[ 18:08 bdrewery  ]

• 372676 security/openssh-portable/Makefile
• 372676 security/openssh-portable/distinfo
• 372676 security/openssh-portable/files/extra-patch-openssh661
• 372676 security/openssh-portable/files/extra-patch-tcpwrappers
• 372676 security/openssh-portable/files/patch-readconf.c
• 372676 security/openssh-portable/files/patch-ssh-agent.c
• 372676 security/openssh-portable/files/patch-sshd_config.5

- Update to 6.7p1.

  Several patches do not currently apply. Use security/openssh-portable66 for:
  HPN, NONECIPHER, KERB_GSSAPI, X509.

- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream.

[ 01:54 bdrewery  ]

• 351982 security/openssh-portable/Makefile
• 351982 security/openssh-portable/distinfo
• 351982 security/openssh-portable/files/extra-patch-openssh661
• 351982 security/openssh-portable/pkg-plist

- Update to "6.6.1" [1]
- Switch to using @sample keyword, fixing orphans.

Upstream note on "6.6.1" [1]:

  OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
  key exchange incorrectly, causing connection failures about 0.2% of
  the time when this method is used against a peer that implements
  the method properly.

  Fix the problem and disable the curve25519 KEX when speaking to
  OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
  to enable the compatability code.

[1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html