net-misc/openssh: Sync with Gentoo upstream; updates to 8.8_p1

gentoo ref: 91c1a70f4c Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com> Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
2025-08-17 09:56:59 +02:00 · 2021-12-06 17:41:57 +01:00 · 2021-12-06 17:41:57 +01:00 · 4f55795c91
commit 4f55795c91
parent fbaae760e2
8 changed files with 196 additions and 103 deletions
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/Manifest
@ -1,6 +1,6 @@
-DIST openssh-8.7p1+x509-13.2.diff.gz 1068695 BLAKE2B e542e5444f8360e0e28288d6a58d66995ff90e9f6bb1490b04a205162036e371a20d612655ca1bd479b8a04d5ccbfd9b7189b090d50ccbb019848e28571b036b SHA512 342e1ee050258c99f8f206664ef756e1be2c82e5faa5f966b80385aa2c6c601974681459ddba32c1ca5c33eda530af681e753471706c71902c1045a2913cd540
+DIST openssh-8.8p1+x509-13.2.3.diff.gz 1071138 BLAKE2B dfbe53ccfdfe0a3da9bac927c5bb0ccfeb20f1ba69cef2ffb52999e6f6b0a3282e28a888aab40096fe9eed819f4c9b27592a8771d786580b8fa4f507f6b02557 SHA512 e55e9cdcde1b02b2799600083db8c3b85d207b251b99b4efabe8614bedf1daae28e5ed10cbe1f6a2e5ba766fe1eaf41be9e90fefdaae1352808c504fc0f4e7e6
-DIST openssh-8.7p1-sctp-1.2.patch.xz 6740 BLAKE2B 468a455018ffddf4fa64d63acb732ad3e1fb722ae8b24d06cf3a683167a4580626b477bbc286f296c83d39dd36c101ac58597a21daa63de83ad55af00aa3a6be SHA512 aa9067c9025b6e4edfad5e45ec92da43db14edb11aae02cbbc296e66b48377cbbf62cdafcdd5edfd1fd4bf69420ee017223ab52e50a42b1976002d767984777c
+DIST openssh-8.8p1-sctp-1.2.patch.xz 6744 BLAKE2B 9f99e0abfbfbda2cc1c7c2a465d044c900da862e5a38f01260f388ac089b2e66c5ea7664d71d18b924552ae177e5893cdcbfbccc20eeb3aaeae00b3d552379e3 SHA512 5290c5ef08a418dcc9260812d8e75ce266e22e2258514f11da6fb178e0ae2ef16046523f72a50f74ae7b98e7eb52d16143befc8ce2919041382d314aa05adda0
-DIST openssh-8.7p1.tar.gz 1814595 BLAKE2B 9fdb8898485053d08c9eca419c15d0d03b7a60152cf6a9d7f1beed3a21c9e6ac3bd9f854580e6e474fb0c871f3d4be9ef4b49bee8c355d9e5769a5505f4e6ea9 SHA512 08c81024d9e1248abfda6cc874886ff5ae916669b93cd6aff640e0614ee8cbcbc3fe87a9ce47136b6443ddbb1168b114367c74e117551905994e1a7e3fa2c0c2
+DIST openssh-8.8p1.tar.gz 1815060 BLAKE2B 3a054ce19781aceca5ab1a0839d7435d88aff4481e8c74b91ffd2046dc8b6f03d6bf584ecda066c0496acf43cea9ab4085f26a29e34e20736e752f204b8c76c3 SHA512 d44cd04445f9c8963513b0d5a7e8348985114ff2471e119a6e344498719ef40f09c61c354888a3be9dabcb5870e5cbe5d3aafbb861dfa1d82a4952f3d233a8df
 DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7 SHA512 4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f
 DIST openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 51428 BLAKE2B 370b88a7da7f148bf5a4d445f05cf593b486e9df53bba027e2e179726f534b68cf9d94edd6e53024e0b6ff5f20e568727bc9d26c94d0d415603602a80d3ad241 SHA512 2d8d887901164b33b2799ff3ec72e86a39ae4a1696e52bcee0872dbae7772fcc534351e6e7f87126ee71b164c74e9091350f14b782f4b242a09f09b4f50d047a
 DIST openssh-8_5_P1-hpn-PeakTput-15.2.diff 2429 BLAKE2B 849bf3c313719ab7a25c75e82d5dc5ac98365a038b2a66fe58d01eae5b20c7777258b94b5830e799d6909e75c69753cda05a910f3bdab9606fb7d5efa68e05f1 SHA512 c4a56fab55fabd1d902d45f235b603708d43f969920e45c9a57e557dccfa9cade2ec61f26d1ace938f6f73e79f17b12f119b5aea9166cbda8e3435b910500914
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.7_p1-X509-glue-13.2.patch
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.7_p1-X509-glue-13.2.patch
@ -1,73 +0,0 @@
 diff -ur '--exclude=.*.un~' a/openssh-8.7p1+x509-13.2.diff b/openssh-8.7p1+x509-13.2.diff
 --- a/openssh-8.7p1+x509-13.2.diff	2021-08-30 17:47:40.415668320 -0700
 +++ b/openssh-8.7p1+x509-13.2.diff	2021-08-30 17:49:14.916114987 -0700
@@ -51082,12 +51082,11 @@
  install-files:
  	$(MKDIR_P) $(DESTDIR)$(bindir)
 -@@ -391,6 +368,8 @@
 +@@ -391,6 +368,7 @@
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
