gentoo resync : 19.03.2019

14 files changed, 92 insertions, 2096 deletions

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 7bb5b0c20aaf..91784dccf8b6 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -9,24 +9,18 @@ AUX openssh-7.5_p1-s390-seccomp.patch 624 BLAKE2B 0bf595d72cd65993dde4e5aae0a3e0
 AUX openssh-7.5_p1-x32-typo.patch 772 BLAKE2B 3f27d669ee76e191f2f6f7c7d86b1d9cb7297cecf17b2d88d86ef498c9ca35231adb0edc9fb811698ec86fd65527cc3fe9f2ce514836aebe5dc27bca2a3a55dc SHA512 20d19301873d4b8e908527f462f40c2f4a513d0bb89d4c7b885f9fc7eb5d483eea544eb108d87ff6aaa3d988d360c2029910c18f7125c96e8367485553f59a5e
 AUX openssh-7.7_p1-GSSAPI-dns.patch 11342 BLAKE2B e648273cdd04bcd46b25a2ae2b4ffdfff455c7ab04f6c56cb5ad91859231c267211564f6b2785d9fad1b78c4fe0a095302c7acf732357efdb2273ebab9ceebab SHA512 bbfe702786636006dfe4560d8245d9007f9a94768a2df17a3ca3ead7bd1351edd2960f993e322b96828a0054ad55f71fcb77793a05ba2e52d8d9286431cc538a
 AUX openssh-7.8_p1-GSSAPI-dns.patch 11683 BLAKE2B 156499d327bc9236de7f22d333cfc5da608af38a97de701b7392ca831d2e54f4c313c385acc04fba9dca93e0f2497a0da1538ff7c1ab698353c173da0820c5ef SHA512 5e461fed07d62a13a85a7c8b7902dfe77f7e6bf1c6276c6877142a3acbe79650ebc019dd727183b1e9c781a4c3de22f9c36052a9aa5da5fb39fb4e252b8925af
-AUX openssh-7.8_p1-X509-no-version.patch 878 BLAKE2B 2ed1a11e4b9066720057e5ae0a8842c23628690fe2eb453e54d4ee11d7ed0f6b34f0f609b1661563bc86f9bc469781a2e86e4e0eb0ac40b01c62c3a6bff2cca0 SHA512 99bced3799591657044bbb660b82e02bea2790203566ac166641f2a23a7b40c0f98643001edab866747a8de49b3f2d5732324904352030e92651b75ed58a7791
-AUX openssh-7.8_p1-hpn-X509-glue.patch 2786 BLAKE2B ef0651dc65ea1ab22c17e6ba0efe34141bc3af4dafcdbfba5c7fd80107a31fbc7c2671670c57153918bd626f4172e7e16ba22b4f36d67ced1b6e9d7b03c9dbaa SHA512 a205809bded3ac0aba1aec0f27ddc3948414fc3354cf8ec2945fc91effb9a0617ef259475347164c2f7b95de280704be1646725dae183c070efd104c4c515510
-AUX openssh-7.8_p1-hpn-glue.patch 3644 BLAKE2B eed002fc87362fa8bf3a86681fdaf8153137b7a9de7ba4f6fe47dbb39031f61773e9546f226f8035ce4391dce62a1487ba1450cd92e02e4d74fc0875ef2ca603 SHA512 f6410be5632e4f04f6ba4517afe279640ddc7050750f036fb3e57ab4318e59b86dc44a983deacd6b6f88c4cd0f78dae523f9dded424dce3600a3b1d7a0964435
-AUX openssh-7.8_p1-hpn-sctp-glue.patch 597 BLAKE2B d7ac82653c48467ebdc59e1444eead84d3de8cdd93acda6361cedd0cc1e2969e52610c10075463ade71e4c1bb1fcb243bd34d11d6c21cd4c500b6743dc628770 SHA512 4742112e3d0e7463d9194a5ab068d3b6cae6bc4a9b5755599d49a13db514014c7d406c16c7ff59197917b5c152b2a54d15323d88de942215fced4c628cacf2c0
 AUX openssh-7.9_p1-CVE-2018-20685.patch 478 BLAKE2B 35d01914905289fa1ed2a8ee94c3d631a648fc3a6f5ee4963009a67b5e3d9b865cf0c66696858cb114ba02e1578b44203a0db0a0499e3864a5e7c854e715cb10 SHA512 044926de8e0b26ca5444ab2db4ae454cd66b98c85dbdcff384eb1e6ae900498d6591ff91954e6b9cb6b8efc56f415aa66c30b51699e9236279ba47dc6bf88e55
 AUX openssh-7.9_p1-X509-11.6-tests.patch 531 BLAKE2B cfb14747ed4e39d11d7727b779753ddf5f7e94be56d1dbe0a76131d8434dd4453c253467ec1eb7cac49a50f5a3f81c82b804926f46dc79ed09c252397ac9d349 SHA512 7f1322a94aa79c822a8bede36a92fe48dc6b9bf7ceca3068450877b543a1d186031060d642c7d689c02e06ef3e038eae9739deda53c6401439ed20808e82ff10
 AUX openssh-7.9_p1-X509-dont-make-piddir-11.6.patch 812 BLAKE2B e09cdf2c2d3cd0ae05ce7938542d8ebaccacd7b40920259798592e89b3b2a0425a207eee6dd71024b20e3f1220a4ecf65e9f35adc624ad9d5f2fa29b5b796860 SHA512 55612fc54a29ed1e0ea7c6e5332f217efb0b415ab4e04cb48f693bc8c48d8aaed0c962f111f939097fc990110ce506f187fe09827871ec0cee320c463523f7de
-AUX openssh-7.9_p1-X509-dont-make-piddir.patch 812 BLAKE2B 1b4a6def589125f6cf6e63f3be89dfeba4d3d80474df4420b10cbe280e777e4627066b70944313351ca7d54949b7e667192c945bda4a06fccdab780feaff72b7 SHA512 dc07ed8da66a9b29c125375da4b67e9654c4eca5cb3219b19de3f8433e8c593c0ded440c24c80332ffad3b0f25a0baa970a8de6bcecd3d4aa2ba1a6607376a93
 AUX openssh-7.9_p1-X509-glue-11.6.patch 1240 BLAKE2B a6c7f7971ddb9b10af1160a7306ed683da72e9bcc3809b1ac28071b67ef96da942dede47b161e9d88c8d3e8bac213425e4fc9b35703455378b11a9465b3dcc8d SHA512 0f4195740c871aec8d806a56911fda37c6ff87c13de094305faf95da718afcdd015672db798d1cb67d3493755fa186758b75a6c0d819188884c92915a7c16bc4
-AUX openssh-7.9_p1-X509-glue.patch 1240 BLAKE2B 9b5423774e37a90cbad6414ff143319f744452f02cdfb740f59eb8ff9c92f65cb1f64ebb8543e5d25ea082b3104e43a54e07fbc76da202e94df69d4230b44d3e SHA512 e326f1a148f65aef9aa170c5d714e471b1b0dca38c8d267e4879a6a36f476104fae921cef18c0ce25e2023aa3056e609aac294f34a67c85a2758f1b1421f7d26
 AUX openssh-7.9_p1-hpn-X509-glue.patch 2786 BLAKE2B ef0651dc65ea1ab22c17e6ba0efe34141bc3af4dafcdbfba5c7fd80107a31fbc7c2671670c57153918bd626f4172e7e16ba22b4f36d67ced1b6e9d7b03c9dbaa SHA512 a205809bded3ac0aba1aec0f27ddc3948414fc3354cf8ec2945fc91effb9a0617ef259475347164c2f7b95de280704be1646725dae183c070efd104c4c515510
 AUX openssh-7.9_p1-hpn-glue.patch 3644 BLAKE2B eed002fc87362fa8bf3a86681fdaf8153137b7a9de7ba4f6fe47dbb39031f61773e9546f226f8035ce4391dce62a1487ba1450cd92e02e4d74fc0875ef2ca603 SHA512 f6410be5632e4f04f6ba4517afe279640ddc7050750f036fb3e57ab4318e59b86dc44a983deacd6b6f88c4cd0f78dae523f9dded424dce3600a3b1d7a0964435
 AUX openssh-7.9_p1-hpn-openssl-1.1.patch 3160 BLAKE2B fdf063bfd7855879a3cc8765d841f743cd07f3f3c96ecfeb219243680e46deec0d5ebe14f4f2b417cfce4f681b6baf493ee04d86aec74c61777b0485681406e1 SHA512 775d06a5b22cd306f884602dcc22533fe55f083f39ffeed252e7e33d44c52910f0fbe7705ef260d09503d3c26cf7b76b5fa3b0c7f1b263150e945f2ca6050b2d
 AUX openssh-7.9_p1-hpn-sctp-glue.patch 597 BLAKE2B d7ac82653c48467ebdc59e1444eead84d3de8cdd93acda6361cedd0cc1e2969e52610c10075463ade71e4c1bb1fcb243bd34d11d6c21cd4c500b6743dc628770 SHA512 4742112e3d0e7463d9194a5ab068d3b6cae6bc4a9b5755599d49a13db514014c7d406c16c7ff59197917b5c152b2a54d15323d88de942215fced4c628cacf2c0
 AUX openssh-7.9_p1-include-stdlib.patch 914 BLAKE2B 9c7eb79f87ecd657a80821dfa979d8b0cc12a08d385ec085724f20aa6f5332593ffc7481bb9f816e91df3eb4d75d8f7b66383ff473d271270de128c3b2bf92e5 SHA512 7dade73bdafb0da484cbd396b4a644442f8ea12fef54c07e6308ae2e73a587fa4ddf401e8a0c467469b46fe7f00585e047462545182924c157b4d3894c707a70
-AUX openssh-7.9_p1-libressl-2.8.patch 391 BLAKE2B 779d278a3c66a41d65b15ef122f2a01832e71abb85c5a0314acb9d5a587fe6f337516a4387da051f56c4b7c269bb8bd67f54b4cabdceb840716fad381062f508 SHA512 83da5749a72a2e8e8d3e1125d9370de0f61f663ed4cf8605d39118be4c4f8b211a1c41c566ffd6f9239db0b8afa949b25728b26db146eab76509f3cd8611795d
 AUX openssh-7.9_p1-openssl-1.0.2-compat.patch 514 BLAKE2B e3859c2bed0e4116e558e7ea8c4679a8666316c26a650acd93ea023444bf69fafad6eba47a6faef7c017d812da76fe93a291e51c427ddecc1fe89bd362758403 SHA512 dde28496df7ee74a2bbcf0aba389abefade3dc41f7d10dc6d3c1a0aca087478bafe10d31ec5e61e758084fa0a2a7c64314502091d900d9cee487c1bdc92722a6
 AUX sshd-r1.confd 774 BLAKE2B df3f3f28cb4d35b49851399b52408c42e242ae3168ff3fc79add211903567da370cfe86a267932ca9cf13c3afbc38a8f1b53e753a31670ee61bf8ba8747832f8 SHA512 3a69752592126024319a95f1c1747af508fd639c86eca472106c5d6c23d5eeaa441ca74740d4b1aafaa0db759d38879e3c1cee742b08d6166ebc58cddac1e2fe
+AUX sshd-r1.initd 2675 BLAKE2B 47e87cec2d15b90aae362ce0c8e8ba08dada9ebc244e28be1fe67d24deb00675d3d9b8fef40def8a9224a3e2d15ab717574a3d837e099133c1cf013079588b55 SHA512 257d6437162b76c4a3a648ecc5d4739ca7eaa60b192fde91422c6c05d0de6adfa9635adc24d57dc3da6beb92b1b354ffe8fddad3db453efb610195d5509a4e27
