From 5c5e9714c851027611cb726a76ebb8be6d48cbdc Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Tue, 2 Jul 2024 08:01:06 +0100
Subject: gentoo auto-resync : 02:07:2024 - 08:01:06

---
 net-misc/Manifest.gz                               | Bin 54537 -> 54540 bytes
 net-misc/dropbox/Manifest                          |  11 +-
 net-misc/dropbox/dropbox-199.4.6287.ebuild         | 110 ------
 net-misc/dropbox/dropbox-200.4.7134.ebuild         | 110 ------
 net-misc/dropbox/dropbox-201.4.5552.ebuild         | 110 ------
 net-misc/dropbox/dropbox-202.4.5551.ebuild         |   2 +-
 net-misc/iputils/Manifest                          |   2 +-
 net-misc/iputils/iputils-20211215.ebuild           |   5 +-
 net-misc/nextcloud-client/Manifest                 |   8 +-
 .../nextcloud-client-3.12.1.ebuild                 | 116 ------
 .../nextcloud-client-3.12.2.ebuild                 | 116 ------
 .../nextcloud-client-3.12.3.ebuild                 | 116 ------
 .../nextcloud-client-3.13.1.ebuild                 | 116 ++++++
 net-misc/openssh/Manifest                          |  11 +-
 .../files/openssh-9.6_p1-CVE-2024-6387.patch       |  19 +
 .../openssh/files/openssh-9.6_p1-chaff-logic.patch |  16 +
 net-misc/openssh/openssh-9.6_p1-r4.ebuild          | 390 ------------------
 net-misc/openssh/openssh-9.6_p1-r5.ebuild          | 392 +++++++++++++++++++
 net-misc/openssh/openssh-9.7_p1-r2.ebuild          | 403 -------------------
 net-misc/openssh/openssh-9.7_p1-r3.ebuild          | 404 -------------------
 net-misc/openssh/openssh-9.7_p1-r5.ebuild          | 398 -------------------
 net-misc/openssh/openssh-9.7_p1-r6.ebuild          | 400 +++++++++++++++++++
 net-misc/openssh/openssh-9.8_p1-r1.ebuild          | 434 +++++++++++++++++++++
 net-misc/remmina/Manifest                          |   2 +-
 net-misc/remmina/remmina-1.4.35-r2.ebuild          |   2 +-
 net-misc/teamviewer/Manifest                       |  10 +-
 net-misc/teamviewer/teamviewer-15.48.4.ebuild      | 151 -------
 net-misc/teamviewer/teamviewer-15.55.3.ebuild      | 153 ++++++++
 net-misc/yt-dlp/Manifest                           |   4 +-
 net-misc/yt-dlp/yt-dlp-2024.05.27.ebuild           |  77 ----
 net-misc/yt-dlp/yt-dlp-2024.07.01.ebuild           |  77 ++++
 31 files changed, 1630 insertions(+), 2535 deletions(-)
 delete mode 100644 net-misc/dropbox/dropbox-199.4.6287.ebuild
 delete mode 100644 net-misc/dropbox/dropbox-200.4.7134.ebuild
 delete mode 100644 net-misc/dropbox/dropbox-201.4.5552.ebuild
 delete mode 100644 net-misc/nextcloud-client/nextcloud-client-3.12.1.ebuild
 delete mode 100644 net-misc/nextcloud-client/nextcloud-client-3.12.2.ebuild
 delete mode 100644 net-misc/nextcloud-client/nextcloud-client-3.12.3.ebuild
 create mode 100644 net-misc/nextcloud-client/nextcloud-client-3.13.1.ebuild
 create mode 100644 net-misc/openssh/files/openssh-9.6_p1-CVE-2024-6387.patch
 create mode 100644 net-misc/openssh/files/openssh-9.6_p1-chaff-logic.patch
 delete mode 100644 net-misc/openssh/openssh-9.6_p1-r4.ebuild
 create mode 100644 net-misc/openssh/openssh-9.6_p1-r5.ebuild
 delete mode 100644 net-misc/openssh/openssh-9.7_p1-r2.ebuild
 delete mode 100644 net-misc/openssh/openssh-9.7_p1-r3.ebuild
 delete mode 100644 net-misc/openssh/openssh-9.7_p1-r5.ebuild
 create mode 100644 net-misc/openssh/openssh-9.7_p1-r6.ebuild
 create mode 100644 net-misc/openssh/openssh-9.8_p1-r1.ebuild
 delete mode 100644 net-misc/teamviewer/teamviewer-15.48.4.ebuild
 create mode 100644 net-misc/teamviewer/teamviewer-15.55.3.ebuild
 delete mode 100644 net-misc/yt-dlp/yt-dlp-2024.05.27.ebuild
 create mode 100644 net-misc/yt-dlp/yt-dlp-2024.07.01.ebuild

(limited to 'net-misc')

diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz
index abf7c8933f25..02a0010b7e62 100644
Binary files a/net-misc/Manifest.gz and b/net-misc/Manifest.gz differ
diff --git a/net-misc/dropbox/Manifest b/net-misc/dropbox/Manifest
index f9fc5125519f..913fb1c649cf 100644
--- a/net-misc/dropbox/Manifest
+++ b/net-misc/dropbox/Manifest
@@ -2,16 +2,7 @@ AUX dropbox.conf 322 BLAKE2B db94efba3a73841cb56a0fcc75f4f6d7fb7424a35f48a7eb3ad
 AUX dropbox.initd 1581 BLAKE2B c23a753b7e4d1132d516d607e0eee35072130f6e66c59af008cedd9d9d8c104d9ae1c4644ad984a40ec48a498782b442f79058f499e61c3a3b7a700886353b4b SHA512 4275b7cca361978be6d4379f9d14edc75e51684708a61c1b9880f63e0a02e75c4eb165145bf5a2b4e0704daa5a506dc3506a953db6f5a95977f0101fbbda4912
 AUX dropbox_at.service-r2 1582 BLAKE2B 7a5d8eb1e99d6a9f6cc7d903d8d2cb6b124b4a5217e978d05f0afb08de90b3634bb802bd075a053b84b0ec4f5ef6643d2efb00beb964f9f14dd3dd234806358b SHA512 ce465614c848103ac19d3782bf55508ab9b3a3f1c0159cd0ccb7daa7374f014382b30a99bf2eb5488ab4474cad953ce0b4710c8222e5196ea49672db5d183b85
 DIST DropboxGlyph_Blue.svg 605 BLAKE2B 6c488bd261293b22da98035935ddfa9247bedbc6f4da2f9fc2470af802c1f4f597ac88b01b5bef9e77e1e717267f633d6a04af2ccfd3c5f9dbff22fbceaf9a91 SHA512 9202344b904dcd7955e5a355dadf537d1544140d74f8a33bdc40e18e36661e3a474d11cf17613eaebf4e76c170d8413d99abdedfb8635784bcd6892b4b259712
-DIST dropbox-lnx.x86-199.4.6287.tar.gz 113741255 BLAKE2B bb7a9b52bfdad485de61fb5b36f4d0651a39769194fcc4a3960b72d0ebe35f0e82024ac449cc2b5a5f4d05eb23b9aa99faada56887049f2108ee931b59a35d22 SHA512 c9dfc4b19736f4b8eeb5ecde6badace4f6023cecf39a61b9729a96f73da6d866dbb4e46d9f5dd1e937ad85ea9966ad590ec80c7af4ff96b18b5cf3d2e6e4651d
-DIST dropbox-lnx.x86-200.4.7134.tar.gz 113828617 BLAKE2B 874009dcbb2e321875874c7172cf0096c9d476c81dbfddd843c6945518c0ea4e1ef9a947e54cf90a73d2a9e351cfd7c6c4148bae46234928fe5aae0133b6be66 SHA512 d73117976f549cabfe59ad2854e9ec7a9ca2784888874faa7c19097ba3d6afa90833be068517e03c7d72b5d77780d8dac7a706b64aa8065c14cf22a01cec2f79
-DIST dropbox-lnx.x86-201.4.5552.tar.gz 113513016 BLAKE2B 7713aba5811ff3fc15a80f46f9841e40b16618d048f6371cf1a5affc7c166fe279bc44a44327fe60d9bfaf5658dd3ff646ebd951487e19f0acbef5bf09d8c5cc SHA512 eeaf88eb2c306cb06f872d98218e595782d656aee0cf07b391fbbf400cfa73e7075bf4b20d7945650bc4fde287834f43f72e34c252f0f781952ff1e37a7e4d79
 DIST dropbox-lnx.x86-202.4.5551.tar.gz 113668681 BLAKE2B 2590c89af767803b77ff7bd57e4978c90a90be6f6394f7058393045fa4f3c68ae97ab365a460eccf38ab1e0b0a58b0e33aa482348a0bdf040dbe71d0bf683eeb SHA512 d5176c6c4b8f178fced661ef6df73fb767c3e7ff7f111df4829ab258d218586e128acb4187de6d840a0faca5a8766ea97b77c4d5c915fbd944be458ff07b8765
-DIST dropbox-lnx.x86_64-199.4.6287.tar.gz 116574689 BLAKE2B 8ab6032081b296d08a60fa4a7dd61399ecf333776381d7832dd3d5cc703c071d3991ca735283bc9421ace08b522cbac31ae0764727c34987c199e0c3506686cf SHA512 244f3f7601722bf2f4a821271187472c8bbbb088cfbf61891a6cdb8f9202cc3ec5deec0df88c1e9c39ca27a3addfa97261c75c880444d6cb393c0d15c815182a
-DIST dropbox-lnx.x86_64-200.4.7134.tar.gz 116482290 BLAKE2B 1db1ca42fdbed2198995dc57a928873a1c92f4dfbc90fe9f3fbcb93fde5c08e66fa572baae759758db82a282dad360f96f347e89b85d0ff8a5c8d478007168bd SHA512 135a2d5a9efa994483042238b79bbdbfe708f23c1ac240c99a15223a9c438d7d41f3fc39449cd573ad91b8c28ff3b8d577ff4a34ab2dc7aa557c992ec1ce31db
-DIST dropbox-lnx.x86_64-201.4.5552.tar.gz 116241621 BLAKE2B fa209a75b733f6bb2a59d26ab329d58c46de9d58868cda846d7ca3c1041131c3c2009ab10a2abf7bbcb3ed99782a0b7453a67bda3269a3390a7cafb12bee58ab SHA512 3eae6b97a4ac2f37183d5dcfd5e7fc990e1dc1aacf4520af60e40e8342729dd7e94095c01fa1989d0ea81013b6b87005fe3774c5c9c076417261875a746218d7
 DIST dropbox-lnx.x86_64-202.4.5551.tar.gz 116236652 BLAKE2B f8a7c45ed45ce70580cb0c2f23e83c06098b8792e4a47b01f8ea9d2b1674b6d6470450edc25d58917630106b9f3ba49c20e87829b2f594d9e3a458d2586276fe SHA512 2d33f9f6d7a8b59f381ed43033c7638a54ae0a84f68845127505f6eb7ef00fbae490d7ba8d4f5e31790a39348612db665591e2785870acf816d60ca6d20097c3
-EBUILD dropbox-199.4.6287.ebuild 2854 BLAKE2B 83fb409fd9c6af41a884408f2258e3563a2d146f1fba8edfcc7e5fee674b8396cc1a674207533091721a2709118cdf655f24c5871ecdda663eb96da9b05b3861 SHA512 17f3737762fbaf48508b911b9605b629a876f3a503367298250ced4e81d599b6d496ef7f8b2742c0ccb9df89d8f8002ee732bd66f67148d474ae79fc96336ba8
-EBUILD dropbox-200.4.7134.ebuild 2856 BLAKE2B f8cc4e91838f412f3ef580f75bb4e4658f513b79ad144eaa5ebcdecd3ab3fda2fc75b40ada47ea83f165bb1f16396e0bfccdc050747d868797987ba21d6ca2fe SHA512 9d6d54d5c7755a7678c3dc2a684fe0fb8e98c142e8b5e0fbf6f090a694bec12504ed0d28088a3af193388cf3bf540f306ff691181427d036ae03ef072332a785
-EBUILD dropbox-201.4.5552.ebuild 2856 BLAKE2B f8cc4e91838f412f3ef580f75bb4e4658f513b79ad144eaa5ebcdecd3ab3fda2fc75b40ada47ea83f165bb1f16396e0bfccdc050747d868797987ba21d6ca2fe SHA512 9d6d54d5c7755a7678c3dc2a684fe0fb8e98c142e8b5e0fbf6f090a694bec12504ed0d28088a3af193388cf3bf540f306ff691181427d036ae03ef072332a785
-EBUILD dropbox-202.4.5551.ebuild 2856 BLAKE2B f8cc4e91838f412f3ef580f75bb4e4658f513b79ad144eaa5ebcdecd3ab3fda2fc75b40ada47ea83f165bb1f16396e0bfccdc050747d868797987ba21d6ca2fe SHA512 9d6d54d5c7755a7678c3dc2a684fe0fb8e98c142e8b5e0fbf6f090a694bec12504ed0d28088a3af193388cf3bf540f306ff691181427d036ae03ef072332a785
+EBUILD dropbox-202.4.5551.ebuild 2854 BLAKE2B 83fb409fd9c6af41a884408f2258e3563a2d146f1fba8edfcc7e5fee674b8396cc1a674207533091721a2709118cdf655f24c5871ecdda663eb96da9b05b3861 SHA512 17f3737762fbaf48508b911b9605b629a876f3a503367298250ced4e81d599b6d496ef7f8b2742c0ccb9df89d8f8002ee732bd66f67148d474ae79fc96336ba8
 MISC metadata.xml 336 BLAKE2B 0932d5cb97ca50abfbfd49b3b209733da73c94ed41ef1087e6c43c4e65f3a09186f74c507cf0db5d64a1c5231d3560a7d6a8bb6130e95e1d5dbb7f3974801df3 SHA512 25bee9aa1ab64f01bb4544dec14b4b98bcb3877714ec33c6cbed4cdd3362d2a4cab58f425cad3723398e4ee0a2ba16a550ab38ff9f974cd0c5046df1b34b5eb0
diff --git a/net-misc/dropbox/dropbox-199.4.6287.ebuild b/net-misc/dropbox/dropbox-199.4.6287.ebuild
deleted file mode 100644
index e90baaad900e..000000000000
--- a/net-misc/dropbox/dropbox-199.4.6287.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit desktop pax-utils systemd xdg
-
-DESCRIPTION="Dropbox daemon (pretends to be GUI-less)"
-HOMEPAGE="https://www.dropbox.com/"
-SRC_URI="
-	amd64? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86_64-${PV}.tar.gz )
-	x86? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86-${PV}.tar.gz )
-	https://www.dropbox.com/sh/42f8d4kq6yt5lte/AAD69lhaw6gy46W8HfQAm0GSa/Glyph/Dropbox/SVG/DropboxGlyph_Blue.svg
-"
-
-LICENSE="BSD-2 CC-BY-ND-3.0 FTL MIT LGPL-2 openssl dropbox"
-SLOT="0"
-KEYWORDS="amd64 x86 ~x86-linux"
-IUSE="selinux X"
-
-RESTRICT="mirror strip"
-
-QA_PREBUILT="opt/.*"
-QA_EXECSTACK="opt/dropbox/dropbox"
-
-BDEPEND="dev-util/patchelf"
-
-# Be sure to have GLIBCXX_3.4.9, #393125
-RDEPEND="
-	X? (
-		x11-themes/hicolor-icon-theme
-	)
-	selinux? ( sec-policy/selinux-dropbox )
-	app-arch/bzip2
-	dev-libs/glib:2
-	dev-libs/libffi-compat:6
-	media-libs/fontconfig
-	media-libs/freetype
-	net-misc/wget
-	sys-libs/zlib
-	sys-libs/ncurses-compat:5
-	virtual/opengl
-	x11-libs/libICE
-	x11-libs/libSM
-	x11-libs/libX11
-	x11-libs/libXext
-	x11-libs/libXrender
-	x11-libs/libxcb
-"
-
-src_unpack() {
-	unpack ${A}
-	mkdir -p "${S}" || die
-	mv "${WORKDIR}"/.dropbox-dist/* "${S}" || die
-	mv "${S}"/dropbox-lnx.*-${PV}/* "${S}" || die
-	rmdir "${S}"/dropbox-lnx.*-${PV}/ || die
-	rmdir .dropbox-dist || die
-}
-
-src_prepare() {
-	default
-	# we supply all of these in RDEPEND
-	rm -vf libGL.so.1 libX11* libffi.so.6 || die
-	# some of these do not appear to be used
-	rm -vf libQt5{OpenGL,PrintSupport,Qml,Quick,Sql,WebKit,WebKitWidgets}.so.5 \
-		PyQt5.QtPrintSupport.* PyQt5.QtQml.* PyQt5.QtQuick.*  \
-		wmctrl libdrm.so.2 libpopt.so.0 || die
-	if use X ; then
-		mv images/hicolor/16x16/status "${T}" || die
-	else
-		rm -vrf images || die
-	fi
-	patchelf --set-rpath '$ORIGIN' \
-		apex._apex.*.so \
-		nucleus_python.*.so \
-		tprt.*.so \
-		|| die
-	pax-mark cm dropbox
-	mv README ACKNOWLEDGEMENTS "${T}" || die
-}
-
-src_install() {
-	local targetdir="/opt/dropbox"
-
-	insinto "${targetdir}"
-	doins -r *
-	fperms a+x "${targetdir}"/{dropbox,dropboxd}
-	dosym "${targetdir}/dropboxd" "/opt/bin/dropbox"
-
-	if use X; then
-		doicon -s 16 -c status "${T}"/status
-		newicon -s scalable "${DISTDIR}/DropboxGlyph_Blue.svg" dropbox.svg
-	fi
-
-	make_desktop_entry "${PN}" "Dropbox" "dropbox"
-
-	newinitd "${FILESDIR}"/dropbox.initd dropbox
-	newconfd "${FILESDIR}"/dropbox.conf dropbox
-	systemd_newunit "${FILESDIR}"/dropbox_at.service-r2 "dropbox@.service"
-
-	dodoc "${T}"/{README,ACKNOWLEDGEMENTS}
-}
-
-pkg_postinst() {
-	einfo "Warning: while running, dropbox may attempt to autoupdate itself in"
-	einfo " your user's home directory.  To prevent this, run the following as"
-	einfo " each user who will run dropbox:"
-	einfo ""
-	einfo "install -dm0 ~/.dropbox-dist"
-}
diff --git a/net-misc/dropbox/dropbox-200.4.7134.ebuild b/net-misc/dropbox/dropbox-200.4.7134.ebuild
deleted file mode 100644
index 7d9715a71882..000000000000
--- a/net-misc/dropbox/dropbox-200.4.7134.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit desktop pax-utils systemd xdg
-
-DESCRIPTION="Dropbox daemon (pretends to be GUI-less)"
-HOMEPAGE="https://www.dropbox.com/"
-SRC_URI="
-	amd64? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86_64-${PV}.tar.gz )
-	x86? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86-${PV}.tar.gz )
-	https://www.dropbox.com/sh/42f8d4kq6yt5lte/AAD69lhaw6gy46W8HfQAm0GSa/Glyph/Dropbox/SVG/DropboxGlyph_Blue.svg
-"
-
-LICENSE="BSD-2 CC-BY-ND-3.0 FTL MIT LGPL-2 openssl dropbox"
-SLOT="0"
-KEYWORDS="~amd64 ~x86 ~x86-linux"
-IUSE="selinux X"
-
-RESTRICT="mirror strip"
-
-QA_PREBUILT="opt/.*"
-QA_EXECSTACK="opt/dropbox/dropbox"
-
-BDEPEND="dev-util/patchelf"
-
-# Be sure to have GLIBCXX_3.4.9, #393125
-RDEPEND="
-	X? (
-		x11-themes/hicolor-icon-theme
-	)
-	selinux? ( sec-policy/selinux-dropbox )
-	app-arch/bzip2
-	dev-libs/glib:2
-	dev-libs/libffi-compat:6
-	media-libs/fontconfig
-	media-libs/freetype
-	net-misc/wget
-	sys-libs/zlib
-	sys-libs/ncurses-compat:5
-	virtual/opengl
-	x11-libs/libICE
-	x11-libs/libSM
-	x11-libs/libX11
-	x11-libs/libXext
-	x11-libs/libXrender
-	x11-libs/libxcb
-"
-
-src_unpack() {
-	unpack ${A}
-	mkdir -p "${S}" || die
-	mv "${WORKDIR}"/.dropbox-dist/* "${S}" || die
-	mv "${S}"/dropbox-lnx.*-${PV}/* "${S}" || die
-	rmdir "${S}"/dropbox-lnx.*-${PV}/ || die
-	rmdir .dropbox-dist || die
-}
-
-src_prepare() {
-	default
-	# we supply all of these in RDEPEND
-	rm -vf libGL.so.1 libX11* libffi.so.6 || die
-	# some of these do not appear to be used
-	rm -vf libQt5{OpenGL,PrintSupport,Qml,Quick,Sql,WebKit,WebKitWidgets}.so.5 \
-		PyQt5.QtPrintSupport.* PyQt5.QtQml.* PyQt5.QtQuick.*  \
-		wmctrl libdrm.so.2 libpopt.so.0 || die
-	if use X ; then
-		mv images/hicolor/16x16/status "${T}" || die
-	else
-		rm -vrf images || die
-	fi
-	patchelf --set-rpath '$ORIGIN' \
-		apex._apex.*.so \
-		nucleus_python.*.so \
-		tprt.*.so \
-		|| die
-	pax-mark cm dropbox
-	mv README ACKNOWLEDGEMENTS "${T}" || die
-}
-
-src_install() {
-	local targetdir="/opt/dropbox"
-
-	insinto "${targetdir}"
-	doins -r *
-	fperms a+x "${targetdir}"/{dropbox,dropboxd}
-	dosym "${targetdir}/dropboxd" "/opt/bin/dropbox"
-
-	if use X; then
-		doicon -s 16 -c status "${T}"/status
-		newicon -s scalable "${DISTDIR}/DropboxGlyph_Blue.svg" dropbox.svg
-	fi
-
-	make_desktop_entry "${PN}" "Dropbox" "dropbox"
-
-	newinitd "${FILESDIR}"/dropbox.initd dropbox
-	newconfd "${FILESDIR}"/dropbox.conf dropbox
-	systemd_newunit "${FILESDIR}"/dropbox_at.service-r2 "dropbox@.service"
-
-	dodoc "${T}"/{README,ACKNOWLEDGEMENTS}
-}
-
-pkg_postinst() {
-	einfo "Warning: while running, dropbox may attempt to autoupdate itself in"
