Thanks to bug #531156 we have lost tcpd support. Surprisingly to me, on amd (stable) I had to unmask manually net-misc/openssh-6.6.1_p1-r4, the only ebuild below 6.7.
Um, nothing happened to the 6.6 branch while a security issue was resolved in the 6.7 branch. You want to use a vulnerable openssh just because another bug with the newer branch is unresolved, and you want it stable for everyone when it isn't even selectable without masking the newer branch? How would that work?
OK, I don't know it is flawed, I was just looking for any ssh prior 6.7_p1 when the tcpd-removal happened. I would be happy with any, even with 6.7_p1 with reverted patch. ;-) Removal of the tcpd is a bad surprise to me, have realized that after somebody tested continually my root password for several days and syslog grew over 50GB and filled up the drive. Dropping functionality on working/configured systems with *configured* hosts.allow/deny is like installing a Trojan horse. Nobody expects their config files are ignored since some upgrade. And as I mentioned in the #531156 bug, I don't even see same functionality provided by sshd itself. Thank you for any efforts bringing into stable some secure sshd with tcpd support. I gladly leave it upto you, devs, which version is be recommended.
(In reply to Martin Mokrejš from comment #2) sorry, but we don't have the resources (or desire?) to hand maintain tcpd support in openssh. it's unfortunate that you relied on it and upstream just dropped it, but that's what they've done :/.
Commit message: Note the removal of USE=tcpd support due to upstream http://sources.gentoo.org/net-misc/openssh/openssh-6.7_p1-r3.ebuild?r1=1.1&r2=1.2 http://sources.gentoo.org/net-misc/openssh/openssh-6.7_p1.ebuild?r1=1.11&r2=1.12
