Merely a reminder for myself to wait (and check) for needed external patches.
Out of curiosity, what about the SCTP patch here?: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 I'll update it for 6.7. People got skittish after the Heartbleed incident, as the author of the original SCTP patch was the same guy that did the DTLS RFC and added the affected code to OpenSSL. FreeBSD already includes this patch in their ports version of OpenSSH, too. I would need to add my virtual/sctp bit into the tree first, to handle the case of lksctp-tools on Linux and the sys-freebsd/freebsd-lib for FreeBSD.
Created attachment 387122 [details, diff] SCTP support patch for OpenSSH 6.7p1 Tested this on a local build of OpenSSH 6.7p1 on amd64 and mips, and it appears to work fine. Did not test with HPN/X509/LPK patches. Updated the upstream bug with this patch as well.
i've done the bump now: http://sources.gentoo.org/net-misc/openssh/openssh-6.7_p1.ebuild?rev=1.1 i forward ported the ldap/hpn patches, and included sctp support. there is no x509 patch yet and the last one does not apply cleanly, but we've waited more than long enough at this point.
You should drop the X509 USE flag for now then, so people who rely on the X509 patch won't get burned when they upgrade.
(In reply to Patrick McLean from comment #4) the openssh ebuilds have long included checks to prevent this. if anything, removing it from IUSE is more likely to burn people.