 AUX sshd.confd 396 BLAKE2B 2fc146e83512d729e120cfe331441e8fe27eba804906cc0c463b938ddaf052e7392efbcda6699467afde22652c599e7d55b0ce18a344137263cd78647fea255f SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81
 AUX sshd.initd 2735 BLAKE2B c3fd3b653676b0e628d58939a55e0ff5cfdd177af18a9ef2d53dcb1717ce478ecb654da398752ee4fef0f6225416fd4fa5cfa6e83d7e977086744616d291dcd3 SHA512 9c3e908c79674bb070e99491dc587c1e6404b1e2eec711dc27cd54510ff68217c83e7ac6fcf7b89f62ba5393ff3e417774fd6d105422464203544e8fbc91c6bb
 AUX sshd.pam_include.2 156 BLAKE2B 91ebefbb1264fe3fe98df0a72ac22a4cd8a787b3b391af5769798e0b0185f0a588bc089d229c76138fd2db39fbe6bd33924f0d53e0513074d9c2d7abf88dcb78 SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c
@@ -43,13 +37,8 @@ DIST openssh-7.7p1-patches-1.2.tar.xz 17584 BLAKE2B 192ec01906c911197abec4606cdf
 DIST openssh-7.7p1-sctp-1.1.patch.xz 7548 BLAKE2B 3b960c2377351955007005de560c2a3e8d0d059a0435e5beda14c63e444dad8b4357edaccd1cfe446c6268514f152b2bcfa7fa3612f1ae1324a31fecb0e85ac5 SHA512 093605865262a2b972db8c92990a49ed6178ed4567fb2626518c826c8472553d9be99a9e6052a6f5e545d81867b4118e9fd8a2c0c26a2739f1720b0f13282cba
 DIST openssh-7.7p1-x509-11.3.1.patch.xz 362672 BLAKE2B 55b8b0ef00dc4d962a0db1115406b7b1e84110870c74198e9e4cb081b2ffde8daca67cb281c69d73b4c5cbffde361429d62634be194b57e888a0b434a0f42a37 SHA512 f84744f6d2e5a15017bce37bfa65ebb47dbafeac07ea9aab46bdc780b4062ff70687512d9d512cab81e3b9c701adb6ce17c5474f35cb4b49f57db2e2d45ac9ac
 DIST openssh-7.7p1.tar.gz 1536900 BLAKE2B 7aee360f2cea5bfa3f8426fcbd66fde2568f05f9c8e623326b60f03b7c5f8abf223e178aa1d5958015b51627565bf5b1ace35b57f309638c908f5a7bf5500d21 SHA512 597252cb48209a0cb98ca1928a67e8d63e4275252f25bc37269204c108f034baade6ba0634e32ae63422fddd280f73096a6b31ad2f2e7a848dde75ca30e14261
-DIST openssh-7.8p1+x509-11.4.diff.gz 536597 BLAKE2B 18593135d0d4010f40a6e0c99a6a2e9fb4ca98d00b4940be5cb547fcb647adc9663245274d4e792bcc7c2ec49accaceb7c3c489707bbb7aaeed260dd2e0eb1c3 SHA512 b95d46201626797f197c5aa8488b0543d2c7c5719b99fadd94ef2c888a96c6a7b649527b78b6d6014d953ae57e05ecf116192cf498687db8cb7669c3998deecc
-DIST openssh-7.8p1-sctp-1.1.patch.xz 7548 BLAKE2B d74010028f097812f554f9e788aa5e46d75c12edbef18aaeaa9866665025bdad04a1a028cc862d11d718208c1b63862780840332536a535bb2eaff7661c966ef SHA512 c084f6b2cfa9cb70f46ecc9edfce6e2843cd4cd5e36ac870f5ceaaedd056ba9aa2ce8769418239ad0fe5e7350573397a222b6525a029f4492feb7b144ee22aa3
-DIST openssh-7.8p1.tar.gz 1548026 BLAKE2B 938428408596d24d497f245e3662a0cff3d462645683bf75cd29a0ea56fa6c280e7fa866bedf0928dd5bc4085b82d5a4ce74b7eea0b45b86f879b69f74db1642 SHA512 8e5b0c8682a9243e4e8b7c374ec989dccd1a752eb6f84e593b67141e8b23dcc8b9a7322b1f7525d18e2ce8830a767d0d9793f997486339db201a57986b910705
-DIST openssh-7.9p1+x509-11.5.diff.gz 594995 BLAKE2B 2c44df224e4114da0473cbbdfdcc4bd84b0b0235f80b43517d70fe1071f219d2631f784015ab1470eebcf8f3b6b5f8744862acebb22f217c6e76f79e6a49c099 SHA512 4d2fd950dee9721add822fdb54ff8c20fd18da85081ce8a2bd2a1050d3ff7900a7213782c479691de9dcfe4e2f91061e124d34b365edb3831e8bfe4aef3744f9
 DIST openssh-7.9p1+x509-11.6.diff.gz 655819 BLAKE2B f442bb993f89782b74b0cd28906c91edfcf5b1d42a4c8135a5ccf5045e7eb000eb7aa301685b748f707506ba20e3b842d684db436872ed82b6d9b9c086879515 SHA512 0ff6ed2822aaa43cf352134b90975fb663662c5ea3d73b690601f24342ea207aecda8cdb9c1bdc3e3656fb059d842dfb3bf22646b626c303240808286103d8bc
 DIST openssh-7.9p1-patches-1.0.tar.xz 9080 BLAKE2B c14106a875b6ea0672a03f6cb292386daba96da23fed4ebd04a75f712e252bc88a25116b0b3b27446421aadf112451cb3b8a96d2f7d437e6728fe782190bc69e SHA512 7903cdb4ce5be0f1b1b741788fb372e68b0c9c1d6da0d854d8bc62e4743ad7cd13101b867b541828d3786b0857783377457e5e87ba9b63bfd9afcdbfd93ac103
-DIST openssh-7.9p1-sctp-1.1.patch.xz 7552 BLAKE2B 0eeda7c8a50c0c98433b5ee0734b9f79043067be376a9ca724d574d4a595c3f7aed0626342300467b73ad9003392e22fda8abe778158ba5be5a50a57eeef79f8 SHA512 6cad32c40dd3901c4eadb0c463a35ec2d901e61220c333d3df7759f672259f66fc83e2b1ace8b0ef84cbc1a65397f00f9c670ffa23726d8309fa5060512d2c21
 DIST openssh-7.9p1-sctp-1.2.patch.xz 7360 BLAKE2B 60e209371ecac24d0b60e48459d4d4044c0f364a2eea748cc4edd1501faec69a3c5b9e0b7db336968399ec684b6c8aceeac9196ba1ecf563ae3d660682cbc9a0 SHA512 d4d37a49cd43a3b9b7b173b0935267b84133b9b0954b7f71714ba781a6129c6d424f8b7a528dd7d4f287784c5517d57b1d6d7c6df8b5d738e34eb6dc7eae7191
 DIST openssh-7.9p1.tar.gz 1565384 BLAKE2B de15795e03d33d4f9fe4792f6b14500123230b6c00c1e5bd7207bb6d6bf6df0b2e057c1b1de0fee709f58dd159203fdd69fe1473118a6baedebaa0c1c4c55b59 SHA512 0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e
 DIST openssh-7_8_P1-hpn-AES-CTR-14.16.diff 29231 BLAKE2B e25877c5e22f674e6db5a0bc107e5daa2509fe762fb14ce7bb2ce9a115e8177a93340c1d19247b6c2c854b7e1f9ae9af9fd932e5fa9c0a6b2ba438cd11a42991 SHA512 1867fb94c29a51294a71a3ec6a299757565a7cda5696118b0b346ed9c78f2c81bb1b888cff5e3418776b2fa277a8f070c5eb9327bb005453e2ffd72d35cdafa7
@@ -57,9 +46,5 @@ DIST openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 43356 BLAKE2B 776fa140d64a16
 DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b
 EBUILD openssh-7.5_p1-r4.ebuild 11161 BLAKE2B e6276f34a75fbce06ebefa246786db15aff3bd9a59c77c41d96576b6aeb77c5e6fa17aceb573d4d1f0518aa703d298eb292d0d157fb843a702cbede1f42c0296 SHA512 446414c8961458b812b768d18afe46d60ef4dd54111d95b99654cfb3dfef592812b30527fdda352a595bba815e0ffea4a813e3291bcc96bacb368267ff837bdd
 EBUILD openssh-7.7_p1-r9.ebuild 15943 BLAKE2B 459a0f5920b3d5b4da2835e7f3c9f1edd185e48c509e5150a1306dbca3c2f17d0d9d3f41166c4263dd60c0218c11b278a4eaa6f53ae1429710fc749994f70d11 SHA512 3aa9018173cc53de22b1e4693daf4ca2716cd0bc0066f797b6b66926481aaabb3e82942beb305a95523ba64dc9ff95f54232c7538c1d30834f38d88dd94f18a2
-EBUILD openssh-7.8_p1.ebuild 15333 BLAKE2B 4452bc6cc03ed9fb8242b15894133e6e224e1ac0818688b02bc17850050bc67c0dd8fefcbba66c96bfedc8fb452bbcde7282062ea372d220a2b1d77fb0b48b20 SHA512 bff6000cd8913a885bcad3ffb60bde7760a24d37a4987afd34f4b38d603c8bc72bfe0d07f8f109c238d11e49bed72ddbcbe26838cd9d69b379dbf7521f12626f
-EBUILD openssh-7.9_p1-r1.ebuild 15769 BLAKE2B bd4f5f9e1927d59226c3469f22884c835d158f364f6b74946bd4c5fa551e1cb7715ffad9263b51a9319f44fae352b334eb536dd390f58d44fb6878f936e3b41d SHA512 b338b6e3708e4295a3cf5f8bbe1973fc8164bc2eff79e05272bfccc924a2416c10a7d225e5d5da53a2ba3e3e3c960f16db7561ebf3adca335032910b0154f67e
-EBUILD openssh-7.9_p1-r2.ebuild 15837 BLAKE2B 0e6156e6229b18255a66b9a8f1d9dbbc27ae49469f9815f07d61912d6cd90bf8a85aae6cdf541912649303c085d6b7033e1f9d12b5ba42be6d111612a86a4072 SHA512 6126eaaf18ccde1f618f927cb086919c5a13bd92c91566c8c9635b96779406a641550a6f510766502057ce1684b06d9b1128b1c40c0b49c1b5b7931b3d7d063a
-EBUILD openssh-7.9_p1-r3.ebuild 16274 BLAKE2B 72e17ec25234f863f139030c8b03cf6855ae1a91f6acc90245190315d320b7cf2217ed2189b6cca0cd6a75d292d6ea486af2ac4f35a873b9ab641af967b66b20 SHA512 4c87161971cd89e0f5d55012f6650b9c025e8bc7444fd2f0a9bfe4e12238942416e187bfb937af467b14d5db89c6ec4d201be551e347d0dd813d110a19d78a75
-EBUILD openssh-7.9_p1.ebuild 15743 BLAKE2B b6108901b97ede2d349729a80d69e9bb9ea059a36967ee1688113c0d17351ecdc3cded6f5e45abc8bb54dc9e1a40ccc78165edca6405a4148d99910f9f1cde44 SHA512 3787f6b671477ae1fd4eb5b6bbd5dbaf8375d36fcfda33b67de402fcc36396b28b221bc9e763b6c5f1ba8475330ee9c15edcf45134c048c7f8faec8e885e2893