-	einfo " your user's home directory.  To prevent this, run the following as"
-	einfo " each user who will run dropbox:"
-	einfo ""
-	einfo "install -dm0 ~/.dropbox-dist"
-}
diff --git a/net-misc/dropbox/dropbox-201.4.5552.ebuild b/net-misc/dropbox/dropbox-201.4.5552.ebuild
deleted file mode 100644
index 7d9715a71882..000000000000
--- a/net-misc/dropbox/dropbox-201.4.5552.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit desktop pax-utils systemd xdg
-
-DESCRIPTION="Dropbox daemon (pretends to be GUI-less)"
-HOMEPAGE="https://www.dropbox.com/"
-SRC_URI="
-	amd64? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86_64-${PV}.tar.gz )
-	x86? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86-${PV}.tar.gz )
-	https://www.dropbox.com/sh/42f8d4kq6yt5lte/AAD69lhaw6gy46W8HfQAm0GSa/Glyph/Dropbox/SVG/DropboxGlyph_Blue.svg
-"
-
-LICENSE="BSD-2 CC-BY-ND-3.0 FTL MIT LGPL-2 openssl dropbox"
-SLOT="0"
-KEYWORDS="~amd64 ~x86 ~x86-linux"
-IUSE="selinux X"
-
-RESTRICT="mirror strip"
-
-QA_PREBUILT="opt/.*"
-QA_EXECSTACK="opt/dropbox/dropbox"
-
-BDEPEND="dev-util/patchelf"
-
-# Be sure to have GLIBCXX_3.4.9, #393125
-RDEPEND="
-	X? (
-		x11-themes/hicolor-icon-theme
-	)
-	selinux? ( sec-policy/selinux-dropbox )
-	app-arch/bzip2
-	dev-libs/glib:2
-	dev-libs/libffi-compat:6
-	media-libs/fontconfig
-	media-libs/freetype
-	net-misc/wget
-	sys-libs/zlib
-	sys-libs/ncurses-compat:5
-	virtual/opengl
-	x11-libs/libICE
-	x11-libs/libSM
-	x11-libs/libX11
-	x11-libs/libXext
-	x11-libs/libXrender
-	x11-libs/libxcb
-"
-
-src_unpack() {
-	unpack ${A}
-	mkdir -p "${S}" || die
-	mv "${WORKDIR}"/.dropbox-dist/* "${S}" || die
-	mv "${S}"/dropbox-lnx.*-${PV}/* "${S}" || die
-	rmdir "${S}"/dropbox-lnx.*-${PV}/ || die
-	rmdir .dropbox-dist || die
-}
-
-src_prepare() {
-	default
-	# we supply all of these in RDEPEND
-	rm -vf libGL.so.1 libX11* libffi.so.6 || die
-	# some of these do not appear to be used
-	rm -vf libQt5{OpenGL,PrintSupport,Qml,Quick,Sql,WebKit,WebKitWidgets}.so.5 \
-		PyQt5.QtPrintSupport.* PyQt5.QtQml.* PyQt5.QtQuick.*  \
-		wmctrl libdrm.so.2 libpopt.so.0 || die
-	if use X ; then
-		mv images/hicolor/16x16/status "${T}" || die
-	else
-		rm -vrf images || die
-	fi
-	patchelf --set-rpath '$ORIGIN' \
-		apex._apex.*.so \
-		nucleus_python.*.so \
-		tprt.*.so \
-		|| die
-	pax-mark cm dropbox
-	mv README ACKNOWLEDGEMENTS "${T}" || die
-}
-
-src_install() {
-	local targetdir="/opt/dropbox"
-
-	insinto "${targetdir}"
-	doins -r *
-	fperms a+x "${targetdir}"/{dropbox,dropboxd}
-	dosym "${targetdir}/dropboxd" "/opt/bin/dropbox"
-
-	if use X; then
-		doicon -s 16 -c status "${T}"/status
-		newicon -s scalable "${DISTDIR}/DropboxGlyph_Blue.svg" dropbox.svg
-	fi
-
-	make_desktop_entry "${PN}" "Dropbox" "dropbox"
-
-	newinitd "${FILESDIR}"/dropbox.initd dropbox
-	newconfd "${FILESDIR}"/dropbox.conf dropbox
-	systemd_newunit "${FILESDIR}"/dropbox_at.service-r2 "dropbox@.service"
-
-	dodoc "${T}"/{README,ACKNOWLEDGEMENTS}
-}
-
-pkg_postinst() {
-	einfo "Warning: while running, dropbox may attempt to autoupdate itself in"
-	einfo " your user's home directory.  To prevent this, run the following as"
-	einfo " each user who will run dropbox:"
-	einfo ""
-	einfo "install -dm0 ~/.dropbox-dist"
-}
diff --git a/net-misc/dropbox/dropbox-202.4.5551.ebuild b/net-misc/dropbox/dropbox-202.4.5551.ebuild
index 7d9715a71882..e90baaad900e 100644
--- a/net-misc/dropbox/dropbox-202.4.5551.ebuild
+++ b/net-misc/dropbox/dropbox-202.4.5551.ebuild
@@ -15,7 +15,7 @@ SRC_URI="
 
 LICENSE="BSD-2 CC-BY-ND-3.0 FTL MIT LGPL-2 openssl dropbox"
 SLOT="0"
-KEYWORDS="~amd64 ~x86 ~x86-linux"
+KEYWORDS="amd64 x86 ~x86-linux"
 IUSE="selinux X"
 
 RESTRICT="mirror strip"
diff --git a/net-misc/iputils/Manifest b/net-misc/iputils/Manifest
index beccf16c52cc..373ec77c9e89 100644
--- a/net-misc/iputils/Manifest
+++ b/net-misc/iputils/Manifest
@@ -2,7 +2,7 @@ DIST iputils-20211215.tar.gz 524567 BLAKE2B b88ff84be1d4d6a741f8f3514739ceff45ea
 DIST iputils-20221126.tar.gz 511944 BLAKE2B 97bdc49810ce9e517211323e8e8ffd2f2be505704d67533db0e8f296701048b82c61b39062aab4a8fa148b29175636a657c2dcdd65e3a16b1572d2f392b8ecf0 SHA512 7fdfd76e6f2977039bc0930a1a5451f17319bf17beefc429751d99ffe143a83344d5b4cdbf008627bd70caafeadaf906a8b7c00393fa819e50d6c02b512c367f
 DIST iputils-20240117.tar.xz 445684 BLAKE2B 635943e12010aef8c1291b407bfbe284e0179391fca76197b77037ae1ffc219fa1d8e36abcea5fb7fff10d55ab40eed7c081e5d92b29f0916a4b4dd806945491 SHA512 c45822c5641f194dc07cba919c13a4b7a79d050bb53957a894ebb6ccc1f71bac1f26489e13d18ef1ce235982f5fa1824e677f95037a0f5cce6bcb94be4c2e2de
 DIST iputils-manpages-20211215.tar.xz 17148 BLAKE2B 63a956805b01f57b070b6b4ceb32f6ddf4313c74203cde821fc2f6f16ab8de14861da31163adf496db555f1961592d4fbc2ba7a977ccb18773af3bdb8d3795c0 SHA512 eb8c8508221b06fc13bf196b01b11f3ec87cd77e25d89c088776e39d249e10a3915ebb39942805adee179b352543063ce3dac158d68783c68c23de550ec14eee
-EBUILD iputils-20211215.ebuild 4754 BLAKE2B f5e6b11dcf1642695fb3fe8be537a5df04359d397c28f7a86fff5b11c8dc37743597df22721d41bdd8c45f3f06f76325c236e3159602b15bc8cd1200d3389c41 SHA512 aa0565d5645f4acba4bfa3ca6d425e2538922ec9f3405ba1f4542941e7f21f5399e8709b71d76292a927109911226cdaa2be56ad63b62006e59a759556747bd5
+EBUILD iputils-20211215.ebuild 4680 BLAKE2B 25612a3f8228a87f7d71a13f70e8aae66ef3b0753cb9d81c51e31f8161808183802da52c06c41af31696ee45195c01213718a17ed12525b80c6deede32bdc491 SHA512 8b173b56452216802b85ac4cb4995a8dce5a611fcc076f60e6ae005804780ffdea504b8f1180f2eea08488c216718c1cf4b10de66299c4f93d785d2c469c6da0
 EBUILD iputils-20221126-r1.ebuild 3185 BLAKE2B 65869e38c722027f8ac43639b54862d04a1bb98c2c3758488fd73de25071100595c3cd83220efa0e076297f90af62b475868ed7a8b759c1a50f8e89f2aadded0 SHA512 2e4e741c9ff0c44699c491474f6a201ec95a4f0753bb3f45f48ddd55c3342da4afb2ca8a7a71a7467b4a6e025dc1c1a3661c98c2abc71e4dae04027b2a3d32a0
 EBUILD iputils-20240117.ebuild 3185 BLAKE2B 2b3c56bcf406f5087d8c913ee89342e6c40248766e104ef30c5667241f353e2fdbfea575469bbadf15bd08ca63eb7951b6491ff8268e1b036378638193b820f2 SHA512 556560985c83ab9d8cc5de8430b2d58803e6dc76c5d1941ac8c7a6ada344f1b15e110243a1ba028861cd936c0d7ab431c995f4e78fae89e7b083b17f5c19851a
 EBUILD iputils-99999999.ebuild 3193 BLAKE2B 41894869b9a7e22606c13416045a52ef5708e75626cec480d669aa6744026c99c3b6c6789bf5275ae6ac153456e3eab87ae782940e0b264095c1d5070ff94bed SHA512 44a357c7e1b31a592c14cf51a0a6886a31e87534d43e3d02c29956c9caa91b57db569b1656677f65851af4e631b65b3fd5e28de8b45c5bf8672a166f12200863
diff --git a/net-misc/iputils/iputils-20211215.ebuild b/net-misc/iputils/iputils-20211215.ebuild
index 9adbec78252c..eae62b94c80d 100644
--- a/net-misc/iputils/iputils-20211215.ebuild
+++ b/net-misc/iputils/iputils-20211215.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # For released versions, we precompile the man/html pages and store
@@ -19,8 +19,7 @@ if [[ ${PV} == "99999999" ]] ; then
 	inherit git-r3
 else
 	SRC_URI="https://github.com/iputils/iputils/archive/${PV}.tar.gz -> ${P}.tar.gz
-		https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-manpages-${PV}.tar.xz
-		https://dev.gentoo.org/~whissi/dist/iputils/${PN}-manpages-${PV}.tar.xz"
+		https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-manpages-${PV}.tar.xz"
 	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux"
 fi
 
diff --git a/net-misc/nextcloud-client/Manifest b/net-misc/nextcloud-client/Manifest
index 3d265ffc0fc5..05af79817e15 100644
--- a/net-misc/nextcloud-client/Manifest
+++ b/net-misc/nextcloud-client/Manifest
@@ -1,14 +1,10 @@
 AUX nextcloud-client-3.6.6-no-redefine-fortify-source.patch 1447 BLAKE2B 14a3a1a1206a0a0027aa9c59e07b6d81174428aaaf90fba5706e9c7a2f076753a4b2f364ffa0f22dabf785d58832dde1aeba61e3cb3cc92feffa8b4b614c5d65 SHA512 808c10f8ea1905d54f62f895b2089c2acb602e838143f6a4268a5ab1e966ffe6ff01f132b8b65e0eebde21435a859cc7fb4f868a2ca81da4dcaa02292a337ed7
 DIST nextcloud-client-3.11.1.tar.gz 13598448 BLAKE2B b1e9070c55972facd72c65b571128f55c041f2fa1d38f7d22ed0f3ebca2b4ad9faef56d5699a48a70f062d13385c39123185b50ebba3d035d4e5af1320ce1844 SHA512 fc8700f36e3a2e8f07d219f9e7065a97e46d162d8c4f9a576e322dc45470e8b95321a1e176c4739a4fa212a69ff2782049096b32dcfe656a9e9cbedb8c7ed50e
-DIST nextcloud-client-3.12.1.tar.gz 13640266 BLAKE2B 25ce7db16496e5e51bba40cf578fb21b21b9d606f73342032bb0ebafcd48cbb77e16fbd7f2efbd79501b8ca6a3976bc6e39984001b18abd7af5019103987fc5f SHA512 0ec00322d546abfc62645cb0674044e5f6dd12e0cab5e9cac0053f9bc42d42659fbb52f996d41cf166d45ed1750006cdd86669c6daee73b657e4b6807e4bae9a
-DIST nextcloud-client-3.12.2.tar.gz 13645095 BLAKE2B af79e3ea7686255be0424dba8a1a90416bc8a5c53d302c9ee7fe1d7ed29ded7e558be1838405195c7eef6f008724e6b8827edc0e0e7bdaa21ca330a695f225b1 SHA512 fc8956b435d91f9caefc1e334739c99bf0745e8feef5badd825d8e9a141b0f4e202a0b522d0ce01a19e137763342f9b3841fefaf233179116d759aceab86b8f3
-DIST nextcloud-client-3.12.3.tar.gz 13642292 BLAKE2B 9cf2dcb507e2eca71a57b308dfa7d104393dc3bd8d8f6293ad07d1172446e641e7618d3744ac13f9b19a8725440ae9211600b21d03979e64ac26075a886f8763 SHA512 e333354b70102fd596c4fe18f69860c5c9313348359579cd552297a7e67dbb8a6ba7a9f09e9676e96298649f75fb649f2a9aa10d524ebedcf4b6aa244877fd62
 DIST nextcloud-client-3.13.0.tar.gz 13779791 BLAKE2B a0817a13af27e7fb57bb8a5644654cf3f8a461b7cb4afc71762b7bde5a7611ec57168939c07670d159e54ab11a49e991eda609a855e756d39ecca839a8f79586 SHA512 bf41a63a92e7e970e0b85d6df6e53e6ed8cd2c70fdfdfc86b144b01f82759a05f4bb016fd3009516bb405a589f26f84a8c6cf54191dc906a37d3dddf20dbcfbb
+DIST nextcloud-client-3.13.1.tar.gz 13783306 BLAKE2B 0ac012a612b8c6ba0ec530712393af970afe6a4570078cf87ef991005c9d0481bd68eaf5e39c37a589397af67a3b6ee9c08680c54196de20197bb4d8a854e7b2 SHA512 c78b3ed0a72a7e82028f62529fe00cdd387932d396a402fd3760a8a52bc6083a4b833ca28aea3b35637065de0fe6ca6a4f12c31fbf4b2a560d9001696194ae0b
 DIST nextcloud-client-3.9.4.tar.gz 15768508 BLAKE2B 7c06434538e9e95bed284ba07692d0d4d594639a145c2f3b67b8e81586fb98e1592eca54b9ee3cc638f8226ebb83e89e60a79238c76696fe9ca033209646eb13 SHA512 9f99278deb024ce105bae14d8dadc626b835486858e94f5483e9da3d06340a29e0941648cccfc30714c15ce25a6b77c4aa05a17fc213d7aa84803ffc13dca5a4
 EBUILD nextcloud-client-3.11.1.ebuild 2749 BLAKE2B 2365c6846ceda8e2acda8dabeaf6d7d3283133027baaf021e1d83e165d6d3188f6bf93768ca0d7bf599b10db4d3d26b8c3ebb577b6c53a7ef1c3bf4bec3cf22f SHA512 98c9ae0a2c2b35a0cd48ff4aa12050babeecf21a3c668476f2d2a8b0024a64e4e2838e1765e2929bb7bd8fa311c374da3b2c3b11464dc24bad1689df672baf67
-EBUILD nextcloud-client-3.12.1.ebuild 2765 BLAKE2B 27362ab34eae0c143332ae341a13dbfa194f71a43e9ddf9a928eb823bd4fca2c2bbce8a177a0bd77b28e2ece43401de0d90e50b4cd0027607d4c8f115e32b5b3 SHA512 3f68d7155dd026f9f00886f50c70cfd8b227c24f7ee35f622629f86870b2c98bd9b3292b031be13f25ff70bf5bdd210dde77d275b2420631210d5556e8793bb6
-EBUILD nextcloud-client-3.12.2.ebuild 2765 BLAKE2B 27362ab34eae0c143332ae341a13dbfa194f71a43e9ddf9a928eb823bd4fca2c2bbce8a177a0bd77b28e2ece43401de0d90e50b4cd0027607d4c8f115e32b5b3 SHA512 3f68d7155dd026f9f00886f50c70cfd8b227c24f7ee35f622629f86870b2c98bd9b3292b031be13f25ff70bf5bdd210dde77d275b2420631210d5556e8793bb6
-EBUILD nextcloud-client-3.12.3.ebuild 2765 BLAKE2B 27362ab34eae0c143332ae341a13dbfa194f71a43e9ddf9a928eb823bd4fca2c2bbce8a177a0bd77b28e2ece43401de0d90e50b4cd0027607d4c8f115e32b5b3 SHA512 3f68d7155dd026f9f00886f50c70cfd8b227c24f7ee35f622629f86870b2c98bd9b3292b031be13f25ff70bf5bdd210dde77d275b2420631210d5556e8793bb6
 EBUILD nextcloud-client-3.13.0.ebuild 2765 BLAKE2B 27362ab34eae0c143332ae341a13dbfa194f71a43e9ddf9a928eb823bd4fca2c2bbce8a177a0bd77b28e2ece43401de0d90e50b4cd0027607d4c8f115e32b5b3 SHA512 3f68d7155dd026f9f00886f50c70cfd8b227c24f7ee35f622629f86870b2c98bd9b3292b031be13f25ff70bf5bdd210dde77d275b2420631210d5556e8793bb6
+EBUILD nextcloud-client-3.13.1.ebuild 2774 BLAKE2B df1d531ef33a79a997d8b2b5faf25c6cc8bacb7f85c9aeba384a25276aacc42f95cc976b4257036e7143b76086fe007868d261541aecdbba1805de36b823f443 SHA512 45c9653e599ed1ad563d8c2bcecbed38d66b31cd4d47b14b3b6b516e895d1922071e38af132c31d2d4bf3fed9670cbca219283f2476830db4fcace5b9e3965f1
 EBUILD nextcloud-client-3.9.4.ebuild 2717 BLAKE2B 637408938ba4ae238a40ae275860ee1db8e4f036d921cd7eac6c20500dd78ab86f3aa2c98fa12edf402f14550755bd993a0e55adb0dc99f1cb1da1952dcb3d3c SHA512 57d91d98de4ff61ba6f5c32a8e122c290ace8c135bfccadb0279b78580f9d05870a59580edf1fa774728132f8653e1ef5a098fa090f2f19cadb50ac916c4a047
 MISC metadata.xml 712 BLAKE2B 423b16fa8879b0bc21d8ff1c692e5e592f571b5d69dcdd35fe79dae08b770c0d5beb2cbf71af2e7410d1dfd6917d15bac0482a84a40ce602ab03ab0f59940355 SHA512 2cfeff27549192c2aaa9c64369545e75b3a056c123d7647c96505dd410490230027401961e95ef88c93b0485393bd54aa11ddc922bcaf2782f9e68a2d8d17b32
diff --git a/net-misc/nextcloud-client/nextcloud-client-3.12.1.ebuild b/net-misc/nextcloud-client/nextcloud-client-3.12.1.ebuild
deleted file mode 100644
index 0812c7b1c004..000000000000
--- a/net-misc/nextcloud-client/nextcloud-client-3.12.1.ebuild
+++ /dev/null
@@ -1,116 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit cmake virtualx xdg
-
-DESCRIPTION="Desktop Syncing Client for Nextcloud"
-HOMEPAGE="https://github.com/nextcloud/desktop"
-SRC_URI="
-	https://github.com/nextcloud/desktop/archive/v${PV/_/-}.tar.gz -> ${P}.tar.gz
-"
-S="${WORKDIR}/desktop-${PV/_/-}"
-
-LICENSE="CC-BY-3.0 GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
-IUSE="doc dolphin nautilus test webengine"
-RESTRICT="!test? ( test )"
-
-# slot op for qtqui as this package uses private API parts of qtqui
-# src/gui/generalsettings.cpp:#include <private/qzipwriter_p.h>
-RDEPEND="
-	>=dev-db/sqlite-3.34:3
-	>=dev-libs/openssl-1.1.0:0=
-	dev-libs/qtkeychain:=[qt5(+)]
-	dev-qt/qtcore:5
-	dev-qt/qtdbus:5
-	dev-qt/qtdeclarative:5
-	dev-qt/qtgui:5=
-	dev-qt/qtnetwork:5[ssl]
-	dev-qt/qtquickcontrols2:5
-	dev-qt/qtsql:5[sqlite]
-	dev-qt/qtsvg:5
-	dev-qt/qtwebsockets:5
-	dev-qt/qtwidgets:5
-	net-libs/libcloudproviders
-	kde-frameworks/karchive:5
-	sys-libs/zlib
-	dolphin? (
-		kde-frameworks/kcoreaddons:5
-		kde-frameworks/kio:5
-	)
-	nautilus? ( dev-python/nautilus-python )
-	webengine? ( dev-qt/qtwebengine:5[widgets] )
-"
-DEPEND="
-	${RDEPEND}
-	dev-qt/qtconcurrent:5
-	dev-qt/qtxml:5
-	|| ( gnome-base/librsvg media-gfx/inkscape )
-	doc? (
-		dev-python/sphinx
-		dev-tex/latexmk
-		dev-texlive/texlive-latexextra
-		virtual/latex-base
-	)
-	test? (
-		dev-qt/qttest:5
-		dev-util/cmocka
-	)
-"
-BDEPEND="
-	dev-qt/linguist-tools:5
-	dolphin? ( kde-frameworks/extra-cmake-modules )
-"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-3.6.6-no-redefine-fortify-source.patch
-)
-
-src_prepare() {
-	# Keep tests in ${T}
-	sed -i -e "s#\"/tmp#\"${T}#g" test/test*.cpp || die
-
-	cmake_src_prepare
-}
-
-src_configure() {
-	local mycmakeargs=(
-		-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/${PF}
-		-DBUILD_UPDATER=OFF
-		$(cmake_use_find_package doc Sphinx)
-		$(cmake_use_find_package doc PdfLatex)
-		$(cmake_use_find_package webengine Qt5WebEngine)
-		$(cmake_use_find_package webengine Qt5WebEngineWidgets)
-		-DBUILD_SHELL_INTEGRATION_DOLPHIN=$(usex dolphin)
-		-DBUILD_SHELL_INTEGRATION_NAUTILUS=$(usex nautilus)
-		-DBUILD_TESTING=$(usex test)
-	)
-
-	cmake_src_configure
-}
-
-src_test() {
-	TEST_VERBOSE=1 virtx cmake_src_test
-}
-
-src_compile() {
-	local compile_targets=(all)
-	if use doc; then
-		compile_targets+=(doc doc-man)
-	fi
-	cmake_src_compile ${compile_targets[@]}
-}
-
-pkg_postinst() {
-	xdg_pkg_postinst
-
-	if ! has_version -r "dev-libs/qtkeychain[keyring]"; then
-		elog "dev-libs/qtkeychain has not been build with the 'keyring' USE flag."
