10 +2276,10 @@ openssl_engine=no
+ AC_ARG_WITH([ssl-engine],
+ 	[  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
+ 	[
+-		if test "x$openssl" = "xno" ; then
+-			AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
+-		fi
+ 		if test "x$withval" != "xno" ; then
++			if test "x$openssl" = "xno" ; then
++				AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
++			fi
+ 			openssl_engine=yes
+ 		fi
+ 	]
+-- 
+2.3.2
+

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch

@@ -0,0 +1,15 @@
+--- a/0005-support-dynamically-sized-receive-buffers.patch
++++ b/0005-support-dynamically-sized-receive-buffers.patch
+@@ -411,10 +411,10 @@ index af2f007..41b782b 100644
+ --- a/compat.h
+ +++ b/compat.h
+ @@ -60,6 +60,7 @@
+- #define SSH_NEW_OPENSSH		0x04000000
+  #define SSH_BUG_DYNAMIC_RPORT	0x08000000
+  #define SSH_BUG_CURVE25519PAD	0x10000000
+-+#define SSH_BUG_LARGEWINDOW	0x20000000
++ #define SSH_BUG_HOSTKEYS	0x20000000
+++#define SSH_BUG_LARGEWINDOW	0x40000000
+  
+  void     enable_compat13(void);
+  void     enable_compat20(void);

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch

@@ -0,0 +1,69 @@
+https://bugs.gentoo.org/547944
+
+From d8f391caef62378463a0e6b36f940170dadfe605 Mon Sep 17 00:00:00 2001
+From: "dtucker@openbsd.org" <dtucker@openbsd.org>
+Date: Fri, 10 Apr 2015 05:16:50 +0000
+Subject: [PATCH] upstream commit
+
+Don't send hostkey advertisments
+ (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
+ handle them.  Newer versions should be OK.  Patch from Bryan Drewery and
+ IWAMOTO Kouichi, ok djm@
+---
+ compat.c | 13 ++++++++++++-
+ compat.h |  3 ++-
+ sshd.c   |  6 +++++-
+ 3 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/compat.c b/compat.c
+index 2498168..0934de9 100644
+--- a/compat.c
++++ b/compat.c
+@@ -167,6 +167,17 @@ compat_datafellows(const char *version)
+ 					SSH_BUG_SCANNER },
+ 		{ "Probe-*",
+ 					SSH_BUG_PROBE },
++		{ "TeraTerm SSH*,"
++		  "TTSSH/1.5.*,"
++		  "TTSSH/2.1*,"
++		  "TTSSH/2.2*,"
++		  "TTSSH/2.3*,"
++		  "TTSSH/2.4*,"
++		  "TTSSH/2.5*,"
++		  "TTSSH/2.6*,"
++		  "TTSSH/2.70*,"
++		  "TTSSH/2.71*,"
++		  "TTSSH/2.72*",	SSH_BUG_HOSTKEYS },
+ 		{ NULL,			0 }
+ 	};
+ 
+diff --git a/compat.h b/compat.h
+index af2f007..83507f0 100644
+--- a/compat.h
++++ b/compat.h
+@@ -60,6 +60,7 @@
+ #define SSH_NEW_OPENSSH		0x04000000
+ #define SSH_BUG_DYNAMIC_RPORT	0x08000000
+ #define SSH_BUG_CURVE25519PAD	0x10000000
++#define SSH_BUG_HOSTKEYS	0x20000000
+ 
+ void     enable_compat13(void);
+ void     enable_compat20(void);
+diff --git a/sshd.c b/sshd.c
+index 6aa17fa..60b0cd4 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -928,6 +928,10 @@ notify_hostkeys(struct ssh *ssh)
+ 	int i, nkeys, r;
+ 	char *fp;
+ 
++	/* Some clients cannot cope with the hostkeys message, skip those. */
++	if (datafellows & SSH_BUG_HOSTKEYS)
++		return;
++
+ 	if ((buf = sshbuf_new()) == NULL)
+ 		fatal("%s: sshbuf_new", __func__);
+ 	for (i = nkeys = 0; i < options.num_host_key_files; i++) {
+-- 
+2.3.6
+

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch

@@ -0,0 +1,24 @@
+diff -ur openssh-6.9p1.orig/sshconnect2.c openssh-6.9p1/sshconnect2.c
+--- openssh-6.9p1.orig/sshconnect2.c	2015-07-01 14:56:26.766316866 -0700
++++ openssh-6.9p1/sshconnect2.c	2015-07-01 14:59:22.828692366 -0700
+@@ -1404,7 +1404,7 @@
+ static int
+ get_allowed_keytype(Key *k) {
+ 	char *pattern;
+-	char *alg;
++	const char *alg;
+ 
+ 	if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC)
+ 		return KEY_UNSPEC;
+diff -ur openssh-6.9p1.orig/x509_nm_cmp.c openssh-6.9p1/x509_nm_cmp.c
+--- openssh-6.9p1.orig/x509_nm_cmp.c	2015-07-01 14:56:26.129311890 -0700
++++ openssh-6.9p1/x509_nm_cmp.c	2015-07-01 14:59:14.086624068 -0700
+@@ -133,7 +133,7 @@
+ 	tag = M_ASN1_STRING_type(in);
+ 	if (tag != V_ASN1_UTF8STRING) {
+ 		/*OpenSSL method surprisingly require non-const(!?) ASN1_STRING!*/
+-		return(ASN1_STRING_to_UTF8(out, in));
++		return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in));
+ 	}
+ 
+ 	l = M_ASN1_STRING_length(in);

