sys-libs/glibc: Block too-old openssh in 2.31 and later, bug 708224

Bug: https://bugs.gentoo.org/708224
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

diff --git a/sys-libs/glibc/glibc-2.31-r2.ebuild b/sys-libs/glibc/glibc-2.31-r2.ebuild
index 6afa9eaa6efa186d535c6a4adc99086a1c2294a5..f03483a5f7cffaa504400f108affeae84a2d37ce 100644 (file)
--- a/sys-libs/glibc/glibc-2.31-r2.ebuild
+++ b/sys-libs/glibc/glibc-2.31-r2.ebuild
@@ -85,6 +85,8 @@ fi
 # We need a new-enough binutils/gcc to match upstream baseline.
 # Also we need to make sure our binutils/gcc supports TLS,
 # and that gcc already contains the hardened patches.
+# Lastly, let's avoid some openssh nastiness, bug 708224, as
+# convenience to our users.
 BDEPEND="
        ${PYTHON_DEPS}
        >=app-misc/pax-utils-0.1.10
@@ -101,6 +103,7 @@ COMMON_DEPEND="
        suid? ( caps? ( sys-libs/libcap ) )
        selinux? ( sys-libs/libselinux )
        systemtap? ( dev-util/systemtap )
+       !<net-misc/openssh-8.1_p1-r2
 "
 DEPEND="${COMMON_DEPEND}
        test? ( >=net-dns/libidn2-2.3.0 )

diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index ca7219535589c7b7342a91963319e8b215cefd7c..dafe72da8ed7fa0f4457e43d9a8c7f25cd921cf8 100644 (file)
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -84,6 +84,8 @@ fi
 # We need a new-enough binutils/gcc to match upstream baseline.
 # Also we need to make sure our binutils/gcc supports TLS,
 # and that gcc already contains the hardened patches.
+# Lastly, let's avoid some openssh nastiness, bug 708224, as
+# convenience to our users.
 BDEPEND="
        ${PYTHON_DEPS}
        >=app-misc/pax-utils-0.1.10
@@ -100,6 +102,7 @@ COMMON_DEPEND="
        suid? ( caps? ( sys-libs/libcap ) )
        selinux? ( sys-libs/libselinux )
        systemtap? ( dev-util/systemtap )
+       !<net-misc/openssh-8.1_p1-r2
 "
 DEPEND="${COMMON_DEPEND}
        test? ( >=net-dns/libidn2-2.3.0 )