-		elog "Please consider enabling the 'keyring' USE flag. Otherwise you may"
-		elog "have to authenticate manually every time you start the nextlcoud client."
-		elog "See https://bugs.gentoo.org/912844 for more information."
-	fi
-}
diff --git a/net-misc/nextcloud-client/nextcloud-client-3.12.2.ebuild b/net-misc/nextcloud-client/nextcloud-client-3.12.2.ebuild
deleted file mode 100644
index 0812c7b1c004..000000000000
--- a/net-misc/nextcloud-client/nextcloud-client-3.12.2.ebuild
+++ /dev/null
@@ -1,116 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit cmake virtualx xdg
-
-DESCRIPTION="Desktop Syncing Client for Nextcloud"
-HOMEPAGE="https://github.com/nextcloud/desktop"
-SRC_URI="
-	https://github.com/nextcloud/desktop/archive/v${PV/_/-}.tar.gz -> ${P}.tar.gz
-"
-S="${WORKDIR}/desktop-${PV/_/-}"
-
-LICENSE="CC-BY-3.0 GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
-IUSE="doc dolphin nautilus test webengine"
-RESTRICT="!test? ( test )"
-
-# slot op for qtqui as this package uses private API parts of qtqui
-# src/gui/generalsettings.cpp:#include <private/qzipwriter_p.h>
-RDEPEND="
-	>=dev-db/sqlite-3.34:3
-	>=dev-libs/openssl-1.1.0:0=
-	dev-libs/qtkeychain:=[qt5(+)]
-	dev-qt/qtcore:5
-	dev-qt/qtdbus:5
-	dev-qt/qtdeclarative:5
-	dev-qt/qtgui:5=
-	dev-qt/qtnetwork:5[ssl]
-	dev-qt/qtquickcontrols2:5
-	dev-qt/qtsql:5[sqlite]
-	dev-qt/qtsvg:5
-	dev-qt/qtwebsockets:5
-	dev-qt/qtwidgets:5
-	net-libs/libcloudproviders
-	kde-frameworks/karchive:5
-	sys-libs/zlib
-	dolphin? (
-		kde-frameworks/kcoreaddons:5
-		kde-frameworks/kio:5
-	)
-	nautilus? ( dev-python/nautilus-python )
-	webengine? ( dev-qt/qtwebengine:5[widgets] )
-"
-DEPEND="
-	${RDEPEND}
-	dev-qt/qtconcurrent:5
-	dev-qt/qtxml:5
-	|| ( gnome-base/librsvg media-gfx/inkscape )
-	doc? (
-		dev-python/sphinx
-		dev-tex/latexmk
-		dev-texlive/texlive-latexextra
-		virtual/latex-base
-	)
-	test? (
-		dev-qt/qttest:5
-		dev-util/cmocka
-	)
-"
-BDEPEND="
-	dev-qt/linguist-tools:5
-	dolphin? ( kde-frameworks/extra-cmake-modules )
-"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-3.6.6-no-redefine-fortify-source.patch
-)
-
-src_prepare() {
-	# Keep tests in ${T}
-	sed -i -e "s#\"/tmp#\"${T}#g" test/test*.cpp || die
-
-	cmake_src_prepare
-}
-
-src_configure() {
-	local mycmakeargs=(
-		-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/${PF}
-		-DBUILD_UPDATER=OFF
-		$(cmake_use_find_package doc Sphinx)
-		$(cmake_use_find_package doc PdfLatex)
-		$(cmake_use_find_package webengine Qt5WebEngine)
-		$(cmake_use_find_package webengine Qt5WebEngineWidgets)
-		-DBUILD_SHELL_INTEGRATION_DOLPHIN=$(usex dolphin)
-		-DBUILD_SHELL_INTEGRATION_NAUTILUS=$(usex nautilus)
-		-DBUILD_TESTING=$(usex test)
-	)
-
-	cmake_src_configure
-}
-
-src_test() {
-	TEST_VERBOSE=1 virtx cmake_src_test
-}
-
-src_compile() {
-	local compile_targets=(all)
-	if use doc; then
-		compile_targets+=(doc doc-man)
-	fi
-	cmake_src_compile ${compile_targets[@]}
-}
-
-pkg_postinst() {
-	xdg_pkg_postinst
-
-	if ! has_version -r "dev-libs/qtkeychain[keyring]"; then
-		elog "dev-libs/qtkeychain has not been build with the 'keyring' USE flag."
-		elog "Please consider enabling the 'keyring' USE flag. Otherwise you may"
-		elog "have to authenticate manually every time you start the nextlcoud client."
-		elog "See https://bugs.gentoo.org/912844 for more information."
-	fi
-}
diff --git a/net-misc/nextcloud-client/nextcloud-client-3.12.3.ebuild b/net-misc/nextcloud-client/nextcloud-client-3.12.3.ebuild
deleted file mode 100644
index 0812c7b1c004..000000000000
--- a/net-misc/nextcloud-client/nextcloud-client-3.12.3.ebuild
+++ /dev/null
@@ -1,116 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit cmake virtualx xdg
-
-DESCRIPTION="Desktop Syncing Client for Nextcloud"
-HOMEPAGE="https://github.com/nextcloud/desktop"
-SRC_URI="
-	https://github.com/nextcloud/desktop/archive/v${PV/_/-}.tar.gz -> ${P}.tar.gz
-"
-S="${WORKDIR}/desktop-${PV/_/-}"
-
-LICENSE="CC-BY-3.0 GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
-IUSE="doc dolphin nautilus test webengine"
-RESTRICT="!test? ( test )"
-
-# slot op for qtqui as this package uses private API parts of qtqui
-# src/gui/generalsettings.cpp:#include <private/qzipwriter_p.h>
-RDEPEND="
-	>=dev-db/sqlite-3.34:3
-	>=dev-libs/openssl-1.1.0:0=
-	dev-libs/qtkeychain:=[qt5(+)]
-	dev-qt/qtcore:5
-	dev-qt/qtdbus:5
-	dev-qt/qtdeclarative:5
-	dev-qt/qtgui:5=
-	dev-qt/qtnetwork:5[ssl]
-	dev-qt/qtquickcontrols2:5
-	dev-qt/qtsql:5[sqlite]
-	dev-qt/qtsvg:5
-	dev-qt/qtwebsockets:5
-	dev-qt/qtwidgets:5
-	net-libs/libcloudproviders
-	kde-frameworks/karchive:5
-	sys-libs/zlib
-	dolphin? (
-		kde-frameworks/kcoreaddons:5
-		kde-frameworks/kio:5
-	)
-	nautilus? ( dev-python/nautilus-python )
-	webengine? ( dev-qt/qtwebengine:5[widgets] )
-"
-DEPEND="
-	${RDEPEND}
-	dev-qt/qtconcurrent:5
-	dev-qt/qtxml:5
-	|| ( gnome-base/librsvg media-gfx/inkscape )
-	doc? (
-		dev-python/sphinx
-		dev-tex/latexmk
-		dev-texlive/texlive-latexextra
-		virtual/latex-base
-	)
-	test? (
-		dev-qt/qttest:5
-		dev-util/cmocka
-	)
-"
-BDEPEND="
-	dev-qt/linguist-tools:5
-	dolphin? ( kde-frameworks/extra-cmake-modules )
-"
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-3.6.6-no-redefine-fortify-source.patch
-)
-
-src_prepare() {
-	# Keep tests in ${T}
-	sed -i -e "s#\"/tmp#\"${T}#g" test/test*.cpp || die
-
-	cmake_src_prepare
-}
-
-src_configure() {
-	local mycmakeargs=(
-		-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/${PF}
-		-DBUILD_UPDATER=OFF
-		$(cmake_use_find_package doc Sphinx)
-		$(cmake_use_find_package doc PdfLatex)
-		$(cmake_use_find_package webengine Qt5WebEngine)
-		$(cmake_use_find_package webengine Qt5WebEngineWidgets)
-		-DBUILD_SHELL_INTEGRATION_DOLPHIN=$(usex dolphin)
-		-DBUILD_SHELL_INTEGRATION_NAUTILUS=$(usex nautilus)
-		-DBUILD_TESTING=$(usex test)
-	)
-
-	cmake_src_configure
-}
-
-src_test() {
-	TEST_VERBOSE=1 virtx cmake_src_test
-}
-
-src_compile() {
-	local compile_targets=(all)
-	if use doc; then
-		compile_targets+=(doc doc-man)
-	fi
-	cmake_src_compile ${compile_targets[@]}
-}
-
-pkg_postinst() {
-	xdg_pkg_postinst
-
-	if ! has_version -r "dev-libs/qtkeychain[keyring]"; then
-		elog "dev-libs/qtkeychain has not been build with the 'keyring' USE flag."
-		elog "Please consider enabling the 'keyring' USE flag. Otherwise you may"
-		elog "have to authenticate manually every time you start the nextlcoud client."
-		elog "See https://bugs.gentoo.org/912844 for more information."
-	fi
-}
diff --git a/net-misc/nextcloud-client/nextcloud-client-3.13.1.ebuild b/net-misc/nextcloud-client/nextcloud-client-3.13.1.ebuild
new file mode 100644
index 000000000000..7abc2102345e
--- /dev/null
+++ b/net-misc/nextcloud-client/nextcloud-client-3.13.1.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake virtualx xdg
+
+DESCRIPTION="Desktop Syncing Client for Nextcloud"
+HOMEPAGE="https://github.com/nextcloud/desktop"
+SRC_URI="
+	https://github.com/nextcloud/desktop/archive/v${PV/_/-}.tar.gz -> ${P}.tar.gz
+"
+S="${WORKDIR}/desktop-${PV/_/-}"
+
+LICENSE="CC-BY-3.0 GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86"
+IUSE="doc dolphin nautilus test webengine"
+RESTRICT="!test? ( test )"
+
+# slot op for qtqui as this package uses private API parts of qtqui
+# src/gui/generalsettings.cpp:#include <private/qzipwriter_p.h>
+RDEPEND="
+	>=dev-db/sqlite-3.34:3
+	>=dev-libs/openssl-1.1.0:0=
+	dev-libs/qtkeychain:=[qt5(+)]
+	dev-qt/qtcore:5
+	dev-qt/qtdbus:5
+	dev-qt/qtdeclarative:5[widgets]
+	dev-qt/qtgui:5=
+	dev-qt/qtnetwork:5[ssl]
+	dev-qt/qtquickcontrols2:5
+	dev-qt/qtsql:5[sqlite]
+	dev-qt/qtsvg:5
+	dev-qt/qtwebsockets:5
+	dev-qt/qtwidgets:5
+	net-libs/libcloudproviders
+	kde-frameworks/karchive:5
+	sys-libs/zlib
+	dolphin? (
+		kde-frameworks/kcoreaddons:5
+		kde-frameworks/kio:5
+	)
+	nautilus? ( dev-python/nautilus-python )
+	webengine? ( dev-qt/qtwebengine:5[widgets] )
+"
+DEPEND="
+	${RDEPEND}
+	dev-qt/qtconcurrent:5
+	dev-qt/qtxml:5
+	|| ( gnome-base/librsvg media-gfx/inkscape )
+	doc? (
+		dev-python/sphinx
+		dev-tex/latexmk
+		dev-texlive/texlive-latexextra
+		virtual/latex-base
+	)
+	test? (
+		dev-qt/qttest:5
+		dev-util/cmocka
+	)
+"
+BDEPEND="
+	dev-qt/linguist-tools:5
+	dolphin? ( kde-frameworks/extra-cmake-modules )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.6.6-no-redefine-fortify-source.patch
+)
+
+src_prepare() {
+	# Keep tests in ${T}
+	sed -i -e "s#\"/tmp#\"${T}#g" test/test*.cpp || die
+
+	cmake_src_prepare
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-DCMAKE_INSTALL_DOCDIR=/usr/share/doc/${PF}
+		-DBUILD_UPDATER=OFF
+		$(cmake_use_find_package doc Sphinx)
+		$(cmake_use_find_package doc PdfLatex)
+		$(cmake_use_find_package webengine Qt5WebEngine)
+		$(cmake_use_find_package webengine Qt5WebEngineWidgets)
+		-DBUILD_SHELL_INTEGRATION_DOLPHIN=$(usex dolphin)
+		-DBUILD_SHELL_INTEGRATION_NAUTILUS=$(usex nautilus)
+		-DBUILD_TESTING=$(usex test)
+	)
+
+	cmake_src_configure
+}
+
+src_test() {
+	TEST_VERBOSE=1 virtx cmake_src_test
+}
+
+src_compile() {
+	local compile_targets=(all)
+	if use doc; then
+		compile_targets+=(doc doc-man)
+	fi
+	cmake_src_compile ${compile_targets[@]}
+}
+
+pkg_postinst() {
+	xdg_pkg_postinst
+
+	if ! has_version -r "dev-libs/qtkeychain[keyring]"; then
+		elog "dev-libs/qtkeychain has not been build with the 'keyring' USE flag."
+		elog "Please consider enabling the 'keyring' USE flag. Otherwise you may"
+		elog "have to authenticate manually every time you start the nextlcoud client."
+		elog "See https://bugs.gentoo.org/912844 for more information."
+	fi
+}
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index c80949936254..f6dc442215e6 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,6 +1,8 @@
 AUX openssh-9.3_p1-disable-conch-interop-tests.patch 554 BLAKE2B f5f45c000ec26c1f783669c3447ea3c80c5c0f9b971b86ca1e79e99e906a90a519abb6b14db462f5766572e9759180719ea44f048ef5aa8efc37efb61d2b6ef7 SHA512 f35b15f1e8d0eb276d748ee14c71004c6599ddb124c33e2f84623bc9eb02bb4fd4680d25d0ba0289d6a723a526c95c9a56b30496bdaa565bae853bf3d1bab61f
 AUX openssh-9.3_p1-fix-putty-tests.patch 1691 BLAKE2B 8a92766bd2db65a4dab1254a356ecee65203e11179a499b40dfde623c642a0d6aa205490faabd50abfba5bbb4a9d3e1fa9427c42fd82883df1401b7a871979ea SHA512 4b27ece068d233e128dde2571a93ce6ff695ee975e5dcbef84b8c0923e84903494f980bbe38129cd9f83bb34e7a7940f8686a5b8f85d20e3e11c53b6d933196d
 AUX openssh-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch 1647 BLAKE2B 9d55e9060e6eae041176bef27acc58d6026c8fb68c65c71c11c1acbe4e6840a63fba3dbc113a8981da66901717c1f3b4f2211a2cb322d3d4e5eba8c86f4e269c SHA512 d8fc604795d8bb4228ccbfe5714d5503bb1e0d63818d2fac65d533530d01fe4ce4fac0743b8b415f646322fec859b699fa7365beba8a42bd880d737b7c6bd7df
+AUX openssh-9.6_p1-CVE-2024-6387.patch 508 BLAKE2B 592b671107692b2be1e181e0be60b693485b430355f77dd0da49ad63a26824efac82ac09d58d0ca6085b3af3204410a5433409dc880de91212870d3a520efb75 SHA512 86083f30781df293666442ab597a8c16f6e84581be4ea4371c32aeeac7efb985b78dcb8c9ae749b6747d196c7c90cd99cd946fea0cf990f06446a71ff9465858
+AUX openssh-9.6_p1-chaff-logic.patch 696 BLAKE2B c4823f78e5cc381fb65e14512917965c0118490e5b430a28f0322fff013b7b0f40f8a0b664e748a3c1317776f22ed1411655c2fa52532c444741e8f600b582a7 SHA512 6a839546c618f00c297ac9b5b2ae46bd13ac495e5a093a3aa4d0cda81152db94706c4e9ce6b132a038e4febd05b7c19693c98ac91cc142073a06d9960efe29e4
 AUX openssh-9.6_p1-fix-xmss-c99.patch 696 BLAKE2B db9ad0e9340ee241d28310b438e90a909bea551fe136f2e6855f00067e63f3558a773005359454b14315dd46ac508397ad8f081b4aaae9f7ccf0bbc30b263d85 SHA512 1e7c2b7aec655ba312a9c0edb9db5f79323aace53f5531d69d60672e1f5bb329543558d8abea5e7a21cea1c438c5ae228f6e2a0fc39a78524b6f7f005b8011e3
 AUX openssh-9.7_p1-config-tweaks.patch 1032 BLAKE2B 52f20d412722b00a452b92c8b45a8884b3e8d76c05be45431de3c7a0401dcbbf4587b65703e28a389ee05066af73cb6c1845626342b059fac463dc2ea38d0535 SHA512 bfc39aa573dd3934bae2a496a8a730f99dd7d6217c4d6e146ca4c401151f5e803f704719f29213548c67db015ba9f4cae749dd7ee5bc3b8cee0395892abae01f
 AUX sshd-r1.confd 774 BLAKE2B df3f3f28cb4d35b49851399b52408c42e242ae3168ff3fc79add211903567da370cfe86a267932ca9cf13c3afbc38a8f1b53e753a31670ee61bf8ba8747832f8 SHA512 3a69752592126024319a95f1c1747af508fd639c86eca472106c5d6c23d5eeaa441ca74740d4b1aafaa0db759d38879e3c1cee742b08d6166ebc58cddac1e2fe
@@ -13,9 +15,10 @@ DIST openssh-9.6p1.tar.gz 1857862 BLAKE2B dd7f6747fe89f7b386be4faaf7fc43398a9bf4
 DIST openssh-9.6p1.tar.gz.asc 833 BLAKE2B 9363d02f85457aa90069020827306a2f49d8406e32f5ee1d231844648dd2ffa02fa9b7325b8677a11e46a0ba0d9ffc86d9c989435d691a02f5354a956c49f9f9 SHA512 aec5a5bd6ce480a8e5b5879dc55f8186aec90fe61f085aa92ad7d07f324574aa781be09c83b7443a32848d091fd44fb12c1842d49cee77afc351e550ffcc096d
 DIST openssh-9.7p1.tar.gz 1848766 BLAKE2B 520859fcbdf678808fc8515b64585ab9a90a8055fa869df6fbba3083cb7f73ddb81ed9ea981e131520736a8aed838f85ae68ca63406a410df61039913c5cb48b SHA512 0cafc17d22851605a4a5495a1d82c2b3fbbe6643760aad226dbf2a25b5f49d4375c3172833706ea3cb6c05d5d02a40feb9a7e790eae5c4570dd344a43e94ca55
 DIST openssh-9.7p1.tar.gz.asc 833 BLAKE2B a95e952be48bd55a07d0a95a49dc06c326816c67b8b5d40bd3f64c28aa43122253817b8a088e7a3b8a190375ea39f9fc3400b22d035561f9643c1d32b5caef27 SHA512 e028978e4266de9ad513626b13d70249e4166923fc15f38751178e2b3522ff6ebb9a7ca7dc32d1bb42d42fb92adf9903dba1b734bec083010ed7323aadad8baf
+DIST openssh-9.8p1.tar.gz 1910393 BLAKE2B 3bf983c4ef5358054ed0104cd51d3e0069fbc2b80d8522d0df644d5508ec1d26a67bf061b1b5698d1cdf0d2cbba16b4cdca12a4ce30da24429094576a075e192 SHA512 95dec2f18e58eb47994f3de4430253e0665e185564b65088ca5f4108870e05feddef8cda8d3c0a4b75f18b98cc2c024df0e27de53b48c1a16da8da483cb8292a
+DIST openssh-9.8p1.tar.gz.asc 833 BLAKE2B 5291e8c03ab9a75acb44285cd7fc010f4a33551f142499624165dac708fc05a6d077df81555aa41037b45f6301e4e5db3161a7a23404473f8a233a877fc55cc3 SHA512 4df1f1be2c6ab7f3aebaedd0a773b0e8c8929abb30cd3415873ad55d012cfa113f792e888e5e772dd468c394aeb7e35d62893a514dbc0ab1a03acd79918657f7
 EBUILD openssh-9.6_p1-r3.ebuild 13807 BLAKE2B 61ce712b91455496975c2f5daec0d50fc32dd677aee7612f7734c9a690724c2ae9d968b50a56216e765dc1aac289491e16a1e80856c3cfc745e0ab869d409ff2 SHA512 66cfc7769271649448389e2b25987ee1702d0a9bce45699e746374cd923065e7ff6d8b6df0616a3af80381e7963500512acee66995a6a5088b5bc49266ec2010
-EBUILD openssh-9.6_p1-r4.ebuild 13862 BLAKE2B 1b30cb07de4207d7589c1912ce723a2b72b0afa376db008abe25fffad2ddf8cce95f6b4a40cbfaf5a6302770503bb402f4fc535078a153bd0e97d70f77d5ac0f SHA512 bad36e36ac0f200b97f5bdca41040f12c89b677146dec6b5f9637f7a5b3d91d19afb42ef965cdc2c105866b56fda66b27c8f0fc2b3d5d3beded7462ad2c3ce67
-EBUILD openssh-9.7_p1-r2.ebuild 13983 BLAKE2B 7d6127c1c0660c549be4e2166e5322ac6a7b86f9e141571a4c14d152aec06b2dbc0837152f8e64c127a4604a4ef0fc0ec2efdf87ea1285cfd717eaccdfae102d SHA512 9f5d8ddc3d15043dc1de5aaa87cccea8d4151265582f52137675193210d8796f5b8baed53c8d2ee883a02a8009dc9e42b7024171d69637173b6011ee277fc81f
-EBUILD openssh-9.7_p1-r3.ebuild 14030 BLAKE2B 0763b2e35a159bee5d8548ca1e0a553971db58108d56dc58a4b33e6072fa06b9f516909c9220a1e0740c4a4dd636e2ec265f5a19a32088eb63477feff38f2b66 SHA512 4e2d56e8320eab4dae7caa0bef36668ba91f5377871ef6bfbb884ab14794fd7ca2b348681d703566ad2dd6a357c1f842fbe253948ae59cbf605e3bd538757a2c
-EBUILD openssh-9.7_p1-r5.ebuild 14036 BLAKE2B f8c9cfe5ffda3a08d2f38956320e766639084f62655e865e0e77323a0e9a7106b5740c063177c00f52fad5ed3bc025c480128e76949a29e8b0d9f726eee454cf SHA512 c713b2c7959a5c95d7cff9c1525db8fa7daa8d5517bff8d6f8b34d567703b55fa5d16454a950dd4828b2369ce0e898e69c054a518a3db90091e053ed29d08e2b
+EBUILD openssh-9.6_p1-r5.ebuild 13949 BLAKE2B f87a0bca07c8d17c5842f1edd3a26ac9af2a2fd462c63afbb5337198d477152100b2af7f6816875db82046b107132e201f98676b60d2afd72600ce4e8d5f7693 SHA512 fbf4d6ddbfc11debfbf8b4279b48f3d7c3c70e2b9ab705988a6a136aeb829e84b444b18eec05d11e21bb02e1273d9918c46084cc640aeba079b41cabcb200f3c
+EBUILD openssh-9.7_p1-r6.ebuild 14123 BLAKE2B ca52b359044de9227eb24866bf11a43ae7bad28ab36fd5d5ded17fea9bb53a8a31e0ef879c09012c51c7382f0a947536ca565e4a76975089c210218526c34b13 SHA512 60ec7e6f4497901eea582ca92058a6c2cb7bed1e99af0175fc20457b5c3d4ebe7b1adc6167d49b1ca428eef7ce3b5d0ba6d2ea26b371bca284dcef839bdfa3ef
+EBUILD openssh-9.8_p1-r1.ebuild 15237 BLAKE2B 230b850fd20d87215ee6841feef794a042369f57ca443fb2285475b3cfb75533a41d1e59cf23f3555250bed700cd3e69728e58a87f8215e534d88502620efff2 SHA512 2e045b708129a5e491e25868f6339afe41641b73b85e02450bc5bedf2cd30c8700de072baa49d5ab7a4fc11f3511078a904986c0a927f8872d9eba5a23a41938
 MISC metadata.xml 1788 BLAKE2B d04d3030f70f3615522672fa56e684acaa67ddce8d16cce86ba8911fb8fc11ed152be012ecf560427d271868c4841a7422aaa644305947302d3ebab62bdb577d SHA512 bd328e3a33ce04b989149333db5f774f1b52540f12ef83b08b7fcf136ae2a3a9c83bef42c28991d3536249098ca0b9ffd21e583d93599580510d8619e9fd01ca
diff --git a/net-misc/openssh/files/openssh-9.6_p1-CVE-2024-6387.patch b/net-misc/openssh/files/openssh-9.6_p1-CVE-2024-6387.patch
new file mode 100644
index 000000000000..7b7fb70380d9
--- /dev/null
+++ b/net-misc/openssh/files/openssh-9.6_p1-CVE-2024-6387.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/935271
+Backport proposed by upstream at https://marc.info/?l=oss-security&m=171982317624594&w=2.
