Revision bump, bump the X509 patch to version 8.3.1.

Package-Manager: portage-2.2.18/cvs/Linux x86_64
Manifest-Sign-Key: 0xE3F69979BB4B8928DA78E3D17CBF44EF

3 files changed, 348 insertions, 15 deletions

diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index a07ae9d779a3..5f0fd94b84ce 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for net-misc/openssh
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.557 2015/03/25 21:06:03 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.558 2015/04/06 20:29:53 chutzpah Exp $
+
+*openssh-6.8_p1-r4 (06 Apr 2015)
+
+  06 Apr 2015; Patrick McLean <chutzpah@gentoo.org> +openssh-6.8_p1-r4.ebuild:
+  Revision bump, bump the X509 patch to version 8.3.1.
 
 *openssh-6.8_p1-r3 (25 Mar 2015)
 
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 5bf15ae5c2cc..b80a66f72b06 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -25,7 +25,9 @@ DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b
 DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681
 DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518
 DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
+DIST openssh-6.8_p1-x509-8.3.1-glue.patch.xz 141096 SHA256 1e8c911b1403e47a37c24d0ebbfa36d46204c06b38d93ed9ae6d2a0953d3bba6 SHA512 942f09f20d898b4865707b5b48012545d7f8171353427ddb773cffaf1b8c664f48375cb85292592ccba63da695e99def42d17c52a61bb93b89827f53cf3ad918 WHIRLPOOL 66ace7a191a562485ee144516912dee52c84fcfbe8b710b3429211cd9d849dc24d4419c5fa6fd3968f9ab250cf474a692db326c2ac3ef930081b8a5777875a73
 DIST openssh-6.8_p1-x509-glue.patch.xz 141312 SHA256 2060c896e1f8c241052bb27246667731526f73d9849816657e7467828500a1cb SHA512 8c4118b6e28cdd125566f209ace058b7c67cb1c3eb6c1ea32026655f61dcfa840590ed404ff89f8bb24d68a558daf6dd389cd20f9cd5a13bce118e4a18815968 WHIRLPOOL e9da44812f9edb634f5835c6c337eb206bfa64571d687917c276948da547388f14d118eff5b751272f60e4df9e04168c7fdb9ac8690e038865b4960196c9d02c
+DIST openssh-6.8p1+x509-8.3.1.diff.gz 351502 SHA256 64d0b7cd428352a2d77d9decb02ec744eca4433bcb35288745859eb19ccf4fcf SHA512 6525b7ddae13752f145bda42fe6d65ec40a8c9d44766b749cf49ff904d6b1941e088e560c2a532a3dc0003ac1e29d56a28ea3ed1533ee5abcd696cd80ae88d8e WHIRLPOOL 32f45411d250b7c46f2408bfca6b12223e901fa15c27db449c06cd5b1ab7a0e853fffed5971ca635c5080d1796196a8661b8d1503bdcdb28d61e0d082f28590b
 DIST openssh-6.8p1+x509-8.3.diff.gz 347942 SHA256 34dbefcce8509d3c876be3e7d8966455c7c3589a6872bdfb1f8ce3d133f4d304 SHA512 74a83e9716731a6b4b0d957c49ba86a4124e208e31f61efb332ebc19b02e8b384afbd3f52409b34ae721183a7863be135c5d4fe4d21c9473ef828bc30688fdac WHIRLPOOL 19570e07381dc9fd31dbe4bf3e6fefd0bc0f9cfbb1777b3900a943dac8cb41560a6216475659defa7d9d05882902fe7f575038cdb23e7587a8515465b24fc9f9
 DIST openssh-6.8p1-hpnssh14v5.tar.xz 24660 SHA256 dea2c5cdfd08d09f832a88aaf9d8285e57a67bbc68e6652ca3e0bf8b0213d99e SHA512 0b77e5d7d13ac7e2392d52e18240e5a0233d0a452d6cb7d1a0bf7ea7b640df5edc64cfcbe8c4fcb7c011b0eaa6a7aa3d6585292be753387af369d726345b7f5c WHIRLPOOL 2385c4f8ce5b9a2359991b9ca38362ec19482d3c904b10ceeb77c5044c88edabc2470db2ed156931d1c3ab6f93872809bef66a6848e9b39969f7c59d144c31ba