+EBUILD openssh-7.9_p1-r4.ebuild 16288 BLAKE2B 14f5c4fd26e95abcc68f0c91592b45214048fb1fe78924380d77806696712d512efa6a14a3172d6f6cf3a5c9e0c638779d058f1e790eef51d9e86f2672c67644 SHA512 e30e04d553eab14ed526650ee6e174d482aa03bb83fee55be567efa3ce77603dfc0c4b4c1abacf3f20ef84452a2b00f2576f4395d7abd61f77b93b3d94230506
 MISC metadata.xml 2212 BLAKE2B 889550b17d2ba8072686ca5f398c64946fc04721fd7093c88fd7c1c5c7e4610fb01964f8e3d78e20cd0e9b9343895439772fee43b5635db893f3fc13ae9437cb SHA512 958845fbdfb4f1d267fdbc3a005c6338da54c6a0715180a1982416a841ab4865c536de5f10bb8493d07830e182786d0c3f2ac710c9168434b3d077a59ed2ddd5
diff --git a/net-misc/openssh/files/openssh-7.8_p1-X509-no-version.patch b/net-misc/openssh/files/openssh-7.8_p1-X509-no-version.patch
deleted file mode 100644
index 66641c27473e..000000000000
--- a/net-misc/openssh/files/openssh-7.8_p1-X509-no-version.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- a/openssh-7.8p1+x509-11.4.diff	2018-08-24 14:55:19.153936872 -0700
-+++ b/openssh-7.8p1+x509-11.4.diff	2018-08-24 14:55:58.116677254 -0700
-@@ -63643,16 +63643,6 @@
-  		    setlocale(LC_CTYPE, "POSIX.UTF-8") != NULL))
-  			return;
-  		setlocale(LC_CTYPE, "C");
--diff -ruN openssh-7.8p1/version.h openssh-7.8p1+x509-11.4/version.h
----- openssh-7.8p1/version.h	2018-08-23 08:41:42.000000000 +0300
--+++ openssh-7.8p1+x509-11.4/version.h	2018-08-24 20:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
-- 
-- #define SSH_VERSION	"OpenSSH_7.8"
-- 
---#define SSH_PORTABLE	"p1"
---#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE	PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-7.8p1/version.m4 openssh-7.8p1+x509-11.4/version.m4
- --- openssh-7.8p1/version.m4	1970-01-01 02:00:00.000000000 +0200
- +++ openssh-7.8p1+x509-11.4/version.m4	2018-08-24 20:00:00.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-7.8_p1-hpn-X509-glue.patch b/net-misc/openssh/files/openssh-7.8_p1-hpn-X509-glue.patch
deleted file mode 100644
index c76d454c92f8..000000000000
--- a/net-misc/openssh/files/openssh-7.8_p1-hpn-X509-glue.patch
+++ /dev/null
@@ -1,79 +0,0 @@
---- temp/openssh-7_8_P1-hpn-AES-CTR-14.16.diff.orig	2018-09-12 15:58:57.377986085 -0700
-+++ temp/openssh-7_8_P1-hpn-AES-CTR-14.16.diff	2018-09-12 16:07:15.376711327 -0700
-@@ -4,8 +4,8 @@
- +++ b/Makefile.in
- @@ -42,7 +42,7 @@ CC=@CC@
-  LD=@LD@
-- CFLAGS=@CFLAGS@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
-  K5LIBS=@K5LIBS@
-@@ -788,8 +788,8 @@
-  ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
-  {
-  	struct session_state *state;
---	const struct sshcipher *none = cipher_by_name("none");
--+	struct sshcipher *none = cipher_by_name("none");
-+-	const struct sshcipher *none = cipher_none();
-++	struct sshcipher *none = cipher_none();
-  	int r;
-
-  	if (none == NULL) {
-@@ -933,9 +933,9 @@
-  	/* Portable-specific options */
-  	sUsePAM,
- +	sDisableMTAES,
-- 	/* Standard Options */
-- 	sPort, sHostKeyFile, sLoginGraceTime,
-- 	sPermitRootLogin, sLogFacility, sLogLevel,
-+ 	/* X.509 Standard Options */
-+ 	sHostbasedAlgorithms,
-+ 	sPubkeyAlgorithms,
- @@ -626,6 +630,7 @@ static struct {
-  	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
-  	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
---- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig	2018-09-12 16:38:16.947447218 -0700
-+++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff	2018-09-12 16:32:35.479700864 -0700
-@@ -382,7 +382,7 @@
- @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh)
-  	int nenc, nmac, ncomp;
-  	u_int mode, ctos, need, dh_need, authlen;
-- 	int r, first_kex_follows;
-+ 	int r, first_kex_follows = 0;
- +	int auth_flag;
- +
- +	auth_flag = packet_authentication_state(ssh);
-@@ -1125,15 +1125,6 @@
- index a738c3a..b32dbe0 100644
- --- a/sshd.c
- +++ b/sshd.c
--@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-- 	char remote_version[256];	/* Must be at least as big as buf. */
-- 
-- 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
---	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
--+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
-- 	    *options.version_addendum == '\0' ? "" : " ",
-- 	    options.version_addendum);
-- 
- @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la)
-  	int ret, listen_sock;
-  	struct addrinfo *ai;
-@@ -1213,14 +1204,3 @@
-  # Example of overriding settings on a per-user basis
-  #Match User anoncvs
-  #	X11Forwarding no
--diff --git a/version.h b/version.h
--index f1bbf00..21a70c2 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION	"OpenSSH_7.8"
-- 
-- #define SSH_PORTABLE	"p1"
---#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
--+ 
diff --git a/net-misc/openssh/files/openssh-7.8_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-7.8_p1-hpn-glue.patch
deleted file mode 100644
index 0561e3814067..000000000000
--- a/net-misc/openssh/files/openssh-7.8_p1-hpn-glue.patch
+++ /dev/null
@@ -1,112 +0,0 @@
---- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig	2018-09-11 17:19:19.968420409 -0700
-+++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff	2018-09-11 17:39:19.977535398 -0700
-@@ -409,18 +409,10 @@
- index dcf35e6..da4ced0 100644
- --- a/packet.c
- +++ b/packet.c
--@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-  	return 0;
-  }
-  
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+	rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -434,20 +426,6 @@
-  #define MAX_PACKETS	(1U<<31)
-  static int
-  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- 		return 0;
-- 
--+	/* used to force rekeying when called for by the none
--+         * cipher switch methods -cjr */
--+        if (rekey_requested == 1) {
--+                rekey_requested = 0;
--+                return 1;
--+        }
--+
-- 	/* Time-based rekeying */
-- 	if (state->rekey_interval != 0 &&
-- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- diff --git a/packet.h b/packet.h
- index 170203c..f4d9df2 100644
- --- a/packet.h
-@@ -476,9 +454,9 @@
-  /* Format of the configuration file:
-  
- @@ -166,6 +167,8 @@ typedef enum {
-- 	oHashKnownHosts,
-  	oTunnel, oTunnelDevice,
-  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ 	oDisableMTAES,
- +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- +	oNoneEnabled, oNoneSwitch,
-  	oVisualHostKey,
-@@ -615,9 +593,9 @@
-  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
-  	SyslogFacility log_facility;	/* Facility for system logging. */
- @@ -111,7 +115,10 @@ typedef struct {
-- 
-  	int	enable_ssh_keysign;
-  	int64_t rekey_limit;
-+ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
- +	int     none_switch;    /* Use none cipher */
- +	int     none_enabled;   /* Allow none to be used */
-  	int	rekey_interval;
-@@ -673,9 +651,9 @@
-  	/* Portable-specific options */
-  	if (options->use_pam == -1)
- @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
-- 	}
-- 	if (options->permit_tun == -1)
-  		options->permit_tun = SSH_TUNMODE_NO;
-+ 	if (options->disable_multithreaded == -1)
-+ 		options->disable_multithreaded = 0;
- +	if (options->none_enabled == -1)
- +		options->none_enabled = 0;
- +	if (options->hpn_disabled == -1)
-@@ -1092,7 +1070,7 @@
-  	xxx_host = host;
-  	xxx_hostaddr = hostaddr;
-  
--@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