+--- a/log.c
++++ b/log.c
+@@ -451,12 +451,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#ifdef SYSLOG_R_SAFE_IN_SIGHAND
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
++#endif
+ 	_exit(1);
+ }
+ 
diff --git a/net-misc/openssh/files/openssh-9.6_p1-chaff-logic.patch b/net-misc/openssh/files/openssh-9.6_p1-chaff-logic.patch
new file mode 100644
index 000000000000..90544d1a457e
--- /dev/null
+++ b/net-misc/openssh/files/openssh-9.6_p1-chaff-logic.patch
@@ -0,0 +1,16 @@
+"Minor logic error in ObscureKeystrokeTiming"
+https://marc.info/?l=oss-security&m=171982317624594&w=2
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -608,8 +608,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
+ 		if (timespeccmp(&now, &chaff_until, >=)) {
+ 			/* Stop if there have been no keystrokes for a while */
+ 			stop_reason = "chaff time expired";
+-		} else if (timespeccmp(&now, &next_interval, >=)) {
+-			/* Otherwise if we were due to send, then send chaff */
++		} else if (timespeccmp(&now, &next_interval, >=) &&
++		    !ssh_packet_have_data_to_write(ssh)) {
++			/* If due to send but have no data, then send chaff */
+ 			if (send_chaff(ssh))
+ 				nchaff++;
+ 		}
diff --git a/net-misc/openssh/openssh-9.6_p1-r4.ebuild b/net-misc/openssh/openssh-9.6_p1-r4.ebuild
deleted file mode 100644
index 8d611b8b20b5..000000000000
--- a/net-misc/openssh/openssh-9.6_p1-r4.ebuild
+++ /dev/null
@@ -1,390 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
-inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="
-	mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
-"
-S="${WORKDIR}/${PARCH}"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss"
-
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="
-	ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	xmss? ( ssl  )
-	test? ( ssl )
-"
-
-# tests currently fail with XMSS
-REQUIRED_USE+="test? ( !xmss )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		net-libs/ldns[ecdsa(+),ssl(+)]
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
-	virtual/libcrypt:=[static-libs(+)]
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
-"
-RDEPEND="
-	acct-group/sshd
-	acct-user/sshd
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( sys-libs/pam )
-	kerberos? ( virtual/krb5 )
-"
-DEPEND="
-	${RDEPEND}
-	virtual/os-headers
-	kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) )
-	static? ( ${LIB_DEPEND} )
-"
-RDEPEND="
-	${RDEPEND}
-	!net-misc/openssh-contrib
-	pam? ( >=sys-auth/pambase-20081028 )
-	!prefix? ( sys-apps/shadow )
-"
-BDEPEND="
-	dev-build/autoconf
-	virtual/pkgconfig
-	verify-sig? ( sec-keys/openpgp-keys-openssh )
-"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-9.3_p1-disable-conch-interop-tests.patch"
-	"${FILESDIR}/${PN}-9.3_p1-fix-putty-tests.patch"
-	"${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
-	"${FILESDIR}/${PN}-9.6_p1-fix-xmss-c99.patch"
-)
-
-pkg_pretend() {
-	local i enabled_eol_flags disabled_eol_flags
-	for i in hpn sctp X509; do
-		if has_version "net-misc/openssh[${i}]"; then
-			enabled_eol_flags+="${i},"
-			disabled_eol_flags+="-${i},"
-		fi
-	done
-
-	if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
-		# Skip for binary packages entirely because of environment saving, bug #907892
-		[[ ${MERGE_TYPE} == binary ]] && return
-
-		ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
-		ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
-		ewarn "since these USE flags required third-party patches that often trigger bugs"
-		ewarn "and are of questionable provenance."
-		ewarn
-		ewarn "If you must continue relying on this functionality, switch to"
-		ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your"
-		ewarn "world file first: 'emerge --deselect net-misc/openssh'"
-		ewarn
-		ewarn "In order to prevent loss of SSH remote login access, we will abort the build."
-		ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib"
-		ewarn "variant, when re-emerging you will have to set"
-		ewarn
-		ewarn "  OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-
-		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}/etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	[[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	default
-
-	# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
-	sed -e '/\t\tpercent \\/ d' \
-		-i regress/Makefile || die
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-	use xmss && append-cflags -DWITH_XMSS
-
-	if [[ ${CHOST} == *-solaris* ]] ; then
-		# Solaris' glob.h doesn't have things like GLOB_TILDE, configure
-		# doesn't check for this, so force the replacement to be put in
-		# place
-		append-cppflags -DBROKEN_GLOB
-	fi
-
-	# use replacement, RPF_ECHO_ON doesn't exist here
-	[[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX}"/etc/ssh
-		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX}"/var/empty
-		--with-privsep-user=sshd
-		# optional at runtime; guarantee a known path
-		--with-xauth="${EPREFIX}"/usr/bin/xauth
-
-		# --with-hardening adds the following in addition to flags we
-		# already set in our toolchain:
-		# * -ftrapv (which is broken with GCC anyway),
-		# * -ftrivial-auto-var-init=zero (which is nice, but not the end of
-		#    the world to not have)
-		# * -fzero-call-used-regs=used (history of miscompilations with
-		#    Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
-		#    gcc PR104820, gcc PR104817, gcc PR110934)).
-		#
-		# Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
-		# so we cannot just disable -fzero-call-used-regs=used.
-		#
-		# Therefore, just pass --without-hardening, given it doesn't negate
-		# our already hardened toolchain defaults, and avoids adding flags
-		# which are known-broken in both Clang and GCC and haven't been
-		# proven reliable.
-		--without-hardening
-
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with security-key security-key-builtin)
-		$(use_with ssl openssl)
-		$(use_with ssl ssl-engine)
-	)
-
-	if use elibc_musl; then
-		# musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230)
-		myconf+=( --disable-utmp --disable-wtmp )
-	fi
-
-	# Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all
-	# bug #869839 (https://github.com/llvm/llvm-project/issues/57692)
-	tc-is-clang && myconf+=( --without-hardening )
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local tests=( compat-tests )
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		ewarn "user, so we will run a subset only."
-		tests+=( interop-tests )
-	else
-		tests+=( tests )
-	fi
-
-	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
-	mkdir -p "${HOME}"/.ssh || die
-	emake -j1 "${tests[@]}" </dev/null
-}
-
-# Gentoo tweaks to default config files.
-tweak_ssh_configs() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die
-	Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
-	EOF
-	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die
-	Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
-	EOF
-
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
-	# Send locale environment variables (bug #367017)
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM (bug #658540)
-	SendEnv COLORTERM
-	EOF
-
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
-	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
-	EOF
-
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_revoked_hosts || die
-	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
-	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
-	EOF
-
-	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
-	# Allow client to pass locale environment variables (bug #367017)
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM (bug #658540)
-	AcceptEnv COLORTERM
-	EOF
-
-	if use pam ; then
-		cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
-		UsePAM yes
-		# This interferes with PAM.
-		PasswordAuthentication no
-		# PAM can do its own handling of MOTD.
-		PrintMotd no
-		PrintLastLog no
-		EOF
-	fi
-
-	if use livecd ; then
-		cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
-		# Allow root login with password on livecds.
-		PermitRootLogin Yes
-		EOF
-	fi
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd-r1.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	if use pam; then
-		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-	fi
-
-	tweak_ssh_configs
-
-	doman contrib/ssh-copy-id.1
-	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
-	diropts -m 0700
-	dodir /etc/skel/.ssh
-	rmdir "${ED}"/var/empty || die
-
-	systemd_dounit "${FILESDIR}"/sshd.socket
-	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
-	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
-}
-
-pkg_preinst() {
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
-		show_ssl_warning=1
-	fi
-}
-
-pkg_postinst() {
-	# bug #139235
-	optfeature "x11 forwarding" x11-apps/xauth
-
-	local old_ver
-	for old_ver in ${REPLACING_VERSIONS}; do
-		if ver_test "${old_ver}" -lt "5.8_p1"; then
-			elog "Starting with openssh-5.8p1, the server will default to a newer key"
-			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-		fi
-		if ver_test "${old_ver}" -lt "7.0_p1"; then
-			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-			elog "Make sure to update any configs that you might have.  Note that xinetd might"
-			elog "be an alternative for you as it supports USE=tcpd."
-		fi
-		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
-			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-			elog "adding to your sshd_config or ~/.ssh/config files:"
-			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-			elog "You should however generate new keys using rsa or ed25519."
-
-			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-			elog "out of the box.  If you need this, please update your sshd_config explicitly."
-		fi
-		if ver_test "${old_ver}" -lt "7.6_p1"; then
-			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-		fi
-		if ver_test "${old_ver}" -lt "7.7_p1"; then
-			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-			elog "if you need to authenticate against LDAP."
-			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-		fi
-		if ver_test "${old_ver}" -lt "8.2_p1"; then
-			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
-			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
-			ewarn "connection is generally safe."
-		fi
-		if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
-			ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
-			ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
-			ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
-			ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
-			ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
-			ewarn "set 'Restart=no' in your sshd unit file."
-		fi
-	done
-
-	if [[ -n ${show_ssl_warning} ]]; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-}
diff --git a/net-misc/openssh/openssh-9.6_p1-r5.ebuild b/net-misc/openssh/openssh-9.6_p1-r5.ebuild
new file mode 100644
index 000000000000..eaae6cd6082f
--- /dev/null
+++ b/net-misc/openssh/openssh-9.6_p1-r5.ebuild
@@ -0,0 +1,392 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
+inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="https://www.openssh.com/"
+SRC_URI="
+	mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
+"
+S="${WORKDIR}/${PARCH}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+	ldns? ( ssl )
+	pie? ( !static )
+	static? ( !kerberos !pam )
+	xmss? ( ssl  )
+	test? ( ssl )
+"
+
+# tests currently fail with XMSS
+REQUIRED_USE+="test? ( !xmss )"
+
+LIB_DEPEND="
+	audit? ( sys-process/audit[static-libs(+)] )
+	ldns? (
+		net-libs/ldns[static-libs(+)]
+		net-libs/ldns[ecdsa(+),ssl(+)]
+	)
+	libedit? ( dev-libs/libedit:=[static-libs(+)] )
+	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
+	virtual/libcrypt:=[static-libs(+)]
+	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
+"
+RDEPEND="
+	acct-group/sshd
+	acct-user/sshd
+	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( sys-libs/pam )
+	kerberos? ( virtual/krb5 )
+"
+DEPEND="
+	${RDEPEND}
+	virtual/os-headers
+	kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) )
+	static? ( ${LIB_DEPEND} )
+"
+RDEPEND="
+	${RDEPEND}
+	!net-misc/openssh-contrib
+	pam? ( >=sys-auth/pambase-20081028 )
+	!prefix? ( sys-apps/shadow )
+"
+BDEPEND="
+	dev-build/autoconf
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-openssh )
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-9.3_p1-disable-conch-interop-tests.patch"
+	"${FILESDIR}/${PN}-9.3_p1-fix-putty-tests.patch"
+	"${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
+	"${FILESDIR}/${PN}-9.6_p1-fix-xmss-c99.patch"
+	"${FILESDIR}/${PN}-9.6_p1-CVE-2024-6387.patch"
+	"${FILESDIR}/${PN}-9.6_p1-chaff-logic.patch"
+)
+
+pkg_pretend() {
+	local i enabled_eol_flags disabled_eol_flags
+	for i in hpn sctp X509; do
+		if has_version "net-misc/openssh[${i}]"; then
+			enabled_eol_flags+="${i},"
+			disabled_eol_flags+="-${i},"
+		fi
+	done
+
+	if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
+		# Skip for binary packages entirely because of environment saving, bug #907892
+		[[ ${MERGE_TYPE} == binary ]] && return
+
+		ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
+		ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
+		ewarn "since these USE flags required third-party patches that often trigger bugs"
+		ewarn "and are of questionable provenance."
+		ewarn
+		ewarn "If you must continue relying on this functionality, switch to"
+		ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your"
+		ewarn "world file first: 'emerge --deselect net-misc/openssh'"
+		ewarn
+		ewarn "In order to prevent loss of SSH remote login access, we will abort the build."
+		ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib"
+		ewarn "variant, when re-emerging you will have to set"
+		ewarn
+		ewarn "  OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
+
+		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		ewarn "you're trying to use it.  Update your ${EROOT}/etc/hosts.{allow,deny} please."
+	fi
+}
+
+src_prepare() {
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	[[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+	default
+
+	# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
+	sed -e '/\t\tpercent \\/ d' \
+		-i regress/Makefile || die
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+
+	# _XOPEN_SOURCE causes header conflicts on Solaris
+	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
+		-e 's/-D_XOPEN_SOURCE//'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+	use xmss && append-cflags -DWITH_XMSS
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# Solaris' glob.h doesn't have things like GLOB_TILDE, configure
+		# doesn't check for this, so force the replacement to be put in
+		# place
+		append-cppflags -DBROKEN_GLOB
+	fi
+
+	# use replacement, RPF_ECHO_ON doesn't exist here
+	[[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		# optional at runtime; guarantee a known path
+		--with-xauth="${EPREFIX}"/usr/bin/xauth
+
+		# --with-hardening adds the following in addition to flags we
+		# already set in our toolchain:
+		# * -ftrapv (which is broken with GCC anyway),
+		# * -ftrivial-auto-var-init=zero (which is nice, but not the end of
+		#    the world to not have)
+		# * -fzero-call-used-regs=used (history of miscompilations with
+		#    Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
+		#    gcc PR104820, gcc PR104817, gcc PR110934)).
+		#
+		# Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
+		# so we cannot just disable -fzero-call-used-regs=used.
+		#
+		# Therefore, just pass --without-hardening, given it doesn't negate
+		# our already hardened toolchain defaults, and avoids adding flags
+		# which are known-broken in both Clang and GCC and haven't been
+		# proven reliable.
+		--without-hardening
+
+		$(use_with audit audit linux)
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with selinux)
+		$(use_with security-key security-key-builtin)
+		$(use_with ssl openssl)
+		$(use_with ssl ssl-engine)
+	)
+
+	if use elibc_musl; then
+		# musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230)
+		myconf+=( --disable-utmp --disable-wtmp )
+	fi
+
+	# Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all
+	# bug #869839 (https://github.com/llvm/llvm-project/issues/57692)
+	tc-is-clang && myconf+=( --without-hardening )
+
+	econf "${myconf[@]}"
+}
+
+src_test() {
+	local tests=( compat-tests )
+	local shell=$(egetshell "${UID}")
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
+		ewarn "user, so we will run a subset only."
+		tests+=( interop-tests )
+	else
+		tests+=( tests )
+	fi
+
+	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
+	mkdir -p "${HOME}"/.ssh || die
+	emake -j1 "${tests[@]}" </dev/null
+}
+
+# Gentoo tweaks to default config files.
+tweak_ssh_configs() {
+	local locale_vars=(
+		# These are language variables that POSIX defines.
+		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
+		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
+
+		# These are the GNU extensions.
+		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
+		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
+	)
+
+	dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die
+	Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
+	EOF
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die
+	Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
+	EOF
+
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
+	# Send locale environment variables (bug #367017)
+	SendEnv ${locale_vars[*]}
+
+	# Send COLORTERM to match TERM (bug #658540)
+	SendEnv COLORTERM
+	EOF
+
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
+	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
+	EOF
+
+	cat <<-EOF >> "${ED}"/etc/ssh/ssh_revoked_hosts || die
+	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
+	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+	EOF
+
+	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
+	# Allow client to pass locale environment variables (bug #367017)
+	AcceptEnv ${locale_vars[*]}
+
+	# Allow client to pass COLORTERM to match TERM (bug #658540)
+	AcceptEnv COLORTERM
+	EOF
+
+	if use pam ; then
+		cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
+		UsePAM yes
+		# This interferes with PAM.
+		PasswordAuthentication no
+		# PAM can do its own handling of MOTD.
+		PrintMotd no
+		PrintLastLog no
+		EOF
+	fi
+
+	if use livecd ; then
+		cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
+		# Allow root login with password on livecds.