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch

@@ -0,0 +1,74 @@
+--- openssh-6.8_p1-sctp.patch.1	2015-08-12 16:01:13.854769013 -0700
++++ openssh-6.8_p1-sctp.patch	2015-08-12 16:00:38.208488789 -0700
+@@ -195,14 +195,6 @@
+  .Op Fl c Ar cipher
+  .Op Fl F Ar ssh_config
+  .Op Fl i Ar identity_file
+-@@ -178,6 +178,7 @@ For full details of the options listed b
+- .It ServerAliveCountMax
+- .It StrictHostKeyChecking
+- .It TCPKeepAlive
+-+.It Transport
+- .It UpdateHostKeys
+- .It UsePrivilegedPort
+- .It User
+ @@ -218,6 +219,8 @@ and
+  to print debugging messages about their progress.
+  This is helpful in
+@@ -477,19 +469,11 @@
+  .Sh SYNOPSIS
+  .Nm ssh
+  .Bk -words
+--.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
+-+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
++-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy
+++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz
+  .Op Fl b Ar bind_address
+  .Op Fl c Ar cipher_spec
+  .Op Fl D Oo Ar bind_address : Oc Ns Ar port
+-@@ -473,6 +473,7 @@ For full details of the options listed b
+- .It StreamLocalBindUnlink
+- .It StrictHostKeyChecking
+- .It TCPKeepAlive
+-+.It Transport
+- .It Tunnel
+- .It TunnelDevice
+- .It UsePrivilegedPort
+ @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
+  controls.
+  .It Fl y
+@@ -501,7 +485,7 @@
+  By default this information is sent to stderr.
+ --- a/ssh.c
+ +++ b/ssh.c
+-@@ -194,12 +194,17 @@ extern int muxserver_sock;
++@@ -194,11 +194,16 @@ extern int muxserver_sock;
+  extern u_int muxclient_command;
+  
+  /* Prints a help message to the user.  This function never returns. */
+@@ -515,18 +499,17 @@
+  usage(void)
+  {
+  	fprintf(stderr,
+--"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
+-+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
++-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
+++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
+  "           [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
+  "           [-F configfile] [-I pkcs11] [-i identity_file]\n"
+- "           [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
+ @@ -506,7 +512,7 @@ main(int ac, char **av)
+- 	argv0 = av[0];
++ #  define ENGCONFIG ""
++ #endif
+  
+-  again:
+--	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+-+	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
+- 	    "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
++-	while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
+++	while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
++ 	    "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+  		switch (opt) {
+  		case '1':
+ @@ -732,6 +738,11 @@ main(int ac, char **av)

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch

@@ -0,0 +1,11 @@
+--- openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch.orig	2015-08-24 11:17:05.379280954 -0700
++++ openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch	2015-08-24 11:19:30.788424050 -0700
+@@ -80,7 +80,7 @@
+ +			else
+ +				fatal("Pre-authentication none cipher requests are not allowed.");
+ +		}
+- 		debug("kex: %s %s %s %s",
++ 		debug("kex: %s cipher: %s MAC: %s compression: %s",
+  		    ctos ? "client->server" : "server->client",
+  		    newkeys->enc.name,
+ diff --git a/myproposal.h b/myproposal.h

sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4

@@ -1,38 +1,36 @@
 #!/sbin/runscript
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.3 2013/04/24 03:13:03 vapier Exp $
+# $Id$
 
 extra_commands="checkconfig"
 extra_started_commands="reload"
 
-SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}
-SSHD_CONFIG=${SSHD_CONFIG:-${SSHD_CONFDIR}/sshd_config}
-SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid}
-SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd}
+: ${SSHD_CONFDIR:=/etc/ssh}
+: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
+: ${SSHD_PIDFILE:=/var/run/${SVCNAME}.pid}
+: ${SSHD_BINARY:=/usr/sbin/sshd}
 
 depend() {
 	use logger dns
-	if [ "${rc_need+set}" = "set" ]; then
+	if [ "${rc_need+set}" = "set" ] ; then
 		: # Do nothing, the user has explicitly set rc_need
 	else
-		warn_addr=''
+		local x warn_addr
 		for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
-			case "$x" in
+			case "${x}" in
 				0.0.0.0|0.0.0.0:*) ;;
 				::|\[::\]*) ;;
-				*) warn_addr="${warn_addr} $x" ;;
+				*) warn_addr="${warn_addr} ${x}" ;;
 			esac
 		done
-		unset x
-		if [ "${warn_addr:+set}" = "set" ]; then
-			need net 
+		if [ -n "${warn_addr}" ] ; then
+			need net
 			ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
 			ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd"
 			ewarn "where FOO is the interface(s) providing the following address(es):"
 			ewarn "${warn_addr}"
 		fi
-		unset warn_addr
 	fi
 }
 
@@ -41,8 +39,8 @@ checkconfig() {
 		mkdir -p /var/empty || return 1
 	fi
 
-	if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then
-		eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd"
+	if [ ! -e "${SSHD_CONFIG}" ] ; then
+		eerror "You need an ${SSHD_CONFIG} file to run sshd"
 		eerror "There is a sample file in /usr/share/doc/openssh"
 		return 1
 	fi
@@ -51,8 +49,8 @@ checkconfig() {
 
 	[ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
 		&& SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
-	[ "${SSHD_CONFDIR}" != "/etc/ssh" ] \
-		&& SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config"
+	[ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \
+		&& SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}"
 
