net-misc/openssh: Removed old.

Package-Manager: portage-2.2.26
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

11 files changed, 0 insertions, 680 deletions

diff --git a/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch
deleted file mode 100644
index 2a34ee96d55e..000000000000
--- a/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
-
---- openssh-6.6p1+x509-8.0.diff
-+++ openssh-6.6p1+x509-8.0.diff
-@@ -16337,10 +16337,10 @@
-  .It Cm ChallengeResponseAuthentication
-  Specifies whether challenge-response authentication is allowed (e.g. via
-  PAM or though authentication styles supported in
--@@ -499,6 +576,16 @@
-+@@ -514,6 +591,16 @@
-+ This facility is provided to assist with operation on multi homed machines.
-  The default is
-  .Dq yes .
-- Note that this option applies to protocol version 2 only.
- +.It Cm HostbasedAlgorithms
- +Specifies the protocol version 2 algorithms used in
- +.Dq hostbased
diff --git a/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch b/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch
deleted file mode 100644
index beb22926aed0..000000000000
--- a/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-make the hpn patch apply when the x509 patch has also been applied
-
---- openssh-6.6.1p1-hpnssh14v5.diff
-+++ openssh-6.6.1p1-hpnssh14v5.diff
-@@ -1742,18 +1742,14 @@
-  	if (options->ip_qos_interactive == -1)
-  		options->ip_qos_interactive = IPTOS_LOWDELAY;
-  	if (options->ip_qos_bulk == -1)
--@@ -345,9 +392,10 @@
-+@@ -345,6 +392,7 @@
-  	sUsePrivilegeSeparation, sAllowAgentForwarding,
-  	sHostCertificate,
-  	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
--+	sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
-++	sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
-  	sKexAlgorithms, sIPQoS, sVersionAddendum,
-  	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
---	sAuthenticationMethods, sHostKeyAgent,
--+	sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
-- 	sDeprecated, sUnsupported
-- } ServerOpCodes;
-- 
-+ 	sAuthenticationMethods, sHostKeyAgent,
- @@ -468,6 +516,10 @@
-  	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
-  	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
diff --git a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
deleted file mode 100644
index bd0b7ce12b66..000000000000
--- a/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,42 +0,0 @@
---- openssh-6.7_p1-sctp.patch.orig	2014-11-24 10:34:31.817538707 -0800
-+++ openssh-6.7_p1-sctp.patch	2014-11-24 10:38:52.744990154 -0800
-@@ -195,14 +195,6 @@
-  .Op Fl c Ar cipher
-  .Op Fl F Ar ssh_config
-  .Op Fl i Ar identity_file
--@@ -178,6 +178,7 @@ For full details of the options listed b
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UsePrivilegedPort
-- .It User
-- .It UserKnownHostsFile
- @@ -218,6 +219,8 @@ and
-  to print debugging messages about their progress.
-  This is helpful in
-@@ -482,14 +474,6 @@
-  .Op Fl b Ar bind_address
-  .Op Fl c Ar cipher_spec
-  .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -473,6 +473,7 @@ For full details of the options listed b
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UsePrivilegedPort
- @@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
-  controls.