+		PermitRootLogin Yes
+		EOF
+	fi
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd-r1.initd sshd
+	newconfd "${FILESDIR}"/sshd-r1.confd sshd
+
+	if use pam; then
+		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	fi
+
+	tweak_ssh_configs
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	diropts -m 0700
+	dodir /etc/skel/.ssh
+	rmdir "${ED}"/var/empty || die
+
+	systemd_dounit "${FILESDIR}"/sshd.socket
+	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
+	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
+}
+
+pkg_preinst() {
+	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
+		show_ssl_warning=1
+	fi
+}
+
+pkg_postinst() {
+	# bug #139235
+	optfeature "x11 forwarding" x11-apps/xauth
+
+	local old_ver
+	for old_ver in ${REPLACING_VERSIONS}; do
+		if ver_test "${old_ver}" -lt "5.8_p1"; then
+			elog "Starting with openssh-5.8p1, the server will default to a newer key"
+			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+		fi
+		if ver_test "${old_ver}" -lt "7.0_p1"; then
+			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+			elog "Make sure to update any configs that you might have.  Note that xinetd might"
+			elog "be an alternative for you as it supports USE=tcpd."
+		fi
+		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
+			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
+			elog "adding to your sshd_config or ~/.ssh/config files:"
+			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
+			elog "You should however generate new keys using rsa or ed25519."
+
+			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
+			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
+			elog "out of the box.  If you need this, please update your sshd_config explicitly."
+		fi
+		if ver_test "${old_ver}" -lt "7.6_p1"; then
+			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
+			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
+		fi
+		if ver_test "${old_ver}" -lt "7.7_p1"; then
+			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
+			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
+			elog "if you need to authenticate against LDAP."
+			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
+		fi
+		if ver_test "${old_ver}" -lt "8.2_p1"; then
+			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
+			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
+			ewarn "connection is generally safe."
+		fi
+		if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
+			ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
+			ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
+			ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
+			ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
+			ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
+			ewarn "set 'Restart=no' in your sshd unit file."
+		fi
+	done
+
+	if [[ -n ${show_ssl_warning} ]]; then
+		elog "Be aware that by disabling openssl support in openssh, the server and clients"
+		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
+		elog "and update all clients/servers that utilize them."
+	fi
+}
diff --git a/net-misc/openssh/openssh-9.7_p1-r2.ebuild b/net-misc/openssh/openssh-9.7_p1-r2.ebuild
deleted file mode 100644
index ce9e1d1a47c2..000000000000
--- a/net-misc/openssh/openssh-9.7_p1-r2.ebuild
+++ /dev/null
@@ -1,403 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
-inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="
-	mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
-"
-S="${WORKDIR}/${PARCH}"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss"
-
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="
-	ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	xmss? ( ssl  )
-	test? ( ssl )
-"
-
-# tests currently fail with XMSS
-REQUIRED_USE+="test? ( !xmss )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		net-libs/ldns[ecdsa(+),ssl(+)]
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
-	virtual/libcrypt:=[static-libs(+)]
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
-"
-RDEPEND="
-	acct-group/sshd
-	acct-user/sshd
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( sys-libs/pam )
-	kerberos? ( virtual/krb5 )
-"
-DEPEND="
-	${RDEPEND}
-	virtual/os-headers
-	kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) )
-	static? ( ${LIB_DEPEND} )
-"
-RDEPEND="
-	${RDEPEND}
-	!net-misc/openssh-contrib
-	pam? ( >=sys-auth/pambase-20081028 )
-	!prefix? ( sys-apps/shadow )
-"
-BDEPEND="
-	dev-build/autoconf
-	virtual/pkgconfig
-	verify-sig? ( sec-keys/openpgp-keys-openssh )
-"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
-)
-
-pkg_pretend() {
-	local i enabled_eol_flags disabled_eol_flags
-	for i in hpn sctp X509; do
-		if has_version "net-misc/openssh[${i}]"; then
-			enabled_eol_flags+="${i},"
-			disabled_eol_flags+="-${i},"
-		fi
-	done
-
-	if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
-		# Skip for binary packages entirely because of environment saving, bug #907892
-		[[ ${MERGE_TYPE} == binary ]] && return
-
-		ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
-		ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
-		ewarn "since these USE flags required third-party patches that often trigger bugs"
-		ewarn "and are of questionable provenance."
-		ewarn
-		ewarn "If you must continue relying on this functionality, switch to"
-		ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your"
-		ewarn "world file first: 'emerge --deselect net-misc/openssh'"
-		ewarn
-		ewarn "In order to prevent loss of SSH remote login access, we will abort the build."
-		ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib"
-		ewarn "variant, when re-emerging you will have to set"
-		ewarn
-		ewarn "  OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-
-		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}/etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	[[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	default
-
-	# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
-	sed -e '/\t\tpercent \\/ d' \
-		-i regress/Makefile || die
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-	use xmss && append-cflags -DWITH_XMSS
-
-	if [[ ${CHOST} == *-solaris* ]] ; then
-		# Solaris' glob.h doesn't have things like GLOB_TILDE, configure
-		# doesn't check for this, so force the replacement to be put in
-		# place
-		append-cppflags -DBROKEN_GLOB
-	fi
-
-	# use replacement, RPF_ECHO_ON doesn't exist here
-	[[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX}"/etc/ssh
-		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX}"/var/empty
-		--with-privsep-user=sshd
-		# optional at runtime; guarantee a known path
-		--with-xauth="${EPREFIX}"/usr/bin/xauth
-
-		# --with-hardening adds the following in addition to flags we
-		# already set in our toolchain:
-		# * -ftrapv (which is broken with GCC anyway),
-		# * -ftrivial-auto-var-init=zero (which is nice, but not the end of
-		#    the world to not have)
-		# * -fzero-call-used-regs=used (history of miscompilations with
-		#    Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
-		#    gcc PR104820, gcc PR104817, gcc PR110934)).
-		#
-		# Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
-		# so we cannot just disable -fzero-call-used-regs=used.
-		#
-		# Therefore, just pass --without-hardening, given it doesn't negate
-		# our already hardened toolchain defaults, and avoids adding flags
-		# which are known-broken in both Clang and GCC and haven't been
-		# proven reliable.
-		--without-hardening
-
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with security-key security-key-builtin)
-		$(use_with ssl openssl)
-		$(use_with ssl ssl-engine)
-	)
-
-	if use elibc_musl; then
-		# musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230)
-		myconf+=( --disable-utmp --disable-wtmp )
-	fi
-
-	# Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all
-	# bug #869839 (https://github.com/llvm/llvm-project/issues/57692)
-	tc-is-clang && myconf+=( --without-hardening )
-
-	econf "${myconf[@]}"
-}
-
-tweak_ssh_configs() {
-	cat <<-EOF >> ssh_config.out || die
-
-	Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
-	EOF
-	cat <<-EOF >> sshd_config.out || die
-
-	Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
-	EOF
-}
-
-create_config_dropins() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
-	# Send locale environment variables (bug #367017)
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM (bug #658540)
-	SendEnv COLORTERM
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
-	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die
-	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
-	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
-	# Allow client to pass locale environment variables (bug #367017)
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM (bug #658540)
-	AcceptEnv COLORTERM
-	EOF
-
-	if use pam ; then
-		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
-		UsePAM yes
-		# This interferes with PAM.
-		PasswordAuthentication no
-		# PAM can do its own handling of MOTD.
-		PrintMotd no
-		PrintLastLog no
-		EOF
-	fi
-
-	if use livecd ; then
-		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
-		# Allow root login with password on livecds.
-		PermitRootLogin Yes
-		EOF
-	fi
-}
-
-src_compile() {
-	default
-	tweak_ssh_configs
-	create_config_dropins
-}
-
-src_test() {
-	local tests=( compat-tests )
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		ewarn "user, so we will run a subset only."
-		tests+=( interop-tests )
-	else
-		tests+=( tests )
-	fi
-
-	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
-	mkdir -p "${HOME}"/.ssh || die
-	emake -j1 "${tests[@]}" </dev/null
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd-r1.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	if use pam; then
-		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-	fi
-
-	doman contrib/ssh-copy-id.1
-	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
-	rmdir "${ED}"/var/empty || die
-
-	systemd_dounit "${FILESDIR}"/sshd.socket
-	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
-	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
-
-	# Install dropins with explicit mode, bug 906638, 915840
-	diropts -m0755
-	insopts -m0644
-	insinto /etc/ssh
-	doins -r "${WORKDIR}"/etc/ssh/ssh_config.d
-	doins "${WORKDIR}"/etc/ssh/ssh_revoked_hosts
-	diropts -m0700
-	insopts -m0600
-	doins -r "${WORKDIR}"/etc/ssh/sshd_config.d
-}
-
-pkg_preinst() {
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
-		show_ssl_warning=1
-	fi
-}
-
-pkg_postinst() {
-	# bug #139235
-	optfeature "x11 forwarding" x11-apps/xauth
-
-	local old_ver
-	for old_ver in ${REPLACING_VERSIONS}; do
-		if ver_test "${old_ver}" -lt "5.8_p1"; then
-			elog "Starting with openssh-5.8p1, the server will default to a newer key"
-			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-		fi
-		if ver_test "${old_ver}" -lt "7.0_p1"; then
-			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-			elog "Make sure to update any configs that you might have.  Note that xinetd might"
-			elog "be an alternative for you as it supports USE=tcpd."
-		fi
-		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
-			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-			elog "adding to your sshd_config or ~/.ssh/config files:"
-			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-			elog "You should however generate new keys using rsa or ed25519."
-
-			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-			elog "out of the box.  If you need this, please update your sshd_config explicitly."
-		fi
-		if ver_test "${old_ver}" -lt "7.6_p1"; then
-			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-		fi
-		if ver_test "${old_ver}" -lt "7.7_p1"; then
-			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-			elog "if you need to authenticate against LDAP."
-			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-		fi
-		if ver_test "${old_ver}" -lt "8.2_p1"; then
-			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
-			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
-			ewarn "connection is generally safe."
-		fi
-		if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
-			ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
-			ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
-			ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
-			ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
-			ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
-			ewarn "set 'Restart=no' in your sshd unit file."
-		fi
-	done
-
-	if [[ -n ${show_ssl_warning} ]]; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-}
diff --git a/net-misc/openssh/openssh-9.7_p1-r3.ebuild b/net-misc/openssh/openssh-9.7_p1-r3.ebuild
deleted file mode 100644
index 9bb9c924093a..000000000000
--- a/net-misc/openssh/openssh-9.7_p1-r3.ebuild
+++ /dev/null
@@ -1,404 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
-inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="
-	mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
-"
-S="${WORKDIR}/${PARCH}"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss"
-
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="
-	ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	xmss? ( ssl  )
-	test? ( ssl )
-"
-
-# tests currently fail with XMSS
-REQUIRED_USE+="test? ( !xmss )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		net-libs/ldns[ecdsa(+),ssl(+)]
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
-	virtual/libcrypt:=[static-libs(+)]
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
-"
-RDEPEND="
-	acct-group/sshd
-	acct-user/sshd
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( sys-libs/pam )
-	kerberos? ( virtual/krb5 )
-"
-DEPEND="
-	${RDEPEND}
-	virtual/os-headers
-	kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) )
-	static? ( ${LIB_DEPEND} )
-"
-RDEPEND="
-	${RDEPEND}
-	!net-misc/openssh-contrib
-	pam? ( >=sys-auth/pambase-20081028 )
-	!prefix? ( sys-apps/shadow )
-"
-BDEPEND="
-	dev-build/autoconf
-	virtual/pkgconfig
-	verify-sig? ( sec-keys/openpgp-keys-openssh )
-"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
-	"${FILESDIR}/${PN}-9.6_p1-fix-xmss-c99.patch"
-)
-
-pkg_pretend() {
-	local i enabled_eol_flags disabled_eol_flags
-	for i in hpn sctp X509; do
-		if has_version "net-misc/openssh[${i}]"; then
-			enabled_eol_flags+="${i},"
-			disabled_eol_flags+="-${i},"
-		fi
-	done
-
-	if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
-		# Skip for binary packages entirely because of environment saving, bug #907892
-		[[ ${MERGE_TYPE} == binary ]] && return
-
-		ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
-		ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
-		ewarn "since these USE flags required third-party patches that often trigger bugs"
-		ewarn "and are of questionable provenance."
-		ewarn
-		ewarn "If you must continue relying on this functionality, switch to"
-		ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your"
-		ewarn "world file first: 'emerge --deselect net-misc/openssh'"
-		ewarn
-		ewarn "In order to prevent loss of SSH remote login access, we will abort the build."
-		ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib"
-		ewarn "variant, when re-emerging you will have to set"
-		ewarn
-		ewarn "  OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-
-		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}/etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	[[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	default
-
-	# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
-	sed -e '/\t\tpercent \\/ d' \
-		-i regress/Makefile || die
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-	use xmss && append-cflags -DWITH_XMSS
-
-	if [[ ${CHOST} == *-solaris* ]] ; then
-		# Solaris' glob.h doesn't have things like GLOB_TILDE, configure
-		# doesn't check for this, so force the replacement to be put in
-		# place
-		append-cppflags -DBROKEN_GLOB
-	fi
-
-	# use replacement, RPF_ECHO_ON doesn't exist here
-	[[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX}"/etc/ssh
-		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX}"/var/empty
-		--with-privsep-user=sshd
-		# optional at runtime; guarantee a known path
-		--with-xauth="${EPREFIX}"/usr/bin/xauth
-
-		# --with-hardening adds the following in addition to flags we
-		# already set in our toolchain:
-		# * -ftrapv (which is broken with GCC anyway),
-		# * -ftrivial-auto-var-init=zero (which is nice, but not the end of
-		#    the world to not have)
-		# * -fzero-call-used-regs=used (history of miscompilations with
-		#    Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
-		#    gcc PR104820, gcc PR104817, gcc PR110934)).
-		#
-		# Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
-		# so we cannot just disable -fzero-call-used-regs=used.
-		#
-		# Therefore, just pass --without-hardening, given it doesn't negate
-		# our already hardened toolchain defaults, and avoids adding flags
-		# which are known-broken in both Clang and GCC and haven't been
-		# proven reliable.
-		--without-hardening
-
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with security-key security-key-builtin)
-		$(use_with ssl openssl)
-		$(use_with ssl ssl-engine)
-	)
-
-	if use elibc_musl; then
-		# musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230)
-		myconf+=( --disable-utmp --disable-wtmp )
-	fi
-
-	# Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all
-	# bug #869839 (https://github.com/llvm/llvm-project/issues/57692)
-	tc-is-clang && myconf+=( --without-hardening )
-
-	econf "${myconf[@]}"
-}
-
-tweak_ssh_configs() {
-	cat <<-EOF >> ssh_config.out || die
-
-	Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
-	EOF
-	cat <<-EOF >> sshd_config.out || die
-
-	Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
-	EOF
-}
-
-create_config_dropins() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
-	# Send locale environment variables (bug #367017)
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM (bug #658540)
-	SendEnv COLORTERM
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
-	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die
-	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
-	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
-	# Allow client to pass locale environment variables (bug #367017)
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM (bug #658540)
-	AcceptEnv COLORTERM
-	EOF
-
-	if use pam ; then
-		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
-		UsePAM yes
-		# This interferes with PAM.
-		PasswordAuthentication no
-		# PAM can do its own handling of MOTD.
-		PrintMotd no
-		PrintLastLog no
-		EOF
-	fi
-
-	if use livecd ; then
-		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
-		# Allow root login with password on livecds.
-		PermitRootLogin Yes
-		EOF
-	fi
-}
-
-src_compile() {
-	default
-	tweak_ssh_configs
-	create_config_dropins
-}
-
-src_test() {
-	local tests=( compat-tests )
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		ewarn "user, so we will run a subset only."
-		tests+=( interop-tests )
-	else
-		tests+=( tests )
-	fi
-
-	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
-	mkdir -p "${HOME}"/.ssh || die
-	emake -j1 "${tests[@]}" </dev/null
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd-r1.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	if use pam; then
-		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-	fi
-
-	doman contrib/ssh-copy-id.1
-	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
-	rmdir "${ED}"/var/empty || die
-
-	systemd_dounit "${FILESDIR}"/sshd.socket
-	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
-	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
-
-	# Install dropins with explicit mode, bug 906638, 915840
-	diropts -m0755
-	insopts -m0644
-	insinto /etc/ssh
-	doins -r "${WORKDIR}"/etc/ssh/ssh_config.d
-	doins "${WORKDIR}"/etc/ssh/ssh_revoked_hosts
-	diropts -m0700
-	insopts -m0600
-	doins -r "${WORKDIR}"/etc/ssh/sshd_config.d
-}
-
-pkg_preinst() {
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
-		show_ssl_warning=1
-	fi
-}
-
-pkg_postinst() {
-	# bug #139235
-	optfeature "x11 forwarding" x11-apps/xauth
-
-	local old_ver
-	for old_ver in ${REPLACING_VERSIONS}; do
-		if ver_test "${old_ver}" -lt "5.8_p1"; then
-			elog "Starting with openssh-5.8p1, the server will default to a newer key"
-			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-		fi
-		if ver_test "${old_ver}" -lt "7.0_p1"; then
-			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-			elog "Make sure to update any configs that you might have.  Note that xinetd might"
-			elog "be an alternative for you as it supports USE=tcpd."
-		fi
-		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
-			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-			elog "adding to your sshd_config or ~/.ssh/config files:"
-			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-			elog "You should however generate new keys using rsa or ed25519."
-
-			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-			elog "out of the box.  If you need this, please update your sshd_config explicitly."
-		fi
-		if ver_test "${old_ver}" -lt "7.6_p1"; then
-			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-		fi
-		if ver_test "${old_ver}" -lt "7.7_p1"; then
-			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-			elog "if you need to authenticate against LDAP."
-			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-		fi
-		if ver_test "${old_ver}" -lt "8.2_p1"; then
-			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
-			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
-			ewarn "connection is generally safe."
-		fi
-		if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
-			ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
-			ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
-			ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
-			ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
-			ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
-			ewarn "set 'Restart=no' in your sshd unit file."
-		fi
-	done
-
-	if [[ -n ${show_ssl_warning} ]]; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-}
diff --git a/net-misc/openssh/openssh-9.7_p1-r5.ebuild b/net-misc/openssh/openssh-9.7_p1-r5.ebuild
deleted file mode 100644
index 4d382b9b6ac6..000000000000
--- a/net-misc/openssh/openssh-9.7_p1-r5.ebuild
+++ /dev/null
@@ -1,398 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
-inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_}
-
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="https://www.openssh.com/"
-SRC_URI="
-	mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
-	verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
-"
-S="${WORKDIR}/${PARCH}"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-# Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss"
-
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="
-	ldns? ( ssl )
-	pie? ( !static )
-	static? ( !kerberos !pam )
-	xmss? ( ssl  )
-	test? ( ssl )
-"
-
-# tests currently fail with XMSS
-REQUIRED_USE+="test? ( !xmss )"
-
-LIB_DEPEND="
-	audit? ( sys-process/audit[static-libs(+)] )
-	ldns? (
-		net-libs/ldns[static-libs(+)]
-		net-libs/ldns[ecdsa(+),ssl(+)]
-	)
-	libedit? ( dev-libs/libedit:=[static-libs(+)] )
-	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
-	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
-	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
-	virtual/libcrypt:=[static-libs(+)]
-	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
-"
-RDEPEND="
-	acct-group/sshd
-	acct-user/sshd
-	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( sys-libs/pam )
-	kerberos? ( virtual/krb5 )
-"
-DEPEND="
-	${RDEPEND}
-	virtual/os-headers
-	kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) )
-	static? ( ${LIB_DEPEND} )
-"
-RDEPEND="
-	${RDEPEND}
-	!net-misc/openssh-contrib
-	pam? ( >=sys-auth/pambase-20081028 )
-	!prefix? ( sys-apps/shadow )
-"
-BDEPEND="
-	dev-build/autoconf
-	virtual/pkgconfig
-	verify-sig? ( sec-keys/openpgp-keys-openssh )
-"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
-	"${FILESDIR}/${PN}-9.6_p1-fix-xmss-c99.patch"
-	"${FILESDIR}/${PN}-9.7_p1-config-tweaks.patch"
-)
-
-pkg_pretend() {
-	local i enabled_eol_flags disabled_eol_flags
-	for i in hpn sctp X509; do
-		if has_version "net-misc/openssh[${i}]"; then
-			enabled_eol_flags+="${i},"
-			disabled_eol_flags+="-${i},"
-		fi
-	done
-
-	if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
-		# Skip for binary packages entirely because of environment saving, bug #907892
-		[[ ${MERGE_TYPE} == binary ]] && return
-
-		ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
-		ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
-		ewarn "since these USE flags required third-party patches that often trigger bugs"
-		ewarn "and are of questionable provenance."
-		ewarn
-		ewarn "If you must continue relying on this functionality, switch to"
-		ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your"
-		ewarn "world file first: 'emerge --deselect net-misc/openssh'"
-		ewarn
-		ewarn "In order to prevent loss of SSH remote login access, we will abort the build."
-		ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib"
-		ewarn "variant, when re-emerging you will have to set"
-		ewarn
-		ewarn "  OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-
-		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
-	fi
-
-	# Make sure people who are using tcp wrappers are notified of its removal. #531156
-	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
-		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
-		ewarn "you're trying to use it.  Update your ${EROOT}/etc/hosts.{allow,deny} please."