-+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
-  
-  	if (!authctxt.success)
-  		fatal("Authentication failed.");
-@@ -1117,10 +1095,9 @@
- +			fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
- +		}
- +	}
--+
-- 	debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
-  
-+ #ifdef WITH_OPENSSL
-+ 	if (options.disable_multithreaded == 0) {
- diff --git a/sshd.c b/sshd.c
- index a738c3a..b32dbe0 100644
- --- a/sshd.c
-@@ -1217,11 +1194,10 @@
- index f1bbf00..21a70c2 100644
- --- a/version.h
- +++ b/version.h
--@@ -3,4 +3,6 @@
-+@@ -3,4 +3,5 @@
-  #define SSH_VERSION	"OpenSSH_7.8"
-  
-  #define SSH_PORTABLE	"p1"
- -#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN         "-hpn14v16"
- +#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
- + 
diff --git a/net-misc/openssh/files/openssh-7.8_p1-hpn-sctp-glue.patch b/net-misc/openssh/files/openssh-7.8_p1-hpn-sctp-glue.patch
deleted file mode 100644
index a7d51ad94839..000000000000
--- a/net-misc/openssh/files/openssh-7.8_p1-hpn-sctp-glue.patch
+++ /dev/null
@@ -1,17 +0,0 @@
---- dd/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig	2018-09-12 18:18:51.851536374 -0700
-+++ dd/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff	2018-09-12 18:19:01.116475099 -0700
-@@ -1190,14 +1190,3 @@
-  # Example of overriding settings on a per-user basis
-  #Match User anoncvs
-  #	X11Forwarding no
--diff --git a/version.h b/version.h
--index f1bbf00..21a70c2 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION	"OpenSSH_7.8"
-- 
-- #define SSH_PORTABLE	"p1"
---#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
--+ 
diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch
deleted file mode 100644
index c30ca2785448..000000000000
--- a/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/openssh-7.9p1+x509-11.5.diff	2018-12-07 17:24:03.211328918 -0800
-+++ b/openssh-7.9p1+x509-11.5.diff	2018-12-07 17:24:13.399262277 -0800
-@@ -40681,12 +40681,11 @@
-
-  install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
-  install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
--@@ -333,6 +351,8 @@
-+@@ -333,6 +351,7 @@
-  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
-  	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
-  	$(MKDIR_P) $(DESTDIR)$(libexecdir)
- +	$(MKDIR_P) $(DESTDIR)$(sshcadir)
--+	$(MKDIR_P) $(DESTDIR)$(piddir)
-  	$(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
-  	$(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
-  	$(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
deleted file mode 100644
index 1f1ec4a4d773..000000000000
--- a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
+++ /dev/null
@@ -1,28 +0,0 @@
---- a/openssh-7.9p1+x509-11.5.diff	2018-10-23 16:21:22.580154353 -0700
-+++ b/openssh-7.9p1+x509-11.5.diff	2018-10-23 16:22:39.600652048 -0700
-@@ -44045,7 +44045,7 @@
-  	ENGINE_register_all_complete();
- +#endif
-  
---#if OPENSSL_VERSION_NUMBER < 0x10001000L
-+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- +	/* OPENSSL_config will load buildin engines and engines
- +	 * specified in configuration file, i.e. method call
- +	 * ENGINE_load_builtin_engines. Latter is only for
-@@ -77691,16 +77691,6 @@
-  		    setlocale(LC_CTYPE, "POSIX.UTF-8") != NULL))
-  			return;
-  		setlocale(LC_CTYPE, "C");
--diff -ruN openssh-7.9p1/version.h openssh-7.9p1+x509-11.5/version.h
----- openssh-7.9p1/version.h	2018-10-17 03:01:20.000000000 +0300
--+++ openssh-7.9p1+x509-11.5/version.h	2018-10-19 19:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
-- 
-- #define SSH_VERSION	"OpenSSH_7.9"
-- 
---#define SSH_PORTABLE	"p1"
---#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE	PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-7.9p1/version.m4 openssh-7.9p1+x509-11.5/version.m4
- --- openssh-7.9p1/version.m4	1970-01-01 02:00:00.000000000 +0200
- +++ openssh-7.9p1+x509-11.5/version.m4	2018-10-19 18:13:58.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch b/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch
deleted file mode 100644
index 58f3ce2922ec..000000000000
--- a/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- openssh-7.9p1.orig/evp-compat.h	2018-12-07 17:07:37.929762570 -0800
-+++ openssh-7.9p1/evp-compat.h	2018-12-07 17:08:03.923592845 -0800
-@@ -100,11 +100,13 @@
- }
- 
- 
-+#if LIBRESSL_VERSION_NUMBER < 0x20800000L
- static inline int
- EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
- {
- 	return(ctx->encrypt);
- }
-+#endif /* LIBRESSL_VERSION_NUMBER < 0x20800000L */
- 
- 
- static inline void*
diff --git a/net-misc/openssh/files/sshd-r1.initd b/net-misc/openssh/files/sshd-r1.initd
new file mode 100644
index 000000000000..e91cd0116cd4
--- /dev/null
+++ b/net-misc/openssh/files/sshd-r1.initd
@@ -0,0 +1,87 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
+: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
+: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
+: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
+: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
+
+command="${SSHD_BINARY}"
+pidfile="${SSHD_PIDFILE}"
+command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
+
+# Wait one second (length chosen arbitrarily) to see if sshd actually
+# creates a PID file, or if it crashes for some reason like not being
+# able to bind to the address in ListenAddress (bug 617596).
+: ${SSHD_SSD_OPTS:=--wait 1000}
+start_stop_daemon_args="${SSHD_SSD_OPTS}"
+
+depend() {
+	# Entropy can be used by ssh-keygen, among other things, but
+	# is not strictly required (bug 470020).
+	use logger dns entropy
+	if [ "${rc_need+set}" = "set" ] ; then
+		: # Do nothing, the user has explicitly set rc_need
+	else
+		local x warn_addr
+		for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
+			case "${x}" in
+				0.0.0.0|0.0.0.0:*) ;;
+				::|\[::\]*) ;;
+				*) warn_addr="${warn_addr} ${x}" ;;
+			esac
+		done
+		if [ -n "${warn_addr}" ] ; then
+			need net
+			ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
+			ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
+			ewarn "where FOO is the interface(s) providing the following address(es):"
+			ewarn "${warn_addr}"
+		fi
+	fi
+}
+
+checkconfig() {
+	checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
+
+	if [ ! -e "${SSHD_CONFIG}" ] ; then
+		eerror "You need an ${SSHD_CONFIG} file to run sshd"
+		eerror "There is a sample file in /usr/share/doc/openssh"
+		return 1
+	fi
+
+	${SSHD_KEYGEN_BINARY} -A || return 2
+
+	"${command}" -t ${command_args} || return 3
+}
+
+start_pre() {
+	# Make sure that the user's config isn't busted before we try
+	# to start the daemon (this will produce better error messages
+	# than if we just try to start it blindly).
+	#
+	# We always need to call checkconfig because this function will
+	# also generate any missing host key and you can start a
+	# non-running service with "restart" argument.
+	checkconfig || return $?
+}
+
+stop_pre() {
+	# If this is a restart, check to make sure the user's config
+	# isn't busted before we stop the running daemon.
+	if [ "${RC_CMD}" = "restart" ] ; then
+		checkconfig || return $?
+	fi
+}
+
+reload() {
+	checkconfig || return $?
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --signal HUP --pidfile "${pidfile}"
+	eend $?