 	"${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
 }

sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml

@@ -4,7 +4,7 @@
   <herd>base-system</herd>
   <maintainer restrict="net-misc/openssh[ldap]">
     <email>robbat2@gentoo.org</email>
-	<description>LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else.</description>
+    <description>LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else.</description>
   </maintainer>
   <longdescription>
 OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that 
@@ -21,14 +21,17 @@ the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign,
 ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
 </longdescription>
   <use>
-	<flag name="bindist">Disable EC/RC5 algorithms in OpenSSL for patent reasons.</flag>
-	<flag name="hpn">Enable high performance ssh</flag>
-	<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
-	<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
-	<flag name="sctp">Support for Stream Control Transmission Protocol</flag>
-	<flag name="X509">Adds support for X.509 certificate authentication</flag>
+    <flag name="bindist">Disable EC/RC5 algorithms in OpenSSL for patent reasons.</flag>
+    <flag name="hpn">Enable high performance ssh</flag>
+    <flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
+    <flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
+    <flag name="sctp">Support for Stream Control Transmission Protocol</flag>
+    <flag name="ssh1">Support the legacy/weak SSH1 protocol</flag>
+    <flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
+    <flag name="X509">Adds support for X.509 certificate authentication</flag>
   </use>
   <upstream>
     <remote-id type="cpe">cpe:/a:openssh:openssh</remote-id>
+    <remote-id type="sourceforge">hpnssh</remote-id>
   </upstream>
 </pkgmetadata>

sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r4.ebuild,v 1.1 2015/02/27 22:06:53 chutzpah Exp $
+# $Id$
 
 EAPI="4"
 inherit eutils user flag-o-matic multilib autotools pam systemd versionator
@@ -19,7 +19,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
 	mirror://gentoo/${P}-sctp.patch.xz
 	${HPN_PATCH:+hpn? (
 		mirror://gentoo/${HPN_PATCH}
-		http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
+		https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
 		mirror://sourceforge/hpnssh/${HPN_PATCH}
 	)}
 	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}

sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1.ebuild,v 1.13 2014/12/31 07:40:01 vapier Exp $
+# $Id$
 
 EAPI="4"
 inherit eutils user flag-o-matic multilib autotools pam systemd versionator
@@ -19,7 +19,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
 	mirror://gentoo/${P}-sctp.patch.xz
 	${HPN_PATCH:+hpn? (
 		mirror://gentoo/${HPN_PATCH}
-		http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
+		https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
 		mirror://sourceforge/hpnssh/${HPN_PATCH}
 	)}
 	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}

sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.8_p1-r5.ebuild

@@ -0,0 +1,332 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PN}-6.8p1-r5-hpnssh14v5.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.3.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	mirror://gentoo/${P}-sctp.patch.xz
+	${HPN_PATCH:+hpn? (
+		mirror://gentoo/${HPN_PATCH}
+		https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
+		mirror://sourceforge/hpnssh/${HPN_PATCH}
+	)}
+	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+	${X509_PATCH:+X509? (
+		http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH}
+		mirror://gentoo/${P}-x509-${X509_VER}-glue.patch.xz
+	)}
+	"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssh1/ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey +ssh1 +ssl static X X509"
+REQUIRED_USE="pie? ( !static )
+	ssh1? ( ssl )
+	static? ( !kerberos !pam )
+	X509? ( !ldap ssl )"
+
+LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+	libedit? ( dev-libs/libedit[static-libs(+)] )
+	ssl? (
+		>=dev-libs/openssl-0.9.6d:0[bindist=]
+		dev-libs/openssl[static-libs(+)]
+	)
+	>=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+	!static? (
+		${LIB_DEPEND//\[static-libs(+)]}
+		ldns? (
+			!bindist? ( net-libs/ldns[ecdsa,ssl] )
+			bindist? ( net-libs/ldns[-ecdsa,ssl] )
+		)
+	)
+	pam? ( virtual/pam )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+	static? (
+		${LIB_DEPEND}
+		ldns? (
+			!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
+			bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
+		)
+	)
+	virtual/pkgconfig
+	virtual/os-headers
+	sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+	pam? ( >=sys-auth/pambase-20081028 )
+	userland_GNU? ( virtual/shadow )
+	X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+	# this sucks, but i'd rather have people unable to `emerge -u openssh`
+	# than not be able to log in to their server any more
+	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
+	local fail="
+		$(use X509 && maybe_fail X509 X509_PATCH)
+		$(use ldap && maybe_fail ldap LDAP_PATCH)
+		$(use hpn && maybe_fail hpn HPN_PATCH)
+	"
+	fail=$(echo ${fail})
+	if [[ -n ${fail} ]] ; then
+		eerror "Sorry, but this version does not yet support features"
+		eerror "that you requested:	 ${fail}"
+		eerror "Please mask ${PF} for now and check back later:"
+		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+		die "booooo"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		eerror "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
+		die "USE=tcpd no longer works"
+	fi
+}
+
+save_version() {
+	# version.h patch conflict avoidence
+	mv version.h version.h.$1
+	cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+	sed -i \
+		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
+		pathnames.h || die
+	# keep this as we need it to avoid the conflict between LPK and HPN changing
+	# this file.
+	cp version.h version.h.pristine
+
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	epatch "${FILESDIR}"/${PN}-6.8_p1-sshd-gssapi-multihomed.patch #378361
+	if use X509 ; then
+		pushd .. >/dev/null
+		epatch "${WORKDIR}"/${P}-x509-${X509_VER}-glue.patch
+		epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
+		popd >/dev/null
+		epatch "${WORKDIR}"/${X509_PATCH%.*}
+		epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
+		save_version X509
+	fi
+	if use ldap ; then
+		epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+		save_version LPK
+	fi
+	epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+	epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
+	epatch "${FILESDIR}"/${PN}-6.8_p1-ssh-keygen-no-ssh1.patch #544078
+	epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm.patch #547944
+	# The X509 patchset fixes this independently.
+	use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
+	epatch "${WORKDIR}"/${P}-sctp.patch
+	if use hpn ; then
+		# The teraterm patch pulled in an upstream update.
+		pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null
+		epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm-hpn-glue.patch
+		popd >/dev/null
+		EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
+			EPATCH_MULTI_MSG="Applying HPN patchset ..." \
+			epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
+		save_version HPN
+	fi
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable PATH reset, trust what portage gives us #254615
+		-e 's:^PATH=/:#PATH=/:'
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+	# The -ftrapv flag ICEs on hppa #505182
+	use hppa && sed_args+=(
+		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
+		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	epatch_user #473004
+
+	# Now we can build a sane merged version.h
+	(
+		sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+		macros=()
+		for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+		printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+	) > version.h
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+	addpredict /etc/skey/skeykeys # skey configure code triggers this
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		# We apply the ldap patch conditionally, so can't pass --without-ldap
+		# unconditionally else we get unknown flag warnings.
+		$(use ldap && use_with ldap)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with sctp)
+		$(use_with selinux)
+		$(use_with skey)
+		$(use_with ssh1)
+		# The X509 patch deletes this option entirely.
+		$(use X509 || use_with ssl openssl)
+		$(use_with ssl md5-passwords)
+		$(use_with ssl ssl-engine)
+	)
+
+	# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
+	if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
+		myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
+		append-ldflags -lutil
+	fi
+
+	econf "${myconf[@]}"
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd.rc6.4 sshd
+	newconfd "${FILESDIR}"/sshd.confd sshd
+	keepdir /var/empty
+
+	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	if use pam ; then
+		sed -i \
+			-e "/^#UsePAM /s:.*:UsePAM yes:" \
+			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
+			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+			"${ED}"/etc/ssh/sshd_config || die
+	fi
+
+	# Gentoo tweaks to default config files
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
+
+	# Allow client to pass locale environment variables #367017
+	AcceptEnv LANG LC_*
+	EOF
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
+
+	# Send locale environment variables #367017
+	SendEnv LANG LC_*
+	EOF
+
+	# This instruction is from the HPN webpage,
+	# Used for the server logging functionality
+	if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+		keepdir /var/empty/dev
+	fi
+
+	if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+		insinto /etc/openldap/schema/
+		newins openssh-lpk_openldap.schema openssh-lpk.schema
+	fi
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	diropts -m 0700
+	dodir /etc/skel/.ssh
+
+	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
+	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
+}
+
+src_test() {
+	local t tests skipped failed passed shell
+	tests="interop-tests compat-tests"
+	skipped=""
+	shell=$(egetshell ${UID})
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		elog "Running the full OpenSSH testsuite"
+		elog "requires a usable shell for the 'portage'"
+		elog "user, so we will run a subset only."
+		skipped="${skipped} tests"
+	else
+		tests="${tests} tests"
+	fi
+	# It will also attempt to write to the homedir .ssh
+	local sshhome=${T}/homedir
+	mkdir -p "${sshhome}"/.ssh
+	for t in ${tests} ; do
+		# Some tests read from stdin ...
+		HOMEDIR="${sshhome}" \
+		emake -k -j1 ${t} </dev/null \
+			&& passed="${passed}${t} " \
+			|| failed="${failed}${t} "
+	done
+	einfo "Passed tests: ${passed}"
+	ewarn "Skipped tests: ${skipped}"
+	if [[ -n ${failed} ]] ; then
+		ewarn "Failed tests: ${failed}"
+		die "Some tests failed: ${failed}"
+	else
+		einfo "Failed tests: ${failed}"
+		return 0
+	fi
+}
+
+pkg_preinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
+		elog "Starting with openssh-5.8p1, the server will default to a newer key"
+		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+	fi
+	ewarn "Remember to merge your config files in /etc/ssh/ and then"
+	ewarn "reload sshd: '/etc/init.d/sshd reload'."
+	# This instruction is from the HPN webpage,
+	# Used for the server logging functionality
+	if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+		einfo "For the HPN server logging patch, you must ensure that"
+		einfo "your syslog application also listens at /var/empty/dev/log."
+	fi
+	elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
+	elog "      dropped it.  Make sure to update any configs that you might have."
+}

sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.9_p1-r1.ebuild

@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.7_p1-r3.ebuild,v 1.2 2014/12/31 07:29:47 vapier Exp $
+# $Id$
 
 EAPI="4"
 inherit eutils user flag-o-matic multilib autotools pam systemd versionator
@@ -9,17 +9,17 @@ inherit eutils user flag-o-matic multilib autotools pam systemd versionator
 # and _p? releases.
 PARCH=${P/_}
 
-HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
-LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
-X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+HPN_PATCH="${PN}-6.9p1-hpnssh14v5.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
 
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="http://www.openssh.org/"
 SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	mirror://gentoo/${P}-sctp.patch.xz
+	mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
 	${HPN_PATCH:+hpn? (
 		mirror://gentoo/${HPN_PATCH}
-		http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
+		https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
 		mirror://sourceforge/hpnssh/${HPN_PATCH}
 	)}
 	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
@@ -29,15 +29,21 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
 LICENSE="BSD GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509"
-REQUIRED_USE="pie? ( !static )"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
+REQUIRED_USE="pie? ( !static )
+	ssh1? ( ssl )
+	static? ( !kerberos !pam )
+	X509? ( !ldap ssl )"
 
 LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
 	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
 	skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
 	libedit? ( dev-libs/libedit[static-libs(+)] )
-	>=dev-libs/openssl-0.9.6d:0[bindist=]
-	dev-libs/openssl[static-libs(+)]
+	ssl? (
+		>=dev-libs/openssl-0.9.6d:0[bindist=]
+		dev-libs/openssl[static-libs(+)]
+	)
 	>=sys-libs/zlib-1.2.3[static-libs(+)]"
 RDEPEND="
 	!static? (
@@ -85,6 +91,13 @@ pkg_setup() {
 		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
 		die "booooo"
 	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		eerror "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
+		die "USE=tcpd no longer works"
+	fi
 }
 
 save_version() {
@@ -104,29 +117,29 @@ src_prepare() {
 	# don't break .ssh/authorized_keys2 for fun
 	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
 