  	$(MKDIR_P) $(DESTDIR)$(libexecdir)
 +	$(MKDIR_P) $(DESTDIR)$(sshcadir)
 -+	$(MKDIR_P) $(DESTDIR)$(piddir)
  	$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
  	$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
  	$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
@@ -69793,7 +69792,7 @@
 -	echo "putty interop tests not enabled"
 -	exit 0
 -fi
 -+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  exit 1; }
 ++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  exit 0; }
  for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
  	verbose "$tid: cipher $c"
@@ -69808,7 +69807,7 @@
 -	echo "putty interop tests not enabled"
 -	exit 0
 -fi
 -+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  exit 1; }
 ++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  exit 0; }
  for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
  	verbose "$tid: kex $k"
@@ -69823,7 +69822,7 @@
 -	echo "putty interop tests not enabled"
 -	exit 0
 -fi
 -+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  exit 1; }
 ++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1;  exit 0; }
  if [ "`${SSH} -Q compression`" = "none" ]; then
  	comp="0"
@@ -70130,9 +70129,9 @@
 +# cross-project configuration
 +if test "$sshd_type" = "pkix" ; then
 -+  unset_arg=''
 ++  unset_arg=
 +else
 -+  unset_arg=none
 ++  unset_arg=
 +fi
 +
  cat > $OBJ/sshd_config.i << _EOF
@@ -131673,16 +131672,6 @@
 +int	 asnmprintf(char **, size_t, int *, const char *, ...)
  	    __attribute__((format(printf, 4, 5)));
  void	 msetlocale(void);
 -diff -ruN openssh-8.7p1/version.h openssh-8.7p1+x509-13.2/version.h
 ---- openssh-8.7p1/version.h	2021-08-20 07:03:49.000000000 +0300
 -+++ openssh-8.7p1+x509-13.2/version.h	2021-08-30 20:07:00.000000000 +0300
 -@@ -2,5 +2,4 @@
 - 
 - #define SSH_VERSION	"OpenSSH_8.7"
 - 
 --#define SSH_PORTABLE	"p1"
 --#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 -+#define SSH_RELEASE	PACKAGE_STRING ", " SSH_VERSION "p1"
 diff -ruN openssh-8.7p1/version.m4 openssh-8.7p1+x509-13.2/version.m4
 --- openssh-8.7p1/version.m4	1970-01-01 02:00:00.000000000 +0200
 +++ openssh-8.7p1+x509-13.2/version.m4	2021-08-30 20:07:00.000000000 +0300
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-8.8_p1-X509-glue-13.2.3.patch
@ -0,0 +1,63 @@
 diff -ur '--exclude=.*.un~' a/openssh-8.8p1+x509-13.2.3.diff b/openssh-8.8p1+x509-13.2.3.diff
 --- a/openssh-8.8p1+x509-13.2.3.diff	2021-10-29 14:59:17.070546984 -0700
 +++ b/openssh-8.8p1+x509-13.2.3.diff	2021-10-29 14:59:55.086664489 -0700
@@ -954,15 +954,16 @@
  	char b[512];
 -	size_t len = ssh_digest_bytes(SSH_DIGEST_SHA512);
 -	u_char *hash = xmalloc(len);
 +-	double delay;
 +	int digest_alg;
 +	size_t len;
 +	u_char *hash;
 - 	double delay;
 - 
 ++	double delay = 0;
 ++
 +	digest_alg = ssh_digest_maxbytes();
 +	len = ssh_digest_bytes(digest_alg);
 +	hash = xmalloc(len);
 -+
 +
  	(void)snprintf(b, sizeof b, "%llu%s",
  	    (unsigned long long)options.timing_secret, user);
 -	if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
@@ -51859,12 +51860,11 @@
  install-files:
  	$(MKDIR_P) $(DESTDIR)$(bindir)
 -@@ -391,6 +372,8 @@
 +@@ -391,6 +372,7 @@
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
  	$(MKDIR_P) $(DESTDIR)$(libexecdir)
 +	$(MKDIR_P) $(DESTDIR)$(sshcadir)
 -+	$(MKDIR_P) $(DESTDIR)$(piddir)
  	$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
  	$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
  	$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
@@ -71985,7 +71985,7 @@
 +if test "$sshd_type" = "pkix" ; then
 +  unset_arg=''
 +else
 -+  unset_arg=none
 ++  unset_arg=
 +fi
 +
  cat > $OBJ/sshd_config.i << _EOF
@@ -132360,16 +132360,6 @@
 +int	 asnmprintf(char **, size_t, int *, const char *, ...)