 DIST openssh-6.8p1-r1-hpnssh14v5.tar.xz 24648 SHA256 87ab38507c7e4f1855c127f276c7c20e58bcd539dd303a37843d3d24ff72df7e SHA512 5883787b09330ae154f385bbc6bda8c6dbc727df7e9a96ddf4cb4a5162c932937bce8e3aa2b555ff4854df80b738c2ea1cdc4c170a10f9ed6252520edb070edb WHIRLPOOL e508fbfbb148fbd311927c4a88d388d1d15a1ee99e5445df0c774fd23acf7c87962682eab03a0bef6bd12c9d7149b047cbb145e60e6e947bd577e88110b47d52
@@ -40,23 +42,24 @@ EBUILD openssh-6.7_p1.ebuild 10067 SHA256 970be3a06c0293262f6c59d068d290cc71935f
 EBUILD openssh-6.8_p1-r1.ebuild 10084 SHA256 c0905c8c9f5a7c6c9ddb00aa61f6ba12164e8000bef4f0ff42e3f7fc4f48cd83 SHA512 737d554d3e28b203967d334387b51962b67e7e503d8ed2e2bb000f23b1b2fe671c70cd725d93fb9e137e6c40275006fea8f942b0f3e94d0f82578a293e50c013 WHIRLPOOL f1e0876c9094d25b5f5c03f14ed68ed1257eccbab9dde61854ab5aefcc00f0addcb1478b225bde79ead6bc37f4e2b0a5871d91aa42e42d5e80bfdc3be6aa5372
 EBUILD openssh-6.8_p1-r2.ebuild 10152 SHA256 5623f420dbcd5d535390f83d07b0c9c7d07ab7cdfd88fb916c79843f2c3baf0b SHA512 e326f438faf7106fad9c1ce0a8eb240c9da17fe1cbd3436885f17f17723fef8dfadee376775242731f2534b4bdf99dfc1e44c7f103c267938d5d924616991f93 WHIRLPOOL 6d351f4d85912e5978ea3b44edcd4bdbf7906ab993dce5bd13e45f3f77cd2925bcc0ef448beb589c91f059db7c7997d24b403664fa1dde8cc35117feeca277cf
 EBUILD openssh-6.8_p1-r3.ebuild 10218 SHA256 f5e40e903d70cb9373cd8d908cffc2eb42dfe84a78a5eb912bb1473154fdb52a SHA512 5ad4aa2064a8d6768bc4d9b7a98a727f51b3da5a37851d8c5f6c1c7e604a4bb9c6376483c4b5afe61d4b0bc6653ab76633146b971ab2677f86c7f3ec3312696e WHIRLPOOL 5d38ae9bce4cffba2a15eaedbacdd08889b3a0c9e56f9c159f6986eb0700fc443ea294b4ed89e2e9c6b4ae9cf21601b09298e33e90e80ca97fb4608dfefa8031
+EBUILD openssh-6.8_p1-r4.ebuild 10246 SHA256 a4dd9eb1911a2f73b7352a9626134d179dee0c68b12aeaf353df28ad3f444d45 SHA512 9b1835563bf69e6716e375dd6334b989e39ad2184e045ddbeb827f74210126e106b74539ac474e0a8357207dc0c853c1750f3693280859d9aa4ee08696b613db WHIRLPOOL 157639dfccb055ebd61a0f5f9b2b601f2fd49a466cd933fabff758bcb9b73903967c90bdcb8e7deb0595e54e05a913802b4e5c920b4645518cb0f3a49a8fd320
 EBUILD openssh-6.8_p1.ebuild 10045 SHA256 13378c09cc4ceec7cd1b8c12ad925db87c9d37910edb679eb2404527226ee18d SHA512 daa5ba19f6fbc0ac7104c8c7822b22745736bf864999ade1e205d1b7184e0fd67f997c4635ab2335eafdf2d2917cf677764080d3004b24935f4189fce338010f WHIRLPOOL b8d40e35bf44bf26296c8d87e3b293b31f767920afb288a10deff8a9ceeb1c130b4da2697d7ce970091d0810c5d1e3839640e2ebee2f0d63b8ca5b0f430c0c0c
-MISC ChangeLog 92974 SHA256 9729985baaa2a281e77499d2ad665bee52bf3a0f33cc4ce91cdf514ca2cd379e SHA512 ba75bd788734dbb88c6a28cb2a9f36d4092079bd0622b1f551b5041fe9f102e460014b9668c66fae5b95de66861e5516bdc3d13f38827864ee34940e9ff09d3a WHIRLPOOL ad6f05a6862305fb95c4079338b8b040cff2f917cef9c45b637b12d098f76ffbbd34e4e002bdf51f02eaaa1d9c79c4dbff385d1056bf24e8bf2d9e0a2fef1da6
+MISC ChangeLog 93145 SHA256 c6f2e7d27ddcb513a63918791cb79ca36a81444e50c1767cf8f663823a78b669 SHA512 f88e0baccae92d6274609325b48dd87d82f4e860a2379c8235afc41a56c188c43a86c40166e30359d44647b7b176792d01d9f6af77c8fd0fc93dba604565be0d WHIRLPOOL ad85fb4d577a2001a0f6f3a006198d89b55026a0378394b34dc227e05a1330d4d9336736fa913fbc8230524728ea9a6d34a4e0d5b95de6dc2b9ee1ed01d9ade8