-	epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
 	if use X509 ; then
 		pushd .. >/dev/null
-		epatch "${FILESDIR}"/${P}-x509-glue.patch
-		epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
+		#epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
+		epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
 		popd >/dev/null
 		epatch "${WORKDIR}"/${X509_PATCH%.*}
 		epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
+		epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
 		save_version X509
 	fi
-	if ! use X509 ; then
-		if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
-			epatch "${WORKDIR}"/${LDAP_PATCH%.*}
-			save_version LPK
-		fi
-	else
-		use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
+	if use ldap ; then
+		epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+		save_version LPK
 	fi
 	epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
 	epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
-	epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
-	if [[ -n ${HPN_PATCH} ]] && use hpn; then
-		epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
+	# The X509 patchset fixes this independently.
+	use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
+	epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
+	if use hpn ; then
+		EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
+			EPATCH_MULTI_MSG="Applying HPN patchset ..." \
+			epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
 		save_version HPN
 	fi
 
@@ -158,54 +171,47 @@ src_prepare() {
 	eautoreconf
 }
 
-static_use_with() {
-	local flag=$1
-	if use static && use ${flag} ; then
-		ewarn "Disabling '${flag}' support because of USE='static'"
-		# rebuild args so that we invert the first one (USE flag)
-		# but otherwise leave everything else working so we can
-		# just leverage use_with
-		shift
-		[[ -z $1 ]] && flag="${flag} ${flag}"
-		set -- !${flag} "$@"
-	fi
-	use_with "$@"
-}
-
 src_configure() {
-	local myconf=()
 	addwrite /dev/ptmx
-	addpredict /etc/skey/skeykeys #skey configure code triggers this
+	addpredict /etc/skey/skeykeys # skey configure code triggers this
 
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
 	use static && append-ldflags -static
 
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		# We apply the ldap patch conditionally, so can't pass --without-ldap
+		# unconditionally else we get unknown flag warnings.
+		$(use ldap && use_with ldap)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with sctp)
+		$(use_with selinux)
+		$(use_with skey)
+		$(use_with ssh1)
+		# The X509 patch deletes this option entirely.
+		$(use X509 || use_with ssl openssl)
+		$(use_with ssl md5-passwords)
+		$(use_with ssl ssl-engine)
+	)
+
 	# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
 	if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
 		myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
 		append-ldflags -lutil
 	fi
 
-	econf \
-		--with-ldflags="${LDFLAGS}" \
-		--disable-strip \
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
-		--sysconfdir="${EPREFIX}"/etc/ssh \
-		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
-		--datadir="${EPREFIX}"/usr/share/openssh \
-		--with-privsep-path="${EPREFIX}"/var/empty \
-		--with-privsep-user=sshd \
-		--with-md5-passwords \
-		--with-ssl-engine \
-		$(static_use_with pam) \
-		$(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
-		${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
-		$(use_with ldns) \
-		$(use_with libedit) \
-		$(use_with pie) \
-		$(use_with sctp) \
-		$(use_with selinux) \
-		$(use_with skey) \
-		"${myconf[@]}"
+	econf "${myconf[@]}"
 }
 
 src_install() {
@@ -216,12 +222,6 @@ src_install() {
 	newconfd "${FILESDIR}"/sshd.confd sshd
 	keepdir /var/empty
 
-	# not all openssl installs support ecc, or are functional #352645
-	if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
-		elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
-		sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
-	fi
-
 	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
 	if use pam ; then
 		sed -i \
@@ -229,7 +229,7 @@ src_install() {
 			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
 			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
 			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
-			"${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed"
+			"${ED}"/etc/ssh/sshd_config || die
 	fi
 