  	    __attribute__((format(printf, 4, 5)));
  void	 msetlocale(void);
 -diff -ruN openssh-8.8p1/version.h openssh-8.8p1+x509-13.2.3/version.h
 ---- openssh-8.8p1/version.h	2021-09-26 17:03:19.000000000 +0300
 -+++ openssh-8.8p1+x509-13.2.3/version.h	2021-10-23 16:27:00.000000000 +0300
 -@@ -2,5 +2,4 @@
 - 
 - #define SSH_VERSION	"OpenSSH_8.8"
 - 
 --#define SSH_PORTABLE	"p1"
 --#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 -+#define SSH_RELEASE	PACKAGE_STRING ", " SSH_VERSION "p1"
 diff -ruN openssh-8.8p1/version.m4 openssh-8.8p1+x509-13.2.3/version.m4
 --- openssh-8.8p1/version.m4	1970-01-01 02:00:00.000000000 +0200
 +++ openssh-8.8p1+x509-13.2.3/version.m4	2021-10-23 16:27:00.000000000 +0300
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.confd
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.confd
@ -0,0 +1,33 @@
 # /etc/conf.d/sshd: config file for /etc/init.d/sshd
 # Where is your sshd_config file stored?
 SSHD_CONFDIR="${RC_PREFIX%/}/etc/ssh"
 # Any random options you want to pass to sshd.
 # See the sshd(8) manpage for more info.
 SSHD_OPTS=""
 # Wait one second (length chosen arbitrarily) to see if sshd actually
 # creates a PID file, or if it crashes for some reason like not being
 # able to bind to the address in ListenAddress.
 #SSHD_SSD_OPTS="--wait 1000"
 # Pid file to use (needs to be absolute path).
 #SSHD_PIDFILE="${RC_PREFIX%/}/run/sshd.pid"
 # Path to the sshd binary (needs to be absolute path).
 #SSHD_BINARY="${RC_PREFIX%/}/usr/sbin/sshd"
 # Path to the ssh-keygen binary (needs to be absolute path).
 #SSHD_KEYGEN_BINARY="${RC_PREFIX%/}/usr/bin/ssh-keygen"
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.initd
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.initd
@ -0,0 +1,87 @@
 #!/sbin/openrc-run
 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 extra_commands="checkconfig"
 extra_started_commands="reload"
 : ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
 : ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
 : ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
 : ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
 : ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
 command="${SSHD_BINARY}"
 pidfile="${SSHD_PIDFILE}"
 command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
 # Wait one second (length chosen arbitrarily) to see if sshd actually
 # creates a PID file, or if it crashes for some reason like not being
 # able to bind to the address in ListenAddress (bug 617596).
 : ${SSHD_SSD_OPTS:=--wait 1000}
 start_stop_daemon_args="${SSHD_SSD_OPTS}"
 depend() {
 	# Entropy can be used by ssh-keygen, among other things, but
 	# is not strictly required (bug 470020).
 	use logger dns entropy
 	if [ "${rc_need+set}" = "set" ] ; then
 		: # Do nothing, the user has explicitly set rc_need
 	else
 		local x warn_addr
 		for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
 			case "${x}" in
 				0.0.0.0|0.0.0.0:*) ;;
 				::|\[::\]*) ;;
 				*) warn_addr="${warn_addr} ${x}" ;;
 			esac
 		done
 		if [ -n "${warn_addr}" ] ; then
 			need net
 			ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
 			ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
 			ewarn "where FOO is the interface(s) providing the following address(es):"
 			ewarn "${warn_addr}"
 		fi
 	fi
 }
 checkconfig() {
 	checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
 	if [ ! -e "${SSHD_CONFIG}" ] ; then
 		eerror "You need an ${SSHD_CONFIG} file to run sshd"
 		eerror "There is a sample file in /usr/share/doc/openssh"
 		return 1
 	fi
 	${SSHD_KEYGEN_BINARY} -A || return 2
 	"${command}" -t ${command_args} || return 3
 }
 start_pre() {
 	# Make sure that the user's config isn't busted before we try
 	# to start the daemon (this will produce better error messages
 	# than if we just try to start it blindly).
 	#
 	# We always need to call checkconfig because this function will
 	# also generate any missing host key and you can start a
 	# non-running service with "restart" argument.
 	checkconfig || return $?