+}
diff --git a/net-misc/openssh/openssh-7.8_p1.ebuild b/net-misc/openssh/openssh-7.8_p1.ebuild
deleted file mode 100644
index 3ce6916d6e9b..000000000000
--- a/net-misc/openssh/openssh-7.8_p1.ebuild
+++ /dev/null
@@ -1,438 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit user flag-o-matic multilib autotools pam systemd
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-CAP_PV="${PV^^}"
-
-HPN_VER="14.16"
-HPN_PATCHES=(
-	${PN}-${CAP_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
-	${PN}-${CAP_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
-)
-HPN_DISABLE_MTAES=1 # unit tests hang on MT-AES-CTR
-SCTP_VER="1.1" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
-X509_VER="11.4" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
-	${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${PV/_}/%s\n" "${HPN_PATCHES[@]}") )}
-	${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
-	"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	X509? ( !sctp ssl )
-	test? ( ssl )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
-		bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? (
-		!libressl? (
-			>=dev-libs/openssl-1.0.1:0=[bindist=]
-			dev-libs/openssl:0=[static-libs(+)]
-		)
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]"
-RDEPEND="
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( virtual/pam )
-	kerberos? ( virtual/krb5 )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )
-	virtual/pkgconfig
-	virtual/os-headers
-	sys-devel/autoconf"
-RDEPEND="${RDEPEND}
-	pam? ( >=sys-auth/pambase-20081028 )
-	userland_GNU? ( virtual/shadow )
-	X? ( x11-apps/xauth )"
-
-S="${WORKDIR}/${PARCH}"
-
-pkg_pretend() {
-	# this sucks, but i'd rather have people unable to `emerge -u openssh`
-	# than not be able to log in to their server any more
-	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
-	local fail="
-		$(use hpn && maybe_fail hpn HPN_VER)
-		$(use sctp && maybe_fail sctp SCTP_PATCH)
-		$(use X509 && maybe_fail X509 X509_PATCH)
-	"
-	fail=$(echo ${fail})
-	if [[ -n ${fail} ]] ; then
-		eerror "Sorry, but this version does not yet support features"
-		eerror "that you requested:	 ${fail}"
-		eerror "Please mask ${PF} for now and check back later:"
-		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
-		die "booooo"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT%/}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	sed -i \
-		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX%/}/usr/bin/xauth:" \
-		pathnames.h || die
-
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	eapply "${FILESDIR}"/${PN}-7.8_p1-GSSAPI-dns.patch #165444 integrated into gsskex
-	eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
-	eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
-
-	local PATCHSET_VERSION_MACROS=()
-
-	if use X509 ; then
-		pushd "${WORKDIR}" || die
-		eapply "${FILESDIR}/${P}-X509-no-version.patch"
-		popd || die
-
-		eapply "${WORKDIR}"/${X509_PATCH%.*}
-
-		# We need to patch package version or any X.509 sshd will reject our ssh client
-		# with "userauth_pubkey: could not parse key: string is too large [preauth]"
-		# error
-		einfo "Patching package version for X.509 patch set ..."
-		sed -i \
-			-e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \
-			"${S}"/configure.ac || die "Failed to patch package version for X.509 patch"
-
-		einfo "Patching version.h to expose X.509 patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE.*/a #define SSH_X509               \"-PKIXSSH-${X509_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in X.509 patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_X509' )
-	fi
-
-	if use sctp ; then
-		eapply "${WORKDIR}"/${SCTP_PATCH%.*}
-
-		einfo "Patching version.h to expose SCTP patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_SCTP        \"-sctp-${SCTP_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in SCTP patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
-
-		einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..."
-		sed -i \
-			-e "/\t\tcfgparse \\\/d" \
-			"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
-	fi
-
-	if use hpn ; then
-		local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
-		mkdir "${hpn_patchdir}"
-		cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}"
-		pushd "${hpn_patchdir}"
-		eapply "${FILESDIR}"/${P}-hpn-glue.patch
-		use X509 && eapply "${FILESDIR}"/${P}-hpn-X509-glue.patch
-		use sctp && eapply "${FILESDIR}"/${P}-hpn-sctp-glue.patch
-		popd
-
-		eapply "${hpn_patchdir}"
-
-		einfo "Patching Makefile.in for HPN patch set ..."
-		sed -i \
-			-e "/^LIBS=/ s/\$/ -lpthread/" \
-			"${S}"/Makefile.in || die "Failed to patch Makefile.in"
-
-		einfo "Patching version.h to expose HPN patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_HPN         \"-hpn${HPN_VER//./v}\"" \
-			"${S}"/version.h || die "Failed to sed-in HPN patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_HPN' )
-
-		if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-			einfo "Disabling known non-working MT AES cipher per default ..."
-
-			cat > "${T}"/disable_mtaes.conf <<- EOF
-
-			# HPN's Multi-Threaded AES CTR cipher is currently known to be broken
-			# and therefore disabled per default.
-			DisableMTAES yes
-			EOF
-			sed -i \
-				-e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \
-				"${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config"
-
-			sed -i \
-				-e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \
-				"${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config"
-		fi
-	fi
-
-	if use X509 || use sctp || use hpn ; then
-		einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)"
-
-		einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)"
-
-		einfo "Patching version.h to add our patch sets to SSH_RELEASE ..."
-		sed -i \
-			-e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \
-			"${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)"
-	fi
-
-	sed -i \
-		-e "/#UseLogin no/d" \
-		"${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)"
-
-	[[ -d ${WORKDIR}/patch ]] && eapply "${WORKDIR}"/patch
-
-	eapply_user #473004
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable PATH reset, trust what portage gives us #254615
-		-e 's:^PATH=/:#PATH=/:'
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# The -ftrapv flag ICEs on hppa #505182
-	use hppa && sed_args+=(
-		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
-	)
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX%/}"/etc/ssh
-		--libexecdir="${EPREFIX%/}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX%/}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX%/}"/var/empty
-		--with-privsep-user=sshd
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX%/}"/usr)
-		# We apply the sctp patch conditionally, so can't pass --without-sctp
-		# unconditionally else we get unknown flag warnings.
-		$(use sctp && use_with sctp)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with ssl openssl)
-		$(use_with ssl md5-passwords)
-		$(use_with ssl ssl-engine)
-		$(use_with !elibc_Cygwin hardening) #659210
-	)
-
-	# stackprotect is broken on musl x86
-	use elibc_musl && use x86 && myconf+=( --without-stackprotect )
-
-	# The seccomp sandbox is broken on x32, so use the older method for now. #553748
-	use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local t skipped=() failed=() passed=()
-	local tests=( interop-tests compat-tests )
-
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		elog "user, so we will run a subset only."
-		skipped+=( tests )
-	else
-		tests+=( tests )
-	fi
-
-	# It will also attempt to write to the homedir .ssh.
-	local sshhome=${T}/homedir
-	mkdir -p "${sshhome}"/.ssh
-	for t in "${tests[@]}" ; do
-		# Some tests read from stdin ...
-		HOMEDIR="${sshhome}" HOME="${sshhome}" \
-		emake -k -j1 ${t} </dev/null \
-			&& passed+=( "${t}" ) \
-			|| failed+=( "${t}" )
-	done
-
-	einfo "Passed tests: ${passed[*]}"
-	[[ ${#skipped[@]} -gt 0 ]] && ewarn "Skipped tests: ${skipped[*]}"
-	[[ ${#failed[@]}  -gt 0 ]] && die "Some tests failed: ${failed[*]}"
-}
-
-# Gentoo tweaks to default config files.
-tweak_ssh_configs() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	# First the server config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/sshd_config
-
-	# Allow client to pass locale environment variables. #367017
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM. #658540
-	AcceptEnv COLORTERM
-	EOF
-
-	# Then the client config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/ssh_config
-
-	# Send locale environment variables. #367017
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM. #658540
-	SendEnv COLORTERM
-	EOF
-
-	if use pam ; then
-		sed -i \
-			-e "/^#UsePAM /s:.*:UsePAM yes:" \
-			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-
-	if use livecd ; then
-		sed -i \
-			-e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-
-	tweak_ssh_configs
-
-	doman contrib/ssh-copy-id.1
-	dodoc CREDITS OVERVIEW README* TODO sshd_config
-	use hpn && dodoc HPN-README
-	use X509 || dodoc ChangeLog
-
-	diropts -m 0700
-	dodir /etc/skel/.ssh
-
-	keepdir /var/empty
-
-	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
-	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-pkg_preinst() {
-	enewgroup sshd 22
-	enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
-	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
-		elog "Starting with openssh-5.8p1, the server will default to a newer key"
-		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
-		elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-		elog "Make sure to update any configs that you might have.  Note that xinetd might"
-		elog "be an alternative for you as it supports USE=tcpd."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
-		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-		elog "adding to your sshd_config or ~/.ssh/config files:"
-		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-		elog "You should however generate new keys using rsa or ed25519."
-
-		elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-		elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-		elog "out of the box.  If you need this, please update your sshd_config explicitly."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.6_p1" ; then
-		elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-		elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then
-		elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-		elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-		elog "if you need to authenticate against LDAP."
-		elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-	fi
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-
-	if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-		elog ""
-		elog "HPN's multi-threaded AES CTR cipher is currently known to be broken"
-		elog "and therefore disabled at runtime per default."
-		elog "Make sure your sshd_config is up to date and contains"
-		elog ""
-		elog "  DisableMTAES yes"
-		elog ""
-		elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
-		elog ""
-	fi
-}
diff --git a/net-misc/openssh/openssh-7.9_p1-r1.ebuild b/net-misc/openssh/openssh-7.9_p1-r1.ebuild
deleted file mode 100644
index af3fd632c5fc..000000000000
--- a/net-misc/openssh/openssh-7.9_p1-r1.ebuild
+++ /dev/null
@@ -1,450 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit user flag-o-matic multilib autotools pam systemd
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-#HPN_PV="${PV^^}"
-HPN_PV="7.8_P1"
-
-HPN_VER="14.16"
-HPN_PATCHES=(
-	${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
-	${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
-)
-HPN_DISABLE_MTAES=1 # unit tests hang on MT-AES-CTR
-SCTP_VER="1.1" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
-X509_VER="11.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
-	${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_}/%s\n" "${HPN_PATCHES[@]}") )}
-	${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
-	"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	X509? ( !sctp ssl )
-	test? ( ssl )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
-		bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? (
-		!libressl? (
-			|| (
-				(
-					>=dev-libs/openssl-1.0.1:0[bindist=]
-					<dev-libs/openssl-1.1.0:0[bindist=]
-				)
-				>=dev-libs/openssl-1.1.0g:0[bindist=]
-			)
-			dev-libs/openssl:0=[static-libs(+)]
-		)
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]"
-RDEPEND="
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( virtual/pam )
-	kerberos? ( virtual/krb5 )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )
-	virtual/pkgconfig
-	virtual/os-headers
-	sys-devel/autoconf"
-RDEPEND="${RDEPEND}
-	pam? ( >=sys-auth/pambase-20081028 )
-	userland_GNU? ( virtual/shadow )
-	X? ( x11-apps/xauth )"
-
-S="${WORKDIR}/${PARCH}"
-
-pkg_pretend() {
-	# this sucks, but i'd rather have people unable to `emerge -u openssh`
-	# than not be able to log in to their server any more
-	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
-	local fail="
-		$(use hpn && maybe_fail hpn HPN_VER)
-		$(use sctp && maybe_fail sctp SCTP_PATCH)
-		$(use X509 && maybe_fail X509 X509_PATCH)
-	"
-	fail=$(echo ${fail})
-	if [[ -n ${fail} ]] ; then
-		eerror "Sorry, but this version does not yet support features"
-		eerror "that you requested:	 ${fail}"
-		eerror "Please mask ${PF} for now and check back later:"
-		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
-		die "booooo"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT%/}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	sed -i \
-		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX%/}/usr/bin/xauth:" \
-		pathnames.h || die
-
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	eapply "${FILESDIR}"/${PN}-7.9_p1-openssl-1.0.2-compat.patch
-	eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch
-	eapply "${FILESDIR}"/${PN}-7.8_p1-GSSAPI-dns.patch #165444 integrated into gsskex
-	eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
-	eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
-
-	local PATCHSET_VERSION_MACROS=()
-
-	if use X509 ; then
-		pushd "${WORKDIR}" || die
-		eapply "${FILESDIR}/${P}-X509-glue-${X509_VER}.patch"
-		eapply "${FILESDIR}/${P}-X509-dont-make-piddir-${X509_VER}.patch"
-		popd || die
-
-		eapply "${WORKDIR}"/${X509_PATCH%.*}
-		eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch
-
-		# We need to patch package version or any X.509 sshd will reject our ssh client
-		# with "userauth_pubkey: could not parse key: string is too large [preauth]"
-		# error
-		einfo "Patching package version for X.509 patch set ..."