-	fi
-}
-
-src_prepare() {
-	# don't break .ssh/authorized_keys2 for fun
-	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
-
-	[[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
-
-	default
-
-	# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
-	sed -e '/\t\tpercent \\/ d' \
-		-i regress/Makefile || die
-
-	tc-export PKG_CONFIG
-	local sed_args=(
-		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
-		# Disable fortify flags ... our gcc does this for us
-		-e 's:-D_FORTIFY_SOURCE=2::'
-	)
-
-	# _XOPEN_SOURCE causes header conflicts on Solaris
-	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
-		-e 's/-D_XOPEN_SOURCE//'
-	)
-	sed -i "${sed_args[@]}" configure{.ac,} || die
-
-	eautoreconf
-}
-
-src_configure() {
-	addwrite /dev/ptmx
-
-	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
-	use static && append-ldflags -static
-	use xmss && append-cflags -DWITH_XMSS
-
-	if [[ ${CHOST} == *-solaris* ]] ; then
-		# Solaris' glob.h doesn't have things like GLOB_TILDE, configure
-		# doesn't check for this, so force the replacement to be put in
-		# place
-		append-cppflags -DBROKEN_GLOB
-	fi
-
-	# use replacement, RPF_ECHO_ON doesn't exist here
-	[[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no
-
-	local myconf=(
-		--with-ldflags="${LDFLAGS}"
-		--disable-strip
-		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
-		--sysconfdir="${EPREFIX}"/etc/ssh
-		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
-		--datadir="${EPREFIX}"/usr/share/openssh
-		--with-privsep-path="${EPREFIX}"/var/empty
-		--with-privsep-user=sshd
-		# optional at runtime; guarantee a known path
-		--with-xauth="${EPREFIX}"/usr/bin/xauth
-
-		# --with-hardening adds the following in addition to flags we
-		# already set in our toolchain:
-		# * -ftrapv (which is broken with GCC anyway),
-		# * -ftrivial-auto-var-init=zero (which is nice, but not the end of
-		#    the world to not have)
-		# * -fzero-call-used-regs=used (history of miscompilations with
-		#    Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
-		#    gcc PR104820, gcc PR104817, gcc PR110934)).
-		#
-		# Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
-		# so we cannot just disable -fzero-call-used-regs=used.
-		#
-		# Therefore, just pass --without-hardening, given it doesn't negate
-		# our already hardened toolchain defaults, and avoids adding flags
-		# which are known-broken in both Clang and GCC and haven't been
-		# proven reliable.
-		--without-hardening
-
-		$(use_with audit audit linux)
-		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
-		$(use_with ldns)
-		$(use_with libedit)
-		$(use_with pam)
-		$(use_with pie)
-		$(use_with selinux)
-		$(use_with security-key security-key-builtin)
-		$(use_with ssl openssl)
-		$(use_with ssl ssl-engine)
-	)
-
-	if use elibc_musl; then
-		# musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230)
-		myconf+=( --disable-utmp --disable-wtmp )
-	fi
-
-	# Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all
-	# bug #869839 (https://github.com/llvm/llvm-project/issues/57692)
-	tc-is-clang && myconf+=( --without-hardening )
-
-	econf "${myconf[@]}"
-}
-
-create_config_dropins() {
-	local locale_vars=(
-		# These are language variables that POSIX defines.
-		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
-		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
-
-		# These are the GNU extensions.
-		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
-		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
-	)
-
-	mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
-	# Send locale environment variables (bug #367017)
-	SendEnv ${locale_vars[*]}
-
-	# Send COLORTERM to match TERM (bug #658540)
-	SendEnv COLORTERM
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
-	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die
-	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
-	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
-	# Allow client to pass locale environment variables (bug #367017)
-	AcceptEnv ${locale_vars[*]}
-
-	# Allow client to pass COLORTERM to match TERM (bug #658540)
-	AcceptEnv COLORTERM
-	EOF
-
-	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf || die
-	# override default of no subsystems
-	Subsystem	sftp	${EPREFIX}/usr/$(get_libdir)/misc/sftp-server
-	EOF
-
-	if use pam ; then
-		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
-		UsePAM yes
-		# This interferes with PAM.
-		PasswordAuthentication no
-		# PAM can do its own handling of MOTD.
-		PrintMotd no
-		PrintLastLog no
-		EOF
-	fi
-
-	if use livecd ; then
-		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
-		# Allow root login with password on livecds.
-		PermitRootLogin Yes
-		EOF
-	fi
-}
-
-src_compile() {
-	default
-	create_config_dropins
-}
-
-src_test() {
-	local tests=( compat-tests )
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		ewarn "user, so we will run a subset only."
-		tests+=( interop-tests )
-	else
-		tests+=( tests )
-	fi
-
-	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
-	mkdir -p "${HOME}"/.ssh || die
-	emake -j1 "${tests[@]}" </dev/null
-}
-
-src_install() {
-	emake install-nokeys DESTDIR="${D}"
-	fperms 600 /etc/ssh/sshd_config
-	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd-r1.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
-
-	if use pam; then
-		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
-	fi
-
-	doman contrib/ssh-copy-id.1
-	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-
-	rmdir "${ED}"/var/empty || die
-
-	systemd_dounit "${FILESDIR}"/sshd.socket
-	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
-	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
-
-	# Install dropins with explicit mode, bug 906638, 915840
-	diropts -m0755
-	insopts -m0644
-	insinto /etc/ssh
-	doins -r "${WORKDIR}"/etc/ssh/ssh_config.d
-	doins "${WORKDIR}"/etc/ssh/ssh_revoked_hosts
-	diropts -m0700
-	insopts -m0600
-	doins -r "${WORKDIR}"/etc/ssh/sshd_config.d
-}
-
-pkg_preinst() {
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
-		show_ssl_warning=1
-	fi
-}
-
-pkg_postinst() {
-	# bug #139235
-	optfeature "x11 forwarding" x11-apps/xauth
-
-	local old_ver
-	for old_ver in ${REPLACING_VERSIONS}; do
-		if ver_test "${old_ver}" -lt "5.8_p1"; then
-			elog "Starting with openssh-5.8p1, the server will default to a newer key"
-			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-		fi
-		if ver_test "${old_ver}" -lt "7.0_p1"; then
-			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-			elog "Make sure to update any configs that you might have.  Note that xinetd might"
-			elog "be an alternative for you as it supports USE=tcpd."
-		fi
-		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
-			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-			elog "adding to your sshd_config or ~/.ssh/config files:"
-			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-			elog "You should however generate new keys using rsa or ed25519."
-
-			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-			elog "out of the box.  If you need this, please update your sshd_config explicitly."
-		fi
-		if ver_test "${old_ver}" -lt "7.6_p1"; then
-			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-		fi
-		if ver_test "${old_ver}" -lt "7.7_p1"; then
-			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-			elog "if you need to authenticate against LDAP."
-			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-		fi
-		if ver_test "${old_ver}" -lt "8.2_p1"; then
-			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
-			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
-			ewarn "connection is generally safe."
-		fi
-		if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
-			ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
-			ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
-			ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
-			ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
-			ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
-			ewarn "set 'Restart=no' in your sshd unit file."
-		fi
-	done
-
-	if [[ -n ${show_ssl_warning} ]]; then
-		elog "Be aware that by disabling openssl support in openssh, the server and clients"
-		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
-		elog "and update all clients/servers that utilize them."
-	fi
-}
diff --git a/net-misc/openssh/openssh-9.7_p1-r6.ebuild b/net-misc/openssh/openssh-9.7_p1-r6.ebuild
new file mode 100644
index 000000000000..dfe20d9c2272
--- /dev/null
+++ b/net-misc/openssh/openssh-9.7_p1-r6.ebuild
@@ -0,0 +1,400 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
+inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="https://www.openssh.com/"
+SRC_URI="
+	mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
+"
+S="${WORKDIR}/${PARCH}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+	ldns? ( ssl )
+	pie? ( !static )
+	static? ( !kerberos !pam )
+	xmss? ( ssl  )
+	test? ( ssl )
+"
+
+# tests currently fail with XMSS
+REQUIRED_USE+="test? ( !xmss )"
+
+LIB_DEPEND="
+	audit? ( sys-process/audit[static-libs(+)] )
+	ldns? (
+		net-libs/ldns[static-libs(+)]
+		net-libs/ldns[ecdsa(+),ssl(+)]
+	)
+	libedit? ( dev-libs/libedit:=[static-libs(+)] )
+	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
+	virtual/libcrypt:=[static-libs(+)]
+	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
+"
+RDEPEND="
+	acct-group/sshd
+	acct-user/sshd
+	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( sys-libs/pam )
+	kerberos? ( virtual/krb5 )
+"
+DEPEND="
+	${RDEPEND}
+	virtual/os-headers
+	kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) )
+	static? ( ${LIB_DEPEND} )
+"
+RDEPEND="
+	${RDEPEND}
+	!net-misc/openssh-contrib
+	pam? ( >=sys-auth/pambase-20081028 )
+	!prefix? ( sys-apps/shadow )
+"
+BDEPEND="
+	dev-build/autoconf
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-openssh )
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
+	"${FILESDIR}/${PN}-9.6_p1-fix-xmss-c99.patch"
+	"${FILESDIR}/${PN}-9.7_p1-config-tweaks.patch"
+	"${FILESDIR}/${PN}-9.6_p1-CVE-2024-6387.patch"
+	"${FILESDIR}/${PN}-9.6_p1-chaff-logic.patch"
+)
+
+pkg_pretend() {
+	local i enabled_eol_flags disabled_eol_flags
+	for i in hpn sctp X509; do
+		if has_version "net-misc/openssh[${i}]"; then
+			enabled_eol_flags+="${i},"
+			disabled_eol_flags+="-${i},"
+		fi
+	done
+
+	if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
+		# Skip for binary packages entirely because of environment saving, bug #907892
+		[[ ${MERGE_TYPE} == binary ]] && return
+
+		ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
+		ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
+		ewarn "since these USE flags required third-party patches that often trigger bugs"
+		ewarn "and are of questionable provenance."
+		ewarn
+		ewarn "If you must continue relying on this functionality, switch to"
+		ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your"
+		ewarn "world file first: 'emerge --deselect net-misc/openssh'"
+		ewarn
+		ewarn "In order to prevent loss of SSH remote login access, we will abort the build."
+		ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib"
+		ewarn "variant, when re-emerging you will have to set"
+		ewarn
+		ewarn "  OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
+
+		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		ewarn "you're trying to use it.  Update your ${EROOT}/etc/hosts.{allow,deny} please."
+	fi
+}
+
+src_prepare() {
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	[[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+	default
+
+	# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
+	sed -e '/\t\tpercent \\/ d' \
+		-i regress/Makefile || die
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+
+	# _XOPEN_SOURCE causes header conflicts on Solaris
+	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
+		-e 's/-D_XOPEN_SOURCE//'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+	use xmss && append-cflags -DWITH_XMSS
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# Solaris' glob.h doesn't have things like GLOB_TILDE, configure
+		# doesn't check for this, so force the replacement to be put in
+		# place
+		append-cppflags -DBROKEN_GLOB
+	fi
+
+	# use replacement, RPF_ECHO_ON doesn't exist here
+	[[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		# optional at runtime; guarantee a known path
+		--with-xauth="${EPREFIX}"/usr/bin/xauth
+
+		# --with-hardening adds the following in addition to flags we
+		# already set in our toolchain:
+		# * -ftrapv (which is broken with GCC anyway),
+		# * -ftrivial-auto-var-init=zero (which is nice, but not the end of
+		#    the world to not have)
+		# * -fzero-call-used-regs=used (history of miscompilations with
+		#    Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
+		#    gcc PR104820, gcc PR104817, gcc PR110934)).
+		#
+		# Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
+		# so we cannot just disable -fzero-call-used-regs=used.
+		#
+		# Therefore, just pass --without-hardening, given it doesn't negate
+		# our already hardened toolchain defaults, and avoids adding flags
+		# which are known-broken in both Clang and GCC and haven't been
+		# proven reliable.
+		--without-hardening
+
+		$(use_with audit audit linux)
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with selinux)
+		$(use_with security-key security-key-builtin)
+		$(use_with ssl openssl)
+		$(use_with ssl ssl-engine)
+	)
+
+	if use elibc_musl; then
+		# musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230)
+		myconf+=( --disable-utmp --disable-wtmp )
+	fi
+
+	# Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all
+	# bug #869839 (https://github.com/llvm/llvm-project/issues/57692)
+	tc-is-clang && myconf+=( --without-hardening )
+
+	econf "${myconf[@]}"
+}
+
+create_config_dropins() {
+	local locale_vars=(
+		# These are language variables that POSIX defines.
+		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
+		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
+
+		# These are the GNU extensions.
+		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
+		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
+	)
+
+	mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
+	# Send locale environment variables (bug #367017)
+	SendEnv ${locale_vars[*]}
+
+	# Send COLORTERM to match TERM (bug #658540)
+	SendEnv COLORTERM
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
+	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die
+	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
+	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
+	# Allow client to pass locale environment variables (bug #367017)
+	AcceptEnv ${locale_vars[*]}
+
+	# Allow client to pass COLORTERM to match TERM (bug #658540)
+	AcceptEnv COLORTERM
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf || die
+	# override default of no subsystems
+	Subsystem	sftp	${EPREFIX}/usr/$(get_libdir)/misc/sftp-server
+	EOF
+
+	if use pam ; then
+		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
+		UsePAM yes
+		# This interferes with PAM.
+		PasswordAuthentication no
+		# PAM can do its own handling of MOTD.
+		PrintMotd no
+		PrintLastLog no
+		EOF
+	fi
+
+	if use livecd ; then
+		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
+		# Allow root login with password on livecds.
+		PermitRootLogin Yes
+		EOF
+	fi
+}
+
+src_compile() {
+	default
+	create_config_dropins
+}
+
+src_test() {
+	local tests=( compat-tests )
+	local shell=$(egetshell "${UID}")
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
+		ewarn "user, so we will run a subset only."
+		tests+=( interop-tests )
+	else
+		tests+=( tests )
+	fi
+
+	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
+	mkdir -p "${HOME}"/.ssh || die
+	emake -j1 "${tests[@]}" </dev/null
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd-r1.initd sshd
+	newconfd "${FILESDIR}"/sshd-r1.confd sshd
+
+	if use pam; then
+		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	fi
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	rmdir "${ED}"/var/empty || die
+
+	systemd_dounit "${FILESDIR}"/sshd.socket
+	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
+	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
+
+	# Install dropins with explicit mode, bug 906638, 915840
+	diropts -m0755
+	insopts -m0644
+	insinto /etc/ssh
+	doins -r "${WORKDIR}"/etc/ssh/ssh_config.d
+	doins "${WORKDIR}"/etc/ssh/ssh_revoked_hosts
+	diropts -m0700
+	insopts -m0600
+	doins -r "${WORKDIR}"/etc/ssh/sshd_config.d
+}
+
+pkg_preinst() {
+	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
+		show_ssl_warning=1
+	fi
+}
+
+pkg_postinst() {
+	# bug #139235
+	optfeature "x11 forwarding" x11-apps/xauth
+
+	local old_ver
+	for old_ver in ${REPLACING_VERSIONS}; do
+		if ver_test "${old_ver}" -lt "5.8_p1"; then
+			elog "Starting with openssh-5.8p1, the server will default to a newer key"
+			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+		fi
+		if ver_test "${old_ver}" -lt "7.0_p1"; then
+			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+			elog "Make sure to update any configs that you might have.  Note that xinetd might"
+			elog "be an alternative for you as it supports USE=tcpd."
+		fi
+		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
+			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
+			elog "adding to your sshd_config or ~/.ssh/config files:"
+			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
+			elog "You should however generate new keys using rsa or ed25519."
+
+			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
+			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
+			elog "out of the box.  If you need this, please update your sshd_config explicitly."
+		fi
+		if ver_test "${old_ver}" -lt "7.6_p1"; then
+			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
+			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
+		fi
+		if ver_test "${old_ver}" -lt "7.7_p1"; then
+			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
+			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
+			elog "if you need to authenticate against LDAP."
+			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
+		fi
+		if ver_test "${old_ver}" -lt "8.2_p1"; then
+			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
+			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
+			ewarn "connection is generally safe."
+		fi
+		if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
+			ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
+			ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
+			ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
+			ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
+			ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
+			ewarn "set 'Restart=no' in your sshd unit file."
+		fi
+	done
+
+	if [[ -n ${show_ssl_warning} ]]; then
+		elog "Be aware that by disabling openssl support in openssh, the server and clients"
+		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
+		elog "and update all clients/servers that utilize them."
+	fi
+}
diff --git a/net-misc/openssh/openssh-9.8_p1-r1.ebuild b/net-misc/openssh/openssh-9.8_p1-r1.ebuild
new file mode 100644
index 000000000000..6633e212c19c
--- /dev/null
+++ b/net-misc/openssh/openssh-9.8_p1-r1.ebuild
@@ -0,0 +1,434 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssh.org.asc
+inherit user-info flag-o-matic autotools optfeature pam systemd toolchain-funcs verify-sig
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_}
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="https://www.openssh.com/"
+SRC_URI="
+	mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc )
+"
+S="${WORKDIR}/${PARCH}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+# Probably want to drop ssl defaulting to on in a future version.
+IUSE="abi_mips_n32 audit debug kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test xmss"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="
+	ldns? ( ssl )
+	pie? ( !static )
+	static? ( !kerberos !pam )
+	xmss? ( ssl  )
+	test? ( ssl )
+"
+
+# tests currently fail with XMSS
+REQUIRED_USE+="test? ( !xmss )"
+
+LIB_DEPEND="
+	audit? ( sys-process/audit[static-libs(+)] )
+	ldns? (
+		net-libs/ldns[static-libs(+)]
+		net-libs/ldns[ecdsa(+),ssl(+)]
+	)
+	libedit? ( dev-libs/libedit:=[static-libs(+)] )
+	security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
+	selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
+	ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
+	virtual/libcrypt:=[static-libs(+)]
+	>=sys-libs/zlib-1.2.3:=[static-libs(+)]
+"
+RDEPEND="
+	acct-group/sshd
+	acct-user/sshd
+	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( sys-libs/pam )
+	kerberos? ( virtual/krb5 )
+"
+DEPEND="
+	${RDEPEND}
+	virtual/os-headers
+	kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) )
+	static? ( ${LIB_DEPEND} )
+"
+RDEPEND="
+	${RDEPEND}
+	!net-misc/openssh-contrib
+	pam? ( >=sys-auth/pambase-20081028 )
+	!prefix? ( sys-apps/shadow )
+"
+BDEPEND="
+	dev-build/autoconf
+	virtual/pkgconfig
+	verify-sig? ( sec-keys/openpgp-keys-openssh )
+"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
+	"${FILESDIR}/${PN}-9.6_p1-fix-xmss-c99.patch"
+	"${FILESDIR}/${PN}-9.7_p1-config-tweaks.patch"
+)
+
+pkg_pretend() {
+	local i enabled_eol_flags disabled_eol_flags
+	for i in hpn sctp X509; do
+		if has_version "net-misc/openssh[${i}]"; then
+			enabled_eol_flags+="${i},"
+			disabled_eol_flags+="-${i},"
+		fi
+	done
+
+	if [[ -n ${enabled_eol_flags} && ${OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING} != yes ]]; then
+		# Skip for binary packages entirely because of environment saving, bug #907892
+		[[ ${MERGE_TYPE} == binary ]] && return
+
+		ewarn "net-misc/openssh does not support USE='${enabled_eol_flags%,}' anymore."
+		ewarn "The Base system team *STRONGLY* recommends you not rely on this functionality,"
+		ewarn "since these USE flags required third-party patches that often trigger bugs"
+		ewarn "and are of questionable provenance."
+		ewarn
+		ewarn "If you must continue relying on this functionality, switch to"
+		ewarn "net-misc/openssh-contrib. You will have to remove net-misc/openssh from your"
+		ewarn "world file first: 'emerge --deselect net-misc/openssh'"
+		ewarn
+		ewarn "In order to prevent loss of SSH remote login access, we will abort the build."
+		ewarn "Whether you proceed with disabling the USE flags or switch to the -contrib"
+		ewarn "variant, when re-emerging you will have to set"
+		ewarn
+		ewarn "  OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
+
+		die "Building net-misc/openssh[${disabled_eol_flags%,}] without OPENSSH_EOL_USE_FLAGS_I_KNOW_WHAT_I_AM_DOING=yes"
+	fi
+
+	# Make sure people who are using tcp wrappers are notified of its removal. #531156
+	if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
+		ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
+		ewarn "you're trying to use it.  Update your ${EROOT}/etc/hosts.{allow,deny} please."