 MISC metadata.xml 2049 SHA256 db7830f81086b967b8212af7c318bf27d22ac7db58b1a4d9c80cc86453ff03ab SHA512 3641e38203376c78fddc11b9d5861bdb629a1f9faf2768be5dc35f62ef3d37636a2f9f990e3ade1de2cec45d33a5fcdf7bb0dcd5f4376d40753fe29b354da42e WHIRLPOOL 6a7497491a150ede87bf20f5da5ed9003d545c9c376db7b78a6c1db66b1b90213f5f97d9211fb8b1ab204c1814c1a90d7be77a2d83cc045cf0762b4d2708c56a
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJVEyM8AAoJEPGu1DbS6WIAsUMP/2as7f6O1+DovZD1Xy4wE6Z+
-flf9b9zpIAV/OTzJpx5z5eNK6BEjQACbBeecB0lYovXpoVTOdYLlDBW9IZ58jV1k
-80YiKMO6RpXqg1rInh071Eak0UucgvGIH0rsNCINs5+HpQ9rw9Ow/MQCfFDI1HWG
-PXI0J750vAHrY45ALZul3Vn8kr5AMcmhIvyYZCcBuoTtDwb9aodS1hqjZHa563Mv
-U18bY7wt3buaDqvaRE6OHqFA4VTlSJ2HaK+2h2BuUOxJvcH9ZOSY1Bdz3Qqo1yIf
-6oZw94Uz+wIj6QZxH2DTTfriVow5AmGLCXg+X2YUW0sOTajx4JS9+CjmO4t5c1+4
-xSPmrm922/+ZLPL6r74xNhlis7R6vfqoz8MpcsHCzuV7mkaBqeFEOJjEgLwimdj0
-TN15fVIr9cQLK+uc37EKCPtOqsl8Sioq9TR4u7nfy5OqPht7wvSoa9jm9gAu3XN0
-V0PQ0+0ffqN4bjWCixhmJf1VjPv+B+SjE+6gxgGrH6Gp2jDE4vGaAeccaIbJ8rQ5
-2+3DcDUy9kXg8vMu/1dICD5dsxp363VS1gV1ywLYdAZSrytd8Zvflejf3L5wqEyK
-EdPRknwLfaHHxuZ+0xshHH+Lz9Ts9V/zZc/fYAcKp9VX2007DhHOD0aCgy0soov4
-qp0cjZ1sBvaMl7OkAv2Y
-=cLOf
+iQIcBAEBCAAGBQJVIuzMAAoJEHy/RO9cNQiD3eoP/2I7xSu4M4BRjmAlAWYRzClX
+btUPo8vvo8xWN4dV/hUSEd1baXFaOMSJmz+4YNQhcSThHa3KlGOjD8vqlpk1gQUo
+F3ngH2WoKKamkqbHsy0oyxPwDIBVFBsXcjqMDw9zGdl6Y5Od3GeO/vSSgFtRur+y
+vHAjBCB6CGuMWqkkSfoQyFDhQ3KBBXbWAmRXZcHtmeWQlymEFAnOVH98ikX6ipuk
+rxyP7ozfXukCLbxRn1l/6K4Pkv3lfCguYsnV3zndMc5JgmOfLefOSmF9rIHcW6Dj
+jCtfIGytlQPnNlCNeeod5/m7/UCj3S+P/6Vm70VOkgcbws2Y8a2A0acU0Xpq6S4E
+TSiZSlucjUP/e8IhClhHaDvRdK2Q22EhiAzrzmrl0R3pkgr+KkLDy1oat02Tjy0n
+fmFGj0jm7/GSrG8XkTCYfV6CtZezwyVjMrlz1tvmKjTbOl1f++/ncIaR8QGGwu1s
+N1j+93ga4hEwbLce9wHxa30QikS53XxFlTObBRqXKyixyZYL+yn+YBNu8s2W4qRt
+Mvc2Uv265JM60Mhn1O2hA2BRZyRZxthrr8RtWd+JFbqT8jXeH3W/u0XNkjtjCbXR
+vhf2Wj2TicpqPZfTN/T2Ci6pDY4giY9X+XFzDdpj5Sm3r6hxOV3b3QS3xljptN/2
+G78vBnSOJ2Fdd0FbYt2P
+=bs5+
 -----END PGP SIGNATURE-----
diff --git a/net-misc/openssh/openssh-6.8_p1-r4.ebuild b/net-misc/openssh/openssh-6.8_p1-r4.ebuild
new file mode 100644
index 000000000000..b2c2debc9678
--- /dev/null
+++ b/net-misc/openssh/openssh-6.8_p1-r4.ebuild
@@ -0,0 +1,325 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.8_p1-r4.ebuild,v 1.1 2015/04/06 20:29:53 chutzpah Exp $
+
+EAPI="4"
+inherit eutils user flag-o-matic multilib autotools pam systemd versionator
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+HPN_PATCH="${PN}-6.8p1-r4-hpnssh14v5.tar.xz"
+LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
+X509_VER="8.3.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.org/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	mirror://gentoo/${P}-sctp.patch.xz
+	${HPN_PATCH:+hpn? (
+		mirror://gentoo/${HPN_PATCH}
+		http://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
+		mirror://sourceforge/hpnssh/${HPN_PATCH}
+	)}
+	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
+	${X509_PATCH:+X509? (
+		http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH}
+		mirror://gentoo/${P}-x509-${X509_VER}-glue.patch.xz
+	)}