-		sed -i \
-			-e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \
-			"${S}"/configure.ac || die "Failed to patch package version for X.509 patch"
-
-		einfo "Patching version.h to expose X.509 patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE.*/a #define SSH_X509               \"-PKIXSSH-${X509_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in X.509 patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_X509' )
-	fi
-
-	if use sctp ; then
-		eapply "${WORKDIR}"/${SCTP_PATCH%.*}
-
-		einfo "Patching version.h to expose SCTP patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_SCTP        \"-sctp-${SCTP_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in SCTP patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
-
-		einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..."
-		sed -i \
-			-e "/\t\tcfgparse \\\/d" \
-			"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
-	fi
-
-	if use hpn ; then
-		local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
-		mkdir "${hpn_patchdir}"
-		cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}"
-		pushd "${hpn_patchdir}"
-		eapply "${FILESDIR}"/${P}-hpn-glue.patch
-		use X509 && eapply "${FILESDIR}"/${P}-hpn-X509-glue.patch
-		use sctp && eapply "${FILESDIR}"/${P}-hpn-sctp-glue.patch
-		popd
-
-		eapply "${hpn_patchdir}"
-		eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
-
-		einfo "Patching Makefile.in for HPN patch set ..."
-		sed -i \
-			-e "/^LIBS=/ s/\$/ -lpthread/" \
-			"${S}"/Makefile.in || die "Failed to patch Makefile.in"
-
-		einfo "Patching version.h to expose HPN patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_HPN         \"-hpn${HPN_VER//./v}\"" \
-			"${S}"/version.h || die "Failed to sed-in HPN patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_HPN' )
-
-		if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-			einfo "Disabling known non-working MT AES cipher per default ..."
-
-			cat > "${T}"/disable_mtaes.conf <<- EOF
-
-			# HPN's Multi-Threaded AES CTR cipher is currently known to be broken
-			# and therefore disabled per default.
-			DisableMTAES yes
-			EOF
-			sed -i \
-				-e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \
-				"${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config"
-
-			sed -i \
-				-e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \
-				"${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config"
-		fi
-	fi
-
-	if use X509 || use sctp || use hpn ; then
-		einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)"
-
-		einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)"
-
-		einfo "Patching version.h to add our patch sets to SSH_RELEASE ..."
-		sed -i \
-			-e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \
-			"${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)"
-	fi
-
-	sed -i \
-		-e "/#UseLogin no/d" \
-		"${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)"
-
-	[[ -d ${WORKDIR}/patch ]] && eapply "${WORKDIR}"/patch
-
-	eapply_user #473004
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable PATH reset, trust what portage gives us #254615
-		-e 's:^PATH=/:#PATH=/:'
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# The -ftrapv flag ICEs on hppa #505182
-	use hppa && sed_args+=(
-		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
-	)
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX%/}"/etc/ssh
-		--libexecdir="${EPREFIX%/}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX%/}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX%/}"/var/empty
-		--with-privsep-user=sshd
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX%/}"/usr)
-		# We apply the sctp patch conditionally, so can't pass --without-sctp
-		# unconditionally else we get unknown flag warnings.
-		$(use sctp && use_with sctp)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with ssl openssl)
-		$(use_with ssl md5-passwords)
-		$(use_with ssl ssl-engine)
-		$(use_with !elibc_Cygwin hardening) #659210
-	)
-
-	# stackprotect is broken on musl x86
-	use elibc_musl && use x86 && myconf+=( --without-stackprotect )
-
-	# The seccomp sandbox is broken on x32, so use the older method for now. #553748
-	use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local t skipped=() failed=() passed=()
-	local tests=( interop-tests compat-tests )
-
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		elog "user, so we will run a subset only."
-		skipped+=( tests )
-	else
-		tests+=( tests )
-	fi
-
-	# It will also attempt to write to the homedir .ssh.
-	local sshhome=${T}/homedir
-	mkdir -p "${sshhome}"/.ssh
-	for t in "${tests[@]}" ; do
-		# Some tests read from stdin ...
-		HOMEDIR="${sshhome}" HOME="${sshhome}" \
-		emake -k -j1 ${t} </dev/null \
-			&& passed+=( "${t}" ) \
-			|| failed+=( "${t}" )
-	done
-
-	einfo "Passed tests: ${passed[*]}"
-	[[ ${#skipped[@]} -gt 0 ]] && ewarn "Skipped tests: ${skipped[*]}"
-	[[ ${#failed[@]}  -gt 0 ]] && die "Some tests failed: ${failed[*]}"
-}
-
-# Gentoo tweaks to default config files.
-tweak_ssh_configs() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	# First the server config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/sshd_config
-
-	# Allow client to pass locale environment variables. #367017
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM. #658540
-	AcceptEnv COLORTERM
-	EOF
-
-	# Then the client config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/ssh_config
-
-	# Send locale environment variables. #367017
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM. #658540
-	SendEnv COLORTERM
-	EOF
-
-	if use pam ; then
-		sed -i \
-			-e "/^#UsePAM /s:.*:UsePAM yes:" \
-			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-
-	if use livecd ; then
-		sed -i \
-			-e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-
-	tweak_ssh_configs
-
-	doman contrib/ssh-copy-id.1
-	dodoc CREDITS OVERVIEW README* TODO sshd_config
-	use hpn && dodoc HPN-README
-	use X509 || dodoc ChangeLog
-
-	diropts -m 0700
-	dodir /etc/skel/.ssh
-
-	keepdir /var/empty
-
-	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
-	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-pkg_preinst() {
-	enewgroup sshd 22
-	enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
-	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
-		elog "Starting with openssh-5.8p1, the server will default to a newer key"
-		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
-		elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-		elog "Make sure to update any configs that you might have.  Note that xinetd might"
-		elog "be an alternative for you as it supports USE=tcpd."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
-		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-		elog "adding to your sshd_config or ~/.ssh/config files:"
-		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-		elog "You should however generate new keys using rsa or ed25519."
-
-		elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-		elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-		elog "out of the box.  If you need this, please update your sshd_config explicitly."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.6_p1" ; then
-		elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-		elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then
-		elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-		elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-		elog "if you need to authenticate against LDAP."
-		elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-	fi
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-
-	if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-		elog ""
-		elog "HPN's multi-threaded AES CTR cipher is currently known to be broken"
-		elog "and therefore disabled at runtime per default."
-		elog "Make sure your sshd_config is up to date and contains"
-		elog ""
-		elog "  DisableMTAES yes"
-		elog ""
-		elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
-		elog ""
-	fi
-}
diff --git a/net-misc/openssh/openssh-7.9_p1-r2.ebuild b/net-misc/openssh/openssh-7.9_p1-r2.ebuild
deleted file mode 100644
index 0b89a756c78c..000000000000
--- a/net-misc/openssh/openssh-7.9_p1-r2.ebuild
+++ /dev/null
@@ -1,451 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit user flag-o-matic multilib autotools pam systemd
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-#HPN_PV="${PV^^}"
-HPN_PV="7.8_P1"
-
-HPN_VER="14.16"
-HPN_PATCHES=(
-	${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
-	${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
-)
-HPN_DISABLE_MTAES=1 # unit tests hang on MT-AES-CTR
-SCTP_VER="1.1" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
-X509_VER="11.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
-	${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_}/%s\n" "${HPN_PATCHES[@]}") )}
-	${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
-	"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	X509? ( !sctp ssl )
-	test? ( ssl )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
-		bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? (
-		!libressl? (
-			|| (
-				(
-					>=dev-libs/openssl-1.0.1:0[bindist=]
-					<dev-libs/openssl-1.1.0:0[bindist=]
-				)
-				>=dev-libs/openssl-1.1.0g:0[bindist=]
-			)
-			dev-libs/openssl:0=[static-libs(+)]
-		)
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]"
-RDEPEND="
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( virtual/pam )
-	kerberos? ( virtual/krb5 )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )
-	virtual/pkgconfig
-	virtual/os-headers
-	sys-devel/autoconf"
-RDEPEND="${RDEPEND}
-	pam? ( >=sys-auth/pambase-20081028 )
-	userland_GNU? ( virtual/shadow )
-	X? ( x11-apps/xauth )"
-
-S="${WORKDIR}/${PARCH}"
-
-pkg_pretend() {
-	# this sucks, but i'd rather have people unable to `emerge -u openssh`
-	# than not be able to log in to their server any more
-	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
-	local fail="
-		$(use hpn && maybe_fail hpn HPN_VER)
-		$(use sctp && maybe_fail sctp SCTP_PATCH)
-		$(use X509 && maybe_fail X509 X509_PATCH)
-	"
-	fail=$(echo ${fail})
-	if [[ -n ${fail} ]] ; then
-		eerror "Sorry, but this version does not yet support features"
-		eerror "that you requested:	 ${fail}"
-		eerror "Please mask ${PF} for now and check back later:"
-		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
-		die "booooo"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT%/}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	sed -i \
-		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX%/}/usr/bin/xauth:" \
-		pathnames.h || die
-
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	eapply "${FILESDIR}"/${PN}-7.9_p1-openssl-1.0.2-compat.patch
-	eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch
-	eapply "${FILESDIR}"/${PN}-7.8_p1-GSSAPI-dns.patch #165444 integrated into gsskex
-	eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
-	eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
-	use X509 || eapply "${FILESDIR}"/${PN}-7.9_p1-CVE-2018-20685.patch
-
-	local PATCHSET_VERSION_MACROS=()
-
-	if use X509 ; then
-		pushd "${WORKDIR}" || die
-		eapply "${FILESDIR}/${P}-X509-glue-${X509_VER}.patch"
-		eapply "${FILESDIR}/${P}-X509-dont-make-piddir-${X509_VER}.patch"
-		popd || die
-
-		eapply "${WORKDIR}"/${X509_PATCH%.*}
-		eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch
-
-		# We need to patch package version or any X.509 sshd will reject our ssh client
-		# with "userauth_pubkey: could not parse key: string is too large [preauth]"
-		# error
-		einfo "Patching package version for X.509 patch set ..."