+	fi
+}
+
+src_prepare() {
+	# don't break .ssh/authorized_keys2 for fun
+	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
+
+	[[ -d ${WORKDIR}/patches ]] && PATCHES+=( "${WORKDIR}"/patches )
+
+	default
+
+	# These tests are currently incompatible with PORTAGE_TMPDIR/sandbox
+	sed -e '/\t\tpercent \\/ d' \
+		-i regress/Makefile || die
+
+	tc-export PKG_CONFIG
+	local sed_args=(
+		-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
+		# Disable fortify flags ... our gcc does this for us
+		-e 's:-D_FORTIFY_SOURCE=2::'
+	)
+
+	# _XOPEN_SOURCE causes header conflicts on Solaris
+	[[ ${CHOST} == *-solaris* ]] && sed_args+=(
+		-e 's/-D_XOPEN_SOURCE//'
+	)
+	sed -i "${sed_args[@]}" configure{.ac,} || die
+
+	eautoreconf
+}
+
+src_configure() {
+	addwrite /dev/ptmx
+
+	use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
+	use static && append-ldflags -static
+	use xmss && append-cflags -DWITH_XMSS
+
+	if [[ ${CHOST} == *-solaris* ]] ; then
+		# Solaris' glob.h doesn't have things like GLOB_TILDE, configure
+		# doesn't check for this, so force the replacement to be put in
+		# place
+		append-cppflags -DBROKEN_GLOB
+	fi
+
+	# use replacement, RPF_ECHO_ON doesn't exist here
+	[[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no
+
+	local myconf=(
+		--with-ldflags="${LDFLAGS}"
+		--disable-strip
+		--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
+		--sysconfdir="${EPREFIX}"/etc/ssh
+		--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
+		--datadir="${EPREFIX}"/usr/share/openssh
+		--with-privsep-path="${EPREFIX}"/var/empty
+		--with-privsep-user=sshd
+		# optional at runtime; guarantee a known path
+		--with-xauth="${EPREFIX}"/usr/bin/xauth
+
+		# --with-hardening adds the following in addition to flags we
+		# already set in our toolchain:
+		# * -ftrapv (which is broken with GCC anyway),
+		# * -ftrivial-auto-var-init=zero (which is nice, but not the end of
+		#    the world to not have)
+		# * -fzero-call-used-regs=used (history of miscompilations with
+		#    Clang (bug #872548), ICEs on m68k (bug #920350, gcc PR113086,
+		#    gcc PR104820, gcc PR104817, gcc PR110934)).
+		#
+		# Furthermore, OSSH_CHECK_CFLAG_COMPILE does not use AC_CACHE_CHECK,
+		# so we cannot just disable -fzero-call-used-regs=used.
+		#
+		# Therefore, just pass --without-hardening, given it doesn't negate
+		# our already hardened toolchain defaults, and avoids adding flags
+		# which are known-broken in both Clang and GCC and haven't been
+		# proven reliable.
+		--without-hardening
+
+		$(use_with audit audit linux)
+		$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
+		$(use_with ldns)
+		$(use_with libedit)
+		$(use_with pam)
+		$(use_with pie)
+		$(use_with selinux)
+		$(use_with security-key security-key-builtin)
+		$(use_with ssl openssl)
+		$(use_with ssl ssl-engine)
+	)
+
+	if use elibc_musl; then
+		# musl defines bogus values for UTMP_FILE and WTMP_FILE (bug #753230)
+		myconf+=( --disable-utmp --disable-wtmp )
+	fi
+
+	# Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all
+	# bug #869839 (https://github.com/llvm/llvm-project/issues/57692)
+	tc-is-clang && myconf+=( --without-hardening )
+
+	econf "${myconf[@]}"
+}
+
+create_config_dropins() {
+	local locale_vars=(
+		# These are language variables that POSIX defines.
+		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
+		LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
+
+		# These are the GNU extensions.
+		# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
+		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
+	)
+
+	mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
+	# Send locale environment variables (bug #367017)
+	SendEnv ${locale_vars[*]}
+
+	# Send COLORTERM to match TERM (bug #658540)
+	SendEnv COLORTERM
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
+	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die
+	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
+	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
+	# Allow client to pass locale environment variables (bug #367017)
+	AcceptEnv ${locale_vars[*]}
+
+	# Allow client to pass COLORTERM to match TERM (bug #658540)
+	AcceptEnv COLORTERM
+	EOF
+
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf || die
+	# override default of no subsystems
+	Subsystem	sftp	${EPREFIX}/usr/$(get_libdir)/misc/sftp-server
+	EOF
+
+	if use pam ; then
+		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
+		UsePAM yes
+		# This interferes with PAM.
+		PasswordAuthentication no
+		# PAM can do its own handling of MOTD.
+		PrintMotd no
+		PrintLastLog no
+		EOF
+	fi
+
+	if use livecd ; then
+		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
+		# Allow root login with password on livecds.
+		PermitRootLogin Yes
+		EOF
+	fi
+}
+
+src_compile() {
+	default
+	create_config_dropins
+}
+
+src_test() {
+	local tests=( compat-tests )
+	local shell=$(egetshell "${UID}")
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
+		ewarn "user, so we will run a subset only."
+		tests+=( interop-tests )
+	else
+		tests+=( tests )
+	fi
+
+	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
+	mkdir -p "${HOME}"/.ssh || die
+	emake -j1 "${tests[@]}" </dev/null
+}
+
+src_install() {
+	emake install-nokeys DESTDIR="${D}"
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd-r1.initd sshd
+	newconfd "${FILESDIR}"/sshd-r1.confd sshd
+
+	if use pam; then
+		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
+	fi
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+
+	rmdir "${ED}"/var/empty || die
+
+	systemd_dounit "${FILESDIR}"/sshd.socket
+	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
+	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
+
+	# Install dropins with explicit mode, bug 906638, 915840
+	diropts -m0755
+	insopts -m0644
+	insinto /etc/ssh
+	doins -r "${WORKDIR}"/etc/ssh/ssh_config.d
+	doins "${WORKDIR}"/etc/ssh/ssh_revoked_hosts
+	diropts -m0700
+	insopts -m0600
+	doins -r "${WORKDIR}"/etc/ssh/sshd_config.d
+}
+
+pkg_preinst() {
+	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
+		show_ssl_warning=1
+	fi
+}
+
+pkg_postinst() {
+	# bug #139235
+	optfeature "x11 forwarding" x11-apps/xauth
+
+	local old_ver
+	for old_ver in ${REPLACING_VERSIONS}; do
+		if ver_test "${old_ver}" -lt "5.8_p1"; then
+			elog "Starting with openssh-5.8p1, the server will default to a newer key"
+			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+		fi
+		if ver_test "${old_ver}" -lt "7.0_p1"; then
+			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+			elog "Make sure to update any configs that you might have.  Note that xinetd might"
+			elog "be an alternative for you as it supports USE=tcpd."
+		fi
+		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
+			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
+			elog "adding to your sshd_config or ~/.ssh/config files:"
+			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
+			elog "You should however generate new keys using rsa or ed25519."
+
+			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
+			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
+			elog "out of the box.  If you need this, please update your sshd_config explicitly."
+		fi
+		if ver_test "${old_ver}" -lt "7.6_p1"; then
+			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
+			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
+		fi
+		if ver_test "${old_ver}" -lt "7.7_p1"; then
+			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
+			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
+			elog "if you need to authenticate against LDAP."
+			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
+		fi
+		if ver_test "${old_ver}" -lt "8.2_p1"; then
+			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
+			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
+			ewarn "connection is generally safe."
+		fi
+		if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then
+			ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to"
+			ewarn "'Restart=on-failure', which causes the service to automatically restart if it"
+			ewarn "terminates with an unclean exit code or signal. This feature is useful for most users,"
+			ewarn "but it can increase the vulnerability of the system in the event of a future exploit."
+			ewarn "If you have a web-facing setup or are concerned about security, it is recommended to"
+			ewarn "set 'Restart=no' in your sshd unit file."
+		fi
+	done
+
+	if [[ -n ${show_ssl_warning} ]]; then
+		elog "Be aware that by disabling openssl support in openssh, the server and clients"
+		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
+		elog "and update all clients/servers that utilize them."
+	fi
+
+	openssh_maybe_restart
+}
+
+openssh_maybe_restart() {
+	local ver
+	declare -a versions
+	read -ra versions <<<"${REPLACING_VERSIONS}"
+	for ver in "${versions[@]}"; do
+		# Exclude 9.8_p1 because it didn't have the safety check
+		[[ ${ver} == 9.8_p1 ]] && break
+
+		if [[ ${ver%_*} == "${PV%_*}" ]]; then
+			# No major version change has occurred
+			return
+		fi
+	done
+
+	if [[ ${ROOT} ]]; then
+		return
+	elif [[ -d /run/systemd/system ]] && sshd -t >/dev/null 2>&1; then
+		ewarn "The ebuild will now attempt to restart OpenSSH to avoid"
+		ewarn "bricking the running instance. See bug #709748."
+		ebegin "Attempting to restart openssh via 'systemctl try-restart sshd'"
+		systemctl try-restart sshd
+		eend $?
+	elif [[ -d /run/openrc ]]; then
+		# We don't check for sshd -t here because the OpenRC init script
+		# has a stop_pre() which does checkconfig, i.e. we defer to it
+		# to give nicer output for a failed sanity check.
+		ewarn "The ebuild will now attempt to restart OpenSSH to avoid"
+		ewarn "bricking the running instance. See bug #709748."
+		ebegin "Attempting to restart openssh via 'rc-service -q --ifstarted --nodeps sshd restart'"
+		rc-service -q --ifstarted --nodeps sshd restart
+		eend $?
+	fi
+}
diff --git a/net-misc/remmina/Manifest b/net-misc/remmina/Manifest
index 396cbb805cd3..40cd702adde8 100644
--- a/net-misc/remmina/Manifest
+++ b/net-misc/remmina/Manifest
@@ -1,4 +1,4 @@
 DIST Remmina-v1.4.35.tar.bz2 2150047 BLAKE2B 3ba730cd4009a797ee7d66bbe4390e9db221ee5cf0b008e0eb3df4a992d7260ddc65983c8c34d1aa1bb2190ed1104653e269369565d7e4eecaf3078ffc84330c SHA512 36dc419b4473c71f6b3e53338f4a3cf7a1fe60534ea0dce375b4c9fd00cd9d8a618c4376be4d031bdee1eed8b4aade4538a6cc414629ef6dde41cdcd513a6d36
 EBUILD remmina-1.4.35-r1.ebuild 2513 BLAKE2B 279cd3a256e970675609c4080a92a483eb16cc0034889c0f76b6167ae4e0937d68e43bdbdd8a818b95d77345057fd134744b67d5bb22ddc7cf197c965a95d994 SHA512 e24541a389a458f46a0e665749d59a8d52f6842d4d5b8e9cfd9095f2000806c4ce8456775e339fd7bfb124713e0cc9627492efbad5ead0c3a2c19a037acc5262
-EBUILD remmina-1.4.35-r2.ebuild 2526 BLAKE2B 85e25377a26dc8f3c35cd6d9725779af4f1330c7aab1318e9f70a804227900a094ca5eb28cbfdbeedbfa4add6b5f8f03b8311183504d2276d8c61faba5671003 SHA512 be66eaf9dacdbb1d279d3641aad93824b58528ab2757771154fecf5ad2413e0cee61f4228c64bbb88af5af91fd876e0855759b3a53348a68ec5b48042afc464b
+EBUILD remmina-1.4.35-r2.ebuild 2524 BLAKE2B abda0c7a793dbcc9f2c74edd1675e3fe2bf6550739eef73bf93472450c52e0e25255b006dafd4a10698fe81f54e75fe149b3aa8f3de71b67d32213abf0a05544 SHA512 24cd3cd04a3fb12a674e06b7e43e26b27eda1bc2fd9a262e2d1d37347eda2f86a1e9ac63e1c583ccf156bf05d2d22bd3ced4a410db7c57ad32c0ef2ad226ed6e
 MISC metadata.xml 1123 BLAKE2B 658714c247c6fbec6118a88bc5493a67aca30e949249407d421592b956c15b439b6d96c682d2d6d7cc9f1eb2dfdcc902c4c463c6a208af4bb9196656723f220a SHA512 cbf00348e2da27acbe9890ac2d6b19d5731496cf1aab303d64f036700fb779587cb7fe81a95d3a25f9ec5dcb79e2e7e880e345fc1ac267acd25da89844ab6f21
diff --git a/net-misc/remmina/remmina-1.4.35-r2.ebuild b/net-misc/remmina/remmina-1.4.35-r2.ebuild
index 45ab59869345..acf07642ef72 100644
--- a/net-misc/remmina/remmina-1.4.35-r2.ebuild
+++ b/net-misc/remmina/remmina-1.4.35-r2.ebuild
@@ -15,7 +15,7 @@ SRC_URI="https://gitlab.com/Remmina/Remmina/-/archive/v${PV}/${MY_P}.tar.bz2"
 
 LICENSE="GPL-2+-with-openssl-exception"
 SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~riscv ~x86"
+KEYWORDS="amd64 ~arm64 ~riscv x86"
 IUSE="+appindicator crypt cups examples keyring gvnc kwallet nls python spice ssh rdp vnc wayland webkit zeroconf X"
 
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) || ( X wayland )"
diff --git a/net-misc/teamviewer/Manifest b/net-misc/teamviewer/Manifest
index 169b080721bc..ad9b079a87df 100644
--- a/net-misc/teamviewer/Manifest
+++ b/net-misc/teamviewer/Manifest
@@ -1,12 +1,12 @@
 AUX teamviewerd15.init 282 BLAKE2B eaa5844606cab7942d8117a7f62687f1ba2b3ff5deecf61903d9c01ea5434c8104eceb2e50d1c7a4b93089df53c98fab38da6e6e5f4ee8c18426a7165b9cc465 SHA512 bc2271c1fb360129bf0452950340389e434e420830d7d3f47dcd248151dbbadf798c025d4e47fe311857c070f3dd7b12f0092fa09508f0300963c6e04d8ed7c8
-DIST teamviewer_15.48.4_amd64.tar.xz 90151736 BLAKE2B 9a62255790361c7627cd8158f7278f923ded0f19214a45088f8f36118a8700156f7dcb6ab6b3e5aff13997968b2c6ba7140b996e371f9451fda1b75e8382448d SHA512 60819003e38373fdf34a0eec8ee29023d0a787c47fdfa1d3bf663a801f7d71341cd2416d63a94c0751fd6ede96c5bdfefea037863f25862f0b098cf2c8ba4687
-DIST teamviewer_15.48.4_arm64.tar.xz 85987048 BLAKE2B 2c863f312c08ab3f79ad0c420a6f7ef984625e5fe2bdbbe924ca43fd0b96b351e056274f67099773a3b59a7d5c618b894133a14e3f79d104cf723e73f43f946e SHA512 c3d6e98f28fa7a99746fece3067bc3b1d4e0fbbb74d85112f00928b9acc7ab769717974564089d3b00cd3fe86b94ddff4bde2247fb91281492208c960b1e02af
-DIST teamviewer_15.48.4_armhf.tar.xz 83553336 BLAKE2B 9524777e4489aac133cde30d4045d3d0ad14bd2848d09bbbf8c797aacfa7aa962dcae7e5fbbcc1d3df913142ba38faafaee8590eee5317a0727f064983ba8438 SHA512 ad1d4aa69d8f3b63295c145e495d0e65e6983dad522b2f5bd46768136a04268475bdfe4ea11c766f36e6c709f6dcd6ddd201ae87067ad4fa7a44b3453a5ff5ba
-DIST teamviewer_15.48.4_i386.tar.xz 91591284 BLAKE2B 4353591f9d3cc67105ad26bb33e1640db06be9d0caa4a0e3461e4e9f0f3313577c87640278b3a3c64df6a5687f637017720ef117e19588d00e776979c3ed3299 SHA512 0141eb380b8816d99de753e061056da2b0acf21d93f4ff6d9f8fa615c03257a8f70b5552d18c66fbce3dd5540591a9b9e483504ffc96027fee1a7cc1e202a270
 DIST teamviewer_15.53.6_amd64.tar.xz 93437564 BLAKE2B a445f40febbf664047be3a2ffecd67d9e9149e03d7793f17365f0406f056465769571e7c1fc7e2bbfeca4b011fd4ba0b084a5c1460dddf88f6d6ec0ce355dad6 SHA512 a2c0dc70eab9ff46228ff35b3aaf2f7bb61e82fe40a1264bdd065ac9edfb5a506a0212d5a599b74fd02c4e7fe9bcb7451cffdbc24fb884838ca560ce17a8f27d
 DIST teamviewer_15.53.6_arm64.tar.xz 93587664 BLAKE2B dcc0fb2348a2edf86268c1f37cdd17f7837ef9a5a982d9bb38987e3eb402c02148ab48b51517f4a35e95cf16ae98b5f7373dad0bd7e5f831c23363daf94d79a5 SHA512 49bdb835e9e2432fb6fb0fce5481d1f0c793dc2e8358a39e6ab3df5904c606b417bbaa0faaf3538bc540122de2bf706c0c5ca595a4cddbb8742401537dd0d9f2
 DIST teamviewer_15.53.6_armhf.tar.xz 86940140 BLAKE2B d5ecc80812e0aea2daaaf11a22d9cef466123679235c17a018f07b21c29c1224e095c301b09a95dadbef8ec7d4591eb01b977d6215af3cbfa93877b46357a96c SHA512 15c925a382182f8735bbfbf13f005baba95aa1169f05638bb6469e4e524bd3a48ee685e34aa858ab5606d5940d5e5e7be6be7bd3ca7874e7ebefa7775e6b5d13
 DIST teamviewer_15.53.6_i386.tar.xz 94894620 BLAKE2B b39d4aa237d7f159957dc598c401fa350a28bf6c9c1a8ae5d249f4b6943e6265e9708f8a1efc7389e8d65624a5f764c31edee6d07d5f2ba3578dd98bd5fbad85 SHA512 32ae67f3a5ac34826224d3acf03da37b6ca6d2037451cc237ffdab2bbce1b05234693def6141016878d50c7fe2ca818ff3d5dc7d2501feb2337fad1b012267f7
-EBUILD teamviewer-15.48.4.ebuild 4407 BLAKE2B 498f8987a45e2d65775515e859eb3ad0514bfeddc12a69bccbc43809132f61cf178a7e73b507d2beecb29a8a8e2d54ed1eb74ee70d3310fabb74a80c22b43c83 SHA512 2d412eb1a5fd7c5d94438fac7eadd0190e387ce346c9ba2958e40b26d021e7dd4309c9ac1f72f621828442819ba86f1bf201347fe3081bc111e189823405cca7
+DIST teamviewer_15.55.3_amd64.tar.xz 88796964 BLAKE2B 7c1f6cd3eee569eb3471011b1d98609d29b3be88f57d82b2a1b8675af5c0f2c9fcd2db0091be683a64aa26b946d300179c3506d8c92c224fc83aeb6c6f68dbf8 SHA512 16ed2fec69707d89e1c57c81eb6f765189b82d345c6a58084f58ba5aac2d332038f9c9b80d324455729a8349d81a4f12db3cbf070fb57648ecc0f532127e61f1
+DIST teamviewer_15.55.3_arm64.tar.xz 91624136 BLAKE2B 610b6bb0cd18eda44a58c8590f30a4fa6aa549075cb2fc10a7bce5eddc53595f74ad5a8dfb0ac1254ebbab59897c14804a8c45e7626625fdca90d886d958a876 SHA512 45dd9094cc823f9c1158bc9844bf2da5f1b02e8f7c6b4c19377776978f4c97a8aea8d41b7a9a7b5d0b156fe4c2020ca228415bbb5d8f5687c5e42c3df767b26b
+DIST teamviewer_15.55.3_armhf.tar.xz 84907180 BLAKE2B c2a273eed6cb4ef9b84b7a4c10869e4fd9d9244d1176cbb1755307a46fc958c9a335359b917150e96bed5f5bf295fdf7008f5dcba6ba677258d2bc38a8f3d3ed SHA512 7f9635784e2b7bc251be0272dc66064d616d896749f5c29f62fb8b11b51ff8dd77230021f55f6bd64a64f3d290fe32fdba871cf84d902858a6180d8da17b3e72
+DIST teamviewer_15.55.3_i386.tar.xz 90082452 BLAKE2B 404a0fb730f18af2b11949374fa02009bd926e4c24b8a243731bfa7cfd55810e6fb274c3954e8dc5bb790c2fc10393649364338adee0d6979488c589ecd757da SHA512 2629298c7504abb5e6758d1a2d696fe6ee3afb2d43785b8dbc8f04857d1f3ed65f9a8e538732ee0a61917af8759686eefaeea23a69f2735ff84d6ebf3b412195
 EBUILD teamviewer-15.53.6.ebuild 4416 BLAKE2B df91e09a6450fe5bf52ac814d662a86123f1e52f03ecc21a98cde54aa44c4965d36c64184a381838839825d8b249a7bb58763c7589196303f364b9e3a577a93a SHA512 345aac8d5f69605f228b8c18bcb0b1462e891b4b5dcaad0e2eb91563444c8334d5420b82e5971f985ef6e40c70cf7adadfc12e4d6160791ae83a60a028397afd
+EBUILD teamviewer-15.55.3.ebuild 4416 BLAKE2B df91e09a6450fe5bf52ac814d662a86123f1e52f03ecc21a98cde54aa44c4965d36c64184a381838839825d8b249a7bb58763c7589196303f364b9e3a577a93a SHA512 345aac8d5f69605f228b8c18bcb0b1462e891b4b5dcaad0e2eb91563444c8334d5420b82e5971f985ef6e40c70cf7adadfc12e4d6160791ae83a60a028397afd
 MISC metadata.xml 398 BLAKE2B 445ffd891e67241252fcac645e4506315a23501976a36522f4bc9065b712e5b519f78bc523707014ab71dfccc796248094cc51edc43a0ecf9a1a3957a31d07c1 SHA512 a6364c26016b8fdcb0388f839fd1c04c83c0f83eff1661df75173eb81b426b6df9e3bb7ed1f44cce89010e8a94fbf12323d39a6534c4ae5105d7aa0a4883b0e3
diff --git a/net-misc/teamviewer/teamviewer-15.48.4.ebuild b/net-misc/teamviewer/teamviewer-15.48.4.ebuild
deleted file mode 100644
index ceef9a916e07..000000000000
--- a/net-misc/teamviewer/teamviewer-15.48.4.ebuild
+++ /dev/null
@@ -1,151 +0,0 @@
-# Copyright 2021-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit desktop optfeature systemd xdg
-
-MY_MAJOR="$(ver_cut 1)"
-MY_P="${PN}${MY_MAJOR}"
-DESCRIPTION="All-In-One Solution for Remote Access and Support over the Internet"
-HOMEPAGE="https://www.teamviewer.com"
-MY_URI="https://dl.tvcdn.de/download/linux/version_${MY_MAJOR}x/${PN}_${PV}"
-SRC_URI="amd64? ( ${MY_URI}_amd64.tar.xz )
-		arm? ( ${MY_URI}_armhf.tar.xz )
-		arm64? ( ${MY_URI}_arm64.tar.xz )
-		x86? ( ${MY_URI}_i386.tar.xz )"
-S="${WORKDIR}"/teamviewer
-
-LICENSE="TeamViewer MIT"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~x86"
-RESTRICT="bindist mirror strip"
-
-# Unpack will fail without app-arch/xz-utils[extra-filters], bug #798027
-BDEPEND="app-arch/xz-utils[extra-filters]"
-
-RDEPEND="
-	dev-libs/glib:2
-	dev-libs/nspr
-	dev-libs/nss
-	media-libs/fontconfig
-	media-libs/freetype
-	media-libs/libglvnd[X]
-	sys-apps/dbus
-	sys-apps/util-linux
-	sys-libs/glibc
-	sys-libs/zlib:0/1[minizip]
-	x11-libs/libICE
-	x11-libs/libSM
-	x11-libs/libX11
-	x11-libs/libXScrnSaver
-	x11-libs/libXcomposite
-	x11-libs/libXcursor
-	x11-libs/libXdamage
-	x11-libs/libXext
-	x11-libs/libXfixes
-	x11-libs/libXi
-	x11-libs/libXrandr
-	x11-libs/libXrender
-	x11-libs/libXtst
-	x11-libs/libxcb
-"
-# For consolekit incompatibility see https://forums.gentoo.org/viewtopic-p-8332956.html#8332956
-
-QA_PREBUILT="opt/${MY_P}/*"
-
-src_prepare() {
-	default
-
-	# Switch operation mode from 'portable' to 'installed'
-	sed -e "s/TAR_NI/TAR_IN/g" -i tv_bin/script/tvw_config || die
-
-	sed -i \
-		-e "/^ExecStart/s|${PN}|${MY_P}|" \
-		-e "/^PIDFile/s|/var/run/|/run/|" \
-		tv_bin/script/teamviewerd.service || die
-}
-
-src_install() {
-	local dst="/opt/${MY_P}" # install destination
-
-	insinto ${dst}
-	doins -r tv_bin
-
-	# Set permissions for executables and libraries
-	local exe
-	for exe in $(find tv_bin -type f -executable -or -name '*.so' || die); do
-		fperms +x ${dst}/${exe}
-	done
-
-	newinitd "${FILESDIR}"/teamviewerd15.init teamviewerd
-	systemd_dounit tv_bin/script/teamviewerd.service
-
-	insinto /usr/share/dbus-1/services
-	doins tv_bin/script/com.teamviewer.TeamViewer.service
-	doins tv_bin/script/com.teamviewer.TeamViewer.Desktop.service
-
-	insinto /usr/share/polkit-1/actions
-	doins tv_bin/script/com.teamviewer.TeamViewer.policy
-
-	local size
-	for size in 16 24 32 48 256; do
-		newicon -s ${size} tv_bin/desktop/teamviewer_${size}.png teamviewer.png
-	done
-
-	dodoc -r doc
-
-	# Make docs available in expected location
-	dosym ../../usr/share/doc/${PF}/doc ${dst}/doc
-
-	# We need to keep docs uncompressed, bug #778617
-	docompress -x /usr/share/doc/${PF}/.