-  .It Fl y
-@@ -527,7 +511,7 @@
--  again:
-+
- -	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- +	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- 	    "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+ 	    "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-  		switch (opt) {
-  		case '1':
- @@ -732,6 +738,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch b/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
deleted file mode 100644
index 96818e42ec52..000000000000
--- a/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-https://bugs.gentoo.org/378361
-https://bugzilla.mindrot.org/show_bug.cgi?id=928
-
---- a/gss-serv.c
-+++ b/gss-serv.c
-@@ -41,9 +41,12 @@
- #include "channels.h"
- #include "session.h"
- #include "misc.h"
-+#include "servconf.h"
- 
- #include "ssh-gss.h"
- 
-+extern ServerOptions options;
-+
- static ssh_gssapi_client gssapi_client =
-     { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
-     GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
-@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
- 	char lname[NI_MAXHOST];
- 	gss_OID_set oidset;
- 
--	gss_create_empty_oid_set(&status, &oidset);
--	gss_add_oid_set_member(&status, ctx->oid, &oidset);
--
--	if (gethostname(lname, sizeof(lname))) {
--		gss_release_oid_set(&status, &oidset);
--		return (-1);
--	}
-+	if (options.gss_strict_acceptor) {
-+		gss_create_empty_oid_set(&status, &oidset);
-+		gss_add_oid_set_member(&status, ctx->oid, &oidset);
-+
-+		if (gethostname(lname, MAXHOSTNAMELEN)) {
-+			gss_release_oid_set(&status, &oidset);
-+			return (-1);
-+		}
-+
-+		if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-+			gss_release_oid_set(&status, &oidset);
-+			return (ctx->major);
-+		}
-+
-+		if ((ctx->major = gss_acquire_cred(&ctx->minor,
-+		    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
-+		    NULL, NULL)))
-+			ssh_gssapi_error(ctx);
- 
--	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
- 		gss_release_oid_set(&status, &oidset);
- 		return (ctx->major);
-+	} else {
-+		ctx->name = GSS_C_NO_NAME;
-+		ctx->creds = GSS_C_NO_CREDENTIAL;
- 	}
--
--	if ((ctx->major = gss_acquire_cred(&ctx->minor,
--	    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
--		ssh_gssapi_error(ctx);
--
--	gss_release_oid_set(&status, &oidset);
--	return (ctx->major);
-+	return GSS_S_COMPLETE;
- }
- 
- /* Privileged */
---- a/servconf.c
-+++ b/servconf.c
-@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions 
- 	options->kerberos_get_afs_token = -1;
- 	options->gss_authentication=-1;
- 	options->gss_cleanup_creds = -1;
-+	options->gss_strict_acceptor = -1;
- 	options->password_authentication = -1;
- 	options->kbd_interactive_authentication = -1;
- 	options->challenge_response_authentication = -1;
-@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
- 		options->gss_authentication = 0;
- 	if (options->gss_cleanup_creds == -1)
- 		options->gss_cleanup_creds = 1;
-+	if (options->gss_strict_acceptor == -1)
-+		options->gss_strict_acceptor = 0;
- 	if (options->password_authentication == -1)
- 		options->password_authentication = 1;
- 	if (options->kbd_interactive_authentication == -1)
-@@ -277,7 +280,8 @@ typedef enum {
- 	sBanner, sUseDNS, sHostbasedAuthentication,
- 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- 	sClientAliveCountMax, sAuthorizedKeysFile,
--	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-+	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
-+	sAcceptEnv, sPermitTunnel,
- 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- 	sUsePrivilegeSeparation, sAllowAgentForwarding,
- 	sZeroKnowledgePasswordAuthentication, sHostCertificate,
-@@ -327,9 +331,11 @@ static struct {
- #ifdef GSSAPI
- 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
- 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
- #else
- 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
- #endif
- 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
- 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
-@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
- 
- 	case sGssCleanupCreds:
- 		intptr = &options->gss_cleanup_creds;
-+		goto parse_flag;
-+
-+	case sGssStrictAcceptor:
-+		intptr = &options->gss_strict_acceptor;
- 		goto parse_flag;
- 
- 	case sPasswordAuthentication:
---- a/servconf.h
-+++ b/servconf.h
-@@ -92,6 +92,7 @@ typedef struct {
- 						 * authenticated with Kerberos. */
- 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
- 	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
-+	int 	gss_strict_acceptor;	/* If true, restrict the GSSAPI acceptor name */
- 	int     password_authentication;	/* If true, permit password
- 						 * authentication. */
- 	int     kbd_interactive_authentication;	/* If true, permit */
---- a/sshd_config
-+++ b/sshd_config
-@@ -69,6 +69,7 @@
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
-+#GSSAPIStrictAcceptorCheck yes
- 
- # Set this to 'yes' to enable PAM authentication, account processing, 
- # and session processing. If this is enabled, PAM authentication will 
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -386,6 +386,21 @@ on logout.
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostbasedAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication together
- with successful public key client host authentication is allowed
diff --git a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
deleted file mode 100644
index 71b9c517311f..000000000000
--- a/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
+++ /dev/null
@@ -1,46 +0,0 @@
---- openssh-6.7p1.orig/sshd_config.5	2014-11-24 10:24:29.356244415 -0800
-+++ openssh-6.7p1/sshd_config.5	2014-11-24 10:23:49.415029039 -0800
-@@ -610,21 +610,6 @@
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
--.It Cm GSSAPIStrictAcceptorCheck
--Determines whether to be strict about the identity of the GSSAPI acceptor
--a client authenticates against.
--If set to
--.Dq yes
--then the client must authenticate against the
--.Pa host
--service on the current hostname.
--If set to
--.Dq no
--then the client may authenticate against any service key stored in the
--machine's default store.
--This facility is provided to assist with operation on multi homed machines.
--The default is
--.Dq yes .
- .It Cm HostbasedAuthentication
- Specifies whether rhosts or /etc/hosts.equiv authentication together
- with successful public key client host authentication is allowed
-@@ -651,6 +636,21 @@
- attempting to resolve the name from the TCP connection itself.
- The default is
- .Dq no .
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostCertificate
- Specifies a file containing a public host certificate.
- The certificate's public key must match a private host key already specified
diff --git a/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch b/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch
deleted file mode 100644
index 170031daad36..000000000000
--- a/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -ur openssh-6.7p1.orig/ssh-rsa.c openssh-6.7p1/ssh-rsa.c
---- openssh-6.7p1.orig/ssh-rsa.c	2015-02-24 14:52:54.512197868 -0800
-+++ openssh-6.7p1/ssh-rsa.c	2015-02-27 11:48:54.173951646 -0800
-@@ -34,6 +34,7 @@
- #include "sshkey.h"
- #include "digest.h"
- #include "evp-compat.h"
-+#include "xmalloc.h"
- 
- /*NOTE: Do not define USE_LEGACY_RSA_... if build
-   is with FIPS capable OpenSSL */
diff --git a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch
deleted file mode 100644
index 7b12e9a67cf0..000000000000
--- a/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,90 +0,0 @@
---- openssh-6.8_p1-sctp.patch.orig	2015-03-18 17:52:40.563506822 -0700
-+++ openssh-6.8_p1-sctp.patch	2015-03-18 18:14:30.919753194 -0700
-@@ -184,34 +184,6 @@
-  	int     port;		/* Port to connect. */
-  	int     address_family;
-  	int     connection_attempts;	/* Max attempts (seconds) before
----- a/scp.1
--+++ b/scp.1
--@@ -19,7 +19,7 @@
-- .Sh SYNOPSIS
-- .Nm scp
-- .Bk -words
---.Op Fl 12346BCpqrv
--+.Op Fl 12346BCpqrvz
-- .Op Fl c Ar cipher
-- .Op Fl F Ar ssh_config
-- .Op Fl i Ar identity_file
--@@ -178,6 +178,7 @@ For full details of the options listed b
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UpdateHostKeys
-- .It UsePrivilegedPort
-- .It User
--@@ -218,6 +219,8 @@ and
-- to print debugging messages about their progress.
-- This is helpful in
-- debugging connection, authentication, and configuration problems.
--+.It Fl z
--+Use the SCTP protocol for connection instead of TCP which is the default.
-- .El
-- .Sh EXIT STATUS
-- .Ex -std scp
- --- a/scp.c
- +++ b/scp.c
- @@ -395,7 +395,11 @@ main(int argc, char **argv)
-@@ -471,34 +443,6 @@
-  	int	protocol;	/* Supported protocol versions. */
-  	struct ForwardOptions fwd_opts;	/* forwarding options */
-  	SyslogFacility log_facility;	/* Facility for system logging. */
----- a/ssh.1
--+++ b/ssh.1
--@@ -43,7 +43,7 @@
-- .Sh SYNOPSIS
-- .Nm ssh
-- .Bk -words
---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
--+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
-- .Op Fl b Ar bind_address
-- .Op Fl c Ar cipher_spec
-- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -473,6 +473,7 @@ For full details of the options listed b
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UsePrivilegedPort
--@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
-- controls.
-- .It Fl y
-- Send log information using the
--+.It Fl z
--+Use the SCTP protocol for connection instead of TCP which is the default.
-- .Xr syslog 3
-- system module.
-- By default this information is sent to stderr.
- --- a/ssh.c
- +++ b/ssh.c
- @@ -194,12 +194,17 @@ extern int muxserver_sock;
-@@ -520,13 +464,11 @@
-  "           [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
-  "           [-F configfile] [-I pkcs11] [-i identity_file]\n"
-  "           [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
--@@ -506,7 +512,7 @@ main(int ac, char **av)
-- 	argv0 = av[0];
-+@@ -506,4 +512,4 @@ main(int ac, char **av)
-  
--  again:
---	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--+	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- 	    "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+-	while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
-++	while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
-+ 	    "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-  		switch (opt) {
-  		case '1':
- @@ -732,6 +738,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch b/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch
deleted file mode 100644
index e14a728f43a3..000000000000
--- a/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-https://bugs.gentoo.org/544078
-https://bugzilla.mindrot.org/show_bug.cgi?id=2369
-
-From 117c961c8d1f0537973df5a6a937389b4b7b61b4 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Mon, 23 Mar 2015 06:06:38 +0000
-Subject: [PATCH] upstream commit
-
-for ssh-keygen -A, don't try (and fail) to generate ssh
- v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
- without OpenSSL based on patch by Mike Frysinger; bz#2369
----
- ssh-keygen.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/ssh-keygen.c b/ssh-keygen.c
-index a3c2362..96dd8b4 100644
---- a/ssh-keygen.c
-+++ b/ssh-keygen.c
-@@ -948,12 +948,16 @@ do_gen_all_hostkeys(struct passwd *pw)
- 		char *key_type_display;
- 		char *path;
- 	} key_types[] = {
-+#ifdef WITH_OPENSSL
-+#ifdef WITH_SSH1
- 		{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
-+#endif /* WITH_SSH1 */
- 		{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
- 		{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
- #ifdef OPENSSL_HAS_ECC
- 		{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
--#endif
-+#endif /* OPENSSL_HAS_ECC */
-+#endif /* WITH_OPENSSL */
- 		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
- 		{ NULL, NULL, NULL }
- 	};
--- 
-2.3.3
-
diff --git a/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch b/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch
deleted file mode 100644
index 48fce1e2c294..000000000000
--- a/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-https://bugs.gentoo.org/378361
-https://bugzilla.mindrot.org/show_bug.cgi?id=928
-
---- a/gss-serv.c
-+++ b/gss-serv.c
-@@ -41,9 +41,12 @@
- #include "channels.h"
- #include "session.h"
- #include "misc.h"
-+#include "servconf.h"
- 
- #include "ssh-gss.h"
- 
-+extern ServerOptions options;
-+
- static ssh_gssapi_client gssapi_client =
-     { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
-     GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
-@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
- 	char lname[NI_MAXHOST];
- 	gss_OID_set oidset;
- 
--	gss_create_empty_oid_set(&status, &oidset);
--	gss_add_oid_set_member(&status, ctx->oid, &oidset);
--
--	if (gethostname(lname, sizeof(lname))) {
--		gss_release_oid_set(&status, &oidset);
--		return (-1);
--	}
-+	if (options.gss_strict_acceptor) {
-+		gss_create_empty_oid_set(&status, &oidset);
-+		gss_add_oid_set_member(&status, ctx->oid, &oidset);
-+
-+		if (gethostname(lname, MAXHOSTNAMELEN)) {
-+			gss_release_oid_set(&status, &oidset);
-+			return (-1);
-+		}
-+
-+		if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
-+			gss_release_oid_set(&status, &oidset);
-+			return (ctx->major);
-+		}
-+
-+		if ((ctx->major = gss_acquire_cred(&ctx->minor,
-+		    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
-+		    NULL, NULL)))
-+			ssh_gssapi_error(ctx);
- 
--	if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
- 		gss_release_oid_set(&status, &oidset);
- 		return (ctx->major);
-+	} else {
-+		ctx->name = GSS_C_NO_NAME;
-+		ctx->creds = GSS_C_NO_CREDENTIAL;
- 	}
--
--	if ((ctx->major = gss_acquire_cred(&ctx->minor,
--	    ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
--		ssh_gssapi_error(ctx);
--
--	gss_release_oid_set(&status, &oidset);
--	return (ctx->major);
-+	return GSS_S_COMPLETE;
- }
- 
- /* Privileged */
---- a/servconf.c
-+++ b/servconf.c
-@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions 
- 	options->kerberos_get_afs_token = -1;
- 	options->gss_authentication=-1;
- 	options->gss_cleanup_creds = -1;
-+	options->gss_strict_acceptor = -1;
- 	options->password_authentication = -1;
- 	options->kbd_interactive_authentication = -1;
- 	options->challenge_response_authentication = -1;
-@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
- 		options->gss_authentication = 0;
- 	if (options->gss_cleanup_creds == -1)
- 		options->gss_cleanup_creds = 1;
-+	if (options->gss_strict_acceptor == -1)
-+		options->gss_strict_acceptor = 0;
- 	if (options->password_authentication == -1)
- 		options->password_authentication = 1;
- 	if (options->kbd_interactive_authentication == -1)
-@@ -277,7 +280,8 @@ typedef enum {
- 	sBanner, sUseDNS, sHostbasedAuthentication,
- 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
- 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
--	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
-+	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
-+	sAcceptEnv, sPermitTunnel,
- 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- 	sUsePrivilegeSeparation, sAllowAgentForwarding,
- 	sHostCertificate,
-@@ -327,9 +331,11 @@ static struct {
- #ifdef GSSAPI
- 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
- 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
-+	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
- #else
- 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
-+	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
- #endif
- 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
- 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
-@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
- 
- 	case sGssCleanupCreds:
- 		intptr = &options->gss_cleanup_creds;
-+		goto parse_flag;
-+
-+	case sGssStrictAcceptor:
-+		intptr = &options->gss_strict_acceptor;
- 		goto parse_flag;
- 
- 	case sPasswordAuthentication:
---- a/servconf.h
-+++ b/servconf.h
-@@ -92,6 +92,7 @@ typedef struct {
- 						 * authenticated with Kerberos. */
- 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
- 	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
-+	int     gss_strict_acceptor;	/* If true, restrict the GSSAPI acceptor name */
- 	int     password_authentication;	/* If true, permit password
- 						 * authentication. */
- 	int     kbd_interactive_authentication;	/* If true, permit */
---- a/sshd_config
-+++ b/sshd_config
-@@ -69,6 +69,7 @@
- # GSSAPI options
- #GSSAPIAuthentication no
- #GSSAPICleanupCredentials yes
-+#GSSAPIStrictAcceptorCheck yes
- 
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -386,6 +386,21 @@ on logout.
- The default is
- .Dq yes .
- Note that this option applies to protocol version 2 only.
-+.It Cm GSSAPIStrictAcceptorCheck
-+Determines whether to be strict about the identity of the GSSAPI acceptor
-+a client authenticates against.
-+If set to
-+.Dq yes
-+then the client must authenticate against the
-+.Pa host
-+service on the current hostname.
-+If set to
-+.Dq no
-+then the client may authenticate against any service key stored in the
-+machine's default store.
-+This facility is provided to assist with operation on multi homed machines.
-+The default is
-+.Dq yes .
- .It Cm HostbasedAcceptedKeyTypes
- Specifies the key types that will be accepted for hostbased authentication
- as a comma-separated pattern list.
diff --git a/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch b/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch
deleted file mode 100644
index e72b1e6bafaa..000000000000
--- a/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/0005-support-dynamically-sized-receive-buffers.patch
-+++ b/0005-support-dynamically-sized-receive-buffers.patch
-@@ -411,10 +411,10 @@ index af2f007..41b782b 100644
- --- a/compat.h
- +++ b/compat.h
- @@ -60,6 +60,7 @@
-- #define SSH_NEW_OPENSSH		0x04000000
-  #define SSH_BUG_DYNAMIC_RPORT	0x08000000
-  #define SSH_BUG_CURVE25519PAD	0x10000000
--+#define SSH_BUG_LARGEWINDOW	0x20000000
-+ #define SSH_BUG_HOSTKEYS	0x20000000
-++#define SSH_BUG_LARGEWINDOW	0x40000000
-  
-  void     enable_compat13(void);
-  void     enable_compat20(void);
diff --git a/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch b/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch
deleted file mode 100644
index f99e92f29e33..000000000000
--- a/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-https://bugs.gentoo.org/547944
-
-From d8f391caef62378463a0e6b36f940170dadfe605 Mon Sep 17 00:00:00 2001
-From: "dtucker@openbsd.org" <dtucker@openbsd.org>
-Date: Fri, 10 Apr 2015 05:16:50 +0000
-Subject: [PATCH] upstream commit
-
-Don't send hostkey advertisments
- (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
- handle them.  Newer versions should be OK.  Patch from Bryan Drewery and
- IWAMOTO Kouichi, ok djm@
----
- compat.c | 13 ++++++++++++-
- compat.h |  3 ++-
- sshd.c   |  6 +++++-
- 3 files changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/compat.c b/compat.c
-index 2498168..0934de9 100644
---- a/compat.c
-+++ b/compat.c
-@@ -167,6 +167,17 @@ compat_datafellows(const char *version)
- 					SSH_BUG_SCANNER },
- 		{ "Probe-*",
- 					SSH_BUG_PROBE },
-+		{ "TeraTerm SSH*,"
-+		  "TTSSH/1.5.*,"
-+		  "TTSSH/2.1*,"
-+		  "TTSSH/2.2*,"
-+		  "TTSSH/2.3*,"
-+		  "TTSSH/2.4*,"
-+		  "TTSSH/2.5*,"
-+		  "TTSSH/2.6*,"
-+		  "TTSSH/2.70*,"
-+		  "TTSSH/2.71*,"
-+		  "TTSSH/2.72*",	SSH_BUG_HOSTKEYS },
- 		{ NULL,			0 }
- 	};
- 
-diff --git a/compat.h b/compat.h
-index af2f007..83507f0 100644
---- a/compat.h
-+++ b/compat.h
-@@ -60,6 +60,7 @@
- #define SSH_NEW_OPENSSH		0x04000000
- #define SSH_BUG_DYNAMIC_RPORT	0x08000000
- #define SSH_BUG_CURVE25519PAD	0x10000000
-+#define SSH_BUG_HOSTKEYS	0x20000000
- 
- void     enable_compat13(void);
- void     enable_compat20(void);
-diff --git a/sshd.c b/sshd.c
-index 6aa17fa..60b0cd4 100644
---- a/sshd.c
-+++ b/sshd.c
-@@ -928,6 +928,10 @@ notify_hostkeys(struct ssh *ssh)
- 	int i, nkeys, r;
- 	char *fp;
- 
-+	/* Some clients cannot cope with the hostkeys message, skip those. */
-+	if (datafellows & SSH_BUG_HOSTKEYS)
-+		return;
-+
- 	if ((buf = sshbuf_new()) == NULL)
- 		fatal("%s: sshbuf_new", __func__);
- 	for (i = nkeys = 0; i < options.num_host_key_files; i++) {
--- 
-2.3.6
-