+	"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+# Probably want to drop ssh1/ssl defaulting to on in a future version.
+IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey +ssh1 +ssl static X X509"
+REQUIRED_USE="pie? ( !static )
+	ssh1? ( ssl )
+	static? ( !kerberos !pam )
+	X509? ( !ldap ssl )"
+
+LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
+	libedit? ( dev-libs/libedit[static-libs(+)] )
+	ssl? (
+		>=dev-libs/openssl-0.9.6d:0[bindist=]
+		dev-libs/openssl[static-libs(+)]
+	)
+	>=sys-libs/zlib-1.2.3[static-libs(+)]"
+RDEPEND="
+	!static? (
+		${LIB_DEPEND//\[static-libs(+)]}
+		ldns? (
+			!bindist? ( net-libs/ldns[ecdsa,ssl] )
+			bindist? ( net-libs/ldns[-ecdsa,ssl] )
+		)
+	)
+	pam? ( virtual/pam )
+	kerberos? ( virtual/krb5 )
+	ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+	static? (
+		${LIB_DEPEND}
+		ldns? (
+			!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
+			bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
+		)
+	)
+	virtual/pkgconfig
+	virtual/os-headers
+	sys-devel/autoconf"
+RDEPEND="${RDEPEND}
+	pam? ( >=sys-auth/pambase-20081028 )
+	userland_GNU? ( virtual/shadow )
+	X? ( x11-apps/xauth )"
+
+S=${WORKDIR}/${PARCH}
+
+pkg_setup() {
+	# this sucks, but i'd rather have people unable to `emerge -u openssh`
+	# than not be able to log in to their server any more
+	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
+	local fail="
+		$(use X509 && maybe_fail X509 X509_PATCH)
+		$(use ldap && maybe_fail ldap LDAP_PATCH)
+		$(use hpn && maybe_fail hpn HPN_PATCH)
+	"
+	fail=$(echo ${fail})
+	if [[ -n ${fail} ]] ; then
+		eerror "Sorry, but this version does not yet support features"
+		eerror "that you requested:	 ${fail}"
+		eerror "Please mask ${PF} for now and check back later:"
+		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
+		die "booooo"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		eerror "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
+		die "USE=tcpd no longer works"
+	fi
+}
+
+save_version() {
+	# version.h patch conflict avoidence
+	mv version.h version.h.$1
+	cp -f version.h.pristine version.h
+}
+
+src_prepare() {
+	sed -i \
+		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
+		pathnames.h || die
+	# keep this as we need it to avoid the conflict between LPK and HPN changing
+	# this file.
+	cp version.h version.h.pristine
+
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	epatch "${FILESDIR}"/${PN}-6.8_p1-sshd-gssapi-multihomed.patch #378361
+	if use X509 ; then
+		pushd .. >/dev/null
+		epatch "${WORKDIR}"/${P}-x509-${X509_VER}-glue.patch
+		epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
+		popd >/dev/null
+		epatch "${WORKDIR}"/${X509_PATCH%.*}
+		epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
+		save_version X509
+	fi
+	if use ldap ; then
+		epatch "${WORKDIR}"/${LDAP_PATCH%.*}
+		save_version LPK
+	fi
+	epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
+	epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
+	epatch "${FILESDIR}"/${PN}-6.8_p1-ssh-keygen-no-ssh1.patch #544078
+	# The X509 patchset fixes this independently.