-
-	keepdir /etc/${MY_P}
-	dosym ../../etc/${MY_P} ${dst}/config
-
-	# Create directory and symlink for log files (NOTE: according to Team-
-	# Viewer devs, all paths are hard-coded in the binaries; therefore
-	# using the same path as the DEB/RPM archives, i.e. '/var/log/teamviewer
-	# <major-version>')
-	keepdir /var/log/${MY_P}
-	dosym ../../var/log/${MY_P} ${dst}/logfiles
-
-	dodir /opt/bin
-	dosym ${dst}/tv_bin/teamviewerd /opt/bin/teamviewerd
-	dosym ${dst}/tv_bin/script/teamviewer /opt/bin/teamviewer
-
-	make_desktop_entry teamviewer "TeamViewer ${MY_MAJOR}"
-}
-
-pkg_postinst() {
-	xdg_pkg_postinst
-
-	ewarn
-	ewarn "Please note that the teamviewer gui works only when started from"
-	ewarn "a session initiated by a display manager." #799137
-	optfeature_header "Install one of the following display managers:"
-	optfeature "an example display manager" x11-misc/cdm gnome-base/gdm gui-apps/gtkgreet x11-misc/lightdm lxde-base/lxdm sys-apps/qingy x11-misc/sddm x11-misc/slim x11-misc/wdm x11-apps/xdm
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		elog
-		elog "Please note that parallel installation of multiple versions of"
-		elog "TeamViewer is currently not supported at runtime. Bug #621818"
-		elog
-		elog "Before using TeamViewer, you need to start its daemon:"
-		elog "OpenRC:"
-		elog "# /etc/init.d/teamviewerd start"
-		elog "# rc-update add teamviewerd default"
-		elog
-		elog "Systemd:"
-		elog "# systemctl start teamviewerd.service"
-		elog "# systemctl enable teamviewerd.service"
-		elog
-		elog "To display additional command line options simply run:"
-		elog "$ teamviewer help"
-		elog
-		elog "Most likely TeamViewer will work normally only on systems with systemd"
-		elog "or elogind. See this thread for additional info:"
-		elog "https://forums.gentoo.org/viewtopic-p-8332956.html#8332956"
-	fi
-}
diff --git a/net-misc/teamviewer/teamviewer-15.55.3.ebuild b/net-misc/teamviewer/teamviewer-15.55.3.ebuild
new file mode 100644
index 000000000000..14af3c7d58bc
--- /dev/null
+++ b/net-misc/teamviewer/teamviewer-15.55.3.ebuild
@@ -0,0 +1,153 @@
+# Copyright 2021-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit desktop optfeature systemd xdg
+
+MY_MAJOR="$(ver_cut 1)"
+MY_P="${PN}${MY_MAJOR}"
+DESCRIPTION="All-In-One Solution for Remote Access and Support over the Internet"
+HOMEPAGE="https://www.teamviewer.com"
+MY_URI="https://dl.teamviewer.com/download/linux/version_${MY_MAJOR}x/${PN}_${PV}"
+SRC_URI="
+	amd64? ( ${MY_URI}_amd64.tar.xz )
+	arm? ( ${MY_URI}_armhf.tar.xz )
+	arm64? ( ${MY_URI}_arm64.tar.xz )
+	x86? ( ${MY_URI}_i386.tar.xz )"
+S="${WORKDIR}"/teamviewer
+
+LICENSE="TeamViewer MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+RESTRICT="bindist mirror strip"
+
+# Unpack will fail without app-arch/xz-utils[extra-filters], bug #798027
+BDEPEND="app-arch/xz-utils[extra-filters]"
+
+RDEPEND="
+	dev-libs/glib:2
+	dev-libs/nspr
+	dev-libs/nss
+	media-libs/fontconfig
+	media-libs/freetype
+	media-libs/libglvnd[X]
+	sys-apps/dbus
+	sys-apps/util-linux
+	sys-libs/glibc
+	sys-libs/zlib:0/1[minizip]
+	x11-libs/libICE
+	x11-libs/libSM
+	x11-libs/libX11
+	x11-libs/libXScrnSaver
+	x11-libs/libXcomposite
+	x11-libs/libXcursor
+	x11-libs/libXdamage
+	x11-libs/libXext
+	x11-libs/libXfixes
+	x11-libs/libXi
+	x11-libs/libXrandr
+	x11-libs/libXrender
+	x11-libs/libXtst
+	x11-libs/libxcb
+"
+# For consolekit incompatibility see https://forums.gentoo.org/viewtopic-p-8332956.html#8332956
+
+QA_PREBUILT="opt/${MY_P}/*"
+
+src_prepare() {
+	default
+
+	# Switch operation mode from 'portable' to 'installed'
+	sed -e "s/TAR_NI/TAR_IN/g" -i tv_bin/script/tvw_config || die
+
+	sed -i \
+		-e "/^ExecStart/s|${PN}|${MY_P}|" \
+		-e "/^PIDFile/s|/var/run/|/run/|" \
+		tv_bin/script/teamviewerd.service || die
+}
+
+src_install() {
+	local dst="/opt/${MY_P}" # install destination
+
+	insinto ${dst}
+	doins -r tv_bin
+
+	# Set permissions for executables and libraries
+	local exe
+	for exe in $(find tv_bin -type f -executable -or -name '*.so' || die); do
+		fperms +x ${dst}/${exe}
+	done
+
+	newinitd "${FILESDIR}"/teamviewerd15.init teamviewerd
+	systemd_dounit tv_bin/script/teamviewerd.service
+
+	insinto /usr/share/dbus-1/services
+	doins tv_bin/script/com.teamviewer.TeamViewer.service
+	doins tv_bin/script/com.teamviewer.TeamViewer.Desktop.service
+
+	insinto /usr/share/polkit-1/actions
+	doins tv_bin/script/com.teamviewer.TeamViewer.policy
+
+	local size
+	for size in 16 24 32 48 256; do
+		newicon -s ${size} tv_bin/desktop/teamviewer_${size}.png teamviewer.png
+	done
+
+	dodoc -r doc
+
+	# Make docs available in expected location
+	dosym ../../usr/share/doc/${PF}/doc ${dst}/doc
+
+	# We need to keep docs uncompressed, bug #778617
+	docompress -x /usr/share/doc/${PF}/.
+
+	keepdir /etc/${MY_P}
+	dosym ../../etc/${MY_P} ${dst}/config
+
+	# Create directory and symlink for log files (NOTE: according to Team-
+	# Viewer devs, all paths are hard-coded in the binaries; therefore
+	# using the same path as the DEB/RPM archives, i.e. '/var/log/teamviewer
+	# <major-version>')
+	keepdir /var/log/${MY_P}
+	dosym ../../var/log/${MY_P} ${dst}/logfiles
+
+	dodir /opt/bin
+	dosym ${dst}/tv_bin/teamviewerd /opt/bin/teamviewerd
+	dosym ${dst}/tv_bin/script/teamviewer /opt/bin/teamviewer
+
+	make_desktop_entry teamviewer "TeamViewer ${MY_MAJOR}"
+}
+
+pkg_postinst() {
+	xdg_pkg_postinst
+
+	ewarn
+	ewarn "Please note that the teamviewer gui works only when started from"
+	ewarn "a session initiated by a display manager." #799137
+	optfeature_header "Install one of the following display managers:"
+	optfeature "an example display manager" x11-misc/cdm gnome-base/gdm gui-apps/gtkgreet x11-misc/lightdm \
+		lxde-base/lxdm sys-apps/qingy x11-misc/sddm x11-misc/slim x11-misc/wdm x11-apps/xdm
+
+	if [[ -z ${REPLACING_VERSIONS} ]]; then
+		elog
+		elog "Please note that parallel installation of multiple versions of"
+		elog "TeamViewer is currently not supported at runtime. Bug #621818"
+		elog
+		elog "Before using TeamViewer, you need to start its daemon:"
+		elog "OpenRC:"
+		elog "# /etc/init.d/teamviewerd start"
+		elog "# rc-update add teamviewerd default"
+		elog
+		elog "Systemd:"
+		elog "# systemctl start teamviewerd.service"
+		elog "# systemctl enable teamviewerd.service"
+		elog
+		elog "To display additional command line options simply run:"
+		elog "$ teamviewer help"
+		elog
+		elog "Most likely TeamViewer will work normally only on systems with systemd"
+		elog "or elogind. See this thread for additional info:"
+		elog "https://forums.gentoo.org/viewtopic-p-8332956.html#8332956"
+	fi
+}
diff --git a/net-misc/yt-dlp/Manifest b/net-misc/yt-dlp/Manifest
index 2f6179c88d55..d0d676b5aa1e 100644
--- a/net-misc/yt-dlp/Manifest
+++ b/net-misc/yt-dlp/Manifest
@@ -1,4 +1,4 @@
-DIST yt-dlp-2024.05.27.tar.gz 5638920 BLAKE2B 467c6fb9e4c53e97d72338293e46983e471ca69e4fae97d23423d0aa003c98e91676f6c5e1af53d92b6c8f534cacc3d1d897161b043e52614324a0eb21b0e96b SHA512 ca2ddd04abb9ca3861584f6cbf827e21cbf9771394f059f2d8a0fc8874036dc9ae2bd0ad8a7bb350d1a042c1988aaeb3fef476f76ecc61710351c6a428aa95bc
-EBUILD yt-dlp-2024.05.27.ebuild 2269 BLAKE2B eb46ced81ec2279b0566c33f5b3b0e2128ba8a28404c54154eb3a69a365d302881b230b31ac0a97901f0772ece54ac7bd4c6a20d828b61bf7dd1e87144753ce4 SHA512 a9a4c068f027e9fe169e6a7fc9656ad68d2cab8543f85e47f2b045025f3b14d60b20ac42cb571c7e663ec661e3713aeb86d72d9afb04002b96a63d8f8d896ff7
+DIST yt-dlp-2024.07.01.tar.gz 5667870 BLAKE2B fec104c68ac2a465370a6c4270154fd18f496e0ed319c8b2a1a48cb43d8ba55f438f3b83182a8feece23d36aea180ba2f00412872cad92afab5be7ce46480e44 SHA512 1b99d82eb838fb654082c8bad7bdbd87ed2cdf3d80f38288eb1cf7f7112981eb5f45b6fc7cf861d7b10cec89626a2a7bebf20d32ba53b9dcb5d37275e3f02d6f
+EBUILD yt-dlp-2024.07.01.ebuild 2269 BLAKE2B eb46ced81ec2279b0566c33f5b3b0e2128ba8a28404c54154eb3a69a365d302881b230b31ac0a97901f0772ece54ac7bd4c6a20d828b61bf7dd1e87144753ce4 SHA512 a9a4c068f027e9fe169e6a7fc9656ad68d2cab8543f85e47f2b045025f3b14d60b20ac42cb571c7e663ec661e3713aeb86d72d9afb04002b96a63d8f8d896ff7
 EBUILD yt-dlp-9999.ebuild 2436 BLAKE2B 3be5da21d8b1ffef30cb8c204121d7c7ce59ca12d0e369ce6c232dba59a1cf8c057c7f6b09b6bca4289533f04db6075c72843d5154221b0c8f18dd6cea809d4f SHA512 c83a141c85ac1fb1091525f6f3b7600d3fc9132b2a4cff39f5460fb2c20c5d9094e2176450cdcde24b05877c2306462045929ea6e3690d9d48012e234a8381ca
 MISC metadata.xml 392 BLAKE2B d2aa6fc43f7f9038d320197a18107f15e56ed5e242e6c3cdc1b7111184580ab14fae8cbd16776794d207dd39ea0ca65975c08a54449f4cf90370ea95a66083d9 SHA512 867c61c1e41d7594decd5e10a2b45d934313cb751ba22356fc1ab61e0a40b2543847b195d20c7a39ba92370d8b3908e6f90d690915579b55808872efe8d3cebe
diff --git a/net-misc/yt-dlp/yt-dlp-2024.05.27.ebuild b/net-misc/yt-dlp/yt-dlp-2024.05.27.ebuild
deleted file mode 100644
index 68214ba4c2eb..000000000000
--- a/net-misc/yt-dlp/yt-dlp-2024.05.27.ebuild
+++ /dev/null
@@ -1,77 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_USE_PEP517=hatchling
-PYTHON_COMPAT=( python3_{10..13} )
-inherit bash-completion-r1 distutils-r1 optfeature wrapper
-
-DESCRIPTION="youtube-dl fork with additional features and fixes"
-HOMEPAGE="https://github.com/yt-dlp/yt-dlp/"
-SRC_URI="
-	https://github.com/yt-dlp/yt-dlp/releases/download/${PV}/${PN}.tar.gz
-		-> ${P}.tar.gz
-"
-S="${WORKDIR}/${PN}"
-
-LICENSE="Unlicense"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~riscv x86 ~arm64-macos ~x64-macos"
-
-RDEPEND="
-	dev-python/pycryptodome[${PYTHON_USEDEP}]
-	!net-misc/youtube-dl[-yt-dlp(-)]
-"
-
-distutils_enable_tests pytest
-
-src_prepare() {
-	distutils-r1_src_prepare
-
-	# adjust pycryptodome and drop optional dependencies (bug #828466)
-	sed -Ei pyproject.toml \
-		-e 's/("pycryptodome)x/\1/' \
-		-e '/"(brotli.*|certifi|mutagen|requests|urllib3|websockets)/d' || die
-}
-
-python_test() {
-	local EPYTEST_DESELECT=(
-		# fails with FEATURES=network-sandbox
-		test/test_networking.py::TestHTTPRequestHandler::test_connect_timeout
-		# fails with FEATURES=distcc, bug #915614
-		test/test_networking.py::TestYoutubeDLNetworking::test_proxy\[None-expected2\]
-	)
-
-	epytest -m 'not download'
-}
-
-python_install_all() {
-	dodoc README.md Changelog.md supportedsites.md
-	doman yt-dlp.1
-
-	dobashcomp completions/bash/yt-dlp
-
-	insinto /usr/share/fish/vendor_completions.d
-	doins completions/fish/yt-dlp.fish
-
-	insinto /usr/share/zsh/site-functions
-	doins completions/zsh/_yt-dlp
-
-	rm -r "${ED}"/usr/share/doc/yt_dlp || die
-
-	make_wrapper youtube-dl "yt-dlp --compat-options youtube-dl"
-}
-
-pkg_postinst() {
-	optfeature "various features (merging tracks, streamed content)" media-video/ffmpeg
-	has_version media-video/atomicparsley || # allow fallback but don't advertise
-		optfeature "embedding metadata thumbnails in MP4/M4A files" media-libs/mutagen
-	optfeature "decrypting cookies from Chromium-based browsers" dev-python/secretstorage
-
-	if [[ ! ${REPLACING_VERSIONS} ]]; then
-		elog 'A wrapper using "yt-dlp --compat-options youtube-dl" was installed'
-		elog 'as "youtube-dl". This is strictly for compatibility and it is'
-		elog 'recommended to use "yt-dlp" directly, it may be removed in the future.'
-	fi
-}
diff --git a/net-misc/yt-dlp/yt-dlp-2024.07.01.ebuild b/net-misc/yt-dlp/yt-dlp-2024.07.01.ebuild
new file mode 100644
index 000000000000..68214ba4c2eb
--- /dev/null
+++ b/net-misc/yt-dlp/yt-dlp-2024.07.01.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=hatchling
+PYTHON_COMPAT=( python3_{10..13} )
+inherit bash-completion-r1 distutils-r1 optfeature wrapper
+
+DESCRIPTION="youtube-dl fork with additional features and fixes"
+HOMEPAGE="https://github.com/yt-dlp/yt-dlp/"
+SRC_URI="
+	https://github.com/yt-dlp/yt-dlp/releases/download/${PV}/${PN}.tar.gz
+		-> ${P}.tar.gz
+"
+S="${WORKDIR}/${PN}"
+
+LICENSE="Unlicense"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~riscv x86 ~arm64-macos ~x64-macos"
+
+RDEPEND="
+	dev-python/pycryptodome[${PYTHON_USEDEP}]
+	!net-misc/youtube-dl[-yt-dlp(-)]
+"
+
+distutils_enable_tests pytest
+
+src_prepare() {
+	distutils-r1_src_prepare
+
+	# adjust pycryptodome and drop optional dependencies (bug #828466)
+	sed -Ei pyproject.toml \
+		-e 's/("pycryptodome)x/\1/' \
+		-e '/"(brotli.*|certifi|mutagen|requests|urllib3|websockets)/d' || die
+}
+
+python_test() {
+	local EPYTEST_DESELECT=(
+		# fails with FEATURES=network-sandbox
+		test/test_networking.py::TestHTTPRequestHandler::test_connect_timeout
+		# fails with FEATURES=distcc, bug #915614
+		test/test_networking.py::TestYoutubeDLNetworking::test_proxy\[None-expected2\]
+	)
+
+	epytest -m 'not download'
+}
+
+python_install_all() {
+	dodoc README.md Changelog.md supportedsites.md
+	doman yt-dlp.1
+
+	dobashcomp completions/bash/yt-dlp
+
+	insinto /usr/share/fish/vendor_completions.d
+	doins completions/fish/yt-dlp.fish
+
+	insinto /usr/share/zsh/site-functions
+	doins completions/zsh/_yt-dlp
+
+	rm -r "${ED}"/usr/share/doc/yt_dlp || die
+
+	make_wrapper youtube-dl "yt-dlp --compat-options youtube-dl"
+}
+
+pkg_postinst() {
+	optfeature "various features (merging tracks, streamed content)" media-video/ffmpeg
+	has_version media-video/atomicparsley || # allow fallback but don't advertise
+		optfeature "embedding metadata thumbnails in MP4/M4A files" media-libs/mutagen
+	optfeature "decrypting cookies from Chromium-based browsers" dev-python/secretstorage
+
+	if [[ ! ${REPLACING_VERSIONS} ]]; then
+		elog 'A wrapper using "yt-dlp --compat-options youtube-dl" was installed'
+		elog 'as "youtube-dl". This is strictly for compatibility and it is'
+		elog 'recommended to use "yt-dlp" directly, it may be removed in the future.'
+	fi
+}
-- 
cgit v1.2.3