-		sed -i \
-			-e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \
-			"${S}"/configure.ac || die "Failed to patch package version for X.509 patch"
-
-		einfo "Patching version.h to expose X.509 patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE.*/a #define SSH_X509               \"-PKIXSSH-${X509_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in X.509 patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_X509' )
-	fi
-
-	if use sctp ; then
-		eapply "${WORKDIR}"/${SCTP_PATCH%.*}
-
-		einfo "Patching version.h to expose SCTP patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_SCTP        \"-sctp-${SCTP_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in SCTP patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
-
-		einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..."
-		sed -i \
-			-e "/\t\tcfgparse \\\/d" \
-			"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
-	fi
-
-	if use hpn ; then
-		local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
-		mkdir "${hpn_patchdir}"
-		cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}"
-		pushd "${hpn_patchdir}"
-		eapply "${FILESDIR}"/${P}-hpn-glue.patch
-		use X509 && eapply "${FILESDIR}"/${P}-hpn-X509-glue.patch
-		use sctp && eapply "${FILESDIR}"/${P}-hpn-sctp-glue.patch
-		popd
-
-		eapply "${hpn_patchdir}"
-		eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
-
-		einfo "Patching Makefile.in for HPN patch set ..."
-		sed -i \
-			-e "/^LIBS=/ s/\$/ -lpthread/" \
-			"${S}"/Makefile.in || die "Failed to patch Makefile.in"
-
-		einfo "Patching version.h to expose HPN patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_HPN         \"-hpn${HPN_VER//./v}\"" \
-			"${S}"/version.h || die "Failed to sed-in HPN patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_HPN' )
-
-		if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-			einfo "Disabling known non-working MT AES cipher per default ..."
-
-			cat > "${T}"/disable_mtaes.conf <<- EOF
-
-			# HPN's Multi-Threaded AES CTR cipher is currently known to be broken
-			# and therefore disabled per default.
-			DisableMTAES yes
-			EOF
-			sed -i \
-				-e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \
-				"${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config"
-
-			sed -i \
-				-e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \
-				"${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config"
-		fi
-	fi
-
-	if use X509 || use sctp || use hpn ; then
-		einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)"
-
-		einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)"
-
-		einfo "Patching version.h to add our patch sets to SSH_RELEASE ..."
-		sed -i \
-			-e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \
-			"${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)"
-	fi
-
-	sed -i \
-		-e "/#UseLogin no/d" \
-		"${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)"
-
-	[[ -d ${WORKDIR}/patch ]] && eapply "${WORKDIR}"/patch
-
-	eapply_user #473004
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable PATH reset, trust what portage gives us #254615
-		-e 's:^PATH=/:#PATH=/:'
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# The -ftrapv flag ICEs on hppa #505182
-	use hppa && sed_args+=(
-		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
-	)
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX%/}"/etc/ssh
-		--libexecdir="${EPREFIX%/}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX%/}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX%/}"/var/empty
-		--with-privsep-user=sshd
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX%/}"/usr)
-		# We apply the sctp patch conditionally, so can't pass --without-sctp
-		# unconditionally else we get unknown flag warnings.
-		$(use sctp && use_with sctp)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with ssl openssl)
-		$(use_with ssl md5-passwords)
-		$(use_with ssl ssl-engine)
-		$(use_with !elibc_Cygwin hardening) #659210
-	)
-
-	# stackprotect is broken on musl x86
-	use elibc_musl && use x86 && myconf+=( --without-stackprotect )
-
-	# The seccomp sandbox is broken on x32, so use the older method for now. #553748
-	use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local t skipped=() failed=() passed=()
-	local tests=( interop-tests compat-tests )
-
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		elog "user, so we will run a subset only."
-		skipped+=( tests )
-	else
-		tests+=( tests )
-	fi
-
-	# It will also attempt to write to the homedir .ssh.
-	local sshhome=${T}/homedir
-	mkdir -p "${sshhome}"/.ssh
-	for t in "${tests[@]}" ; do
-		# Some tests read from stdin ...
-		HOMEDIR="${sshhome}" HOME="${sshhome}" \
-		emake -k -j1 ${t} </dev/null \
-			&& passed+=( "${t}" ) \
-			|| failed+=( "${t}" )
-	done
-
-	einfo "Passed tests: ${passed[*]}"
-	[[ ${#skipped[@]} -gt 0 ]] && ewarn "Skipped tests: ${skipped[*]}"
-	[[ ${#failed[@]}  -gt 0 ]] && die "Some tests failed: ${failed[*]}"
-}
-
-# Gentoo tweaks to default config files.
-tweak_ssh_configs() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	# First the server config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/sshd_config
-
-	# Allow client to pass locale environment variables. #367017
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM. #658540
-	AcceptEnv COLORTERM
-	EOF
-
-	# Then the client config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/ssh_config
-
-	# Send locale environment variables. #367017
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM. #658540
-	SendEnv COLORTERM
-	EOF
-
-	if use pam ; then
-		sed -i \
-			-e "/^#UsePAM /s:.*:UsePAM yes:" \
-			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-
-	if use livecd ; then
-		sed -i \
-			-e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-
-	tweak_ssh_configs
-
-	doman contrib/ssh-copy-id.1
-	dodoc CREDITS OVERVIEW README* TODO sshd_config
-	use hpn && dodoc HPN-README
-	use X509 || dodoc ChangeLog
-
-	diropts -m 0700
-	dodir /etc/skel/.ssh
-
-	keepdir /var/empty
-
-	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
-	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-pkg_preinst() {
-	enewgroup sshd 22
-	enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
-	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
-		elog "Starting with openssh-5.8p1, the server will default to a newer key"
-		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
-		elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-		elog "Make sure to update any configs that you might have.  Note that xinetd might"
-		elog "be an alternative for you as it supports USE=tcpd."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
-		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-		elog "adding to your sshd_config or ~/.ssh/config files:"
-		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-		elog "You should however generate new keys using rsa or ed25519."
-
-		elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-		elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-		elog "out of the box.  If you need this, please update your sshd_config explicitly."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.6_p1" ; then
-		elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-		elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then
-		elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-		elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-		elog "if you need to authenticate against LDAP."
-		elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-	fi
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-
-	if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-		elog ""
-		elog "HPN's multi-threaded AES CTR cipher is currently known to be broken"
-		elog "and therefore disabled at runtime per default."
-		elog "Make sure your sshd_config is up to date and contains"
-		elog ""
-		elog "  DisableMTAES yes"
-		elog ""
-		elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
-		elog ""
-	fi
-}
diff --git a/net-misc/openssh/openssh-7.9_p1-r3.ebuild b/net-misc/openssh/openssh-7.9_p1-r4.ebuild
index ce31e554fdf7..13f4df87840c 100644
--- a/net-misc/openssh/openssh-7.9_p1-r3.ebuild
+++ b/net-misc/openssh/openssh-7.9_p1-r4.ebuild
@@ -33,7 +33,7 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
 
 LICENSE="BSD GPL-2"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 # Probably want to drop ssl defaulting to on in a future version.
 IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509"
 RESTRICT="!test? ( test )"
@@ -289,7 +289,7 @@ src_configure() {
 		# We apply the sctp patch conditionally, so can't pass --without-sctp
 		# unconditionally else we get unknown flag warnings.
 		$(use sctp && use_with sctp)
-		$(use_with ldns)
+		$(use_with ldns ldns "${EPREFIX%/}"/usr)
 		$(use_with libedit)
 		$(use_with pam)
 		$(use_with pie)
@@ -390,7 +390,7 @@ src_install() {
 	emake install-nokeys DESTDIR="${D}"
 	fperms 600 /etc/ssh/sshd_config
 	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd.initd sshd
+	newinitd "${FILESDIR}"/sshd-r1.initd sshd
 	newconfd "${FILESDIR}"/sshd-r1.confd sshd
 
 	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
diff --git a/net-misc/openssh/openssh-7.9_p1.ebuild b/net-misc/openssh/openssh-7.9_p1.ebuild
deleted file mode 100644
index f39686f32b07..000000000000
--- a/net-misc/openssh/openssh-7.9_p1.ebuild
+++ /dev/null
@@ -1,450 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit user flag-o-matic multilib autotools pam systemd
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-#HPN_PV="${PV^^}"
-HPN_PV="7.8_P1"
-
-HPN_VER="14.16"
-HPN_PATCHES=(
-	${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
-	${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
-)
-HPN_DISABLE_MTAES=1 # unit tests hang on MT-AES-CTR
-SCTP_VER="1.1" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
-X509_VER="11.5" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
-	${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_}/%s\n" "${HPN_PATCHES[@]}") )}
-	${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
-	"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	X509? ( !sctp ssl )
-	test? ( ssl )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
-		bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	sctp? ( net-misc/lksctp-tools[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? (
-		!libressl? (
-			|| (
-				(
-					>=dev-libs/openssl-1.0.1:0[bindist=]
-					<dev-libs/openssl-1.1.0:0[bindist=]
-				)
-				>=dev-libs/openssl-1.1.0g:0[bindist=]
-			)
-			dev-libs/openssl:0=[static-libs(+)]
-		)
-		libressl? ( dev-libs/libressl:0=[static-libs(+)] )
-	)
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]"
-RDEPEND="
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( virtual/pam )
-	kerberos? ( virtual/krb5 )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )
-	virtual/pkgconfig
-	virtual/os-headers
-	sys-devel/autoconf"
-RDEPEND="${RDEPEND}
-	pam? ( >=sys-auth/pambase-20081028 )
-	userland_GNU? ( virtual/shadow )
-	X? ( x11-apps/xauth )"
-
-S="${WORKDIR}/${PARCH}"
-
-pkg_pretend() {
-	# this sucks, but i'd rather have people unable to `emerge -u openssh`
-	# than not be able to log in to their server any more
-	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
-	local fail="
-		$(use hpn && maybe_fail hpn HPN_VER)
-		$(use sctp && maybe_fail sctp SCTP_PATCH)
-		$(use X509 && maybe_fail X509 X509_PATCH)
-	"
-	fail=$(echo ${fail})
-	if [[ -n ${fail} ]] ; then
-		eerror "Sorry, but this version does not yet support features"
-		eerror "that you requested:	 ${fail}"
-		eerror "Please mask ${PF} for now and check back later:"
-		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
-		die "booooo"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT%/}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	sed -i \
-		-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX%/}/usr/bin/xauth:" \
-		pathnames.h || die
-
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	eapply "${FILESDIR}"/${PN}-7.9_p1-openssl-1.0.2-compat.patch
-	eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch
-	eapply "${FILESDIR}"/${PN}-7.8_p1-GSSAPI-dns.patch #165444 integrated into gsskex
-	eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
-	eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch
-
-	local PATCHSET_VERSION_MACROS=()
-
-	if use X509 ; then
-		pushd "${WORKDIR}" || die
-		eapply "${FILESDIR}/${P}-X509-glue.patch"
-		eapply "${FILESDIR}/${P}-X509-dont-make-piddir.patch"
-		popd || die
-
-		eapply "${WORKDIR}"/${X509_PATCH%.*}
-		eapply "${FILESDIR}"/${PN}-7.9_p1-libressl-2.8.patch
-
-		# We need to patch package version or any X.509 sshd will reject our ssh client
-		# with "userauth_pubkey: could not parse key: string is too large [preauth]"
-		# error
-		einfo "Patching package version for X.509 patch set ..."
-		sed -i \
-			-e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \
-			"${S}"/configure.ac || die "Failed to patch package version for X.509 patch"
-
-		einfo "Patching version.h to expose X.509 patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE.*/a #define SSH_X509               \"-PKIXSSH-${X509_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in X.509 patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_X509' )
-	fi
-
-	if use sctp ; then
-		eapply "${WORKDIR}"/${SCTP_PATCH%.*}
-
-		einfo "Patching version.h to expose SCTP patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_SCTP        \"-sctp-${SCTP_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in SCTP patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
-
-		einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..."
-		sed -i \
-			-e "/\t\tcfgparse \\\/d" \
-			"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
-	fi
-
-	if use hpn ; then
-		local hpn_patchdir="${T}/${P}-hpn${HPN_VER}"
-		mkdir "${hpn_patchdir}"
-		cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}"
-		pushd "${hpn_patchdir}"
-		eapply "${FILESDIR}"/${P}-hpn-glue.patch
-		use X509 && eapply "${FILESDIR}"/${P}-hpn-X509-glue.patch
-		use sctp && eapply "${FILESDIR}"/${P}-hpn-sctp-glue.patch
-		popd
-
-		eapply "${hpn_patchdir}"
-		eapply "${FILESDIR}/openssh-7.9_p1-hpn-openssl-1.1.patch"
-
-		einfo "Patching Makefile.in for HPN patch set ..."
-		sed -i \
-			-e "/^LIBS=/ s/\$/ -lpthread/" \
-			"${S}"/Makefile.in || die "Failed to patch Makefile.in"
-
-		einfo "Patching version.h to expose HPN patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE/a #define SSH_HPN         \"-hpn${HPN_VER//./v}\"" \
-			"${S}"/version.h || die "Failed to sed-in HPN patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_HPN' )
-
-		if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-			einfo "Disabling known non-working MT AES cipher per default ..."
-
-			cat > "${T}"/disable_mtaes.conf <<- EOF
-
-			# HPN's Multi-Threaded AES CTR cipher is currently known to be broken
-			# and therefore disabled per default.
-			DisableMTAES yes
-			EOF
-			sed -i \
-				-e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \
-				"${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config"
-
-			sed -i \
-				-e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \
-				"${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config"
-		fi
-	fi
-
-	if use X509 || use sctp || use hpn ; then
-		einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)"
-
-		einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..."
-		sed -i \
-			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
-			"${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)"
-
-		einfo "Patching version.h to add our patch sets to SSH_RELEASE ..."
-		sed -i \
-			-e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE     SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \
-			"${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)"
-	fi
-
-	sed -i \
-		-e "/#UseLogin no/d" \
-		"${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)"
-
-	[[ -d ${WORKDIR}/patch ]] && eapply "${WORKDIR}"/patch
-
-	eapply_user #473004
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable PATH reset, trust what portage gives us #254615
-		-e 's:^PATH=/:#PATH=/:'
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# The -ftrapv flag ICEs on hppa #505182
-	use hppa && sed_args+=(
-		-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-		-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
-	)
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX%/}"/etc/ssh
-		--libexecdir="${EPREFIX%/}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX%/}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX%/}"/var/empty
-		--with-privsep-user=sshd
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX%/}"/usr)
-		# We apply the sctp patch conditionally, so can't pass --without-sctp
-		# unconditionally else we get unknown flag warnings.
-		$(use sctp && use_with sctp)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with ssl openssl)
-		$(use_with ssl md5-passwords)
-		$(use_with ssl ssl-engine)
-		$(use_with !elibc_Cygwin hardening) #659210
-	)
-
-	# stackprotect is broken on musl x86
-	use elibc_musl && use x86 && myconf+=( --without-stackprotect )
-
-	# The seccomp sandbox is broken on x32, so use the older method for now. #553748
-	use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local t skipped=() failed=() passed=()
-	local tests=( interop-tests compat-tests )
-
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		elog "user, so we will run a subset only."
-		skipped+=( tests )
-	else
-		tests+=( tests )
-	fi
-
-	# It will also attempt to write to the homedir .ssh.
-	local sshhome=${T}/homedir
-	mkdir -p "${sshhome}"/.ssh
-	for t in "${tests[@]}" ; do
-		# Some tests read from stdin ...
-		HOMEDIR="${sshhome}" HOME="${sshhome}" \
-		emake -k -j1 ${t} </dev/null \
-			&& passed+=( "${t}" ) \
-			|| failed+=( "${t}" )
-	done
-
-	einfo "Passed tests: ${passed[*]}"
-	[[ ${#skipped[@]} -gt 0 ]] && ewarn "Skipped tests: ${skipped[*]}"
-	[[ ${#failed[@]}  -gt 0 ]] && die "Some tests failed: ${failed[*]}"
-}
-
-# Gentoo tweaks to default config files.
-tweak_ssh_configs() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	# First the server config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/sshd_config
-
-	# Allow client to pass locale environment variables. #367017
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM. #658540
-	AcceptEnv COLORTERM
-	EOF
-
-	# Then the client config.
-	cat <<-EOF >> "${ED%/}"/etc/ssh/ssh_config
-
-	# Send locale environment variables. #367017
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM. #658540
-	SendEnv COLORTERM
-	EOF
-
-	if use pam ; then
-		sed -i \
-			-e "/^#UsePAM /s:.*:UsePAM yes:" \
-			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-			-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-
-	if use livecd ; then
-		sed -i \
-			-e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \
-			"${ED%/}"/etc/ssh/sshd_config || die
-	fi
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-
-	tweak_ssh_configs
-
-	doman contrib/ssh-copy-id.1
-	dodoc CREDITS OVERVIEW README* TODO sshd_config
-	use hpn && dodoc HPN-README
-	use X509 || dodoc ChangeLog
-
-	diropts -m 0700
-	dodir /etc/skel/.ssh
-
-	keepdir /var/empty
-
-	systemd_dounit "${FILESDIR}"/sshd.{service,socket}
-	systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
-}
-
-pkg_preinst() {
-	enewgroup sshd 22
-	enewuser sshd 22 -1 /var/empty sshd
-}
-
-pkg_postinst() {
-	if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
-		elog "Starting with openssh-5.8p1, the server will default to a newer key"
-		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
-		elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-		elog "Make sure to update any configs that you might have.  Note that xinetd might"
-		elog "be an alternative for you as it supports USE=tcpd."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
-		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-		elog "adding to your sshd_config or ~/.ssh/config files:"
-		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-		elog "You should however generate new keys using rsa or ed25519."
-
-		elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-		elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-		elog "out of the box.  If you need this, please update your sshd_config explicitly."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.6_p1" ; then
-		elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-		elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-	fi
-	if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then
-		elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-		elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-		elog "if you need to authenticate against LDAP."
-		elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-	fi
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-
-	if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then
-		elog ""
-		elog "HPN's multi-threaded AES CTR cipher is currently known to be broken"
-		elog "and therefore disabled at runtime per default."
-		elog "Make sure your sshd_config is up to date and contains"
-		elog ""
-		elog "  DisableMTAES yes"
-		elog ""
-		elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
-		elog ""
-	fi
-}