 	# Gentoo tweaks to default config files

sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.9_p1-r2.ebuild

@@ -0,0 +1,311 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PN}-6.9p1-r1-hpnssh14v5.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
+	${HPN_PATCH:+hpn? (
+		mirror://gentoo/${HPN_PATCH}
+		https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
+		mirror://sourceforge/hpnssh/${HPN_PATCH}
+	)}
+	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+	"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
+REQUIRED_USE="ldns? ( ssl )
+	pie? ( !static )
+	ssh1? ( ssl )
+	static? ( !kerberos !pam )
+	X509? ( !ldap ssl )"
+
+LIB_DEPEND="
+	ldns? (
+		net-libs/ldns[static-libs(+)]
+		!bindist? ( net-libs/ldns[ecdsa,ssl] )
+		bindist? ( net-libs/ldns[-ecdsa,ssl] )
+	)
+	libedit? ( dev-libs/libedit[static-libs(+)] )
+	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+	ssl? (
+		>=dev-libs/openssl-0.9.6d:0[bindist=]
+		dev-libs/openssl[static-libs(+)]
+	)
+	>=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( virtual/pam )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+	virtual/pkgconfig
+	virtual/os-headers
+	sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+	pam? ( >=sys-auth/pambase-20081028 )
+	userland_GNU? ( virtual/shadow )
+	X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+	# this sucks, but i'd rather have people unable to `emerge -u openssh`
+	# than not be able to log in to their server any more
+	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
+	local fail="
+		$(use X509 && maybe_fail X509 X509_PATCH)
+		$(use ldap && maybe_fail ldap LDAP_PATCH)
+		$(use hpn && maybe_fail hpn HPN_PATCH)
+	"
+	fail=$(echo ${fail})
+	if [[ -n ${fail} ]] ; then
+		eerror "Sorry, but this version does not yet support features"
+		eerror "that you requested:	 ${fail}"
+		eerror "Please mask ${PF} for now and check back later:"
+		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+		die "booooo"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		ewarn "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
+	fi
+}
+
+save_version() {
+	# version.h patch conflict avoidence
+	mv version.h version.h.$1
+	cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+	sed -i \
+		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
+		pathnames.h || die
+	# keep this as we need it to avoid the conflict between LPK and HPN changing
+	# this file.
+	cp version.h version.h.pristine
+
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	if use X509 ; then
+		pushd .. >/dev/null
+		#epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
+		epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
+		popd >/dev/null
+		epatch "${WORKDIR}"/${X509_PATCH%.*}
+		epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
+		epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
+		save_version X509
+	fi
+	if use ldap ; then
+		epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+		save_version LPK
+	fi
+	epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+	epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
+	# The X509 patchset fixes this independently.
+	use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
+	epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
+	if use hpn ; then
+		EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
+			EPATCH_MULTI_MSG="Applying HPN patchset ..." \
+			epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
+		save_version HPN
+	fi
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable PATH reset, trust what portage gives us #254615
+		-e 's:^PATH=/:#PATH=/:'
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+	# The -ftrapv flag ICEs on hppa #505182
+	use hppa && sed_args+=(
+		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
+		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	epatch_user #473004
+
+	# Now we can build a sane merged version.h
+	(
+		sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+		macros=()
+		for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+		printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+	) > version.h
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+	addpredict /etc/skey/skeykeys # skey configure code triggers this
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		# We apply the ldap patch conditionally, so can't pass --without-ldap
+		# unconditionally else we get unknown flag warnings.
+		$(use ldap && use_with ldap)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with sctp)
+		$(use_with selinux)
+		$(use_with skey)
+		$(use_with ssh1)
+		# The X509 patch deletes this option entirely.
+		$(use X509 || use_with ssl openssl)
+		$(use_with ssl md5-passwords)
+		$(use_with ssl ssl-engine)
+	)
+
+	# The seccomp sandbox is broken on x32, so use the older method for now. #553748
+	use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
+
+	# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
+	if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
+		myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
+		append-ldflags -lutil
+	fi
+
+	econf "${myconf[@]}"
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd.rc6.4 sshd
+	newconfd "${FILESDIR}"/sshd.confd sshd
+	keepdir /var/empty
+
+	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	if use pam ; then
+		sed -i \
+			-e "/^#UsePAM /s:.*:UsePAM yes:" \
+			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
+			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+			"${ED}"/etc/ssh/sshd_config || die
+	fi
+
+	# Gentoo tweaks to default config files
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
+
+	# Allow client to pass locale environment variables #367017
+	AcceptEnv LANG LC_*
+	EOF
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
+
+	# Send locale environment variables #367017
+	SendEnv LANG LC_*
+	EOF
+
+	if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+		insinto /etc/openldap/schema/
+		newins openssh-lpk_openldap.schema openssh-lpk.schema
+	fi
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	diropts -m 0700
+	dodir /etc/skel/.ssh
+
+	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
+	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
+}
+
+src_test() {
+	local t tests skipped failed passed shell
+	tests="interop-tests compat-tests"
+	skipped=""
+	shell=$(egetshell ${UID})
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		elog "Running the full OpenSSH testsuite"
+		elog "requires a usable shell for the 'portage'"
+		elog "user, so we will run a subset only."
+		skipped="${skipped} tests"
+	else
+		tests="${tests} tests"
+	fi
+	# It will also attempt to write to the homedir .ssh
+	local sshhome=${T}/homedir
+	mkdir -p "${sshhome}"/.ssh
+	for t in ${tests} ; do
+		# Some tests read from stdin ...
+		HOMEDIR="${sshhome}" \
+		emake -k -j1 ${t} </dev/null \
+			&& passed="${passed}${t} " \
+			|| failed="${failed}${t} "
+	done
+	einfo "Passed tests: ${passed}"
+	ewarn "Skipped tests: ${skipped}"
+	if [[ -n ${failed} ]] ; then
+		ewarn "Failed tests: ${failed}"
+		die "Some tests failed: ${failed}"
+	else
+		einfo "Failed tests: ${failed}"
+		return 0
+	fi
+}
+
+pkg_preinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
+		elog "Starting with openssh-5.8p1, the server will default to a newer key"
+		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+	fi
+	if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
+		elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
+	fi
+	ewarn "Remember to merge your config files in /etc/ssh/ and then"
+	ewarn "reload sshd: '/etc/init.d/sshd reload'."
+	elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
+	elog "      dropped it.  Make sure to update any configs that you might have."
+}

sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.0_p1.ebuild

@@ -0,0 +1,324 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.5" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
+	${HPN_PATCH:+hpn? (
+		mirror://gentoo/${HPN_PATCH}
+		https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
+		mirror://sourceforge/hpnssh/${HPN_PATCH}
+	)}
+	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+	"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
+REQUIRED_USE="ldns? ( ssl )
+	pie? ( !static )
+	ssh1? ( ssl )
+	static? ( !kerberos !pam )
+	X509? ( !ldap ssl )"
+
+LIB_DEPEND="
+	ldns? (
+		net-libs/ldns[static-libs(+)]
+		!bindist? ( net-libs/ldns[ecdsa,ssl] )
+		bindist? ( net-libs/ldns[-ecdsa,ssl] )
+	)
+	libedit? ( dev-libs/libedit[static-libs(+)] )
+	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+	ssl? (
+		>=dev-libs/openssl-0.9.6d:0[bindist=]
+		dev-libs/openssl[static-libs(+)]
+	)
+	>=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( virtual/pam )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+	virtual/pkgconfig
+	virtual/os-headers
+	sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+	pam? ( >=sys-auth/pambase-20081028 )
+	userland_GNU? ( virtual/shadow )
+	X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+	# this sucks, but i'd rather have people unable to `emerge -u openssh`
+	# than not be able to log in to their server any more
+	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
+	local fail="
+		$(use X509 && maybe_fail X509 X509_PATCH)
+		$(use ldap && maybe_fail ldap LDAP_PATCH)
+		$(use hpn && maybe_fail hpn HPN_PATCH)
+	"
+	fail=$(echo ${fail})
+	if [[ -n ${fail} ]] ; then
+		eerror "Sorry, but this version does not yet support features"
+		eerror "that you requested:	 ${fail}"
+		eerror "Please mask ${PF} for now and check back later:"
+		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+		die "booooo"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		ewarn "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
+	fi
+}
+
+save_version() {
+	# version.h patch conflict avoidence
+	mv version.h version.h.$1
+	cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+	sed -i \
+		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
+		pathnames.h || die
+	# keep this as we need it to avoid the conflict between LPK and HPN changing
+	# this file.
+	cp version.h version.h.pristine
+
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	if use X509 ; then
+		pushd .. >/dev/null
+		#epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
+		epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
+		popd >/dev/null
+		epatch "${WORKDIR}"/${X509_PATCH%.*}
+		epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
+		epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
+		save_version X509
+	fi
+	if use ldap ; then
+		epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+		save_version LPK
+	fi
+	epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+	epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
+	# The X509 patchset fixes this independently.
+	use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
+	epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
+	if use hpn ; then
+		EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
+			EPATCH_MULTI_MSG="Applying HPN patchset ..." \
+			epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
+		save_version HPN
+	fi
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable PATH reset, trust what portage gives us #254615
+		-e 's:^PATH=/:#PATH=/:'
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+	# The -ftrapv flag ICEs on hppa #505182
+	use hppa && sed_args+=(
+		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
+		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	epatch_user #473004
+
+	# Now we can build a sane merged version.h
+	(
+		sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+		macros=()
+		for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+		printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+	) > version.h
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+	addpredict /etc/skey/skeykeys # skey configure code triggers this
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		# We apply the ldap patch conditionally, so can't pass --without-ldap
+		# unconditionally else we get unknown flag warnings.
+		$(use ldap && use_with ldap)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with sctp)
+		$(use_with selinux)
+		$(use_with skey)
+		$(use_with ssh1)
+		# The X509 patch deletes this option entirely.
+		$(use X509 || use_with ssl openssl)
+		$(use_with ssl md5-passwords)
+		$(use_with ssl ssl-engine)
+	)
+
+	# The seccomp sandbox is broken on x32, so use the older method for now. #553748
+	use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
+
+	# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
+	if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
+		myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
+		append-ldflags -lutil
+	fi
+
+	econf "${myconf[@]}"
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd.rc6.4 sshd
+	newconfd "${FILESDIR}"/sshd.confd sshd
+	keepdir /var/empty
+
+	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	if use pam ; then
+		sed -i \
+			-e "/^#UsePAM /s:.*:UsePAM yes:" \
+			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
+			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+			"${ED}"/etc/ssh/sshd_config || die
+	fi
+
+	# Gentoo tweaks to default config files
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
+
+	# Allow client to pass locale environment variables #367017
+	AcceptEnv LANG LC_*
+	EOF
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
+
+	# Send locale environment variables #367017
+	SendEnv LANG LC_*
+	EOF
+
+	if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+		insinto /etc/openldap/schema/
+		newins openssh-lpk_openldap.schema openssh-lpk.schema
+	fi
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	diropts -m 0700
+	dodir /etc/skel/.ssh
+
+	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
+	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
+}
+
+src_test() {
+	local t tests skipped failed passed shell
+	tests="interop-tests compat-tests"
+	skipped=""
+	shell=$(egetshell ${UID})
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		elog "Running the full OpenSSH testsuite"
+		elog "requires a usable shell for the 'portage'"
+		elog "user, so we will run a subset only."
+		skipped="${skipped} tests"
+	else
+		tests="${tests} tests"
+	fi
+	# It will also attempt to write to the homedir .ssh
+	local sshhome=${T}/homedir
+	mkdir -p "${sshhome}"/.ssh
+	for t in ${tests} ; do
+		# Some tests read from stdin ...
+		HOMEDIR="${sshhome}" \
+		emake -k -j1 ${t} </dev/null \
+			&& passed="${passed}${t} " \
+			|| failed="${failed}${t} "
+	done
+	einfo "Passed tests: ${passed}"
+	ewarn "Skipped tests: ${skipped}"
+	if [[ -n ${failed} ]] ; then
+		ewarn "Failed tests: ${failed}"
+		die "Some tests failed: ${failed}"
+	else
+		einfo "Failed tests: ${failed}"
+		return 0
+	fi
+}
+
+pkg_preinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
+		elog "Starting with openssh-5.8p1, the server will default to a newer key"
+		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+	fi
+	if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
+		elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
+	fi
+	if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
+		elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+		elog "Make sure to update any configs that you might have.  Note that xinetd might"
+		elog "be an alternative for you as it supports USE=tcpd."
+	fi
+	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
+		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
+		elog "adding to your sshd_config:"
+		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
+		elog "You should however generate new keys using rsa or ed25519."
+	fi
+	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
+		elog "Be aware that by disabling openssl support in openssh, the server and clients"
+		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
+		elog "and update all clients/servers that utilize them."
+	fi
+}

sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.1_p1.ebuild

@@ -0,0 +1,324 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="4"
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
+	${HPN_PATCH:+hpn? (
+		mirror://gentoo/${HPN_PATCH}
+		https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
+		mirror://sourceforge/hpnssh/${HPN_PATCH}
+	)}
+	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
+	"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
+REQUIRED_USE="ldns? ( ssl )
+	pie? ( !static )
+	ssh1? ( ssl )
+	static? ( !kerberos !pam )
+	X509? ( !ldap ssl )"
+
+LIB_DEPEND="
+	ldns? (
+		net-libs/ldns[static-libs(+)]
+		!bindist? ( net-libs/ldns[ecdsa,ssl] )
+		bindist? ( net-libs/ldns[-ecdsa,ssl] )
+	)
+	libedit? ( dev-libs/libedit[static-libs(+)] )
+	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+	ssl? (
+		>=dev-libs/openssl-0.9.6d:0[bindist=]
+		dev-libs/openssl[static-libs(+)]
+	)
+	>=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( virtual/pam )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+	virtual/pkgconfig
+	virtual/os-headers
+	sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+	pam? ( >=sys-auth/pambase-20081028 )
+	userland_GNU? ( virtual/shadow )
+	X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+	# this sucks, but i'd rather have people unable to `emerge -u openssh`
+	# than not be able to log in to their server any more
+	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
+	local fail="
+		$(use X509 && maybe_fail X509 X509_PATCH)
+		$(use ldap && maybe_fail ldap LDAP_PATCH)
+		$(use hpn && maybe_fail hpn HPN_PATCH)
+	"
+	fail=$(echo ${fail})
+	if [[ -n ${fail} ]] ; then
+		eerror "Sorry, but this version does not yet support features"
+		eerror "that you requested:	 ${fail}"
+		eerror "Please mask ${PF} for now and check back later:"
+		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+		die "booooo"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		ewarn "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
+	fi
+}
+
+save_version() {
+	# version.h patch conflict avoidence
+	mv version.h version.h.$1
+	cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+	sed -i \
+		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
+		pathnames.h || die
+	# keep this as we need it to avoid the conflict between LPK and HPN changing
+	# this file.
+	cp version.h version.h.pristine
+
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	if use X509 ; then
+		pushd .. >/dev/null
+		epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
+		epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
+		popd >/dev/null
+		epatch "${WORKDIR}"/${X509_PATCH%.*}
+		epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
+		epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
+		save_version X509
+	fi
+	if use ldap ; then
+		epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+		save_version LPK
+	fi
+	epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+	epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
+	# The X509 patchset fixes this independently.
+	use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
+	epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
+	if use hpn ; then
+		EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
+			EPATCH_MULTI_MSG="Applying HPN patchset ..." \
+			epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
+		save_version HPN
+	fi
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable PATH reset, trust what portage gives us #254615
+		-e 's:^PATH=/:#PATH=/:'
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+	# The -ftrapv flag ICEs on hppa #505182
+	use hppa && sed_args+=(
+		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
+		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	epatch_user #473004
+
+	# Now we can build a sane merged version.h
+	(
+		sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+		macros=()
+		for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+		printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+	) > version.h
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+	addpredict /etc/skey/skeykeys # skey configure code triggers this
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		# We apply the ldap patch conditionally, so can't pass --without-ldap
+		# unconditionally else we get unknown flag warnings.
+		$(use ldap && use_with ldap)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with sctp)
+		$(use_with selinux)
+		$(use_with skey)
+		$(use_with ssh1)
+		# The X509 patch deletes this option entirely.
+		$(use X509 || use_with ssl openssl)
+		$(use_with ssl md5-passwords)
+		$(use_with ssl ssl-engine)
+	)
+
+	# The seccomp sandbox is broken on x32, so use the older method for now. #553748
+	use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
+
+	# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
+	if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
+		myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
+		append-ldflags -lutil
+	fi
+
+	econf "${myconf[@]}"
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd.rc6.4 sshd
+	newconfd "${FILESDIR}"/sshd.confd sshd
+	keepdir /var/empty
+
+	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	if use pam ; then
+		sed -i \
+			-e "/^#UsePAM /s:.*:UsePAM yes:" \
+			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
+			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+			"${ED}"/etc/ssh/sshd_config || die
+	fi
+
+	# Gentoo tweaks to default config files
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
+
+	# Allow client to pass locale environment variables #367017
+	AcceptEnv LANG LC_*
+	EOF
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
+
+	# Send locale environment variables #367017
+	SendEnv LANG LC_*
+	EOF
+
+	if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+		insinto /etc/openldap/schema/
+		newins openssh-lpk_openldap.schema openssh-lpk.schema
+	fi
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	diropts -m 0700
+	dodir /etc/skel/.ssh
+
+	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
+	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
+}
+
+src_test() {
+	local t tests skipped failed passed shell
+	tests="interop-tests compat-tests"
+	skipped=""
+	shell=$(egetshell ${UID})
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		elog "Running the full OpenSSH testsuite"
+		elog "requires a usable shell for the 'portage'"
+		elog "user, so we will run a subset only."
+		skipped="${skipped} tests"
+	else
+		tests="${tests} tests"
+	fi
+	# It will also attempt to write to the homedir .ssh
+	local sshhome=${T}/homedir
+	mkdir -p "${sshhome}"/.ssh
+	for t in ${tests} ; do
+		# Some tests read from stdin ...
+		HOMEDIR="${sshhome}" \
+		emake -k -j1 ${t} </dev/null \
+			&& passed="${passed}${t} " \
+			|| failed="${failed}${t} "
+	done
+	einfo "Passed tests: ${passed}"
+	ewarn "Skipped tests: ${skipped}"
+	if [[ -n ${failed} ]] ; then
+		ewarn "Failed tests: ${failed}"
+		die "Some tests failed: ${failed}"
+	else
+		einfo "Failed tests: ${failed}"
+		return 0
+	fi
+}
+
+pkg_preinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
+		elog "Starting with openssh-5.8p1, the server will default to a newer key"
+		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+	fi
+	if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
+		elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
+	fi
+	if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
+		elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+		elog "Make sure to update any configs that you might have.  Note that xinetd might"
+		elog "be an alternative for you as it supports USE=tcpd."
+	fi
+	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
+		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
+		elog "adding to your sshd_config:"
+		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
+		elog "You should however generate new keys using rsa or ed25519."
+	fi
+	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
+		elog "Be aware that by disabling openssl support in openssh, the server and clients"
+		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
+		elog "and update all clients/servers that utilize them."
+	fi
+}