+	use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
+	epatch "${WORKDIR}"/${P}-sctp.patch
+	if use hpn ; then
+		epatch "${WORKDIR}"/${HPN_PATCH%.*.*}/*
+		save_version HPN
+	fi
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable PATH reset, trust what portage gives us #254615
+		-e 's:^PATH=/:#PATH=/:'
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+	# The -ftrapv flag ICEs on hppa #505182
+	use hppa && sed_args+=(
+		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
+		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	epatch_user #473004
+
+	# Now we can build a sane merged version.h
+	(
+		sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
+		macros=()
+		for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
+		printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
+	) > version.h
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+	addpredict /etc/skey/skeykeys # skey configure code triggers this
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		# We apply the ldap patch conditionally, so can't pass --without-ldap
+		# unconditionally else we get unknown flag warnings.
+		$(use ldap && use_with ldap)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with sctp)
+		$(use_with selinux)
+		$(use_with skey)
+		$(use_with ssh1)
+		# The X509 patch deletes this option entirely.
+		$(use X509 || use_with ssl openssl)
+		$(use_with ssl md5-passwords)
+		$(use_with ssl ssl-engine)
+	)
+
+	# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
+	if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
+		myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
+		append-ldflags -lutil
+	fi
+
+	econf "${myconf[@]}"
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd.rc6.4 sshd
+	newconfd "${FILESDIR}"/sshd.confd sshd
+	keepdir /var/empty
+
+	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	if use pam ; then
+		sed -i \
+			-e "/^#UsePAM /s:.*:UsePAM yes:" \
+			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
+			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
+			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
+			"${ED}"/etc/ssh/sshd_config || die
+	fi
+
+	# Gentoo tweaks to default config files
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
+
+	# Allow client to pass locale environment variables #367017
+	AcceptEnv LANG LC_*
+	EOF
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
+
+	# Send locale environment variables #367017
+	SendEnv LANG LC_*
+	EOF
+
+	# This instruction is from the HPN webpage,
+	# Used for the server logging functionality
+	if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+		keepdir /var/empty/dev
+	fi
+
+	if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
+		insinto /etc/openldap/schema/
+		newins openssh-lpk_openldap.schema openssh-lpk.schema
+	fi
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	diropts -m 0700
+	dodir /etc/skel/.ssh
+
+	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
+	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
+}
+
+src_test() {
+	local t tests skipped failed passed shell
+	tests="interop-tests compat-tests"
+	skipped=""
+	shell=$(egetshell ${UID})
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		elog "Running the full OpenSSH testsuite"
+		elog "requires a usable shell for the 'portage'"
+		elog "user, so we will run a subset only."
+		skipped="${skipped} tests"
+	else
+		tests="${tests} tests"
+	fi
+	# It will also attempt to write to the homedir .ssh
+	local sshhome=${T}/homedir
+	mkdir -p "${sshhome}"/.ssh
+	for t in ${tests} ; do
+		# Some tests read from stdin ...
+		HOMEDIR="${sshhome}" \
+		emake -k -j1 ${t} </dev/null \
+			&& passed="${passed}${t} " \
+			|| failed="${failed}${t} "
+	done
+	einfo "Passed tests: ${passed}"
+	ewarn "Skipped tests: ${skipped}"
+	if [[ -n ${failed} ]] ; then
+		ewarn "Failed tests: ${failed}"
+		die "Some tests failed: ${failed}"
+	else
+		einfo "Failed tests: ${failed}"
+		return 0
+	fi
+}
+
+pkg_preinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+}
+
+pkg_postinst() {
+	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
+		elog "Starting with openssh-5.8p1, the server will default to a newer key"
+		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+	fi
+	ewarn "Remember to merge your config files in /etc/ssh/ and then"
+	ewarn "reload sshd: '/etc/init.d/sshd reload'."
+	# This instruction is from the HPN webpage,
+	# Used for the server logging functionality
+	if [[ -n ${HPN_PATCH} ]] && use hpn ; then
+		einfo "For the HPN server logging patch, you must ensure that"
+		einfo "your syslog application also listens at /var/empty/dev/log."
+	fi
+	elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
+	elog "      dropped it.  Make sure to update any configs that you might have."
+}