 }
 stop_pre() {
 	# If this is a restart, check to make sure the user's config
 	# isn't busted before we stop the running daemon.
 	if [ "${RC_CMD}" = "restart" ] ; then
 		checkconfig || return $?
 	fi
 }
 reload() {
 	checkconfig || return $?
 	ebegin "Reloading ${SVCNAME}"
 	start-stop-daemon --signal HUP --pidfile "${pidfile}"
 	eend $?
 }
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.socket
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.socket
@ -5,7 +5,6 @@ Conflicts=sshd.service
 [Socket]
 ListenStream=22
 Accept=yes
 TriggerLimitBurst=0
 [Install]
 WantedBy=sockets.target
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/metadata.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
  <maintainer type="project">
    <email>base-system@gentoo.org</email>
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.8_p1-r3.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-8.8_p1-r3.ebuild
@ -1,6 +1,3 @@
 # Difference to upstream from ./update_ebuilds:
 # - Ported changes from 11d6f23704e7ab84191e28e034816bfdb151d406
 #
 # Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
@ -24,7 +21,7 @@ HPN_PATCHES=(
 )
 SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
-X509_VER="13.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+X509_VER="13.2.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
 DESCRIPTION="Port of OpenBSD's free SSH release"
 HOMEPAGE="https://www.openssh.com/"
@ -39,7 +36,7 @@ LICENSE="BSD GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 # Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss"
+IUSE="abi_mips_n32 audit debug hpn kerberos kernel_linux ldns libedit livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss"
 RESTRICT="!test? ( test )"
@ -48,7 +45,7 @@ REQUIRED_USE="
 	ldns? ( ssl )
 	pie? ( !static )
 	static? ( !kerberos !pam )
-	X509? ( !sctp !security-key ssl !xmss )
+	X509? ( !sctp ssl !xmss )
 	xmss? ( ssl  )
 	test? ( ssl )
 "
@ -60,23 +57,13 @@ LIB_DEPEND="
 	audit? ( sys-process/audit[static-libs(+)] )
 	ldns? (
 		net-libs/ldns[static-libs(+)]
-		!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
+		net-libs/ldns[ecdsa,ssl(+)]
 		bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
 	)
 	libedit? ( dev-libs/libedit:=[static-libs(+)] )
 	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
 	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
 	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? (
+	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
 			|| (
 				(
 					>=dev-libs/openssl-1.0.1:0[bindist(-)=]
 					<dev-libs/openssl-1.1.0:0[bindist(-)=]
 				)
 				>=dev-libs/openssl-1.1.0g:0[bindist(-)=]
 			)
 			dev-libs/openssl:0=[static-libs(+)]
 	)
 	virtual/libcrypt:=[static-libs(+)]
 	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
 "
@ -177,7 +164,7 @@ src_prepare() {
 			"${S}"/version.h || die "Failed to sed-in SCTP patch version"
 		PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
-		einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..."
+		einfo "Disabling known failing test (cfgparse) caused by SCTP patch ..."
 		sed -i \
 			-e "/\t\tcfgparse \\\/d" \
 			"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
@ -188,7 +175,7 @@ src_prepare() {
 		mkdir "${hpn_patchdir}" || die
 		cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die
 		pushd "${hpn_patchdir}" &>/dev/null || die
-		eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch
+		eapply "${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-glue.patch
 		use X509 && eapply "${FILESDIR}"/${PN}-8.7_p1-hpn-${HPN_VER}-X509-glue.patch
 		use sctp && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch
 		popd &>/dev/null || die
@ -321,11 +308,6 @@ src_configure() {
 	)
 	if use elibc_musl; then
 		# stackprotect is broken on musl x86 and ppc
 		if use x86 || use ppc; then
 			myconf+=( --without-stackprotect )
 		fi
 		# musl defines bogus values for UTMP_FILE and WTMP_FILE
 		# https://bugs.gentoo.org/753230
 		myconf+=( --disable-utmp --disable-wtmp )
@ -420,6 +402,8 @@ src_install() {
 	emake install-nokeys DESTDIR="${D}"
 	fperms 600 /etc/ssh/sshd_config
 	dobin contrib/ssh-copy-id
 	newinitd "${FILESDIR}"/sshd-r1.initd sshd
 	newconfd "${FILESDIR}"/sshd-r1.confd sshd
 	if use pam; then
 		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd