net-misc/openssh: Add updated X509 patchset to 7.6_p1

Had to drop the multithreaded aes-ctr cipher as it seems to cause
test failures with OpenSSH 7.6p1. We can re-add in the future if
a fix is found.

Package-Manager: Portage-2.3.11, Repoman-2.3.3

1 files changed, 10 insertions, 2 deletions

diff --git a/net-misc/openssh/openssh-7.6_p1.ebuild b/net-misc/openssh/openssh-7.6_p1.ebuild
index 1c315b793a68..a15c07cdc85d 100644
--- a/net-misc/openssh/openssh-7.6_p1.ebuild
+++ b/net-misc/openssh/openssh-7.6_p1.ebuild
@@ -9,7 +9,7 @@ inherit user flag-o-matic multilib autotools pam systemd versionator
 # and _p? releases.
 PARCH=${P/_}
 
-#HPN_PATCH="${PARCH}-hpnssh14v12.tar.xz"
+HPN_PATCH="${PARCH}-hpnssh14v12.tar.xz"
 SCTP_PATCH="${PN}-7.6_p1-sctp.patch.xz"
 LDAP_PATCH="${PN}-lpk-7.6p1-0.3.14.patch.xz"
 X509_VER="11.0" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
@@ -109,12 +109,14 @@ src_prepare() {
 	# this file.
 	cp version.h version.h.pristine
 
+	eapply "${FILESDIR}/${P}-warnings.patch"
+
 	# don't break .ssh/authorized_keys2 for fun
 	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
 
 	if use X509 ; then
 		if use hpn ; then
-			pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null
+			pushd "${WORKDIR}" >/dev/null
 			eapply "${FILESDIR}"/${P}-hpn-x509-${X509_VER}-glue.patch
 			popd >/dev/null
 		fi
@@ -324,4 +326,10 @@ pkg_postinst() {
 		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
 		elog "and update all clients/servers that utilize them."
 	fi
+
+	# remove this if aes-ctr-mt gets fixed
+	if use hpn; then
+		elog "The multithreaded AES-CTR cipher has been temporarily dropped from the HPN patch"
+		elog "set since it does not (yet) work with >=openssh-7.6p1."
+	fi
 }